Use uint32_t and int32_t for SSL_CIPHER structure.

Reviewed-by: N Andy Polyakov <appro@openssl.org>

Use uint32_t and int32_t for SSL_CIPHER structure.
Reviewed-by: N Andy Polyakov <appro@openssl.org>
90d9e49a · Dr. Stephen Henson · d99b0691 · 90d9e49a · 90d9e49a · 90d9e49a
7 changed file
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1380,10 +1380,10 @@ __owur int SSL_clear(SSL *s);
 void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);

 __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
+__owur int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits);
 __owur char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
 __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
-__owur unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
+__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);

 __owur int SSL_get_fd(const SSL *s);
 __owur int SSL_get_rfd(const SSL *s);

--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4763,9 +4763,9 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
 {
    SSL_CIPHER c;
    const SSL_CIPHER *cp;
-    unsigned long id;
+    uint32_t id;

-    id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
+    id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
    c.id = id;
    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
@@ -4915,7 +4915,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 {
    int ret = 0;
    int nostrict = 1;
-    unsigned long alg_k, alg_a = 0;
+    uint32_t alg_k, alg_a = 0;

    /* If we have custom certificate types set, use them */
    if (s->cert->ctypes) {

--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -173,7 +173,7 @@
 /* NB: make sure indices in these tables match values above */

 typedef struct {
-    unsigned long mask;
+    uint32_t mask;
    int nid;
 } ssl_cipher_table;

@@ -239,7 +239,7 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {

 /* Utility function for table lookup */
 static int ssl_cipher_info_find(const ssl_cipher_table * table,
-                                size_t table_cnt, unsigned long mask)
+                                size_t table_cnt, uint32_t mask)
 {
    size_t i;
    for (i = 0; i < table_cnt; i++, table++) {
@@ -463,10 +463,10 @@ static int get_optional_pkey_id(const char *pkey_name)
 #endif

 /* masks of disabled algorithms */
-static unsigned long disabled_enc_mask;
-static unsigned long disabled_mac_mask;
-static unsigned long disabled_mkey_mask;
-static unsigned long disabled_auth_mask;
+static uint32_t disabled_enc_mask;
+static uint32_t disabled_mac_mask;
+static uint32_t disabled_mkey_mask;
+static uint32_t disabled_auth_mask;

 void ssl_load_ciphers(void)
 {
@@ -745,11 +745,11 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,

 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                                       int num_of_ciphers,
-                                       unsigned long disabled_mkey,
-                                       unsigned long disabled_auth,
-                                       unsigned long disabled_enc,
-                                       unsigned long disabled_mac,
-                                       unsigned long disabled_ssl,
+                                       uint32_t disabled_mkey,
+                                       uint32_t disabled_auth,
+                                       uint32_t disabled_enc,
+                                       uint32_t disabled_mac,
+                                       uint32_t disabled_ssl,
                                       CIPHER_ORDER *co_list,
                                       CIPHER_ORDER **head_p,
                                       CIPHER_ORDER **tail_p)
@@ -813,21 +813,21 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,

 static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
                                       int num_of_group_aliases,
-                                       unsigned long disabled_mkey,
-                                       unsigned long disabled_auth,
-                                       unsigned long disabled_enc,
-                                       unsigned long disabled_mac,
-                                       unsigned long disabled_ssl,
+                                       uint32_t disabled_mkey,
+                                       uint32_t disabled_auth,
+                                       uint32_t disabled_enc,
+                                       uint32_t disabled_mac,
+                                       uint32_t disabled_ssl,
                                       CIPHER_ORDER *head)
 {
    CIPHER_ORDER *ciph_curr;
    const SSL_CIPHER **ca_curr;
    int i;
-    unsigned long mask_mkey = ~disabled_mkey;
-    unsigned long mask_auth = ~disabled_auth;
-    unsigned long mask_enc = ~disabled_enc;
-    unsigned long mask_mac = ~disabled_mac;
-    unsigned long mask_ssl = ~disabled_ssl;
+    uint32_t mask_mkey = ~disabled_mkey;
+    uint32_t mask_auth = ~disabled_auth;
+    uint32_t mask_enc = ~disabled_enc;
+    uint32_t mask_mac = ~disabled_mac;
+    uint32_t mask_ssl = ~disabled_ssl;

    /*
     * First, add the real ciphers as already collected
@@ -847,11 +847,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
     * or represent a cipher strength value (will be added in any case because algorithms=0).
     */
    for (i = 0; i < num_of_group_aliases; i++) {
-        unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
-        unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
-        unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
-        unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
-        unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
+        uint32_t algorithm_mkey = cipher_aliases[i].algorithm_mkey;
+        uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth;
+        uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc;
+        uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac;
+        uint32_t algorithm_ssl = cipher_aliases[i].algorithm_ssl;

        if (algorithm_mkey)
            if ((algorithm_mkey & mask_mkey) == 0)
@@ -880,14 +880,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
    *ca_curr = NULL;            /* end of list */
 }

-static void ssl_cipher_apply_rule(unsigned long cipher_id,
-                                  unsigned long alg_mkey,
-                                  unsigned long alg_auth,
-                                  unsigned long alg_enc,
-                                  unsigned long alg_mac,
-                                  unsigned long alg_ssl,
-                                  unsigned long algo_strength, int rule,
-                                  int strength_bits, CIPHER_ORDER **head_p,
+static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
+                                  uint32_t alg_auth, uint32_t alg_enc,
+                                  uint32_t alg_mac, uint32_t alg_ssl,
+                                  uint32_t algo_strength, int rule,
+                                  int32_t strength_bits, CIPHER_ORDER **head_p,
                                  CIPHER_ORDER **tail_p)
 {
    CIPHER_ORDER *head, *tail, *curr, *next, *last;
@@ -1024,7 +1021,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
                                    CIPHER_ORDER **tail_p)
 {
-    int max_strength_bits, i, *number_uses;
+    int32_t max_strength_bits;
+    int i, *number_uses;
    CIPHER_ORDER *curr;

    /*
@@ -1073,11 +1071,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                                      CIPHER_ORDER **tail_p,
                                      const SSL_CIPHER **ca_list, CERT *c)
 {
-    unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl,
-        algo_strength;
+    uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
    const char *l, *buf;
    int j, multi, found, rule, retval, ok, buflen;
-    unsigned long cipher_id = 0;
+    uint32_t cipher_id = 0;
    char ch;

    retval = 1;
@@ -1409,7 +1406,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
                                             const char *rule_str, CERT *c)
 {
    int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
-    unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
+    uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
        disabled_ssl;
    STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
    const char *rule_p;
@@ -1607,7 +1604,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
    int is_export, pkl, kl;
    const char *ver, *exp_str;
    const char *kx, *au, *enc, *mac;
-    unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
+    uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
    static const char *format =
        "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";

@@ -1829,19 +1826,19 @@ const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
 }

 /* number of bits for symmetric cipher */
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
+int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits)
 {
-    int ret = 0;
+    int32_t ret = 0;

    if (c != NULL) {
        if (alg_bits != NULL)
            *alg_bits = c->alg_bits;
        ret = c->strength_bits;
    }
-    return (ret);
+    return ret;
 }

-unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
+uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c)
 {
    return c->id;
 }
@@ -1970,7 +1967,7 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
 /* For a cipher return the index corresponding to the certificate type */
 int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
 {
-    unsigned long alg_k, alg_a;
+    uint32_t alg_k, alg_a;

    alg_k = c->algorithm_mkey;
    alg_a = c->algorithm_auth;

--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1224,25 +1224,21 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))

 int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
 {
-    long l;
-
-    l = a->id - b->id;
-    if (l == 0L)
-        return (0);
-    else
-        return ((l > 0) ? 1 : -1);
+    if (a->id > b->id)
+        return 1;
+    if (a->id < b->id)
+        return -1;
+    return 0;
 }

 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
                          const SSL_CIPHER *const *bp)
 {
-    long l;
-
-    l = (*ap)->id - (*bp)->id;
-    if (l == 0L)
-        return (0);
-    else
-        return ((l > 0) ? 1 : -1);
+    if ((*ap)->id > (*bp)->id)
+        return 1;
+    if ((*ap)->id < (*bp)->id)
+        return -1;
+    return 0;
 }

 /** return a STACK of the ciphers available for the SSL and in order of

--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -537,22 +537,22 @@
 #define TLS_CIPHER_LEN 2
 /* used to hold info on the particular ciphers used */
 struct ssl_cipher_st {
-    int valid;
-    const char *name;           /* text name */
-    unsigned long id;           /* id, 4 bytes, first is version */
+    uint32_t valid;
+    const char *name;        /* text name */
+    uint32_t id;             /* id, 4 bytes, first is version */
    /*
-     * changed in 0.9.9: these four used to be portions of a single value
+     * changed in 1.0.0: these four used to be portions of a single value
     * 'algorithms'
     */
-    unsigned long algorithm_mkey; /* key exchange algorithm */
-    unsigned long algorithm_auth; /* server authentication */
-    unsigned long algorithm_enc; /* symmetric encryption */
-    unsigned long algorithm_mac; /* symmetric authentication */
-    unsigned long algorithm_ssl; /* (major) protocol version */
-    unsigned long algo_strength; /* strength and export flags */
-    unsigned long algorithm2;   /* Extra flags */
-    int strength_bits;          /* Number of bits really used */
-    int alg_bits;               /* Number of bits for algorithm */
+    uint32_t algorithm_mkey; /* key exchange algorithm */
+    uint32_t algorithm_auth; /* server authentication */
+    uint32_t algorithm_enc;  /* symmetric encryption */
+    uint32_t algorithm_mac;  /* symmetric authentication */
+    uint32_t algorithm_ssl;  /* (major) protocol version */
+    uint32_t algo_strength;  /* strength and export flags */
+    uint32_t algorithm2;     /* Extra flags */
+    int32_t strength_bits;   /* Number of bits really used */
+    uint32_t alg_bits;       /* Number of bits for algorithm */
 };

 /* Used to hold SSL/TLS functions */
@@ -1308,12 +1308,12 @@ typedef struct ssl3_state_st {
         * that are supported by the certs below. For clients they are masks of
         * *disabled* algorithms based on the current session.
         */
-        unsigned long mask_k;
-        unsigned long mask_a;
-        unsigned long export_mask_k;
-        unsigned long export_mask_a;
+        uint32_t mask_k;
+        uint32_t mask_a;
+        uint32_t export_mask_k;
+        uint32_t export_mask_a;
        /* Client only */
-        unsigned long mask_ssl;
+        uint32_t mask_ssl;
    } tmp;

    /* Connection binding to prevent renegotiation attacks */
@@ -2062,7 +2062,7 @@ __owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
                         const EVP_MD *md);
 __owur int tls12_get_sigid(const EVP_PKEY *pk);
 __owur const EVP_MD *tls12_get_hash(unsigned char hash_alg);
-void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op);
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);

 __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
 __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);

--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3310,7 +3310,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const unsigned char *ptmp)
 * disabled.
 */

-void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op)
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
 {
    const unsigned char *sigalgs;
    size_t i, sigalgslen;

--- a/test/ssltest.c
+++ b/test/ssltest.c
@@ -3082,7 +3082,7 @@ static int do_test_cipherlist(void)
        if (tci != NULL)
            if (ci->id >= tci->id) {
                fprintf(stderr, "testing SSLv3 cipher list order: ");
-                fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+                fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
                return 0;
            }
        tci = ci;
@@ -3094,7 +3094,7 @@ static int do_test_cipherlist(void)
        if (tci != NULL)
            if (ci->id >= tci->id) {
                fprintf(stderr, "testing TLSv1 cipher list order: ");
-                fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+                fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
                return 0;
            }
        tci = ci;