- Fixes for patch (includes, declarations, warnings).

git-svn-id: file:///svn/unbound/trunk@5060 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -6,6 +6,7 @@
 	  library compatibility when compiling.
 	- Patch for TLS session resumption from Manabu Sonoda,
 	  enable with tls-session-ticket-keys in unbound.conf.
+	- Fixes for patch (includes, declarations, warnings).
 
 22 January 2018: Wouter
 	- Fix space calculation for tcp req buffer size.

util/config_file.h

@@ -120,7 +120,7 @@ struct config_file {
 	int tls_win_cert;
 	/** additional tls ports */
 	struct config_strlist* tls_additional_port;
-	/** secret key used to encrypt and decrypt TLS session ticket -**/
+	/** secret key used to encrypt and decrypt TLS session ticket */
 	struct config_strlist* tls_session_ticket_keys;
 	/** TLS ciphers */
 	char* tls_ciphers;

util/net_help.c

@@ -43,12 +43,14 @@
 #include "util/data/dname.h"
 #include "util/module.h"
 #include "util/regional.h"
+#include "util/config_file.h"
 #include "sldns/parseutil.h"
 #include "sldns/wire2str.h"
 #include <fcntl.h>
 #ifdef HAVE_OPENSSL_SSL_H
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
+#include <openssl/rand.h>
 #endif
 #ifdef HAVE_OPENSSL_ERR_H
 #include <openssl/err.h>
@@ -1106,17 +1108,18 @@ int listen_sslctx_setup_ticket_keys(void* sslctx, struct config_strlist* tls_ses
 		s++;
 	}
 	keys = calloc(s, sizeof(struct tls_session_ticket_key));
-	memset(keys, 0, sizeof(keys));
+	memset(keys, 0, sizeof(*keys));
 	ticket_keys = keys;
 
 	for(p = tls_session_ticket_keys; p; p = p->next) {
+		int n;
 		unsigned char *data = (unsigned char *)malloc(80);
 		FILE *f = fopen(p->str, "r");
 		if(!f) {
 			log_err("could not read tls-session-ticket-key  %s: %s", p->str, strerror(errno));
 			return 0;
 		}
-		int n = fread(data, 1, 80, f);
+		n = fread(data, 1, 80, f);
 		fclose(f);
 
 		if(n != 80) {
@@ -1132,7 +1135,7 @@ int listen_sslctx_setup_ticket_keys(void* sslctx, struct config_strlist* tls_ses
 	}
 	keys->key_name = NULL;
     if(SSL_CTX_set_tlsext_ticket_key_cb(sslctx, tls_session_ticket_key_cb) == 0) {
-		log_err("not support TLS session ticket");
+		log_err("no support for TLS session ticket");
 		return 0;
     }
     return 1;
@@ -1142,7 +1145,7 @@ int listen_sslctx_setup_ticket_keys(void* sslctx, struct config_strlist* tls_ses
 
 }
 
-int tls_session_ticket_key_cb(void *sslctx, unsigned char* key_name,unsigned char* iv, void *evp_sctx, void *hmac_ctx, int enc)
+int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name,unsigned char* iv, void *evp_sctx, void *hmac_ctx, int enc)
 {
 #ifdef HAVE_SSL
     const EVP_MD                  *digest;
@@ -1152,7 +1155,7 @@ int tls_session_ticket_key_cb(void *sslctx, unsigned char* key_name,unsigned cha
 	cipher = EVP_aes_256_cbc();
 	evp_chiper_length = EVP_CIPHER_iv_length(cipher);
 	if( enc == 1 ) {
-		// encrypt
+		/* encrypt */
 		verbose(VERB_CLIENT, "start session encrypt");
 		memcpy(key_name, ticket_keys->key_name, 16);
 		if (RAND_bytes(iv, evp_chiper_length) != 1) {
@@ -1169,9 +1172,9 @@ int tls_session_ticket_key_cb(void *sslctx, unsigned char* key_name,unsigned cha
         }
         return 1;
     } else if (enc == 0) {
-		//decrypt
-		verbose(VERB_CLIENT, "start session decrypt");
+		/* decrypt */
 		struct tls_session_ticket_key *key;
+		verbose(VERB_CLIENT, "start session decrypt");
 		for(key = ticket_keys; key->key_name != NULL; key++) {
         	if (!memcmp(key_name, key->key_name, 16)) {
 				verbose(VERB_CLIENT, "Found session_key");
@@ -1199,4 +1202,4 @@ int tls_session_ticket_key_cb(void *sslctx, unsigned char* key_name,unsigned cha
 	return 0;
 #endif
 
-}
+}

util/net_help.h

@@ -42,9 +42,9 @@
 #ifndef NET_HELP_H
 #define NET_HELP_H
 #include "util/log.h"
-#include "util/config_file.h"
 struct sock_list;
 struct regional;
+struct config_strlist;
 
 /** DNS constants for uint16_t style flag manipulation. host byteorder. 
  *                                1  1  1  1  1  1