diff --git a/lib/internal.c b/lib/internal.c index 6f2b81a..99f9d5f 100644 --- a/lib/internal.c +++ b/lib/internal.c @@ -513,7 +513,6 @@ setting_bool_t _get_bool_config(const char *sz_setting) { char *psz_value = 0; char sz_name[256] = { 0 }; char sz_value[256] = { 0 }; - size_t i = 0; FILE *pf = 0; if ((pf = fopen(_CONFIG_FILE, "r"))) { diff --git a/lib/util.c b/lib/util.c index 09b72f9..f801d11 100644 --- a/lib/util.c +++ b/lib/util.c @@ -1329,7 +1329,6 @@ uint32_t ykpiv_util_slot_object(uint8_t slot) { ykpiv_rc _ykpiv_util_get_serial(ykpiv_state *state, uint32_t *p_serial, bool f_force) { ykpiv_rc res = YKPIV_OK; APDU apdu; - const uint8_t templ[] = { 0, YKPIV_INS_SELECT_APPLICATION, 0x04, 0 }; const uint8_t yk_applet[] = { 0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01, 0x01 }; unsigned char data[0xff]; uint32_t recv_len = sizeof(data); diff --git a/lib/ykpiv.c b/lib/ykpiv.c index 83738c3..559d09b 100644 --- a/lib/ykpiv.c +++ b/lib/ykpiv.c @@ -1493,7 +1493,6 @@ Cleanup: ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char *data, size_t *data_len) { ykpiv_rc res; - bool ret = false; unsigned char templ[] = {0, YKPIV_INS_ATTEST, key, 0}; int sw; unsigned long ul_data_len; diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index f8b72b1..4912adf 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -627,20 +627,19 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for EVP_PKEY *public_key = NULL; const EVP_MD *md; bool ret = false; - unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN]; - unsigned int digest_len; - unsigned int md_len; unsigned char algorithm; int key = 0; - unsigned char *signinput; - size_t len = 0; size_t oid_len; const unsigned char *oid; +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN]; + unsigned int md_len; + unsigned int digest_len; + unsigned char *signinput; + size_t len = 0; int nid; ASN1_TYPE null_parameter; - - null_parameter.type = V_ASN1_NULL; - null_parameter.value.ptr = NULL; +#endif key = get_slot_hex(slot); @@ -674,9 +673,6 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for goto request_out; } - md_len = (unsigned int)EVP_MD_size(md); - digest_len = sizeof(digest) - md_len; - req = X509_REQ_new(); if(!req) { fprintf(stderr, "Failed to allocate request structure.\n"); @@ -700,6 +696,12 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for } #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + null_parameter.type = V_ASN1_NULL; + null_parameter.value.ptr = NULL; + + md_len = (unsigned int)EVP_MD_size(md); + digest_len = sizeof(digest) - md_len; + memcpy(digest, oid, oid_len); /* XXX: this should probably use X509_REQ_digest() but that's buggy */ if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info, @@ -785,22 +787,21 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo X509 *x509 = NULL; X509_NAME *name = NULL; const EVP_MD *md; - unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN]; - unsigned int digest_len; unsigned char algorithm; int key = 0; - unsigned char *signinput; - size_t len = 0; size_t oid_len; const unsigned char *oid; int nid; - unsigned int md_len; ASN1_INTEGER *sno = ASN1_INTEGER_new(); BIGNUM *ser = NULL; +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN]; + unsigned int digest_len; + unsigned int md_len; + unsigned char *signinput; + size_t len = 0; ASN1_TYPE null_parameter; - - null_parameter.type = V_ASN1_NULL; - null_parameter.value.ptr = NULL; +#endif key = get_slot_hex(slot); @@ -833,9 +834,6 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo if(md == NULL) { goto selfsign_out; } - md_len = (unsigned int)EVP_MD_size(md); - digest_len = sizeof(digest) - md_len; - x509 = X509_new(); if(!x509) { fprintf(stderr, "Failed to allocate certificate structure.\n"); @@ -904,6 +902,12 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo goto selfsign_out; } #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + null_parameter.type = V_ASN1_NULL; + null_parameter.value.ptr = NULL; + + md_len = (unsigned int)EVP_MD_size(md); + digest_len = sizeof(digest) - md_len; + if(YKPIV_IS_RSA(algorithm)) { signinput = digest; len = oid_len + md_len;