[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Wed Dec 9 23:11:44 UTC 2015
The branch master has been updated
via 60f43e9e4d883394c9cf601f667d5d188fe84308 (commit)
via f8d3ab49283ef6fa760da8b69aa5dfc4e83b0f01 (commit)
from 5e030525606d365f4f14a384d0b67f1cb38f2c6e (commit)
- Log -----------------------------------------------------------------
commit 60f43e9e4d883394c9cf601f667d5d188fe84308
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Dec 9 23:59:04 2015 +0100
Fix warnings about unused variables when EC is disabled.
Reviewed-by: Stephen Henson <steve at openssl.org>
commit f8d3ab49283ef6fa760da8b69aa5dfc4e83b0f01
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Dec 9 23:56:57 2015 +0100
Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h
Most of all, that has inclusion of openssl/engine.h work even if EC
has been disabled. This is the same as has been done for DH, DSA, RSA
and more...
Reviewed-by: Stephen Henson <steve at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
include/openssl/ec.h | 3 ---
include/openssl/ossl_typ.h | 3 +++
ssl/ssl_lib.c | 8 ++------
ssl/statem/statem_clnt.c | 7 +++++--
4 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 9f0a009..a7793b8 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -740,9 +740,6 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
/* EC_KEY functions */
/********************************************************************/
-typedef struct ec_key_st EC_KEY;
-typedef struct ec_key_method_st EC_KEY_METHOD;
-
/* some values for the encoding_flag */
# define EC_PKEY_NO_PARAMETERS 0x001
# define EC_PKEY_NO_PUBKEY 0x002
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index 167974b..a6d07a0 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -148,6 +148,9 @@ typedef struct dsa_method DSA_METHOD;
typedef struct rsa_st RSA;
typedef struct rsa_meth_st RSA_METHOD;
+typedef struct ec_key_st EC_KEY;
+typedef struct ec_key_method_st EC_KEY_METHOD;
+
typedef struct rand_meth_st RAND_METHOD;
typedef struct x509_st X509;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 3ca7c3f..e9da27e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2001,7 +2001,9 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
{
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_GOST)
CERT_PKEY *cpk;
+#endif
CERT *c = s->cert;
uint32_t *pvalid = s->s3->tmp.valid_flags;
int rsa_enc, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
@@ -2021,17 +2023,11 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
dh_tmp = 0;
#endif
- cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID;
- cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN;
- cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN;
- cpk = &(c->pkeys[SSL_PKEY_DH_RSA]);
dh_rsa = pvalid[SSL_PKEY_DH_RSA] & CERT_PKEY_VALID;
- cpk = &(c->pkeys[SSL_PKEY_DH_DSA]);
dh_dsa = pvalid[SSL_PKEY_DH_DSA] & CERT_PKEY_VALID;
- cpk = &(c->pkeys[SSL_PKEY_ECC]);
#ifndef OPENSSL_NO_EC
have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
#endif
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 60c0983..7c98228 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3101,7 +3101,10 @@ int tls_construct_client_certificate(SSL *s)
int ssl3_check_cert_and_algorithm(SSL *s)
{
- int i, idx;
+ int i;
+#ifndef OPENSSL_NO_EC
+ int idx;
+#endif
long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
#ifndef OPENSSL_NO_DH
@@ -3121,8 +3124,8 @@ int ssl3_check_cert_and_algorithm(SSL *s)
/* This is the passed certificate */
- idx = s->session->peer_type;
#ifndef OPENSSL_NO_EC
+ idx = s->session->peer_type;
if (idx == SSL_PKEY_ECC) {
if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s) == 0) {
/* check failed */
More information about the openssl-commits
mailing list