diff options
| -rw-r--r-- | include/openssl/ssl.h | 4 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 6 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 87 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 24 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 38 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 2 | ||||
| -rw-r--r-- | test/ssltest.c | 4 |
7 files changed, 79 insertions, 86 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 6dc88c8..dbef255 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1380,10 +1380,10 @@ __owur int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +__owur int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits); __owur char *SSL_CIPHER_get_version(const SSL_CIPHER *c); __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); -__owur unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); __owur int SSL_get_fd(const SSL *s); __owur int SSL_get_rfd(const SSL *s); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 39d08a0..1c7e7a2 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4763,9 +4763,9 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { SSL_CIPHER c; const SSL_CIPHER *cp; - unsigned long id; + uint32_t id; - id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; + id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1]; c.id = id; cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES @@ -4915,7 +4915,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) { int ret = 0; int nostrict = 1; - unsigned long alg_k, alg_a = 0; + uint32_t alg_k, alg_a = 0; /* If we have custom certificate types set, use them */ if (s->cert->ctypes) { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 46763d7..581c8a0 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -173,7 +173,7 @@ /* NB: make sure indices in these tables match values above */ typedef struct { - unsigned long mask; + uint32_t mask; int nid; } ssl_cipher_table; @@ -239,7 +239,7 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { /* Utility function for table lookup */ static int ssl_cipher_info_find(const ssl_cipher_table * table, - size_t table_cnt, unsigned long mask) + size_t table_cnt, uint32_t mask) { size_t i; for (i = 0; i < table_cnt; i++, table++) { @@ -463,10 +463,10 @@ static int get_optional_pkey_id(const char *pkey_name) #endif /* masks of disabled algorithms */ -static unsigned long disabled_enc_mask; -static unsigned long disabled_mac_mask; -static unsigned long disabled_mkey_mask; -static unsigned long disabled_auth_mask; +static uint32_t disabled_enc_mask; +static uint32_t disabled_mac_mask; +static uint32_t disabled_mkey_mask; +static uint32_t disabled_auth_mask; void ssl_load_ciphers(void) { @@ -745,11 +745,11 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, - unsigned long disabled_mkey, - unsigned long disabled_auth, - unsigned long disabled_enc, - unsigned long disabled_mac, - unsigned long disabled_ssl, + uint32_t disabled_mkey, + uint32_t disabled_auth, + uint32_t disabled_enc, + uint32_t disabled_mac, + uint32_t disabled_ssl, CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) @@ -813,21 +813,21 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases, - unsigned long disabled_mkey, - unsigned long disabled_auth, - unsigned long disabled_enc, - unsigned long disabled_mac, - unsigned long disabled_ssl, + uint32_t disabled_mkey, + uint32_t disabled_auth, + uint32_t disabled_enc, + uint32_t disabled_mac, + uint32_t disabled_ssl, CIPHER_ORDER *head) { CIPHER_ORDER *ciph_curr; const SSL_CIPHER **ca_curr; int i; - unsigned long mask_mkey = ~disabled_mkey; - unsigned long mask_auth = ~disabled_auth; - unsigned long mask_enc = ~disabled_enc; - unsigned long mask_mac = ~disabled_mac; - unsigned long mask_ssl = ~disabled_ssl; + uint32_t mask_mkey = ~disabled_mkey; + uint32_t mask_auth = ~disabled_auth; + uint32_t mask_enc = ~disabled_enc; + uint32_t mask_mac = ~disabled_mac; + uint32_t mask_ssl = ~disabled_ssl; /* * First, add the real ciphers as already collected @@ -847,11 +847,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, * or represent a cipher strength value (will be added in any case because algorithms=0). */ for (i = 0; i < num_of_group_aliases; i++) { - unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; - unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; - unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; - unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; - unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; + uint32_t algorithm_mkey = cipher_aliases[i].algorithm_mkey; + uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth; + uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc; + uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac; + uint32_t algorithm_ssl = cipher_aliases[i].algorithm_ssl; if (algorithm_mkey) if ((algorithm_mkey & mask_mkey) == 0) @@ -880,14 +880,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, *ca_curr = NULL; /* end of list */ } -static void ssl_cipher_apply_rule(unsigned long cipher_id, - unsigned long alg_mkey, - unsigned long alg_auth, - unsigned long alg_enc, - unsigned long alg_mac, - unsigned long alg_ssl, - unsigned long algo_strength, int rule, - int strength_bits, CIPHER_ORDER **head_p, +static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, + uint32_t alg_auth, uint32_t alg_enc, + uint32_t alg_mac, uint32_t alg_ssl, + uint32_t algo_strength, int rule, + int32_t strength_bits, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { CIPHER_ORDER *head, *tail, *curr, *next, *last; @@ -1024,7 +1021,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { - int max_strength_bits, i, *number_uses; + int32_t max_strength_bits; + int i, *number_uses; CIPHER_ORDER *curr; /* @@ -1073,11 +1071,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list, CERT *c) { - unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, - algo_strength; + uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; const char *l, *buf; int j, multi, found, rule, retval, ok, buflen; - unsigned long cipher_id = 0; + uint32_t cipher_id = 0; char ch; retval = 1; @@ -1409,7 +1406,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK const char *rule_str, CERT *c) { int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; - unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, + uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; const char *rule_p; @@ -1607,7 +1604,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) int is_export, pkl, kl; const char *ver, *exp_str; const char *kx, *au, *enc, *mac; - unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; + uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; @@ -1829,19 +1826,19 @@ const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) } /* number of bits for symmetric cipher */ -int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) +int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits) { - int ret = 0; + int32_t ret = 0; if (c != NULL) { if (alg_bits != NULL) *alg_bits = c->alg_bits; ret = c->strength_bits; } - return (ret); + return ret; } -unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) +uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c) { return c->id; } @@ -1970,7 +1967,7 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp) /* For a cipher return the index corresponding to the certificate type */ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) { - unsigned long alg_k, alg_a; + uint32_t alg_k, alg_a; alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a8e2093..0674cb4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1224,25 +1224,21 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) { - long l; - - l = a->id - b->id; - if (l == 0L) - return (0); - else - return ((l > 0) ? 1 : -1); + if (a->id > b->id) + return 1; + if (a->id < b->id) + return -1; + return 0; } int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp) { - long l; - - l = (*ap)->id - (*bp)->id; - if (l == 0L) - return (0); - else - return ((l > 0) ? 1 : -1); + if ((*ap)->id > (*bp)->id) + return 1; + if ((*ap)->id < (*bp)->id) + return -1; + return 0; } /** return a STACK of the ciphers available for the SSL and in order of diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 5a94066..74fdec6 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -537,22 +537,22 @@ #define TLS_CIPHER_LEN 2 /* used to hold info on the particular ciphers used */ struct ssl_cipher_st { - int valid; - const char *name; /* text name */ - unsigned long id; /* id, 4 bytes, first is version */ + uint32_t valid; + const char *name; /* text name */ + uint32_t id; /* id, 4 bytes, first is version */ /* - * changed in 0.9.9: these four used to be portions of a single value + * changed in 1.0.0: these four used to be portions of a single value * 'algorithms' */ - unsigned long algorithm_mkey; /* key exchange algorithm */ - unsigned long algorithm_auth; /* server authentication */ - unsigned long algorithm_enc; /* symmetric encryption */ - unsigned long algorithm_mac; /* symmetric authentication */ - unsigned long algorithm_ssl; /* (major) protocol version */ - unsigned long algo_strength; /* strength and export flags */ - unsigned long algorithm2; /* Extra flags */ - int strength_bits; /* Number of bits really used */ - int alg_bits; /* Number of bits for algorithm */ + uint32_t algorithm_mkey; /* key exchange algorithm */ + uint32_t algorithm_auth; /* server authentication */ + uint32_t algorithm_enc; /* symmetric encryption */ + uint32_t algorithm_mac; /* symmetric authentication */ + uint32_t algorithm_ssl; /* (major) protocol version */ + uint32_t algo_strength; /* strength and export flags */ + uint32_t algorithm2; /* Extra flags */ + int32_t strength_bits; /* Number of bits really used */ + uint32_t alg_bits; /* Number of bits for algorithm */ }; /* Used to hold SSL/TLS functions */ @@ -1308,12 +1308,12 @@ typedef struct ssl3_state_st { * that are supported by the certs below. For clients they are masks of * *disabled* algorithms based on the current session. */ - unsigned long mask_k; - unsigned long mask_a; - unsigned long export_mask_k; - unsigned long export_mask_a; + uint32_t mask_k; + uint32_t mask_a; + uint32_t export_mask_k; + uint32_t export_mask_a; /* Client only */ - unsigned long mask_ssl; + uint32_t mask_ssl; } tmp; /* Connection binding to prevent renegotiation attacks */ @@ -2062,7 +2062,7 @@ __owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md); __owur int tls12_get_sigid(const EVP_PKEY *pk); __owur const EVP_MD *tls12_get_hash(unsigned char hash_alg); -void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op); +void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op); __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 2db0d74..b31eae1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3310,7 +3310,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const unsigned char *ptmp) * disabled. */ -void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op) +void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) { const unsigned char *sigalgs; size_t i, sigalgslen; diff --git a/test/ssltest.c b/test/ssltest.c index e951788..c46c211 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -3082,7 +3082,7 @@ static int do_test_cipherlist(void) if (tci != NULL) if (ci->id >= tci->id) { fprintf(stderr, "testing SSLv3 cipher list order: "); - fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); + fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id); return 0; } tci = ci; @@ -3094,7 +3094,7 @@ static int do_test_cipherlist(void) if (tci != NULL) if (ci->id >= tci->id) { fprintf(stderr, "testing TLSv1 cipher list order: "); - fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); + fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id); return 0; } tci = ci; |