diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_both.c | 2 | ||||
-rw-r--r-- | ssl/d1_clnt.c | 7 | ||||
-rw-r--r-- | ssl/d1_pkt.c | 2 | ||||
-rw-r--r-- | ssl/kssl.c | 17 | ||||
-rw-r--r-- | ssl/kssl_lcl.h | 2 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 4 | ||||
-rw-r--r-- | ssl/s3_lib.c | 6 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 6 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 4 |
9 files changed, 28 insertions, 22 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 1abfd0007a..ffbe5131d7 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -969,7 +969,7 @@ dtls1_retransmit_buffered_messages(SSL *s) { frag = (hm_fragment *)item->data; if ( dtls1_retransmit_message(s, - dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), + (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs), 0, &found) <= 0 && found) { fprintf(stderr, "dtls1_retransmit_message() failed\n"); diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index b2ed383c34..3a08923e92 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -115,6 +115,9 @@ #include <stdio.h> #include "ssl_locl.h" +#ifndef OPENSSL_NO_KRB5 +#include "kssl_lcl.h" +#endif #include <openssl/buffer.h> #include <openssl/rand.h> #include <openssl/objects.h> @@ -791,7 +794,7 @@ int dtls1_send_client_key_exchange(SSL *s) krb5_data *enc_ticket; krb5_data authenticator, *authp = NULL; EVP_CIPHER_CTX ciph_ctx; - EVP_CIPHER *enc = NULL; + const EVP_CIPHER *enc = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH @@ -892,7 +895,7 @@ int dtls1_send_client_key_exchange(SSL *s) sizeof tmp_buf); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); outl += padl; - if (outl > sizeof epms) + if (outl > (int)sizeof epms) { SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 918dc70798..00b3911b27 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1067,7 +1067,7 @@ start: if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { struct ccs_header_st ccs_hdr; - int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; + unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; dtls1_get_ccs_header(rr->data, &ccs_hdr); diff --git a/ssl/kssl.c b/ssl/kssl.c index 73401c92a3..b5fa1f147d 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -76,6 +76,7 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/krb5_asn.h> +#include "kssl_lcl.h" #ifndef OPENSSL_NO_KRB5 @@ -131,7 +132,7 @@ #define krb5_principal_compare kssl_krb5_principal_compare #define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part #define krb5_timeofday kssl_krb5_timeofday -#define krb5_rc_default kssl_krb5_rc_default +#define krb5_rc_default kssl_krb5_rc_default #ifdef krb5_rc_initialize #undef krb5_rc_initialize @@ -839,7 +840,7 @@ kssl_map_enc(krb5_enctype enctype) ** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and ** xx and yy are possibly multi-byte length fields. */ -int kssl_test_confound(unsigned char *p) +static int kssl_test_confound(unsigned char *p) { int len = 2; int xx = 0, yy = 0; @@ -874,7 +875,7 @@ int kssl_test_confound(unsigned char *p) ** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 ** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. */ -size_t *populate_cksumlens(void) +static size_t *populate_cksumlens(void) { int i, j, n; static size_t *cklens = NULL; @@ -1025,7 +1026,7 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk) /* Display contents of krb5_principal_data struct, for debugging ** (krb5_principal is typedef'd == krb5_principal_data *) */ -void +static void print_krb5_princ(char *label, krb5_principal_data *princ) { int i, ui, uj; @@ -1224,7 +1225,7 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, ** code here. This tkt should alloc/free just ** like the real thing. */ -krb5_error_code +static krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context, /* IN */ KRB5_TKTBODY *asn1ticket, /* OUT */ krb5_ticket **krb5ticket, @@ -1899,7 +1900,7 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) ** Return pointer to the (partially) filled in struct tm on success, ** return NULL on failure. */ -struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) +static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) { char c, *p; @@ -1925,7 +1926,7 @@ struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) ** So we try to sneek the clockskew out through the replay cache. ** If that fails just return a likely default (300 seconds). */ -krb5_deltat get_rc_clockskew(krb5_context context) +static krb5_deltat get_rc_clockskew(krb5_context context) { krb5_rcache rc; krb5_deltat clockskew; @@ -2121,7 +2122,7 @@ krb5_error_code kssl_check_authent( tm_g = gmtime(&now); tg = mktime(tm_g); tz_offset = tg - tl; - *atimep = tr - tz_offset; + *atimep = (krb5_timestamp)(tr - tz_offset); } #ifdef KSSL_DEBUG diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h index 4cd8dd2d7f..c039c91b4e 100644 --- a/ssl/kssl_lcl.h +++ b/ssl/kssl_lcl.h @@ -75,7 +75,7 @@ void print_krb5_keyblock(char *label, krb5_keyblock *keyblk); char *kstring(char *string); char *knumber(int len, krb5_octet *contents); -EVP_CIPHER *kssl_map_enc(krb5_enctype enctype); +const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype); int kssl_keytab_is_available(KSSL_CTX *kssl_ctx); int kssl_tgt_is_available(KSSL_CTX *kssl_ctx); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index ceab11eb4a..e0bfd0ceaf 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2034,7 +2034,7 @@ int ssl3_send_client_key_exchange(SSL *s) krb5_data *enc_ticket; krb5_data authenticator, *authp = NULL; EVP_CIPHER_CTX ciph_ctx; - EVP_CIPHER *enc = NULL; + const EVP_CIPHER *enc = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH @@ -2137,7 +2137,7 @@ int ssl3_send_client_key_exchange(SSL *s) sizeof tmp_buf); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); outl += padl; - if (outl > sizeof epms) + if (outl > (int)sizeof epms) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 73a573ee29..51ec94b5b1 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2821,13 +2821,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, SSL_CIPHER *c,*ret=NULL; STACK_OF(SSL_CIPHER) *prio, *allow; int i,ii,ok; -#ifndef OPENSSL_NO_TLSEXT +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC) unsigned int j; -#ifndef OPENSSL_NO_EC int ec_ok, ec_nid; unsigned char ec_search1 = 0, ec_search2 = 0; -#endif /* OPENSSL_NO_EC */ -#endif /* OPENSSL_NO_TLSEXT */ +#endif CERT *cert; unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 55b2166d2b..ffa031f61e 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2065,7 +2065,7 @@ int ssl3_get_client_key_exchange(SSL *s) krb5_data enc_pms; KSSL_CTX *kssl_ctx = s->kssl_ctx; EVP_CIPHER_CTX ciph_ctx; - EVP_CIPHER *enc = NULL; + const EVP_CIPHER *enc = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_BLOCK_LENGTH]; @@ -2080,7 +2080,7 @@ int ssl3_get_client_key_exchange(SSL *s) n2s(p,i); enc_ticket.length = i; - if (n < enc_ticket.length + 6) + if (n < (long)(enc_ticket.length + 6)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); @@ -2093,7 +2093,7 @@ int ssl3_get_client_key_exchange(SSL *s) n2s(p,i); authenticator.length = i; - if (n < enc_ticket.length + authenticator.length + 6) + if (n < (long)(enc_ticket.length + authenticator.length + 6)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f305bc7b36..2ad60fe649 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1966,6 +1966,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) +#ifndef OPENSSL_NO_EC + int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) { unsigned long alg_k, alg_a; @@ -2037,6 +2039,8 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) return 1; /* all checks are ok */ } +#endif + /* THIS NEEDS CLEANING UP */ X509 *ssl_get_server_send_cert(SSL *s) { |