Use uint32_t consistently for flags.

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 65ff0218d71b577c49076287b2916a9a42e16f6d..819e7306f127568db8b6d162d8addb7a6586f54a 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -124,11 +124,11 @@ struct ssl_conf_ctx_st {
     SSL_CTX *ctx;
     SSL *ssl;
     /* Pointer to SSL or SSL_CTX options field or NULL if none */
-    unsigned long *poptions;
+    uint32_t *poptions;
     /* Certificate filenames for each type */
     char *cert_filename[SSL_PKEY_NUM];
     /* Pointer to SSL or SSL_CTX cert_flags or NULL if none */
-    unsigned int *pcert_flags;
+    uint32_t *pcert_flags;
     /* Current flag table being worked on */
     const ssl_flag_tbl *tbl;
     /* Size of table */

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ceba30f83c1e7b893f1cb119b78a51b6427f1c27..d20d95be7080a12fa5f74e5e3484a627f8e3b182 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1937,7 +1937,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
 {
     CERT_PKEY *cpk;
     CERT *c = s->cert;
-    int *pvalid = s->s3->tmp.valid_flags;
+    uint32_t *pvalid = s->s3->tmp.valid_flags;
     int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
     int rsa_enc_export, dh_rsa_export, dh_dsa_export;
     int rsa_tmp_export, dh_tmp_export, kl;

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 3507d9ab40a6b24e18d1012ec8ce940255ae2d7d..2672918ba6b2f11c4235ba0d996a612ec129c62d 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -662,7 +662,7 @@ struct ssl_session_st {
 # ifndef OPENSSL_NO_SRP
     char *srp_username;
 # endif
-    long flags;
+    uint32_t flags;
 };
 
 /* Extended master secret support */
@@ -720,7 +720,7 @@ struct ssl_ctx_st {
      * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
      * means only SSL_accept which cache SSL_SESSIONS.
      */
-    int session_cache_mode;
+    uint32_t session_cache_mode;
     /*
      * If timeout is not 0, it is the default timeout value set when
      * SSL_new() is called.  This has been put in to make life easier to set
@@ -806,8 +806,8 @@ struct ssl_ctx_st {
      * SSL_new)
      */
 
-    unsigned long options;
-    unsigned long mode;
+    uint32_t options;
+    uint32_t mode;
     long max_cert_list;
 
     struct cert_st /* CERT */ *cert;
@@ -818,7 +818,7 @@ struct ssl_ctx_st {
                           const void *buf, size_t len, SSL *ssl, void *arg);
     void *msg_callback_arg;
 
-    int verify_mode;
+    uint32_t verify_mode;
     unsigned int sid_ctx_length;
     unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
     /* called 'verify_callback' in the SSL */
@@ -1019,7 +1019,7 @@ struct ssl_st {
      * These are the ones being used, the ones in SSL_SESSION are the ones to
      * be 'copied' into these ones
      */
-    int mac_flags;
+    uint32_t mac_flags;
     EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
     EVP_MD_CTX *read_hash;      /* used for mac generation */
     COMP_CTX *compress;         /* compression */
@@ -1045,7 +1045,7 @@ struct ssl_st {
      * 0 don't care about verify failure.
      * 1 fail if verify fails
      */
-    int verify_mode;
+    uint32_t verify_mode;
     /* fail if callback returns 0 */
     int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
     /* optional informational callback */
@@ -1077,9 +1077,9 @@ struct ssl_st {
     STACK_OF(X509_NAME) *client_CA;
     int references;
     /* protocol behaviour */
-    unsigned long options;
+    uint32_t options;
     /* API behaviour */
-    unsigned long mode;
+    uint32_t mode;
     long max_cert_list;
     int first_packet;
     /* what was passed, used for SSLv3/TLS rollback check */
@@ -1287,7 +1287,7 @@ typedef struct ssl3_state_st {
          * SSL session: e.g. appropriate curve, signature algorithms etc.
          * If zero it can't be used at all.
          */
-        int valid_flags[SSL_PKEY_NUM];
+        uint32_t valid_flags[SSL_PKEY_NUM];
         /*
          * For servers the following masks are for the key and auth algorithms
          * that are supported by the certs below. For clients they are masks of
@@ -1475,7 +1475,7 @@ typedef struct {
      * Per-connection flags relating to this extension type: not used if
      * part of an SSL_CTX structure.
      */
-    unsigned short ext_flags;
+    uint32_t ext_flags;
     custom_ext_add_cb add_cb;
     custom_ext_free_cb free_cb;
     void *add_arg;
@@ -1526,7 +1526,7 @@ typedef struct cert_st {
     int ecdh_tmp_auto;
 # endif
     /* Flags related to certificates */
-    unsigned int cert_flags;
+    uint32_t cert_flags;
     CERT_PKEY pkeys[SSL_PKEY_NUM];
     /*
      * Certificate types (received or sent) in certificate request message.
@@ -1656,7 +1656,7 @@ typedef struct ssl3_enc_method {
                                    const unsigned char *, size_t,
                                    int use_context);
     /* Various flags indicating protocol version requirements */
-    unsigned int enc_flags;
+    uint32_t enc_flags;
     /* Handshake header length */
     unsigned int hhlen;
     /* Set the handshake header */

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 402047a237b1f9f2b8e4f7f01828374a2f1f97c7..f08eb84ad1387d5bd6fdfb43143ce4513795141e 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3459,7 +3459,7 @@ int tls1_process_sigalgs(SSL *s)
     size_t i;
     const EVP_MD *md;
     const EVP_MD **pmd = s->s3->tmp.md;
-    int *pvalid = s->s3->tmp.valid_flags;
+    uint32_t *pvalid = s->s3->tmp.valid_flags;
     CERT *c = s->cert;
     TLS_SIGALGS *sigptr;
     if (!tls1_set_shared_sigalgs(s))
@@ -3890,7 +3890,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
     int check_flags = 0, strict_mode;
     CERT_PKEY *cpk = NULL;
     CERT *c = s->cert;
-    int *pvalid;
+    uint32_t *pvalid;
     unsigned int suiteb_flags = tls1_suiteb(s);
     /* idx == -1 means checking server chains */
     if (idx != -1) {