summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRich Salz <rsalz@akamai.com>2016-02-14 04:33:56 +0100
committerRich Salz <rsalz@openssl.org>2016-02-22 19:39:44 +0100
commita773b52a61bb269e75ebbac01cfca9ebcb6c78b9 (patch)
treeb70a39274abcb667620e2bb8f99570cad672ea65
parentUse $disabled{shared} in a safer manner (diff)
downloadopenssl-a773b52a61bb269e75ebbac01cfca9ebcb6c78b9.tar.xz
openssl-a773b52a61bb269e75ebbac01cfca9ebcb6c78b9.zip
Remove unused parameters from internal functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
-rwxr-xr-xConfigure6
-rw-r--r--apps/apps.c17
-rw-r--r--apps/apps.h7
-rw-r--r--apps/ca.c14
-rw-r--r--apps/cms.c13
-rw-r--r--apps/dgst.c8
-rw-r--r--apps/ocsp.c29
-rw-r--r--apps/pkcs12.c4
-rw-r--r--apps/pkeyutl.c2
-rw-r--r--apps/rsautl.c2
-rw-r--r--apps/s_apps.h6
-rw-r--r--apps/s_cb.c4
-rw-r--r--apps/s_client.c5
-rw-r--r--apps/s_server.c31
-rw-r--r--apps/s_socket.c52
-rw-r--r--apps/smime.c12
-rw-r--r--apps/speed.c8
-rw-r--r--apps/verify.c27
-rw-r--r--apps/x509.c4
-rw-r--r--crypto/asn1/tasn_prn.c20
-rw-r--r--crypto/cms/cms_smime.c6
-rw-r--r--crypto/conf/conf_mod.c8
-rw-r--r--crypto/dh/dh_ameth.c57
-rw-r--r--crypto/dsa/dsa_ameth.c50
-rw-r--r--crypto/dsa/dsa_pmeth.c12
-rw-r--r--crypto/ec/ecdh_ossl.c2
-rw-r--r--crypto/ec/eck_prn.c39
-rw-r--r--crypto/mem.c7
-rw-r--r--crypto/mem_sec.c10
-rw-r--r--crypto/ocsp/ocsp_prn.c6
-rw-r--r--crypto/ocsp/ocsp_vfy.c30
-rw-r--r--crypto/pem/pvkfmt.c16
-rw-r--r--crypto/rsa/rsa_ameth.c52
-rw-r--r--crypto/rsa/rsa_pmeth.c2
-rw-r--r--crypto/x509v3/v3_utl.c6
-rw-r--r--doc/apps/verify.pod6
-rw-r--r--e_os.h2
-rw-r--r--include/openssl/ec.h4
-rw-r--r--ssl/d1_lib.c3
-rw-r--r--ssl/record/rec_layer_d1.c6
-rw-r--r--ssl/record/record_locl.h3
-rw-r--r--ssl/record/ssl3_record.c5
-rw-r--r--ssl/ssl_locl.h5
-rw-r--r--ssl/statem/statem_dtls.c13
-rw-r--r--ssl/statem/statem_srvr.c2
45 files changed, 216 insertions, 407 deletions
diff --git a/Configure b/Configure
index 63d3e03211..38ef7f17cd 100755
--- a/Configure
+++ b/Configure
@@ -94,11 +94,11 @@ my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED -DBIO_DEBUG"
# TODO(openssl-team): fix problems and investigate if (at least) the
# following warnings can also be enabled:
# -Wswitch-enum
-# -Wunused-macros
# -Wcast-align
# -Wunreachable-code
-# -Wlanguage-extension-token
-# -Wextended-offsetof
+# -Wlanguage-extension-token -- no, we use asm()
+# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
+# -Wextended-offsetof -- no, needed in CMS ASN1 code
my $clang_devteam_warn = ""
. " -Qunused-arguments"
. " -Wextra"
diff --git a/apps/apps.c b/apps/apps.c
index d4a4d23269..34fd3914cd 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -674,8 +674,7 @@ int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
return rv;
}
-X509 *load_cert(const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip)
+X509 *load_cert(const char *file, int format, const char *cert_descrip)
{
X509 *x = NULL;
BIO *cert;
@@ -904,7 +903,7 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
}
static int load_certs_crls(const char *file, int format,
- const char *pass, ENGINE *e, const char *desc,
+ const char *pass, const char *desc,
STACK_OF(X509) **pcerts,
STACK_OF(X509_CRL) **pcrls)
{
@@ -1002,18 +1001,18 @@ void* app_malloc(int sz, const char *what)
* Initialize or extend, if *certs != NULL, a certificate stack.
*/
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
- const char *pass, ENGINE *e, const char *desc)
+ const char *pass, const char *desc)
{
- return load_certs_crls(file, format, pass, e, desc, certs, NULL);
+ return load_certs_crls(file, format, pass, desc, certs, NULL);
}
/*
* Initialize or extend, if *crls != NULL, a certificate stack.
*/
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
- const char *pass, ENGINE *e, const char *desc)
+ const char *pass, const char *desc)
{
- return load_certs_crls(file, format, pass, e, desc, NULL, crls);
+ return load_certs_crls(file, format, pass, desc, NULL, crls);
}
#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
@@ -1300,7 +1299,7 @@ X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath)
#ifndef OPENSSL_NO_ENGINE
/* Try to load an engine in a shareable library */
-static ENGINE *try_load_engine(const char *engine, int debug)
+static ENGINE *try_load_engine(const char *engine)
{
ENGINE *e = ENGINE_by_id("dynamic");
if (e) {
@@ -1324,7 +1323,7 @@ ENGINE *setup_engine(const char *engine, int debug)
return NULL;
}
if ((e = ENGINE_by_id(engine)) == NULL
- && (e = try_load_engine(engine, debug)) == NULL) {
+ && (e = try_load_engine(engine)) == NULL) {
BIO_printf(bio_err, "invalid engine \"%s\"\n", engine);
ERR_print_errors(bio_err);
return NULL;
diff --git a/apps/apps.h b/apps/apps.h
index 9e66056058..617c1f7e9b 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -475,8 +475,7 @@ int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(CONF *conf);
-X509 *load_cert(const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
+X509 *load_cert(const char *file, int format, const char *cert_descrip);
X509_CRL *load_crl(const char *infile, int format);
int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl);
EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
@@ -484,9 +483,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
+ const char *pass, const char *cert_descrip);
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
+ const char *pass, const char *cert_descrip);
X509_STORE *setup_verify(char *CAfile, char *CApath,
int noCAfile, int noCApath);
int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
diff --git a/apps/ca.c b/apps/ca.c
index 716df02fac..4cd4aa1bcb 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -153,8 +153,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
int multirdn, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy,
- ENGINE *e);
+ unsigned long nameopt, int default_op, int ext_copy);
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
X509 *x509, const EVP_MD *dgst,
STACK_OF(OPENSSL_STRING) *sigopts,
@@ -607,7 +606,7 @@ end_of_options:
lookup_fail(section, ENV_CERTIFICATE);
goto end;
}
- x509 = load_cert(certfile, FORMAT_PEM, NULL, e, "CA certificate");
+ x509 = load_cert(certfile, FORMAT_PEM, "CA certificate");
if (x509 == NULL)
goto end;
@@ -964,7 +963,7 @@ end_of_options:
db, serial, subj, chtype, multirdn, email_dn,
startdate, enddate, days, batch, extensions,
conf, verbose, certopt, nameopt, default_op,
- ext_copy, e);
+ ext_copy);
if (j < 0)
goto end;
if (j > 0) {
@@ -1265,7 +1264,7 @@ end_of_options:
goto end;
} else {
X509 *revcert;
- revcert = load_cert(infile, FORMAT_PEM, NULL, e, infile);
+ revcert = load_cert(infile, FORMAT_PEM, infile);
if (revcert == NULL)
goto end;
if (dorevoke == 2)
@@ -1391,15 +1390,14 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
int multirdn, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect,
CONF *lconf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy,
- ENGINE *e)
+ unsigned long nameopt, int default_op, int ext_copy)
{
X509 *req = NULL;
X509_REQ *rreq = NULL;
EVP_PKEY *pktmp = NULL;
int ok = -1, i;
- if ((req = load_cert(infile, FORMAT_PEM, NULL, e, infile)) == NULL)
+ if ((req = load_cert(infile, FORMAT_PEM, infile)) == NULL)
goto end;
if (verbose)
X509_print(bio_err, req);
diff --git a/apps/cms.c b/apps/cms.c
index e732757b2a..1f0e19208e 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -550,7 +550,7 @@ int cms_main(int argc, char **argv)
if (operation == SMIME_ENCRYPT) {
if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
goto end;
- cert = load_cert(opt_arg(), FORMAT_PEM, NULL, e,
+ cert = load_cert(opt_arg(), FORMAT_PEM,
"recipient certificate file");
if (cert == NULL)
goto end;
@@ -725,7 +725,7 @@ int cms_main(int argc, char **argv)
if ((encerts = sk_X509_new_null()) == NULL)
goto end;
while (*argv) {
- if ((cert = load_cert(*argv, FORMAT_PEM, NULL, e,
+ if ((cert = load_cert(*argv, FORMAT_PEM,
"recipient certificate file")) == NULL)
goto end;
sk_X509_push(encerts, cert);
@@ -735,7 +735,7 @@ int cms_main(int argc, char **argv)
}
if (certfile) {
- if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+ if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
"certificate file")) {
ERR_print_errors(bio_err);
goto end;
@@ -743,7 +743,7 @@ int cms_main(int argc, char **argv)
}
if (recipfile && (operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(recipfile, FORMAT_PEM, NULL, e,
+ if ((recip = load_cert(recipfile, FORMAT_PEM,
"recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
@@ -751,7 +751,7 @@ int cms_main(int argc, char **argv)
}
if (operation == SMIME_SIGN_RECEIPT) {
- if ((signer = load_cert(signerfile, FORMAT_PEM, NULL, e,
+ if ((signer = load_cert(signerfile, FORMAT_PEM,
"receipt signer certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
@@ -968,8 +968,7 @@ int cms_main(int argc, char **argv)
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(signerfile, FORMAT_PEM, NULL,
- e, "signer certificate");
+ signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
if (!signer)
goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
diff --git a/apps/dgst.c b/apps/dgst.c
index cab848516b..bebaaf53d3 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -73,7 +73,7 @@
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
- const char *file, BIO *bmd);
+ const char *file);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -403,7 +403,7 @@ int dgst_main(int argc, char **argv)
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
- siglen, NULL, NULL, "stdin", bmd);
+ siglen, NULL, NULL, "stdin");
} else {
const char *md_name = NULL, *sig_name = NULL;
if (!out_bin) {
@@ -426,7 +426,7 @@ int dgst_main(int argc, char **argv)
continue;
} else
r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
- siglen, sig_name, md_name, argv[i], bmd);
+ siglen, sig_name, md_name, argv[i]);
if (r)
ret = r;
(void)BIO_reset(bmd);
@@ -448,7 +448,7 @@ int dgst_main(int argc, char **argv)
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
- const char *file, BIO *bmd)
+ const char *file)
{
size_t len;
int i;
diff --git a/apps/ocsp.c b/apps/ocsp.c
index e26afe1f94..dc2a11f26e 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -115,8 +115,7 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(const char *port);
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
- const char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
const char *path,
@@ -406,8 +405,7 @@ int ocsp_main(int argc, char **argv)
path = opt_arg();
break;
case OPT_ISSUER:
- issuer = load_cert(opt_arg(), FORMAT_PEM,
- NULL, NULL, "issuer certificate");
+ issuer = load_cert(opt_arg(), FORMAT_PEM, "issuer certificate");
if (issuer == NULL)
goto end;
if (issuers == NULL) {
@@ -418,8 +416,7 @@ int ocsp_main(int argc, char **argv)
break;
case OPT_CERT:
X509_free(cert);
- cert = load_cert(opt_arg(), FORMAT_PEM,
- NULL, NULL, "certificate");
+ cert = load_cert(opt_arg(), FORMAT_PEM, "certificate");
if (cert == NULL)
goto end;
if (cert_id_md == NULL)
@@ -526,16 +523,14 @@ int ocsp_main(int argc, char **argv)
if (rsignfile) {
if (!rkeyfile)
rkeyfile = rsignfile;
- rsigner = load_cert(rsignfile, FORMAT_PEM,
- NULL, NULL, "responder certificate");
+ rsigner = load_cert(rsignfile, FORMAT_PEM, "responder certificate");
if (!rsigner) {
BIO_printf(bio_err, "Error loading responder certificate\n");
goto end;
}
- rca_cert = load_cert(rca_filename, FORMAT_PEM,
- NULL, NULL, "CA certificate");
+ rca_cert = load_cert(rca_filename, FORMAT_PEM, "CA certificate");
if (rcertfile) {
- if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL,
+ if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL,
"responder other certificates"))
goto end;
}
@@ -550,7 +545,7 @@ int ocsp_main(int argc, char **argv)
redo_accept:
if (acbio) {
- if (!do_responder(&req, &cbio, acbio, port))
+ if (!do_responder(&req, &cbio, acbio))
goto end;
if (!req) {
resp =
@@ -572,14 +567,13 @@ int ocsp_main(int argc, char **argv)
if (signfile) {
if (!keyfile)
keyfile = signfile;
- signer = load_cert(signfile, FORMAT_PEM,
- NULL, NULL, "signer certificate");
+ signer = load_cert(signfile, FORMAT_PEM, "signer certificate");
if (!signer) {
BIO_printf(bio_err, "Error loading signer certificate\n");
goto end;
}
if (sign_certfile) {
- if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL,
+ if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL,
"signer certificates"))
goto end;
}
@@ -702,7 +696,7 @@ int ocsp_main(int argc, char **argv)
if (vpmtouched)
X509_STORE_set1_param(store, vpm);
if (verify_certfile) {
- if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL,
+ if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL,
"validator certificate"))
goto end;
}
@@ -1078,8 +1072,7 @@ static int urldecode(char *p)
return (int)(out - save);
}
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
- const char *port)
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
{
int len;
OCSP_REQUEST *req = NULL;
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index e8df4998f7..b4aabb2b86 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -397,7 +397,7 @@ int pkcs12_main(int argc, char **argv)
/* Load in all certs in input file */
if (!(options & NOCERTS)) {
- if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e,
+ if (!load_certs(infile, &certs, FORMAT_PEM, NULL,
"certificates"))
goto export_end;
@@ -426,7 +426,7 @@ int pkcs12_main(int argc, char **argv)
/* Add any more certificates asked for */
if (certfile) {
- if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e,
+ if (!load_certs(certfile, &certs, FORMAT_PEM, NULL,
"certificates from certfile"))
goto export_end;
}
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 8e1177738e..91ef8d73b4 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -390,7 +390,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
break;
case KEY_CERT:
- x = load_cert(keyfile, keyform, NULL, e, "Certificate");
+ x = load_cert(keyfile, keyform, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 08e4d5635e..728352cbd4 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -231,7 +231,7 @@ int rsautl_main(int argc, char **argv)
break;
case KEY_CERT:
- x = load_cert(keyfile, keyformat, NULL, e, "Certificate");
+ x = load_cert(keyfile, keyformat, "Certificate");
if (x) {
pkey = X509_get_pubkey(x);
X509_free(x);
diff --git a/apps/s_apps.h b/apps/s_apps.h
index 435741547a..c000aa13d2 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -149,11 +149,11 @@ typedef fd_mask fd_set;
#define PORT "4433"
#define PROTOCOL "tcp"
+typedef int (*do_server_cb)(int s, int stype, unsigned char *context);
int do_server(int *accept_sock, const char *host, const char *port,
int family, int type,
- int (*cb) (const char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept);
+ do_server_cb cb,
+ unsigned char *context, int naccept);
#ifdef HEADER_X509_H
int verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
diff --git a/apps/s_cb.c b/apps/s_cb.c
index a463dac4ff..b74d682506 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -972,7 +972,7 @@ int load_excert(SSL_EXCERT **pexc)
return 0;
}
exc->cert = load_cert(exc->certfile, exc->certform,
- NULL, NULL, "Server Certificate");
+ "Server Certificate");
if (!exc->cert)
return 0;
if (exc->keyfile) {
@@ -986,7 +986,7 @@ int load_excert(SSL_EXCERT **pexc)
return 0;
if (exc->chainfile) {
if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
- NULL, "Server Chain"))
+ "Server Chain"))
return 0;
}
}
diff --git a/apps/s_client.c b/apps/s_client.c
index b533780e28..9889cb0355 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1432,8 +1432,7 @@ int s_client_main(int argc, char **argv)
}
if (cert_file) {
- cert = load_cert(cert_file, cert_format,
- NULL, e, "client certificate file");
+ cert = load_cert(cert_file, cert_format, "client certificate file");
if (cert == NULL) {
ERR_print_errors(bio_err);
goto end;
@@ -1441,7 +1440,7 @@ int s_client_main(int argc, char **argv)
}
if (chain_file) {
- if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e,
+ if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL,
"client certificate chain"))
goto end;
}
diff --git a/apps/s_server.c b/apps/s_server.c
index 3c5b4222ef..074c7634c7 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -191,12 +191,9 @@ typedef unsigned int u_int;
#endif
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
-static int sv_body(const char *hostname, int s, int stype,
- unsigned char *context);
-static int www_body(const char *hostname, int s, int stype,
- unsigned char *context);
-static int rev_body(const char *hostname, int s, int stype,
- unsigned char *context);
+static int sv_body(int s, int stype, unsigned char *context);
+static int www_body(int s, int stype, unsigned char *context);
+static int rev_body(int s, int stype, unsigned char *context);
static void close_accept_socket(void);
static int init_ssl_connection(SSL *s);
static void print_stats(BIO *bp, SSL_CTX *ctx);
@@ -1027,8 +1024,7 @@ int s_server_main(int argc, char *argv[])
#ifdef AF_UNIX
int unlink_unix_path = 0;
#endif
- int (*server_cb) (const char *hostname, int s, int stype,
- unsigned char *context);
+ do_server_cb server_cb;
int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0;
#ifndef OPENSSL_NO_DH
int no_dhe = 0;
@@ -1557,14 +1553,14 @@ int s_server_main(int argc, char *argv[])
}
s_cert = load_cert(s_cert_file, s_cert_format,
- NULL, e, "server certificate file");
+ "server certificate file");
if (!s_cert) {
ERR_print_errors(bio_err);
goto end;
}
if (s_chain_file) {
- if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e,
+ if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL,
"server certificate chain"))
goto end;
}
@@ -1578,7 +1574,7 @@ int s_server_main(int argc, char *argv[])
}
s_cert2 = load_cert(s_cert_file2, s_cert_format,
- NULL, e, "second server certificate file");
+ "second server certificate file");
if (!s_cert2) {
ERR_print_errors(bio_err);
@@ -1636,14 +1632,14 @@ int s_server_main(int argc, char *argv[])
}
s_dcert = load_cert(s_dcert_file, s_dcert_format,
- NULL, e, "second server certificate file");
+ "second server certificate file");
if (!s_dcert) {
ERR_print_errors(bio_err);
goto end;
}
if (s_dchain_file) {
- if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e,
+ if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL,
"second server certificate chain"))
goto end;
}
@@ -2054,8 +2050,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
-static int sv_body(const char *hostname, int s, int stype,
- unsigned char *context)
+static int sv_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
fd_set readfds;
@@ -2644,8 +2639,7 @@ static DH *load_dh_param(const char *dhfile)
}
#endif
-static int www_body(const char *hostname, int s, int stype,
- unsigned char *context)
+static int www_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int ret = 1;
@@ -3032,8 +3026,7 @@ static int www_body(const char *hostname, int s, int stype,
return (ret);
}
-static int rev_body(const char *hostname, int s, int stype,
- unsigned char *context)
+static int rev_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int i;
diff --git a/apps/s_socket.c b/apps/s_socket.c
index 6d781f481d..5d66ab993a 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -221,10 +221,8 @@ int init_client(int *sock, const char *host, const char *port,
* 0 on failure, something other on success.
*/
int do_server(int *accept_sock, const char *host, const char *port,
- int family, int type,
- int (*cb) (const char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept)
+ int family, int type, do_server_cb cb,
+ unsigned char *context, int naccept)
{
int asock = 0;
int sock;
@@ -258,50 +256,26 @@ int do_server(int *accept_sock, const char *host, const char *port,
}
BIO_ADDRINFO_free(res);
+ res = NULL;
- if (accept_sock != NULL) {
+ if (accept_sock != NULL)
*accept_sock = asock;
- }
for (;;) {
- BIO_ADDR *accepted_addr = NULL;
- char *name = NULL;
if (type == SOCK_STREAM) {
- if ((accepted_addr = BIO_ADDR_new()) == NULL) {
- BIO_closesocket(asock);
- return 0;
- }
- redoit:
- sock = BIO_accept_ex(asock, accepted_addr, 0);
+ do {
+ sock = BIO_accept_ex(asock, NULL, 0);
+ } while (sock < 0 && BIO_sock_should_retry(ret));
if (sock < 0) {
- if (BIO_sock_should_retry(ret)) {
- goto redoit;
- } else {
- ERR_print_errors(bio_err);
- BIO_ADDR_free(accepted_addr);
- SHUTDOWN(asock);
- break;
- }
+ ERR_print_errors(bio_err);
+ SHUTDOWN(asock);
+ break;
}
+ i = (*cb)(sock, type, context);
+ SHUTDOWN2(sock);
} else {
- sock = asock;
+ i = (*cb)(asock, type, context);
}
- /* accepted_addr is NULL if we're dealing with SOCK_DGRAM
- * this means that for SOCK_DGRAM, name will be NULL
- */
- if (accepted_addr != NULL) {
-#ifdef AF_UNIX
- if (family == AF_UNIX)
- name = BIO_ADDR_path_string(accepted_addr);
- else
-#endif
- name = BIO_ADDR_hostname_string(accepted_addr, 0);
- }
- i = (*cb) (name, sock, type, context);
- OPENSSL_free(name);
- BIO_ADDR_free(accepted_addr);
- if (type == SOCK_STREAM)
- SHUTDOWN2(sock);
if (naccept != -1)
naccept--;
if (i < 0 || naccept == 0) {
diff --git a/apps/smime.c b/apps/smime.c
index 024e83b1d2..60daeb408d 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -458,7 +458,7 @@ int smime_main(int argc, char **argv)
goto end;
while (*argv) {
cert = load_cert(*argv, FORMAT_PEM,
- NULL, e, "recipient certificate file");
+ "recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
@@ -468,7 +468,7 @@ int smime_main(int argc, char **argv)
}
if (certfile) {
- if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+ if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
"certificate file")) {
ERR_print_errors(bio_err);
goto end;
@@ -476,8 +476,8 @@ int smime_main(int argc, char **argv)
}
if (recipfile && (operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(recipfile, FORMAT_PEM, NULL,
- e, "recipient certificate file")) == NULL) {
+ if ((recip = load_cert(recipfile, FORMAT_PEM,
+ "recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
@@ -572,8 +572,8 @@ int smime_main(int argc, char **argv)
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(signerfile, FORMAT_PEM, NULL,
- e, "signer certificate");
+ signer = load_cert(signerfile, FORMAT_PEM,
+ "signer certificate");
if (!signer)
goto end;
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
diff --git a/apps/speed.c b/apps/speed.c
index a0decd7031..64faef5c6c 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1781,7 +1781,7 @@ int speed_main(int argc, char **argv)
/* DSA_generate_key(dsa_key[j]); */
/* DSA_sign_setup(dsa_key[j],NULL); */
- st = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]);
+ st = DSA_sign(0, buf, 20, buf2, &kk, dsa_key[j]);
if (st == 0) {
BIO_printf(bio_err,
"DSA sign failure. No DSA sign will be done.\n");
@@ -1792,7 +1792,7 @@ int speed_main(int argc, char **argv)
dsa_c[j][0], dsa_bits[j], DSA_SECONDS);
Time_F(START);
for (count = 0, run = 1; COND(dsa_c[j][0]); count++) {
- st = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]);
+ st = DSA_sign(0, buf, 20, buf2, &kk, dsa_key[j]);
if (st == 0) {
BIO_printf(bio_err, "DSA sign failure\n");
ERR_print_errors(bio_err);
@@ -1809,7 +1809,7 @@ int speed_main(int argc, char **argv)
rsa_count = count;
}
- st = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]);
+ st = DSA_verify(0, buf, 20, buf2, kk, dsa_key[j]);
if (st <= 0) {
BIO_printf(bio_err,
"DSA verify failure. No DSA verify will be done.\n");
@@ -1820,7 +1820,7 @@ int speed_main(int argc, char **argv)
dsa_c[j][1], dsa_bits[j], DSA_SECONDS);
Time_F(START);
for (count = 0, run = 1; COND(dsa_c[j][1]); count++) {
- st = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]);
+ st = DSA_verify(0, buf, 20, buf2, kk, dsa_key[j]);
if (st <= 0) {
BIO_printf(bio_err, "DSA verify failure\n");
ERR_print_errors(bio_err);
diff --git a/apps/verify.c b/apps/verify.c
index 158504464b..58a48c7f63 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -68,7 +68,7 @@
static int cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
- STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain);
+ STACK_OF(X509_CRL) *crls, int show_chain);
static int v_verbose = 0, vflags = 0;
typedef enum OPTION_choice {
@@ -108,7 +108,6 @@ OPTIONS verify_options[] = {
int verify_main(int argc, char **argv)
{
- ENGINE *e = NULL;
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
STACK_OF(X509_CRL) *crls = NULL;
X509_STORE *store = NULL;
@@ -167,7 +166,7 @@ int verify_main(int argc, char **argv)
break;
case OPT_UNTRUSTED:
/* Zero or more times */
- if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL, e,
+ if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL,
"untrusted certificates"))
goto end;
break;
@@ -175,26 +174,28 @@ int verify_main(int argc, char **argv)
/* Zero or more times */
noCAfile = 1;
noCApath = 1;
- if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL, e,
+ if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL,
"trusted certificates"))
goto end;
break;
case OPT_CRLFILE:
/* Zero or more times */
- if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL, e,
+ if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL,
"other CRLs"))
goto end;
break;
case OPT_CRL_DOWNLOAD:
crl_download = 1;
break;
+ case OPT_ENGINE:
+ if (setup_engine(opt_arg(), 0) == NULL) {
+ /* Failure message already displayed */
+ goto end;
+ }
+ break;
case OPT_SHOW_CHAIN:
show_chain = 1;
break;
- case OPT_ENGINE:
- /* Specify *before* -trusted/-untrusted/-CRLfile */
- e = setup_engine(opt_arg(), 0);
- break;
case OPT_VERBOSE:
v_verbose = 1;
break;
@@ -223,11 +224,11 @@ int verify_main(int argc, char **argv)
ret = 0;
if (argc < 1) {
- if (check(store, NULL, untrusted, trusted, crls, e, show_chain) != 1)
+ if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1)
ret = -1;
} else {
for (i = 0; i < argc; i++)
- if (check(store, argv[i], untrusted, trusted, crls, e,
+ if (check(store, argv[i], untrusted, trusted, crls,
show_chain) != 1)
ret = -1;
}
@@ -243,7 +244,7 @@ int verify_main(int argc, char **argv)
static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
- STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain)
+ STACK_OF(X509_CRL) *crls, int show_chain)
{
X509 *x = NULL;
int i = 0, ret = 0;
@@ -251,7 +252,7 @@ static int check(X509_STORE *ctx, char *file,
STACK_OF(X509) *chain = NULL;
int num_untrusted;
- x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file");
+ x = load_cert(file, FORMAT_PEM, "certificate file");
if (x == NULL)
goto end;
diff --git a/apps/x509.c b/apps/x509.c
index 2b9cb25a8e..66dd2ff77e 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -612,12 +612,12 @@ int x509_main(int argc, char **argv)
EVP_PKEY_free(pkey);
}
} else
- x = load_cert(infile, informat, NULL, e, "Certificate");
+ x = load_cert(infile, informat, "Certificate");
if (x == NULL)
goto end;
if (CA_flag) {
- xca = load_cert(CAfile, CAformat, NULL, e, "CA Certificate");
+ xca = load_cert(CAfile, CAformat, "CA Certificate");
if (xca == NULL)
goto end;
}
diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
index 10570ca576..f6bd2189cf 100644
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
@@ -402,8 +402,7 @@ static int asn1_print_fsname(BIO *out, int indent,
return 1;
}
-static int asn1_print_boolean_ctx(BIO *out, int boolval,
- const ASN1_PCTX *pctx)
+static int asn1_print_boolean(BIO *out, int boolval)
{
const char *str;
switch (boolval) {
@@ -427,8 +426,7 @@ static int asn1_print_boolean_ctx(BIO *out, int boolval,
}
-static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
- const ASN1_PCTX *pctx)
+static int asn1_print_integer(BIO *out, ASN1_INTEGER *str)
{
char *s;
int ret = 1;
@@ -439,8 +437,7 @@ static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
return ret;
}
-static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
- const ASN1_PCTX *pctx)
+static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid)
{
char objbuf[80];
const char *ln;
@@ -453,8 +450,7 @@ static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
return 1;
}
-static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent,
- const ASN1_PCTX *pctx)
+static int asn1_print_obstring(BIO *out, ASN1_STRING *str, int indent)
{
if (str->type == V_ASN1_BIT_STRING) {
if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0)
@@ -523,13 +519,13 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
int boolval = *(int *)fld;
if (boolval == -1)
boolval = it->size;
- ret = asn1_print_boolean_ctx(out, boolval, pctx);
+ ret = asn1_print_boolean(out, boolval);
}
break;
case V_ASN1_INTEGER:
case V_ASN1_ENUMERATED:
- ret = asn1_print_integer_ctx(out, str, pctx);
+ ret = asn1_print_integer(out, str);
break;
case V_ASN1_UTCTIME:
@@ -541,12 +537,12 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
break;
case V_ASN1_OBJECT:
- ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx);
+ ret = asn1_print_oid(out, (const ASN1_OBJECT *)*fld);
break;
case V_ASN1_OCTET_STRING:
case V_ASN1_BIT_STRING:
- ret = asn1_print_obstring_ctx(out, str, indent, pctx);
+ ret = asn1_print_obstring(out, str, indent);
needlf = 0;
break;
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 621667bdb9..e84b7e7e5f 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -271,8 +271,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
X509_STORE *store,
STACK_OF(X509) *certs,
- STACK_OF(X509_CRL) *crls,
- unsigned int flags)
+ STACK_OF(X509_CRL) *crls)
{
X509_STORE_CTX ctx;
X509 *signer;
@@ -353,8 +352,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
crls = CMS_get1_crls(cms);
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
si = sk_CMS_SignerInfo_value(sinfos, i);
- if (!cms_signerinfo_verify_cert(si, store,
- cms_certs, crls, flags))
+ if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
goto err;
}
}
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 9f02c77402..d78396bbdf 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -113,8 +113,7 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
static CONF_MODULE *module_find(char *name);
static int module_init(CONF_MODULE *pmod, char *name, char *value,
const CONF *cnf);
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
- unsigned long flags);
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value);
/* Main function: load modules from a CONF structure */
@@ -204,7 +203,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
/* Module not found: try to load DSO */
if (!md && !(flags & CONF_MFLAGS_NO_DSO))
- md = module_load_dso(cnf, name, value, flags);
+ md = module_load_dso(cnf, name, value);
if (!md) {
if (!(flags & CONF_MFLAGS_SILENT)) {
@@ -230,8 +229,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
}
/* Load a module from a DSO */
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
- unsigned long flags)
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value)
{
DSO *dso = NULL;
conf_init_func *ifunc;
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index fbb0613239..d644c86531 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -297,15 +297,6 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
return 0;
}
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-{
- size_t i;
- if (!b)
- return;
- if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
- *pbuflen = i;
-}
-
static int dh_param_decode(EVP_PKEY *pkey,
const unsigned char **pder, int derlen)
{
@@ -324,15 +315,10 @@ static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
return i2d_dhp(pkey, pkey->pkey.dh, pder);
}
-static int do_dh_print(BIO *bp, const DH *x, int indent,
- ASN1_PCTX *ctx, int ptype)
+static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
{
- unsigned char *m = NULL;
int reason = ERR_R_BUF_LIB;
- size_t buf_len = 0;
-
const char *ktype = NULL;
-
BIGNUM *priv_key, *pub_key;
if (ptype == 2)
@@ -345,20 +331,11 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
else
pub_key = NULL;
- update_buflen(x->p, &buf_len);
-
- if (buf_len == 0) {
+ if (priv_key == NULL && pub_key == NULL) {
reason = ERR_R_PASSED_NULL_PARAMETER;
goto err;
}
- update_buflen(x->g, &buf_len);
- update_buflen(x->q, &buf_len);
- update_buflen(x->j, &buf_len);
- update_buflen(x->counter, &buf_len);
- update_buflen(pub_key, &buf_len);
- update_buflen(priv_key, &buf_len);
-
if (ptype == 2)
ktype = "DH Private-Key";
else if (ptype == 1)
@@ -366,29 +343,23 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
else
ktype = "DH Parameters";
- m = OPENSSL_malloc(buf_len + 10);
- if (m == NULL) {
- reason = ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
BIO_indent(bp, indent, 128);
if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
goto err;
indent += 4;
- if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent))
+ if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent))
goto err;
- if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent))
+ if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent))
goto err;
- if (!ASN1_bn_print(bp, "prime:", x->p, m, indent))
+ if (!ASN1_bn_print(bp, "prime:", x->p, NULL, indent))
goto err;
- if (!ASN1_bn_print(bp, "generator:", x->g, m, indent))
+ if (!ASN1_bn_print(bp, "generator:", x->g, NULL, indent))
goto err;
- if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, m, indent))
+ if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, NULL, indent))
goto err;
- if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, m, indent))
+ if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, NULL, indent))
goto err;
if (x->seed) {
int i;
@@ -407,7 +378,7 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
if (BIO_write(bp, "\n", 1) <= 0)
return (0);
}
- if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, m, indent))
+ if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent))
goto err;
if (x->length != 0) {
BIO_indent(bp, indent, 128);
@@ -416,12 +387,10 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
goto err;
}
- OPENSSL_free(m);
return 1;
err:
DHerr(DH_F_DO_DH_PRINT, reason);
- OPENSSL_free(m);
return 0;
}
@@ -537,24 +506,24 @@ static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *ctx)
{
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
+ return do_dh_print(bp, pkey->pkey.dh, indent, 0);
}
static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *ctx)
{
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
+ return do_dh_print(bp, pkey->pkey.dh, indent, 1);
}
static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *ctx)
{
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
+ return do_dh_print(bp, pkey->pkey.dh, indent, 2);
}
int DHparams_print(BIO *bp, const DH *x)
{
- return do_dh_print(bp, x, 4, NULL, 0);
+ return do_dh_print(bp, x, 4, 0);
}
#ifndef OPENSSL_NO_CMS
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 5c45078e0c..e046fe79d3 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -372,22 +372,10 @@ static void int_dsa_free(EVP_PKEY *pkey)
DSA_free(pkey->pkey.dsa);
}
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-{
- size_t i;
- if (!b)
- return;
- if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
- *pbuflen = i;
-}
-
static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
{
- unsigned char *m = NULL;
int ret = 0;
- size_t buf_len = 0;
const char *ktype = NULL;
-
const BIGNUM *priv_key, *pub_key;
if (ptype == 2)
@@ -407,18 +395,6 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
else
ktype = "DSA-Parameters";
- update_buflen(x->p, &buf_len);
- update_buflen(x->q, &buf_len);
- update_buflen(x->g, &buf_len);
- update_buflen(priv_key, &buf_len);
- update_buflen(pub_key, &buf_len);
-
- m = OPENSSL_malloc(buf_len + 10);
- if (m == NULL) {
- DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
if (priv_key) {
if (!BIO_indent(bp, off, 128))
goto err;
@@ -427,19 +403,18 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
goto err;
}
- if (!ASN1_bn_print(bp, "priv:", priv_key, m, off))
+ if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off))
+ if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "P: ", x->p, m, off))
+ if (!ASN1_bn_print(bp, "P: ", x->p, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "Q: ", x->q, m, off))
+ if (!ASN1_bn_print(bp, "Q: ", x->q, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "G: ", x->g, m, off))
+ if (!ASN1_bn_print(bp, "G: ", x->g, NULL, off))
goto err;
ret = 1;
err:
- OPENSSL_free(m);
return (ret);
}
@@ -502,6 +477,7 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
{
DSA_SIG *dsa_sig;
const unsigned char *p;
+
if (!sig) {
if (BIO_puts(bp, "\n") <= 0)
return 0;
@@ -512,26 +488,16 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
if (dsa_sig) {
int rv = 0;
- size_t buf_len = 0;
- unsigned char *m = NULL;
- update_buflen(dsa_sig->r, &buf_len);
- update_buflen(dsa_sig->s, &buf_len);
- m = OPENSSL_malloc(buf_len + 10);
- if (m == NULL) {
- DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
if (BIO_write(bp, "\n", 1) != 1)
goto err;
- if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent))
+ if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, NULL, indent))
goto err;
- if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent))
+ if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, NULL, indent))
goto err;
rv = 1;
err:
- OPENSSL_free(m);
DSA_SIG_free(dsa_sig);
return rv;
}
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 1110e01b39..8eca37fd0a 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -120,7 +120,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
{
- int ret, type;
+ int ret;
unsigned int sltmp;
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
@@ -128,14 +128,12 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
if (dctx->md) {
if (tbslen != (size_t)EVP_MD_size(dctx->md))
return 0;
- type = EVP_MD_type(dctx->md);
} else {
if (tbslen != SHA_DIGEST_LENGTH)
return 0;
- type = NID_sha1;
}
- ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
+ ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa);
if (ret <= 0)
return ret;
@@ -147,21 +145,19 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen)
{
- int ret, type;
+ int ret;
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
if (dctx->md) {
if (tbslen != (size_t)EVP_MD_size(dctx->md))
return 0;
- type = EVP_MD_type(dctx->md);
} else {
if (tbslen != SHA_DIGEST_LENGTH)
return 0;
- type = NID_sha1;
}
- ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);
+ ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);
return ret;
}
diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c
index beb3fc20b8..15a179fbc6 100644
--- a/crypto/ec/ecdh_ossl.c
+++ b/crypto/ec/ecdh_ossl.c
@@ -118,7 +118,7 @@ int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
group = EC_KEY_get0_group(ecdh);
if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) {
- if (!EC_GROUP_get_cofactor(group, x, ctx) ||
+ if (!EC_GROUP_get_cofactor(group, x, NULL) ||
!BN_mul(x, x, priv_key, ctx)) {
ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
goto err;
diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c
index fa4cf6aefc..eacdb9ed72 100644
--- a/crypto/ec/eck_prn.c
+++ b/crypto/ec/eck_prn.c
@@ -142,8 +142,6 @@ static int print_bin(BIO *fp, const char *str, const unsigned char *num,
int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
{
- unsigned char *buffer = NULL;
- size_t buf_len = 0, i;
int ret = 0, reason = ERR_R_BIO_LIB;
BN_CTX *ctx = NULL;
const EC_POINT *point = NULL;
@@ -236,27 +234,9 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
goto err;
}
- buf_len = (size_t)BN_num_bytes(p);
- if (buf_len < (i = (size_t)BN_num_bytes(a)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(b)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(gen)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(order)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(cofactor)))
- buf_len = i;
-
if ((seed = EC_GROUP_get0_seed(x)) != NULL)
seed_len = EC_GROUP_get_seed_len(x);
- buf_len += 10;
- if ((buffer = OPENSSL_malloc(buf_len)) == NULL) {
- reason = ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
if (!BIO_indent(bp, off, 128))
goto err;
@@ -279,36 +259,36 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
goto err;
/* print the polynomial */
- if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer,
+ if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, NULL,
off))
goto err;
} else {
- if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer, off))
+ if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, NULL, off))
goto err;
}
- if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, buffer, off))
+ if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, NULL, off))
goto err;
- if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, buffer, off))
+ if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, NULL, off))
goto err;
if (form == POINT_CONVERSION_COMPRESSED) {
if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
- buffer, off))
+ NULL, off))
goto err;
} else if (form == POINT_CONVERSION_UNCOMPRESSED) {
if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
- buffer, off))
+ NULL, off))
goto err;
} else { /* form == POINT_CONVERSION_HYBRID */
if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
- buffer, off))
+ NULL, off))
goto err;
}
if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order,
- buffer, off))
+ NULL, off))
goto err;
if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor,
- buffer, off))
+ NULL, off))
goto err;
if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
goto err;
@@ -322,7 +302,6 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
BN_free(b);
BN_free(gen);
BN_CTX_free(ctx);
- OPENSSL_free(buffer);
return (ret);
}
diff --git a/crypto/mem.c b/crypto/mem.c
index 46f00176ab..f4da4fad67 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -136,8 +136,7 @@ void *CRYPTO_malloc(size_t num, const char *file, int line)
ret = malloc(num);
}
#else
- (void)file;
- (void)line;
+ osslargused(file); osslargused(line);
ret = malloc(num);
#endif
@@ -188,8 +187,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
return ret;
}
#else
- (void)file;
- (void)line;
+ osslargused(file); osslargused(line);
#endif
return realloc(str, num);
@@ -215,7 +213,6 @@ void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
}
ret = CRYPTO_malloc(num, file, line);
-
if (ret)
memcpy(ret, str, old_len);
CRYPTO_clear_free(str, old_len, file, line);
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index fdda487efc..7e41765b30 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -307,7 +307,7 @@ static void sh_add_to_list(char **list, char *ptr)
*list = ptr;
}
-static void sh_remove_from_list(char *ptr, char *list)
+static void sh_remove_from_list(char *ptr)
{
SH_LIST *temp, *temp2;
@@ -484,7 +484,7 @@ static char *sh_malloc(size_t size)
/* remove from bigger list */
OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
sh_clearbit(temp, slist, sh.bittable);
- sh_remove_from_list(temp, sh.freelist[slist]);
+ sh_remove_from_list(temp);
OPENSSL_assert(temp != sh.freelist[slist]);
/* done with bigger list */
@@ -510,7 +510,7 @@ static char *sh_malloc(size_t size)
chunk = sh.freelist[list];
OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
sh_setbit(chunk, list, sh.bitmalloc);
- sh_remove_from_list(chunk, sh.freelist[list]);
+ sh_remove_from_list(chunk);
OPENSSL_assert(WITHIN_ARENA(chunk));
@@ -539,10 +539,10 @@ static void sh_free(char *ptr)
OPENSSL_assert(ptr != NULL);
OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
sh_clearbit(ptr, list, sh.bittable);
- sh_remove_from_list(ptr, sh.freelist[list]);
+ sh_remove_from_list(ptr);
OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
sh_clearbit(buddy, list, sh.bittable);
- sh_remove_from_list(buddy, sh.freelist[list]);
+ sh_remove_from_list(buddy);
list--;
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index ff006cb892..8ac3d820ad 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -76,9 +76,9 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
- i2a_ASN1_STRING(bp, &a->issuerNameHash, V_ASN1_OCTET_STRING);
+ i2a_ASN1_STRING(bp, &a->issuerNameHash, 0);
BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
- i2a_ASN1_STRING(bp, &a->issuerKeyHash, V_ASN1_OCTET_STRING);
+ i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0);
BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
i2a_ASN1_INTEGER(bp, &a->serialNumber);
BIO_printf(bp, "\n");
@@ -227,7 +227,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
break;
case V_OCSP_RESPID_KEY:
- i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
+ i2a_ASN1_STRING(bp, rid->value.byKey, 0);
break;
}
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index fa4fde543f..356c79768f 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -62,19 +62,17 @@
#include <string.h>
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
- STACK_OF(X509) *certs, X509_STORE *st,
- unsigned long flags);
+ STACK_OF(X509) *certs, unsigned long flags);
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
- unsigned long flags);
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain);
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
OCSP_CERTID **ret);
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
STACK_OF(OCSP_SINGLERESP) *sresp);
-static int ocsp_check_delegated(X509 *x, int flags);
+static int ocsp_check_delegated(X509 *x);
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
X509_NAME *nm, STACK_OF(X509) *certs,
- X509_STORE *st, unsigned long flags);
+ unsigned long flags);
/* Verify a basic response message */
@@ -85,8 +83,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
STACK_OF(X509) *chain = NULL;
STACK_OF(X509) *untrusted = NULL;
X509_STORE_CTX ctx;
- int i, ret = 0;
- ret = ocsp_find_signer(&signer, bs, certs, st, flags);
+ int i, ret = ocsp_find_signer(&signer, bs, certs, flags);
+
if (!ret) {
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
@@ -146,7 +144,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
* At this point we have a valid certificate chain need to verify it
* against the OCSP issuer criteria.
*/
- ret = ocsp_check_issuer(bs, chain, flags);
+ ret = ocsp_check_issuer(bs, chain);
/* If fatal error or valid match then finish */
if (ret != 0)
@@ -175,8 +173,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
}
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
- STACK_OF(X509) *certs, X509_STORE *st,
- unsigned long flags)
+ STACK_OF(X509) *certs, unsigned long flags)
{
X509 *signer;
OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
@@ -221,8 +218,7 @@ static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
return NULL;
}
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
- unsigned long flags)
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain)
{
STACK_OF(OCSP_SINGLERESP) *sresp;
X509 *signer, *sca;
@@ -251,7 +247,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
return i;
if (i) {
/* We have a match, if extensions OK then success */
- if (ocsp_check_delegated(signer, flags))
+ if (ocsp_check_delegated(signer))
return 1;
return 0;
}
@@ -350,7 +346,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
}
-static int ocsp_check_delegated(X509 *x, int flags)
+static int ocsp_check_delegated(X509 *x)
{
if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
&& (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
@@ -384,7 +380,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
return 0;
}
nm = gen->d.directoryName;
- ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
+ ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
if (ret <= 0) {
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
@@ -431,7 +427,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
X509_NAME *nm, STACK_OF(X509) *certs,
- X509_STORE *st, unsigned long flags)
+ unsigned long flags)
{
X509 *signer;
if (!(flags & OCSP_NOINTERN)) {
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 736eb27b69..2cd79036a6 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -120,9 +120,9 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
/* Salt length for PVK files */
# define PVK_SALTLEN 0x10
-static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub);
-static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_dss(const unsigned char **in,
unsigned int bitlen, int ispub);
static int do_blob_header(const unsigned char **in, unsigned int length,
@@ -235,9 +235,9 @@ static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
return NULL;
}
if (isdss)
- return b2i_dss(&p, length, bitlen, ispub);
+ return b2i_dss(&p, bitlen, ispub);
else
- return b2i_rsa(&p, length, bitlen, ispub);
+ return b2i_rsa(&p, bitlen, ispub);
}
static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
@@ -268,16 +268,16 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
}
if (isdss)
- ret = b2i_dss(&p, length, bitlen, ispub);
+ ret = b2i_dss(&p, bitlen, ispub);
else
- ret = b2i_rsa(&p, length, bitlen, ispub);
+ ret = b2i_rsa(&p, bitlen, ispub);
err:
OPENSSL_free(buf);
return ret;
}
-static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_dss(const unsigned char **in,
unsigned int bitlen, int ispub)
{
const unsigned char *p = *in;
@@ -327,7 +327,7 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
return NULL;
}
-static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub)
{
const unsigned char *p = *in;
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 959aa23d1f..15f2194bf1 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -181,40 +181,11 @@ static void int_rsa_free(EVP_PKEY *pkey)
RSA_free(pkey->pkey.rsa);
}
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-{
- size_t i;
- if (!b)
- return;
- if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
- *pbuflen = i;
-}
-
static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
{
char *str;
const char *s;
- unsigned char *m = NULL;
int ret = 0, mod_len = 0;
- size_t buf_len = 0;
-
- update_buflen(x->n, &buf_len);
- update_buflen(x->e, &buf_len);
-
- if (priv) {
- update_buflen(x->d, &buf_len);
- update_buflen(x->p, &buf_len);
- update_buflen(x->q, &buf_len);
- update_buflen(x->dmp1, &buf_len);
- update_buflen(x->dmq1, &buf_len);
- update_buflen(x->iqmp, &buf_len);
- }
-
- m = OPENSSL_malloc(buf_len + 10);
- if (m == NULL) {
- RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
if (x->n != NULL)
mod_len = BN_num_bits(x->n);
@@ -223,39 +194,36 @@ static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
goto err;
if (priv && x->d) {
- if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len)
- <= 0)
+ if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
goto err;
str = "modulus:";
s = "publicExponent:";
} else {
- if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len)
- <= 0)
+ if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
goto err;
str = "Modulus:";
s = "Exponent:";
}
- if (!ASN1_bn_print(bp, str, x->n, m, off))
+ if (!ASN1_bn_print(bp, str, x->n, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, s, x->e, m, off))
+ if (!ASN1_bn_print(bp, s, x->e, NULL, off))
goto err;
if (priv) {
- if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off))
+ if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
+ if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
+ if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
+ if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
+ if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
goto err;
- if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
+ if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
goto err;
}
ret = 1;
err:
- OPENSSL_free(m);
return (ret);
}
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 3362f99895..93c8756068 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -174,7 +174,7 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
unsigned int sltmp;
if (rctx->pad_mode != RSA_PKCS1_PADDING)
return -1;
- ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
+ ret = RSA_sign_ASN1_OCTET_STRING(0,
tbs, tbslen, sig, &sltmp, rsa);
if (ret <= 0)
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 24bb157636..29a375d4ed 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -636,7 +636,7 @@ typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len,
/* Skip pattern prefix to match "wildcard" subject */
static void skip_prefix(const unsigned char **p, size_t *plen,
- const unsigned char *subject, size_t subject_len,
+ size_t subject_len,
unsigned int flags)
{
const unsigned char *pattern = *p;
@@ -671,7 +671,7 @@ static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
const unsigned char *subject, size_t subject_len,
unsigned int flags)
{
- skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
+ skip_prefix(&pattern, &pattern_len, subject_len, flags);
if (pattern_len != subject_len)
return 0;
while (pattern_len) {
@@ -700,7 +700,7 @@ static int equal_case(const unsigned char *pattern, size_t pattern_len,
const unsigned char *subject, size_t subject_len,
unsigned int flags)
{
- skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
+ skip_prefix(&pattern, &pattern_len, subject_len, flags);
if (pattern_len != subject_len)
return 0;
return !memcmp(pattern, subject, pattern_len);
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
index ac17a331df..851bb7795c 100644
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -97,8 +97,6 @@ because it doesn't add any security.
The B<file> should contain one or more CRLs in PEM format.
This option can be specified more than once to include CRLs from multiple
B<files>.
-If you want to enable an B<engine> via the B<-engine> option, that option has
-to be specified before this one.
=item B<-crl_download>
@@ -206,8 +204,6 @@ to constuct a certificate chain from the subject certificate to a trust-anchor.
The B<file> should contain one or more certificates in PEM format.
This option can be specified more than once to include untrusted certiificates
from multiple B<files>.
-If you want to enable an B<engine> via the B<-engine> option, that option has
-to be specified before this one.
=item B<-trusted file>
@@ -222,8 +218,6 @@ from multiple B<files>.
This option implies the B<-no-CAfile> and B<-no-CApath> options.
This option cannot be used in combination with either of the B<-CAfile> or
B<-CApath> options.
-If you want to enable an B<engine> via the B<-engine> option, that option has
-to be specified before this one.
=item B<-use_deltas>
diff --git a/e_os.h b/e_os.h
index 0701a78d5c..3a4ba6dd18 100644
--- a/e_os.h
+++ b/e_os.h
@@ -93,6 +93,8 @@ extern "C" {
# define REF_PRINT_COUNT(a, b)
# endif
+# define osslargused(x) (void)x
+
# ifndef DEVRANDOM
/*
* set this to a comma-separated list of 'random' device files to try out. My
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index e39704b355..8530c569a4 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -252,7 +252,7 @@ BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group);
/** Gets the order of a EC_GROUP
* \param group EC_GROUP object
* \param order BIGNUM to which the order is copied
- * \param ctx BN_CTX object (optional)
+ * \param ctx unused
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
@@ -274,7 +274,7 @@ int EC_GROUP_order_bits(const EC_GROUP *group);
/** Gets the cofactor of a EC_GROUP
* \param group EC_GROUP object
* \param cofactor BIGNUM to which the cofactor is copied
- * \param ctx BN_CTX object (optional)
+ * \param ctx unused
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 8b3e941570..d9c4ec6503 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -890,8 +890,7 @@ end:
static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
{
- unsigned char *p = (unsigned char *)s->init_buf->data;
- dtls1_set_message_header(s, p, htype, len, 0, len);
+ dtls1_set_message_header(s, htype, len, 0, len);
s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
s->init_off = 0;
/* Buffer the message to handle re-xmits */
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 49e8f462f4..a1b0e9e7db 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -231,7 +231,7 @@ void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
}
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
- int len, int peek);
+ int len);
/* copy buffered record into SSL structure */
static int dtls1_copy_record(SSL *s, pitem *item)
@@ -424,7 +424,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/*
* check whether there's a handshake message (client hello?) waiting
*/
- if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
+ if ((ret = have_handshake_fragment(s, type, buf, len)))
return ret;
/*
@@ -986,7 +986,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
* is started.
*/
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
- int len, int peek)
+ int len)
{
if ((type == SSL3_RT_HANDSHAKE)
diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h
index 2a4b663307..333d3c947d 100644
--- a/ssl/record/record_locl.h
+++ b/ssl/record/record_locl.h
@@ -198,8 +198,7 @@ __owur int ssl3_do_compress(SSL *ssl);
__owur int ssl3_do_uncompress(SSL *ssl);
void ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, unsigned md_size);
-__owur int ssl3_cbc_remove_padding(const SSL *s,
- SSL3_RECORD *rec,
+__owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size);
__owur int tls1_cbc_remove_padding(const SSL *s,
SSL3_RECORD *rec,
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 5eb152eeb5..7f89cc0a1c 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -631,7 +631,7 @@ int ssl3_enc(SSL *s, int send)
if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash);
if ((bs != 1) && !send)
- return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
+ return ssl3_cbc_remove_padding(rec, bs, mac_size);
}
return (1);
}
@@ -1018,8 +1018,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
* 1: if the padding was valid
* -1: otherwise.
*/
-int ssl3_cbc_remove_padding(const SSL *s,
- SSL3_RECORD *rec,
+int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size)
{
unsigned padding_length, good;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 30c868f655..fbca4f9b35 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1919,7 +1919,7 @@ __owur int ssl_choose_client_version(SSL *s, int version);
__owur long tls1_default_timeout(void);
__owur int dtls1_do_write(SSL *s, int type);
void dtls1_set_message_header(SSL *s,
- unsigned char *p, unsigned char mt,
+ unsigned char mt,
unsigned long len,
unsigned long frag_off,
unsigned long frag_len);
@@ -1928,8 +1928,7 @@ __owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len
__owur int dtls1_read_failed(SSL *s, int code);
__owur int dtls1_buffer_message(SSL *s, int ccs);
-__owur int dtls1_retransmit_message(SSL *s, unsigned short seq,
- unsigned long frag_off, int *found);
+__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found);
__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
int dtls1_retransmit_buffered_messages(SSL *s);
void dtls1_clear_record_buffer(SSL *s);
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 09f5df1ec7..a3090ef490 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -1078,7 +1078,7 @@ int dtls1_retransmit_buffered_messages(SSL *s)
if (dtls1_retransmit_message(s, (unsigned short)
dtls1_get_queue_priority
(frag->msg_header.seq,
- frag->msg_header.is_ccs), 0,
+ frag->msg_header.is_ccs),
&found) <= 0 && found) {
fprintf(stderr, "dtls1_retransmit_message() failed\n");
return -1;
@@ -1152,8 +1152,7 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
}
int
-dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
- int *found)
+dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
{
int ret;
/* XDTLS: for now assuming that read/writes are blocking */
@@ -1242,10 +1241,10 @@ void dtls1_clear_record_buffer(SSL *s)
}
}
-void dtls1_set_message_header(SSL *s, unsigned char *p,
- unsigned char mt, unsigned long len,
- unsigned long frag_off,
- unsigned long frag_len)
+void dtls1_set_message_header(SSL *s,
+ unsigned char mt, unsigned long len,
+ unsigned long frag_off,
+ unsigned long frag_len)
{
if (frag_off == 0) {
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 6b372232e1..7e63376f00 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -948,7 +948,7 @@ int dtls_construct_hello_verify_request(SSL *s)
len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH],
s->d1->cookie, s->d1->cookie_len);
- dtls1_set_message_header(s, buf, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0,
+ dtls1_set_message_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0,
len);
len += DTLS1_HM_HEADER_LENGTH;