From 8443c109aead8a24e3bee601155c78a784468a5e Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Thu, 6 Aug 2015 13:38:25 -0500 Subject: [PATCH 1/9] Remove some dead code A duplicate break is not needed inside the preprocessor conditional. There is no need to assign to ret after an infinite loop with no break statements. EXIT() will not return (and even if it did, there's no harm in falling off the end of main()). However, EVP_MD_CTX_cleanup() is probably worth doing before EXIT(), so move it up. --- apps/s_client.c | 2 -- test/sha1test.c | 3 +-- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 819cff3..b0aa748 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -825,7 +825,6 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_err, "Error getting client auth engine\n"); goto opthelp; } - break; #endif break; case OPT_RAND: @@ -1991,7 +1990,6 @@ int s_client_main(int argc, char **argv) } } - ret = 0; shut: if (in_init) print_stuff(bio_c_out, con, full_log); diff --git a/test/sha1test.c b/test/sha1test.c index cc3633d..2bb65e8 100644 --- a/test/sha1test.c +++ b/test/sha1test.c @@ -136,9 +136,8 @@ int main(int argc, char *argv[]) if (err) printf("ERROR: %d\n", err); #endif - EXIT(err); EVP_MD_CTX_cleanup(&c); - return (0); + EXIT(err); } static char *pt(unsigned char *md) -- 2.3.2 (Apple Git-55) From 7867e1aca72a1e806d846d13029924e2629b43b1 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Thu, 6 Aug 2015 13:54:12 -0500 Subject: [PATCH 2/9] constify format string variables to appease -Wformat-nonliteral Only one warning is actually eliminated, though, since (emprically) only string constants or variables of type char const * const will avoid the warning. There are several places where we use a variable to hold one of a handful of different format strings, which are not trivially disentangled. The warning is not especially useful anyway, so there's no need to try too hard to avoid it. --- apps/ocsp.c | 2 +- ssl/ssl_ciph.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 7193dae..8f01ee1 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1156,7 +1156,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) { - char http_resp[] = + const char http_resp[] = "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" "Content-Length: %d\r\n\r\n"; if (!cbio) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index c048fc2..b88b36e 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1592,7 +1592,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) const char *ver, *exp_str; const char *kx, *au, *enc, *mac; unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; - static const char *format = + static const char * const format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; alg_mkey = cipher->algorithm_mkey; -- 2.3.2 (Apple Git-55) From a7da3e212d4ad65241a900127a983d14874409fb Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Thu, 6 Aug 2015 14:53:45 -0500 Subject: [PATCH 3/9] Improve documentation for BIO_set_conn_int_port BIO_set_conn_int_port is a macro; we can document the type of its arguments as whatever we want, irregardless of what casts we apply internally. Make the prototype match what type we want the input pointer to be and remove a separate note to that effect. --- doc/crypto/BIO_s_connect.pod | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod index 4efd567..0dc2e06 100644 --- a/doc/crypto/BIO_s_connect.pod +++ b/doc/crypto/BIO_s_connect.pod @@ -18,7 +18,7 @@ BIO_set_nbio, BIO_do_connect - connect BIO long BIO_set_conn_hostname(BIO *b, char *name); long BIO_set_conn_port(BIO *b, char *port); long BIO_set_conn_ip(BIO *b, char *ip); - long BIO_set_conn_int_port(BIO *b, char *port); + long BIO_set_conn_int_port(BIO *b, int *port); char *BIO_get_conn_hostname(BIO *b); char *BIO_get_conn_port(BIO *b); char *BIO_get_conn_ip(BIO *b, dummy); @@ -70,8 +70,7 @@ list is http, telnet, socks, https, ssl, ftp, and gopher. BIO_set_conn_ip() sets the IP address to B using binary form, that is four bytes specifying the IP address in big-endian form. -BIO_set_conn_int_port() sets the port using B. B should -be of type (int *). +BIO_set_conn_int_port() sets the port using B. BIO_get_conn_hostname() returns the hostname of the connect BIO or NULL if the BIO is initialized but no hostname is set. -- 2.3.2 (Apple Git-55) From 50a8dde2af7100e359222bf9d5846eed1c5618c1 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Thu, 6 Aug 2015 18:58:12 -0500 Subject: [PATCH 4/9] Staticize several file-local variables --- apps/cms.c | 2 +- apps/ecparam.c | 4 ++-- apps/s_cb.c | 5 +++-- apps/s_client.c | 2 +- apps/s_server.c | 2 +- apps/speed.c | 2 +- crypto/asn1/tasn_prn.c | 2 +- crypto/sec_mem.c | 2 +- crypto/x509/by_dir.c | 2 +- crypto/x509/by_file.c | 2 +- crypto/x509/x_name.c | 2 +- test/bntest.c | 6 +++--- test/ecdsatest.c | 4 ++-- test/gost2814789test.c | 2 +- test/ideatest.c | 10 +++++----- test/sha256t.c | 12 ++++++------ test/sha512t.c | 12 ++++++------ test/ssltest.c | 26 +++++++++++++------------- test/wp_test.c | 18 +++++++++--------- 19 files changed, 59 insertions(+), 58 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index e40686b..09512d2 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -95,7 +95,7 @@ static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, # define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) # define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) -int verify_err = 0; +static int verify_err = 0; typedef struct cms_key_param_st cms_key_param; diff --git a/apps/ecparam.c b/apps/ecparam.c index 8464c88..3395bbd 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -116,14 +116,14 @@ OPTIONS ecparam_options[] = { {NULL} }; -OPT_PAIR forms[] = { +static OPT_PAIR forms[] = { {"compressed", POINT_CONVERSION_COMPRESSED}, {"uncompressed", POINT_CONVERSION_UNCOMPRESSED}, {"hybrid", POINT_CONVERSION_HYBRID}, {NULL} }; -OPT_PAIR encodings[] = { +static OPT_PAIR encodings[] = { {"named_curve", OPENSSL_EC_NAMED_CURVE}, {"explicit", 0}, {NULL} diff --git a/apps/s_cb.c b/apps/s_cb.c index 07ce997..d9d7c51 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -131,8 +131,9 @@ int verify_depth = 0; int verify_quiet = 0; int verify_error = X509_V_OK; int verify_return_error = 0; -unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; -int cookie_initialized = 0; + +static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; +static int cookie_initialized = 0; static const char *lookup(int val, const STRINT_PAIR* list, const char* def) { diff --git a/apps/s_client.c b/apps/s_client.c index b0aa748..0712669 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -395,7 +395,7 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) #endif -char *srtp_profiles = NULL; +static char *srtp_profiles = NULL; #ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ diff --git a/apps/s_server.c b/apps/s_server.c index e7c794c..5b6d9c4 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -232,7 +232,7 @@ static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL; static int s_nbio = 0; #endif static int s_nbio_test = 0; -int s_crlf = 0; +static int s_crlf = 0; static SSL_CTX *ctx = NULL; static SSL_CTX *ctx2 = NULL; static int www = 0; diff --git a/apps/speed.c b/apps/speed.c index b4722f1..30f3f3b 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -405,7 +405,7 @@ OPTIONS speed_options[] = { #define D_IGE_192_AES 27 #define D_IGE_256_AES 28 #define D_GHASH 29 -OPT_PAIR doit_choices[] = { +static OPT_PAIR doit_choices[] = { #ifndef OPENSSL_NO_MD2 {"md2", D_MD2}, #endif diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 716db8f..448832c 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -74,7 +74,7 @@ /* ASN1_PCTX routines */ -ASN1_PCTX default_pctx = { +static ASN1_PCTX default_pctx = { ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ 0, /* nm_flags */ 0, /* cert_flags */ diff --git a/crypto/sec_mem.c b/crypto/sec_mem.c index a630cbc..e8a5d46 100644 --- a/crypto/sec_mem.c +++ b/crypto/sec_mem.c @@ -31,7 +31,7 @@ #endif #ifdef IMPLEMENTED -size_t secure_mem_used; +static size_t secure_mem_used; static int secure_mem_initialized; static int too_late; diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index cc91db8..0a51fa7 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -98,7 +98,7 @@ static void free_dir(X509_LOOKUP *lu); static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, X509_OBJECT *ret); -X509_LOOKUP_METHOD x509_dir_lookup = { +static X509_LOOKUP_METHOD x509_dir_lookup = { "Load certs from files in a directory", new_dir, /* new */ free_dir, /* free */ diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 9b06b34..6fbffe1 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -70,7 +70,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); -X509_LOOKUP_METHOD x509_file_lookup = { +static X509_LOOKUP_METHOD x509_file_lookup = { "Load file into cache", NULL, /* new */ NULL, /* free */ diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index f8fd337..04a6d12 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -115,7 +115,7 @@ ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) * convert to the external form. */ -const ASN1_EXTERN_FUNCS x509_name_ff = { +static const ASN1_EXTERN_FUNCS x509_name_ff = { NULL, x509_name_ex_new, x509_name_ex_free, diff --git a/test/bntest.c b/test/bntest.c index 430d2a0..8cd03e8 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -83,9 +83,9 @@ #include "../crypto/bn/bn_lcl.h" -const int num0 = 100; /* number of tests */ -const int num1 = 50; /* additional tests for some functions */ -const int num2 = 5; /* number of tests for slow functions */ +static const int num0 = 100; /* number of tests */ +static const int num1 = 50; /* additional tests for some functions */ +static const int num2 = 5; /* number of tests for slow functions */ int test_add(BIO *bp); int test_sub(BIO *bp); diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 377e2c5..6709cba 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -107,8 +107,8 @@ int change_rand(void); int restore_rand(void); int fbytes(unsigned char *buf, int num); -RAND_METHOD fake_rand; -const RAND_METHOD *old_rand; +static RAND_METHOD fake_rand; +static const RAND_METHOD *old_rand; int change_rand(void) { diff --git a/test/gost2814789test.c b/test/gost2814789test.c index 953e1e1..56a8ae3 100644 --- a/test/gost2814789test.c +++ b/test/gost2814789test.c @@ -79,7 +79,7 @@ typedef struct g89_tc_ { */ } g89_tc; -const g89_tc tcs[] = { +static const g89_tc tcs[] = { /* * GOST R 34.11-94 Test cases */ diff --git a/test/ideatest.c b/test/ideatest.c index dd5d9ff..7494a94 100644 --- a/test/ideatest.c +++ b/test/ideatest.c @@ -71,17 +71,17 @@ int main(int argc, char *argv[]) #else # include -unsigned char k[16] = { +static unsigned char k[16] = { 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04, 0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 }; -unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 }; -unsigned char c[8] = { 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 }; +static unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 }; +static unsigned char c[8] = { 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 }; -unsigned char out[80]; +static unsigned char out[80]; -char *text = "Hello to all people out there"; +static char *text = "Hello to all people out there"; static unsigned char cfb_key[16] = { 0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96, diff --git a/test/sha256t.c b/test/sha256t.c index 0872f34..294b1a2 100644 --- a/test/sha256t.c +++ b/test/sha256t.c @@ -10,42 +10,42 @@ #include #include -unsigned char app_b1[SHA256_DIGEST_LENGTH] = { +static unsigned char app_b1[SHA256_DIGEST_LENGTH] = { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad }; -unsigned char app_b2[SHA256_DIGEST_LENGTH] = { +static unsigned char app_b2[SHA256_DIGEST_LENGTH] = { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 }; -unsigned char app_b3[SHA256_DIGEST_LENGTH] = { +static unsigned char app_b3[SHA256_DIGEST_LENGTH] = { 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67, 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0 }; -unsigned char addenum_1[SHA224_DIGEST_LENGTH] = { +static unsigned char addenum_1[SHA224_DIGEST_LENGTH] = { 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22, 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3, 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7, 0xe3, 0x6c, 0x9d, 0xa7 }; -unsigned char addenum_2[SHA224_DIGEST_LENGTH] = { +static unsigned char addenum_2[SHA224_DIGEST_LENGTH] = { 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc, 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50, 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19, 0x52, 0x52, 0x25, 0x25 }; -unsigned char addenum_3[SHA224_DIGEST_LENGTH] = { +static unsigned char addenum_3[SHA224_DIGEST_LENGTH] = { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8, 0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b, 0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee, diff --git a/test/sha512t.c b/test/sha512t.c index a4d4b5e..42d8029 100644 --- a/test/sha512t.c +++ b/test/sha512t.c @@ -11,7 +11,7 @@ #include #include -unsigned char app_c1[SHA512_DIGEST_LENGTH] = { +static unsigned char app_c1[SHA512_DIGEST_LENGTH] = { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, @@ -22,7 +22,7 @@ unsigned char app_c1[SHA512_DIGEST_LENGTH] = { 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f }; -unsigned char app_c2[SHA512_DIGEST_LENGTH] = { +static unsigned char app_c2[SHA512_DIGEST_LENGTH] = { 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f, 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, @@ -33,7 +33,7 @@ unsigned char app_c2[SHA512_DIGEST_LENGTH] = { 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 }; -unsigned char app_c3[SHA512_DIGEST_LENGTH] = { +static unsigned char app_c3[SHA512_DIGEST_LENGTH] = { 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63, 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, @@ -44,7 +44,7 @@ unsigned char app_c3[SHA512_DIGEST_LENGTH] = { 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b }; -unsigned char app_d1[SHA384_DIGEST_LENGTH] = { +static unsigned char app_d1[SHA384_DIGEST_LENGTH] = { 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, @@ -53,7 +53,7 @@ unsigned char app_d1[SHA384_DIGEST_LENGTH] = { 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 }; -unsigned char app_d2[SHA384_DIGEST_LENGTH] = { +static unsigned char app_d2[SHA384_DIGEST_LENGTH] = { 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8, 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47, 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2, @@ -62,7 +62,7 @@ unsigned char app_d2[SHA384_DIGEST_LENGTH] = { 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 }; -unsigned char app_d3[SHA384_DIGEST_LENGTH] = { +static unsigned char app_d3[SHA384_DIGEST_LENGTH] = { 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb, 0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c, 0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52, diff --git a/test/ssltest.c b/test/ssltest.c index 26cf96c..dd1b45e 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -302,9 +302,9 @@ static BIO *bio_stdout = NULL; #ifndef OPENSSL_NO_NEXTPROTONEG /* Note that this code assumes that this is only a one element list: */ static const char NEXT_PROTO_STRING[] = "\x09testproto"; -int npn_client = 0; -int npn_server = 0; -int npn_server_reject = 0; +static int npn_client = 0; +static int npn_server = 0; +static int npn_server_reject = 0; static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, @@ -514,24 +514,24 @@ static int verify_alpn(SSL *client, SSL *server) #define CUSTOM_EXT_TYPE_2 1002 #define CUSTOM_EXT_TYPE_3 1003 -const char custom_ext_cli_string[] = "abc"; -const char custom_ext_srv_string[] = "defg"; +static const char custom_ext_cli_string[] = "abc"; +static const char custom_ext_srv_string[] = "defg"; /* These set from cmdline */ -char *serverinfo_file = NULL; -int serverinfo_sct = 0; -int serverinfo_tack = 0; +static char *serverinfo_file = NULL; +static int serverinfo_sct = 0; +static int serverinfo_tack = 0; /* These set based on extension callbacks */ -int serverinfo_sct_seen = 0; -int serverinfo_tack_seen = 0; -int serverinfo_other_seen = 0; +static int serverinfo_sct_seen = 0; +static int serverinfo_tack_seen = 0; +static int serverinfo_other_seen = 0; /* This set from cmdline */ -int custom_ext = 0; +static int custom_ext = 0; /* This set based on extension callbacks */ -int custom_ext_error = 0; +static int custom_ext_error = 0; static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, diff --git a/test/wp_test.c b/test/wp_test.c index 2ea6251..799054b 100644 --- a/test/wp_test.c +++ b/test/wp_test.c @@ -18,7 +18,7 @@ int main(int argc, char *argv[]) #else /* ISO/IEC 10118-3 test vector set */ -unsigned char iso_test_1[WHIRLPOOL_DIGEST_LENGTH] = { +static unsigned char iso_test_1[WHIRLPOOL_DIGEST_LENGTH] = { 0x19, 0xFA, 0x61, 0xD7, 0x55, 0x22, 0xA4, 0x66, 0x9B, 0x44, 0xE3, 0x9C, 0x1D, 0x2E, 0x17, 0x26, 0xC5, 0x30, 0x23, 0x21, 0x30, 0xD4, 0x07, 0xF8, @@ -29,7 +29,7 @@ unsigned char iso_test_1[WHIRLPOOL_DIGEST_LENGTH] = { 0x08, 0xB1, 0x38, 0xCC, 0x42, 0xA6, 0x6E, 0xB3 }; -unsigned char iso_test_2[WHIRLPOOL_DIGEST_LENGTH] = { +static unsigned char iso_test_2[WHIRLPOOL_DIGEST_LENGTH] = { 0x8A, 0xCA, 0x26, 0x02, 0x79, 0x2A, 0xEC, 0x6F, 0x11, 0xA6, 0x72, 0x06, 0x53, 0x1F, 0xB7, 0xD7, 0xF0, 0xDF, 0xF5, 0x94, 0x13, 0x14, 0x5E, 0x69, @@ -40,7 +40,7 @@ unsigned char iso_test_2[WHIRLPOOL_DIGEST_LENGTH] = { 0x3B, 0x47, 0x85, 0x84, 0xFD, 0xAE, 0x23, 0x1A }; -unsigned char iso_test_3[WHIRLPOOL_DIGEST_LENGTH] = { +static unsigned char iso_test_3[WHIRLPOOL_DIGEST_LENGTH] = { 0x4E, 0x24, 0x48, 0xA4, 0xC6, 0xF4, 0x86, 0xBB, 0x16, 0xB6, 0x56, 0x2C, 0x73, 0xB4, 0x02, 0x0B, 0xF3, 0x04, 0x3E, 0x3A, 0x73, 0x1B, 0xCE, 0x72, @@ -51,7 +51,7 @@ unsigned char iso_test_3[WHIRLPOOL_DIGEST_LENGTH] = { 0xD2, 0x25, 0x29, 0x20, 0x76, 0xD4, 0xEE, 0xF5 }; -unsigned char iso_test_4[WHIRLPOOL_DIGEST_LENGTH] = { +static unsigned char iso_test_4[WHIRLPOOL_DIGEST_LENGTH] = { 0x37, 0x8C, 0x84, 0xA4, 0x12, 0x6E, 0x2D, 0xC6, 0xE5, 0x6D, 0xCC, 0x74, 0x58, 0x37, 0x7A, 0xAC, 0x83, 0x8D, 0x00, 0x03, 0x22, 0x30, 0xF5, 0x3C, @@ -62,7 +62,7 @@ unsigned char iso_test_4[WHIRLPOOL_DIGEST_LENGTH] = { 0x62, 0xE8, 0x6D, 0xBD, 0x37, 0xA8, 0x90, 0x3E }; -unsigned char iso_test_5[WHIRLPOOL_DIGEST_LENGTH] = { +static unsigned char iso_test_5[WHIRLPOOL_DIGEST_LENGTH] = { 0xF1, 0xD7, 0x54, 0x66, 0x26, 0x36, 0xFF, 0xE9, 0x2C, 0x82, 0xEB, 0xB9, 0x21, 0x2A, 0x48, 0x4A, 0x8D, 0x38, 0x63, 0x1E, 0xAD, 0x42, 0x38, 0xF5, @@ -73,7 +73,7 @@ unsigned char iso_test_5[WHIRLPOOL_DIGEST_LENGTH] = { 0x5D, 0x98, 0x19, 0xA3, 0xDB, 0xA4, 0xEB, 0x3B }; -unsigned char iso_test_6[WHIRLPOOL_DIGEST_LENGTH] = { +static unsigned char iso_test_6[WHIRLPOOL_DIGEST_LENGTH] = { 0xDC, 0x37, 0xE0, 0x08, 0xCF, 0x9E, 0xE6, 0x9B, 0xF1, 0x1F, 0x00, 0xED, 0x9A, 0xBA, 0x26, 0x90, 0x1D, 0xD7, 0xC2, 0x8C, 0xDE, 0xC0, 0x66, 0xCC, @@ -84,7 +84,7 @@ unsigned char iso_test_6[WHIRLPOOL_DIGEST_LENGTH] = { 0x42, 0xC6, 0x5F, 0x5A, 0x7A, 0xF0, 0x14, 0x67 }; -unsigned char iso_test_7[WHIRLPOOL_DIGEST_LENGTH] = { +static unsigned char iso_test_7[WHIRLPOOL_DIGEST_LENGTH] = { 0x46, 0x6E, 0xF1, 0x8B, 0xAB, 0xB0, 0x15, 0x4D, 0x25, 0xB9, 0xD3, 0x8A, 0x64, 0x14, 0xF5, 0xC0, 0x87, 0x84, 0x37, 0x2B, 0xCC, 0xB2, 0x04, 0xD6, @@ -95,7 +95,7 @@ unsigned char iso_test_7[WHIRLPOOL_DIGEST_LENGTH] = { 0x2C, 0x2A, 0x80, 0xCF, 0x3A, 0x9A, 0x08, 0x3B }; -unsigned char iso_test_8[WHIRLPOOL_DIGEST_LENGTH] = { +static unsigned char iso_test_8[WHIRLPOOL_DIGEST_LENGTH] = { 0x2A, 0x98, 0x7E, 0xA4, 0x0F, 0x91, 0x70, 0x61, 0xF5, 0xD6, 0xF0, 0xA0, 0xE4, 0x64, 0x4F, 0x48, 0x8A, 0x7A, 0x5A, 0x52, 0xDE, 0xEE, 0x65, 0x62, @@ -106,7 +106,7 @@ unsigned char iso_test_8[WHIRLPOOL_DIGEST_LENGTH] = { 0x74, 0x5B, 0x7B, 0x18, 0x1C, 0x3B, 0xE3, 0xFD }; -unsigned char iso_test_9[WHIRLPOOL_DIGEST_LENGTH] = { +static unsigned char iso_test_9[WHIRLPOOL_DIGEST_LENGTH] = { 0x0C, 0x99, 0x00, 0x5B, 0xEB, 0x57, 0xEF, 0xF5, 0x0A, 0x7C, 0xF0, 0x05, 0x56, 0x0D, 0xDF, 0x5D, 0x29, 0x05, 0x7F, 0xD8, 0x6B, 0x20, 0xBF, 0xD6, -- 2.3.2 (Apple Git-55) From 470b5d4460516f6bb7635b3eb24f02875407a0e3 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Thu, 6 Aug 2015 19:43:35 -0500 Subject: [PATCH 5/9] Normalize x509v3 extension header Since the globals it declares span multiple directories (crypto/ocsp and crypto/x509v3), move the header ext_dat.h out of crypto/x509v3 and into crypto/include/internal, renaming it to a less generic name (x509v3_ext.h) while doing so. Include that header in files which define the globals declared therein instead of manually declaring them. Include x509v3_ext.h in some x509v3 consumers. Using the header for the declarations reveals that the header was lacking the 'const' qualifier which is present in the definitions, so add the qualifier in the header. Include the results of 'make depend' to remove now-unsatisfiable dependencies on ext_dat.h and add the new dependencies. --- crypto/include/internal/x509v3_ext.h | 134 +++++++++++++++++++++++++++++++++++ crypto/ocsp/Makefile | 2 +- crypto/ocsp/v3_ocsp.c | 1 + crypto/x509v3/Makefile | 75 ++++++++++++-------- crypto/x509v3/ext_dat.h | 134 ----------------------------------- crypto/x509v3/tabtest.c | 4 +- crypto/x509v3/v3_addr.c | 1 + crypto/x509v3/v3_akey.c | 1 + crypto/x509v3/v3_akeya.c | 1 + crypto/x509v3/v3_alt.c | 1 + crypto/x509v3/v3_asid.c | 1 + crypto/x509v3/v3_bcons.c | 1 + crypto/x509v3/v3_bitst.c | 1 + crypto/x509v3/v3_conf.c | 1 + crypto/x509v3/v3_cpols.c | 1 + crypto/x509v3/v3_crld.c | 1 + crypto/x509v3/v3_enum.c | 1 + crypto/x509v3/v3_extku.c | 1 + crypto/x509v3/v3_genn.c | 1 + crypto/x509v3/v3_ia5.c | 1 + crypto/x509v3/v3_info.c | 1 + crypto/x509v3/v3_int.c | 1 + crypto/x509v3/v3_lib.c | 5 +- crypto/x509v3/v3_ncons.c | 1 + crypto/x509v3/v3_pci.c | 1 + crypto/x509v3/v3_pcia.c | 1 + crypto/x509v3/v3_pcons.c | 1 + crypto/x509v3/v3_pku.c | 1 + crypto/x509v3/v3_pmaps.c | 1 + crypto/x509v3/v3_prn.c | 1 + crypto/x509v3/v3_purp.c | 1 + crypto/x509v3/v3_scts.c | 1 + crypto/x509v3/v3_skey.c | 1 + crypto/x509v3/v3_sxnet.c | 1 + crypto/x509v3/v3_utl.c | 1 + 35 files changed, 214 insertions(+), 169 deletions(-) create mode 100644 crypto/include/internal/x509v3_ext.h delete mode 100644 crypto/x509v3/ext_dat.h diff --git a/crypto/include/internal/x509v3_ext.h b/crypto/include/internal/x509v3_ext.h new file mode 100644 index 0000000..35fe390 --- /dev/null +++ b/crypto/include/internal/x509v3_ext.h @@ -0,0 +1,134 @@ +/* x509v3_ext.h */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* This file contains a table of "standard" extensions */ + +extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; +extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; +extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; +extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; +extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; +extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; +extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; +extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci; +extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; +extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; +extern const X509V3_EXT_METHOD v3_addr, v3_asid; +extern const X509V3_EXT_METHOD v3_ct_scts[]; + +/* + * This table will be searched using OBJ_bsearch so it *must* kept in order + * of the ext_nid values. + */ + +static const X509V3_EXT_METHOD *standard_exts[] = { + &v3_nscert, + &v3_ns_ia5_list[0], + &v3_ns_ia5_list[1], + &v3_ns_ia5_list[2], + &v3_ns_ia5_list[3], + &v3_ns_ia5_list[4], + &v3_ns_ia5_list[5], + &v3_ns_ia5_list[6], + &v3_skey_id, + &v3_key_usage, + &v3_pkey_usage_period, + &v3_alt[0], + &v3_alt[1], + &v3_bcons, + &v3_crl_num, + &v3_cpols, + &v3_akey_id, + &v3_crld, + &v3_ext_ku, + &v3_delta_crl, + &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP + &v3_crl_invdate, +#endif + &v3_sxnet, + &v3_info, + &v3_addr, + &v3_asid, +#ifndef OPENSSL_NO_OCSP + &v3_ocsp_nonce, + &v3_ocsp_crlid, + &v3_ocsp_accresp, + &v3_ocsp_nocheck, + &v3_ocsp_acutoff, + &v3_ocsp_serviceloc, +#endif + &v3_sinfo, + &v3_policy_constraints, +#ifndef OPENSSL_NO_OCSP + &v3_crl_hold, +#endif + &v3_pci, + &v3_name_constraints, + &v3_policy_mappings, + &v3_inhibit_anyp, + &v3_idp, + &v3_alt[2], + &v3_freshest_crl, + &v3_ct_scts[0], + &v3_ct_scts[1], +}; + +/* Number of standard extensions */ + +#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) diff --git a/crypto/ocsp/Makefile b/crypto/ocsp/Makefile index ea5f728..c24b36d 100644 --- a/crypto/ocsp/Makefile +++ b/crypto/ocsp/Makefile @@ -214,4 +214,4 @@ v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_ocsp.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_ocsp.o: ocsp_lcl.h v3_ocsp.c +v3_ocsp.o: ../include/internal/x509v3_ext.h ocsp_lcl.h v3_ocsp.c diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c index 30ed7d5..78276f3 100644 --- a/crypto/ocsp/v3_ocsp.c +++ b/crypto/ocsp/v3_ocsp.c @@ -64,6 +64,7 @@ # include # include "ocsp_lcl.h" # include +# include "internal/x509v3_ext.h" /* * OCSP extensions and a couple of CRL entry extensions diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile index fb1085b..29c70c5 100644 --- a/crypto/x509v3/Makefile +++ b/crypto/x509v3/Makefile @@ -168,7 +168,7 @@ v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_addr.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_addr.o: v3_addr.c +v3_addr.o: ../include/internal/x509v3_ext.h v3_addr.c v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -183,7 +183,7 @@ v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_akey.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_akey.o: v3_akey.c +v3_akey.o: ../include/internal/x509v3_ext.h v3_akey.c v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -198,7 +198,8 @@ v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_akeya.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_akeya.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_akeya.o: ../include/internal/cryptlib.h v3_akeya.c +v3_akeya.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_akeya.o: v3_akeya.c v3_alt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -212,7 +213,7 @@ v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_alt.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_alt.o: v3_alt.c +v3_alt.o: ../include/internal/x509v3_ext.h v3_alt.c v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -227,7 +228,8 @@ v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_asid.o: ../include/internal/cryptlib.h v3_asid.c +v3_asid.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_asid.o: v3_asid.c v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -242,7 +244,8 @@ v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_bcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_bcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_bcons.o: ../include/internal/cryptlib.h v3_bcons.c +v3_bcons.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_bcons.o: v3_bcons.c v3_bitst.o: ../../e_os.h ../../include/openssl/asn1.h v3_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -256,7 +259,8 @@ v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_bitst.o: ../include/internal/cryptlib.h v3_bitst.c +v3_bitst.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_bitst.o: v3_bitst.c v3_conf.o: ../../e_os.h ../../include/openssl/asn1.h v3_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -270,7 +274,8 @@ v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_conf.o: ../include/internal/cryptlib.h v3_conf.c +v3_conf.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_conf.o: v3_conf.c v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -285,7 +290,8 @@ v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_cpols.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_cpols.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_cpols.o: ../include/internal/cryptlib.h pcy_int.h v3_cpols.c +v3_cpols.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_cpols.o: pcy_int.h v3_cpols.c v3_crld.o: ../../e_os.h ../../include/openssl/asn1.h v3_crld.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -300,7 +306,8 @@ v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_crld.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_crld.o: ../include/internal/x509_int.h v3_crld.c +v3_crld.o: ../include/internal/x509_int.h ../include/internal/x509v3_ext.h +v3_crld.o: v3_crld.c v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -314,7 +321,8 @@ v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_enum.o: ../include/internal/cryptlib.h v3_enum.c +v3_enum.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_enum.o: v3_enum.c v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -329,7 +337,8 @@ v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_extku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_extku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_extku.o: ../include/internal/cryptlib.h v3_extku.c +v3_extku.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_extku.o: v3_extku.c v3_genn.o: ../../e_os.h ../../include/openssl/asn1.h v3_genn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -344,7 +353,7 @@ v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_genn.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_genn.o: v3_genn.c +v3_genn.o: ../include/internal/x509v3_ext.h v3_genn.c v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -358,7 +367,7 @@ v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_ia5.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_ia5.o: v3_ia5.c +v3_ia5.o: ../include/internal/x509v3_ext.h v3_ia5.c v3_info.o: ../../e_os.h ../../include/openssl/asn1.h v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -373,7 +382,7 @@ v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_info.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_info.o: v3_info.c +v3_info.o: ../include/internal/x509v3_ext.h v3_info.c v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -387,7 +396,7 @@ v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_int.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_int.o: v3_int.c +v3_int.o: ../include/internal/x509v3_ext.h v3_int.c v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -401,7 +410,7 @@ v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_lib.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_lib.o: ext_dat.h v3_lib.c +v3_lib.o: ../include/internal/x509v3_ext.h v3_lib.c v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -417,7 +426,7 @@ v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_ncons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_ncons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h v3_ncons.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h -v3_ncons.o: v3_ncons.c +v3_ncons.o: ../include/internal/x509v3_ext.h v3_ncons.c v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -431,7 +440,7 @@ v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_pci.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_pci.o: v3_pci.c +v3_pci.o: ../include/internal/x509v3_ext.h v3_pci.c v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -444,7 +453,8 @@ v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c +v3_pcia.o: ../../include/openssl/x509v3.h ../include/internal/x509v3_ext.h +v3_pcia.o: v3_pcia.c v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -459,7 +469,8 @@ v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_pcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_pcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pcons.o: ../include/internal/cryptlib.h v3_pcons.c +v3_pcons.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_pcons.o: v3_pcons.c v3_pku.o: ../../e_os.h ../../include/openssl/asn1.h v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -474,7 +485,7 @@ v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_pku.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_pku.o: v3_pku.c +v3_pku.o: ../include/internal/x509v3_ext.h v3_pku.c v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -489,7 +500,8 @@ v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_pmaps.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_pmaps.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pmaps.o: ../include/internal/cryptlib.h v3_pmaps.c +v3_pmaps.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_pmaps.o: v3_pmaps.c v3_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -503,7 +515,7 @@ v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_prn.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -v3_prn.o: v3_prn.c +v3_prn.o: ../include/internal/x509v3_ext.h v3_prn.c v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -517,7 +529,8 @@ v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_purp.o: ../include/internal/cryptlib.h v3_purp.c +v3_purp.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_purp.o: v3_purp.c v3_scts.o: ../../e_os.h ../../include/openssl/asn1.h v3_scts.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_scts.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -531,7 +544,8 @@ v3_scts.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_scts.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_scts.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_scts.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_scts.o: ../include/internal/cryptlib.h v3_scts.c +v3_scts.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_scts.o: v3_scts.c v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -545,7 +559,8 @@ v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_skey.o: ../include/internal/cryptlib.h v3_skey.c +v3_skey.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_skey.o: v3_skey.c v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -560,7 +575,8 @@ v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_sxnet.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_sxnet.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_sxnet.o: ../include/internal/cryptlib.h v3_sxnet.c +v3_sxnet.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_sxnet.o: v3_sxnet.c v3_utl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -574,7 +590,8 @@ v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_utl.o: ../include/internal/cryptlib.h v3_utl.c +v3_utl.o: ../include/internal/cryptlib.h ../include/internal/x509v3_ext.h +v3_utl.o: v3_utl.c v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h deleted file mode 100644 index d43c86c..0000000 --- a/crypto/x509v3/ext_dat.h +++ /dev/null @@ -1,134 +0,0 @@ -/* ext_dat.h */ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* This file contains a table of "standard" extensions */ - -extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; -extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; -extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; -extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; -extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; -extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; -extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; -extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; -extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; -extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; -extern X509V3_EXT_METHOD v3_addr, v3_asid; -extern X509V3_EXT_METHOD v3_ct_scts[]; - -/* - * This table will be searched using OBJ_bsearch so it *must* kept in order - * of the ext_nid values. - */ - -static const X509V3_EXT_METHOD *standard_exts[] = { - &v3_nscert, - &v3_ns_ia5_list[0], - &v3_ns_ia5_list[1], - &v3_ns_ia5_list[2], - &v3_ns_ia5_list[3], - &v3_ns_ia5_list[4], - &v3_ns_ia5_list[5], - &v3_ns_ia5_list[6], - &v3_skey_id, - &v3_key_usage, - &v3_pkey_usage_period, - &v3_alt[0], - &v3_alt[1], - &v3_bcons, - &v3_crl_num, - &v3_cpols, - &v3_akey_id, - &v3_crld, - &v3_ext_ku, - &v3_delta_crl, - &v3_crl_reason, -#ifndef OPENSSL_NO_OCSP - &v3_crl_invdate, -#endif - &v3_sxnet, - &v3_info, - &v3_addr, - &v3_asid, -#ifndef OPENSSL_NO_OCSP - &v3_ocsp_nonce, - &v3_ocsp_crlid, - &v3_ocsp_accresp, - &v3_ocsp_nocheck, - &v3_ocsp_acutoff, - &v3_ocsp_serviceloc, -#endif - &v3_sinfo, - &v3_policy_constraints, -#ifndef OPENSSL_NO_OCSP - &v3_crl_hold, -#endif - &v3_pci, - &v3_name_constraints, - &v3_policy_mappings, - &v3_inhibit_anyp, - &v3_idp, - &v3_alt[2], - &v3_freshest_crl, - &v3_ct_scts[0], - &v3_ct_scts[1], -}; - -/* Number of standard extensions */ - -#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) diff --git a/crypto/x509v3/tabtest.c b/crypto/x509v3/tabtest.c index 65209db..bfe5694 100644 --- a/crypto/x509v3/tabtest.c +++ b/crypto/x509v3/tabtest.c @@ -58,7 +58,7 @@ */ /* - * Simple program to check the ext_dat.h is correct and print out problems if + * Simple program to check whether x509v3_ext.h is correct and print out problems if * it is not. */ @@ -66,7 +66,7 @@ #include -#include "ext_dat.h" +#include "internal/x509v3_ext.h" main() { diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 5c22c6d..5bc79ab 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -68,6 +68,7 @@ #include #include #include +#include "internal/x509v3_ext.h" /* diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index abad217..58c359c 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c @@ -63,6 +63,7 @@ #include #include #include +#include "internal/x509v3_ext.h" static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, diff --git a/crypto/x509v3/v3_akeya.c b/crypto/x509v3/v3_akeya.c index 9914472..b2e4c9f 100644 --- a/crypto/x509v3/v3_akeya.c +++ b/crypto/x509v3/v3_akeya.c @@ -63,6 +63,7 @@ #include #include #include +#include "internal/x509v3_ext.h" ASN1_SEQUENCE(AUTHORITY_KEYID) = { ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index b3c3644..a963e6d 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -61,6 +61,7 @@ #include "internal/cryptlib.h" #include #include +#include "internal/x509v3_ext.h" static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index f390c2d..551b09f 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -66,6 +66,7 @@ #include #include #include +#include "internal/x509v3_ext.h" #include #include diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c index d49a010..82c22c4 100644 --- a/crypto/x509v3/v3_bcons.c +++ b/crypto/x509v3/v3_bcons.c @@ -63,6 +63,7 @@ #include #include #include +#include "internal/x509v3_ext.h" static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c index b2f6392..9c95f52 100644 --- a/crypto/x509v3/v3_bitst.c +++ b/crypto/x509v3/v3_bitst.c @@ -61,6 +61,7 @@ #include "internal/cryptlib.h" #include #include +#include "internal/x509v3_ext.h" static BIT_STRING_BITNAME ns_cert_type_table[] = { {0, "SSL Client", "client"}, diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 38f198e..4ea73af 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -64,6 +64,7 @@ #include #include #include +#include "internal/x509v3_ext.h" static int v3_check_critical(char **value); static int v3_check_generic(char **value); diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index a326876..50fcbcf 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -63,6 +63,7 @@ #include #include #include +#include "internal/x509v3_ext.h" #include "pcy_int.h" diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 9b0d21f..6dc8c9e 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -63,6 +63,7 @@ #include #include #include +#include "internal/x509v3_ext.h" #include "internal/x509_int.h" diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c index 774eb34..5305db5 100644 --- a/crypto/x509v3/v3_enum.c +++ b/crypto/x509v3/v3_enum.c @@ -60,6 +60,7 @@ #include #include "internal/cryptlib.h" #include +#include "internal/x509v3_ext.h" static ENUMERATED_NAMES crl_reasons[] = { {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c index d5da551..2e354f7 100644 --- a/crypto/x509v3/v3_extku.c +++ b/crypto/x509v3/v3_extku.c @@ -62,6 +62,7 @@ #include #include #include +#include "internal/x509v3_ext.h" static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c index b4b8de7..843ff7e 100644 --- a/crypto/x509v3/v3_genn.c +++ b/crypto/x509v3/v3_genn.c @@ -62,6 +62,7 @@ #include #include #include +#include "internal/x509v3_ext.h" ASN1_SEQUENCE(OTHERNAME) = { ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT), diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c index ca15447..e8ce54b 100644 --- a/crypto/x509v3/v3_ia5.c +++ b/crypto/x509v3/v3_ia5.c @@ -62,6 +62,7 @@ #include #include #include +#include "internal/x509v3_ext.h" const X509V3_EXT_METHOD v3_ns_ia5_list[] = { EXT_IA5STRING(NID_netscape_base_url), diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index 277609e..1da32c8 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -63,6 +63,7 @@ #include #include #include +#include "internal/x509v3_ext.h" static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c index 9895ac5..386fe0e 100644 --- a/crypto/x509v3/v3_int.c +++ b/crypto/x509v3/v3_int.c @@ -60,6 +60,7 @@ #include #include "internal/cryptlib.h" #include +#include "internal/x509v3_ext.h" const X509V3_EXT_METHOD v3_crl_num = { NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 93af571..edb3dd0 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -62,8 +62,7 @@ #include "internal/cryptlib.h" #include #include - -#include "ext_dat.h" +#include "internal/x509v3_ext.h" static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; @@ -164,7 +163,7 @@ static void ext_list_free(X509V3_EXT_METHOD *ext) /* * Legacy function: we don't need to add standard extensions any more because - * they are now kept in ext_dat.h. + * they are now kept in x509v3_ext.h. */ int X509V3_add_standard_extensions(void) diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 315bd3c..48a0799 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -62,6 +62,7 @@ #include #include #include +#include "internal/x509v3_ext.h" #include "internal/x509_int.h" diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index ef105dc..3364bf9 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -39,6 +39,7 @@ #include "internal/cryptlib.h" #include #include +#include "internal/x509v3_ext.h" static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, BIO *out, int indent); diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c index 43fd362..e9cd91d 100644 --- a/crypto/x509v3/v3_pcia.c +++ b/crypto/x509v3/v3_pcia.c @@ -38,6 +38,7 @@ #include #include #include +#include "internal/x509v3_ext.h" ASN1_SEQUENCE(PROXY_POLICY) = { diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c index e170b80..5bf6440 100644 --- a/crypto/x509v3/v3_pcons.c +++ b/crypto/x509v3/v3_pcons.c @@ -63,6 +63,7 @@ #include #include #include +#include "internal/x509v3_ext.h" static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons, STACK_OF(CONF_VALUE) diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c index 5056fb3..f514190 100644 --- a/crypto/x509v3/v3_pku.c +++ b/crypto/x509v3/v3_pku.c @@ -62,6 +62,7 @@ #include #include #include +#include "internal/x509v3_ext.h" static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c index b862e3e..198bdf9 100644 --- a/crypto/x509v3/v3_pmaps.c +++ b/crypto/x509v3/v3_pmaps.c @@ -62,6 +62,7 @@ #include #include #include +#include "internal/x509v3_ext.h" static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index ef21948..e579bf4 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -62,6 +62,7 @@ #include "internal/cryptlib.h" #include #include +#include "internal/x509v3_ext.h" /* Extension printing routines */ diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 1f9296a..8234b83 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -60,6 +60,7 @@ #include #include "internal/cryptlib.h" #include +#include "internal/x509v3_ext.h" #include static void x509v3_cache_extensions(X509 *x); diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index 61e5a83..bad632d 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -60,6 +60,7 @@ #include "internal/cryptlib.h" #include #include +#include "internal/x509v3_ext.h" /* Signature and hash algorithms from RFC 5246 */ #define TLSEXT_hash_sha256 4 diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index c0c71c0..4706dff 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -60,6 +60,7 @@ #include #include "internal/cryptlib.h" #include +#include "internal/x509v3_ext.h" static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c index 13d7286..973f9fc 100644 --- a/crypto/x509v3/v3_sxnet.c +++ b/crypto/x509v3/v3_sxnet.c @@ -63,6 +63,7 @@ #include #include #include +#include "internal/x509v3_ext.h" /* Support for Thawte strong extranet extension */ diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index cd8aff2..0128a33 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -63,6 +63,7 @@ #include "internal/cryptlib.h" #include #include +#include "internal/x509v3_ext.h" #include static char *strip_spaces(char *name); -- 2.3.2 (Apple Git-55) From 993b2957f888b831c31860f215529785040fcb0d Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Thu, 6 Aug 2015 19:03:05 -0500 Subject: [PATCH 6/9] Move symbol declarations to headers clang's -Wmissing-variable-declaration complains that the definitions do not have previous extern declarations ("for non-static variable"). The global CONF *config was not prototyped anywhere but consumed in a few applications, so declare it in a header as well, renaming a local variable to just conf to avoid shadowing the global. To have the various OPTIONS structures for each program available in the general header, move the declarations outside the INCLUDE_FUNCTION_TABLE conditional, since only the consolidated openssl binary needs the full function table but the prototypes are useful elsewhere. Rename a local variable in s_server.c to verify_err to avoid shadowing the global verify_error. --- apps/apps.c | 10 +++++----- apps/apps.h | 7 +++++++ apps/progs.h | 4 ++-- apps/progs.pl | 2 +- apps/s_client.c | 5 ----- apps/s_server.c | 10 ++++------ apps/s_time.c | 3 --- crypto/asn1/ameth_lib.c | 8 -------- crypto/evp/pmeth_lib.c | 4 ---- crypto/include/internal/asn1_int.h | 9 +++++++++ crypto/include/internal/evp_int.h | 5 +++++ 11 files changed, 33 insertions(+), 34 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 80e7777..1cc121e 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -536,16 +536,16 @@ CONF *app_load_config_quiet(const char *filename) return conf; } -int app_load_modules(const CONF *config) +int app_load_modules(const CONF *conf) { CONF *to_free = NULL; - if (config == NULL) - config = to_free = app_load_config_quiet(default_config_file); - if (config == NULL) + if (conf == NULL) + conf = to_free = app_load_config_quiet(default_config_file); + if (conf == NULL) return 1; - if (CONF_modules_load(config, NULL, 0) <= 0) { + if (CONF_modules_load(conf, NULL, 0) <= 0) { BIO_printf(bio_err, "Error configuring OpenSSL modules\n"); ERR_print_errors(bio_err); NCONF_free(to_free); diff --git a/apps/apps.h b/apps/apps.h index 48c82e8..1ef6775 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -152,6 +152,7 @@ extern char *default_config_file; extern BIO *bio_in; extern BIO *bio_out; extern BIO *bio_err; +extern CONF *config; BIO *dup_bio_in(void); BIO *dup_bio_out(void); BIO *bio_open_owner(const char *filename, const char *mode, int private); @@ -567,6 +568,12 @@ int raw_write_stdout(const void *, int); # define TM_STOP 1 double app_tminterval(int stop, int usertime); +/* Globals set by argument processing and consumed by s_cb.c. */ +extern int verify_depth; +extern int verify_quiet; +extern int verify_error; +extern int verify_return_error; + # include "progs.h" #endif diff --git a/apps/progs.h b/apps/progs.h index 33bdef7..9a33c57 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -63,8 +63,6 @@ extern int x509_main(int argc, char *argv[]); extern int list_main(int argc, char *argv[]); extern int help_main(int argc, char *argv[]); extern int exit_main(int argc, char *argv[]); - -#ifdef INCLUDE_FUNCTION_TABLE extern OPTIONS asn1parse_options[]; extern OPTIONS ca_options[]; extern OPTIONS ciphers_options[]; @@ -112,6 +110,8 @@ extern OPTIONS x509_options[]; extern OPTIONS list_options[]; extern OPTIONS help_options[]; extern OPTIONS exit_options[]; + +#ifdef INCLUDE_FUNCTION_TABLE FUNCTION functions[] = { { FT_general, "asn1parse", asn1parse_main, asn1parse_options }, { FT_general, "ca", ca_main, ca_options }, diff --git a/apps/progs.pl b/apps/progs.pl index 38e091e..f7b2a5b 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -33,10 +33,10 @@ foreach (@ARGV) { printf "extern int %s_main(int argc, char *argv[]);\n", $_; } -printf "\n#ifdef INCLUDE_FUNCTION_TABLE\n"; foreach (@ARGV) { printf "extern OPTIONS %s_options[];\n", $_; } +printf "\n#ifdef INCLUDE_FUNCTION_TABLE\n"; printf "FUNCTION functions[] = {\n"; foreach (@ARGV) { $str=" { FT_general, \"$_\", ${_}_main, ${_}_options },\n"; diff --git a/apps/s_client.c b/apps/s_client.c index 0712669..779c5f0 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -176,11 +176,6 @@ typedef unsigned int u_int; #undef BUFSIZZ #define BUFSIZZ 1024*8 -extern int verify_depth; -extern int verify_error; -extern int verify_return_error; -extern int verify_quiet; - static int c_nbio = 0; static int c_tlsextdebug = 0; static int c_status_req = 0; diff --git a/apps/s_server.c b/apps/s_server.c index 5b6d9c4..8f9ff37 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -219,8 +219,6 @@ static int accept_socket = -1; #define TEST_CERT "server.pem" #define TEST_CERT2 "server2.pem" -extern int verify_depth, verify_return_error, verify_quiet; - static int s_server_verify = SSL_VERIFY_NONE; static int s_server_session_id_context = 1; /* anything will do */ static const char *s_cert_file = TEST_CERT, *s_key_file = @@ -2366,7 +2364,7 @@ static int init_ssl_connection(SSL *con) int i; const char *str; X509 *peer; - long verify_error; + long verify_err; char buf[BUFSIZ]; #if !defined(OPENSSL_NO_NEXTPROTONEG) const unsigned char *next_proto_neg; @@ -2409,10 +2407,10 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_err, "ERROR\n"); - verify_error = SSL_get_verify_result(con); - if (verify_error != X509_V_OK) { + verify_err = SSL_get_verify_result(con); + if (verify_err != X509_V_OK) { BIO_printf(bio_err, "verify error:%s\n", - X509_verify_cert_error_string(verify_error)); + X509_verify_cert_error_string(verify_err)); } /* Always print any error messages */ ERR_print_errors(bio_err); diff --git a/apps/s_time.c b/apps/s_time.c index ef95b5a..545a560 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -105,9 +105,6 @@ #define SECONDS 30 #define SECONDSSTR "30" -extern int verify_depth; -extern int verify_error; - static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx); typedef enum OPTION_choice { diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 8060c18..f3bf857 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -65,14 +65,6 @@ #endif #include "internal/asn1_int.h" -extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; -extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; -extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; - /* Keep this sorted in type order !! */ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_RSA diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 210c7fa..31a773c 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -73,10 +73,6 @@ typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); DECLARE_STACK_OF(EVP_PKEY_METHOD) STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; -extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; -extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; -extern const EVP_PKEY_METHOD dhx_pkey_meth; - static const EVP_PKEY_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_RSA &rsa_pkey_meth, diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h index 9e74f47..8f66ea6 100644 --- a/crypto/include/internal/asn1_int.h +++ b/crypto/include/internal/asn1_int.h @@ -129,3 +129,12 @@ struct asn1_pctx_st { unsigned long oid_flags; unsigned long str_flags; } /* ASN1_PCTX */ ; + +/* ASN.1 methods used by multiple compilation units. */ +extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; +extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; +extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index ea7a61c..10c340d 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -121,3 +121,8 @@ struct evp_pkey_method_st { } /* EVP_PKEY_METHOD */ ; void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); + +/* pkey methods present in multiple compilation units. */ +extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; +extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; +extern const EVP_PKEY_METHOD dhx_pkey_meth; -- 2.3.2 (Apple Git-55) From b6e244cb4cbc129d8b3bc58a6f20e24dc5168616 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Mon, 10 Aug 2015 14:54:55 -0500 Subject: [PATCH 7/9] Remove useless casts to int In an expression of the form: [unsigned int] = (int)[size_t]; the cast to int serves only to invoke implementation-defined behavior, since size_t is unsigned. Remove such casts from mdc2dgst.c. --- crypto/mdc2/mdc2dgst.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c index 17b994e..7fc1030 100644 --- a/crypto/mdc2/mdc2dgst.c +++ b/crypto/mdc2/mdc2dgst.c @@ -94,7 +94,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len) if (i + len < MDC2_BLOCK) { /* partial block */ memcpy(&(c->data[i]), in, len); - c->num += (int)len; + c->num += len; return 1; } else { /* filled one */ @@ -112,7 +112,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len) j = len - i; if (j > 0) { memcpy(&(c->data[0]), &(in[i]), j); - c->num = (int)j; + c->num = j; } return 1; } -- 2.3.2 (Apple Git-55) From 51defc77437678ad9f339ecbc61e38e6adeefdd6 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Mon, 10 Aug 2015 15:36:29 -0500 Subject: [PATCH 8/9] Fix some doxygen comments Use the correct variable name, and move comments above the function declarations they document instead of below them. --- include/openssl/bn.h | 2 +- include/openssl/ecdsa.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 0fcf843..5ede740 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -383,7 +383,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); */ void BN_set_negative(BIGNUM *b, int n); /** BN_is_negative returns 1 if the BIGNUM is negative - * \param a pointer to the BIGNUM object + * \param b pointer to the BIGNUM object * \return 1 if a < 0 and 0 otherwise */ int BN_is_negative(const BIGNUM *b); diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h index f60c229..df507b1 100644 --- a/include/openssl/ecdsa.h +++ b/include/openssl/ecdsa.h @@ -288,20 +288,20 @@ void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, const ECDSA_SIG *sig, EC_KEY *eckey)); -void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); - /** Set the flags field in the ECDSA_METHOD * \param ecdsa_method pointer to existing ECDSA_METHOD * \param flags flags value to set */ -void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); +void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); /** Set the name field in the ECDSA_METHOD * \param ecdsa_method pointer to existing ECDSA_METHOD * \param name name to set */ +void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes -- 2.3.2 (Apple Git-55) From 6efdbb090c5656f92536eceae590bf384bcc2604 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Thu, 6 Aug 2015 14:10:03 -0500 Subject: [PATCH 9/9] Objects we can't compare shouldn't compare equal There is no code for handling X509_LU_FAIL or X509_LU_RETRY objects, so fall back to a pointer comparison for these cases instead of spuriously claiming that they match. --- crypto/x509/x509_lu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index ae46df8..64f5dd0 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -175,7 +175,9 @@ static int x509_object_cmp(const X509_OBJECT *const *a, break; default: /* abort(); */ - return 0; + if (a == b) + return 0; + return 1; } return ret; } -- 2.3.2 (Apple Git-55)