forked from wolfSSL/wolfssl
cyassl_int warning changes, submitted by Kevin Baca
This commit is contained in:
Todd A Ouska
@@ -470,11 +470,11 @@ struct BIO {
|
|||||||
/* OpenSSL method type */
|
/* OpenSSL method type */
|
||||||
struct SSL_METHOD {
|
struct SSL_METHOD {
|
||||||
ProtocolVersion version;
|
ProtocolVersion version;
|
||||||
int side; /* connection side, server or client */
|
byte side; /* connection side, server or client */
|
||||||
int verifyPeer; /* request or send certificate */
|
byte verifyPeer; /* request or send certificate */
|
||||||
int verifyNone; /* whether to verify certificate */
|
byte verifyNone; /* whether to verify certificate */
|
||||||
int failNoCert; /* fail if no certificate */
|
byte failNoCert; /* fail if no certificate */
|
||||||
int downgrade; /* whether to downgrade version, default no */
|
byte downgrade; /* whether to downgrade version, default no */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -156,6 +156,8 @@ void c32to24(word32 in, word24 out)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef CYASLS_DTLS
|
||||||
|
|
||||||
static INLINE void c32to48(word32 in, byte out[6])
|
static INLINE void c32to48(word32 in, byte out[6])
|
||||||
{
|
{
|
||||||
out[0] = 0;
|
out[0] = 0;
|
||||||
@@ -166,6 +168,8 @@ static INLINE void c32to48(word32 in, byte out[6])
|
|||||||
out[5] = in & 0xff;
|
out[5] = in & 0xff;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif /* CYASSL_DTLS */
|
||||||
|
|
||||||
|
|
||||||
/* convert 16 bit integer to opaque */
|
/* convert 16 bit integer to opaque */
|
||||||
static INLINE void c16toa(word16 u16, byte* c)
|
static INLINE void c16toa(word16 u16, byte* c)
|
||||||
@@ -201,6 +205,8 @@ static INLINE void ato16(const byte* c, word16* u16)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef CYASSL_DTLS
|
||||||
|
|
||||||
/* convert opaque to 32 bit integer */
|
/* convert opaque to 32 bit integer */
|
||||||
static INLINE void ato32(const byte* c, word32* u32)
|
static INLINE void ato32(const byte* c, word32* u32)
|
||||||
{
|
{
|
||||||
@@ -208,6 +214,8 @@ static INLINE void ato32(const byte* c, word32* u32)
|
|||||||
*u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
|
*u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif /* CYASSL_DTLS */
|
||||||
|
|
||||||
|
|
||||||
#ifdef HAVE_LIBZ
|
#ifdef HAVE_LIBZ
|
||||||
|
|
||||||
@@ -397,7 +405,7 @@ void FreeSSL_Ctx(SSL_CTX* ctx)
|
|||||||
void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
||||||
byte haveNTRU, byte haveECDSA, int side)
|
byte haveNTRU, byte haveECDSA, int side)
|
||||||
{
|
{
|
||||||
word32 idx = 0;
|
word16 idx = 0;
|
||||||
int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
|
int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
|
||||||
int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
|
int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
|
||||||
int haveRSA = 1;
|
int haveRSA = 1;
|
||||||
@@ -653,7 +661,7 @@ int InitSSL(SSL* ssl, SSL_CTX* ctx)
|
|||||||
ssl->buffers.prevSent = 0;
|
ssl->buffers.prevSent = 0;
|
||||||
ssl->buffers.plainSz = 0;
|
ssl->buffers.plainSz = 0;
|
||||||
|
|
||||||
if ( (ret = InitRng(&ssl->rng)) )
|
if ( (ret = InitRng(&ssl->rng)) != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
InitMd5(&ssl->hashMd5);
|
InitMd5(&ssl->hashMd5);
|
||||||
@@ -1401,9 +1409,10 @@ static void BuildFinished(SSL* ssl, Hashes* hashes, const byte* sender)
|
|||||||
/* store current states, building requires get_digest which resets state */
|
/* store current states, building requires get_digest which resets state */
|
||||||
Md5 md5 = ssl->hashMd5;
|
Md5 md5 = ssl->hashMd5;
|
||||||
Sha sha = ssl->hashSha;
|
Sha sha = ssl->hashSha;
|
||||||
|
const int isTls1_2 = IsAtLeastTLSv1_2(ssl);
|
||||||
#ifndef NO_SHA256
|
#ifndef NO_SHA256
|
||||||
Sha256 sha256;
|
Sha256 sha256;
|
||||||
if (IsAtLeastTLSv1_2(ssl))
|
if (isTls1_2)
|
||||||
sha256 = ssl->hashSha256;
|
sha256 = ssl->hashSha256;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -1418,7 +1427,7 @@ static void BuildFinished(SSL* ssl, Hashes* hashes, const byte* sender)
|
|||||||
ssl->hashMd5 = md5;
|
ssl->hashMd5 = md5;
|
||||||
ssl->hashSha = sha;
|
ssl->hashSha = sha;
|
||||||
#ifndef NO_SHA256
|
#ifndef NO_SHA256
|
||||||
if (IsAtLeastTLSv1_2(ssl))
|
if (isTls1_2)
|
||||||
ssl->hashSha256 = sha256;
|
ssl->hashSha256 = sha256;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@@ -2392,7 +2401,7 @@ static void Hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
|
|||||||
byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
|
byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
|
||||||
const byte* macSecret = GetMacSecret(ssl, verify);
|
const byte* macSecret = GetMacSecret(ssl, verify);
|
||||||
|
|
||||||
conLen[0] = content;
|
conLen[0] = (byte)content;
|
||||||
c16toa((word16)sz, &conLen[ENUM_LEN]);
|
c16toa((word16)sz, &conLen[ENUM_LEN]);
|
||||||
c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]);
|
c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]);
|
||||||
|
|
||||||
@@ -2472,9 +2481,10 @@ static void BuildCertHashes(SSL* ssl, Hashes* hashes)
|
|||||||
/* store current states, building requires get_digest which resets state */
|
/* store current states, building requires get_digest which resets state */
|
||||||
Md5 md5 = ssl->hashMd5;
|
Md5 md5 = ssl->hashMd5;
|
||||||
Sha sha = ssl->hashSha;
|
Sha sha = ssl->hashSha;
|
||||||
|
const int isTls1_2 = IsAtLeastTLSv1_2(ssl);
|
||||||
#ifndef NO_SHA256 /* for possible future changes */
|
#ifndef NO_SHA256 /* for possible future changes */
|
||||||
Sha256 sha256;
|
Sha256 sha256;
|
||||||
if (IsAtLeastTLSv1_2(ssl))
|
if (isTls1_2)
|
||||||
sha256 = ssl->hashSha256;
|
sha256 = ssl->hashSha256;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -2491,7 +2501,7 @@ static void BuildCertHashes(SSL* ssl, Hashes* hashes)
|
|||||||
ssl->hashMd5 = md5;
|
ssl->hashMd5 = md5;
|
||||||
ssl->hashSha = sha;
|
ssl->hashSha = sha;
|
||||||
#ifndef NO_SHA256
|
#ifndef NO_SHA256
|
||||||
if (IsAtLeastTLSv1_2(ssl))
|
if (isTls1_2)
|
||||||
ssl->hashSha256 = sha256;
|
ssl->hashSha256 = sha256;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@@ -2531,8 +2541,8 @@ static int BuildMessage(SSL* ssl, byte* output, const byte* input, int inSz,
|
|||||||
sz += pad;
|
sz += pad;
|
||||||
}
|
}
|
||||||
|
|
||||||
size = sz - headerSz; /* include mac and digest */
|
size = (word16)(sz - headerSz); /* include mac and digest */
|
||||||
AddRecordHeader(output, size, type, ssl);
|
AddRecordHeader(output, size, (byte)type, ssl);
|
||||||
|
|
||||||
/* write to output */
|
/* write to output */
|
||||||
if (ivSz) {
|
if (ivSz) {
|
||||||
@@ -2548,8 +2558,9 @@ static int BuildMessage(SSL* ssl, byte* output, const byte* input, int inSz,
|
|||||||
idx += digestSz;
|
idx += digestSz;
|
||||||
|
|
||||||
if (ssl->specs.cipher_type == block)
|
if (ssl->specs.cipher_type == block)
|
||||||
for (i = 0; i <= pad; i++) output[idx++] = pad; /* pad byte gets */
|
for (i = 0; i <= pad; i++)
|
||||||
/* pad value too */
|
output[idx++] = (byte)pad; /* pad byte gets pad value too */
|
||||||
|
|
||||||
Encrypt(ssl, output + headerSz, output + headerSz, size);
|
Encrypt(ssl, output + headerSz, output + headerSz, size);
|
||||||
|
|
||||||
return sz;
|
return sz;
|
||||||
@@ -2734,7 +2745,7 @@ int SendCertificateRequest(SSL* ssl)
|
|||||||
AddHeaders(output, reqSz, certificate_request, ssl);
|
AddHeaders(output, reqSz, certificate_request, ssl);
|
||||||
|
|
||||||
/* write to output */
|
/* write to output */
|
||||||
output[i++] = typeTotal; /* # of types */
|
output[i++] = (byte)typeTotal; /* # of types */
|
||||||
output[i++] = rsa_sign;
|
output[i++] = rsa_sign;
|
||||||
|
|
||||||
/* supported hash/sig */
|
/* supported hash/sig */
|
||||||
@@ -2935,8 +2946,8 @@ int SendAlert(SSL* ssl, int severity, int type)
|
|||||||
output = ssl->buffers.outputBuffer.buffer +
|
output = ssl->buffers.outputBuffer.buffer +
|
||||||
ssl->buffers.outputBuffer.idx;
|
ssl->buffers.outputBuffer.idx;
|
||||||
|
|
||||||
input[0] = severity;
|
input[0] = (byte)severity;
|
||||||
input[1] = type;
|
input[1] = (byte)type;
|
||||||
|
|
||||||
if (ssl->keys.encryptionOn)
|
if (ssl->keys.encryptionOn)
|
||||||
sendSz = BuildMessage(ssl, output, input, ALERT_SIZE, alert);
|
sendSz = BuildMessage(ssl, output, input, ALERT_SIZE, alert);
|
||||||
@@ -3500,7 +3511,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
|
|||||||
ctx->suites.suites[idx++] = ECC_BYTE; /* ECC suite */
|
ctx->suites.suites[idx++] = ECC_BYTE; /* ECC suite */
|
||||||
else
|
else
|
||||||
ctx->suites.suites[idx++] = 0x00; /* normal */
|
ctx->suites.suites[idx++] = 0x00; /* normal */
|
||||||
ctx->suites.suites[idx++] = cipher_name_idx[i];
|
ctx->suites.suites[idx++] = (byte)cipher_name_idx[i];
|
||||||
|
|
||||||
if (!ret) ret = 1; /* found at least one */
|
if (!ret) ret = 1; /* found at least one */
|
||||||
break;
|
break;
|
||||||
@@ -3511,7 +3522,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
|
|||||||
|
|
||||||
if (ret) {
|
if (ret) {
|
||||||
ctx->suites.setSuites = 1;
|
ctx->suites.setSuites = 1;
|
||||||
ctx->suites.suiteSz = idx;
|
ctx->suites.suiteSz = (word16)idx;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
@@ -3718,7 +3729,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
|
|||||||
idx += RAN_LEN;
|
idx += RAN_LEN;
|
||||||
|
|
||||||
/* then session id */
|
/* then session id */
|
||||||
output[idx++] = idSz;
|
output[idx++] = (byte)idSz;
|
||||||
if (idSz) {
|
if (idSz) {
|
||||||
XMEMCPY(output + idx, ssl->session.sessionID, ID_LEN);
|
XMEMCPY(output + idx, ssl->session.sessionID, ID_LEN);
|
||||||
idx += ID_LEN;
|
idx += ID_LEN;
|
||||||
@@ -3918,12 +3929,12 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int DoServerKeyExchange(SSL* ssl, const byte* input, word32*
|
static int DoServerKeyExchange(SSL* ssl, const byte* input,
|
||||||
inOutIdx)
|
word32* inOutIdx)
|
||||||
{
|
{
|
||||||
word16 sigLen;
|
word16 sigLen;
|
||||||
word16 verifySz;
|
word16 verifySz;
|
||||||
word16 length;
|
word16 length = 0;
|
||||||
byte* signature;
|
byte* signature;
|
||||||
|
|
||||||
(void)length;
|
(void)length;
|
||||||
@@ -3933,7 +3944,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
|
|||||||
signature = 0;
|
signature = 0;
|
||||||
|
|
||||||
/* keep start idx */
|
/* keep start idx */
|
||||||
verifySz = *inOutIdx;
|
verifySz = (word16)*inOutIdx;
|
||||||
|
|
||||||
#ifdef CYASSL_CALLBACKS
|
#ifdef CYASSL_CALLBACKS
|
||||||
if (ssl->hsInfoOn)
|
if (ssl->hsInfoOn)
|
||||||
@@ -4037,7 +4048,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
|
|||||||
byte messageVerify[MAX_DH_SZ];
|
byte messageVerify[MAX_DH_SZ];
|
||||||
|
|
||||||
/* adjust from start idx */
|
/* adjust from start idx */
|
||||||
verifySz = *inOutIdx - verifySz;
|
verifySz = (word16)(*inOutIdx - verifySz);
|
||||||
|
|
||||||
/* save message for hash verify */
|
/* save message for hash verify */
|
||||||
if (verifySz > sizeof(messageVerify))
|
if (verifySz > sizeof(messageVerify))
|
||||||
@@ -4128,8 +4139,9 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
}
|
}
|
||||||
#endif /* HAVE_OPENSSL or HAVE_ECC */
|
#else /* HAVE_OPENSSL or HAVE_ECC */
|
||||||
return NOT_COMPILED_IN; /* not supported by build */
|
return NOT_COMPILED_IN; /* not supported by build */
|
||||||
|
#endif /* HAVE_OPENSSL or HAVE_ECC */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -4163,7 +4175,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
|
|||||||
buffer serverG = ssl->buffers.serverDH_G;
|
buffer serverG = ssl->buffers.serverDH_G;
|
||||||
buffer serverPub = ssl->buffers.serverDH_Pub;
|
buffer serverPub = ssl->buffers.serverDH_Pub;
|
||||||
byte priv[ENCRYPT_LEN];
|
byte priv[ENCRYPT_LEN];
|
||||||
word32 privSz;
|
word32 privSz = 0;
|
||||||
DhKey key;
|
DhKey key;
|
||||||
|
|
||||||
if (serverP.buffer == 0 || serverG.buffer == 0 ||
|
if (serverP.buffer == 0 || serverG.buffer == 0 ||
|
||||||
@@ -4780,10 +4792,10 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
|
|||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
if (ssl->specs.kea == diffie_hellman_kea) {
|
if (ssl->specs.kea == diffie_hellman_kea) {
|
||||||
byte *output;
|
byte *output;
|
||||||
word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
|
word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
|
||||||
int sendSz;
|
int sendSz;
|
||||||
word32 sigSz, i = 0;
|
word32 sigSz = 0, i = 0;
|
||||||
word32 preSigSz, preSigIdx;
|
word32 preSigSz = 0, preSigIdx = 0;
|
||||||
RsaKey rsaKey;
|
RsaKey rsaKey;
|
||||||
DhKey dhKey;
|
DhKey dhKey;
|
||||||
|
|
||||||
@@ -4899,7 +4911,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
|
|||||||
output[idx++] = ssl->specs.sig_algo;
|
output[idx++] = ssl->specs.sig_algo;
|
||||||
}
|
}
|
||||||
/* size */
|
/* size */
|
||||||
c16toa(sigSz, output + idx);
|
c16toa((word16)sigSz, output + idx);
|
||||||
idx += LENGTH_SZ;
|
idx += LENGTH_SZ;
|
||||||
|
|
||||||
/* do signature */
|
/* do signature */
|
||||||
|
|||||||
Reference in New Issue
Block a user