diff --git a/Configure b/Configure index 63d3e03211..38ef7f17cd 100755 --- a/Configure +++ b/Configure @@ -94,11 +94,11 @@ my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED -DBIO_DEBUG" # TODO(openssl-team): fix problems and investigate if (at least) the # following warnings can also be enabled: # -Wswitch-enum -# -Wunused-macros # -Wcast-align # -Wunreachable-code -# -Wlanguage-extension-token -# -Wextended-offsetof +# -Wlanguage-extension-token -- no, we use asm() +# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc +# -Wextended-offsetof -- no, needed in CMS ASN1 code my $clang_devteam_warn = "" . " -Qunused-arguments" . " -Wextra" diff --git a/apps/apps.c b/apps/apps.c index d4a4d23269..34fd3914cd 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -674,8 +674,7 @@ int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) return rv; } -X509 *load_cert(const char *file, int format, - const char *pass, ENGINE *e, const char *cert_descrip) +X509 *load_cert(const char *file, int format, const char *cert_descrip) { X509 *x = NULL; BIO *cert; @@ -904,7 +903,7 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, } static int load_certs_crls(const char *file, int format, - const char *pass, ENGINE *e, const char *desc, + const char *pass, const char *desc, STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls) { @@ -1002,18 +1001,18 @@ void* app_malloc(int sz, const char *what) * Initialize or extend, if *certs != NULL, a certificate stack. */ int load_certs(const char *file, STACK_OF(X509) **certs, int format, - const char *pass, ENGINE *e, const char *desc) + const char *pass, const char *desc) { - return load_certs_crls(file, format, pass, e, desc, certs, NULL); + return load_certs_crls(file, format, pass, desc, certs, NULL); } /* * Initialize or extend, if *crls != NULL, a certificate stack. */ int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, - const char *pass, ENGINE *e, const char *desc) + const char *pass, const char *desc) { - return load_certs_crls(file, format, pass, e, desc, NULL, crls); + return load_certs_crls(file, format, pass, desc, NULL, crls); } #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) @@ -1300,7 +1299,7 @@ X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath) #ifndef OPENSSL_NO_ENGINE /* Try to load an engine in a shareable library */ -static ENGINE *try_load_engine(const char *engine, int debug) +static ENGINE *try_load_engine(const char *engine) { ENGINE *e = ENGINE_by_id("dynamic"); if (e) { @@ -1324,7 +1323,7 @@ ENGINE *setup_engine(const char *engine, int debug) return NULL; } if ((e = ENGINE_by_id(engine)) == NULL - && (e = try_load_engine(engine, debug)) == NULL) { + && (e = try_load_engine(engine)) == NULL) { BIO_printf(bio_err, "invalid engine \"%s\"\n", engine); ERR_print_errors(bio_err); return NULL; diff --git a/apps/apps.h b/apps/apps.h index 9e66056058..617c1f7e9b 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -475,8 +475,7 @@ int set_ext_copy(int *copy_type, const char *arg); int copy_extensions(X509 *x, X509_REQ *req, int copy_type); int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2); int add_oid_section(CONF *conf); -X509 *load_cert(const char *file, int format, - const char *pass, ENGINE *e, const char *cert_descrip); +X509 *load_cert(const char *file, int format, const char *cert_descrip); X509_CRL *load_crl(const char *infile, int format); int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl); EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, @@ -484,9 +483,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip); int load_certs(const char *file, STACK_OF(X509) **certs, int format, - const char *pass, ENGINE *e, const char *cert_descrip); + const char *pass, const char *cert_descrip); int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, - const char *pass, ENGINE *e, const char *cert_descrip); + const char *pass, const char *cert_descrip); X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath); int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, diff --git a/apps/ca.c b/apps/ca.c index 716df02fac..4cd4aa1bcb 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -153,8 +153,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, - ENGINE *e); + unsigned long nameopt, int default_op, int ext_copy); static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, @@ -607,7 +606,7 @@ end_of_options: lookup_fail(section, ENV_CERTIFICATE); goto end; } - x509 = load_cert(certfile, FORMAT_PEM, NULL, e, "CA certificate"); + x509 = load_cert(certfile, FORMAT_PEM, "CA certificate"); if (x509 == NULL) goto end; @@ -964,7 +963,7 @@ end_of_options: db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, extensions, conf, verbose, certopt, nameopt, default_op, - ext_copy, e); + ext_copy); if (j < 0) goto end; if (j > 0) { @@ -1265,7 +1264,7 @@ end_of_options: goto end; } else { X509 *revcert; - revcert = load_cert(infile, FORMAT_PEM, NULL, e, infile); + revcert = load_cert(infile, FORMAT_PEM, infile); if (revcert == NULL) goto end; if (dorevoke == 2) @@ -1391,15 +1390,14 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, - ENGINE *e) + unsigned long nameopt, int default_op, int ext_copy) { X509 *req = NULL; X509_REQ *rreq = NULL; EVP_PKEY *pktmp = NULL; int ok = -1, i; - if ((req = load_cert(infile, FORMAT_PEM, NULL, e, infile)) == NULL) + if ((req = load_cert(infile, FORMAT_PEM, infile)) == NULL) goto end; if (verbose) X509_print(bio_err, req); diff --git a/apps/cms.c b/apps/cms.c index e732757b2a..1f0e19208e 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -550,7 +550,7 @@ int cms_main(int argc, char **argv) if (operation == SMIME_ENCRYPT) { if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL) goto end; - cert = load_cert(opt_arg(), FORMAT_PEM, NULL, e, + cert = load_cert(opt_arg(), FORMAT_PEM, "recipient certificate file"); if (cert == NULL) goto end; @@ -725,7 +725,7 @@ int cms_main(int argc, char **argv) if ((encerts = sk_X509_new_null()) == NULL) goto end; while (*argv) { - if ((cert = load_cert(*argv, FORMAT_PEM, NULL, e, + if ((cert = load_cert(*argv, FORMAT_PEM, "recipient certificate file")) == NULL) goto end; sk_X509_push(encerts, cert); @@ -735,7 +735,7 @@ int cms_main(int argc, char **argv) } if (certfile) { - if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e, + if (!load_certs(certfile, &other, FORMAT_PEM, NULL, "certificate file")) { ERR_print_errors(bio_err); goto end; @@ -743,7 +743,7 @@ int cms_main(int argc, char **argv) } if (recipfile && (operation == SMIME_DECRYPT)) { - if ((recip = load_cert(recipfile, FORMAT_PEM, NULL, e, + if ((recip = load_cert(recipfile, FORMAT_PEM, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; @@ -751,7 +751,7 @@ int cms_main(int argc, char **argv) } if (operation == SMIME_SIGN_RECEIPT) { - if ((signer = load_cert(signerfile, FORMAT_PEM, NULL, e, + if ((signer = load_cert(signerfile, FORMAT_PEM, "receipt signer certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; @@ -968,8 +968,7 @@ int cms_main(int argc, char **argv) signerfile = sk_OPENSSL_STRING_value(sksigners, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(signerfile, FORMAT_PEM, NULL, - e, "signer certificate"); + signer = load_cert(signerfile, FORMAT_PEM, "signer certificate"); if (!signer) goto end; key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); diff --git a/apps/dgst.c b/apps/dgst.c index cab848516b..bebaaf53d3 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -73,7 +73,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, - const char *file, BIO *bmd); + const char *file); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -403,7 +403,7 @@ int dgst_main(int argc, char **argv) if (argc == 0) { BIO_set_fp(in, stdin, BIO_NOCLOSE); ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, - siglen, NULL, NULL, "stdin", bmd); + siglen, NULL, NULL, "stdin"); } else { const char *md_name = NULL, *sig_name = NULL; if (!out_bin) { @@ -426,7 +426,7 @@ int dgst_main(int argc, char **argv) continue; } else r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, - siglen, sig_name, md_name, argv[i], bmd); + siglen, sig_name, md_name, argv[i]); if (r) ret = r; (void)BIO_reset(bmd); @@ -448,7 +448,7 @@ int dgst_main(int argc, char **argv) int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, - const char *file, BIO *bmd) + const char *file) { size_t len; int i; diff --git a/apps/ocsp.c b/apps/ocsp.c index e26afe1f94..dc2a11f26e 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -115,8 +115,7 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static BIO *init_responder(const char *port); -static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, - const char *port); +static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, const char *path, @@ -406,8 +405,7 @@ int ocsp_main(int argc, char **argv) path = opt_arg(); break; case OPT_ISSUER: - issuer = load_cert(opt_arg(), FORMAT_PEM, - NULL, NULL, "issuer certificate"); + issuer = load_cert(opt_arg(), FORMAT_PEM, "issuer certificate"); if (issuer == NULL) goto end; if (issuers == NULL) { @@ -418,8 +416,7 @@ int ocsp_main(int argc, char **argv) break; case OPT_CERT: X509_free(cert); - cert = load_cert(opt_arg(), FORMAT_PEM, - NULL, NULL, "certificate"); + cert = load_cert(opt_arg(), FORMAT_PEM, "certificate"); if (cert == NULL) goto end; if (cert_id_md == NULL) @@ -526,16 +523,14 @@ int ocsp_main(int argc, char **argv) if (rsignfile) { if (!rkeyfile) rkeyfile = rsignfile; - rsigner = load_cert(rsignfile, FORMAT_PEM, - NULL, NULL, "responder certificate"); + rsigner = load_cert(rsignfile, FORMAT_PEM, "responder certificate"); if (!rsigner) { BIO_printf(bio_err, "Error loading responder certificate\n"); goto end; } - rca_cert = load_cert(rca_filename, FORMAT_PEM, - NULL, NULL, "CA certificate"); + rca_cert = load_cert(rca_filename, FORMAT_PEM, "CA certificate"); if (rcertfile) { - if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL, + if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, "responder other certificates")) goto end; } @@ -550,7 +545,7 @@ int ocsp_main(int argc, char **argv) redo_accept: if (acbio) { - if (!do_responder(&req, &cbio, acbio, port)) + if (!do_responder(&req, &cbio, acbio)) goto end; if (!req) { resp = @@ -572,14 +567,13 @@ int ocsp_main(int argc, char **argv) if (signfile) { if (!keyfile) keyfile = signfile; - signer = load_cert(signfile, FORMAT_PEM, - NULL, NULL, "signer certificate"); + signer = load_cert(signfile, FORMAT_PEM, "signer certificate"); if (!signer) { BIO_printf(bio_err, "Error loading signer certificate\n"); goto end; } if (sign_certfile) { - if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL, + if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, "signer certificates")) goto end; } @@ -702,7 +696,7 @@ int ocsp_main(int argc, char **argv) if (vpmtouched) X509_STORE_set1_param(store, vpm); if (verify_certfile) { - if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL, + if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, "validator certificate")) goto end; } @@ -1078,8 +1072,7 @@ static int urldecode(char *p) return (int)(out - save); } -static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, - const char *port) +static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio) { int len; OCSP_REQUEST *req = NULL; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index e8df4998f7..b4aabb2b86 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -397,7 +397,7 @@ int pkcs12_main(int argc, char **argv) /* Load in all certs in input file */ if (!(options & NOCERTS)) { - if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e, + if (!load_certs(infile, &certs, FORMAT_PEM, NULL, "certificates")) goto export_end; @@ -426,7 +426,7 @@ int pkcs12_main(int argc, char **argv) /* Add any more certificates asked for */ if (certfile) { - if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e, + if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, "certificates from certfile")) goto export_end; } diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 8e1177738e..91ef8d73b4 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -390,7 +390,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, break; case KEY_CERT: - x = load_cert(keyfile, keyform, NULL, e, "Certificate"); + x = load_cert(keyfile, keyform, "Certificate"); if (x) { pkey = X509_get_pubkey(x); X509_free(x); diff --git a/apps/rsautl.c b/apps/rsautl.c index 08e4d5635e..728352cbd4 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -231,7 +231,7 @@ int rsautl_main(int argc, char **argv) break; case KEY_CERT: - x = load_cert(keyfile, keyformat, NULL, e, "Certificate"); + x = load_cert(keyfile, keyformat, "Certificate"); if (x) { pkey = X509_get_pubkey(x); X509_free(x); diff --git a/apps/s_apps.h b/apps/s_apps.h index 435741547a..c000aa13d2 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -149,11 +149,11 @@ typedef fd_mask fd_set; #define PORT "4433" #define PROTOCOL "tcp" +typedef int (*do_server_cb)(int s, int stype, unsigned char *context); int do_server(int *accept_sock, const char *host, const char *port, int family, int type, - int (*cb) (const char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept); + do_server_cb cb, + unsigned char *context, int naccept); #ifdef HEADER_X509_H int verify_callback(int ok, X509_STORE_CTX *ctx); #endif diff --git a/apps/s_cb.c b/apps/s_cb.c index a463dac4ff..b74d682506 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -972,7 +972,7 @@ int load_excert(SSL_EXCERT **pexc) return 0; } exc->cert = load_cert(exc->certfile, exc->certform, - NULL, NULL, "Server Certificate"); + "Server Certificate"); if (!exc->cert) return 0; if (exc->keyfile) { @@ -986,7 +986,7 @@ int load_excert(SSL_EXCERT **pexc) return 0; if (exc->chainfile) { if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL, - NULL, "Server Chain")) + "Server Chain")) return 0; } } diff --git a/apps/s_client.c b/apps/s_client.c index b533780e28..9889cb0355 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1432,8 +1432,7 @@ int s_client_main(int argc, char **argv) } if (cert_file) { - cert = load_cert(cert_file, cert_format, - NULL, e, "client certificate file"); + cert = load_cert(cert_file, cert_format, "client certificate file"); if (cert == NULL) { ERR_print_errors(bio_err); goto end; @@ -1441,7 +1440,7 @@ int s_client_main(int argc, char **argv) } if (chain_file) { - if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e, + if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, "client certificate chain")) goto end; } diff --git a/apps/s_server.c b/apps/s_server.c index 3c5b4222ef..074c7634c7 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -191,12 +191,9 @@ typedef unsigned int u_int; #endif static int not_resumable_sess_cb(SSL *s, int is_forward_secure); -static int sv_body(const char *hostname, int s, int stype, - unsigned char *context); -static int www_body(const char *hostname, int s, int stype, - unsigned char *context); -static int rev_body(const char *hostname, int s, int stype, - unsigned char *context); +static int sv_body(int s, int stype, unsigned char *context); +static int www_body(int s, int stype, unsigned char *context); +static int rev_body(int s, int stype, unsigned char *context); static void close_accept_socket(void); static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp, SSL_CTX *ctx); @@ -1027,8 +1024,7 @@ int s_server_main(int argc, char *argv[]) #ifdef AF_UNIX int unlink_unix_path = 0; #endif - int (*server_cb) (const char *hostname, int s, int stype, - unsigned char *context); + do_server_cb server_cb; int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0; #ifndef OPENSSL_NO_DH int no_dhe = 0; @@ -1557,14 +1553,14 @@ int s_server_main(int argc, char *argv[]) } s_cert = load_cert(s_cert_file, s_cert_format, - NULL, e, "server certificate file"); + "server certificate file"); if (!s_cert) { ERR_print_errors(bio_err); goto end; } if (s_chain_file) { - if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e, + if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, "server certificate chain")) goto end; } @@ -1578,7 +1574,7 @@ int s_server_main(int argc, char *argv[]) } s_cert2 = load_cert(s_cert_file2, s_cert_format, - NULL, e, "second server certificate file"); + "second server certificate file"); if (!s_cert2) { ERR_print_errors(bio_err); @@ -1636,14 +1632,14 @@ int s_server_main(int argc, char *argv[]) } s_dcert = load_cert(s_dcert_file, s_dcert_format, - NULL, e, "second server certificate file"); + "second server certificate file"); if (!s_dcert) { ERR_print_errors(bio_err); goto end; } if (s_dchain_file) { - if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e, + if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, "second server certificate chain")) goto end; } @@ -2054,8 +2050,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) SSL_CTX_sess_get_cache_size(ssl_ctx)); } -static int sv_body(const char *hostname, int s, int stype, - unsigned char *context) +static int sv_body(int s, int stype, unsigned char *context) { char *buf = NULL; fd_set readfds; @@ -2644,8 +2639,7 @@ static DH *load_dh_param(const char *dhfile) } #endif -static int www_body(const char *hostname, int s, int stype, - unsigned char *context) +static int www_body(int s, int stype, unsigned char *context) { char *buf = NULL; int ret = 1; @@ -3032,8 +3026,7 @@ static int www_body(const char *hostname, int s, int stype, return (ret); } -static int rev_body(const char *hostname, int s, int stype, - unsigned char *context) +static int rev_body(int s, int stype, unsigned char *context) { char *buf = NULL; int i; diff --git a/apps/s_socket.c b/apps/s_socket.c index 6d781f481d..5d66ab993a 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -221,10 +221,8 @@ int init_client(int *sock, const char *host, const char *port, * 0 on failure, something other on success. */ int do_server(int *accept_sock, const char *host, const char *port, - int family, int type, - int (*cb) (const char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept) + int family, int type, do_server_cb cb, + unsigned char *context, int naccept) { int asock = 0; int sock; @@ -258,50 +256,26 @@ int do_server(int *accept_sock, const char *host, const char *port, } BIO_ADDRINFO_free(res); + res = NULL; - if (accept_sock != NULL) { + if (accept_sock != NULL) *accept_sock = asock; - } for (;;) { - BIO_ADDR *accepted_addr = NULL; - char *name = NULL; if (type == SOCK_STREAM) { - if ((accepted_addr = BIO_ADDR_new()) == NULL) { - BIO_closesocket(asock); - return 0; - } - redoit: - sock = BIO_accept_ex(asock, accepted_addr, 0); + do { + sock = BIO_accept_ex(asock, NULL, 0); + } while (sock < 0 && BIO_sock_should_retry(ret)); if (sock < 0) { - if (BIO_sock_should_retry(ret)) { - goto redoit; - } else { - ERR_print_errors(bio_err); - BIO_ADDR_free(accepted_addr); - SHUTDOWN(asock); - break; - } + ERR_print_errors(bio_err); + SHUTDOWN(asock); + break; } + i = (*cb)(sock, type, context); + SHUTDOWN2(sock); } else { - sock = asock; + i = (*cb)(asock, type, context); } - /* accepted_addr is NULL if we're dealing with SOCK_DGRAM - * this means that for SOCK_DGRAM, name will be NULL - */ - if (accepted_addr != NULL) { -#ifdef AF_UNIX - if (family == AF_UNIX) - name = BIO_ADDR_path_string(accepted_addr); - else -#endif - name = BIO_ADDR_hostname_string(accepted_addr, 0); - } - i = (*cb) (name, sock, type, context); - OPENSSL_free(name); - BIO_ADDR_free(accepted_addr); - if (type == SOCK_STREAM) - SHUTDOWN2(sock); if (naccept != -1) naccept--; if (i < 0 || naccept == 0) { diff --git a/apps/smime.c b/apps/smime.c index 024e83b1d2..60daeb408d 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -458,7 +458,7 @@ int smime_main(int argc, char **argv) goto end; while (*argv) { cert = load_cert(*argv, FORMAT_PEM, - NULL, e, "recipient certificate file"); + "recipient certificate file"); if (cert == NULL) goto end; sk_X509_push(encerts, cert); @@ -468,7 +468,7 @@ int smime_main(int argc, char **argv) } if (certfile) { - if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e, + if (!load_certs(certfile, &other, FORMAT_PEM, NULL, "certificate file")) { ERR_print_errors(bio_err); goto end; @@ -476,8 +476,8 @@ int smime_main(int argc, char **argv) } if (recipfile && (operation == SMIME_DECRYPT)) { - if ((recip = load_cert(recipfile, FORMAT_PEM, NULL, - e, "recipient certificate file")) == NULL) { + if ((recip = load_cert(recipfile, FORMAT_PEM, + "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } @@ -572,8 +572,8 @@ int smime_main(int argc, char **argv) for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { signerfile = sk_OPENSSL_STRING_value(sksigners, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(signerfile, FORMAT_PEM, NULL, - e, "signer certificate"); + signer = load_cert(signerfile, FORMAT_PEM, + "signer certificate"); if (!signer) goto end; key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); diff --git a/apps/speed.c b/apps/speed.c index a0decd7031..64faef5c6c 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1781,7 +1781,7 @@ int speed_main(int argc, char **argv) /* DSA_generate_key(dsa_key[j]); */ /* DSA_sign_setup(dsa_key[j],NULL); */ - st = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]); + st = DSA_sign(0, buf, 20, buf2, &kk, dsa_key[j]); if (st == 0) { BIO_printf(bio_err, "DSA sign failure. No DSA sign will be done.\n"); @@ -1792,7 +1792,7 @@ int speed_main(int argc, char **argv) dsa_c[j][0], dsa_bits[j], DSA_SECONDS); Time_F(START); for (count = 0, run = 1; COND(dsa_c[j][0]); count++) { - st = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]); + st = DSA_sign(0, buf, 20, buf2, &kk, dsa_key[j]); if (st == 0) { BIO_printf(bio_err, "DSA sign failure\n"); ERR_print_errors(bio_err); @@ -1809,7 +1809,7 @@ int speed_main(int argc, char **argv) rsa_count = count; } - st = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]); + st = DSA_verify(0, buf, 20, buf2, kk, dsa_key[j]); if (st <= 0) { BIO_printf(bio_err, "DSA verify failure. No DSA verify will be done.\n"); @@ -1820,7 +1820,7 @@ int speed_main(int argc, char **argv) dsa_c[j][1], dsa_bits[j], DSA_SECONDS); Time_F(START); for (count = 0, run = 1; COND(dsa_c[j][1]); count++) { - st = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]); + st = DSA_verify(0, buf, 20, buf2, kk, dsa_key[j]); if (st <= 0) { BIO_printf(bio_err, "DSA verify failure\n"); ERR_print_errors(bio_err); diff --git a/apps/verify.c b/apps/verify.c index 158504464b..58a48c7f63 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -68,7 +68,7 @@ static int cb(int ok, X509_STORE_CTX *ctx); static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain); + STACK_OF(X509_CRL) *crls, int show_chain); static int v_verbose = 0, vflags = 0; typedef enum OPTION_choice { @@ -108,7 +108,6 @@ OPTIONS verify_options[] = { int verify_main(int argc, char **argv) { - ENGINE *e = NULL; STACK_OF(X509) *untrusted = NULL, *trusted = NULL; STACK_OF(X509_CRL) *crls = NULL; X509_STORE *store = NULL; @@ -167,7 +166,7 @@ int verify_main(int argc, char **argv) break; case OPT_UNTRUSTED: /* Zero or more times */ - if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL, e, + if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL, "untrusted certificates")) goto end; break; @@ -175,26 +174,28 @@ int verify_main(int argc, char **argv) /* Zero or more times */ noCAfile = 1; noCApath = 1; - if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL, e, + if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL, "trusted certificates")) goto end; break; case OPT_CRLFILE: /* Zero or more times */ - if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL, e, + if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL, "other CRLs")) goto end; break; case OPT_CRL_DOWNLOAD: crl_download = 1; break; + case OPT_ENGINE: + if (setup_engine(opt_arg(), 0) == NULL) { + /* Failure message already displayed */ + goto end; + } + break; case OPT_SHOW_CHAIN: show_chain = 1; break; - case OPT_ENGINE: - /* Specify *before* -trusted/-untrusted/-CRLfile */ - e = setup_engine(opt_arg(), 0); - break; case OPT_VERBOSE: v_verbose = 1; break; @@ -223,11 +224,11 @@ int verify_main(int argc, char **argv) ret = 0; if (argc < 1) { - if (check(store, NULL, untrusted, trusted, crls, e, show_chain) != 1) + if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1) ret = -1; } else { for (i = 0; i < argc; i++) - if (check(store, argv[i], untrusted, trusted, crls, e, + if (check(store, argv[i], untrusted, trusted, crls, show_chain) != 1) ret = -1; } @@ -243,7 +244,7 @@ int verify_main(int argc, char **argv) static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain) + STACK_OF(X509_CRL) *crls, int show_chain) { X509 *x = NULL; int i = 0, ret = 0; @@ -251,7 +252,7 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *chain = NULL; int num_untrusted; - x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file"); + x = load_cert(file, FORMAT_PEM, "certificate file"); if (x == NULL) goto end; diff --git a/apps/x509.c b/apps/x509.c index 2b9cb25a8e..66dd2ff77e 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -612,12 +612,12 @@ int x509_main(int argc, char **argv) EVP_PKEY_free(pkey); } } else - x = load_cert(infile, informat, NULL, e, "Certificate"); + x = load_cert(infile, informat, "Certificate"); if (x == NULL) goto end; if (CA_flag) { - xca = load_cert(CAfile, CAformat, NULL, e, "CA Certificate"); + xca = load_cert(CAfile, CAformat, "CA Certificate"); if (xca == NULL) goto end; } diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 10570ca576..f6bd2189cf 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -402,8 +402,7 @@ static int asn1_print_fsname(BIO *out, int indent, return 1; } -static int asn1_print_boolean_ctx(BIO *out, int boolval, - const ASN1_PCTX *pctx) +static int asn1_print_boolean(BIO *out, int boolval) { const char *str; switch (boolval) { @@ -427,8 +426,7 @@ static int asn1_print_boolean_ctx(BIO *out, int boolval, } -static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str, - const ASN1_PCTX *pctx) +static int asn1_print_integer(BIO *out, ASN1_INTEGER *str) { char *s; int ret = 1; @@ -439,8 +437,7 @@ static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str, return ret; } -static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, - const ASN1_PCTX *pctx) +static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid) { char objbuf[80]; const char *ln; @@ -453,8 +450,7 @@ static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, return 1; } -static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent, - const ASN1_PCTX *pctx) +static int asn1_print_obstring(BIO *out, ASN1_STRING *str, int indent) { if (str->type == V_ASN1_BIT_STRING) { if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0) @@ -523,13 +519,13 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, int boolval = *(int *)fld; if (boolval == -1) boolval = it->size; - ret = asn1_print_boolean_ctx(out, boolval, pctx); + ret = asn1_print_boolean(out, boolval); } break; case V_ASN1_INTEGER: case V_ASN1_ENUMERATED: - ret = asn1_print_integer_ctx(out, str, pctx); + ret = asn1_print_integer(out, str); break; case V_ASN1_UTCTIME: @@ -541,12 +537,12 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, break; case V_ASN1_OBJECT: - ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx); + ret = asn1_print_oid(out, (const ASN1_OBJECT *)*fld); break; case V_ASN1_OCTET_STRING: case V_ASN1_BIT_STRING: - ret = asn1_print_obstring_ctx(out, str, indent, pctx); + ret = asn1_print_obstring(out, str, indent); needlf = 0; break; diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 621667bdb9..e84b7e7e5f 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -271,8 +271,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509_STORE *store, STACK_OF(X509) *certs, - STACK_OF(X509_CRL) *crls, - unsigned int flags) + STACK_OF(X509_CRL) *crls) { X509_STORE_CTX ctx; X509 *signer; @@ -353,8 +352,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, crls = CMS_get1_crls(cms); for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); - if (!cms_signerinfo_verify_cert(si, store, - cms_certs, crls, flags)) + if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls)) goto err; } } diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 9f02c77402..d78396bbdf 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -113,8 +113,7 @@ static CONF_MODULE *module_add(DSO *dso, const char *name, static CONF_MODULE *module_find(char *name); static int module_init(CONF_MODULE *pmod, char *name, char *value, const CONF *cnf); -static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, - unsigned long flags); +static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value); /* Main function: load modules from a CONF structure */ @@ -204,7 +203,7 @@ static int module_run(const CONF *cnf, char *name, char *value, /* Module not found: try to load DSO */ if (!md && !(flags & CONF_MFLAGS_NO_DSO)) - md = module_load_dso(cnf, name, value, flags); + md = module_load_dso(cnf, name, value); if (!md) { if (!(flags & CONF_MFLAGS_SILENT)) { @@ -230,8 +229,7 @@ static int module_run(const CONF *cnf, char *name, char *value, } /* Load a module from a DSO */ -static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, - unsigned long flags) +static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value) { DSO *dso = NULL; conf_init_func *ifunc; diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index fbb0613239..d644c86531 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -297,15 +297,6 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) return 0; } -static void update_buflen(const BIGNUM *b, size_t *pbuflen) -{ - size_t i; - if (!b) - return; - if (*pbuflen < (i = (size_t)BN_num_bytes(b))) - *pbuflen = i; -} - static int dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { @@ -324,15 +315,10 @@ static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) return i2d_dhp(pkey, pkey->pkey.dh, pder); } -static int do_dh_print(BIO *bp, const DH *x, int indent, - ASN1_PCTX *ctx, int ptype) +static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) { - unsigned char *m = NULL; int reason = ERR_R_BUF_LIB; - size_t buf_len = 0; - const char *ktype = NULL; - BIGNUM *priv_key, *pub_key; if (ptype == 2) @@ -345,20 +331,11 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, else pub_key = NULL; - update_buflen(x->p, &buf_len); - - if (buf_len == 0) { + if (priv_key == NULL && pub_key == NULL) { reason = ERR_R_PASSED_NULL_PARAMETER; goto err; } - update_buflen(x->g, &buf_len); - update_buflen(x->q, &buf_len); - update_buflen(x->j, &buf_len); - update_buflen(x->counter, &buf_len); - update_buflen(pub_key, &buf_len); - update_buflen(priv_key, &buf_len); - if (ptype == 2) ktype = "DH Private-Key"; else if (ptype == 1) @@ -366,29 +343,23 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, else ktype = "DH Parameters"; - m = OPENSSL_malloc(buf_len + 10); - if (m == NULL) { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - BIO_indent(bp, indent, 128); if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) goto err; indent += 4; - if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent)) + if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent)) goto err; - if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent)) + if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent)) goto err; - if (!ASN1_bn_print(bp, "prime:", x->p, m, indent)) + if (!ASN1_bn_print(bp, "prime:", x->p, NULL, indent)) goto err; - if (!ASN1_bn_print(bp, "generator:", x->g, m, indent)) + if (!ASN1_bn_print(bp, "generator:", x->g, NULL, indent)) goto err; - if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, m, indent)) + if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, NULL, indent)) goto err; - if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, m, indent)) + if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, NULL, indent)) goto err; if (x->seed) { int i; @@ -407,7 +378,7 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, if (BIO_write(bp, "\n", 1) <= 0) return (0); } - if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, m, indent)) + if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent)) goto err; if (x->length != 0) { BIO_indent(bp, indent, 128); @@ -416,12 +387,10 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, goto err; } - OPENSSL_free(m); return 1; err: DHerr(DH_F_DO_DH_PRINT, reason); - OPENSSL_free(m); return 0; } @@ -537,24 +506,24 @@ static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { - return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); + return do_dh_print(bp, pkey->pkey.dh, indent, 0); } static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { - return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); + return do_dh_print(bp, pkey->pkey.dh, indent, 1); } static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { - return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); + return do_dh_print(bp, pkey->pkey.dh, indent, 2); } int DHparams_print(BIO *bp, const DH *x) { - return do_dh_print(bp, x, 4, NULL, 0); + return do_dh_print(bp, x, 4, 0); } #ifndef OPENSSL_NO_CMS diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 5c45078e0c..e046fe79d3 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -372,22 +372,10 @@ static void int_dsa_free(EVP_PKEY *pkey) DSA_free(pkey->pkey.dsa); } -static void update_buflen(const BIGNUM *b, size_t *pbuflen) -{ - size_t i; - if (!b) - return; - if (*pbuflen < (i = (size_t)BN_num_bytes(b))) - *pbuflen = i; -} - static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) { - unsigned char *m = NULL; int ret = 0; - size_t buf_len = 0; const char *ktype = NULL; - const BIGNUM *priv_key, *pub_key; if (ptype == 2) @@ -407,18 +395,6 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) else ktype = "DSA-Parameters"; - update_buflen(x->p, &buf_len); - update_buflen(x->q, &buf_len); - update_buflen(x->g, &buf_len); - update_buflen(priv_key, &buf_len); - update_buflen(pub_key, &buf_len); - - m = OPENSSL_malloc(buf_len + 10); - if (m == NULL) { - DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE); - goto err; - } - if (priv_key) { if (!BIO_indent(bp, off, 128)) goto err; @@ -427,19 +403,18 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) goto err; } - if (!ASN1_bn_print(bp, "priv:", priv_key, m, off)) + if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off)) + if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "P: ", x->p, m, off)) + if (!ASN1_bn_print(bp, "P: ", x->p, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "Q: ", x->q, m, off)) + if (!ASN1_bn_print(bp, "Q: ", x->q, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "G: ", x->g, m, off)) + if (!ASN1_bn_print(bp, "G: ", x->g, NULL, off)) goto err; ret = 1; err: - OPENSSL_free(m); return (ret); } @@ -502,6 +477,7 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, { DSA_SIG *dsa_sig; const unsigned char *p; + if (!sig) { if (BIO_puts(bp, "\n") <= 0) return 0; @@ -512,26 +488,16 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); if (dsa_sig) { int rv = 0; - size_t buf_len = 0; - unsigned char *m = NULL; - update_buflen(dsa_sig->r, &buf_len); - update_buflen(dsa_sig->s, &buf_len); - m = OPENSSL_malloc(buf_len + 10); - if (m == NULL) { - DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE); - goto err; - } if (BIO_write(bp, "\n", 1) != 1) goto err; - if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent)) + if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, NULL, indent)) goto err; - if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent)) + if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, NULL, indent)) goto err; rv = 1; err: - OPENSSL_free(m); DSA_SIG_free(dsa_sig); return rv; } diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 1110e01b39..8eca37fd0a 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -120,7 +120,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen) { - int ret, type; + int ret; unsigned int sltmp; DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; @@ -128,14 +128,12 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, if (dctx->md) { if (tbslen != (size_t)EVP_MD_size(dctx->md)) return 0; - type = EVP_MD_type(dctx->md); } else { if (tbslen != SHA_DIGEST_LENGTH) return 0; - type = NID_sha1; } - ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa); + ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa); if (ret <= 0) return ret; @@ -147,21 +145,19 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) { - int ret, type; + int ret; DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; if (dctx->md) { if (tbslen != (size_t)EVP_MD_size(dctx->md)) return 0; - type = EVP_MD_type(dctx->md); } else { if (tbslen != SHA_DIGEST_LENGTH) return 0; - type = NID_sha1; } - ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); + ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); return ret; } diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index beb3fc20b8..15a179fbc6 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -118,7 +118,7 @@ int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, group = EC_KEY_get0_group(ecdh); if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) { - if (!EC_GROUP_get_cofactor(group, x, ctx) || + if (!EC_GROUP_get_cofactor(group, x, NULL) || !BN_mul(x, x, priv_key, ctx)) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index fa4cf6aefc..eacdb9ed72 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -142,8 +142,6 @@ static int print_bin(BIO *fp, const char *str, const unsigned char *num, int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) { - unsigned char *buffer = NULL; - size_t buf_len = 0, i; int ret = 0, reason = ERR_R_BIO_LIB; BN_CTX *ctx = NULL; const EC_POINT *point = NULL; @@ -236,27 +234,9 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) goto err; } - buf_len = (size_t)BN_num_bytes(p); - if (buf_len < (i = (size_t)BN_num_bytes(a))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(b))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(gen))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(order))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) - buf_len = i; - if ((seed = EC_GROUP_get0_seed(x)) != NULL) seed_len = EC_GROUP_get_seed_len(x); - buf_len += 10; - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - if (!BIO_indent(bp, off, 128)) goto err; @@ -279,36 +259,36 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) goto err; /* print the polynomial */ - if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer, + if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, NULL, off)) goto err; } else { - if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer, off)) + if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, NULL, off)) goto err; } - if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, buffer, off)) + if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, NULL, off)) goto err; - if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, buffer, off)) + if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, NULL, off)) goto err; if (form == POINT_CONVERSION_COMPRESSED) { if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen, - buffer, off)) + NULL, off)) goto err; } else if (form == POINT_CONVERSION_UNCOMPRESSED) { if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen, - buffer, off)) + NULL, off)) goto err; } else { /* form == POINT_CONVERSION_HYBRID */ if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen, - buffer, off)) + NULL, off)) goto err; } if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, - buffer, off)) + NULL, off)) goto err; if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, - buffer, off)) + NULL, off)) goto err; if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) goto err; @@ -322,7 +302,6 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) BN_free(b); BN_free(gen); BN_CTX_free(ctx); - OPENSSL_free(buffer); return (ret); } diff --git a/crypto/mem.c b/crypto/mem.c index 46f00176ab..f4da4fad67 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -136,8 +136,7 @@ void *CRYPTO_malloc(size_t num, const char *file, int line) ret = malloc(num); } #else - (void)file; - (void)line; + osslargused(file); osslargused(line); ret = malloc(num); #endif @@ -188,8 +187,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) return ret; } #else - (void)file; - (void)line; + osslargused(file); osslargused(line); #endif return realloc(str, num); @@ -215,7 +213,6 @@ void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num, } ret = CRYPTO_malloc(num, file, line); - if (ret) memcpy(ret, str, old_len); CRYPTO_clear_free(str, old_len, file, line); diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index fdda487efc..7e41765b30 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -307,7 +307,7 @@ static void sh_add_to_list(char **list, char *ptr) *list = ptr; } -static void sh_remove_from_list(char *ptr, char *list) +static void sh_remove_from_list(char *ptr) { SH_LIST *temp, *temp2; @@ -484,7 +484,7 @@ static char *sh_malloc(size_t size) /* remove from bigger list */ OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); sh_clearbit(temp, slist, sh.bittable); - sh_remove_from_list(temp, sh.freelist[slist]); + sh_remove_from_list(temp); OPENSSL_assert(temp != sh.freelist[slist]); /* done with bigger list */ @@ -510,7 +510,7 @@ static char *sh_malloc(size_t size) chunk = sh.freelist[list]; OPENSSL_assert(sh_testbit(chunk, list, sh.bittable)); sh_setbit(chunk, list, sh.bitmalloc); - sh_remove_from_list(chunk, sh.freelist[list]); + sh_remove_from_list(chunk); OPENSSL_assert(WITHIN_ARENA(chunk)); @@ -539,10 +539,10 @@ static void sh_free(char *ptr) OPENSSL_assert(ptr != NULL); OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); sh_clearbit(ptr, list, sh.bittable); - sh_remove_from_list(ptr, sh.freelist[list]); + sh_remove_from_list(ptr); OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); sh_clearbit(buddy, list, sh.bittable); - sh_remove_from_list(buddy, sh.freelist[list]); + sh_remove_from_list(buddy); list--; diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index ff006cb892..8ac3d820ad 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -76,9 +76,9 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm); BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); - i2a_ASN1_STRING(bp, &a->issuerNameHash, V_ASN1_OCTET_STRING); + i2a_ASN1_STRING(bp, &a->issuerNameHash, 0); BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); - i2a_ASN1_STRING(bp, &a->issuerKeyHash, V_ASN1_OCTET_STRING); + i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0); BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); i2a_ASN1_INTEGER(bp, &a->serialNumber); BIO_printf(bp, "\n"); @@ -227,7 +227,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); break; case V_OCSP_RESPID_KEY: - i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); + i2a_ASN1_STRING(bp, rid->value.byKey, 0); break; } diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index fa4fde543f..356c79768f 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -62,19 +62,17 @@ #include static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, - STACK_OF(X509) *certs, X509_STORE *st, - unsigned long flags); + STACK_OF(X509) *certs, unsigned long flags); static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); -static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, - unsigned long flags); +static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain); static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp); -static int ocsp_check_delegated(X509 *x, int flags); +static int ocsp_check_delegated(X509 *x); static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags); + unsigned long flags); /* Verify a basic response message */ @@ -85,8 +83,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, STACK_OF(X509) *chain = NULL; STACK_OF(X509) *untrusted = NULL; X509_STORE_CTX ctx; - int i, ret = 0; - ret = ocsp_find_signer(&signer, bs, certs, st, flags); + int i, ret = ocsp_find_signer(&signer, bs, certs, flags); + if (!ret) { OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); @@ -146,7 +144,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, * At this point we have a valid certificate chain need to verify it * against the OCSP issuer criteria. */ - ret = ocsp_check_issuer(bs, chain, flags); + ret = ocsp_check_issuer(bs, chain); /* If fatal error or valid match then finish */ if (ret != 0) @@ -175,8 +173,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, - STACK_OF(X509) *certs, X509_STORE *st, - unsigned long flags) + STACK_OF(X509) *certs, unsigned long flags) { X509 *signer; OCSP_RESPID *rid = &bs->tbsResponseData.responderId; @@ -221,8 +218,7 @@ static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) return NULL; } -static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, - unsigned long flags) +static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain) { STACK_OF(OCSP_SINGLERESP) *sresp; X509 *signer, *sca; @@ -251,7 +247,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, return i; if (i) { /* We have a match, if extensions OK then success */ - if (ocsp_check_delegated(signer, flags)) + if (ocsp_check_delegated(signer)) return 1; return 0; } @@ -350,7 +346,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, } -static int ocsp_check_delegated(X509 *x, int flags) +static int ocsp_check_delegated(X509 *x) { if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE) && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN)) @@ -384,7 +380,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, return 0; } nm = gen->d.directoryName; - ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); + ret = ocsp_req_find_signer(&signer, req, nm, certs, flags); if (ret <= 0) { OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); @@ -431,7 +427,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags) + unsigned long flags) { X509 *signer; if (!(flags & OCSP_NOINTERN)) { diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 736eb27b69..2cd79036a6 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -120,9 +120,9 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) /* Salt length for PVK files */ # define PVK_SALTLEN 0x10 -static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, +static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int bitlen, int ispub); -static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, +static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int bitlen, int ispub); static int do_blob_header(const unsigned char **in, unsigned int length, @@ -235,9 +235,9 @@ static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length, return NULL; } if (isdss) - return b2i_dss(&p, length, bitlen, ispub); + return b2i_dss(&p, bitlen, ispub); else - return b2i_rsa(&p, length, bitlen, ispub); + return b2i_rsa(&p, bitlen, ispub); } static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) @@ -268,16 +268,16 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) } if (isdss) - ret = b2i_dss(&p, length, bitlen, ispub); + ret = b2i_dss(&p, bitlen, ispub); else - ret = b2i_rsa(&p, length, bitlen, ispub); + ret = b2i_rsa(&p, bitlen, ispub); err: OPENSSL_free(buf); return ret; } -static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, +static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int bitlen, int ispub) { const unsigned char *p = *in; @@ -327,7 +327,7 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, return NULL; } -static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, +static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int bitlen, int ispub) { const unsigned char *p = *in; diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 959aa23d1f..15f2194bf1 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -181,40 +181,11 @@ static void int_rsa_free(EVP_PKEY *pkey) RSA_free(pkey->pkey.rsa); } -static void update_buflen(const BIGNUM *b, size_t *pbuflen) -{ - size_t i; - if (!b) - return; - if (*pbuflen < (i = (size_t)BN_num_bytes(b))) - *pbuflen = i; -} - static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) { char *str; const char *s; - unsigned char *m = NULL; int ret = 0, mod_len = 0; - size_t buf_len = 0; - - update_buflen(x->n, &buf_len); - update_buflen(x->e, &buf_len); - - if (priv) { - update_buflen(x->d, &buf_len); - update_buflen(x->p, &buf_len); - update_buflen(x->q, &buf_len); - update_buflen(x->dmp1, &buf_len); - update_buflen(x->dmq1, &buf_len); - update_buflen(x->iqmp, &buf_len); - } - - m = OPENSSL_malloc(buf_len + 10); - if (m == NULL) { - RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE); - goto err; - } if (x->n != NULL) mod_len = BN_num_bits(x->n); @@ -223,39 +194,36 @@ static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) goto err; if (priv && x->d) { - if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) - <= 0) + if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0) goto err; str = "modulus:"; s = "publicExponent:"; } else { - if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) - <= 0) + if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) goto err; str = "Modulus:"; s = "Exponent:"; } - if (!ASN1_bn_print(bp, str, x->n, m, off)) + if (!ASN1_bn_print(bp, str, x->n, NULL, off)) goto err; - if (!ASN1_bn_print(bp, s, x->e, m, off)) + if (!ASN1_bn_print(bp, s, x->e, NULL, off)) goto err; if (priv) { - if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off)) + if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) + if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) + if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) + if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) + if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) + if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off)) goto err; } ret = 1; err: - OPENSSL_free(m); return (ret); } diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 3362f99895..93c8756068 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -174,7 +174,7 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, unsigned int sltmp; if (rctx->pad_mode != RSA_PKCS1_PADDING) return -1; - ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, + ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, tbslen, sig, &sltmp, rsa); if (ret <= 0) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 24bb157636..29a375d4ed 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -636,7 +636,7 @@ typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len, /* Skip pattern prefix to match "wildcard" subject */ static void skip_prefix(const unsigned char **p, size_t *plen, - const unsigned char *subject, size_t subject_len, + size_t subject_len, unsigned int flags) { const unsigned char *pattern = *p; @@ -671,7 +671,7 @@ static int equal_nocase(const unsigned char *pattern, size_t pattern_len, const unsigned char *subject, size_t subject_len, unsigned int flags) { - skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); + skip_prefix(&pattern, &pattern_len, subject_len, flags); if (pattern_len != subject_len) return 0; while (pattern_len) { @@ -700,7 +700,7 @@ static int equal_case(const unsigned char *pattern, size_t pattern_len, const unsigned char *subject, size_t subject_len, unsigned int flags) { - skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); + skip_prefix(&pattern, &pattern_len, subject_len, flags); if (pattern_len != subject_len) return 0; return !memcmp(pattern, subject, pattern_len); diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index ac17a331df..851bb7795c 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -97,8 +97,6 @@ because it doesn't add any security. The B should contain one or more CRLs in PEM format. This option can be specified more than once to include CRLs from multiple B. -If you want to enable an B via the B<-engine> option, that option has -to be specified before this one. =item B<-crl_download> @@ -206,8 +204,6 @@ to constuct a certificate chain from the subject certificate to a trust-anchor. The B should contain one or more certificates in PEM format. This option can be specified more than once to include untrusted certiificates from multiple B. -If you want to enable an B via the B<-engine> option, that option has -to be specified before this one. =item B<-trusted file> @@ -222,8 +218,6 @@ from multiple B. This option implies the B<-no-CAfile> and B<-no-CApath> options. This option cannot be used in combination with either of the B<-CAfile> or B<-CApath> options. -If you want to enable an B via the B<-engine> option, that option has -to be specified before this one. =item B<-use_deltas> diff --git a/e_os.h b/e_os.h index 0701a78d5c..3a4ba6dd18 100644 --- a/e_os.h +++ b/e_os.h @@ -93,6 +93,8 @@ extern "C" { # define REF_PRINT_COUNT(a, b) # endif +# define osslargused(x) (void)x + # ifndef DEVRANDOM /* * set this to a comma-separated list of 'random' device files to try out. My diff --git a/include/openssl/ec.h b/include/openssl/ec.h index e39704b355..8530c569a4 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -252,7 +252,7 @@ BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); /** Gets the order of a EC_GROUP * \param group EC_GROUP object * \param order BIGNUM to which the order is copied - * \param ctx BN_CTX object (optional) + * \param ctx unused * \return 1 on success and 0 if an error occurred */ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); @@ -274,7 +274,7 @@ int EC_GROUP_order_bits(const EC_GROUP *group); /** Gets the cofactor of a EC_GROUP * \param group EC_GROUP object * \param cofactor BIGNUM to which the cofactor is copied - * \param ctx BN_CTX object (optional) + * \param ctx unused * \return 1 on success and 0 if an error occurred */ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 8b3e941570..d9c4ec6503 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -890,8 +890,7 @@ end: static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) { - unsigned char *p = (unsigned char *)s->init_buf->data; - dtls1_set_message_header(s, p, htype, len, 0, len); + dtls1_set_message_header(s, htype, len, 0, len); s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH; s->init_off = 0; /* Buffer the message to handle re-xmits */ diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 49e8f462f4..a1b0e9e7db 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -231,7 +231,7 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq) } static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len, int peek); + int len); /* copy buffered record into SSL structure */ static int dtls1_copy_record(SSL *s, pitem *item) @@ -424,7 +424,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* * check whether there's a handshake message (client hello?) waiting */ - if ((ret = have_handshake_fragment(s, type, buf, len, peek))) + if ((ret = have_handshake_fragment(s, type, buf, len))) return ret; /* @@ -986,7 +986,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * is started. */ static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len, int peek) + int len) { if ((type == SSL3_RT_HANDSHAKE) diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h index 2a4b663307..333d3c947d 100644 --- a/ssl/record/record_locl.h +++ b/ssl/record/record_locl.h @@ -198,8 +198,7 @@ __owur int ssl3_do_compress(SSL *ssl); __owur int ssl3_do_uncompress(SSL *ssl); void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec, unsigned md_size); -__owur int ssl3_cbc_remove_padding(const SSL *s, - SSL3_RECORD *rec, +__owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec, unsigned block_size, unsigned mac_size); __owur int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 5eb152eeb5..7f89cc0a1c 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -631,7 +631,7 @@ int ssl3_enc(SSL *s, int send) if (EVP_MD_CTX_md(s->read_hash) != NULL) mac_size = EVP_MD_CTX_size(s->read_hash); if ((bs != 1) && !send) - return ssl3_cbc_remove_padding(s, rec, bs, mac_size); + return ssl3_cbc_remove_padding(rec, bs, mac_size); } return (1); } @@ -1018,8 +1018,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) * 1: if the padding was valid * -1: otherwise. */ -int ssl3_cbc_remove_padding(const SSL *s, - SSL3_RECORD *rec, +int ssl3_cbc_remove_padding(SSL3_RECORD *rec, unsigned block_size, unsigned mac_size) { unsigned padding_length, good; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 30c868f655..fbca4f9b35 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1919,7 +1919,7 @@ __owur int ssl_choose_client_version(SSL *s, int version); __owur long tls1_default_timeout(void); __owur int dtls1_do_write(SSL *s, int type); void dtls1_set_message_header(SSL *s, - unsigned char *p, unsigned char mt, + unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len); @@ -1928,8 +1928,7 @@ __owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len __owur int dtls1_read_failed(SSL *s, int code); __owur int dtls1_buffer_message(SSL *s, int ccs); -__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, - unsigned long frag_off, int *found); +__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found); __owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs); int dtls1_retransmit_buffered_messages(SSL *s); void dtls1_clear_record_buffer(SSL *s); diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 09f5df1ec7..a3090ef490 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -1078,7 +1078,7 @@ int dtls1_retransmit_buffered_messages(SSL *s) if (dtls1_retransmit_message(s, (unsigned short) dtls1_get_queue_priority (frag->msg_header.seq, - frag->msg_header.is_ccs), 0, + frag->msg_header.is_ccs), &found) <= 0 && found) { fprintf(stderr, "dtls1_retransmit_message() failed\n"); return -1; @@ -1152,8 +1152,7 @@ int dtls1_buffer_message(SSL *s, int is_ccs) } int -dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, - int *found) +dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) { int ret; /* XDTLS: for now assuming that read/writes are blocking */ @@ -1242,10 +1241,10 @@ void dtls1_clear_record_buffer(SSL *s) } } -void dtls1_set_message_header(SSL *s, unsigned char *p, - unsigned char mt, unsigned long len, - unsigned long frag_off, - unsigned long frag_len) +void dtls1_set_message_header(SSL *s, + unsigned char mt, unsigned long len, + unsigned long frag_off, + unsigned long frag_len) { if (frag_off == 0) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 6b372232e1..7e63376f00 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -948,7 +948,7 @@ int dtls_construct_hello_verify_request(SSL *s) len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH], s->d1->cookie, s->d1->cookie_len); - dtls1_set_message_header(s, buf, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0, + dtls1_set_message_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0, len); len += DTLS1_HM_HEADER_LENGTH;