[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Sun Nov 8 14:04:41 UTC 2015
The branch master has been updated
via 36e79832d33a5e5ec11a21071c4889ff25d47075 (commit)
via 90d9e49a4b2344a7a313eed70becb6cd3bf152e9 (commit)
from d99b0691d3a5d215e8d4dbe1b7224e066153fe2c (commit)
- Log -----------------------------------------------------------------
commit 36e79832d33a5e5ec11a21071c4889ff25d47075
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Nov 7 13:22:54 2015 +0000
Replace L suffix with U
Reviewed-by: Andy Polyakov <appro at openssl.org>
commit 90d9e49a4b2344a7a313eed70becb6cd3bf152e9
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Nov 5 16:14:17 2015 +0000
Use uint32_t and int32_t for SSL_CIPHER structure.
Reviewed-by: Andy Polyakov <appro at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
include/openssl/ssl.h | 82 ++++++++++++-------------
ssl/s3_lib.c | 6 +-
ssl/ssl_ciph.c | 87 +++++++++++++--------------
ssl/ssl_lib.c | 24 ++++----
ssl/ssl_locl.h | 162 +++++++++++++++++++++++++-------------------------
ssl/t1_lib.c | 2 +-
test/ssltest.c | 4 +-
7 files changed, 180 insertions(+), 187 deletions(-)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 6dc88c8..28322eb 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -357,17 +357,17 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
size_t inlen, int *al, void *parse_arg);
/* Allow initial connection to servers that don't support RI */
-# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
+# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U
/* Removed from OpenSSL 0.9.8q and 1.0.0c */
/* Dead forever, see CVE-2010-4180. */
-# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0L
-# define SSL_OP_TLSEXT_PADDING 0x00000010L
-# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
-# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
-# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
-# define SSL_OP_TLS_D5_BUG 0x00000100L
+# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0U
+# define SSL_OP_TLSEXT_PADDING 0x00000010U
+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020U
+# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080U
+# define SSL_OP_TLS_D5_BUG 0x00000100U
/* Removed from OpenSSL 1.1.0 */
-# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0L
+# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U
/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
@@ -385,55 +385,55 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
* SSL_OP_ALL.
*/
/* added in 0.9.6e */
-# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L
+# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U
/*
* SSL_OP_ALL: various bug workarounds that should be rather harmless. This
* used to be 0x000FFFFFL before 0.9.7.
*/
-# define SSL_OP_ALL 0x80000BFFL
+# define SSL_OP_ALL 0x80000BFFU
/* DTLS options */
-# define SSL_OP_NO_QUERY_MTU 0x00001000L
+# define SSL_OP_NO_QUERY_MTU 0x00001000U
/* Turn on Cookie Exchange (on relevant for servers) */
-# define SSL_OP_COOKIE_EXCHANGE 0x00002000L
+# define SSL_OP_COOKIE_EXCHANGE 0x00002000U
/* Don't use RFC4507 ticket extension */
-# define SSL_OP_NO_TICKET 0x00004000L
+# define SSL_OP_NO_TICKET 0x00004000U
/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
-# define SSL_OP_CISCO_ANYCONNECT 0x00008000L
+# define SSL_OP_CISCO_ANYCONNECT 0x00008000U
/* As server, disallow session resumption on renegotiation */
-# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
+# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U
/* Don't use compression even if supported */
-# define SSL_OP_NO_COMPRESSION 0x00020000L
+# define SSL_OP_NO_COMPRESSION 0x00020000U
/* Permit unsafe legacy renegotiation */
-# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
+# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U
/* If set, always create a new key when using tmp_ecdh parameters */
-# define SSL_OP_SINGLE_ECDH_USE 0x00080000L
+# define SSL_OP_SINGLE_ECDH_USE 0x00080000U
/* If set, always create a new key when using tmp_dh parameters */
-# define SSL_OP_SINGLE_DH_USE 0x00100000L
+# define SSL_OP_SINGLE_DH_USE 0x00100000U
/* Does nothing: retained for compatibiity */
# define SSL_OP_EPHEMERAL_RSA 0x0
/*
* Set on servers to choose the cipher according to the server's preferences
*/
-# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
+# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U
/*
* If set, a server will allow a client to issue a SSLv3.0 version number as
* latest version supported in the premaster secret, even when TLSv1.0
* (version 3.1) was announced in the client hello. Normally this is
* forbidden to prevent version rollback attacks.
*/
-# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
+# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U
-# define SSL_OP_NO_SSLv2 0x00000000L
-# define SSL_OP_NO_SSLv3 0x02000000L
-# define SSL_OP_NO_TLSv1 0x04000000L
-# define SSL_OP_NO_TLSv1_2 0x08000000L
-# define SSL_OP_NO_TLSv1_1 0x10000000L
+# define SSL_OP_NO_SSLv2 0x00000000U
+# define SSL_OP_NO_SSLv3 0x02000000U
+# define SSL_OP_NO_TLSv1 0x04000000U
+# define SSL_OP_NO_TLSv1_2 0x08000000U
+# define SSL_OP_NO_TLSv1_1 0x10000000U
-# define SSL_OP_NO_DTLSv1 0x04000000L
-# define SSL_OP_NO_DTLSv1_2 0x08000000L
+# define SSL_OP_NO_DTLSv1 0x04000000U
+# define SSL_OP_NO_DTLSv1_2 0x08000000U
# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)
@@ -442,45 +442,45 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
# define SSL_OP_PKCS1_CHECK_1 0x0
# define SSL_OP_PKCS1_CHECK_2 0x0
# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0
-# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0L
+# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0U
/*
* Make server add server-hello extension from early version of cryptopro
* draft, when GOST ciphersuite is negotiated. Required for interoperability
* with CryptoPro CSP 3.x
*/
-# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L
+# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U
/*
* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
* when just a single record has been written):
*/
-# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
+# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U
/*
* Make it possible to retry SSL_write() with changed buffer location (buffer
* contents must stay the same!); this is not the default to avoid the
* misconception that non-blocking SSL_write() behaves like non-blocking
* write():
*/
-# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
+# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U
/*
* Never bother the application with retries if the transport is blocking:
*/
-# define SSL_MODE_AUTO_RETRY 0x00000004L
+# define SSL_MODE_AUTO_RETRY 0x00000004U
/* Don't attempt to automatically build certificate chain */
-# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
+# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U
/*
* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
* TLS only.) "Released" buffers are put onto a free-list in the context or
* just freed (depending on the context's setting for freelist_max_len).
*/
-# define SSL_MODE_RELEASE_BUFFERS 0x00000010L
+# define SSL_MODE_RELEASE_BUFFERS 0x00000010U
/*
* Send the current time in the Random fields of the ClientHello and
* ServerHello records for compatibility with hypothetical implementations
* that require it.
*/
-# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
-# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
+# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U
+# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U
/*
* Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
* that reconnect with a downgraded protocol version; see
@@ -489,14 +489,14 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
* fallback retries, following the guidance in
* draft-ietf-tls-downgrade-scsv-00.
*/
-# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
+# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U
/* Cert related flags */
/*
* Many implementations ignore some aspects of the TLS standards such as
* enforcing certifcate chain algorithms. When this is set we enforce them.
*/
-# define SSL_CERT_FLAG_TLS_STRICT 0x00000001L
+# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U
/* Suite B modes, takes same values as certificate verify flags */
# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000
@@ -1380,10 +1380,10 @@ __owur int SSL_clear(SSL *s);
void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
+__owur int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits);
__owur char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
-__owur unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
+__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
__owur int SSL_get_fd(const SSL *s);
__owur int SSL_get_rfd(const SSL *s);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 39d08a0..1c7e7a2 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4763,9 +4763,9 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
{
SSL_CIPHER c;
const SSL_CIPHER *cp;
- unsigned long id;
+ uint32_t id;
- id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
+ id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
@@ -4915,7 +4915,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
{
int ret = 0;
int nostrict = 1;
- unsigned long alg_k, alg_a = 0;
+ uint32_t alg_k, alg_a = 0;
/* If we have custom certificate types set, use them */
if (s->cert->ctypes) {
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 46763d7..581c8a0 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -173,7 +173,7 @@
/* NB: make sure indices in these tables match values above */
typedef struct {
- unsigned long mask;
+ uint32_t mask;
int nid;
} ssl_cipher_table;
@@ -239,7 +239,7 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
/* Utility function for table lookup */
static int ssl_cipher_info_find(const ssl_cipher_table * table,
- size_t table_cnt, unsigned long mask)
+ size_t table_cnt, uint32_t mask)
{
size_t i;
for (i = 0; i < table_cnt; i++, table++) {
@@ -463,10 +463,10 @@ static int get_optional_pkey_id(const char *pkey_name)
#endif
/* masks of disabled algorithms */
-static unsigned long disabled_enc_mask;
-static unsigned long disabled_mac_mask;
-static unsigned long disabled_mkey_mask;
-static unsigned long disabled_auth_mask;
+static uint32_t disabled_enc_mask;
+static uint32_t disabled_mac_mask;
+static uint32_t disabled_mkey_mask;
+static uint32_t disabled_auth_mask;
void ssl_load_ciphers(void)
{
@@ -745,11 +745,11 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
int num_of_ciphers,
- unsigned long disabled_mkey,
- unsigned long disabled_auth,
- unsigned long disabled_enc,
- unsigned long disabled_mac,
- unsigned long disabled_ssl,
+ uint32_t disabled_mkey,
+ uint32_t disabled_auth,
+ uint32_t disabled_enc,
+ uint32_t disabled_mac,
+ uint32_t disabled_ssl,
CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p)
@@ -813,21 +813,21 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
int num_of_group_aliases,
- unsigned long disabled_mkey,
- unsigned long disabled_auth,
- unsigned long disabled_enc,
- unsigned long disabled_mac,
- unsigned long disabled_ssl,
+ uint32_t disabled_mkey,
+ uint32_t disabled_auth,
+ uint32_t disabled_enc,
+ uint32_t disabled_mac,
+ uint32_t disabled_ssl,
CIPHER_ORDER *head)
{
CIPHER_ORDER *ciph_curr;
const SSL_CIPHER **ca_curr;
int i;
- unsigned long mask_mkey = ~disabled_mkey;
- unsigned long mask_auth = ~disabled_auth;
- unsigned long mask_enc = ~disabled_enc;
- unsigned long mask_mac = ~disabled_mac;
- unsigned long mask_ssl = ~disabled_ssl;
+ uint32_t mask_mkey = ~disabled_mkey;
+ uint32_t mask_auth = ~disabled_auth;
+ uint32_t mask_enc = ~disabled_enc;
+ uint32_t mask_mac = ~disabled_mac;
+ uint32_t mask_ssl = ~disabled_ssl;
/*
* First, add the real ciphers as already collected
@@ -847,11 +847,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
* or represent a cipher strength value (will be added in any case because algorithms=0).
*/
for (i = 0; i < num_of_group_aliases; i++) {
- unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
- unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
- unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
- unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
- unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
+ uint32_t algorithm_mkey = cipher_aliases[i].algorithm_mkey;
+ uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth;
+ uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc;
+ uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac;
+ uint32_t algorithm_ssl = cipher_aliases[i].algorithm_ssl;
if (algorithm_mkey)
if ((algorithm_mkey & mask_mkey) == 0)
@@ -880,14 +880,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
*ca_curr = NULL; /* end of list */
}
-static void ssl_cipher_apply_rule(unsigned long cipher_id,
- unsigned long alg_mkey,
- unsigned long alg_auth,
- unsigned long alg_enc,
- unsigned long alg_mac,
- unsigned long alg_ssl,
- unsigned long algo_strength, int rule,
- int strength_bits, CIPHER_ORDER **head_p,
+static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
+ uint32_t alg_auth, uint32_t alg_enc,
+ uint32_t alg_mac, uint32_t alg_ssl,
+ uint32_t algo_strength, int rule,
+ int32_t strength_bits, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p)
{
CIPHER_ORDER *head, *tail, *curr, *next, *last;
@@ -1024,7 +1021,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p)
{
- int max_strength_bits, i, *number_uses;
+ int32_t max_strength_bits;
+ int i, *number_uses;
CIPHER_ORDER *curr;
/*
@@ -1073,11 +1071,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
CIPHER_ORDER **tail_p,
const SSL_CIPHER **ca_list, CERT *c)
{
- unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl,
- algo_strength;
+ uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
const char *l, *buf;
int j, multi, found, rule, retval, ok, buflen;
- unsigned long cipher_id = 0;
+ uint32_t cipher_id = 0;
char ch;
retval = 1;
@@ -1409,7 +1406,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
const char *rule_str, CERT *c)
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
- unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
+ uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
disabled_ssl;
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p;
@@ -1607,7 +1604,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
int is_export, pkl, kl;
const char *ver, *exp_str;
const char *kx, *au, *enc, *mac;
- unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
+ uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
static const char *format =
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
@@ -1829,19 +1826,19 @@ const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
}
/* number of bits for symmetric cipher */
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
+int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits)
{
- int ret = 0;
+ int32_t ret = 0;
if (c != NULL) {
if (alg_bits != NULL)
*alg_bits = c->alg_bits;
ret = c->strength_bits;
}
- return (ret);
+ return ret;
}
-unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
+uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c)
{
return c->id;
}
@@ -1970,7 +1967,7 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
/* For a cipher return the index corresponding to the certificate type */
int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
{
- unsigned long alg_k, alg_a;
+ uint32_t alg_k, alg_a;
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a8e2093..0674cb4 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1224,25 +1224,21 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
{
- long l;
-
- l = a->id - b->id;
- if (l == 0L)
- return (0);
- else
- return ((l > 0) ? 1 : -1);
+ if (a->id > b->id)
+ return 1;
+ if (a->id < b->id)
+ return -1;
+ return 0;
}
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp)
{
- long l;
-
- l = (*ap)->id - (*bp)->id;
- if (l == 0L)
- return (0);
- else
- return ((l > 0) ? 1 : -1);
+ if ((*ap)->id > (*bp)->id)
+ return 1;
+ if ((*ap)->id < (*bp)->id)
+ return -1;
+ return 0;
}
/** return a STACK of the ciphers available for the SSL and in order of
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 5a94066..e174def 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -293,33 +293,33 @@
/* Bits for algorithm_mkey (key exchange algorithm) */
/* RSA key exchange */
-# define SSL_kRSA 0x00000001L
+# define SSL_kRSA 0x00000001U
/* DH cert, RSA CA cert */
-# define SSL_kDHr 0x00000002L
+# define SSL_kDHr 0x00000002U
/* DH cert, DSA CA cert */
-# define SSL_kDHd 0x00000004L
+# define SSL_kDHd 0x00000004U
/* tmp DH key no DH cert */
-# define SSL_kDHE 0x00000008L
+# define SSL_kDHE 0x00000008U
/* synonym */
# define SSL_kEDH SSL_kDHE
/* ECDH cert, RSA CA cert */
-# define SSL_kECDHr 0x00000020L
+# define SSL_kECDHr 0x00000020U
/* ECDH cert, ECDSA CA cert */
-# define SSL_kECDHe 0x00000040L
+# define SSL_kECDHe 0x00000040U
/* ephemeral ECDH */
-# define SSL_kECDHE 0x00000080L
+# define SSL_kECDHE 0x00000080U
/* synonym */
# define SSL_kEECDH SSL_kECDHE
/* PSK */
-# define SSL_kPSK 0x00000100L
+# define SSL_kPSK 0x00000100U
/* GOST key exchange */
-# define SSL_kGOST 0x00000200L
+# define SSL_kGOST 0x00000200U
/* SRP */
-# define SSL_kSRP 0x00000400L
+# define SSL_kSRP 0x00000400U
-# define SSL_kRSAPSK 0x00000800L
-# define SSL_kECDHEPSK 0x00001000L
-# define SSL_kDHEPSK 0x00002000L
+# define SSL_kRSAPSK 0x00000800U
+# define SSL_kECDHEPSK 0x00001000U
+# define SSL_kDHEPSK 0x00002000U
/* all PSK */
@@ -327,62 +327,62 @@
/* Bits for algorithm_auth (server authentication) */
/* RSA auth */
-# define SSL_aRSA 0x00000001L
+# define SSL_aRSA 0x00000001U
/* DSS auth */
-# define SSL_aDSS 0x00000002L
+# define SSL_aDSS 0x00000002U
/* no auth (i.e. use ADH or AECDH) */
-# define SSL_aNULL 0x00000004L
+# define SSL_aNULL 0x00000004U
/* Fixed DH auth (kDHd or kDHr) */
-# define SSL_aDH 0x00000008L
+# define SSL_aDH 0x00000008U
/* Fixed ECDH auth (kECDHe or kECDHr) */
-# define SSL_aECDH 0x00000010L
+# define SSL_aECDH 0x00000010U
/* ECDSA auth*/
-# define SSL_aECDSA 0x00000040L
+# define SSL_aECDSA 0x00000040U
/* PSK auth */
-# define SSL_aPSK 0x00000080L
+# define SSL_aPSK 0x00000080U
/* GOST R 34.10-2001 signature auth */
-# define SSL_aGOST01 0x00000200L
+# define SSL_aGOST01 0x00000200U
/* SRP auth */
-# define SSL_aSRP 0x00000400L
+# define SSL_aSRP 0x00000400U
/* Bits for algorithm_enc (symmetric encryption) */
-# define SSL_DES 0x00000001L
-# define SSL_3DES 0x00000002L
-# define SSL_RC4 0x00000004L
-# define SSL_RC2 0x00000008L
-# define SSL_IDEA 0x00000010L
-# define SSL_eNULL 0x00000020L
-# define SSL_AES128 0x00000040L
-# define SSL_AES256 0x00000080L
-# define SSL_CAMELLIA128 0x00000100L
-# define SSL_CAMELLIA256 0x00000200L
-# define SSL_eGOST2814789CNT 0x00000400L
-# define SSL_SEED 0x00000800L
-# define SSL_AES128GCM 0x00001000L
-# define SSL_AES256GCM 0x00002000L
-# define SSL_AES128CCM 0x00004000L
-# define SSL_AES256CCM 0x00008000L
-# define SSL_AES128CCM8 0x00010000L
-# define SSL_AES256CCM8 0x00020000L
+# define SSL_DES 0x00000001U
+# define SSL_3DES 0x00000002U
+# define SSL_RC4 0x00000004U
+# define SSL_RC2 0x00000008U
+# define SSL_IDEA 0x00000010U
+# define SSL_eNULL 0x00000020U
+# define SSL_AES128 0x00000040U
+# define SSL_AES256 0x00000080U
+# define SSL_CAMELLIA128 0x00000100U
+# define SSL_CAMELLIA256 0x00000200U
+# define SSL_eGOST2814789CNT 0x00000400U
+# define SSL_SEED 0x00000800U
+# define SSL_AES128GCM 0x00001000U
+# define SSL_AES256GCM 0x00002000U
+# define SSL_AES128CCM 0x00004000U
+# define SSL_AES256CCM 0x00008000U
+# define SSL_AES128CCM8 0x00010000U
+# define SSL_AES256CCM8 0x00020000U
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
/* Bits for algorithm_mac (symmetric authentication) */
-# define SSL_MD5 0x00000001L
-# define SSL_SHA1 0x00000002L
-# define SSL_GOST94 0x00000004L
-# define SSL_GOST89MAC 0x00000008L
-# define SSL_SHA256 0x00000010L
-# define SSL_SHA384 0x00000020L
+# define SSL_MD5 0x00000001U
+# define SSL_SHA1 0x00000002U
+# define SSL_GOST94 0x00000004U
+# define SSL_GOST89MAC 0x00000008U
+# define SSL_SHA256 0x00000010U
+# define SSL_SHA384 0x00000020U
/* Not a real MAC, just an indication it is part of cipher */
-# define SSL_AEAD 0x00000040L
+# define SSL_AEAD 0x00000040U
/* Bits for algorithm_ssl (protocol version) */
-# define SSL_SSLV3 0x00000002L
+# define SSL_SSLV3 0x00000002U
# define SSL_TLSV1 SSL_SSLV3/* for now */
-# define SSL_TLSV1_2 0x00000004L
+# define SSL_TLSV1_2 0x00000004U
/* Bits for algorithm2 (handshake digests and other extra flags) */
@@ -428,24 +428,24 @@
* and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
* be possible.
*/
-# define SSL_EXP_MASK 0x00000003L
-# define SSL_STRONG_MASK 0x000001fcL
-# define SSL_DEFAULT_MASK 0X00000200L
+# define SSL_EXP_MASK 0x00000003U
+# define SSL_STRONG_MASK 0x000001fcU
+# define SSL_DEFAULT_MASK 0X00000200U
-# define SSL_NOT_EXP 0x00000001L
-# define SSL_EXPORT 0x00000002L
+# define SSL_NOT_EXP 0x00000001U
+# define SSL_EXPORT 0x00000002U
-# define SSL_STRONG_NONE 0x00000004L
-# define SSL_EXP40 0x00000008L
+# define SSL_STRONG_NONE 0x00000004U
+# define SSL_EXP40 0x00000008U
# define SSL_MICRO (SSL_EXP40)
-# define SSL_EXP56 0x00000010L
+# define SSL_EXP56 0x00000010U
# define SSL_MINI (SSL_EXP56)
-# define SSL_LOW 0x00000020L
-# define SSL_MEDIUM 0x00000040L
-# define SSL_HIGH 0x00000080L
-# define SSL_FIPS 0x00000100L
+# define SSL_LOW 0x00000020U
+# define SSL_MEDIUM 0x00000040U
+# define SSL_HIGH 0x00000080U
+# define SSL_FIPS 0x00000100U
-# define SSL_NOT_DEFAULT 0x00000200L
+# define SSL_NOT_DEFAULT 0x00000200U
/* we have used 000003ff - 22 bits left to go */
@@ -537,22 +537,22 @@
#define TLS_CIPHER_LEN 2
/* used to hold info on the particular ciphers used */
struct ssl_cipher_st {
- int valid;
- const char *name; /* text name */
- unsigned long id; /* id, 4 bytes, first is version */
+ uint32_t valid;
+ const char *name; /* text name */
+ uint32_t id; /* id, 4 bytes, first is version */
/*
- * changed in 0.9.9: these four used to be portions of a single value
+ * changed in 1.0.0: these four used to be portions of a single value
* 'algorithms'
*/
- unsigned long algorithm_mkey; /* key exchange algorithm */
- unsigned long algorithm_auth; /* server authentication */
- unsigned long algorithm_enc; /* symmetric encryption */
- unsigned long algorithm_mac; /* symmetric authentication */
- unsigned long algorithm_ssl; /* (major) protocol version */
- unsigned long algo_strength; /* strength and export flags */
- unsigned long algorithm2; /* Extra flags */
- int strength_bits; /* Number of bits really used */
- int alg_bits; /* Number of bits for algorithm */
+ uint32_t algorithm_mkey; /* key exchange algorithm */
+ uint32_t algorithm_auth; /* server authentication */
+ uint32_t algorithm_enc; /* symmetric encryption */
+ uint32_t algorithm_mac; /* symmetric authentication */
+ uint32_t algorithm_ssl; /* (major) protocol version */
+ uint32_t algo_strength; /* strength and export flags */
+ uint32_t algorithm2; /* Extra flags */
+ int32_t strength_bits; /* Number of bits really used */
+ uint32_t alg_bits; /* Number of bits for algorithm */
};
/* Used to hold SSL/TLS functions */
@@ -1308,12 +1308,12 @@ typedef struct ssl3_state_st {
* that are supported by the certs below. For clients they are masks of
* *disabled* algorithms based on the current session.
*/
- unsigned long mask_k;
- unsigned long mask_a;
- unsigned long export_mask_k;
- unsigned long export_mask_a;
+ uint32_t mask_k;
+ uint32_t mask_a;
+ uint32_t export_mask_k;
+ uint32_t export_mask_a;
/* Client only */
- unsigned long mask_ssl;
+ uint32_t mask_ssl;
} tmp;
/* Connection binding to prevent renegotiation attacks */
@@ -2062,7 +2062,7 @@ __owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
const EVP_MD *md);
__owur int tls12_get_sigid(const EVP_PKEY *pk);
__owur const EVP_MD *tls12_get_hash(unsigned char hash_alg);
-void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op);
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2db0d74..b31eae1 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3310,7 +3310,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const unsigned char *ptmp)
* disabled.
*/
-void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op)
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
{
const unsigned char *sigalgs;
size_t i, sigalgslen;
diff --git a/test/ssltest.c b/test/ssltest.c
index e951788..c46c211 100644
--- a/test/ssltest.c
+++ b/test/ssltest.c
@@ -3082,7 +3082,7 @@ static int do_test_cipherlist(void)
if (tci != NULL)
if (ci->id >= tci->id) {
fprintf(stderr, "testing SSLv3 cipher list order: ");
- fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+ fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
return 0;
}
tci = ci;
@@ -3094,7 +3094,7 @@ static int do_test_cipherlist(void)
if (tci != NULL)
if (ci->id >= tci->id) {
fprintf(stderr, "testing TLSv1 cipher list order: ");
- fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+ fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
return 0;
}
tci = ci;
More information about the openssl-commits
mailing list