generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use uint32_t and int32_t for SSL_CIPHER structure.

Browse Source 
Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-11-05 16:14:17 +00:00
parent d99b0691d3
commit 90d9e49a4b
7 changed files with 79 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/openssl/ssl.h
View File

@ -1380,10 +1380,10 @@ __owur int SSL_clear(SSL *s);
void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); __owur int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits);
__owur char *SSL_CIPHER_get_version(const SSL_CIPHER *c); __owur char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
__owur unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); __owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
__owur int SSL_get_fd(const SSL *s); __owur int SSL_get_fd(const SSL *s);
__owur int SSL_get_rfd(const SSL *s); __owur int SSL_get_rfd(const SSL *s);

6
ssl/s3_lib.c
View File

@ -4763,9 +4763,9 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
{ {
SSL_CIPHER c; SSL_CIPHER c;
const SSL_CIPHER *cp; const SSL_CIPHER *cp;
unsigned long id; uint32_t id;
id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
c.id = id; c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
@ -4915,7 +4915,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
{ {
int ret = 0; int ret = 0;
int nostrict = 1; int nostrict = 1;
unsigned long alg_k, alg_a = 0; uint32_t alg_k, alg_a = 0;
/* If we have custom certificate types set, use them */ /* If we have custom certificate types set, use them */
if (s->cert->ctypes) { if (s->cert->ctypes) {

87
ssl/ssl_ciph.c
View File

@ -173,7 +173,7 @@
/* NB: make sure indices in these tables match values above */ /* NB: make sure indices in these tables match values above */
typedef struct { typedef struct {
unsigned long mask; uint32_t mask;
int nid; int nid;
} ssl_cipher_table; } ssl_cipher_table;
@ -239,7 +239,7 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
/* Utility function for table lookup */ /* Utility function for table lookup */
static int ssl_cipher_info_find(const ssl_cipher_table * table, static int ssl_cipher_info_find(const ssl_cipher_table * table,
size_t table_cnt, unsigned long mask) size_t table_cnt, uint32_t mask)
{ {
size_t i; size_t i;
for (i = 0; i < table_cnt; i++, table++) { for (i = 0; i < table_cnt; i++, table++) {
@ -463,10 +463,10 @@ static int get_optional_pkey_id(const char *pkey_name)
#endif #endif
/* masks of disabled algorithms */ /* masks of disabled algorithms */
static unsigned long disabled_enc_mask; static uint32_t disabled_enc_mask;
static unsigned long disabled_mac_mask; static uint32_t disabled_mac_mask;
static unsigned long disabled_mkey_mask; static uint32_t disabled_mkey_mask;
static unsigned long disabled_auth_mask; static uint32_t disabled_auth_mask;
void ssl_load_ciphers(void) void ssl_load_ciphers(void)
{ {
@ -745,11 +745,11 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
int num_of_ciphers, int num_of_ciphers,
unsigned long disabled_mkey, uint32_t disabled_mkey,
unsigned long disabled_auth, uint32_t disabled_auth,
unsigned long disabled_enc, uint32_t disabled_enc,
unsigned long disabled_mac, uint32_t disabled_mac,
unsigned long disabled_ssl, uint32_t disabled_ssl,
CIPHER_ORDER *co_list, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p) CIPHER_ORDER **tail_p)
@ -813,21 +813,21 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
int num_of_group_aliases, int num_of_group_aliases,
unsigned long disabled_mkey, uint32_t disabled_mkey,
unsigned long disabled_auth, uint32_t disabled_auth,
unsigned long disabled_enc, uint32_t disabled_enc,
unsigned long disabled_mac, uint32_t disabled_mac,
unsigned long disabled_ssl, uint32_t disabled_ssl,
CIPHER_ORDER *head) CIPHER_ORDER *head)
{ {
CIPHER_ORDER *ciph_curr; CIPHER_ORDER *ciph_curr;
const SSL_CIPHER **ca_curr; const SSL_CIPHER **ca_curr;
int i; int i;
unsigned long mask_mkey = ~disabled_mkey; uint32_t mask_mkey = ~disabled_mkey;
unsigned long mask_auth = ~disabled_auth; uint32_t mask_auth = ~disabled_auth;
unsigned long mask_enc = ~disabled_enc; uint32_t mask_enc = ~disabled_enc;
unsigned long mask_mac = ~disabled_mac; uint32_t mask_mac = ~disabled_mac;
unsigned long mask_ssl = ~disabled_ssl; uint32_t mask_ssl = ~disabled_ssl;
/* /*
* First, add the real ciphers as already collected * First, add the real ciphers as already collected
@ -847,11 +847,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
* or represent a cipher strength value (will be added in any case because algorithms=0). * or represent a cipher strength value (will be added in any case because algorithms=0).
*/ */
for (i = 0; i < num_of_group_aliases; i++) { for (i = 0; i < num_of_group_aliases; i++) {
unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; uint32_t algorithm_mkey = cipher_aliases[i].algorithm_mkey;
unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth;
unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc;
unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac;
unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; uint32_t algorithm_ssl = cipher_aliases[i].algorithm_ssl;
if (algorithm_mkey) if (algorithm_mkey)
if ((algorithm_mkey & mask_mkey) == 0) if ((algorithm_mkey & mask_mkey) == 0)
@ -880,14 +880,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
*ca_curr = NULL; /* end of list */ *ca_curr = NULL; /* end of list */
} }
static void ssl_cipher_apply_rule(unsigned long cipher_id, static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
unsigned long alg_mkey, uint32_t alg_auth, uint32_t alg_enc,
unsigned long alg_auth, uint32_t alg_mac, uint32_t alg_ssl,
unsigned long alg_enc, uint32_t algo_strength, int rule,
unsigned long alg_mac, int32_t strength_bits, CIPHER_ORDER **head_p,
unsigned long alg_ssl,
unsigned long algo_strength, int rule,
int strength_bits, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p) CIPHER_ORDER **tail_p)
{ {
CIPHER_ORDER *head, *tail, *curr, *next, *last; CIPHER_ORDER *head, *tail, *curr, *next, *last;
@ -1024,7 +1021,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p) CIPHER_ORDER **tail_p)
{ {
int max_strength_bits, i, *number_uses; int32_t max_strength_bits;
int i, *number_uses;
CIPHER_ORDER *curr; CIPHER_ORDER *curr;
/* /*
@ -1073,11 +1071,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
CIPHER_ORDER **tail_p, CIPHER_ORDER **tail_p,
const SSL_CIPHER **ca_list, CERT *c) const SSL_CIPHER **ca_list, CERT *c)
{ {
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
algo_strength;
const char *l, *buf; const char *l, *buf;
int j, multi, found, rule, retval, ok, buflen; int j, multi, found, rule, retval, ok, buflen;
unsigned long cipher_id = 0; uint32_t cipher_id = 0;
char ch; char ch;
retval = 1; retval = 1;
@ -1409,7 +1406,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
const char *rule_str, CERT *c) const char *rule_str, CERT *c)
{ {
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
disabled_ssl; disabled_ssl;
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p; const char *rule_p;
@ -1607,7 +1604,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
int is_export, pkl, kl; int is_export, pkl, kl;
const char *ver, *exp_str; const char *ver, *exp_str;
const char *kx, *au, *enc, *mac; const char *kx, *au, *enc, *mac;
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
static const char *format = static const char *format =
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
@ -1829,19 +1826,19 @@ const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
} }
/* number of bits for symmetric cipher */ /* number of bits for symmetric cipher */
int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits)
{ {
int ret = 0; int32_t ret = 0;
if (c != NULL) { if (c != NULL) {
if (alg_bits != NULL) if (alg_bits != NULL)
*alg_bits = c->alg_bits; *alg_bits = c->alg_bits;
ret = c->strength_bits; ret = c->strength_bits;
} }
return (ret); return ret;
} }
unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c)
{ {
return c->id; return c->id;
} }
@ -1970,7 +1967,7 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
/* For a cipher return the index corresponding to the certificate type */ /* For a cipher return the index corresponding to the certificate type */
int ssl_cipher_get_cert_index(const SSL_CIPHER *c) int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
{ {
unsigned long alg_k, alg_a; uint32_t alg_k, alg_a;
alg_k = c->algorithm_mkey; alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth; alg_a = c->algorithm_auth;

24
ssl/ssl_lib.c
View File

@ -1224,25 +1224,21 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
{ {
long l; if (a->id > b->id)
return 1;
l = a->id - b->id; if (a->id < b->id)
if (l == 0L) return -1;
return (0); return 0;
else
return ((l > 0) ? 1 : -1);
} }
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp) const SSL_CIPHER *const *bp)
{ {
long l; if ((*ap)->id > (*bp)->id)
return 1;
l = (*ap)->id - (*bp)->id; if ((*ap)->id < (*bp)->id)
if (l == 0L) return -1;
return (0); return 0;
else
return ((l > 0) ? 1 : -1);
} }
/** return a STACK of the ciphers available for the SSL and in order of /** return a STACK of the ciphers available for the SSL and in order of

36
ssl/ssl_locl.h
View File

@ -537,22 +537,22 @@
#define TLS_CIPHER_LEN 2 #define TLS_CIPHER_LEN 2
/* used to hold info on the particular ciphers used */ /* used to hold info on the particular ciphers used */
struct ssl_cipher_st { struct ssl_cipher_st {
int valid; uint32_t valid;
const char *name; /* text name */ const char *name; /* text name */
unsigned long id; /* id, 4 bytes, first is version */ uint32_t id; /* id, 4 bytes, first is version */
/* /*
* changed in 0.9.9: these four used to be portions of a single value * changed in 1.0.0: these four used to be portions of a single value
* 'algorithms' * 'algorithms'
*/ */
unsigned long algorithm_mkey; /* key exchange algorithm */ uint32_t algorithm_mkey; /* key exchange algorithm */
unsigned long algorithm_auth; /* server authentication */ uint32_t algorithm_auth; /* server authentication */
unsigned long algorithm_enc; /* symmetric encryption */ uint32_t algorithm_enc; /* symmetric encryption */
unsigned long algorithm_mac; /* symmetric authentication */ uint32_t algorithm_mac; /* symmetric authentication */
unsigned long algorithm_ssl; /* (major) protocol version */ uint32_t algorithm_ssl; /* (major) protocol version */
unsigned long algo_strength; /* strength and export flags */ uint32_t algo_strength; /* strength and export flags */
unsigned long algorithm2; /* Extra flags */ uint32_t algorithm2; /* Extra flags */
int strength_bits; /* Number of bits really used */ int32_t strength_bits; /* Number of bits really used */
int alg_bits; /* Number of bits for algorithm */ uint32_t alg_bits; /* Number of bits for algorithm */
}; };
/* Used to hold SSL/TLS functions */ /* Used to hold SSL/TLS functions */
@ -1308,12 +1308,12 @@ typedef struct ssl3_state_st {
* that are supported by the certs below. For clients they are masks of * that are supported by the certs below. For clients they are masks of
* *disabled* algorithms based on the current session. * *disabled* algorithms based on the current session.
*/ */
unsigned long mask_k; uint32_t mask_k;
unsigned long mask_a; uint32_t mask_a;
unsigned long export_mask_k; uint32_t export_mask_k;
unsigned long export_mask_a; uint32_t export_mask_a;
/* Client only */ /* Client only */
unsigned long mask_ssl; uint32_t mask_ssl;
} tmp; } tmp;
/* Connection binding to prevent renegotiation attacks */ /* Connection binding to prevent renegotiation attacks */
@ -2062,7 +2062,7 @@ __owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
const EVP_MD *md); const EVP_MD *md);
__owur int tls12_get_sigid(const EVP_PKEY *pk); __owur int tls12_get_sigid(const EVP_PKEY *pk);
__owur const EVP_MD *tls12_get_hash(unsigned char hash_alg); __owur const EVP_MD *tls12_get_hash(unsigned char hash_alg);
void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op); void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client); __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);

2
ssl/t1_lib.c
View File

@ -3310,7 +3310,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const unsigned char *ptmp)
* disabled. * disabled.
*/ */
void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op) void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
{ {
const unsigned char *sigalgs; const unsigned char *sigalgs;
size_t i, sigalgslen; size_t i, sigalgslen;

4
test/ssltest.c
View File

@ -3082,7 +3082,7 @@ static int do_test_cipherlist(void)
if (tci != NULL) if (tci != NULL)
if (ci->id >= tci->id) { if (ci->id >= tci->id) {
fprintf(stderr, "testing SSLv3 cipher list order: "); fprintf(stderr, "testing SSLv3 cipher list order: ");
fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
return 0; return 0;
} }
tci = ci; tci = ci;
@ -3094,7 +3094,7 @@ static int do_test_cipherlist(void)
if (tci != NULL) if (tci != NULL)
if (ci->id >= tci->id) { if (ci->id >= tci->id) {
fprintf(stderr, "testing TLSv1 cipher list order: "); fprintf(stderr, "testing TLSv1 cipher list order: ");
fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
return 0; return 0;
} }
tci = ci; tci = ci;