diff options
| -rw-r--r-- | src/pluto/ac.c | 10 | ||||
| -rw-r--r-- | src/pluto/connections.c | 4 | ||||
| -rw-r--r-- | src/pluto/crl.c | 2 | ||||
| -rw-r--r-- | src/pluto/demux.c | 2 | ||||
| -rw-r--r-- | src/pluto/fetch.c | 2 | ||||
| -rw-r--r-- | src/pluto/ike_alg.c | 3 | ||||
| -rw-r--r-- | src/pluto/ipsec_doi.c | 11 | ||||
| -rw-r--r-- | src/pluto/keys.c | 6 | ||||
| -rw-r--r-- | src/pluto/smartcard.c | 8 | ||||
| -rw-r--r-- | src/pluto/spdb.c | 12 |
10 files changed, 26 insertions, 34 deletions
diff --git a/src/pluto/ac.c b/src/pluto/ac.c index 58dfd8850..2914426be 100644 --- a/src/pluto/ac.c +++ b/src/pluto/ac.c @@ -599,16 +599,6 @@ parse_ac(chunk_t blob, x509acert_t *ac) } /* - * compare two X.509 attribute certificates by comparing their signatures - */ -static bool -same_x509acert(x509acert_t *a, x509acert_t *b) -{ - return a->signature.len == b->signature.len && - memcmp(a->signature.ptr, b->signature.ptr, b->signature.len) == 0; -} - -/* * release an ietfAttribute, free it if count reaches zero */ static void diff --git a/src/pluto/connections.c b/src/pluto/connections.c index 2f0778ffe..941c6ad85 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -2354,7 +2354,7 @@ initiate_opportunistic_body(struct find_oppo_bundle *b * DNS query (if any). It also selects the kind of the next step. * The second chunk initiates the next DNS query (if any). */ - enum find_oppo_step next_step; + enum find_oppo_step next_step = fos_myid_ip_txt; err_t ugh = ac_ugh; char mycredentialstr[BUF_LEN]; char cib[CONN_INST_BUF]; @@ -3279,7 +3279,7 @@ refine_host_connection(const struct state *st, const struct id *peer_id struct connection *d; struct connection *best_found = NULL; u_int16_t auth = st->st_oakley.auth; - lset_t auth_policy; + lset_t auth_policy = POLICY_PSK; const chunk_t *psk = NULL; bool wcpip; /* wildcard Peer IP? */ int best_prio = PRIO_NO_MATCH_FOUND; diff --git a/src/pluto/crl.c b/src/pluto/crl.c index 080d501ca..7970bacce 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -406,7 +406,7 @@ parse_x509crl(chunk_t blob, u_int level0, x509crl_t *crl) asn1_ctx_t ctx; bool critical; chunk_t extnID; - chunk_t userCertificate; + chunk_t userCertificate = empty_chunk; chunk_t object; u_int level; int objectID = 0; diff --git a/src/pluto/demux.c b/src/pluto/demux.c index 912ab3a73..4a28367e1 100644 --- a/src/pluto/demux.c +++ b/src/pluto/demux.c @@ -2167,7 +2167,7 @@ complete_state_transition(struct msg_digest **mdp, stf_status result) /* Schedule for whatever timeout is specified */ { - time_t delay; + time_t delay = UNDEFINED_TIME; enum event_type kind = smc->timeout_event; bool agreed_time = FALSE; struct connection *c = st->st_connection; diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c index 069ef2966..ac9ccc91c 100644 --- a/src/pluto/fetch.c +++ b/src/pluto/fetch.c @@ -825,7 +825,9 @@ fetch_thread(void *arg) void init_fetch(void) { +#if defined(LIBCURL) || defined (THREADS) int status; +#endif #ifdef LIBCURL /* init curl */ diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index 69b487f91..4f8b88170 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -521,9 +521,6 @@ ike_alg_test(void) for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next) { - - struct encrypt_desc *desc = (struct encrypt_desc*)a; - plog(" %s self-test not available", enum_name(&oakley_enc_names, a->algo_id)); } diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index c564de6b9..d68000540 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -952,7 +952,6 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor /* SA out */ { u_char *sa_start = rbody.cur; - lset_t auth_policy = policy & POLICY_ID_AUTH_MASK; if (!out_sa(&rbody, &oakley_sadb, st, TRUE , vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE)) @@ -2800,7 +2799,7 @@ compute_proto_keymat(struct state *st , u_int8_t protoid , struct ipsec_proto_info *pi) { - size_t needed_len; /* bytes of keying material needed */ + size_t needed_len = 0; /* bytes of keying material needed */ /* Add up the requirements for keying material * (It probably doesn't matter if we produce too much!) @@ -3754,7 +3753,7 @@ main_id_and_auth(struct msg_digest *md struct key_continuation *nkc = alloc_thing(struct key_continuation, "key continuation"); enum key_oppo_step step_done = kc == NULL? kos_null : kc->step; - err_t ugh; + err_t ugh = NULL; /* Record that state is used by a suspended md */ passert(st->st_suspended_md == NULL); @@ -4308,7 +4307,7 @@ report_verify_failure(struct verify_oppo_bundle *b, err_t ugh) char fgwb[ADDRTOT_BUF] , cb[ADDRTOT_BUF]; ip_address client; - err_t which; + err_t which = NULL; switch (b->step) { @@ -4384,7 +4383,7 @@ quick_inI1_outR1_start_query(struct verify_oppo_bundle *b , *our_id /* needed for myid playing */ , our_id_space; /* ephemeral: no need for unshare_id_content */ ip_address client; - err_t ugh; + err_t ugh = NULL; /* Record that state is used by a suspended md */ b->step = next_step; /* not just vc->b.step */ @@ -4495,7 +4494,7 @@ quick_inI1_outR1_process_answer(struct verify_oppo_bundle *b , struct state *p1st) { struct connection *c = p1st->st_connection; - enum verify_oppo_step next_step; + enum verify_oppo_step next_step = vos_our_client; err_t ugh = NULL; DBG(DBG_CONTROL, diff --git a/src/pluto/keys.c b/src/pluto/keys.c index edda8add0..0d2efc9ca 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -83,7 +83,7 @@ static pubkey_t* allocate_RSA_public_key(const cert_t cert) { pubkey_t *pk = alloc_thing(pubkey_t, "pubkey"); - chunk_t e, n; + chunk_t e = empty_chunk, n = empty_chunk; switch (cert.type) { @@ -335,7 +335,7 @@ get_x509_private_key(const x509cert_t *cert) { secret_t *s; const RSA_private_key_t *pri = NULL; - const cert_t c = {CERT_X509_SIGNATURE, {cert}}; + const cert_t c = {CERT_X509_SIGNATURE, {(x509cert_t*)cert}}; pubkey_t *pubkey = allocate_RSA_public_key(c); @@ -1473,7 +1473,7 @@ add_pgp_public_key(pgpcert_t *cert , time_t until void remove_x509_public_key(const x509cert_t *cert) { - const cert_t c = {CERT_X509_SIGNATURE, {cert}}; + const cert_t c = {CERT_X509_SIGNATURE, {(x509cert_t*)cert}}; pubkey_list_t *p, **pp; pubkey_t *revoked_pk; diff --git a/src/pluto/smartcard.c b/src/pluto/smartcard.c index 3e93c79ab..a458d528a 100644 --- a/src/pluto/smartcard.c +++ b/src/pluto/smartcard.c @@ -701,7 +701,7 @@ void scx_init(const char* module, const char *init_args) { #ifdef SMARTCARD - CK_C_INITIALIZE_ARGS args = { .pReserved = init_args, }; + CK_C_INITIALIZE_ARGS args = { .pReserved = (char *)init_args, }; CK_RV rv; if (scx_initialized) @@ -1442,7 +1442,7 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen if (rv == CKR_FUNCTION_NOT_SUPPORTED) { RSA_public_key_t rsa; - chunk_t plain_text = {in, inlen}; + chunk_t plain_text = {(u_char*)in, inlen}; chunk_t cipher_text; DBG(DBG_CONTROL, @@ -1496,7 +1496,7 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen DBG(DBG_CONTROL, DBG_log("doing RSA encryption on smartcard") ) - rv = pkcs11_functions->C_Encrypt(sc->session, in, inlen + rv = pkcs11_functions->C_Encrypt(sc->session, (u_char*)in, inlen , out, &len); if (rv != CKR_OK) { @@ -1570,7 +1570,7 @@ scx_decrypt(smartcard_t *sc, const u_char *in, size_t inlen return FALSE; } - rv = pkcs11_functions->C_Decrypt(sc->session, in, inlen + rv = pkcs11_functions->C_Decrypt(sc->session, (u_char*)in, inlen , out, &len); if (rv != CKR_OK) { diff --git a/src/pluto/spdb.c b/src/pluto/spdb.c index 699ab4eff..00a312a50 100644 --- a/src/pluto/spdb.c +++ b/src/pluto/spdb.c @@ -296,9 +296,9 @@ out_sa(pb_stream *outs struct db_prop *p = &pc->props[pn]; pb_stream proposal_pbs; struct isakmp_proposal proposal; - struct_desc *trans_desc; - struct_desc *attr_desc; - enum_names **attr_val_descs; + struct_desc *trans_desc = NULL; + struct_desc *attr_desc = NULL; + enum_names **attr_val_descs = NULL; int tn; bool tunnel_mode; @@ -1166,6 +1166,8 @@ parse_isakmp_sa_body(u_int32_t ipsecdoisit case OAKLEY_GROUP_ORDER | ISAKMP_ATTR_AF_TLV: #endif default: + /* fix compiler warning */ + memset(&ta, 0, sizeof(ta)); ugh = "unsupported OAKLEY attribute"; break; } @@ -1761,7 +1763,9 @@ parse_ipsec_sa_body( { int propno = next_proposal.isap_proposal; pb_stream ah_prop_pbs, esp_prop_pbs, ipcomp_prop_pbs; - struct isakmp_proposal ah_proposal, esp_proposal, ipcomp_proposal; + struct isakmp_proposal ah_proposal = {0, 0, 0, 0, 0, 0, 0}; + struct isakmp_proposal esp_proposal = {0, 0, 0, 0, 0, 0, 0}; + struct isakmp_proposal ipcomp_proposal = {0, 0, 0, 0, 0, 0, 0}; ipsec_spi_t ah_spi = 0; ipsec_spi_t esp_spi = 0; ipsec_spi_t ipcomp_cpi = 0; |