diff --git a/include/openssl/pem.h b/include/openssl/pem.h index ae6c23c0..4868e12f 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -125,7 +125,7 @@ extern "C" { #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ { \ -return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ +return (type *)PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ } #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ @@ -161,7 +161,7 @@ OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ { \ -return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ +return (type *)PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ } #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt index 0c09443d..94a1741c 100644 --- a/ssl/CMakeLists.txt +++ b/ssl/CMakeLists.txt @@ -3,21 +3,21 @@ include_directories(../include) add_library( ssl - bio_ssl.c - custom_extensions.c - d1_both.c - d1_lib.c - d1_pkt.c - d1_srtp.c - dtls_method.c - dtls_record.c + bio_ssl.cc + custom_extensions.cc + d1_both.cc + d1_lib.cc + d1_pkt.cc + d1_srtp.cc + dtls_method.cc + dtls_record.cc handshake_client.c handshake_server.c - s3_both.c - s3_lib.c - s3_pkt.c + s3_both.cc + s3_lib.cc + s3_pkt.cc ssl_aead_ctx.c - ssl_asn1.c + ssl_asn1.cc ssl_buffer.c ssl_cert.c ssl_cipher.c @@ -30,7 +30,7 @@ add_library( ssl_stat.c ssl_transcript.c ssl_versions.c - ssl_x509.c + ssl_x509.cc t1_enc.c t1_lib.c tls_method.c diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.cc similarity index 94% rename from ssl/bio_ssl.c rename to ssl/bio_ssl.cc index ad8f5d8f..61afee56 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.cc @@ -12,8 +12,12 @@ #include +static SSL *get_ssl(BIO *bio) { + return reinterpret_cast(bio->ptr); +} + static int ssl_read(BIO *bio, char *out, int outl) { - SSL *ssl = bio->ptr; + SSL *ssl = get_ssl(bio); if (ssl == NULL) { return 0; } @@ -53,7 +57,7 @@ static int ssl_read(BIO *bio, char *out, int outl) { } static int ssl_write(BIO *bio, const char *out, int outl) { - SSL *ssl = bio->ptr; + SSL *ssl = get_ssl(bio); if (ssl == NULL) { return 0; } @@ -87,7 +91,7 @@ static int ssl_write(BIO *bio, const char *out, int outl) { } static long ssl_ctrl(BIO *bio, int cmd, long num, void *ptr) { - SSL *ssl = bio->ptr; + SSL *ssl = get_ssl(bio); if (ssl == NULL && cmd != BIO_C_SET_SSL) { return 0; } @@ -134,7 +138,7 @@ static int ssl_new(BIO *bio) { } static int ssl_free(BIO *bio) { - SSL *ssl = bio->ptr; + SSL *ssl = get_ssl(bio); if (ssl == NULL) { return 1; @@ -149,7 +153,7 @@ static int ssl_free(BIO *bio) { } static long ssl_callback_ctrl(BIO *bio, int cmd, bio_info_cb fp) { - SSL *ssl = bio->ptr; + SSL *ssl = get_ssl(bio); if (ssl == NULL) { return 0; } diff --git a/ssl/custom_extensions.c b/ssl/custom_extensions.cc similarity index 98% rename from ssl/custom_extensions.c rename to ssl/custom_extensions.cc index ac185178..f438f739 100644 --- a/ssl/custom_extensions.c +++ b/ssl/custom_extensions.cc @@ -214,7 +214,8 @@ static int custom_ext_append(STACK_OF(SSL_CUSTOM_EXTENSION) **stack, return 0; } - SSL_CUSTOM_EXTENSION *ext = OPENSSL_malloc(sizeof(SSL_CUSTOM_EXTENSION)); + SSL_CUSTOM_EXTENSION *ext = + (SSL_CUSTOM_EXTENSION *)OPENSSL_malloc(sizeof(SSL_CUSTOM_EXTENSION)); if (ext == NULL) { return 0; } diff --git a/ssl/d1_both.c b/ssl/d1_both.cc similarity index 98% rename from ssl/d1_both.c rename to ssl/d1_both.cc index 44e3f2ef..f25c2be8 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.cc @@ -153,7 +153,7 @@ static void dtls1_hm_fragment_free(hm_fragment *frag) { } static hm_fragment *dtls1_hm_fragment_new(const struct hm_header_st *msg_hdr) { - hm_fragment *frag = OPENSSL_malloc(sizeof(hm_fragment)); + hm_fragment *frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); if (frag == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return NULL; @@ -164,7 +164,8 @@ static hm_fragment *dtls1_hm_fragment_new(const struct hm_header_st *msg_hdr) { frag->msg_len = msg_hdr->msg_len; /* Allocate space for the reassembled message and fill in the header. */ - frag->data = OPENSSL_malloc(DTLS1_HM_HEADER_LENGTH + msg_hdr->msg_len); + frag->data = + (uint8_t *)OPENSSL_malloc(DTLS1_HM_HEADER_LENGTH + msg_hdr->msg_len); if (frag->data == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; @@ -191,7 +192,7 @@ static hm_fragment *dtls1_hm_fragment_new(const struct hm_header_st *msg_hdr) { goto err; } size_t bitmask_len = (msg_hdr->msg_len + 7) / 8; - frag->reassembly = OPENSSL_malloc(bitmask_len); + frag->reassembly = (uint8_t *)OPENSSL_malloc(bitmask_len); if (frag->reassembly == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; @@ -760,7 +761,7 @@ int dtls1_flush_flight(SSL *ssl) { dtls1_update_mtu(ssl); int ret = -1; - uint8_t *packet = OPENSSL_malloc(ssl->d1->mtu); + uint8_t *packet = (uint8_t *)OPENSSL_malloc(ssl->d1->mtu); if (packet == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); goto err; diff --git a/ssl/d1_lib.c b/ssl/d1_lib.cc similarity index 99% rename from ssl/d1_lib.c rename to ssl/d1_lib.cc index ef15252f..0074855b 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.cc @@ -78,12 +78,10 @@ #define DTLS1_MAX_TIMEOUTS 12 int dtls1_new(SSL *ssl) { - DTLS1_STATE *d1; - if (!ssl3_new(ssl)) { return 0; } - d1 = OPENSSL_malloc(sizeof *d1); + DTLS1_STATE *d1 = (DTLS1_STATE *)OPENSSL_malloc(sizeof *d1); if (d1 == NULL) { ssl3_free(ssl); return 0; diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.cc similarity index 99% rename from ssl/d1_pkt.c rename to ssl/d1_pkt.cc index e2c7315d..1ae55ebb 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.cc @@ -171,7 +171,7 @@ again: /* Impossible in DTLS. */ break; - case ssl_open_record_success: + case ssl_open_record_success: { if (CBS_len(&body) > 0xffff) { OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); return -1; @@ -182,6 +182,7 @@ again: rr->length = (uint16_t)CBS_len(&body); rr->data = (uint8_t *)CBS_data(&body); return 1; + } case ssl_open_record_discard: goto again; diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.cc similarity index 100% rename from ssl/d1_srtp.c rename to ssl/d1_srtp.cc diff --git a/ssl/dtls_method.c b/ssl/dtls_method.cc similarity index 100% rename from ssl/dtls_method.c rename to ssl/dtls_method.cc diff --git a/ssl/dtls_record.c b/ssl/dtls_record.cc similarity index 100% rename from ssl/dtls_record.c rename to ssl/dtls_record.cc diff --git a/ssl/s3_both.c b/ssl/s3_both.cc similarity index 99% rename from ssl/s3_both.c rename to ssl/s3_both.cc index 65d438a1..5eb364d1 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.cc @@ -131,7 +131,7 @@ SSL_HANDSHAKE *ssl_handshake_new(SSL *ssl) { - SSL_HANDSHAKE *hs = OPENSSL_malloc(sizeof(SSL_HANDSHAKE)); + SSL_HANDSHAKE *hs = (SSL_HANDSHAKE *)OPENSSL_malloc(sizeof(SSL_HANDSHAKE)); if (hs == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.cc similarity index 99% rename from ssl/s3_lib.c rename to ssl/s3_lib.cc index ac8bb678..9548bbd4 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.cc @@ -163,9 +163,7 @@ int ssl3_new(SSL *ssl) { - SSL3_STATE *s3; - - s3 = OPENSSL_malloc(sizeof *s3); + SSL3_STATE *s3 = (SSL3_STATE *)OPENSSL_malloc(sizeof *s3); if (s3 == NULL) { return 0; } diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.cc similarity index 99% rename from ssl/s3_pkt.c rename to ssl/s3_pkt.cc index 445f8826..beaa08ed 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.cc @@ -157,7 +157,7 @@ again: goto again; } - case ssl_open_record_success: + case ssl_open_record_success: { if (CBS_len(&body) > 0xffff) { OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); return -1; @@ -168,6 +168,7 @@ again: rr->length = (uint16_t)CBS_len(&body); rr->data = (uint8_t *)CBS_data(&body); return 1; + } case ssl_open_record_discard: goto again; diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.cc similarity index 98% rename from ssl/ssl_asn1.c rename to ssl/ssl_asn1.cc index cc6a5596..1d6140e9 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.cc @@ -80,6 +80,13 @@ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ +/* Per C99, various stdint.h macros are unavailable in C++ unless some macros + * are defined. C++11 overruled this decision, but older Android NDKs still + * require it. */ +#if !defined(__STDC_LIMIT_MACROS) +#define __STDC_LIMIT_MACROS +#endif + #include #include @@ -425,7 +432,7 @@ int SSL_SESSION_to_bytes(const SSL_SESSION *in, uint8_t **out_data, static const char kNotResumableSession[] = "NOT RESUMABLE"; *out_len = strlen(kNotResumableSession); - *out_data = BUF_memdup(kNotResumableSession, *out_len); + *out_data = (uint8_t *)BUF_memdup(kNotResumableSession, *out_len); if (*out_data == NULL) { return 0; } diff --git a/ssl/ssl_x509.c b/ssl/ssl_x509.cc similarity index 99% rename from ssl/ssl_x509.c rename to ssl/ssl_x509.cc index 65405aaf..77fc0e2a 100644 --- a/ssl/ssl_x509.c +++ b/ssl/ssl_x509.cc @@ -494,14 +494,13 @@ static void ssl_crypto_x509_cert_dup(CERT *new_cert, const CERT *cert) { } static int ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) { - STACK_OF(X509) *chain = NULL; + bssl::UniquePtr chain; const size_t num_certs = sk_CRYPTO_BUFFER_num(sess->certs); - if (num_certs > 0) { - chain = sk_X509_new_null(); - if (chain == NULL) { + chain.reset(sk_X509_new_null()); + if (!chain) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); - goto err; + return 0; } } @@ -510,12 +509,12 @@ static int ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) { X509 *x509 = X509_parse_from_buffer(sk_CRYPTO_BUFFER_value(sess->certs, i)); if (x509 == NULL) { OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR); - goto err; + return 0; } - if (!sk_X509_push(chain, x509)) { + if (!sk_X509_push(chain.get(), x509)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); X509_free(x509); - goto err; + return 0; } if (i == 0) { leaf = x509; @@ -523,7 +522,7 @@ static int ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) { } sk_X509_pop_free(sess->x509_chain, X509_free); - sess->x509_chain = chain; + sess->x509_chain = chain.release(); sk_X509_pop_free(sess->x509_chain_without_leaf, X509_free); sess->x509_chain_without_leaf = NULL; @@ -532,12 +531,7 @@ static int ssl_crypto_x509_session_cache_objects(SSL_SESSION *sess) { X509_up_ref(leaf); } sess->x509_peer = leaf; - return 1; - -err: - sk_X509_pop_free(chain, X509_free); - return 0; } static int ssl_crypto_x509_session_dup(SSL_SESSION *new_session,