Updated patch series to address a couple of comments from Ben (made on now-orphaned github commits). Still available on github at a rebased https://github.com/kaduk/openssl/commits/warning-cleanup .
-Ben
>From 4b8104dc7fc3450e43edc1a4fd52ece2ed35929a Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk <[email protected]> Date: Thu, 6 Aug 2015 13:38:25 -0500 Subject: [PATCH 1/7] Remove some dead code A duplicate break is not needed inside the preprocessor conditional. There is no need to assign to ret after an infinite loop with no break statements. EXIT() will not return (and even if it did, there's no harm in falling off the end of main()). However, EVP_MD_CTX_cleanup() is probably worth doing before EXIT(), so move it up. --- apps/s_client.c | 2 -- test/sha1test.c | 3 +-- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index d76f921..9fc8c8c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -830,7 +830,6 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_err, "Error getting client auth engine\n"); goto opthelp; } - break; #endif break; case OPT_RAND: @@ -2002,7 +2001,6 @@ int s_client_main(int argc, char **argv) } } - ret = 0; shut: if (in_init) print_stuff(bio_c_out, con, full_log); diff --git a/test/sha1test.c b/test/sha1test.c index cc3633d..2bb65e8 100644 --- a/test/sha1test.c +++ b/test/sha1test.c @@ -136,9 +136,8 @@ int main(int argc, char *argv[]) if (err) printf("ERROR: %d\n", err); #endif - EXIT(err); EVP_MD_CTX_cleanup(&c); - return (0); + EXIT(err); } static char *pt(unsigned char *md) -- 1.9.1 >From 31d55b8af67c89e1496e32f9f95d45daef171fc9 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk <[email protected]> Date: Thu, 6 Aug 2015 13:54:12 -0500 Subject: [PATCH 2/7] constify format string variables to appease -Wformat-nonliteral Only one warning is actually eliminated, though, since (emprically) only string constants or variables of type char const * const will avoid the warning. There are several places where we use a variable to hold one of a handful of different format strings, which are not trivially disentangled. The warning is not especially useful anyway, so there's no need to try too hard to avoid it. --- apps/ocsp.c | 2 +- ssl/ssl_ciph.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 960b776..21ae581 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1167,7 +1167,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) { - char http_resp[] = + const char http_resp[] = "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" "Content-Length: %d\r\n\r\n"; if (!cbio) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 46763d7..793ee47 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1608,7 +1608,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) const char *ver, *exp_str; const char *kx, *au, *enc, *mac; unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; - static const char *format = + static const char * const format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; alg_mkey = cipher->algorithm_mkey; -- 1.9.1 >From 98746d249f750986cdf21ead522127d2dcebd6a7 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk <[email protected]> Date: Thu, 6 Aug 2015 14:53:45 -0500 Subject: [PATCH 3/7] Improve documentation for BIO_set_conn_int_port BIO_set_conn_int_port is a macro; we can document the type of its arguments as whatever we want, regardless of what casts we apply internally. Make the prototype match what type we want the input pointer to be and remove a separate note to that effect. --- doc/crypto/BIO_s_connect.pod | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod index 4efd567..0dc2e06 100644 --- a/doc/crypto/BIO_s_connect.pod +++ b/doc/crypto/BIO_s_connect.pod @@ -18,7 +18,7 @@ BIO_set_nbio, BIO_do_connect - connect BIO long BIO_set_conn_hostname(BIO *b, char *name); long BIO_set_conn_port(BIO *b, char *port); long BIO_set_conn_ip(BIO *b, char *ip); - long BIO_set_conn_int_port(BIO *b, char *port); + long BIO_set_conn_int_port(BIO *b, int *port); char *BIO_get_conn_hostname(BIO *b); char *BIO_get_conn_port(BIO *b); char *BIO_get_conn_ip(BIO *b, dummy); @@ -70,8 +70,7 @@ list is http, telnet, socks, https, ssl, ftp, and gopher. BIO_set_conn_ip() sets the IP address to B<ip> using binary form, that is four bytes specifying the IP address in big-endian form. -BIO_set_conn_int_port() sets the port using B<port>. B<port> should -be of type (int *). +BIO_set_conn_int_port() sets the port using B<port>. BIO_get_conn_hostname() returns the hostname of the connect BIO or NULL if the BIO is initialized but no hostname is set. -- 1.9.1 >From 25a371aec9d5e14b1e25583f29e3a28adf708164 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk <[email protected]> Date: Thu, 6 Aug 2015 19:03:05 -0500 Subject: [PATCH 4/7] Cleanup some global declarations Commit df2ee0e27d2db02660c1d15fe6a3e38be9df0a60 added declarations of the globals used in the verification callback to the apps.h header; remove the now-redundant redeclarations from the files that set them. --- apps/s_client.c | 5 ----- apps/s_server.c | 2 -- apps/s_time.c | 3 --- 3 files changed, 10 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 9fc8c8c..4adea39 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -176,11 +176,6 @@ typedef unsigned int u_int; #undef BUFSIZZ #define BUFSIZZ 1024*8 -extern int verify_depth; -extern int verify_error; -extern int verify_return_error; -extern int verify_quiet; - static int c_nbio = 0; static int c_tlsextdebug = 0; static int c_status_req = 0; diff --git a/apps/s_server.c b/apps/s_server.c index f705393..1f4a42b 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -219,8 +219,6 @@ static int accept_socket = -1; #define TEST_CERT "server.pem" #define TEST_CERT2 "server2.pem" -extern int verify_depth, verify_return_error, verify_quiet; - static int s_server_verify = SSL_VERIFY_NONE; static int s_server_session_id_context = 1; /* anything will do */ static const char *s_cert_file = TEST_CERT, *s_key_file = diff --git a/apps/s_time.c b/apps/s_time.c index 6514fb2..9141d46 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -101,9 +101,6 @@ #define SECONDS 30 #define SECONDSSTR "30" -extern int verify_depth; -extern int verify_error; - static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx); typedef enum OPTION_choice { -- 1.9.1 >From 24d0b2ce5b6375abf8f150abb002799a29dc9256 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk <[email protected]> Date: Mon, 10 Aug 2015 14:54:55 -0500 Subject: [PATCH 5/7] Remove useless casts to int In an expression of the form: [unsigned int] = (int)[size_t]; the cast to int serves only to invoke implementation-defined behavior, since size_t is unsigned. Remove such casts from mdc2dgst.c. Also change the num element of struct mdc2_ctx_st to be a size_t instead of unsigned int, so as to have the assignments mentioned above store to a variable of the same width. --- crypto/mdc2/mdc2dgst.c | 4 ++-- include/openssl/mdc2.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c index 17b994e..7fc1030 100644 --- a/crypto/mdc2/mdc2dgst.c +++ b/crypto/mdc2/mdc2dgst.c @@ -94,7 +94,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len) if (i + len < MDC2_BLOCK) { /* partial block */ memcpy(&(c->data[i]), in, len); - c->num += (int)len; + c->num += len; return 1; } else { /* filled one */ @@ -112,7 +112,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len) j = len - i; if (j > 0) { memcpy(&(c->data[0]), &(in[i]), j); - c->num = (int)j; + c->num = j; } return 1; } diff --git a/include/openssl/mdc2.h b/include/openssl/mdc2.h index c2438c8..6aea9b1 100644 --- a/include/openssl/mdc2.h +++ b/include/openssl/mdc2.h @@ -73,7 +73,7 @@ extern "C" { # define MDC2_DIGEST_LENGTH 16 typedef struct mdc2_ctx_st { - unsigned int num; + size_t num; unsigned char data[MDC2_BLOCK]; DES_cblock h, hh; int pad_type; /* either 1 or 2, default 1 */ -- 1.9.1 >From f4c654ca7b0655d909171ead35864e90b126442d Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk <[email protected]> Date: Mon, 10 Aug 2015 15:36:29 -0500 Subject: [PATCH 6/7] Fix some doxygen comments Use the correct variable name, and move comments above the function declarations they document instead of below them. --- include/openssl/bn.h | 4 ++-- include/openssl/ecdsa.h | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 0fcf843..f709b87 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -383,8 +383,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); */ void BN_set_negative(BIGNUM *b, int n); /** BN_is_negative returns 1 if the BIGNUM is negative - * \param a pointer to the BIGNUM object - * \return 1 if a < 0 and 0 otherwise + * \param b pointer to the BIGNUM object + * \return 1 if b < 0 and 0 otherwise */ int BN_is_negative(const BIGNUM *b); diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h index 4a02a01..bb02592 100644 --- a/include/openssl/ecdsa.h +++ b/include/openssl/ecdsa.h @@ -288,20 +288,20 @@ void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, const ECDSA_SIG *sig, EC_KEY *eckey)); -void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); - /** Set the flags field in the ECDSA_METHOD * \param ecdsa_method pointer to existing ECDSA_METHOD * \param flags flags value to set */ -void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); +void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); /** Set the name field in the ECDSA_METHOD * \param ecdsa_method pointer to existing ECDSA_METHOD * \param name name to set */ +void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes -- 1.9.1 >From 105c552c46912ef2f018410e4f64e6b41ef305f0 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk <[email protected]> Date: Mon, 14 Sep 2015 10:37:01 -0500 Subject: [PATCH 7/7] Avoid empty compilation units while PEDANTIC Pedantic warnings note that empty compilation units are forbidden by the C standard, and error out with --strict-warnings. Supply a dummy statement in this case to let the build continue. --- crypto/evp/e_seed.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c index c948a8f..e5046aa 100644 --- a/crypto/evp/e_seed.c +++ b/crypto/evp/e_seed.c @@ -79,4 +79,10 @@ static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } +#else /* ! OPENSSL_NO_SEED */ + +# if PEDANTIC +static void *dummy = &dummy; +# endif + #endif -- 1.9.1
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
