From d270de322c7bfb9c1e7509fbc24e3bf6fde713e6 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 7 Dec 2016 17:21:48 +0000 Subject: [PATCH 1/1] Change TLSEXT_IDX_* values into an enum Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz Reviewed-by: Richard Levitte --- ssl/ssl_locl.h | 38 +++++++++++++++++++----------------- ssl/statem/extensions.c | 17 ++++++++-------- ssl/statem/extensions_srvr.c | 2 +- 3 files changed, 29 insertions(+), 28 deletions(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index e2a2ff16b1..c18fec33a6 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1650,24 +1650,26 @@ typedef struct raw_extension_st { * Extension index values NOTE: Any updates to these defines should be mirrored * with equivalent updates to ext_defs in extensions.c */ -#define TLSEXT_IDX_renegotiate 0 -#define TLSEXT_IDX_server_name 1 -#define TLSEXT_IDX_srp 2 -#define TLSEXT_IDX_ec_point_formats 3 -#define TLSEXT_IDX_supported_groups 4 -#define TLSEXT_IDX_session_ticket 5 -#define TLSEXT_IDX_signature_algorithms 6 -#define TLSEXT_IDX_status_request 7 -#define TLSEXT_IDX_next_proto_neg 8 -#define TLSEXT_IDX_application_layer_protocol_negotiation 9 -#define TLSEXT_IDX_use_srtp 10 -#define TLSEXT_IDX_encrypt_then_mac 11 -#define TLSEXT_IDX_signed_certificate_timestamp 12 -#define TLSEXT_IDX_extended_master_secret 13 -#define TLSEXT_IDX_supported_versions 14 -#define TLSEXT_IDX_key_share 15 -#define TLSEXT_IDX_cryptopro_bug 16 -#define TLSEXT_IDX_padding 17 +typedef enum tlsext_index_en { + TLSEXT_IDX_renegotiate, + TLSEXT_IDX_server_name, + TLSEXT_IDX_srp, + TLSEXT_IDX_ec_point_formats, + TLSEXT_IDX_supported_groups, + TLSEXT_IDX_session_ticket, + TLSEXT_IDX_signature_algorithms, + TLSEXT_IDX_status_request, + TLSEXT_IDX_next_proto_neg, + TLSEXT_IDX_application_layer_protocol_negotiation, + TLSEXT_IDX_use_srtp, + TLSEXT_IDX_encrypt_then_mac, + TLSEXT_IDX_signed_certificate_timestamp, + TLSEXT_IDX_extended_master_secret, + TLSEXT_IDX_supported_versions, + TLSEXT_IDX_key_share, + TLSEXT_IDX_cryptopro_bug, + TLSEXT_IDX_padding +} TLSEXT_INDEX; #define MAX_COMPRESSIONS_SIZE 255 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 51f8965606..5c0dda411d 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -260,7 +260,7 @@ static int verify_extension(SSL *s, unsigned int context, unsigned int type, { size_t i; size_t builtin_num = OSSL_NELEM(ext_defs); - EXTENSION_DEFINITION *thisext; + const EXTENSION_DEFINITION *thisext; for (i = 0, thisext = ext_defs; i < builtin_num; i++, thisext++) { if (type == thisext->type) { @@ -344,11 +344,10 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, RAW_EXTENSION **res, int *al) { PACKET extensions = *packet; - size_t i = 0, idx; - int found = 0; + size_t i = 0; custom_ext_methods *exts = NULL; RAW_EXTENSION *raw_extensions = NULL; - EXTENSION_DEFINITION *thisexd; + const EXTENSION_DEFINITION *thisexd; /* * Initialise server side custom extensions. Client side is done during @@ -427,7 +426,7 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, * or 0 on failure. In the event of a failure |*al| is populated with a suitable * alert code. If an extension is not present this counted as success. */ -int tls_parse_extension(SSL *s, unsigned int idx, int context, +int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, RAW_EXTENSION *exts, int *al) { RAW_EXTENSION *currext = &exts[idx]; @@ -497,7 +496,7 @@ int tls_parse_extension(SSL *s, unsigned int idx, int context, int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, int *al) { size_t i, numexts = OSSL_NELEM(ext_defs); - EXTENSION_DEFINITION *thisexd; + const EXTENSION_DEFINITION *thisexd; /* Calculate the number of extensions in the extensions list */ if ((context & EXT_CLIENT_HELLO) != 0) { @@ -508,7 +507,7 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, int *al) /* Parse each extension in turn */ for (i = 0; i < numexts; i++) { - if (!tls_parse_extension(s, loop, context, exts, al)) + if (!tls_parse_extension(s, i, context, exts, al)) return 0; } @@ -537,7 +536,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, { size_t i; int addcustom = 0, min_version, max_version = 0, reason, tmpal; - EXTENSION_DEFINITION *thisexd; + const EXTENSION_DEFINITION *thisexd; /* * Normally if something goes wrong during construction it's an internal @@ -591,7 +590,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, int (*construct)(SSL *s, WPACKET *pkt, int *al); /* Skip if not relevant for our context */ - if ((ext_defs[loop].context & context) == 0) + if ((thisexd->context & context) == 0) continue; construct = s->server ? thisexd->construct_stoc diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 9763c47ed3..1eeae096d6 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -413,7 +413,7 @@ int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, int *al) * does nothing. */ for (i = 0; i < srtp_pref; i++) { - const SRTP_PROTECTION_PROFILE *sprof = + SRTP_PROTECTION_PROFILE *sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); if (sprof->id == id) { -- 2.34.1