diff options
| -rw-r--r-- | apps/apps.c | 3 | ||||
| -rw-r--r-- | apps/ca.c | 12 | ||||
| -rw-r--r-- | apps/ecparam.c | 2 | ||||
| -rw-r--r-- | apps/engine.c | 5 | ||||
| -rw-r--r-- | apps/gendsa.c | 2 | ||||
| -rw-r--r-- | crypto/bio/b_dump.c | 1 | ||||
| -rw-r--r-- | crypto/dsa/dsa_gen.c | 12 | ||||
| -rw-r--r-- | crypto/evp/e_aes_cbc_hmac_sha256.c | 2 | ||||
| -rw-r--r-- | crypto/evp/e_dsa.c | 69 | ||||
| -rw-r--r-- | crypto/ocsp/ocsp_lib.c | 6 | ||||
| -rw-r--r-- | crypto/ocsp/ocsp_prn.c | 1 | ||||
| -rw-r--r-- | crypto/pem/pvkfmt.c | 2 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_doit.c | 1 | ||||
| -rw-r--r-- | crypto/x509/t_crl.c | 1 | ||||
| -rw-r--r-- | crypto/x509/x509_lu.c | 2 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 1 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 1 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 1 | ||||
| -rw-r--r-- | test/evp_test.c | 2 |
19 files changed, 6 insertions, 120 deletions
diff --git a/apps/apps.c b/apps/apps.c index 39ca963b5f..c519ae612e 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -118,9 +118,6 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_WINCE) && !defined(NETWARE_CLIB) -# include <strings.h> -#endif #ifndef NO_SYS_TYPES_H # include <sys/types.h> #endif @@ -98,24 +98,18 @@ #undef BSIZE #define BSIZE 256 -#define BASE_SECTION "ca" +#define BASE_SECTION "ca" #define ENV_DEFAULT_CA "default_ca" -#define STRING_MASK "string_mask" +#define STRING_MASK "string_mask" #define UTF8_IN "utf8" -#define ENV_DIR "dir" -#define ENV_CERTS "certs" -#define ENV_CRL_DIR "crl_dir" -#define ENV_CA_DB "CA_DB" #define ENV_NEW_CERTS_DIR "new_certs_dir" -#define ENV_CERTIFICATE "certificate" +#define ENV_CERTIFICATE "certificate" #define ENV_SERIAL "serial" #define ENV_CRLNUMBER "crlnumber" -#define ENV_CRL "crl" #define ENV_PRIVATE_KEY "private_key" -#define ENV_RANDFILE "RANDFILE" #define ENV_DEFAULT_DAYS "default_days" #define ENV_DEFAULT_STARTDATE "default_startdate" #define ENV_DEFAULT_ENDDATE "default_enddate" diff --git a/apps/ecparam.c b/apps/ecparam.c index 9d13447283..122125ee4e 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -317,8 +317,6 @@ int ecparam_main(int argc, char **argv) } if (check) { - if (group == NULL) - BIO_printf(bio_err, "no elliptic curve parameters\n"); BIO_printf(bio_err, "checking elliptic curve parameters: "); if (!EC_GROUP_check(group, NULL)) { BIO_printf(bio_err, "failed\n"); diff --git a/apps/engine.c b/apps/engine.c index b4da23ee89..17e6f789f7 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -94,17 +94,12 @@ static void identity(char *ptr) static int append_buf(char **buf, const char *s, int *size, int step) { - int l = strlen(s); - if (*buf == NULL) { *size = step; *buf = app_malloc(*size, "engine buffer"); **buf = '\0'; } - if (**buf != '\0') - l += 2; /* ", " */ - if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { *size += step; *buf = OPENSSL_realloc(*buf, *size); diff --git a/apps/gendsa.c b/apps/gendsa.c index 5d5cb5efdd..9259c6ccaa 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -69,8 +69,6 @@ # include <openssl/x509.h> # include <openssl/pem.h> -# define DEFBITS 512 - typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_RAND, OPT_CIPHER diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index 33191c1b30..55792b9e30 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -104,7 +104,6 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if ((rows * dump_width) < len) rows++; for (i = 0; i < rows; i++) { - buf[0] = '\0'; /* start with empty string */ BUF_strlcpy(buf, str, sizeof buf); BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); BUF_strlcat(buf, tmp, sizeof buf); diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 562d0b58d4..480c29dbae 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -83,16 +83,8 @@ int DSA_generate_parameters_ex(DSA *ret, int bits, return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, counter_ret, h_ret, cb); else { - const EVP_MD *evpmd; - size_t qbits = bits >= 2048 ? 256 : 160; - - if (bits >= 2048) { - qbits = 256; - evpmd = EVP_sha256(); - } else { - qbits = 160; - evpmd = EVP_sha1(); - } + const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1(); + size_t qbits = EVP_MD_size(evpmd) * 8; return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, seed_len, NULL, counter_ret, diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index e83969de76..411c770868 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -820,8 +820,6 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, if (arg != EVP_AEAD_TLS1_AAD_LEN) return -1; - len = p[arg - 2] << 8 | p[arg - 1]; - if (ctx->encrypt) { key->payload_length = len; if ((key->aux.tls_ver = diff --git a/crypto/evp/e_dsa.c b/crypto/evp/e_dsa.c deleted file mode 100644 index 2217e37a54..0000000000 --- a/crypto/evp/e_dsa.c +++ /dev/null @@ -1,69 +0,0 @@ -/* crypto/evp/e_dsa.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include "internal/cryptlib.h" -#include <openssl/evp.h> -#include <openssl/objects.h> -#include <openssl/x509.h> - -static EVP_PKEY_METHOD dss_method = { - DSA_sign, - DSA_verify, - {EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, NULL}, -}; diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 012019473e..978429411f 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -242,12 +242,6 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, if ((p = strchr(p, ':'))) { *p = 0; port = p + 1; - } else { - /* Not found: set default port */ - if (*pssl) - port = "443"; - else - port = "80"; } *pport = BUF_strdup(port); diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 70b6904e9b..1137d61b22 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -213,7 +213,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) return 1; } - i = ASN1_STRING_length(rb->response); if ((br = OCSP_response_get1_basic(o)) == NULL) goto err; rd = &br->tbsResponseData; diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 342e2c52d8..47fb9ac71d 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -617,13 +617,11 @@ static int do_PVK_header(const unsigned char **in, unsigned int length, PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); return 0; } - length -= 20; } else { if (length < 24) { PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); return 0; } - length -= 24; pvk_magic = read_ledword(&p); if (pvk_magic != MS_PVKMAGIC) { PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 1ac68937eb..b3b4ae360a 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1089,7 +1089,6 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) rsk = p7->d.signed_and_enveloped->recipientinfo; if (rsk == NULL) return NULL; - ri = sk_PKCS7_RECIP_INFO_value(rsk, 0); if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return (NULL); ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c index 8400e851c9..f1440eb29d 100644 --- a/crypto/x509/t_crl.c +++ b/crypto/x509/t_crl.c @@ -96,7 +96,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x) l = X509_CRL_get_version(x); BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l); X509_CRL_get0_signature(&sig, &sig_alg, x); - i = X509_CRL_get_signature_nid(x); X509_signature_print(out, sig_alg, NULL); p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); BIO_printf(out, "%8sIssuer: %s\n", "", p); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 71a22d0385..2bcac35eed 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -523,8 +523,6 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) X509_OBJECT *obj, xobj; sk = sk_X509_CRL_new_null(); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - /* Check cache first */ - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); /* * Always do lookup to possibly add new CRLs to cache diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index c25f801cad..8a89b4268c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -3102,7 +3102,6 @@ int ssl3_send_client_certificate(SSL *s) * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP; * return(-1); We then get retied later */ - i = 0; i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate = SSL_X509_LOOKUP; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 7bf5828ad3..376ab7150d 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -370,7 +370,6 @@ int ssl3_accept(SSL *s) */ if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT); - ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret = -1; s->state = SSL_ST_ERR; goto end; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f18f502907..6446623920 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3938,7 +3938,6 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, idx = ssl_cert_type(x, pk); if (idx == -1) return 0; - cpk = c->pkeys + idx; pvalid = s->s3->tmp.valid_flags + idx; if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) diff --git a/test/evp_test.c b/test/evp_test.c index eb7ef5017a..83d1749418 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -639,7 +639,7 @@ struct digest_data { static int digest_test_init(struct evp_test *t, const char *alg) { const EVP_MD *digest; - struct digest_data *mdat = t->data; + struct digest_data *mdat; digest = EVP_get_digestbyname(alg); if (!digest) { /* If alg has an OID assume disabled algorithm */ |