generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Some fixes for kerberos builds.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2009-04-21 22:20:12 +00:00
parent d8faad27b7
commit 21fb688d26
5 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/d1_clnt.c
View File

@ -115,6 +115,9 @@
#include <stdio.h> #include <stdio.h>
#include "ssl_locl.h" #include "ssl_locl.h"
#ifndef OPENSSL_NO_KRB5
#include "kssl_lcl.h"
#endif
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/objects.h> #include <openssl/objects.h>
@ -892,7 +895,7 @@ int dtls1_send_client_key_exchange(SSL *s)
sizeof tmp_buf); sizeof tmp_buf);
EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
outl += padl; outl += padl;
if (outl > sizeof epms) if (outl > (int)sizeof epms)
{ {
SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err; goto err;

13
ssl/kssl.c
View File

@ -76,6 +76,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/krb5_asn.h> #include <openssl/krb5_asn.h>
#include "kssl_lcl.h"
#ifndef OPENSSL_NO_KRB5 #ifndef OPENSSL_NO_KRB5
@ -839,7 +840,7 @@ kssl_map_enc(krb5_enctype enctype)
** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and ** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
** xx and yy are possibly multi-byte length fields. ** xx and yy are possibly multi-byte length fields.
*/ */
int kssl_test_confound(unsigned char *p) static int kssl_test_confound(unsigned char *p)
{ {
int len = 2; int len = 2;
int xx = 0, yy = 0; int xx = 0, yy = 0;
@ -874,7 +875,7 @@ int kssl_test_confound(unsigned char *p)
** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 ** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2
** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. ** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010.
*/ */
size_t *populate_cksumlens(void) static size_t *populate_cksumlens(void)
{ {
int i, j, n; int i, j, n;
static size_t *cklens = NULL; static size_t *cklens = NULL;
@ -1025,7 +1026,7 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
/* Display contents of krb5_principal_data struct, for debugging /* Display contents of krb5_principal_data struct, for debugging
** (krb5_principal is typedef'd == krb5_principal_data *) ** (krb5_principal is typedef'd == krb5_principal_data *)
*/ */
void static void
print_krb5_princ(char *label, krb5_principal_data *princ) print_krb5_princ(char *label, krb5_principal_data *princ)
{ {
int i, ui, uj; int i, ui, uj;
@ -1224,7 +1225,7 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
** code here. This tkt should alloc/free just ** code here. This tkt should alloc/free just
** like the real thing. ** like the real thing.
*/ */
krb5_error_code static krb5_error_code
kssl_TKT2tkt( /* IN */ krb5_context krb5context, kssl_TKT2tkt( /* IN */ krb5_context krb5context,
/* IN */ KRB5_TKTBODY *asn1ticket, /* IN */ KRB5_TKTBODY *asn1ticket,
/* OUT */ krb5_ticket **krb5ticket, /* OUT */ krb5_ticket **krb5ticket,
@ -1899,7 +1900,7 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
** Return pointer to the (partially) filled in struct tm on success, ** Return pointer to the (partially) filled in struct tm on success,
** return NULL on failure. ** return NULL on failure.
*/ */
struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
{ {
char c, *p; char c, *p;
@ -1925,7 +1926,7 @@ struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
** So we try to sneek the clockskew out through the replay cache. ** So we try to sneek the clockskew out through the replay cache.
** If that fails just return a likely default (300 seconds). ** If that fails just return a likely default (300 seconds).
*/ */
krb5_deltat get_rc_clockskew(krb5_context context) static krb5_deltat get_rc_clockskew(krb5_context context)
{ {
krb5_rcache rc; krb5_rcache rc;
krb5_deltat clockskew; krb5_deltat clockskew;

2
ssl/kssl_lcl.h
View File

@ -75,7 +75,7 @@ void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
char *kstring(char *string); char *kstring(char *string);
char *knumber(int len, krb5_octet *contents); char *knumber(int len, krb5_octet *contents);
EVP_CIPHER *kssl_map_enc(krb5_enctype enctype); const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
int kssl_keytab_is_available(KSSL_CTX *kssl_ctx); int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
int kssl_tgt_is_available(KSSL_CTX *kssl_ctx); int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);

4
ssl/s3_clnt.c
View File

@ -2034,7 +2034,7 @@ int ssl3_send_client_key_exchange(SSL *s)
krb5_data *enc_ticket; krb5_data *enc_ticket;
krb5_data authenticator, *authp = NULL; krb5_data authenticator, *authp = NULL;
EVP_CIPHER_CTX ciph_ctx; EVP_CIPHER_CTX ciph_ctx;
EVP_CIPHER *enc = NULL; const EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
@ -2137,7 +2137,7 @@ int ssl3_send_client_key_exchange(SSL *s)
sizeof tmp_buf); sizeof tmp_buf);
EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
outl += padl; outl += padl;
if (outl > sizeof epms) if (outl > (int)sizeof epms)
{ {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err; goto err;

2
ssl/s3_srvr.c
View File

@ -2065,7 +2065,7 @@ int ssl3_get_client_key_exchange(SSL *s)
krb5_data enc_pms; krb5_data enc_pms;
KSSL_CTX *kssl_ctx = s->kssl_ctx; KSSL_CTX *kssl_ctx = s->kssl_ctx;
EVP_CIPHER_CTX ciph_ctx; EVP_CIPHER_CTX ciph_ctx;
EVP_CIPHER *enc = NULL; const EVP_CIPHER *enc = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
+ EVP_MAX_BLOCK_LENGTH]; + EVP_MAX_BLOCK_LENGTH];