Upgrade chrome's OpenSSL to same version Android ships with.

openssl/ssl/kssl.c

 /* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */
 /* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
@@ skipping 58 matching lines @@
 #include <openssl/opensslconf.h>
 
 #include <string.h>
 
 #define KRB5_PRIVATE    1
 
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/krb5_asn.h>
+#include "kssl_lcl.h"
 
 #ifndef OPENSSL_NO_KRB5
 
 #ifndef ENOMEM
 #define ENOMEM KRB5KRB_ERR_GENERIC
 #endif
 
 /* 
  * When OpenSSL is built on Windows, we do not want to require that
  * the Kerberos DLLs be available in order for the OpenSSL DLLs to
@@ skipping 35 matching lines @@
 #define krb5_kt_close            kssl_krb5_kt_close
 #endif /* krb5_kt_close */
 #ifndef krb5_kt_get_entry
 #define krb5_kt_get_entry        kssl_krb5_kt_get_entry
 #endif /* krb5_kt_get_entry */
 #define krb5_auth_con_init       kssl_krb5_auth_con_init        
 
 #define krb5_principal_compare   kssl_krb5_principal_compare
 #define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part
 #define krb5_timeofday           kssl_krb5_timeofday
-#define krb5_rc_default           kssl_krb5_rc_default
+#define krb5_rc_default          kssl_krb5_rc_default
 
 #ifdef krb5_rc_initialize
 #undef krb5_rc_initialize
 #endif
 #define krb5_rc_initialize   kssl_krb5_rc_initialize
 
 #ifdef krb5_rc_get_lifespan
 #undef krb5_rc_get_lifespan
 #endif
 #define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
@@ skipping 687 matching lines @@
                                 break;
                 }
         }
 
 
 /*      Return true:1 if p "looks like" the start of the real authenticator
 **      described in kssl_skip_confound() below.  The ASN.1 pattern is
 **      "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
 **      xx and yy are possibly multi-byte length fields.
 */
-int     kssl_test_confound(unsigned char *p)
+static int      kssl_test_confound(unsigned char *p)
         {
         int     len = 2;
         int     xx = 0, yy = 0;
 
         if (*p++ != 0x62)  return 0;
         if (*p > 0x82)  return 0;
         switch(*p)  {
                 case 0x82:  p++;          xx = (*p++ << 8);  xx += *p++;  break;
                 case 0x81:  p++;          xx =  *p++;  break;
                 case 0x80:  return 0;
@@ skipping 14 matching lines @@
 /*      Allocate, fill, and return cksumlens array of checksum lengths.
 **      This array holds just the unique elements from the krb5_cksumarray[].
 **      array[n] == 0 signals end of data.
 **
 **      The krb5_cksumarray[] was an internal variable that has since been
 **      replaced by a more general method for storing the data.  It should
 **      not be used.  Instead we use real API calls and make a guess for 
 **      what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2
 **      it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.
 */
-size_t  *populate_cksumlens(void)
+static size_t  *populate_cksumlens(void)
         {
         int             i, j, n;
         static size_t   *cklens = NULL;
 
 #ifdef KRB5_MIT_OLD11
         n = krb5_max_cksum;
 #else
         n = 0x0010;
 #endif  /* KRB5_MIT_OLD11 */
  
@@ skipping 130 matching lines @@
                 printf("%02x",keyblk->contents[i]);
                 }
         printf("\n");
 #endif
         }
 
 
 /*      Display contents of krb5_principal_data struct, for debugging
 **      (krb5_principal is typedef'd == krb5_principal_data *)
 */
-void
+static void
 print_krb5_princ(char *label, krb5_principal_data *princ)
         {
         int i, ui, uj;
 
         printf("%s principal Realm: ", label);
         if (princ == NULL)  return;
         for (ui=0; ui < (int)princ->realm.length; ui++)  putchar(princ->realm.data[ui]);
         printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
         for (i=0; i < (int)princ->length; i++)
                 {
@@ skipping 178 matching lines @@
 **  Return Kerberos error code and kssl_err struct on error.
 **  Allocates krb5_ticket and krb5_principal; caller should free these.
 **
 **      20010410        VRS     Implemented krb5_decode_ticket() as
 **                              old_krb5_decode_ticket(). Missing from MIT1.0.6.
 **      20010615        VRS     Re-cast as openssl/asn1 d2i_*() functions.
 **                              Re-used some of the old krb5_decode_ticket()
 **                              code here.  This tkt should alloc/free just
 **                              like the real thing.
 */
-krb5_error_code
+static krb5_error_code
 kssl_TKT2tkt(   /* IN     */    krb5_context    krb5context,
                 /* IN     */    KRB5_TKTBODY    *asn1ticket,
                 /* OUT    */    krb5_ticket     **krb5ticket,
                 /* OUT    */    KSSL_ERR *kssl_err  )
         {
         krb5_error_code                 krb5rc = KRB5KRB_ERR_GENERIC;
         krb5_ticket                     *new5ticket = NULL;
         ASN1_GENERALSTRING              *gstr_svc, *gstr_host;
 
         *krb5ticket = NULL;
@@ skipping 657 matching lines @@
 #endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
 
 
 /*  Given pointers to KerberosTime and struct tm structs, convert the
 **  KerberosTime string to struct tm.  Note that KerberosTime is a
 **  ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional
 **  seconds as defined in RFC 1510.
 **  Return pointer to the (partially) filled in struct tm on success,
 **  return NULL on failure.
 */
-struct tm       *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
+static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
         {
         char            c, *p;
 
         if (!k_tm)  return NULL;
         if (gtime == NULL  ||  gtime->length < 14)  return NULL;
         if (gtime->data == NULL)  return NULL;
 
         p = (char *)&gtime->data[14];
 
         c = *p;  *p = '\0';  p -= 2;  k_tm->tm_sec  = atoi(p);      *(p+2) = c;
         c = *p;  *p = '\0';  p -= 2;  k_tm->tm_min  = atoi(p);      *(p+2) = c;
         c = *p;  *p = '\0';  p -= 2;  k_tm->tm_hour = atoi(p);      *(p+2) = c;
         c = *p;  *p = '\0';  p -= 2;  k_tm->tm_mday = atoi(p);      *(p+2) = c;
         c = *p;  *p = '\0';  p -= 2;  k_tm->tm_mon  = atoi(p)-1;    *(p+2) = c;
         c = *p;  *p = '\0';  p -= 4;  k_tm->tm_year = atoi(p)-1900; *(p+4) = c;
 
         return k_tm;
         }
 
 
 /*  Helper function for kssl_validate_times().
 **  We need context->clockskew, but krb5_context is an opaque struct.
 **  So we try to sneek the clockskew out through the replay cache.
 **      If that fails just return a likely default (300 seconds).
 */
-krb5_deltat     get_rc_clockskew(krb5_context context)
+static krb5_deltat get_rc_clockskew(krb5_context context)
         {
         krb5_rcache     rc;
         krb5_deltat     clockskew;
 
         if (krb5_rc_default(context, &rc))  return KSSL_CLOCKSKEW;
         if (krb5_rc_initialize(context, rc, 0))  return KSSL_CLOCKSKEW;
         if (krb5_rc_get_lifespan(context, rc, &clockskew))  {
                 clockskew = KSSL_CLOCKSKEW;
                 }
         (void) krb5_rc_destroy(context, rc);
@@ skipping 143 matching lines @@
         if (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl))
                 {
                 kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
                         "EVP_Cipher error decrypting authenticator.\n");
                 krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
                 goto err;
                 }
         EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
 #ifdef KSSL_DEBUG
+        {
+        int padl;
         printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
         for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]);
         printf("\n");
+        }
 #endif  /* KSSL_DEBUG */
 
         if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL)
                 {
                 kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
                         "confounded by authenticator.\n");
                 krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
                 goto err;
                 }
         outl -= p - unenc_authent;
 
         if ((auth = (KRB5_AUTHENTBODY *) d2i_KRB5_AUTHENT(NULL, &p,
                                                           (long) outl))==NULL)
                 {
                 kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
                         "Error decoding authenticator body.\n");
                 krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
                 goto err;
                 }
 
         memset(&tm_time,0,sizeof(struct tm));
         if (k_gmtime(auth->ctime, &tm_time)  &&
                 ((tr = mktime(&tm_time)) != (time_t)(-1)))
                 {
                 now  = time(&now);
                 tm_l = localtime(&now);         tl = mktime(tm_l);
                 tm_g = gmtime(&now);            tg = mktime(tm_g);
                 tz_offset = tg - tl;
 
-                *atimep = tr - tz_offset;
+                *atimep = (krb5_timestamp)(tr - tz_offset);
                 }
 
 #ifdef KSSL_DEBUG
         printf("kssl_check_authent: returns %d for client time ", *atimep);
         if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
                 printf("%.*s\n", auth->ctime->length, auth->ctime->data);
         else    printf("NULL\n");
 #endif  /* KSSL_DEBUG */
 
  err:
@@ skipping 54 matching lines @@
 
 
 #else /* !OPENSSL_NO_KRB5 */
 
 #if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
 static void *dummy=&dummy;
 #endif
 
 #endif  /* !OPENSSL_NO_KRB5     */