Merge from 1.0.0-stable branch.

author: Dr. Stephen Henson <steve@openssl.org> 2009-04-23 16:32:42 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-04-23 16:32:42 +0000
commit: ef236ec3b26300c0a18872c432122a74f9d5459e (patch)
tree: eeaaa927765ca06f61c1b559b3fff5263a6b5654 /ssl
parent: 8711efb4984b66a901b543d1b5d96fc5b6928d10 (diff)
download: openssl-ef236ec3b26300c0a18872c432122a74f9d5459e.tar.gz
9 files changed, 28 insertions, 22 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 1abfd0007a..ffbe5131d7 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -969,7 +969,7 @@ dtls1_retransmit_buffered_messages(SSL *s)
 		{
 		frag = (hm_fragment *)item->data;
 			if ( dtls1_retransmit_message(s,
-				dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
+				(unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
 				0, &found) <= 0 && found)
 			{
 			fprintf(stderr, "dtls1_retransmit_message() failed\n");
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index b2ed383c34..3a08923e92 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -115,6 +115,9 @@
 
 #include <stdio.h>
 #include "ssl_locl.h"
+#ifndef OPENSSL_NO_KRB5
+#include "kssl_lcl.h"
+#endif
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
@@ -791,7 +794,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                         krb5_data	*enc_ticket;
                         krb5_data	authenticator, *authp = NULL;
 			EVP_CIPHER_CTX	ciph_ctx;
-			EVP_CIPHER	*enc = NULL;
+			const EVP_CIPHER *enc = NULL;
 			unsigned char	iv[EVP_MAX_IV_LENGTH];
 			unsigned char	tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
 			unsigned char	epms[SSL_MAX_MASTER_KEY_LENGTH 
@@ -892,7 +895,7 @@ int dtls1_send_client_key_exchange(SSL *s)
 				sizeof tmp_buf);
 			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
 			outl += padl;
-			if (outl > sizeof epms)
+			if (outl > (int)sizeof epms)
 				{
 				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 918dc70798..00b3911b27 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1067,7 +1067,7 @@ start:
 	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
 		{
 		struct ccs_header_st ccs_hdr;
-		int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
+		unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
 
 		dtls1_get_ccs_header(rr->data, &ccs_hdr);
 
diff --git a/ssl/kssl.c b/ssl/kssl.c
index 73401c92a3..b5fa1f147d 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -76,6 +76,7 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/krb5_asn.h>
+#include "kssl_lcl.h"
 
 #ifndef OPENSSL_NO_KRB5
 
@@ -131,7 +132,7 @@
 #define krb5_principal_compare   kssl_krb5_principal_compare
 #define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part
 #define krb5_timeofday           kssl_krb5_timeofday
-#define krb5_rc_default           kssl_krb5_rc_default
+#define krb5_rc_default          kssl_krb5_rc_default
 
 #ifdef krb5_rc_initialize
 #undef krb5_rc_initialize
@@ -839,7 +840,7 @@ kssl_map_enc(krb5_enctype enctype)
 **	"62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
 **	xx and yy are possibly multi-byte length fields.
 */
-int 	kssl_test_confound(unsigned char *p)
+static int 	kssl_test_confound(unsigned char *p)
 	{
 	int 	len = 2;
 	int 	xx = 0, yy = 0;
@@ -874,7 +875,7 @@ int 	kssl_test_confound(unsigned char *p)
 **      what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2
 **      it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.
 */
-size_t  *populate_cksumlens(void)
+static size_t  *populate_cksumlens(void)
 	{
 	int 		i, j, n;
 	static size_t 	*cklens = NULL;
@@ -1025,7 +1026,7 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
 /*	Display contents of krb5_principal_data struct, for debugging
 **	(krb5_principal is typedef'd == krb5_principal_data *)
 */
-void
+static void
 print_krb5_princ(char *label, krb5_principal_data *princ)
         {
 	int i, ui, uj;
@@ -1224,7 +1225,7 @@ kssl_cget_tkt(	/* UPDATE */	KSSL_CTX *kssl_ctx,
 **				code here.  This tkt should alloc/free just
 **				like the real thing.
 */
-krb5_error_code
+static krb5_error_code
 kssl_TKT2tkt(	/* IN     */	krb5_context	krb5context,
 		/* IN     */	KRB5_TKTBODY	*asn1ticket,
 		/* OUT    */	krb5_ticket	**krb5ticket,
@@ -1899,7 +1900,7 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
 **  Return pointer to the (partially) filled in struct tm on success,
 **  return NULL on failure.
 */
-struct tm	*k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
+static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
 	{
 	char 		c, *p;
 
@@ -1925,7 +1926,7 @@ struct tm	*k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
 **  So we try to sneek the clockskew out through the replay cache.
 **	If that fails just return a likely default (300 seconds).
 */
-krb5_deltat	get_rc_clockskew(krb5_context context)
+static krb5_deltat get_rc_clockskew(krb5_context context)
 	{
 	krb5_rcache 	rc;
 	krb5_deltat 	clockskew;
@@ -2121,7 +2122,7 @@ krb5_error_code  kssl_check_authent(
  		tm_g = gmtime(&now);		tg = mktime(tm_g);
  		tz_offset = tg - tl;
 
-		*atimep = tr - tz_offset;
+		*atimep = (krb5_timestamp)(tr - tz_offset);
  		}
 
 #ifdef KSSL_DEBUG
diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h
index 4cd8dd2d7f..c039c91b4e 100644
--- a/ssl/kssl_lcl.h
+++ b/ssl/kssl_lcl.h
@@ -75,7 +75,7 @@ void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
 char *kstring(char *string);
 char *knumber(int len, krb5_octet *contents);
 
-EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
+const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
 
 int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
 int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index ceab11eb4a..e0bfd0ceaf 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2034,7 +2034,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 			krb5_data	*enc_ticket;
 			krb5_data	authenticator, *authp = NULL;
 			EVP_CIPHER_CTX	ciph_ctx;
-			EVP_CIPHER	*enc = NULL;
+			const EVP_CIPHER *enc = NULL;
 			unsigned char	iv[EVP_MAX_IV_LENGTH];
 			unsigned char	tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
 			unsigned char	epms[SSL_MAX_MASTER_KEY_LENGTH 
@@ -2137,7 +2137,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 				sizeof tmp_buf);
 			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
 			outl += padl;
-			if (outl > sizeof epms)
+			if (outl > (int)sizeof epms)
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 73a573ee29..51ec94b5b1 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2821,13 +2821,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 	SSL_CIPHER *c,*ret=NULL;
 	STACK_OF(SSL_CIPHER) *prio, *allow;
 	int i,ii,ok;
-#ifndef OPENSSL_NO_TLSEXT
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
 	unsigned int j;
-#ifndef OPENSSL_NO_EC
 	int ec_ok, ec_nid;
 	unsigned char ec_search1 = 0, ec_search2 = 0;
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_NO_TLSEXT */
+#endif
 	CERT *cert;
 	unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
 
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 55b2166d2b..ffa031f61e 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2065,7 +2065,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 		krb5_data		enc_pms;
 		KSSL_CTX		*kssl_ctx = s->kssl_ctx;
 		EVP_CIPHER_CTX		ciph_ctx;
-		EVP_CIPHER		*enc = NULL;
+		const EVP_CIPHER	*enc = NULL;
 		unsigned char		iv[EVP_MAX_IV_LENGTH];
 		unsigned char		pms[SSL_MAX_MASTER_KEY_LENGTH
 					       + EVP_MAX_BLOCK_LENGTH];
@@ -2080,7 +2080,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 		n2s(p,i);
 		enc_ticket.length = i;
 
-		if (n < enc_ticket.length + 6)
+		if (n < (long)(enc_ticket.length + 6))
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
 				SSL_R_DATA_LENGTH_TOO_LONG);
@@ -2093,7 +2093,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 		n2s(p,i);
 		authenticator.length = i;
 
-		if (n < enc_ticket.length + authenticator.length + 6)
+		if (n < (long)(enc_ticket.length + authenticator.length + 6))
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
 				SSL_R_DATA_LENGTH_TOO_LONG);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index f305bc7b36..2ad60fe649 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1966,6 +1966,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 #define ku_reject(x, usage) \
 	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
 
+#ifndef OPENSSL_NO_EC
+
 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
 	{
 	unsigned long alg_k, alg_a;
@@ -2037,6 +2039,8 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
 	return 1;  /* all checks are ok */
 	}
 
+#endif
+
 /* THIS NEEDS CLEANING UP */
 X509 *ssl_get_server_send_cert(SSL *s)
 	{
author	Dr. Stephen Henson <steve@openssl.org>	2009-04-23 16:32:42 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-04-23 16:32:42 +0000
commit	ef236ec3b26300c0a18872c432122a74f9d5459e (patch)
tree	eeaaa927765ca06f61c1b559b3fff5263a6b5654 /ssl
parent	8711efb4984b66a901b543d1b5d96fc5b6928d10 (diff)
download	openssl-ef236ec3b26300c0a18872c432122a74f9d5459e.tar.gz