diff options
89 files changed, 467 insertions, 346 deletions
@@ -103,11 +103,10 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare # TODO(openssl-team): fix problems and investigate if (at least) the # following warnings can also be enabled: # -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers, -# -Wmissing-variable-declarations, -# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, +# -Wcast-align, # -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token # -Wextended-offsetof -my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments"; +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations"; my $strict_warnings = 0; diff --git a/apps/apps.h b/apps/apps.h index 0901c7dce3..328f8fb55a 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -573,6 +573,12 @@ int raw_write_stdout(const void *, int); # define TM_STOP 1 double app_tminterval(int stop, int usertime); +/* this is an accident waiting to happen (-Wshadow is your friend) */ +extern int verify_depth; +extern int verify_quiet; +extern int verify_error; +extern int verify_return_error; + # include "progs.h" #endif diff --git a/apps/cms.c b/apps/cms.c index 2331ea2e28..ae47341532 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -95,7 +95,7 @@ static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, # define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) # define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) -int verify_err = 0; +static int verify_err = 0; typedef struct cms_key_param_st cms_key_param; diff --git a/apps/ecparam.c b/apps/ecparam.c index 145f55c0e6..5a98f454fb 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -116,14 +116,14 @@ OPTIONS ecparam_options[] = { {NULL} }; -OPT_PAIR forms[] = { +static OPT_PAIR forms[] = { {"compressed", POINT_CONVERSION_COMPRESSED}, {"uncompressed", POINT_CONVERSION_UNCOMPRESSED}, {"hybrid", POINT_CONVERSION_HYBRID}, {NULL} }; -OPT_PAIR encodings[] = { +static OPT_PAIR encodings[] = { {"named_curve", OPENSSL_EC_NAMED_CURVE}, {"explicit", 0}, {NULL} diff --git a/apps/openssl.c b/apps/openssl.c index 39ae64d498..58a2d0f700 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -160,7 +160,7 @@ static void list_pkey(void); static void list_type(FUNC_TYPE ft); char *default_config_file = NULL; -CONF *config = NULL; +static CONF *config = NULL; BIO *bio_in = NULL; BIO *bio_out = NULL; BIO *bio_err = NULL; diff --git a/apps/progs.h b/apps/progs.h index 4b9bcb47ed..4a59b64a50 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -65,7 +65,6 @@ extern int list_main(int argc, char *argv[]); extern int help_main(int argc, char *argv[]); extern int exit_main(int argc, char *argv[]); -#ifdef INCLUDE_FUNCTION_TABLE extern OPTIONS asn1parse_options[]; extern OPTIONS ca_options[]; extern OPTIONS ciphers_options[]; @@ -114,7 +113,9 @@ extern OPTIONS rehash_options[]; extern OPTIONS list_options[]; extern OPTIONS help_options[]; extern OPTIONS exit_options[]; -FUNCTION functions[] = { + +#ifdef INCLUDE_FUNCTION_TABLE +static FUNCTION functions[] = { { FT_general, "asn1parse", asn1parse_main, asn1parse_options }, { FT_general, "ca", ca_main, ca_options }, #if !defined(OPENSSL_NO_SOCK) diff --git a/apps/progs.pl b/apps/progs.pl index 38e091e26e..065d954588 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -33,11 +33,13 @@ foreach (@ARGV) { printf "extern int %s_main(int argc, char *argv[]);\n", $_; } -printf "\n#ifdef INCLUDE_FUNCTION_TABLE\n"; +print "\n"; + foreach (@ARGV) { printf "extern OPTIONS %s_options[];\n", $_; } -printf "FUNCTION functions[] = {\n"; +print "\n#ifdef INCLUDE_FUNCTION_TABLE\n"; +print "static FUNCTION functions[] = {\n"; foreach (@ARGV) { $str=" { FT_general, \"$_\", ${_}_main, ${_}_options },\n"; if (/^s_/ || /^ciphers$/) { diff --git a/apps/s_cb.c b/apps/s_cb.c index a1305d339f..0c1dfc57d7 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -131,8 +131,8 @@ int verify_depth = 0; int verify_quiet = 0; int verify_error = X509_V_OK; int verify_return_error = 0; -unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; -int cookie_initialized = 0; +static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; +static int cookie_initialized = 0; static const char *lookup(int val, const STRINT_PAIR* list, const char* def) { diff --git a/apps/s_client.c b/apps/s_client.c index 3eb495a479..65e3bb89d5 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -395,7 +395,7 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) #endif -char *srtp_profiles = NULL; +static char *srtp_profiles = NULL; #ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ diff --git a/apps/s_server.c b/apps/s_server.c index 8fe1ebe224..9e4a18636d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -232,7 +232,7 @@ static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL; static int s_nbio = 0; #endif static int s_nbio_test = 0; -int s_crlf = 0; +static int s_crlf = 0; static SSL_CTX *ctx = NULL; static SSL_CTX *ctx2 = NULL; static int www = 0; @@ -2366,7 +2366,7 @@ static int init_ssl_connection(SSL *con) int i; const char *str; X509 *peer; - long verify_error; + long verify_err; char buf[BUFSIZ]; #if !defined(OPENSSL_NO_NEXTPROTONEG) const unsigned char *next_proto_neg; @@ -2409,10 +2409,10 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_err, "ERROR\n"); - verify_error = SSL_get_verify_result(con); - if (verify_error != X509_V_OK) { + verify_err = SSL_get_verify_result(con); + if (verify_err != X509_V_OK) { BIO_printf(bio_err, "verify error:%s\n", - X509_verify_cert_error_string(verify_error)); + X509_verify_cert_error_string(verify_err)); } /* Always print any error messages */ ERR_print_errors(bio_err); diff --git a/apps/speed.c b/apps/speed.c index 297ea521e3..1508076e9b 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -405,7 +405,7 @@ OPTIONS speed_options[] = { #define D_IGE_192_AES 27 #define D_IGE_256_AES 28 #define D_GHASH 29 -OPT_PAIR doit_choices[] = { +static OPT_PAIR doit_choices[] = { #ifndef OPENSSL_NO_MD2 {"md2", D_MD2}, #endif diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index feef015acc..2deb67917b 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -65,14 +65,6 @@ #endif #include "internal/asn1_int.h" -extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; -extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; -extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; - /* Keep this sorted in type order !! */ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_RSA diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c index 4c3f3e0ffe..b7e5620ec2 100644 --- a/crypto/asn1/evp_asn1.c +++ b/crypto/asn1/evp_asn1.c @@ -103,7 +103,7 @@ typedef struct { ASN1_SEQUENCE(asn1_int_oct) = { ASN1_SIMPLE(asn1_int_oct, num, LONG), ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(asn1_int_oct) +} static_ASN1_SEQUENCE_END(asn1_int_oct) DECLARE_ASN1_ITEM(asn1_int_oct) diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 0c9c4c48c3..c42422c248 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -86,7 +86,7 @@ typedef struct netscape_encrypted_pkey_st { ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) -} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) +} static_ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY) @@ -96,7 +96,7 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = { ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(NETSCAPE_PKEY) +} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY) DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c index 35ff396566..3667546634 100644 --- a/crypto/asn1/p5_scrypt.c +++ b/crypto/asn1/p5_scrypt.c @@ -82,7 +82,7 @@ ASN1_SEQUENCE(SCRYPT_PARAMS) = { ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER), ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER), ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER), -} ASN1_SEQUENCE_END(SCRYPT_PARAMS) +} static_ASN1_SEQUENCE_END(SCRYPT_PARAMS) DECLARE_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS) diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 5314c61b24..329ef94db1 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -74,7 +74,7 @@ /* ASN1_PCTX routines */ -ASN1_PCTX default_pctx = { +static ASN1_PCTX default_pctx = { ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ 0, /* nm_flags */ 0, /* cert_flags */ diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 7d55778d36..5d05e1b093 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -219,7 +219,8 @@ bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h bn_depr.o: ../include/internal/bn_int.h ../include/internal/cryptlib.h bn_depr.o: bn_depr.c bn_lcl.h -bn_dh.o: ../../e_os.h ../../include/openssl/bn.h ../../include/openssl/crypto.h +bn_dh.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +bn_dh.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h bn_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h bn_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_dh.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h @@ -399,8 +400,9 @@ bn_srp.o: ../../e_os.h ../../include/openssl/bn.h bn_srp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bn_srp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bn_srp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bn_srp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_srp.o: ../include/internal/bn_int.h bn_lcl.h bn_srp.c +bn_srp.o: ../../include/openssl/srp.h ../../include/openssl/stack.h +bn_srp.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_srp.o: ../include/internal/bn_srp.h bn_lcl.h bn_srp.c bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c index cfd8c067a8..3a7282f740 100644 --- a/crypto/bn/bn_dh.c +++ b/crypto/bn/bn_dh.c @@ -56,6 +56,7 @@ * */ +#include <openssl/dh.h> #include "bn_lcl.h" #include "e_os.h" diff --git a/crypto/bn/bn_srp.c b/crypto/bn/bn_srp.c index 5dd31fc7bf..c575e6a245 100644 --- a/crypto/bn/bn_srp.c +++ b/crypto/bn/bn_srp.c @@ -1,5 +1,7 @@ #include "bn_lcl.h" #include "e_os.h" +#include <openssl/srp.h> +#include <internal/bn_srp.h> #ifndef OPENSSL_NO_SRP diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 893ad4657b..2bd3954e1f 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -67,7 +67,7 @@ ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { ASN1_SEQUENCE(CMS_OtherCertificateFormat) = { ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT), ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY) -} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat) +} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat) ASN1_CHOICE(CMS_CertificateChoices) = { ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), @@ -80,12 +80,12 @@ ASN1_CHOICE(CMS_CertificateChoices) = { ASN1_CHOICE(CMS_SignerIdentifier) = { ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0) -} ASN1_CHOICE_END(CMS_SignerIdentifier) +} static_ASN1_CHOICE_END(CMS_SignerIdentifier) ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = { ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) -} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) +} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) /* Minor tweak to operation: free up signer key, cert */ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, |