minor fixes and making compiler a bit happier

Signed-off-by: Michael Krelin <hacker@klever.net>

9 files changed, 44 insertions, 46 deletions

diff --git a/lib/basic_op.cc b/lib/basic_op.cc
index 18446dc..2d82147 100644
--- a/lib/basic_op.cc
+++ b/lib/basic_op.cc
@@ -63,15 +63,12 @@ namespace opkele {
             const basic_openid_message& inm) try {
         assert(inm.get_field("mode")=="associate");
         util::dh_t dh;
         util::bignum_t c_pub;
         unsigned char key_digest[SHA256_DIGEST_LENGTH];
         size_t d_len = 0;
-        enum {
-            sess_cleartext, sess_dh_sha1, sess_dh_sha256
-        } st = sess_cleartext;
         string sts = inm.get_field("session_type");
         string ats = inm.get_field("assoc_type");
         if(sts=="DH-SHA1" || sts=="DH-SHA256") {
             if(!(dh = DH_new()))
                 throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
             c_pub = util::base64_to_bignum(inm.get_field("dh_consumer_public"));
@@ -95,25 +92,25 @@ namespace opkele {
             }else if(sts=="DH-SHA256") {
                 SHA256(ckptr,cklen,key_digest); d_len = SHA256_DIGEST_LENGTH;
             }else
                 throw internal_error(OPKELE_CP_ "I thought I knew the session type");
         }else
             throw unsupported(OPKELE_CP_ "Unsupported session_type");
-        assoc_t assoc;
+        assoc_t a;
         if(ats=="HMAC-SHA1")
-            assoc = alloc_assoc(ats,SHA_DIGEST_LENGTH,true);
+            a = alloc_assoc(ats,SHA_DIGEST_LENGTH,true);
         else if(ats=="HMAC-SHA256")
-            assoc = alloc_assoc(ats,SHA256_DIGEST_LENGTH,true);
+            a = alloc_assoc(ats,SHA256_DIGEST_LENGTH,true);
         else
             throw unsupported(OPKELE_CP_ "Unsupported assoc_type");
         oum.reset_fields();
         oum.set_field("ns",OIURI_OPENID20);
-        oum.set_field("assoc_type",assoc->assoc_type());
-        oum.set_field("assoc_handle",assoc->handle());
+        oum.set_field("assoc_type",a->assoc_type());
+        oum.set_field("assoc_handle",a->handle());
         oum.set_field("expires_in",util::long_to_string(assoc->expires_in()));
-        secret_t secret = assoc->secret();
+        secret_t secret = a->secret();
         if(sts=="DH-SHA1" || sts=="DH-SHA256") {
             if(d_len != secret.size())
                 throw bad_input(OPKELE_CP_ "Association secret and session MAC are not of the same size");
             oum.set_field("session_type",sts);
             oum.set_field("dh_server_public",util::bignum_to_base64(dh->pub_key));
             string b64; secret.enxor_to_base64(key_digest,b64);
@@ -131,16 +128,16 @@ namespace opkele {
         return oum;
     }
 
     void basic_OP::checkid_(const basic_openid_message& inm,
             extension_t *ext) {
         reset_vars();
-        string mode = inm.get_field("mode");
-        if(mode=="checkid_setup")
+        string modestr = inm.get_field("mode");
+        if(modestr=="checkid_setup")
             mode = mode_checkid_setup;
-        else if(mode=="checkid_immediate")
+        else if(modestr=="checkid_immediate")
             mode = mode_checkid_immediate;
         else
             throw bad_input(OPKELE_CP_ "Invalid checkid_* mode");
         try {
             assoc = retrieve_assoc(invalidate_handle=inm.get_field("assoc_handle"));
             invalidate_handle.clear();
@@ -235,20 +232,20 @@ namespace opkele {
         om.set_field("ns",OIURI_OPENID20);
         om.set_field("mode","cancel");
         return om;
     }
 
     basic_openid_message& basic_OP::error(basic_openid_message& om,
-            const string& error,const string& contact,
+            const string& err,const string& contact,
             const string& reference ) {
         assert(!return_to.empty());
         om.set_field("ns",OIURI_OPENID20);
         om.set_field("mode","error");
-        om.set_field("error",error);
-        om.set_field("contact",contact);
-        om.set_field("reference",reference);
+        om.set_field("error",err);
+        if(!contact.empty()) om.set_field("contact",contact);
+        if(!reference.empty()) om.set_field("reference",reference);
         return om;
     }
 
     basic_openid_message& basic_OP::setup_needed(
             basic_openid_message& oum,const basic_openid_message& inm) {
         assert(mode==mode_checkid_immediate);
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index bd45d99..a0ad130 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -1,6 +1,7 @@
+#include <cassert>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <opkele/basic_rp.h>
 #include <opkele/exception.h>
 #include <opkele/uris.h>
 #include <opkele/data.h>
@@ -22,13 +23,14 @@ namespace opkele {
         unsigned char *ckptr = &(ck.front())+1;
         int cklen = DH_compute_key(ckptr,s_pub,dh);
         if(cklen<0)
             throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
         if(cklen && (*ckptr)&0x80) {
             (*(--ckptr))=0; ++cklen; }
-        unsigned char key_digest[d_len];
+        assert(d_len<=SHA256_DIGEST_LENGTH);
+        unsigned char key_digest[SHA256_DIGEST_LENGTH];
         secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key"));
         if(secret.size()!=exp_s_len)
             throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type");
     }catch(opkele::failed_lookup& ofl) {
         throw bad_input(OPKELE_CP_ "Incoherent response from OP");
     } OPKELE_RETHROW
@@ -75,22 +77,22 @@ namespace opkele {
         try {
             direct_request(res,req,OP);
             dh_get_secret( secret, res,
                     "HMAC-SHA256", "DH-SHA256",
                     dh, SHA256_DIGEST_LENGTH, SHA256, SHA256_DIGEST_LENGTH );
             expires_in = util::string_to_long(res.get_field("expires_in"));
-        }catch(exception& e) {
+        }catch(exception&) {
             try {
                 req.set_field("assoc_type","HMAC-SHA1");
                 req.set_field("session_type","DH-SHA1");
                 direct_request(res,req,OP);
                 dh_get_secret( secret, res,
                         "HMAC-SHA1", "DH-SHA1",
                         dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH );
                 expires_in = util::string_to_long(res.get_field("expires_in"));
-            }catch(bad_input& e) {
+            }catch(bad_input&) {
                 throw dumb_RP(OPKELE_CP_ "OP failed to supply an association");
             }
         }
         return store_assoc(
                 OP, res.get_field("assoc_handle"),
                 res.get_field("assoc_type"), secret,
@@ -231,13 +233,13 @@ namespace opkele {
         if(o2) {
             check_nonce(om.get_field("op_endpoint"),
                     om.get_field("response_nonce"));
             static const char *mustsign[] = {
                 "op_endpoint", "return_to", "response_nonce", "assoc_handle",
                 "claimed_id", "identity" };
-            for(int ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) {
+            for(size_t ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) {
                 if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms]))
                     throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs");
             }
             if( (
                     (om.has_field("claimed_id")?1:0)
                     ^
diff --git a/lib/discovery.cc b/lib/discovery.cc
index 6f58339..6f9926c 100644
--- a/lib/discovery.cc
+++ b/lib/discovery.cc
@@ -327,13 +327,13 @@ namespace opkele {
                 const char *colon = (const char*)memchr(p,':',bytes);
                 const char *space = (const char*)memchr(p,' ',bytes);
                 if(space && ( (!colon) || space<colon ) ) {
                     xrds_location.clear(); http_content_type.clear();
                 }else if(colon) {
                     const char *hv = ++colon;
-                    int hnl = colon-h;
+                    size_t hnl = colon-h;
                     int rb;
                     for(rb = bytes-hnl-1;rb>0 && isspace(*hv);++hv,--rb);
                     while(rb>0 && isspace(hv[rb-1])) --rb;
                     if(rb) {
                         if( (hnl>=sizeof(XRDS_HEADER))
                                 && !strncasecmp(h,XRDS_HEADER":",
diff --git a/lib/expat.cc b/lib/expat.cc
index fa6fdde..c4dab7e 100644
--- a/lib/expat.cc
+++ b/lib/expat.cc
@@ -10,12 +10,13 @@ namespace opkele {
         }
 
         expat_t& expat_t::operator=(XML_Parser x) {
             if(_x)
                 XML_ParserFree(_x);
             _x = x;
+            return *this;
         }
 
         static void _start_element(void* ud,const XML_Char *n,const XML_Char **a) {
             ((expat_t*)ud)->start_element(n,a);
         }
         static void _end_element(void *ud,const XML_Char *n) {
diff --git a/lib/extension.cc b/lib/extension.cc
index f7aaea5..0f121ca 100644
--- a/lib/extension.cc
+++ b/lib/extension.cc
@@ -8,13 +8,13 @@ namespace opkele {
     void extension_t::rp_id_res_hook(const basic_openid_message&,
             const basic_openid_message&) {
         throw not_implemented(OPKELE_CP_ "RP id_res hook not implemented"); }
 
     void extension_t::op_checkid_hook(const basic_openid_message&) {
         throw not_implemented(OPKELE_CP_ "OP checkid_* hook not implemented"); }
-    void extension_t::op_id_res_hook(basic_openid_message& om) {
+    void extension_t::op_id_res_hook(basic_openid_message&) {
         throw not_implemented(OPKELE_CP_ "OP id_res hook not implemented"); }
 
 
     void extension_t::checkid_hook(basic_openid_message&) {
         throw not_implemented(OPKELE_CP_ "deprecated consumer checkid_* hook not implemented"); }
     void extension_t::id_res_hook(const basic_openid_message&,
diff --git a/lib/openid_message.cc b/lib/openid_message.cc
index fdb4b04..521ea85 100644
--- a/lib/openid_message.cc
+++ b/lib/openid_message.cc
@@ -12,14 +12,14 @@ namespace opkele {
 
     struct __om_copier : public unary_function<const string&,void> {
         public:
             const basic_openid_message& from;
             basic_openid_message& to;
 
-            __om_copier(basic_openid_message& to,const basic_openid_message& from)
-                : from(from), to(to) {
+            __om_copier(basic_openid_message& t,const basic_openid_message& f)
+                : from(f), to(t) {
                     to.reset_fields();
                 }
 
             result_type operator()(argument_type f) {
                 to.set_field(f,from.get_field(f)); }
     };
@@ -34,14 +34,14 @@ namespace opkele {
 
     struct __om_ns_finder : public unary_function<const string&,bool> {
         public:
             const basic_openid_message& om;
             const string& uri;
 
-            __om_ns_finder(const basic_openid_message& om,
-                    const string& uri) : om(om), uri(uri) { }
+            __om_ns_finder(const basic_openid_message& m,
+                    const string& u) : om(m), uri(u) { }
 
             result_type operator()(argument_type f) {
                 return
                     (!strncmp(f.c_str(),"ns.",sizeof("ns.")-1))
                         && om.get_field(f)==uri ;
             }
@@ -62,22 +62,22 @@ namespace opkele {
         return i->substr(3);
     }
 
     struct __om_query_builder : public unary_function<const string&,void> {
         public:
             const basic_openid_message& om;
-            string& rv;
             bool first;
+            string& rv;
 
-            __om_query_builder(string& rv,const basic_openid_message& om)
-                : om(om), first(true), rv(rv) {
+            __om_query_builder(string& r,const basic_openid_message& m)
+                : om(m), first(true), rv(r) {
                     for_each(om.fields_begin(),om.fields_end(),*this);
                 }
-            __om_query_builder(string& rv,const basic_openid_message& om,const string& url)
-                : om(om), first(true), rv(rv) {
-                    rv = url;
+            __om_query_builder(string& r,const basic_openid_message& m,const string& u)
+                : om(m), first(true), rv(r) {
+                    rv = u;
                     if(rv.find('?')==string::npos)
                         rv += '?';
                     else
                         first = false;
                     for_each(om.fields_begin(),om.fields_end(),*this);
                 }
@@ -102,16 +102,16 @@ namespace opkele {
         return __om_query_builder(rv,*this).rv;
     }
 
     void basic_openid_message::reset_fields() {
         throw not_implemented(OPKELE_CP_ "reset_fields() not implemented");
     }
-    void basic_openid_message::set_field(const string& n,const string& v) {
+    void basic_openid_message::set_field(const string&,const string&) {
         throw not_implemented(OPKELE_CP_ "set_field() not implemented");
     }
-    void basic_openid_message::reset_field(const string& n) {
+    void basic_openid_message::reset_field(const string&) {
         throw not_implemented(OPKELE_CP_ "reset_field() not implemented");
     }
 
     void basic_openid_message::from_keyvalues(const string& kv) {
         reset_fields();
         string::size_type p = 0;
@@ -144,14 +144,14 @@ namespace opkele {
 
     struct __om_kv_outputter : public unary_function<const string&,void> {
         public:
             const basic_openid_message& om;
             ostream& os;
 
-            __om_kv_outputter(const basic_openid_message& om,ostream& os)
-                : om(om), os(os) { }
+            __om_kv_outputter(const basic_openid_message& m,ostream& s)
+                : om(m), os(s) { }
 
             result_type operator()(argument_type f) {
                 os << f << ':' << om.get_field(f) << '\n';
             }
     };
 
@@ -161,14 +161,14 @@ namespace opkele {
 
     struct __om_html_outputter : public unary_function<const string&,void> {
         public:
             const basic_openid_message& om;
             ostream& os;
 
-            __om_html_outputter(const basic_openid_message& om,ostream& os)
-                : om(om), os(os) { }
+            __om_html_outputter(const basic_openid_message& m,ostream& s)
+                : om(m), os(s) { }
 
             result_type operator()(argument_type f) {
                 os <<
                     "<input type=\"hidden\""
                     " name=\"" << util::attr_escape(f) << "\""
                     " value=\"" << util::attr_escape(om.get_field(f)) << "\" />";
diff --git a/lib/prequeue_rp.cc b/lib/prequeue_rp.cc
index e242f87..3aa960f 100644
--- a/lib/prequeue_rp.cc
+++ b/lib/prequeue_rp.cc
@@ -52,13 +52,13 @@ namespace opkele {
     }
 
     class endpoint_queuer : public iterator<output_iterator_tag,openid_endpoint_t,void> {
         public:
             prequeue_RP& rp;
 
-            endpoint_queuer(prequeue_RP& rp) : rp(rp) { }
+            endpoint_queuer(prequeue_RP& r) : rp(r) { }
 
             endpoint_queuer& operator*() { return *this; }
             endpoint_queuer& operator=(const openid_endpoint_t& oep) {
                 rp.queue_endpoint(oep); return *this; }
 
             endpoint_queuer& operator++() { return *this; }
@@ -68,13 +68,13 @@ namespace opkele {
     void prequeue_RP::initiate(const string& usi) {
         begin_queueing();
         set_normalized_id( idiscover(endpoint_queuer(*this),usi) );
         end_queueing();
     }
 
-    void prequeue_RP::set_normalized_id(const string& nid) {
+    void prequeue_RP::set_normalized_id(const string&) {
     }
 
     const string prequeue_RP::get_normalized_id() const {
         throw not_implemented(OPKELE_CP_ "get_normalized_id() is not implemented");
     }
 
diff --git a/lib/sreg.cc b/lib/sreg.cc
index b40cd45..0bd4d2e 100644
--- a/lib/sreg.cc
+++ b/lib/sreg.cc
@@ -52,18 +52,16 @@ namespace opkele {
     void sreg_t::rp_id_res_hook(const basic_openid_message& om,
             const basic_openid_message& sp) {
         clear();
         string pfx;
         try {
             pfx = om.find_ns(OIURI_SREG11,"sreg");
-        }catch(failed_lookup& fl) {
+        }catch(failed_lookup&) {
             try {
                 pfx = om.find_ns(OIURI_SREG10,"sreg");
-            }catch(failed_lookup& fl) {
-                return;
-            }
+            }catch(failed_lookup&) { return; }
         }
         pfx += '.';
         for(fields_iterator f=fields_BEGIN;f<fields_END;++f) {
             string fn = pfx; fn+=f->fieldname;
             if(!sp.has_field(fn)) continue;
             has_fields |= f->fieldbit;
diff --git a/lib/verify_op.cc b/lib/verify_op.cc
index ab21b4f..c493c12 100644
--- a/lib/verify_op.cc
+++ b/lib/verify_op.cc
@@ -12,27 +12,27 @@ namespace opkele {
             __RP_verifier_good_input(OPKELE_E_PARS)
                 : exception(OPKELE_E_CONS) { }
     };
 
     class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> {
         public:
-            int seen;
             const string& return_to;
+            int seen;
 
             RP_verifier(const string& rt)
                 : return_to(rt), seen(0) { }
 
             RP_verifier& operator*() { return *this; }
             RP_verifier& operator=(const openid_endpoint_t& oep) {
                 if(util::uri_matches_realm(return_to,oep.uri))
                     throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm");
                 return *this;
             }
 
             RP_verifier& operator++() { ++seen; return *this; }
-            RP_verifier& operator++(int) { +seen; return *this; }
+            RP_verifier& operator++(int) { ++seen; return *this; }
     };
 
     void verify_OP::verify_return_to() {
         basic_OP::verify_return_to();
         try {
             RP_verifier rpv(return_to);