X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fssl_ciph.c;h=ce73213b127f788f3117da9de461734a591e3895;hb=d3093944472b202c6df10a37d6bb06318f2fcf14;hp=04294e2f865811cb6baadc629d7a0a9da9d480d7;hpb=82fc1d9c28e834549f61e4c91b3f6bbdf4c48153;p=oweals%2Fopenssl.git diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 04294e2f86..ce73213b12 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -518,7 +518,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, curr = curr->next; } - number_uses = Malloc((max_strength_bits + 1) * sizeof(int)); + number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); if (!number_uses) { SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); @@ -545,7 +545,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, list, head_p, tail_p); - Free(number_uses); + OPENSSL_free(number_uses); return(1); } @@ -607,8 +607,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str, if (buflen == 0) { /* - * We hit something, we cannot deal with, - * it is no command or seperator nor + * We hit something we cannot deal with, + * it is no command or separator nor * alphanumeric, so we call this an error. */ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, @@ -620,6 +620,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, if (rule == CIPHER_SPECIAL) { + found = 0; /* unused -- avoid compiler warning */ break; /* special treatment */ } @@ -633,12 +634,12 @@ static int ssl_cipher_process_rulestr(const char *rule_str, multi=0; /* - * Now search for the name in the ca_list. Be carefule + * Now search for the cipher alias in the ca_list. Be careful * with the strncmp, because the "buflen" limitation * will make the rule "ADH:SOME" and the cipher * "ADH-MY-CIPHER" look like a match for buflen=3. - * So additionally check, whether the cipher name found - * has the correct length. We can save a strlen() call, + * So additionally check whether the cipher name found + * has the correct length. We can save a strlen() call: * just checking for the '\0' at the right place is * sufficient, we have to strncmp() anyway. */ @@ -665,42 +666,42 @@ static int ssl_cipher_process_rulestr(const char *rule_str, if (!multi) break; } + /* + * Ok, we have the rule, now apply it + */ + if (rule == CIPHER_SPECIAL) + { /* special command */ + ok = 0; + if ((buflen == 8) && + !strncmp(buf, "STRENGTH", 8)) + ok = ssl_cipher_strength_sort(list, + head_p, tail_p); + else + SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, + SSL_R_INVALID_COMMAND); + if (ok == 0) + retval = 0; /* - * Ok, we have the rule, now apply it + * We do not support any "multi" options + * together with "@", so throw away the + * rest of the command, if any left, until + * end or ':' is found. */ - if (rule == CIPHER_SPECIAL) - { /* special command */ - ok = 0; - if ((buflen == 8) && - !strncmp(buf, "STRENGTH", 8)) - ok = ssl_cipher_strength_sort(list, - head_p, tail_p); - else - SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, - SSL_R_INVALID_COMMAND); - if (ok == 0) - retval = 0; - /* - * We do not support any "multi" options - * together with "@", so throw away the - * rest of the command, if any left, until - * end or ':' is found. - */ - while ((*l != '\0') && ITEM_SEP(*l)) - l++; - } - else if (found) - { - ssl_cipher_apply_rule(algorithms, mask, - algo_strength, mask_strength, rule, -1, - list, head_p, tail_p); - } - else - { - while ((*l != '\0') && ITEM_SEP(*l)) - l++; - } - if (*l == '\0') break; /* done */ + while ((*l != '\0') && ITEM_SEP(*l)) + l++; + } + else if (found) + { + ssl_cipher_apply_rule(algorithms, mask, + algo_strength, mask_strength, rule, -1, + list, head_p, tail_p); + } + else + { + while ((*l != '\0') && ITEM_SEP(*l)) + l++; + } + if (*l == '\0') break; /* done */ } return(retval); @@ -737,7 +738,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, * it is used for allocation. */ num_of_ciphers = ssl_method->num_ciphers(); - list = (CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); + list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); if (list == NULL) { SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); @@ -752,16 +753,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, * There might be two types of entries in the rule_str: 1) names * of ciphers themselves 2) aliases for groups of ciphers. * For 1) we need the available ciphers and for 2) the cipher - * groups of cipher_aliases added togehter in one list (otherwise + * groups of cipher_aliases added together in one list (otherwise * we would be happy with just the cipher_aliases table). */ num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = - (SSL_CIPHER **)Malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); + (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); if (ca_list == NULL) { - Free(list); + OPENSSL_free(list); SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ } @@ -787,11 +788,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail, ca_list); - Free(ca_list); /* Not needed anymore */ + OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ - Free(list); + OPENSSL_free(list); return(NULL); } /* @@ -800,7 +801,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ if ((cipherstack = sk_SSL_CIPHER_new(NULL)) == NULL) { - Free(list); + OPENSSL_free(list); return(NULL); } @@ -818,7 +819,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, #endif } } - Free(list); /* Not needed any longer */ + OPENSSL_free(list); /* Not needed any longer */ /* * The following passage is a little bit odd. If pointer variables @@ -844,7 +845,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, /* * Now it is getting really strange. If something failed during - * the previous pointer assignement or if one of the pointers was + * the previous pointer assignment or if one of the pointers was * not requested, the error condition is met. That might be * discussable. The strange thing is however that in this case * the memory "ret" pointed to is "free()ed" and hence the pointer @@ -974,13 +975,14 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) if (buf == NULL) { - buf=Malloc(128); - if (buf == NULL) return("Malloc Error"); + len=128; + buf=OPENSSL_malloc(len); + if (buf == NULL) return("OPENSSL_malloc Error"); } else if (len < 128) return("Buffer too small"); - sprintf(buf,format,cipher->name,ver,kx,au,enc,mac,exp); + BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); return(buf); } @@ -1006,7 +1008,7 @@ const char *SSL_CIPHER_get_name(SSL_CIPHER *c) return("(NONE)"); } -/* number of bits for symetric cipher */ +/* number of bits for symmetric cipher */ int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits) { int ret=0; @@ -1035,7 +1037,8 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) return(NULL); } -static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b) +static int sk_comp_cmp(const SSL_COMP * const *a, + const SSL_COMP * const *b) { return((*a)->id-(*b)->id); } @@ -1050,7 +1053,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) SSL_COMP *comp; STACK_OF(SSL_COMP) *sk; - comp=(SSL_COMP *)Malloc(sizeof(SSL_COMP)); + comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); comp->id=id; comp->method=cm; if (ssl_comp_methods == NULL)