[openssl] master update

Dr. Paul Dale pauli at openssl.org
Thu Dec 3 01:22:58 UTC 2020


The branch master has been updated
       via  a7e6a3d8ef4eea0e211441392b80a7acfd4a16b2 (commit)
       via  e442cdaea2fbd049fc7798a4ad39fb986f55d4de (commit)
       via  7b42408756f53d38022363e2f0ac999db7d23a65 (commit)
       via  30742e8e7f93f58964bf7619f9c1783e6b3b03fc (commit)
      from  70cae332a2c200087605f94cdccfee80c9380fbf (commit)


- Log -----------------------------------------------------------------
commit a7e6a3d8ef4eea0e211441392b80a7acfd4a16b2
Author: Pauli <paul.dale at oracle.com>
Date:   Tue Dec 1 11:30:10 2020 +1000

    tag unused function arguments as ossl_unused
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13577)

commit e442cdaea2fbd049fc7798a4ad39fb986f55d4de
Author: Pauli <paul.dale at oracle.com>
Date:   Tue Dec 1 11:18:36 2020 +1000

    remove unused initialisations
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13577)

commit 7b42408756f53d38022363e2f0ac999db7d23a65
Author: Pauli <paul.dale at oracle.com>
Date:   Tue Dec 1 11:13:08 2020 +1000

    remove unused assignments
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13577)

commit 30742e8e7f93f58964bf7619f9c1783e6b3b03fc
Author: Pauli <paul.dale at oracle.com>
Date:   Tue Dec 1 10:58:32 2020 +1000

    remove unused return value assignments
    
    Fixes: #13555
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13577)

-----------------------------------------------------------------------

Summary of changes:
 crypto/aes/aes_ige.c                               |  4 +--
 crypto/asn1/asn1_par.c                             |  4 +--
 crypto/asn1/bio_ndef.c                             |  2 +-
 crypto/asn1/tasn_dec.c                             |  2 --
 crypto/bio/b_print.c                               |  2 +-
 crypto/bn/bn_exp.c                                 |  3 ---
 crypto/evp/e_aes_cbc_hmac_sha1.c                   |  4 +--
 crypto/evp/e_aes_cbc_hmac_sha256.c                 |  5 ++--
 crypto/initthread.c                                |  2 +-
 crypto/store/store_result.c                        |  2 --
 crypto/x509/by_dir.c                               |  1 -
 crypto/x509/x509_vfy.c                             |  2 +-
 include/internal/refcount.h                        | 31 +++++++++++++++-------
 .../ciphers/cipher_aes_cbc_hmac_sha1_hw.c          |  4 +--
 .../ciphers/cipher_aes_cbc_hmac_sha256_hw.c        |  6 ++---
 providers/implementations/keymgmt/rsa_kmgmt.c      | 15 +++++------
 ssl/record/ssl3_record_tls13.c                     |  2 +-
 ssl/statem/extensions.c                            |  4 +--
 ssl/statem/extensions_clnt.c                       |  5 ++--
 ssl/statem/extensions_srvr.c                       | 12 ++++++---
 ssl/statem/statem_lib.c                            |  3 ++-
 21 files changed, 56 insertions(+), 59 deletions(-)

diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c
index bbe9bcd4f8..72fcba7a0c 100644
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@@ -50,7 +50,7 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
                      unsigned char *ivec, const int enc)
 {
     size_t n;
-    size_t len = length;
+    size_t len = length / AES_BLOCK_SIZE;
 
     if (length == 0)
         return;
@@ -59,8 +59,6 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
     OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
     OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
 
-    len = length / AES_BLOCK_SIZE;
-
     if (AES_ENCRYPT == enc) {
         if (in != out &&
             (UNALIGNED_MEMOPS_ARE_FAST
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index b2a1b3a27d..cf6d48ce10 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -72,10 +72,8 @@ static int asn1_print_info(BIO *bp, long offset, int depth, int hl, long len,
     if (saved_indent >= 0)
         BIO_set_indent(bp, saved_indent);
     if (pop_f_prefix) {
-        BIO *next = BIO_pop(bp);
-
+        BIO_pop(bp);
         BIO_free(bp);
-        bp = next;
     }
     return i;
 }
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index b86b294bf1..87c22e897c 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -121,7 +121,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
 
     ndef_aux->derbuf = p;
     *pbuf = p;
-    derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
+    ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
 
     if (*ndef_aux->boundary == NULL)
         return 0;
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 3fbf168558..09adbf5d07 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -344,7 +344,6 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
                 }
                 len -= p - q;
                 seq_eoc = 0;
-                q = p;
                 break;
             }
             /*
@@ -519,7 +518,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
     aclass = flags & ASN1_TFLG_TAG_CLASS;
 
     p = *in;
-    q = p;
 
     /*
      * If field is embedded then val needs fixing so it is a pointer to
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 8192534ef2..08d43d3bd5 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -328,7 +328,7 @@ _dopr(char **sbuffer,
                 break;
             case 'w':
                 /* not supported yet, treat as next char */
-                ch = *format++;
+                format++;
                 break;
             default:
                 /* unknown, skip */
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 15e085339b..1254415a43 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -252,7 +252,6 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
          * a window to do.  To do this we need to scan forward until the last
          * set bit before the end of the window
          */
-        j = wstart;
         wvalue = 1;
         wend = 0;
         for (i = 1; i < window; i++) {
@@ -409,7 +408,6 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
          * a window to do.  To do this we need to scan forward until the last
          * set bit before the end of the window
          */
-        j = wstart;
         wvalue = 1;
         wend = 0;
         for (i = 1; i < window; i++) {
@@ -1354,7 +1352,6 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
          * a window to do.  To do this we need to scan forward until the last
          * set bit before the end of the window
          */
-        j = wstart;
         wvalue = 1;
         wend = 0;
         for (i = 1; i < window; i++) {
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index f787d014d2..cdf5985e8b 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -702,8 +702,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 size_t off = out - p;
                 unsigned int c, cmask;
 
-                maxpad += SHA_DIGEST_LENGTH;
-                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
+                for (res = 0, i = 0, j = 0; j < maxpad + SHA_DIGEST_LENGTH; j++) {
                     c = p[j];
                     cmask =
                         ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
@@ -713,7 +712,6 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                     res |= (c ^ pmac->c[i]) & cmask;
                     i += 1 & cmask;
                 }
-                maxpad -= SHA_DIGEST_LENGTH;
 
                 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
                 ret &= (int)~res;
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 6227002395..906ec9f7fc 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -706,8 +706,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
                 size_t off = out - p;
                 unsigned int c, cmask;
 
-                maxpad += SHA256_DIGEST_LENGTH;
-                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
+                for (res = 0, i = 0, j = 0; j < maxpad + SHA256_DIGEST_LENGTH;
+                     j++) {
                     c = p[j];
                     cmask =
                         ((int)(j - off - SHA256_DIGEST_LENGTH)) >>
@@ -717,7 +717,6 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
                     res |= (c ^ pmac->c[i]) & cmask;
                     i += 1 & cmask;
                 }
-                maxpad -= SHA256_DIGEST_LENGTH;
 
                 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
                 ret &= (int)~res;
diff --git a/crypto/initthread.c b/crypto/initthread.c
index 93160f577c..8a7afbfd86 100644
--- a/crypto/initthread.c
+++ b/crypto/initthread.c
@@ -176,7 +176,7 @@ static void init_thread_remove_handlers(THREAD_EVENT_HANDLER **handsin)
             = sk_THREAD_EVENT_HANDLER_PTR_value(gtr->skhands, i);
 
         if (hands == handsin) {
-            hands = sk_THREAD_EVENT_HANDLER_PTR_delete(gtr->skhands, i);
+            sk_THREAD_EVENT_HANDLER_PTR_delete(gtr->skhands, i);
             CRYPTO_THREAD_unlock(gtr->lock);
             return;
         }
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 25100e0248..e0c0532152 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -366,8 +366,6 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data,
             *store_info_new = OSSL_STORE_INFO_new_PKEY;
 
         OPENSSL_free(new_der);
-        der = data->octet_data;
-        der_len = (long)data->octet_data_size;
     }
     CLEAR_ERR_MARK();
 
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index a13aa82403..965625973c 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -237,7 +237,6 @@ static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
     if (type == X509_LU_X509) {
         data.st_x509.cert_info.subject = (X509_NAME *)name; /* won't modify it */
         stmp.data.x509 = &data.st_x509;
-        postfix = "";
     } else if (type == X509_LU_CRL) {
         data.crl.crl.issuer = (X509_NAME *)name; /* won't modify it */
         stmp.data.crl = &data.crl;
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index d73e078cfe..2da11ecf9d 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3303,7 +3303,7 @@ static int build_chain(X509_STORE_CTX *ctx)
 
             x = xtmp;
             ++ctx->num_untrusted;
-            self_signed = X509_self_signed(xtmp, 0);
+            self_signed = X509_self_signed(x, 0);
             if (self_signed < 0) {
                 sk_X509_free(sktmp);
                 ctx->error = X509_V_ERR_UNSPECIFIED;
diff --git a/include/internal/refcount.h b/include/internal/refcount.h
index 0c07c42e26..5899e8c8e1 100644
--- a/include/internal/refcount.h
+++ b/include/internal/refcount.h
@@ -9,6 +9,8 @@
 #ifndef OSSL_INTERNAL_REFCOUNT_H
 # define OSSL_INTERNAL_REFCOUNT_H
 
+# include <openssl/e_os2.h>
+
 /* Used to checking reference counts, most while doing perl5 stuff :-) */
 # if defined(OPENSSL_NO_STDIO)
 #  if defined(REF_PRINT)
@@ -30,7 +32,8 @@
 
 typedef _Atomic int CRYPTO_REF_COUNT;
 
-static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, void *lock)
+static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret,
+                                ossl_unused void *lock)
 {
     *ret = atomic_fetch_add_explicit(val, 1, memory_order_relaxed) + 1;
     return 1;
@@ -46,7 +49,8 @@ static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, void *lock)
  * to mutable members doesn't have to be serialized anymore, which would
  * otherwise imply an acquire fence. Hence conditional acquire fence...
  */
-static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, void *lock)
+static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret,
+                                  ossl_unused void *lock)
 {
     *ret = atomic_fetch_sub_explicit(val, 1, memory_order_relaxed) - 1;
     if (*ret == 0)
@@ -60,13 +64,14 @@ static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, void *lock)
 
 typedef int CRYPTO_REF_COUNT;
 
-static __inline__ int CRYPTO_UP_REF(int *val, int *ret, void *lock)
+static __inline__ int CRYPTO_UP_REF(int *val, int *ret, ossl_unused void *lock)
 {
     *ret = __atomic_fetch_add(val, 1, __ATOMIC_RELAXED) + 1;
     return 1;
 }
 
-static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, void *lock)
+static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret,
+                                      ossl_unused void *lock)
 {
     *ret = __atomic_fetch_sub(val, 1, __ATOMIC_RELAXED) - 1;
     if (*ret == 0)
@@ -77,13 +82,15 @@ static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, void *lock)
 #   define HAVE_ATOMICS 1
 typedef volatile int CRYPTO_REF_COUNT;
 
-static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock)
+static __inline int CRYPTO_UP_REF(volatile int *val, int *ret,
+                                  ossl_unused void *lock)
 {
     *ret = _InterlockedExchangeAdd((void *)val, 1) + 1;
     return 1;
 }
 
-static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
+static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret,
+                                    ossl_unused void *lock)
 {
     *ret = _InterlockedExchangeAdd((void *)val, -1) - 1;
     return 1;
@@ -101,13 +108,15 @@ typedef volatile int CRYPTO_REF_COUNT;
 #     define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH
 #    endif
 
-static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock)
+static __inline int CRYPTO_UP_REF(volatile int *val, int *ret,
+                                  ossl_unused void *lock)
 {
     *ret = _InterlockedExchangeAdd_nf(val, 1) + 1;
     return 1;
 }
 
-static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
+static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret,
+                                    ossl_unused void *lock)
 {
     *ret = _InterlockedExchangeAdd_nf(val, -1) - 1;
     if (*ret == 0)
@@ -127,13 +136,15 @@ static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
 #     endif
 #    endif
 
-static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock)
+static __inline int CRYPTO_UP_REF(volatile int *val, int *ret,
+                                  ossl_unused void *lock)
 {
     *ret = _InterlockedExchangeAdd(val, 1) + 1;
     return 1;
 }
 
-static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
+static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret,
+                                    ossl_unused void *lock)
 {
     *ret = _InterlockedExchangeAdd(val, -1) - 1;
     return 1;
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
index 5be237b485..bd1c611b42 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -603,8 +603,7 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx,
                 size_t off = out - p;
                 unsigned int c, cmask;
 
-                maxpad += SHA_DIGEST_LENGTH;
-                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
+                for (res = 0, i = 0, j = 0; j < maxpad + SHA_DIGEST_LENGTH; j++) {
                     c = p[j];
                     cmask =
                         ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
@@ -614,7 +613,6 @@ static int aesni_cbc_hmac_sha1_cipher(PROV_CIPHER_CTX *vctx,
                     res |= (c ^ pmac->c[i]) & cmask;
                     i += 1 & cmask;
                 }
-                maxpad -= SHA_DIGEST_LENGTH;
 
                 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
                 ret &= (int)~res;
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
index 03d06f8870..7001dfcd1c 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
@@ -655,8 +655,9 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx,
                 size_t off = out - p;
                 unsigned int c, cmask;
 
-                maxpad += SHA256_DIGEST_LENGTH;
-                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
+                for (res = 0, i = 0, j = 0;
+                     j < maxpad + SHA256_DIGEST_LENGTH;
+                     j++) {
                     c = p[j];
                     cmask =
                         ((int)(j - off - SHA256_DIGEST_LENGTH)) >>
@@ -666,7 +667,6 @@ static int aesni_cbc_hmac_sha256_cipher(PROV_CIPHER_CTX *vctx,
                     res |= (c ^ pmac->c[i]) & cmask;
                     i += 1 & cmask;
                 }
-                maxpad -= SHA256_DIGEST_LENGTH;
 
                 res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
                 ret &= (int)~res;
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index feee131328..9648c5f65d 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -327,16 +327,13 @@ static int rsa_get_params(void *key, OSSL_PARAM params[])
      */
     if ((p = OSSL_PARAM_locate(params,
                                OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL
-        && rsa_type == RSA_FLAG_TYPE_RSASSAPSS) {
-        const char *mdname = RSA_PSS_DEFAULT_MD;
+        && rsa_type == RSA_FLAG_TYPE_RSASSAPSS
+        && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) {
+        const char *mdname =
+            ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params));
 
-        if (!ossl_rsa_pss_params_30_is_unrestricted(pss_params)) {
-            mdname =
-                ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params));
-
-            if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname))
-                return 0;
-        }
+        if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname))
+            return 0;
     }
     return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS
             || ossl_rsa_pss_params_30_todata(pss_params, NULL, params))
diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
index 71ae51f570..0e4b310148 100644
--- a/ssl/record/ssl3_record_tls13.c
+++ b/ssl/record/ssl3_record_tls13.c
@@ -21,7 +21,7 @@
  *    1: if the record encryption/decryption was successful.
  */
 int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
-              SSL_MAC_BUF *mac, size_t macsize)
+              ossl_unused SSL_MAC_BUF *mac, ossl_unused size_t macsize)
 {
     EVP_CIPHER_CTX *ctx;
     unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH];
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index c702abb315..a4e60d417c 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1129,7 +1129,7 @@ static int init_sig_algs(SSL *s, unsigned int context)
     return 1;
 }
 
-static int init_sig_algs_cert(SSL *s, unsigned int context)
+static int init_sig_algs_cert(SSL *s, ossl_unused unsigned int context)
 {
     /* Clear any signature algorithms extension received */
     OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
@@ -1674,7 +1674,7 @@ static int final_maxfragmentlen(SSL *s, unsigned int context, int sent)
     return 1;
 }
 
-static int init_post_handshake_auth(SSL *s, unsigned int context)
+static int init_post_handshake_auth(SSL *s, ossl_unused unsigned int context)
 {
     s->post_handshake_auth = SSL_PHA_NONE;
 
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index f01cb3c2f3..14dd7cfc76 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1158,8 +1158,9 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
 }
 
 EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt,
-                                                  unsigned int context,
-                                                  X509 *x, size_t chainidx)
+                                                  ossl_unused unsigned int context,
+                                                  ossl_unused X509 *x,
+                                                  ossl_unused size_t chainidx)
 {
 #ifndef OPENSSL_NO_TLS1_3
     if (!s->pha_enabled)
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index c3657f7e3f..2a6d89558b 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -267,8 +267,10 @@ int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
     return 1;
 }
 
-int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context,
-                                 X509 *x, size_t chainidx)
+int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt,
+                                 ossl_unused unsigned int context,
+                                 ossl_unused X509 *x,
+                                 ossl_unused size_t chainidx)
 {
     PACKET supported_sig_algs;
 
@@ -1214,8 +1216,10 @@ err:
     return 0;
 }
 
-int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, unsigned int context,
-                                       X509 *x, size_t chainidx)
+int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt,
+                                       ossl_unused unsigned int context,
+                                       ossl_unused X509 *x,
+                                       ossl_unused size_t chainidx)
 {
     if (PACKET_remaining(pkt) != 0) {
         SSLfatal(s, SSL_AD_DECODE_ERROR,
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 0773b42e0e..5d89b75c05 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1043,7 +1043,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
  * in NBIO events. If |clearbufs| is set then init_buf and the wbio buffer is
  * freed up as well.
  */
-WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
+WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
+                                int clearbufs, int stop)
 {
     void (*cb) (const SSL *ssl, int type, int val) = NULL;
     int cleanuphand = s->statem.cleanuphand;


More information about the openssl-commits mailing list