From: Dr. Stephen Henson Date: Tue, 21 Apr 2009 22:20:12 +0000 (+0000) Subject: Some fixes for kerberos builds. X-Git-Tag: OpenSSL_1_0_0-beta3~136 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=21fb688d264f1c87f1a5bc79dec27bd0f05d3766;p=oweals%2Fopenssl.git Some fixes for kerberos builds. --- diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index b2ed383c34..0ad96dc3cd 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -115,6 +115,9 @@ #include #include "ssl_locl.h" +#ifndef OPENSSL_NO_KRB5 +#include "kssl_lcl.h" +#endif #include #include #include @@ -892,7 +895,7 @@ int dtls1_send_client_key_exchange(SSL *s) sizeof tmp_buf); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); outl += padl; - if (outl > sizeof epms) + if (outl > (int)sizeof epms) { SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/kssl.c b/ssl/kssl.c index 73401c92a3..4d507073b8 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -76,6 +76,7 @@ #include #include #include +#include "kssl_lcl.h" #ifndef OPENSSL_NO_KRB5 @@ -131,7 +132,7 @@ #define krb5_principal_compare kssl_krb5_principal_compare #define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part #define krb5_timeofday kssl_krb5_timeofday -#define krb5_rc_default kssl_krb5_rc_default +#define krb5_rc_default kssl_krb5_rc_default #ifdef krb5_rc_initialize #undef krb5_rc_initialize @@ -839,7 +840,7 @@ kssl_map_enc(krb5_enctype enctype) ** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and ** xx and yy are possibly multi-byte length fields. */ -int kssl_test_confound(unsigned char *p) +static int kssl_test_confound(unsigned char *p) { int len = 2; int xx = 0, yy = 0; @@ -874,7 +875,7 @@ int kssl_test_confound(unsigned char *p) ** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 ** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. */ -size_t *populate_cksumlens(void) +static size_t *populate_cksumlens(void) { int i, j, n; static size_t *cklens = NULL; @@ -1025,7 +1026,7 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk) /* Display contents of krb5_principal_data struct, for debugging ** (krb5_principal is typedef'd == krb5_principal_data *) */ -void +static void print_krb5_princ(char *label, krb5_principal_data *princ) { int i, ui, uj; @@ -1224,7 +1225,7 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, ** code here. This tkt should alloc/free just ** like the real thing. */ -krb5_error_code +static krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context, /* IN */ KRB5_TKTBODY *asn1ticket, /* OUT */ krb5_ticket **krb5ticket, @@ -1899,7 +1900,7 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) ** Return pointer to the (partially) filled in struct tm on success, ** return NULL on failure. */ -struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) +static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) { char c, *p; @@ -1925,7 +1926,7 @@ struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) ** So we try to sneek the clockskew out through the replay cache. ** If that fails just return a likely default (300 seconds). */ -krb5_deltat get_rc_clockskew(krb5_context context) +static krb5_deltat get_rc_clockskew(krb5_context context) { krb5_rcache rc; krb5_deltat clockskew; diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h index 4cd8dd2d7f..c039c91b4e 100644 --- a/ssl/kssl_lcl.h +++ b/ssl/kssl_lcl.h @@ -75,7 +75,7 @@ void print_krb5_keyblock(char *label, krb5_keyblock *keyblk); char *kstring(char *string); char *knumber(int len, krb5_octet *contents); -EVP_CIPHER *kssl_map_enc(krb5_enctype enctype); +const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype); int kssl_keytab_is_available(KSSL_CTX *kssl_ctx); int kssl_tgt_is_available(KSSL_CTX *kssl_ctx); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index ceab11eb4a..e0bfd0ceaf 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2034,7 +2034,7 @@ int ssl3_send_client_key_exchange(SSL *s) krb5_data *enc_ticket; krb5_data authenticator, *authp = NULL; EVP_CIPHER_CTX ciph_ctx; - EVP_CIPHER *enc = NULL; + const EVP_CIPHER *enc = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH @@ -2137,7 +2137,7 @@ int ssl3_send_client_key_exchange(SSL *s) sizeof tmp_buf); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); outl += padl; - if (outl > sizeof epms) + if (outl > (int)sizeof epms) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 55b2166d2b..358bae32e9 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2065,7 +2065,7 @@ int ssl3_get_client_key_exchange(SSL *s) krb5_data enc_pms; KSSL_CTX *kssl_ctx = s->kssl_ctx; EVP_CIPHER_CTX ciph_ctx; - EVP_CIPHER *enc = NULL; + const EVP_CIPHER *enc = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_BLOCK_LENGTH];