wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use uint32_t and int32_t for SSL_CIPHER structure.

Browse source 
Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-11-05 16:14:17 +00:00
parent d99b0691d3
commit 90d9e49a4b
7 changed files with 79 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/openssl/ssl.h
View file

@ -1380,10 +1380,10 @@ __owur int SSL_clear(SSL *s);
void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
__owur int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits);
__owur char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
__owur unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
__owur int SSL_get_fd(const SSL *s);
__owur int SSL_get_rfd(const SSL *s);

6
ssl/s3_lib.c
View file

@ -4763,9 +4763,9 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
{
SSL_CIPHER c;
const SSL_CIPHER *cp;
unsigned long id;
uint32_t id;
id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
@ -4915,7 +4915,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
{
int ret = 0;
int nostrict = 1;
unsigned long alg_k, alg_a = 0;
uint32_t alg_k, alg_a = 0;
/* If we have custom certificate types set, use them */
if (s->cert->ctypes) {

87
ssl/ssl_ciph.c
View file

@ -173,7 +173,7 @@
/* NB: make sure indices in these tables match values above */
typedef struct {
unsigned long mask;
uint32_t mask;
int nid;
} ssl_cipher_table;
@ -239,7 +239,7 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
/* Utility function for table lookup */
static int ssl_cipher_info_find(const ssl_cipher_table * table,
size_t table_cnt, unsigned long mask)
size_t table_cnt, uint32_t mask)
{
size_t i;
for (i = 0; i < table_cnt; i++, table++) {
@ -463,10 +463,10 @@ static int get_optional_pkey_id(const char *pkey_name)
#endif
/* masks of disabled algorithms */
static unsigned long disabled_enc_mask;
static unsigned long disabled_mac_mask;
static unsigned long disabled_mkey_mask;
static unsigned long disabled_auth_mask;
static uint32_t disabled_enc_mask;
static uint32_t disabled_mac_mask;
static uint32_t disabled_mkey_mask;
static uint32_t disabled_auth_mask;
void ssl_load_ciphers(void)
{
@ -745,11 +745,11 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
int num_of_ciphers,
unsigned long disabled_mkey,
unsigned long disabled_auth,
unsigned long disabled_enc,
unsigned long disabled_mac,
unsigned long disabled_ssl,
uint32_t disabled_mkey,
uint32_t disabled_auth,
uint32_t disabled_enc,
uint32_t disabled_mac,
uint32_t disabled_ssl,
CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p)
@ -813,21 +813,21 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
int num_of_group_aliases,
unsigned long disabled_mkey,
unsigned long disabled_auth,
unsigned long disabled_enc,
unsigned long disabled_mac,
unsigned long disabled_ssl,
uint32_t disabled_mkey,
uint32_t disabled_auth,
uint32_t disabled_enc,
uint32_t disabled_mac,
uint32_t disabled_ssl,
CIPHER_ORDER *head)
{
CIPHER_ORDER *ciph_curr;
const SSL_CIPHER **ca_curr;
int i;
unsigned long mask_mkey = ~disabled_mkey;
unsigned long mask_auth = ~disabled_auth;
unsigned long mask_enc = ~disabled_enc;
unsigned long mask_mac = ~disabled_mac;
unsigned long mask_ssl = ~disabled_ssl;
uint32_t mask_mkey = ~disabled_mkey;
uint32_t mask_auth = ~disabled_auth;
uint32_t mask_enc = ~disabled_enc;
uint32_t mask_mac = ~disabled_mac;
uint32_t mask_ssl = ~disabled_ssl;
/*
* First, add the real ciphers as already collected
@ -847,11 +847,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
* or represent a cipher strength value (will be added in any case because algorithms=0).
*/
for (i = 0; i < num_of_group_aliases; i++) {
unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
uint32_t algorithm_mkey = cipher_aliases[i].algorithm_mkey;
uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth;
uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc;
uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac;
uint32_t algorithm_ssl = cipher_aliases[i].algorithm_ssl;
if (algorithm_mkey)
if ((algorithm_mkey & mask_mkey) == 0)
@ -880,14 +880,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
*ca_curr = NULL; /* end of list */
}
static void ssl_cipher_apply_rule(unsigned long cipher_id,
unsigned long alg_mkey,
unsigned long alg_auth,
unsigned long alg_enc,
unsigned long alg_mac,
unsigned long alg_ssl,
unsigned long algo_strength, int rule,
int strength_bits, CIPHER_ORDER **head_p,
static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
uint32_t alg_auth, uint32_t alg_enc,
uint32_t alg_mac, uint32_t alg_ssl,
uint32_t algo_strength, int rule,
int32_t strength_bits, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p)
{
CIPHER_ORDER *head, *tail, *curr, *next, *last;
@ -1024,7 +1021,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p)
{
int max_strength_bits, i, *number_uses;
int32_t max_strength_bits;
int i, *number_uses;
CIPHER_ORDER *curr;
/*
@ -1073,11 +1071,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
CIPHER_ORDER **tail_p,
const SSL_CIPHER **ca_list, CERT *c)
{
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl,
algo_strength;
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
const char *l, *buf;
int j, multi, found, rule, retval, ok, buflen;
unsigned long cipher_id = 0;
uint32_t cipher_id = 0;
char ch;
retval = 1;
@ -1409,7 +1406,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
const char *rule_str, CERT *c)
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
disabled_ssl;
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p;
@ -1607,7 +1604,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
int is_export, pkl, kl;
const char *ver, *exp_str;
const char *kx, *au, *enc, *mac;
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
static const char *format =
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
@ -1829,19 +1826,19 @@ const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
}
/* number of bits for symmetric cipher */
int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits)
{
int ret = 0;
int32_t ret = 0;
if (c != NULL) {
if (alg_bits != NULL)
*alg_bits = c->alg_bits;
ret = c->strength_bits;
}
return (ret);
return ret;
}
unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c)
{
return c->id;
}
@ -1970,7 +1967,7 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
/* For a cipher return the index corresponding to the certificate type */
int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
{
unsigned long alg_k, alg_a;
uint32_t alg_k, alg_a;
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;

24
ssl/ssl_lib.c
View file

@ -1224,25 +1224,21 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
{
long l;
l = a->id - b->id;
if (l == 0L)
return (0);
else
return ((l > 0) ? 1 : -1);
if (a->id > b->id)
return 1;
if (a->id < b->id)
return -1;
return 0;
}
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp)
{
long l;
l = (*ap)->id - (*bp)->id;
if (l == 0L)
return (0);
else
return ((l > 0) ? 1 : -1);
if ((*ap)->id > (*bp)->id)
return 1;
if ((*ap)->id < (*bp)->id)
return -1;
return 0;
}
/** return a STACK of the ciphers available for the SSL and in order of

38
ssl/ssl_locl.h
View file

@ -537,22 +537,22 @@
#define TLS_CIPHER_LEN 2
/* used to hold info on the particular ciphers used */
struct ssl_cipher_st {
int valid;
const char *name; /* text name */
unsigned long id; /* id, 4 bytes, first is version */
uint32_t valid;
const char *name; /* text name */
uint32_t id; /* id, 4 bytes, first is version */
/*
* changed in 0.9.9: these four used to be portions of a single value
* changed in 1.0.0: these four used to be portions of a single value
* 'algorithms'
*/
unsigned long algorithm_mkey; /* key exchange algorithm */
unsigned long algorithm_auth; /* server authentication */
unsigned long algorithm_enc; /* symmetric encryption */
unsigned long algorithm_mac; /* symmetric authentication */
unsigned long algorithm_ssl; /* (major) protocol version */
unsigned long algo_strength; /* strength and export flags */
unsigned long algorithm2; /* Extra flags */
int strength_bits; /* Number of bits really used */
int alg_bits; /* Number of bits for algorithm */
uint32_t algorithm_mkey; /* key exchange algorithm */
uint32_t algorithm_auth; /* server authentication */
uint32_t algorithm_enc; /* symmetric encryption */
uint32_t algorithm_mac; /* symmetric authentication */
uint32_t algorithm_ssl; /* (major) protocol version */
uint32_t algo_strength; /* strength and export flags */
uint32_t algorithm2; /* Extra flags */
int32_t strength_bits; /* Number of bits really used */
uint32_t alg_bits; /* Number of bits for algorithm */
};
/* Used to hold SSL/TLS functions */
@ -1308,12 +1308,12 @@ typedef struct ssl3_state_st {
* that are supported by the certs below. For clients they are masks of
* *disabled* algorithms based on the current session.
*/
unsigned long mask_k;
unsigned long mask_a;
unsigned long export_mask_k;
unsigned long export_mask_a;
uint32_t mask_k;
uint32_t mask_a;
uint32_t export_mask_k;
uint32_t export_mask_a;
/* Client only */
unsigned long mask_ssl;
uint32_t mask_ssl;
} tmp;
/* Connection binding to prevent renegotiation attacks */
@ -2062,7 +2062,7 @@ __owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
const EVP_MD *md);
__owur int tls12_get_sigid(const EVP_PKEY *pk);
__owur const EVP_MD *tls12_get_hash(unsigned char hash_alg);
void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op);
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);

2
ssl/t1_lib.c
View file

@ -3310,7 +3310,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const unsigned char *ptmp)
* disabled.
*/
void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op)
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
{
const unsigned char *sigalgs;
size_t i, sigalgslen;

4
test/ssltest.c
View file

@ -3082,7 +3082,7 @@ static int do_test_cipherlist(void)
if (tci != NULL)
if (ci->id >= tci->id) {
fprintf(stderr, "testing SSLv3 cipher list order: ");
fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
return 0;
}
tci = ci;
@ -3094,7 +3094,7 @@ static int do_test_cipherlist(void)
if (tci != NULL)
if (ci->id >= tci->id) {
fprintf(stderr, "testing TLSv1 cipher list order: ");
fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
return 0;
}
tci = ci;