diff options
53 files changed, 58 insertions, 193 deletions
diff --git a/apps/apps.c b/apps/apps.c index 1439bb49da..3a3009d473 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -377,13 +377,12 @@ void program_name(char *in, char *out, int size) int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { - int num,len,i; + int num,i; char *p; *argc=0; *argv=NULL; - len=strlen(buf); i=0; if (arg->count == 0) { @@ -88,9 +88,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -189,7 +186,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); diff --git a/apps/dhparam.c b/apps/dhparam.c index 5fab29eb87..b47097cbb2 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -149,9 +149,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int i,badops=0,text=0; #ifndef OPENSSL_NO_DSA @@ -270,7 +267,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (g && !num) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 4305a739b3..fe72c1d3df 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -111,9 +111,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -278,7 +275,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (need_rand) @@ -357,12 +354,10 @@ bad: if (C) { unsigned char *data; - int l,len,bits_p,bits_q,bits_g; + int l,len,bits_p; len=BN_num_bytes(dsa->p); bits_p=BN_num_bits(dsa->p); - bits_q=BN_num_bits(dsa->q); - bits_g=BN_num_bits(dsa->g); data=(unsigned char *)OPENSSL_malloc(len+20); if (data == NULL) { @@ -85,9 +85,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int ret = 1; EC_KEY *eckey = NULL; const EC_GROUP *group; @@ -254,7 +251,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) diff --git a/apps/ecparam.c b/apps/ecparam.c index e9aa0a184a..465480bedd 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -129,9 +129,6 @@ int MAIN(int argc, char **argv) char *infile = NULL, *outfile = NULL, *prog; BIO *in = NULL, *out = NULL; int informat, outformat, noout = 0, C = 0, ret = 1; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif char *engine = NULL; BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, @@ -340,7 +337,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (list_curves) diff --git a/apps/enc.c b/apps/enc.c index 3c2c91e920..c28d8b1948 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -101,9 +101,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; @@ -328,7 +325,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (md && (dgst=EVP_get_digestbyname(md)) == NULL) diff --git a/apps/gendh.c b/apps/gendh.c index caa7327a10..4ec776ba93 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -89,9 +89,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { BN_GENCB cb; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; @@ -163,7 +160,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif out=BIO_new(BIO_s_file()); diff --git a/apps/gendsa.c b/apps/gendsa.c index 22c39629e5..62ea977905 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -78,9 +78,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; @@ -206,7 +203,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 86d31b99a7..ae6cd33f73 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -82,9 +82,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -182,7 +179,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c index 7f18010f9d..6f7a357a36 100644 --- a/apps/pkeyparam.c +++ b/apps/pkeyparam.c @@ -74,7 +74,6 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey=NULL; int badarg = 0; #ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; char *engine=NULL; #endif int ret = 1; @@ -141,7 +140,7 @@ int MAIN(int argc, char **argv) } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (infile) diff --git a/apps/rand.c b/apps/rand.c index 44a1d46a03..790e79592c 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -77,9 +77,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -178,7 +175,7 @@ int MAIN(int argc, char **argv) } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); diff --git a/apps/s_server.c b/apps/s_server.c index a70482e93e..e4a9a2bae5 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2269,11 +2269,10 @@ static int www_body(char *hostname, int s, unsigned char *context) { char *buf=NULL; int ret=1; - int i,j,k,blank,dot; + int i,j,k,dot; SSL *con; const SSL_CIPHER *c; BIO *io,*ssl_bio,*sbio; - long total_bytes; buf=OPENSSL_malloc(bufsize); if (buf == NULL) return(0); @@ -2343,7 +2342,6 @@ static int www_body(char *hostname, int s, unsigned char *context) SSL_set_msg_callback_arg(con, bio_s_out); } - blank=0; for (;;) { if (hack) @@ -2604,7 +2602,6 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); } /* send the file */ - total_bytes=0; for (;;) { i=BIO_read(file,buf,bufsize); diff --git a/apps/s_socket.c b/apps/s_socket.c index b5f9db3062..a9228f42a6 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -321,7 +321,7 @@ static int init_server_long(int *sock, int port, char *ip, int type) { int ret=0; struct sockaddr_in server; - int s= -1,i; + int s= -1; if (!ssl_sock_init()) return(0); @@ -360,7 +360,6 @@ static int init_server_long(int *sock, int port, char *ip, int type) } /* Make it 128 for linux */ if (type==SOCK_STREAM && listen(s,128) == -1) goto err; - i=0; *sock=s; ret=1; err: @@ -378,7 +377,7 @@ static int init_server(int *sock, int port, int type) static int do_accept(int acc_sock, int *sock, char **host) { - int ret,i; + int ret; struct hostent *h1,*h2; static struct sockaddr_in from; int len; @@ -455,7 +454,6 @@ redoit: BIO_printf(bio_err,"gethostbyname failure\n"); return(0); } - i=0; if (h2->h_addrtype != AF_INET) { BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); diff --git a/apps/speed.c b/apps/speed.c index 1882239ce3..85673ff5a1 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -344,9 +344,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif unsigned char *buf=NULL,*buf2=NULL; int mret=1; long count=0,save_count=0; @@ -440,7 +437,6 @@ int MAIN(int argc, char **argv) unsigned char DES_iv[8]; unsigned char iv[2*MAX_BLOCK_SIZE/8]; #ifndef OPENSSL_NO_DES - DES_cblock *buf_as_des_cblock = NULL; static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; @@ -654,9 +650,6 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"out of memory\n"); goto end; } -#ifndef OPENSSL_NO_DES - buf_as_des_cblock = (DES_cblock *)buf; -#endif if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) { BIO_printf(bio_err,"out of memory\n"); @@ -731,7 +724,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"no engine given\n"); goto end; } - e = setup_engine(bio_err, *argv, 0); + setup_engine(bio_err, *argv, 0); /* j will be increased again further down. We just don't want speed to confuse an engine with an algorithm, especially when none is given (which diff --git a/apps/x509.c b/apps/x509.c index ff56f30ff3..dc9cd77078 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -567,7 +567,6 @@ bad: if (reqfile) { EVP_PKEY *pkey; - X509_CINF *ci; BIO *in; if (!sign_flag && !CA_flag) @@ -635,7 +634,6 @@ bad: print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag); if ((x=X509_new()) == NULL) goto end; - ci=x->cert_info; if (sno == NULL) { diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index c6fd204ae3..3348b8762c 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, { ASN1_INTEGER *ret=NULL; const unsigned char *p; - unsigned char *to,*s; + unsigned char *s; long len; int inf,tag,xclass; int i; @@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, i=ERR_R_MALLOC_FAILURE; goto err; } - to=s; ret->type=V_ASN1_INTEGER; if(len) { if ((*p == 0) && (len != 1)) diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 9a41f29e3e..e251739933 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -247,7 +247,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int sgckey) { RSA *ret=NULL; - const unsigned char *p, *kp; + const unsigned char *p; NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; p = *pp; @@ -270,7 +270,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); goto err; } - kp = enckey->enckey->digest->data; if (cb == NULL) cb=EVP_read_pw_string; if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index da7eff1f1d..c61169208a 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; long l; - int i, n; + int i; char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); @@ -106,7 +106,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x) else BIO_printf(out,"NONE"); BIO_printf(out,"\n"); - n=X509_CRL_get_ext_count(x); X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 3bee439968..87d7dfdf5c 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -168,7 +168,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int i; int otag; int ret = 0; - ASN1_VALUE *pchval, **pchptr, *ptmpval; + ASN1_VALUE **pchptr, *ptmpval; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -319,7 +319,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, goto err; } /* CHOICE type, try each possibility in turn */ - pchval = NULL; p = *in; for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) { diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index c72a23c2e1..028616c064 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -125,7 +125,6 @@ static int nbiof_free(BIO *a) static int nbiof_read(BIO *b, char *out, int outl) { - NBIO_TEST *nt; int ret=0; #if 1 int num; @@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, int outl) if (out == NULL) return(0); if (b->next_bio == NULL) return(0); - nt=(NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); #if 1 diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 77f4de9c32..e12bc3a2ca 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method) int BIO_free(BIO *a) { - int ret=0,i; + int i; if (a == NULL) return(0); @@ -133,7 +133,7 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - ret=a->method->destroy(a); + a->method->destroy(a); OPENSSL_free(a); return(1); } diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 826f761143..5d49e1a72b 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char *in, int inl) static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) { - BIO *dbio; int *ip; long ret=1; BIO_ACCEPT *data; @@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ret=(long)data->bind_mode; break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; -/* if (data->param_port) EAY EAY +/* dbio=(BIO *)ptr; + if (data->param_port) EAY EAY BIO_set_port(dbio,data->param_port); if (data->param_hostname) BIO_set_hostname(dbio,data->param_hostname); diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index a0e9ec3b46..12e5be80eb 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, int tnb, BN_ULONG *t) { int i,j,n2=n*2; - int c1,c2,neg,zero; + int c1,c2,neg; BN_ULONG ln,lo,*p; # ifdef BN_COUNT @@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, /* r=(a[0]-a[1])*(b[1]-b[0]) */ c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); - zero=neg=0; + neg=0; switch (c1*3+c2) { case -4: @@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ break; case -3: - zero=1; /* break; */ case -2: bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ @@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, case -1: case 0: case 1: - zero=1; /* break; */ case 2: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ @@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, neg=1; break; case 3: - zero=1; /* break; */ case 4: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); @@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { if (i >= -1 && i <= 1) { - int sav_j =0; /* Find out the power of two lower or equal to the longest of the two numbers */ if (i >= 0) @@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { j = BN_num_bits_word((BN_ULONG)bl); } - sav_j = j; j = 1<<(j-1); assert(j <= al || j <= bl); k = j+j; diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 22617e5fa1..0c1ee2b738 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -285,7 +285,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) v->value=(char *)sk; vv=lh_CONF_VALUE_insert(conf->data,v); - assert(vv == NULL); + OPENSSL_assert(vv == NULL); ok=1; err: if (!ok) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 0b571b0394..cf951320af 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -213,13 +213,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) int bufnum=0,i,ii; BUF_MEM *buff=NULL; char *s,*p,*end; - int again,n; + int again; long eline=0; char btmp[DECIMAL_SIZE(eline)+1]; CONF_VALUE *v=NULL,*tv; CONF_VALUE *sv=NULL; char *section=NULL,*buf; - STACK_OF(CONF_VALUE) *section_sk=NULL,*ts; char *start,*psection,*pname; void *h = (void *)(conf->data); @@ -250,7 +249,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; bufnum=0; again=0; @@ -309,7 +307,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) buf=buff->data; clear_comments(conf, buf); - n=strlen(buf); s=eat_ws(conf, buf); if (IS_EOF(conf,*s)) continue; /* blank line */ if (*s == '[') @@ -343,7 +340,6 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; continue; } else @@ -406,13 +402,9 @@ again: CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } - ts=(STACK_OF(CONF_VALUE) *)tv->value; } else - { tv=sv; - ts=section_sk; - } #if 1 if (_CONF_add_string(conf, tv, v) == 0) { @@ -465,9 +457,6 @@ err: static void clear_comments(CONF *conf, char *p) { - char *to; - - to=p; for (;;) { if (IS_FCOMMENT(conf,*p)) diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index cd6bba3682..a7d478324e 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -120,7 +120,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, BIGNUM *r0,*W,*X,*c,*test; BIGNUM *g=NULL,*q=NULL,*p=NULL; BN_MONT_CTX *mont=NULL; - int i, k,n=0,b,m=0, qsize = qbits >> 3; + int i, k, n=0, m=0, qsize = qbits >> 3; int counter=0; int r=0; BN_CTX *ctx=NULL; @@ -234,7 +234,6 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, /* "offset = 2" */ n=(bits-1)/160; - b=(bits-1)-n*160; for (;;) { diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index e89b1d4772..4d8ea03d3d 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -96,7 +96,6 @@ const ECDH_METHOD *ECDH_get_default_method(void) int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) { - const ECDH_METHOD *mtmp; ECDH_DATA *ecdh; ecdh = ecdh_check(eckey); @@ -104,8 +103,8 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) if (ecdh == NULL) return 0; - mtmp = ecdh->meth; #if 0 + mtmp = ecdh->meth; if (mtmp->finish) mtmp->finish(eckey); #endif diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 85e8a3a7ed..2ebae3aa27 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -83,7 +83,6 @@ const ECDSA_METHOD *ECDSA_get_default_method(void) int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) { - const ECDSA_METHOD *mtmp; ECDSA_DATA *ecdsa; ecdsa = ecdsa_check(eckey); @@ -91,7 +90,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) if (ecdsa == NULL) return 0; - mtmp = ecdsa->meth; #ifndef OPENSSL_NO_ENGINE if (ecdsa->engine) { diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index b42c747249..28546a84bc 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; + int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl; unsigned char *d; n=ctx->num; @@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, * lines. We process the line and then need to * accept the '\n' */ if ((v != B64_EOF) && (n >= 64)) exp_nl=1; - tmp2=v; if (n > 0) { v=EVP_DecodeBlock(out,d,n); diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 45015fe754..6c98fc43a3 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -138,12 +138,9 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { - int j; unsigned int i; unsigned char buf[EVP_MAX_MD_SIZE]; - j=EVP_MD_block_size(ctx->md); - if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i)) goto err; if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx)) diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 1695c9c4ad..87608ff399 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) { int i, ret = 0; long l; - unsigned char *p; OCSP_CERTID *cid = NULL; OCSP_BASICRESP *br = NULL; OCSP_RESPID *rid = NULL; @@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) return 1; } - p = ASN1_STRING_data(rb->response); i = ASN1_STRING_length(rb->response); if (!(br = OCSP_response_get1_basic(o))) goto err; rd = br->tbsResponseData; diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 18cde7c2d9..5a421fc4b6 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -489,7 +489,6 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) { - int o; const EVP_CIPHER *enc=NULL; char *p,c; char **header_pp = &header; @@ -529,7 +528,6 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) header++; } *header='\0'; - o=OBJ_sn2nid(p); cipher->cipher=enc=EVP_get_cipherbyname(p); *header=c; header++; diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 0dd6f5d98a..b1bf71a5da 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -662,7 +662,7 @@ static int do_PVK_header(const unsigned char **in, unsigned int length, { const unsigned char *p = *in; - unsigned int pvk_magic, keytype, is_encrypted; + unsigned int pvk_magic, is_encrypted; if (skip_magic) { if (length < 20) @@ -689,7 +689,7 @@ static int do_PVK_header(const unsigned char **in, unsigned int length, } /* Skip reserved */ p += 4; - keytype = read_ledword(&p); + /*keytype = */read_ledword(&p); is_encrypted = read_ledword(&p); *psaltlen = read_ledword(&p); *pkeylen = read_ledword(&p); @@ -847,7 +847,7 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb, void *u) { - int outlen = 24, noinc, pklen; + int outlen = 24, pklen; unsigned char *p, *salt = NULL; EVP_CIPHER_CTX cctx; EVP_CIPHER_CTX_init(&cctx); @@ -860,10 +860,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, if (!out) return outlen; if (*out) - { p = *out; - noinc = 0; - } else { p = OPENSSL_malloc(outlen); @@ -873,7 +870,6 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, return -1; } *out = p; - noinc = 1; } write_ledword(&p, MS_PVKMAGIC); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index c2a56893ef..cb8434b322 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -422,7 +422,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) X509_ALGOR *enc_alg=NULL; STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; i=OBJ_obj2nid(p7->type); @@ -445,7 +444,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.signed_and_enveloped->enc_data->algorithm; break; case NID_pkcs7_enveloped: rsk=p7->d.enveloped->recipientinfo; @@ -457,7 +455,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; } - xalg=p7->d.enveloped->enc_data->algorithm; break; default: PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 3ca0952792..d411269b50 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -591,7 +591,6 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) { int i; - ASN1_OBJECT *objtmp; PKCS7_ENC_CONTENT *ec; i=OBJ_obj2nid(p7->type); @@ -614,7 +613,6 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); return(0); } - objtmp = OBJ_nid2obj(i); ec->cipher = cipher; return 1; diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c index 99a6fb874d..eab13a1250 100644 --- a/crypto/pqueue/pqueue.c +++ b/crypto/pqueue/pqueue.c @@ -167,14 +167,13 @@ pqueue_pop(pqueue_s *pq) pitem * pqueue_find(pqueue_s *pq, unsigned char *prio64be) { - pitem *next, *prev = NULL; + pitem *next; pitem *found = NULL; if ( pq->items == NULL) return NULL; - for ( next = pq->items; next->next != NULL; - prev = next, next = next->next) + for ( next = pq->items; next->next != NULL; next = next->next) { if ( memcmp(next->priority, prio64be,8) == 0) { diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 4ed40b7b70..678b0fe0d6 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -269,7 +269,6 @@ err: const char *RAND_file_name(char *buf, size_t size) { char *s=NULL; - int ok = 0; #ifdef __OpenBSD__ struct stat sb; #endif @@ -298,7 +297,6 @@ const char *RAND_file_name(char *buf, size_t size) BUF_strlcat(buf,"/",size); #endif BUF_strlcat(buf,RFILE,size); - ok = 1; } else buf[0] = '\0'; /* no file name */ diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 92f6b24556..bb9777348f 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -341,9 +341,8 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache) { int i; - X509_POLICY_LEVEL *last; X509_POLICY_DATA *data; - last = curr - 1; + for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { data = sk_X509_POLICY_DATA_value(cache->data, i); diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c index f620a216c8..e6c2839e5f 100644 --- a/engines/ccgost/gost_ameth.c +++ b/engines/ccgost/gost_ameth.c @@ -39,7 +39,7 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) ASN1_STRING *params = ASN1_STRING_new(); GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new(); int pkey_param_nid = NID_undef; - int cipher_param_nid = NID_undef; + if (!params || !gkp) { GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, @@ -52,7 +52,6 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) { case NID_id_GostR3410_2001: pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)key))); - cipher_param_nid = get_encryption_params(NULL)->nid; break; case NID_id_GostR3410_94: pkey_param_nid = (int) gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key)); @@ -64,7 +63,6 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) params=NULL; goto err; } - cipher_param_nid = get_encryption_params(NULL)->nid; break; } gkp->key_params = OBJ_nid2obj(pkey_param_nid); diff --git a/engines/e_chil.c b/engines/e_chil.c index 9c2729c96d..fdc2100e3d 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -1077,11 +1077,11 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, static int hwcrhk_rsa_finish(RSA *rsa) { HWCryptoHook_RSAKeyHandle *hptr; - int ret; + hptr = RSA_get_ex_data(rsa, hndidx_rsa); if (hptr) { - ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); + p_hwcrhk_RSAUnloadKey(*hptr, NULL); OPENSSL_free(hptr); RSA_set_ex_data(rsa, hndidx_rsa, NULL); } diff --git a/engines/e_cswift.c b/engines/e_cswift.c index bc65179846..2e64ff3277 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -811,7 +811,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) SW_PARAM sw_param; SW_STATUS sw_status; SW_LARGENUMBER arg, res; - unsigned char *ptr; BN_CTX *ctx; BIGNUM *dsa_p = NULL; BIGNUM *dsa_q = NULL; @@ -899,7 +898,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; } /* Convert the response */ - ptr = (unsigned char *)result->d; if((to_return = DSA_SIG_new()) == NULL) goto err; to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL); diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 9b747b9aea..aa5709bd8c 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -630,10 +630,8 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx) { int y_len, - m_len, fd; - m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1; y_len = BN_num_bits(p) + BN_num_bits(q); /* Check if hardware can't handle this argument. */ diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index a5439d544f..1fd58bf598 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -296,9 +296,6 @@ dtls1_process_buffered_records(SSL *s) item = pqueue_peek(s->d1->unprocessed_rcds.q); if (item) { - DTLS1_RECORD_DATA *rdata; - rdata = (DTLS1_RECORD_DATA *)item->data; - /* Check if epoch is current. */ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) return(1); /* Nothing to do. */ @@ -528,14 +525,12 @@ int dtls1_get_record(SSL *s) int ssl_major,ssl_minor; int i,n; SSL3_RECORD *rr; - SSL_SESSION *sess; unsigned char *p = NULL; unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; rr= &(s->s3->rrec); - sess=s->session; /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index e3fce53430..3bf728318a 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -92,15 +92,8 @@ const SSL_CIPHER *ssl23_get_cipher(unsigned int u) * available */ const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c; const SSL_CIPHER *cp; - unsigned long id; - int n; - n=ssl3_num_ciphers(); - id=0x03000000|((unsigned long)p[0]<<16L)| - ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; - c.id=id; cp=ssl3_get_cipher_by_char(p); #ifndef OPENSSL_NO_SSL2 if (cp == NULL) diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 1434e734dd..9471676872 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -697,7 +697,6 @@ static int server_hello(SSL *s) { unsigned char *p,*d; int n,hit; - STACK_OF(SSL_CIPHER) *sk; p=(unsigned char *)s->init_buf->data; if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) @@ -778,7 +777,6 @@ static int server_hello(SSL *s) /* lets send out the ciphers we like in the * prefered order */ - sk= s->session->ciphers; n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); d+=n; s2n(n,p); /* add cipher length */ diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 3d7aec97a2..58386e1ba0 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -214,7 +214,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) int ssl3_change_cipher_state(SSL *s, int which) { - unsigned char *p,*key_block,*mac_secret; + unsigned char *p,*mac_secret; unsigned char exp_key[EVP_MAX_KEY_LENGTH]; unsigned char exp_iv[EVP_MAX_IV_LENGTH]; unsigned char *ms,*key,*iv,*er1,*er2; @@ -239,7 +239,6 @@ int ssl3_change_cipher_state(SSL *s, int which) else comp=s->s3->tmp.new_compression->method; #endif - key_block=s->s3->tmp.key_block; if (which & SSL3_CC_READ) { diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 28709978b5..d7f4c6087e 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -357,7 +357,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) { - int version,ssl_version=0,i; + int ssl_version=0,i; long id; ASN1_INTEGER ai,*aip; ASN1_OCTET_STRING os,*osp; @@ -371,7 +371,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ai.data=NULL; ai.length=0; M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - version=(int)ASN1_INTEGER_get(aip); if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } /* we don't care about the version right now :-) */ diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index bee3507ea1..a8ce186b78 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1027,7 +1027,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, const SSL_CIPHER **ca_list) { unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; - const char *l, *start, *buf; + const char *l, *buf; int j, multi, found, rule, retval, ok, buflen; unsigned long cipher_id = 0; char ch; @@ -1064,7 +1064,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str, alg_ssl = 0; algo_strength = 0; - start=l; for (;;) { ch = *l; @@ -1456,7 +1455,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) int is_export,pkl,kl; const char *ver,*exp_str; const char *kx,*au,*enc,*mac; - unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s; + unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; #ifdef KSSL_DEBUG static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; #else @@ -1469,7 +1468,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) alg_mac = cipher->algorithm_mac; alg_ssl = cipher->algorithm_ssl; - alg_s=cipher->algo_strength; alg2=cipher->algorithm2; is_export=SSL_C_IS_EXPORT(cipher); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0f7a7f1dfc..3c74ec179c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2110,23 +2110,12 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs) /* THIS NEEDS CLEANING UP */ X509 *ssl_get_server_send_cert(SSL *s) { - unsigned long alg_k,alg_a,mask_k,mask_a; + unsigned long alg_k,alg_a; CERT *c; - int i,is_export; + int i; c=s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); - is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); - if (is_export) - { - mask_k = c->export_mask_k; - mask_a = c->export_mask_a; - } - else - { - mask_k = c->mask_k; - mask_a = c->mask_a; - } alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index ed01651e62..175635881d 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1430,7 +1430,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) BIO *c_bio=NULL; BIO *s_bio=NULL; int c_r,c_w,s_r,s_w; - int c_want,s_want; int i,j; int done=0; int c_write,s_write; @@ -1465,8 +1464,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) c_r=0; s_r=1; c_w=1; s_w=0; - c_want=W_WRITE; - s_want=0; c_write=1,s_write=0; /* We can always do writes */ diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 01884906df..b5c3179c48 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -158,7 +158,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, const void *seed5, int seed5_len, unsigned char *out, int olen) { - int chunk,n; + int chunk; unsigned int j; HMAC_CTX ctx; HMAC_CTX ctx_tmp; @@ -188,7 +188,6 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, if (!HMAC_Final(&ctx,A1,&A1_len)) goto err; - n=0; for (;;) { if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */ @@ -310,13 +309,13 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, int tls1_change_cipher_state(SSL *s, int which) { static const unsigned char empty[]=""; - unsigned char *p,*key_block,*mac_secret; + unsigned char *p,*mac_secret; unsigned char *exp_label; unsigned char tmp1[EVP_MAX_KEY_LENGTH]; unsigned char tmp2[EVP_MAX_KEY_LENGTH]; unsigned char iv1[EVP_MAX_IV_LENGTH*2]; unsigned char iv2[EVP_MAX_IV_LENGTH*2]; - unsigned char *ms,*key,*iv,*er1,*er2; + unsigned char *ms,*key,*iv; int client_write; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; @@ -338,7 +337,6 @@ int tls1_change_cipher_state(SSL *s, int which) #ifndef OPENSSL_NO_COMP comp=s->s3->tmp.new_compression; #endif - key_block=s->s3->tmp.key_block; #ifdef KSSL_DEBUG printf("tls1_change_cipher_state(which= %d) w/\n", which); @@ -449,8 +447,6 @@ int tls1_change_cipher_state(SSL *s, int which) cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ k=EVP_CIPHER_iv_length(c); - er1= &(s->s3->client_random[0]); - er2= &(s->s3->server_random[0]); if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { @@ -907,7 +903,7 @@ int tls1_final_finish_mac(SSL *s, int tls1_mac(SSL *ssl, unsigned char *md, int send) { SSL3_RECORD *rec; - unsigned char *mac_sec,*seq; + unsigned char *seq; EVP_MD_CTX *hash; size_t md_size; int i; @@ -919,14 +915,12 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) if (send) { rec= &(ssl->s3->wrec); - mac_sec= &(ssl->s3->write_mac_secret[0]); seq= &(ssl->s3->write_sequence[0]); hash=ssl->write_hash; } else { rec= &(ssl->s3->rrec); - mac_sec= &(ssl->s3->read_mac_secret[0]); seq= &(ssl->s3->read_sequence[0]); hash=ssl->read_hash; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9ee7e7d717..ef40e5e6f8 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -983,9 +983,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) { + unsigned short length; unsigned short type; unsigned short size; - unsigned short len; unsigned char *data = *p; int tlsext_servername = 0; int renegotiate_seen = 0; @@ -993,7 +993,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (data >= (d+n-2)) goto ri_check; - n2s(data,len); + n2s(data,length); + if (data+length != d+n) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } while(data <= (d+n-4)) { |