Some fixes for kerberos builds.

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index b2ed383c3429bdef0dfb1279e348a8a646984916..0ad96dc3cdf5df178c5f171e56c8e5653796c8df 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -115,6 +115,9 @@
 
 #include <stdio.h>
 #include "ssl_locl.h"
+#ifndef OPENSSL_NO_KRB5
+#include "kssl_lcl.h"
+#endif
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
@@ -892,7 +895,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                                sizeof tmp_buf);
                        EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
                        outl += padl;
-                       if (outl > sizeof epms)
+                       if (outl > (int)sizeof epms)
                                {
                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                goto err;

diff --git a/ssl/kssl.c b/ssl/kssl.c
index 73401c92a3e9be7a449c0e4be682100b6d6ea7aa..4d507073b8e4a20e84d00e42f9f7c3abb60a9f3d 100644 (file)
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -76,6 +76,7 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/krb5_asn.h>
+#include "kssl_lcl.h"
 
 #ifndef OPENSSL_NO_KRB5
 
@@ -131,7 +132,7 @@
 #define krb5_principal_compare   kssl_krb5_principal_compare
 #define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part
 #define krb5_timeofday           kssl_krb5_timeofday
-#define krb5_rc_default           kssl_krb5_rc_default
+#define krb5_rc_default          kssl_krb5_rc_default
 
 #ifdef krb5_rc_initialize
 #undef krb5_rc_initialize
@@ -839,7 +840,7 @@ kssl_map_enc(krb5_enctype enctype)
 **     "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
 **     xx and yy are possibly multi-byte length fields.
 */
-int    kssl_test_confound(unsigned char *p)
+static int     kssl_test_confound(unsigned char *p)
        {
        int     len = 2;
        int     xx = 0, yy = 0;
@@ -874,7 +875,7 @@ int         kssl_test_confound(unsigned char *p)
 **      what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2
 **      it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.
 */
-size_t  *populate_cksumlens(void)
+static size_t  *populate_cksumlens(void)
        {
        int             i, j, n;
        static size_t   *cklens = NULL;
@@ -1025,7 +1026,7 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
 /*     Display contents of krb5_principal_data struct, for debugging
 **     (krb5_principal is typedef'd == krb5_principal_data *)
 */
-void
+static void
 print_krb5_princ(char *label, krb5_principal_data *princ)
         {
        int i, ui, uj;
@@ -1224,7 +1225,7 @@ kssl_cget_tkt(    /* UPDATE */    KSSL_CTX *kssl_ctx,
 **                             code here.  This tkt should alloc/free just
 **                             like the real thing.
 */
-krb5_error_code
+static krb5_error_code
 kssl_TKT2tkt(  /* IN     */    krb5_context    krb5context,
                /* IN     */    KRB5_TKTBODY    *asn1ticket,
                /* OUT    */    krb5_ticket     **krb5ticket,
@@ -1899,7 +1900,7 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
 **  Return pointer to the (partially) filled in struct tm on success,
 **  return NULL on failure.
 */
-struct tm      *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
+static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
        {
        char            c, *p;
 
@@ -1925,7 +1926,7 @@ struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
 **  So we try to sneek the clockskew out through the replay cache.
 **     If that fails just return a likely default (300 seconds).
 */
-krb5_deltat    get_rc_clockskew(krb5_context context)
+static krb5_deltat get_rc_clockskew(krb5_context context)
        {
        krb5_rcache     rc;
        krb5_deltat     clockskew;

diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h
index 4cd8dd2d7fe4c970ebcd34d2f853bf572505f770..c039c91b4ec64938134aef59e83e9e4ce80ae0d7 100644 (file)
--- a/ssl/kssl_lcl.h
+++ b/ssl/kssl_lcl.h
@@ -75,7 +75,7 @@ void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
 char *kstring(char *string);
 char *knumber(int len, krb5_octet *contents);
 
-EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
+const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
 
 int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
 int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index ceab11eb4aea730dec1f0a73ef032ab2d8444f7a..e0bfd0ceaf00c5f3ba3ab2265733341ff0712372 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2034,7 +2034,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                        krb5_data       *enc_ticket;
                        krb5_data       authenticator, *authp = NULL;
                        EVP_CIPHER_CTX  ciph_ctx;
-                       EVP_CIPHER      *enc = NULL;
+                       const EVP_CIPHER *enc = NULL;
                        unsigned char   iv[EVP_MAX_IV_LENGTH];
                        unsigned char   tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
                        unsigned char   epms[SSL_MAX_MASTER_KEY_LENGTH 
@@ -2137,7 +2137,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                                sizeof tmp_buf);
                        EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
                        outl += padl;
-                       if (outl > sizeof epms)
+                       if (outl > (int)sizeof epms)
                                {
                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
                                goto err;

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 55b2166d2b0a702d6ebffeb73a6f4d115a2727f8..358bae32e9576b0e149baf16a89b0d06556d71eb 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2065,7 +2065,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                krb5_data               enc_pms;
                KSSL_CTX                *kssl_ctx = s->kssl_ctx;
                EVP_CIPHER_CTX          ciph_ctx;
-               EVP_CIPHER              *enc = NULL;
+               const EVP_CIPHER        *enc = NULL;
                unsigned char           iv[EVP_MAX_IV_LENGTH];
                unsigned char           pms[SSL_MAX_MASTER_KEY_LENGTH
                                               + EVP_MAX_BLOCK_LENGTH];