Switch cipher masks to uint32_t.
These are all masks of some sort (except id which is a combined version and
cipher), so they should use fixed-size unsigned integers.
Change-Id: I058dd8ad231ee747df4b4fb17d9c1e2cbee21918
Reviewed-on: https://boringssl-review.googlesource.com/4283
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 44d761b..3ae0513 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -131,7 +131,7 @@
int dtls1_accept(SSL *s) {
BUF_MEM *buf = NULL;
void (*cb)(const SSL *ssl, int type, int val) = NULL;
- unsigned long alg_a;
+ uint32_t alg_a;
int ret = -1;
int new_state, state, skip = 0;
diff --git a/ssl/internal.h b/ssl/internal.h
index 360a3d4..e1a39da 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -417,9 +417,9 @@
* round-about way of checking the server's cipher was one of the advertised
* ones. (Currently it checks the masks and then the list of ciphers prior to
* applying the masks in ClientHello.) */
- unsigned long mask_k;
- unsigned long mask_a;
- unsigned long mask_ssl;
+ uint32_t mask_k;
+ uint32_t mask_a;
+ uint32_t mask_ssl;
DH *dh_tmp;
DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
@@ -667,7 +667,7 @@
size_t *out_fixed_iv_len,
const SSL_CIPHER *cipher, uint16_t version);
-int ssl_get_handshake_digest(size_t i, long *mask, const EVP_MD **md);
+int ssl_get_handshake_digest(size_t i, uint32_t *mask, const EVP_MD **md);
int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher);
int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher);
@@ -694,8 +694,8 @@
* authentication cipher suite masks compatible with the server configuration
* and current ClientHello parameters of |s|. It sets |*out_mask_k| to the key
* exchange mask and |*out_mask_a| to the authentication mask. */
-void ssl_get_compatible_server_ciphers(SSL *s, unsigned long *out_mask_k,
- unsigned long *out_mask_a);
+void ssl_get_compatible_server_ciphers(SSL *s, uint32_t *out_mask_k,
+ uint32_t *out_mask_a);
STACK_OF(SSL_CIPHER) * ssl_get_ciphers_by_id(SSL *s);
int ssl_verify_alarm_type(long type);
@@ -1008,7 +1008,7 @@
int ssl_add_clienthello_renegotiate_ext(SSL *s, uint8_t *p, int *len,
int maxlen);
int ssl_parse_clienthello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert);
-long ssl_get_algorithm2(SSL *s);
+uint32_t ssl_get_algorithm2(SSL *s);
int tls1_process_sigalgs(SSL *s, const CBS *sigalgs);
/* tls1_choose_signing_digest returns a digest for use with |pkey| based on the
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index eae6ff3..17cc1ad 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -738,7 +738,7 @@
CBS server_hello, server_random, session_id;
uint16_t server_version, cipher_suite;
uint8_t compression_method;
- unsigned long mask_ssl;
+ uint32_t mask_ssl;
n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
SSL3_ST_CR_SRVR_HELLO_B, SSL3_MT_SERVER_HELLO,
@@ -1623,8 +1623,8 @@
int ssl3_send_client_key_exchange(SSL *s) {
uint8_t *p;
int n = 0;
- unsigned long alg_k;
- unsigned long alg_a;
+ uint32_t alg_k;
+ uint32_t alg_a;
uint8_t *q;
EVP_PKEY *pkey = NULL;
EC_KEY *clnt_ecdh = NULL;
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 25ddbda..eed95f8 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -283,7 +283,7 @@
int ssl3_digest_cached_records(
SSL *s, enum should_free_handshake_buffer_t should_free_handshake_buffer) {
int i;
- long mask;
+ uint32_t mask;
const EVP_MD *md;
const uint8_t *hdata;
size_t hdatalen;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c9bc25b..9250916 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1137,7 +1137,7 @@
/* ssl3_get_cipher_by_value returns the cipher value of |c|. */
uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c) {
- unsigned long id = c->id;
+ uint32_t id = c->id;
/* All ciphers are SSLv3 now. */
assert((id & 0xff000000) == 0x03000000);
return id & 0xffff;
@@ -1168,7 +1168,7 @@
size_t i;
int ok;
size_t cipher_index;
- unsigned long alg_k, alg_a, mask_k, mask_a;
+ uint32_t alg_k, alg_a, mask_k, mask_a;
/* in_group_flags will either be NULL, or will point to an array of bytes
* which indicate equal-preference groups in the |prio| stack. See the
* comment about |in_group_flags| in the |ssl_cipher_preference_list_st|
@@ -1392,9 +1392,9 @@
/* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
* handshake macs if required. */
-long ssl_get_algorithm2(SSL *s) {
- static const unsigned long kMask = SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
- long alg2 = s->s3->tmp.new_cipher->algorithm2;
+uint32_t ssl_get_algorithm2(SSL *s) {
+ static const uint32_t kMask = SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
+ uint32_t alg2 = s->s3->tmp.new_cipher->algorithm2;
if (s->enc_method->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
(alg2 & kMask) == kMask) {
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 7e5461c..a46aa7a 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -152,7 +152,7 @@
struct handshake_digest {
- long mask;
+ uint32_t mask;
const EVP_MD *(*md_func)(void);
};
@@ -359,7 +359,7 @@
}
}
-int ssl_get_handshake_digest(size_t idx, long *mask, const EVP_MD **md) {
+int ssl_get_handshake_digest(size_t idx, uint32_t *mask, const EVP_MD **md) {
if (idx >= SSL_MAX_DIGEST) {
return 0;
}
@@ -489,9 +489,9 @@
}
static void ssl_cipher_apply_rule(
- unsigned long cipher_id, unsigned long alg_mkey, unsigned long alg_auth,
- unsigned long alg_enc, unsigned long alg_mac, unsigned long alg_ssl,
- unsigned long algo_strength, int rule, int strength_bits, int in_group,
+ uint32_t cipher_id, uint32_t alg_mkey, uint32_t alg_auth,
+ uint32_t alg_enc, uint32_t alg_mac, uint32_t alg_ssl,
+ uint32_t algo_strength, int rule, int strength_bits, int in_group,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) {
CIPHER_ORDER *head, *tail, *curr, *next, *last;
const SSL_CIPHER *cp;
@@ -647,10 +647,10 @@
CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p,
const SSL_CIPHER **ca_list) {
- unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
+ uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
const char *l, *buf;
int j, multi, found, rule, retval, ok, buflen, in_group = 0, has_group = 0;
- unsigned long cipher_id = 0;
+ uint32_t cipher_id = 0;
char ch;
retval = 1;
@@ -1131,7 +1131,7 @@
int len) {
const char *ver;
const char *kx, *au, *enc, *mac;
- unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
+ uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
alg_mkey = cipher->algorithm_mkey;
@@ -1434,7 +1434,7 @@
return ret;
}
-unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) { return c->id; }
+uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c) { return c->id; }
void *SSL_COMP_get_compression_methods(void) { return NULL; }
@@ -1444,7 +1444,7 @@
/* For a cipher return the index corresponding to the certificate type */
int ssl_cipher_get_cert_index(const SSL_CIPHER *c) {
- unsigned long alg_a = c->algorithm_auth;
+ uint32_t alg_a = c->algorithm_auth;
if (alg_a & SSL_aECDSA) {
return SSL_PKEY_ECC;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 4914924..230424e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1995,11 +1995,11 @@
return cpk->x509 && cpk->privatekey;
}
-void ssl_get_compatible_server_ciphers(SSL *s, unsigned long *out_mask_k,
- unsigned long *out_mask_a) {
+void ssl_get_compatible_server_ciphers(SSL *s, uint32_t *out_mask_k,
+ uint32_t *out_mask_a) {
CERT *c = s->cert;
int rsa_enc, rsa_sign, dh_tmp;
- unsigned long mask_k, mask_a;
+ uint32_t mask_k, mask_a;
int have_ecc_cert, ecdsa_ok;
int have_ecdh_tmp;
X509 *x;
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index f3154cd..8521de5 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -226,7 +226,7 @@
const uint8_t *seed2, size_t seed2_len) {
size_t idx, len, count, i;
const uint8_t *S1;
- long m;
+ uint32_t m;
const EVP_MD *md;
int ret = 0;
uint8_t *tmp;
@@ -755,7 +755,7 @@
EVP_MD_CTX ctx;
int err = 0, len = 0;
size_t i;
- long mask;
+ uint32_t mask;
EVP_MD_CTX_init(&ctx);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 5892c2c..fcf2b04 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -793,7 +793,7 @@
if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s)) {
size_t i;
- unsigned long alg_k, alg_a;
+ uint32_t alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
@@ -1107,8 +1107,8 @@
uint8_t *orig = buf;
uint8_t *ret = buf;
int next_proto_neg_seen;
- unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
- unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+ uint32_t alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+ uint32_t alg_a = s->s3->tmp.new_cipher->algorithm_auth;
int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->s3->tmp.peer_ecpointformatlist != NULL);
@@ -1979,8 +1979,8 @@
/* If we are client and using an elliptic curve cryptography cipher suite,
* then if server returns an EC point formats lists extension it must contain
* uncompressed. */
- unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
- unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+ uint32_t alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+ uint32_t alg_a = s->s3->tmp.new_cipher->algorithm_auth;
if (((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) &&
!tls1_check_point_format(s, TLSEXT_ECPOINTFORMAT_uncompressed)) {
OPENSSL_PUT_ERROR(SSL, ssl_check_serverhello_tlsext,
