From d886975835e7e430aeda6ecb1653363b463bc9cf Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sat, 12 Jun 2010 13:18:58 +0000 Subject: [PATCH] Fix gcc 4.6 warnings. Check TLS server hello extension length. --- apps/apps.c | 3 +-- apps/dh.c | 5 +---- apps/dhparam.c | 5 +---- apps/dsaparam.c | 9 ++------- apps/ec.c | 5 +---- apps/ecparam.c | 5 +---- apps/enc.c | 5 +---- apps/gendh.c | 5 +---- apps/gendsa.c | 5 +---- apps/genrsa.c | 5 +---- apps/pkcs7.c | 5 +---- apps/rand.c | 5 +---- apps/s_server.c | 7 +++++-- apps/s_socket.c | 6 ++---- apps/speed.c | 9 +-------- apps/x509.c | 2 -- crypto/asn1/a_int.c | 3 +-- crypto/asn1/n_pkey.c | 3 +-- crypto/asn1/t_crl.c | 3 +-- crypto/asn1/tasn_dec.c | 3 +-- crypto/bio/bf_nbio.c | 2 -- crypto/bio/bio_lib.c | 4 ++-- crypto/bio/bss_acpt.c | 5 ++--- crypto/bn/bn_mul.c | 9 ++------- crypto/conf/conf_def.c | 17 +++++++---------- crypto/dsa/dsa_gen.c | 3 +-- crypto/ecdh/ech_lib.c | 6 ------ crypto/ecdsa/ecs_lib.c | 2 -- crypto/evp/encode.c | 3 +-- crypto/hmac/hmac.c | 3 --- crypto/ocsp/ocsp_prn.c | 2 -- crypto/pem/pem_lib.c | 2 -- crypto/pkcs7/pk7_doit.c | 3 --- crypto/pkcs7/pk7_lib.c | 2 -- crypto/pkcs7/pk7_mime.c | 3 --- crypto/pqueue/pqueue.c | 12 ++---------- crypto/rand/randfile.c | 4 +++- crypto/x509/x509_vfy.c | 5 ----- engines/e_chil.c | 4 ++-- engines/e_cswift.c | 2 -- engines/e_ubsec.c | 2 -- ssl/d1_clnt.c | 3 +-- ssl/d1_enc.c | 6 +----- ssl/d1_pkt.c | 9 ++------- ssl/s23_lib.c | 8 +------- ssl/s2_srvr.c | 2 -- ssl/s3_clnt.c | 3 +-- ssl/s3_enc.c | 3 +-- ssl/ssl_asn1.c | 3 +-- ssl/ssl_ciph.c | 6 ++---- ssl/ssl_lib.c | 6 ++---- ssl/ssltest.c | 3 --- ssl/t1_enc.c | 18 ++++++------------ ssl/t1_lib.c | 9 +++++++-- 54 files changed, 72 insertions(+), 200 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index ab60b700b0..a4b77e13e3 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -351,13 +351,12 @@ void program_name(char *in, char *out, int size) int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { - int num,len,i; + int num,i; char *p; *argc=0; *argv=NULL; - len=strlen(buf); i=0; if (arg->count == 0) { diff --git a/apps/dh.c b/apps/dh.c index c4d891e125..7e45bd3356 100644 --- a/apps/dh.c +++ b/apps/dh.c @@ -88,9 +88,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -189,7 +186,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); diff --git a/apps/dhparam.c b/apps/dhparam.c index 04bd57c6e8..465cdfe77b 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -149,9 +149,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int i,badops=0,text=0; #ifndef OPENSSL_NO_DSA @@ -270,7 +267,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (g && !num) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 4305a739b3..fe72c1d3df 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -111,9 +111,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -278,7 +275,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (need_rand) @@ -357,12 +354,10 @@ bad: if (C) { unsigned char *data; - int l,len,bits_p,bits_q,bits_g; + int l,len,bits_p; len=BN_num_bytes(dsa->p); bits_p=BN_num_bits(dsa->p); - bits_q=BN_num_bits(dsa->q); - bits_g=BN_num_bits(dsa->g); data=(unsigned char *)OPENSSL_malloc(len+20); if (data == NULL) { diff --git a/apps/ec.c b/apps/ec.c index 771e15f357..6b3d3ad91b 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -85,9 +85,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int ret = 1; EC_KEY *eckey = NULL; const EC_GROUP *group; @@ -254,7 +251,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) diff --git a/apps/ecparam.c b/apps/ecparam.c index 4e1fc837ed..2d3fd30324 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -129,9 +129,6 @@ int MAIN(int argc, char **argv) char *infile = NULL, *outfile = NULL, *prog; BIO *in = NULL, *out = NULL; int informat, outformat, noout = 0, C = 0, ret = 1; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif char *engine = NULL; BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, @@ -340,7 +337,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (list_curves) diff --git a/apps/enc.c b/apps/enc.c index 8f5e5b8935..8beb2dff35 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -100,9 +100,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; @@ -311,7 +308,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (md && (dgst=EVP_get_digestbyname(md)) == NULL) diff --git a/apps/gendh.c b/apps/gendh.c index 47497864b0..346ea4a866 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -89,9 +89,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { BN_GENCB cb; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; @@ -163,7 +160,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif out=BIO_new(BIO_s_file()); diff --git a/apps/gendsa.c b/apps/gendsa.c index 22c39629e5..62ea977905 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -78,9 +78,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; @@ -206,7 +203,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { diff --git a/apps/genrsa.c b/apps/genrsa.c index 5759acbf9b..dfb01399e0 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -89,9 +89,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { BN_GENCB cb; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int ret=1; int i,num=DEFBITS; long l; @@ -235,7 +232,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (outfile == NULL) diff --git a/apps/pkcs7.c b/apps/pkcs7.c index da4dbe7a07..bdbb10229e 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -82,9 +82,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -180,7 +177,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); diff --git a/apps/rand.c b/apps/rand.c index 44a1d46a03..790e79592c 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -77,9 +77,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -178,7 +175,7 @@ int MAIN(int argc, char **argv) } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); diff --git a/apps/s_server.c b/apps/s_server.c index 88b308ca38..9ef643e2b4 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2075,12 +2075,14 @@ static int www_body(char *hostname, int s, unsigned char *context) { char *buf=NULL; int ret=1; - int i,j,k,blank,dot; + int i,j,k,dot; struct stat st_buf; SSL *con; SSL_CIPHER *c; BIO *io,*ssl_bio,*sbio; +#ifdef RENEG long total_bytes; +#endif buf=OPENSSL_malloc(bufsize); if (buf == NULL) return(0); @@ -2151,7 +2153,6 @@ static int www_body(char *hostname, int s, unsigned char *context) SSL_set_msg_callback_arg(con, bio_s_out); } - blank=0; for (;;) { if (hack) @@ -2388,7 +2389,9 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); } /* send the file */ +#ifdef RENEG total_bytes=0; +#endif for (;;) { i=BIO_read(file,buf,bufsize); diff --git a/apps/s_socket.c b/apps/s_socket.c index cf82358535..2a57577b09 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -329,7 +329,7 @@ static int init_server_long(int *sock, int port, char *ip, int type) { int ret=0; struct sockaddr_in server; - int s= -1,i; + int s= -1; if (!ssl_sock_init()) return(0); @@ -368,7 +368,6 @@ static int init_server_long(int *sock, int port, char *ip, int type) } /* Make it 128 for linux */ if (type==SOCK_STREAM && listen(s,128) == -1) goto err; - i=0; *sock=s; ret=1; err: @@ -386,7 +385,7 @@ static int init_server(int *sock, int port, int type) static int do_accept(int acc_sock, int *sock, char **host) { - int ret,i; + int ret; struct hostent *h1,*h2; static struct sockaddr_in from; int len; @@ -463,7 +462,6 @@ redoit: BIO_printf(bio_err,"gethostbyname failure\n"); return(0); } - i=0; if (h2->h_addrtype != AF_INET) { BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); diff --git a/apps/speed.c b/apps/speed.c index 393a7baade..d206c96e29 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -500,9 +500,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif unsigned char *buf=NULL,*buf2=NULL; int mret=1; long count=0,save_count=0; @@ -593,7 +590,6 @@ int MAIN(int argc, char **argv) unsigned char DES_iv[8]; unsigned char iv[2*MAX_BLOCK_SIZE/8]; #ifndef OPENSSL_NO_DES - DES_cblock *buf_as_des_cblock = NULL; static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; @@ -806,9 +802,6 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"out of memory\n"); goto end; } -#ifndef OPENSSL_NO_DES - buf_as_des_cblock = (DES_cblock *)buf; -#endif if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) { BIO_printf(bio_err,"out of memory\n"); @@ -883,7 +876,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"no engine given\n"); goto end; } - e = setup_engine(bio_err, *argv, 0); + setup_engine(bio_err, *argv, 0); /* j will be increased again further down. We just don't want speed to confuse an engine with an algorithm, especially when none is given (which diff --git a/apps/x509.c b/apps/x509.c index b25508aa8e..151d3a91a7 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -539,7 +539,6 @@ bad: if (reqfile) { EVP_PKEY *pkey; - X509_CINF *ci; BIO *in; if (!sign_flag && !CA_flag) @@ -607,7 +606,6 @@ bad: print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag); if ((x=X509_new()) == NULL) goto end; - ci=x->cert_info; if (sno == NULL) { diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index f8d198efb1..f551bdbaad 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, { ASN1_INTEGER *ret=NULL; const unsigned char *p; - unsigned char *to,*s; + unsigned char *s; long len; int inf,tag,xclass; int i; @@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, i=ERR_R_MALLOC_FAILURE; goto err; } - to=s; ret->type=V_ASN1_INTEGER; if(len) { if ((*p == 0) && (len != 1)) diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 60bc437938..e7d0439062 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int sgckey) { RSA *ret=NULL; - const unsigned char *p, *kp; + const unsigned char *p; NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; p = *pp; @@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); goto err; } - kp = enckey->enckey->digest->data; if (cb == NULL) cb=EVP_read_pw_string; if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index bdb244c015..ee5a687ce8 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; long l; - int i, n; + int i; char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); @@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x) else BIO_printf(out,"NONE"); BIO_printf(out,"\n"); - n=X509_CRL_get_ext_count(x); X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 48bc1c0d4d..a228c0d6cd 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -166,7 +166,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int i; int otag; int ret = 0; - ASN1_VALUE *pchval, **pchptr, *ptmpval; + ASN1_VALUE **pchptr, *ptmpval; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -317,7 +317,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, goto err; } /* CHOICE type, try each possibility in turn */ - pchval = NULL; p = *in; for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) { diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index c72a23c2e1..028616c064 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -125,7 +125,6 @@ static int nbiof_free(BIO *a) static int nbiof_read(BIO *b, char *out, int outl) { - NBIO_TEST *nt; int ret=0; #if 1 int num; @@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, int outl) if (out == NULL) return(0); if (b->next_bio == NULL) return(0); - nt=(NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); #if 1 diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 3f52ae953c..371cdf52cb 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method) int BIO_free(BIO *a) { - int ret=0,i; + int i; if (a == NULL) return(0); @@ -133,7 +133,7 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - ret=a->method->destroy(a); + a->method->destroy(a); OPENSSL_free(a); return(1); } diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index d090b7272f..e7fb892eaa 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char *in, int inl) static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) { - BIO *dbio; int *ip; long ret=1; BIO_ACCEPT *data; @@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ret=(long)data->bind_mode; break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; -/* if (data->param_port) EAY EAY +/* dbio=(BIO *)ptr; + if (data->param_port) EAY EAY BIO_set_port(dbio,data->param_port); if (data->param_hostname) BIO_set_hostname(dbio,data->param_hostname); diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index a0e9ec3b46..12e5be80eb 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, int tnb, BN_ULONG *t) { int i,j,n2=n*2; - int c1,c2,neg,zero; + int c1,c2,neg; BN_ULONG ln,lo,*p; # ifdef BN_COUNT @@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, /* r=(a[0]-a[1])*(b[1]-b[0]) */ c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); - zero=neg=0; + neg=0; switch (c1*3+c2) { case -4: @@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ break; case -3: - zero=1; /* break; */ case -2: bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ @@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, case -1: case 0: case 1: - zero=1; /* break; */ case 2: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ @@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, neg=1; break; case 3: - zero=1; /* break; */ case 4: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); @@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { if (i >= -1 && i <= 1) { - int sav_j =0; /* Find out the power of two lower or equal to the longest of the two numbers */ if (i >= 0) @@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { j = BN_num_bits_word((BN_ULONG)bl); } - sav_j = j; j = 1<<(j-1); assert(j <= al || j <= bl); k = j+j; diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index d8bce8732a..3c58936d99 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -213,13 +213,14 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) int bufnum=0,i,ii; BUF_MEM *buff=NULL; char *s,*p,*end; - int again,n; + int again; long eline=0; char btmp[DECIMAL_SIZE(eline)+1]; CONF_VALUE *v=NULL,*tv; CONF_VALUE *sv=NULL; char *section=NULL,*buf; - STACK_OF(CONF_VALUE) *section_sk=NULL,*ts; +/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/ +/* STACK_OF(CONF_VALUE) *ts=NULL;*/ char *start,*psection,*pname; void *h = (void *)(conf->data); @@ -250,7 +251,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; +/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ bufnum=0; again=0; @@ -309,7 +310,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) buf=buff->data; clear_comments(conf, buf); - n=strlen(buf); s=eat_ws(conf, buf); if (IS_EOF(conf,*s)) continue; /* blank line */ if (*s == '[') @@ -343,7 +343,7 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; +/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ continue; } else @@ -406,12 +406,12 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - ts=(STACK_OF(CONF_VALUE) *)tv->value; +/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/ } else { tv=sv; - ts=section_sk; +/* ts=section_sk;*/ } #if 1 if (_CONF_add_string(conf, tv, v) == 0) @@ -465,9 +465,6 @@ err: static void clear_comments(CONF *conf, char *p) { - char *to; - - to=p; for (;;) { if (IS_FCOMMENT(conf,*p)) diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 6f1728e3cf..7a9d1881cc 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -110,7 +110,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits, BIGNUM *r0,*W,*X,*c,*test; BIGNUM *g=NULL,*q=NULL,*p=NULL; BN_MONT_CTX *mont=NULL; - int k,n=0,i,b,m=0; + int k,n=0,i,m=0; int counter=0; int r=0; BN_CTX *ctx=NULL; @@ -211,7 +211,6 @@ static int dsa_builtin_paramgen(DSA *ret, int bits, /* "offset = 2" */ n=(bits-1)/160; - b=(bits-1)-n*160; for (;;) { diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index e89b1d4772..bf22234778 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -96,7 +96,6 @@ const ECDH_METHOD *ECDH_get_default_method(void) int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) { - const ECDH_METHOD *mtmp; ECDH_DATA *ecdh; ecdh = ecdh_check(eckey); @@ -104,11 +103,6 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) if (ecdh == NULL) return 0; - mtmp = ecdh->meth; -#if 0 - if (mtmp->finish) - mtmp->finish(eckey); -#endif #ifndef OPENSSL_NO_ENGINE if (ecdh->engine) { diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 85e8a3a7ed..2ebae3aa27 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -83,7 +83,6 @@ const ECDSA_METHOD *ECDSA_get_default_method(void) int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) { - const ECDSA_METHOD *mtmp; ECDSA_DATA *ecdsa; ecdsa = ecdsa_check(eckey); @@ -91,7 +90,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) if (ecdsa == NULL) return 0; - mtmp = ecdsa->meth; #ifndef OPENSSL_NO_ENGINE if (ecdsa->engine) { diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 5921f0d710..e8a521814a 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; + int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl; unsigned char *d; n=ctx->num; @@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, * lines. We process the line and then need to * accept the '\n' */ if ((v != B64_EOF) && (n >= 64)) exp_nl=1; - tmp2=v; if (n > 0) { v=EVP_DecodeBlock(out,d,n); diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index cbc1c76a57..6899be63d4 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -130,12 +130,9 @@ void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { - int j; unsigned int i; unsigned char buf[EVP_MAX_MD_SIZE]; - j=EVP_MD_block_size(ctx->md); - EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i); EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx); EVP_DigestUpdate(&ctx->md_ctx,buf,i); diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 90dd1aa38e..b8b7871d0a 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) { int i, ret = 0; long l; - unsigned char *p; OCSP_CERTID *cid = NULL; OCSP_BASICRESP *br = NULL; OCSP_RESPID *rid = NULL; @@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) return 1; } - p = ASN1_STRING_data(rb->response); i = ASN1_STRING_length(rb->response); if (!(br = OCSP_response_get1_basic(o))) goto err; rd = br->tbsResponseData; diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index cbafefe416..22bb791bce 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -434,7 +434,6 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) { - int o; const EVP_CIPHER *enc=NULL; char *p,c; char **header_pp = &header; @@ -474,7 +473,6 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) header++; } *header='\0'; - o=OBJ_sn2nid(p); cipher->cipher=enc=EVP_get_cipherbyname(p); *header=c; header++; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index a03d7ebedf..c8f1eb1b45 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -342,7 +342,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) X509_ALGOR *enc_alg=NULL; STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; i=OBJ_obj2nid(p7->type); @@ -365,7 +364,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.signed_and_enveloped->enc_data->algorithm; break; case NID_pkcs7_enveloped: rsk=p7->d.enveloped->recipientinfo; @@ -377,7 +375,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.enveloped->enc_data->algorithm; break; default: PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index f2490941a3..898cddad07 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -558,7 +558,6 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) { int i; - ASN1_OBJECT *objtmp; PKCS7_ENC_CONTENT *ec; i=OBJ_obj2nid(p7->type); @@ -581,7 +580,6 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); return(0); } - objtmp = OBJ_nid2obj(i); ec->cipher = cipher; return 1; diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 7762d647ca..831b47d230 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -73,7 +73,6 @@ static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, { PKCS7 *p7 = (PKCS7 *)val; BIO *tmpbio, *p7bio; - int r = 0; if (!(flags & SMIME_DETACHED)) { @@ -95,8 +94,6 @@ static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, if (PKCS7_dataFinal(p7, p7bio) <= 0) goto err; - r = 1; - err: /* Now remove any digests prepended to the BIO */ diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c index 6c89f06fb1..8ebba8a856 100644 --- a/crypto/pqueue/pqueue.c +++ b/crypto/pqueue/pqueue.c @@ -166,14 +166,13 @@ pqueue_pop(pqueue_s *pq) pitem * pqueue_find(pqueue_s *pq, PQ_64BIT priority) { - pitem *next, *prev = NULL; + pitem *next; pitem *found = NULL; if ( pq->items == NULL) return NULL; - for ( next = pq->items; next->next != NULL; - prev = next, next = next->next) + for ( next = pq->items; next->next != NULL; next = next->next) { if ( pq_64bit_eq(&(next->priority), &priority)) { @@ -189,13 +188,6 @@ pqueue_find(pqueue_s *pq, PQ_64BIT priority) if ( ! found) return NULL; -#if 0 /* find works in peek mode */ - if ( prev == NULL) - pq->items = next->next; - else - prev->next = next->next; -#endif - return found; } diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 84276d7d46..181056847e 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -265,8 +265,8 @@ err: const char *RAND_file_name(char *buf, size_t size) { char *s=NULL; - int ok = 0; #ifdef __OpenBSD__ + int ok = 0; struct stat sb; #endif @@ -294,7 +294,9 @@ const char *RAND_file_name(char *buf, size_t size) BUF_strlcat(buf,"/",size); #endif BUF_strlcat(buf,RFILE,size); +#ifdef __OpenBSD__ ok = 1; +#endif } else buf[0] = '\0'; /* no file name */ diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index b85456e65b..b2f9290d5a 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -97,7 +97,6 @@ static int x509_subject_cmp(X509 **a, X509 **b) int X509_verify_cert(X509_STORE_CTX *ctx) { X509 *x,*xtmp,*chain_ss=NULL; - X509_NAME *xn; int bad_chain = 0; X509_VERIFY_PARAM *param = ctx->param; int depth,i,ok=0; @@ -149,7 +148,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) */ /* If we are self signed, we break */ - xn=X509_get_issuer_name(x); if (ctx->check_issued(ctx, x,x)) break; /* If we were passed a cert chain, use it first */ @@ -186,7 +184,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) i=sk_X509_num(ctx->chain); x=sk_X509_value(ctx->chain,i-1); - xn = X509_get_subject_name(x); if (ctx->check_issued(ctx, x, x)) { /* we have a self signed certificate */ @@ -235,7 +232,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (depth < num) break; /* If we are self signed, we break */ - xn=X509_get_issuer_name(x); if (ctx->check_issued(ctx,x,x)) break; ok = ctx->get_issuer(&xtmp, ctx, x); @@ -254,7 +250,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) } /* we now have our chain, lets check it... */ - xn=X509_get_issuer_name(x); /* Is last certificate looked up self signed? */ if (!ctx->check_issued(ctx,x,x)) diff --git a/engines/e_chil.c b/engines/e_chil.c index ab8a25962c..fca7a9cea6 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -1080,11 +1080,11 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, static int hwcrhk_rsa_finish(RSA *rsa) { HWCryptoHook_RSAKeyHandle *hptr; - int ret; + hptr = RSA_get_ex_data(rsa, hndidx_rsa); if (hptr) { - ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); + p_hwcrhk_RSAUnloadKey(*hptr, NULL); OPENSSL_free(hptr); RSA_set_ex_data(rsa, hndidx_rsa, NULL); } diff --git a/engines/e_cswift.c b/engines/e_cswift.c index bc65179846..2e64ff3277 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -811,7 +811,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) SW_PARAM sw_param; SW_STATUS sw_status; SW_LARGENUMBER arg, res; - unsigned char *ptr; BN_CTX *ctx; BIGNUM *dsa_p = NULL; BIGNUM *dsa_q = NULL; @@ -899,7 +898,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; } /* Convert the response */ - ptr = (unsigned char *)result->d; if((to_return = DSA_SIG_new()) == NULL) goto err; to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL); diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index a0f320caf5..f1c81013b1 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -631,10 +631,8 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx) { int y_len, - m_len, fd; - m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1; y_len = BN_num_bits(p) + BN_num_bits(q); /* Check if hardware can't handle this argument. */ diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 223d116279..0aa77ee51d 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -144,7 +144,7 @@ IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, int dtls1_connect(SSL *s) { BUF_MEM *buf=NULL; - unsigned long Time=(unsigned long)time(NULL),l; + unsigned long Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state,skip=0;; @@ -374,7 +374,6 @@ int dtls1_connect(SSL *s) dtls1_start_timer(s); ret=dtls1_send_client_key_exchange(s); if (ret <= 0) goto end; - l=s->s3->tmp.new_cipher->algorithms; /* EAY EAY EAY need to check for DH fix cert * sent back */ /* For TLS, cert_req is set to 2, so a cert chain diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index 3dfa5adba3..4a6c909031 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -131,13 +131,11 @@ int dtls1_enc(SSL *s, int send) SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; unsigned long l; - int bs,i,ii,j,k,n=0; + int bs,i,ii,j,k; const EVP_CIPHER *enc; if (send) { - if (s->write_hash != NULL) - n=EVP_MD_size(s->write_hash); ds=s->enc_write_ctx; rec= &(s->s3->wrec); if (s->enc_write_ctx == NULL) @@ -158,8 +156,6 @@ int dtls1_enc(SSL *s, int send) } else { - if (s->read_hash != NULL) - n=EVP_MD_size(s->read_hash); ds=s->enc_read_ctx; rec= &(s->s3->rrec); if (s->enc_read_ctx == NULL) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 9fe21c3ea1..3f19077af1 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -256,9 +256,6 @@ dtls1_process_buffered_records(SSL *s) item = pqueue_peek(s->d1->unprocessed_rcds.q); if (item) { - DTLS1_RECORD_DATA *rdata; - rdata = (DTLS1_RECORD_DATA *)item->data; - /* Check if epoch is current. */ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) return(1); /* Nothing to do. */ @@ -331,7 +328,7 @@ dtls1_get_buffered_record(SSL *s) static int dtls1_process_record(SSL *s) { - int i,al; + int al; int clear=0; int enc_err; SSL_SESSION *sess; @@ -418,7 +415,7 @@ if ( (sess == NULL) || #endif } rr->length-=mac_size; - i=s->method->ssl3_enc->mac(s,md,0); + s->method->ssl3_enc->mac(s,md,0); if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) { goto err; @@ -484,14 +481,12 @@ int dtls1_get_record(SSL *s) int ssl_major,ssl_minor; int i,n; SSL3_RECORD *rr; - SSL_SESSION *sess; unsigned char *p = NULL; unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; rr= &(s->s3->rrec); - sess=s->session; /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index fc2981308d..0b82777b2a 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -97,14 +97,8 @@ SSL_CIPHER *ssl23_get_cipher(unsigned int u) * available */ SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; - unsigned long id; - int n; + SSL_CIPHER *cp; - n=ssl3_num_ciphers(); - id=0x03000000|((unsigned long)p[0]<<16L)| - ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; - c.id=id; cp=ssl3_get_cipher_by_char(p); #ifndef OPENSSL_NO_SSL2 if (cp == NULL) diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 01d62fad11..eeffe25492 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -697,7 +697,6 @@ static int server_hello(SSL *s) { unsigned char *p,*d; int n,hit; - STACK_OF(SSL_CIPHER) *sk; p=(unsigned char *)s->init_buf->data; if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) @@ -778,7 +777,6 @@ static int server_hello(SSL *s) /* lets send out the ciphers we like in the * prefered order */ - sk= s->session->ciphers; n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); d+=n; s2n(n,p); /* add cipher length */ diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index e5138b6e5e..b0d49d8cd3 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -166,7 +166,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method, int ssl3_connect(SSL *s) { BUF_MEM *buf=NULL; - unsigned long Time=(unsigned long)time(NULL),l; + unsigned long Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state,skip=0; @@ -360,7 +360,6 @@ int ssl3_connect(SSL *s) case SSL3_ST_CW_KEY_EXCH_B: ret=ssl3_send_client_key_exchange(s); if (ret <= 0) goto end; - l=s->s3->tmp.new_cipher->algorithms; /* EAY EAY EAY need to check for DH fix cert * sent back */ /* For TLS, cert_req is set to 2, so a cert chain diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 06e54666b2..1539a4ce1c 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -191,7 +191,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) int ssl3_change_cipher_state(SSL *s, int which) { - unsigned char *p,*key_block,*mac_secret; + unsigned char *p,*mac_secret; unsigned char exp_key[EVP_MAX_KEY_LENGTH]; unsigned char exp_iv[EVP_MAX_IV_LENGTH]; unsigned char *ms,*key,*iv,*er1,*er2; @@ -214,7 +214,6 @@ int ssl3_change_cipher_state(SSL *s, int which) else comp=s->s3->tmp.new_compression->method; #endif - key_block=s->s3->tmp.key_block; if (which & SSL3_CC_READ) { diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index d82e47a14e..df8ec82ebf 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -297,7 +297,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) { - int version,ssl_version=0,i; + int ssl_version=0,i; long id; ASN1_INTEGER ai,*aip; ASN1_OCTET_STRING os,*osp; @@ -311,7 +311,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ai.data=NULL; ai.length=0; M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - version=(int)ASN1_INTEGER_get(aip); if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } /* we don't care about the version right now :-) */ diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 5e2d436da3..a34680ee85 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -777,7 +777,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) { unsigned long algorithms, mask, algo_strength, mask_strength; - const char *l, *start, *buf; + const char *l, *buf; int j, multi, found, rule, retval, ok, buflen; unsigned long cipher_id = 0, ssl_version = 0; char ch; @@ -809,7 +809,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str, algorithms = mask = algo_strength = mask_strength = 0; - start=l; for (;;) { ch = *l; @@ -1100,7 +1099,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) int is_export,pkl,kl; const char *ver,*exp_str; const char *kx,*au,*enc,*mac; - unsigned long alg,alg2,alg_s; + unsigned long alg,alg2; #ifdef KSSL_DEBUG static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; #else @@ -1108,7 +1107,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) #endif /* KSSL_DEBUG */ alg=cipher->algorithms; - alg_s=cipher->algo_strength; alg2=cipher->algorithm2; is_export=SSL_C_IS_EXPORT(cipher); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 15650da5e7..b6b8e6038a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1940,15 +1940,13 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs) /* THIS NEEDS CLEANING UP */ X509 *ssl_get_server_send_cert(SSL *s) { - unsigned long alg,mask,kalg; + unsigned long alg,kalg; CERT *c; - int i,is_export; + int i; c=s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); alg=s->s3->tmp.new_cipher->algorithms; - is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); - mask=is_export?c->export_mask:c->mask; kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); if (kalg & SSL_kECDH) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index b09c542087..310e0677e9 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1351,7 +1351,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) BIO *c_bio=NULL; BIO *s_bio=NULL; int c_r,c_w,s_r,s_w; - int c_want,s_want; int i,j; int done=0; int c_write,s_write; @@ -1386,8 +1385,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) c_r=0; s_r=1; c_w=1; s_w=0; - c_want=W_WRITE; - s_want=0; c_write=1,s_write=0; /* We can always do writes */ diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index dab6e4485b..34830988fc 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -125,7 +125,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, unsigned char *seed, int seed_len, unsigned char *out, int olen) { - int chunk,n; + int chunk; unsigned int j; HMAC_CTX ctx; HMAC_CTX ctx_tmp; @@ -143,7 +143,6 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, HMAC_Update(&ctx,seed,seed_len); HMAC_Final(&ctx,A1,&A1_len); - n=0; for (;;) { HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ @@ -227,14 +226,14 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km, int tls1_change_cipher_state(SSL *s, int which) { static const unsigned char empty[]=""; - unsigned char *p,*key_block,*mac_secret; + unsigned char *p,*mac_secret; unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+ SSL3_RANDOM_SIZE*2]; unsigned char tmp1[EVP_MAX_KEY_LENGTH]; unsigned char tmp2[EVP_MAX_KEY_LENGTH]; unsigned char iv1[EVP_MAX_IV_LENGTH*2]; unsigned char iv2[EVP_MAX_IV_LENGTH*2]; - unsigned char *ms,*key,*iv,*er1,*er2; + unsigned char *ms,*key,*iv; int client_write; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; @@ -251,9 +250,10 @@ int tls1_change_cipher_state(SSL *s, int which) #ifndef OPENSSL_NO_COMP comp=s->s3->tmp.new_compression; #endif - key_block=s->s3->tmp.key_block; #ifdef KSSL_DEBUG + key_block=s->s3->tmp.key_block; + printf("tls1_change_cipher_state(which= %d) w/\n", which); printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, (void *)comp); @@ -348,8 +348,6 @@ int tls1_change_cipher_state(SSL *s, int which) cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ k=EVP_CIPHER_iv_length(c); - er1= &(s->s3->client_random[0]); - er2= &(s->s3->server_random[0]); if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { @@ -535,13 +533,11 @@ int tls1_enc(SSL *s, int send) SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; unsigned long l; - int bs,i,ii,j,k,n=0; + int bs,i,ii,j,k; const EVP_CIPHER *enc; if (send) { - if (s->write_hash != NULL) - n=EVP_MD_size(s->write_hash); ds=s->enc_write_ctx; rec= &(s->s3->wrec); if (s->enc_write_ctx == NULL) @@ -551,8 +547,6 @@ int tls1_enc(SSL *s, int send) } else { - if (s->read_hash != NULL) - n=EVP_MD_size(s->read_hash); ds=s->enc_read_ctx; rec= &(s->s3->rrec); if (s->enc_read_ctx == NULL) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8b53112770..d61c08c8ef 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -601,9 +601,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) { + unsigned short length; unsigned short type; unsigned short size; - unsigned short len; unsigned char *data = *p; int tlsext_servername = 0; int renegotiate_seen = 0; @@ -611,7 +611,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (data >= (d+n-2)) goto ri_check; - n2s(data,len); + n2s(data,length); + if (data+length != d+n) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } while(data <= (d+n-4)) { -- 2.25.1