From 5fa5cb382560316a55f0954f1e8cebdbd6568cfb Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Fri, 13 Feb 2026 17:05:36 +0100 Subject: [PATCH] build: fix `-Wunused-macros` warnings, and related tidy-ups - fix internal macro `AN_APPLE_OS` reused between sources without resetting it. It may potentially have left the system sha256 function unused. - fix to define `WOLFSSL_OPTIONS_IGNORE_SYS` so that it always applies to wolfSSL headers, also during feature detection. - md4, md5, sha256: simplify fallback logic. - delete 20+ unused macros. - scope or move macros to avoid `-Wunused-macros` warnings. - examples: delete unused code. The warning detects macros defined but not used within the same C source. It does not warn for macros defined in headers. It also works with unity builds, but to a lesser extent. Closes #20593 --- CMakeLists.txt | 3 ++ docs/examples/log_failed_transfers.c | 2 - docs/examples/synctime.c | 22 +++-------- lib/asyn-ares.c | 7 +--- lib/cf-socket.c | 4 ++ lib/curl_ntlm_core.c | 6 +-- lib/ftp.c | 4 +- lib/http.c | 3 -- lib/http2.c | 4 -- lib/md4.c | 41 ++++++++------------ lib/md5.c | 58 +++++++++++----------------- lib/parsedate.c | 16 ++++---- lib/progress.c | 3 -- lib/setopt.c | 2 + lib/sha256.c | 33 ++++++---------- lib/url.c | 6 +-- lib/vauth/ntlm.c | 16 ++++++-- lib/vquic/curl_ngtcp2.c | 4 -- lib/vquic/curl_quiche.c | 8 +--- lib/vquic/vquic.c | 2 + lib/vquic/vquic_int.h | 1 - lib/vtls/openssl.c | 7 ++-- lib/vtls/wolfssl.c | 1 - lib/vtls/x509asn1.c | 2 +- lib/ws.c | 2 + m4/curl-wolfssl.m4 | 1 + src/tool_doswin.c | 6 +-- src/var.c | 2 - 28 files changed, 105 insertions(+), 161 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 40dc7dc439..60e0e40a5c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -879,6 +879,8 @@ if(CURL_USE_WOLFSSL) set(_valid_default_ssl_backend TRUE) endif() set(_curl_ca_bundle_supported TRUE) + + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS "WOLFSSL_OPTIONS_IGNORE_SYS") endif() if(CURL_USE_GNUTLS) @@ -979,6 +981,7 @@ macro(curl_openssl_check_exists) endif() if(USE_WOLFSSL) list(APPEND CMAKE_REQUIRED_LIBRARIES CURL::wolfssl) + list(APPEND CMAKE_REQUIRED_DEFINITIONS "-DWOLFSSL_OPTIONS_IGNORE_SYS") if(HAVE_LIBZ) list(APPEND CMAKE_REQUIRED_LIBRARIES ZLIB::ZLIB) # Public wolfSSL headers also require zlib headers endif() diff --git a/docs/examples/log_failed_transfers.c b/docs/examples/log_failed_transfers.c index 3d9bfb0ad8..fb6dea6aca 100644 --- a/docs/examples/log_failed_transfers.c +++ b/docs/examples/log_failed_transfers.c @@ -47,8 +47,6 @@ #ifdef _WIN32 #include -#define strcasecmp _stricmp -#define strncasecmp _strnicmp #define unlink _unlink #else #include diff --git a/docs/examples/synctime.c b/docs/examples/synctime.c index 730e01641f..b9fc30c06c 100644 --- a/docs/examples/synctime.c +++ b/docs/examples/synctime.c @@ -108,9 +108,6 @@ static const char *MthStr[] = { }; #endif -#define HTTP_COMMAND_HEAD 0 -#define HTTP_COMMAND_GET 1 - static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *stream) { fwrite(ptr, size, nmemb, stream); @@ -185,24 +182,15 @@ static void SyncTime_CURL_Init(CURL *curl, const char *proxy_port, curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, SyncTime_CURL_WriteHeader); } -static CURLcode SyncTime_CURL_Fetch(CURL *curl, const char *URL_Str, - const char *OutFileName, int HttpGetBody) +static CURLcode SyncTime_CURL_FetchHead(CURL *curl, const char *URL_Str) { - FILE *outfile; CURLcode result; - outfile = NULL; - if(HttpGetBody == HTTP_COMMAND_HEAD) - curl_easy_setopt(curl, CURLOPT_NOBODY, 1L); - else { - outfile = fopen(OutFileName, "wb"); - curl_easy_setopt(curl, CURLOPT_WRITEDATA, outfile); - } - + curl_easy_setopt(curl, CURLOPT_NOBODY, 1L); curl_easy_setopt(curl, CURLOPT_URL, URL_Str); + result = curl_easy_perform(curl); - if(outfile) - fclose(outfile); + return result; /* CURLE_OK */ } @@ -320,7 +308,7 @@ int main(int argc, const char *argv[]) fprintf(stderr, "Before HTTP. Date: %s%s\n\n", timeBuf, tzoneBuf); /* HTTP HEAD command to the Webserver */ - SyncTime_CURL_Fetch(curl, conf.timeserver, "index.htm", HTTP_COMMAND_HEAD); + SyncTime_CURL_FetchHead(curl, conf.timeserver); #if defined(_WIN32) && !defined(CURL_WINDOWS_UWP) GetLocalTime(&LOCALTime); diff --git a/lib/asyn-ares.c b/lib/asyn-ares.c index 8b72214cad..755550f73d 100644 --- a/lib/asyn-ares.c +++ b/lib/asyn-ares.c @@ -63,11 +63,6 @@ #include /* really old c-ares did not include this by itself */ -#if ARES_VERSION >= 0x010601 -/* IPv6 supported since 1.6.1 */ -#define HAVE_CARES_IPV6 1 -#endif - #if ARES_VERSION >= 0x010704 #define HAVE_CARES_SERVERS_CSV 1 #define HAVE_CARES_LOCAL_DEV 1 @@ -783,7 +778,7 @@ CURLcode Curl_async_getaddrinfo(struct Curl_easy *data, const char *hostname, } #else -#ifdef HAVE_CARES_IPV6 +#if ARES_VERSION >= 0x010601 /* IPv6 supported since 1.6.1 */ if((ip_version != CURL_IPRESOLVE_V4) && Curl_ipv6works(data)) { /* The stack seems to be IPv6-enabled */ /* areschannel is already setup in the Curl_open() function */ diff --git a/lib/cf-socket.c b/lib/cf-socket.c index 5ca1fed99c..aa8d8a7ca8 100644 --- a/lib/cf-socket.c +++ b/lib/cf-socket.c @@ -96,6 +96,9 @@ static void tcpnodelay(struct Curl_cfilter *cf, #endif } +#if defined(USE_WINSOCK) || defined(TCP_KEEPIDLE) || \ + defined(TCP_KEEPALIVE) || defined(TCP_KEEPALIVE_THRESHOLD) || \ + defined(TCP_KEEPINTVL) || defined(TCP_KEEPALIVE_ABORT_THRESHOLD) #if defined(USE_WINSOCK) || \ (defined(__sun) && !defined(TCP_KEEPIDLE)) || \ (defined(__DragonFly__) && __DragonFly_version < 500702) || \ @@ -106,6 +109,7 @@ static void tcpnodelay(struct Curl_cfilter *cf, #else #define KEEPALIVE_FACTOR(x) #endif +#endif static void tcpkeepalive(struct Curl_cfilter *cf, struct Curl_easy *data, diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index 054d59c58f..2603951f23 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -92,7 +92,6 @@ # define DESKEY(x) &x # endif #endif -#define DESKEYARG(x) *x #elif defined(USE_GNUTLS) @@ -179,8 +178,7 @@ static void extend_key_56_to_64(const unsigned char *key_56, char *key) * Turns a 56-bit key into a 64-bit, odd parity key and sets the key. The * key schedule ks is also set. */ -static void setup_des_key(const unsigned char *key_56, - DES_key_schedule DESKEYARG(ks)) +static void setup_des_key(const unsigned char *key_56, DES_key_schedule *ks) { DES_cblock key; @@ -304,7 +302,7 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out, return TRUE; } -#endif /* USE_WIN32_CRYPTO */ +#endif /* crypto backends */ /* * takes a 21 byte array and treats it as 3 56-bit DES keys. The diff --git a/lib/ftp.c b/lib/ftp.c index 809d7fa4ba..310e03ec87 100644 --- a/lib/ftp.c +++ b/lib/ftp.c @@ -83,9 +83,7 @@ /* macro to check for the last line in an FTP server response */ #define LASTLINE(line) (STATUSCODE(line) && (' ' == line[3])) -#ifndef CURLVERBOSE -#define FTP_CSTATE(c) ((void)(c), "") -#else +#ifdef CURLVERBOSE /* for tracing purposes */ static const char * const ftp_state_names[] = { "STOP", diff --git a/lib/http.c b/lib/http.c index 7403bed5ad..d5d69a83dc 100644 --- a/lib/http.c +++ b/lib/http.c @@ -164,9 +164,6 @@ char *Curl_checkProxyheaders(struct Curl_easy *data, return NULL; } -#else -/* disabled */ -#define Curl_checkProxyheaders(x, y, z, a) NULL #endif static bool http_header_is_empty(const char *header) diff --git a/lib/http2.c b/lib/http2.c index 45f82192b0..b0717f9ff6 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -51,10 +51,6 @@ #error too old nghttp2 version, upgrade! #endif -#ifndef CURLVERBOSE -#define nghttp2_session_callbacks_set_error_callback(x, y) -#endif - #if (NGHTTP2_VERSION_NUM >= 0x010c00) #define NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE 1 #endif diff --git a/lib/md4.c b/lib/md4.c index d78f842823..55e9b01416 100644 --- a/lib/md4.c +++ b/lib/md4.c @@ -40,34 +40,13 @@ #ifdef USE_WOLFSSL #include -#define VOID_MD4_INIT -#ifdef NO_MD4 -#define WOLFSSL_NO_MD4 -#endif #endif /* When OpenSSL or wolfSSL is available, we use their MD4 functions. */ -#if defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4) -#include -#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4) -#include -#elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \ - (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040) && \ - defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && \ - (__MAC_OS_X_VERSION_MIN_REQUIRED < 101500)) || \ - (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \ - (__IPHONE_OS_VERSION_MAX_ALLOWED >= 20000) && \ - defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && \ - (__IPHONE_OS_VERSION_MIN_REQUIRED < 130000)) -#define AN_APPLE_OS -#include -#elif defined(USE_WIN32_CRYPTO) -#include -#elif defined(USE_GNUTLS) -#include -#endif -#if defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4) +#if defined(USE_WOLFSSL) && !defined(NO_MD4) +#include +#define VOID_MD4_INIT #ifdef OPENSSL_COEXIST # define MD4_CTX WOLFSSL_MD4_CTX @@ -77,8 +56,18 @@ #endif #elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4) +#include + +#elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \ + (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040) && \ + defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && \ + (__MAC_OS_X_VERSION_MIN_REQUIRED < 101500)) || \ + (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \ + (__IPHONE_OS_VERSION_MAX_ALLOWED >= 20000) && \ + defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && \ + (__IPHONE_OS_VERSION_MIN_REQUIRED < 130000)) +#include -#elif defined(AN_APPLE_OS) typedef CC_MD4_CTX MD4_CTX; static int MD4_Init(MD4_CTX *ctx) @@ -97,6 +86,7 @@ static void MD4_Final(unsigned char *digest, MD4_CTX *ctx) } #elif defined(USE_WIN32_CRYPTO) +#include struct md4_ctx { HCRYPTPROV hCryptProv; @@ -143,6 +133,7 @@ static void MD4_Final(unsigned char *digest, MD4_CTX *ctx) } #elif defined(USE_GNUTLS) +#include typedef struct md4_ctx MD4_CTX; diff --git a/lib/md5.c b/lib/md5.c index e5a4f534c7..464088b1b1 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -31,16 +31,10 @@ #ifdef USE_OPENSSL #include -#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0) -#define USE_OPENSSL_MD5 -#endif #endif #ifdef USE_WOLFSSL #include -#ifndef NO_MD5 -#define USE_WOLFSSL_MD5 -#endif #endif #ifdef USE_MBEDTLS @@ -49,34 +43,10 @@ #error "mbedTLS 3.2.0 or later required" #endif #include -#if defined(PSA_WANT_ALG_MD5) && PSA_WANT_ALG_MD5 /* mbedTLS 4+ */ -#define USE_MBEDTLS_MD5 -#endif #endif #ifdef USE_GNUTLS #include -#elif defined(USE_OPENSSL_MD5) -#include -#elif defined(USE_WOLFSSL_MD5) -#include -#elif defined(USE_MBEDTLS_MD5) -#include -#elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \ - (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040) && \ - defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && \ - (__MAC_OS_X_VERSION_MIN_REQUIRED < 101500)) || \ - (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \ - (__IPHONE_OS_VERSION_MAX_ALLOWED >= 20000) && \ - defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && \ - (__IPHONE_OS_VERSION_MIN_REQUIRED < 130000)) -#define AN_APPLE_OS -#include -#elif defined(USE_WIN32_CRYPTO) -#include -#endif - -#ifdef USE_GNUTLS typedef struct md5_ctx my_md5_ctx; @@ -97,8 +67,14 @@ static void my_md5_final(unsigned char *digest, void *ctx) md5_digest(ctx, 16, digest); } -#elif defined(USE_OPENSSL_MD5) || \ - (defined(USE_WOLFSSL_MD5) && !defined(OPENSSL_COEXIST)) +#elif (defined(USE_OPENSSL) && \ + !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0)) || \ + (defined(USE_WOLFSSL) && !defined(NO_MD5) && !defined(OPENSSL_COEXIST)) +#ifdef USE_OPENSSL +#include +#else +#include +#endif typedef MD5_CTX my_md5_ctx; @@ -121,7 +97,8 @@ static void my_md5_final(unsigned char *digest, void *ctx) (void)MD5_Final(digest, ctx); } -#elif defined(USE_WOLFSSL_MD5) +#elif defined(USE_WOLFSSL) && !defined(NO_MD5) +#include typedef WOLFSSL_MD5_CTX my_md5_ctx; @@ -144,7 +121,9 @@ static void my_md5_final(unsigned char *digest, void *ctx) (void)wolfSSL_MD5_Final(digest, ctx); } -#elif defined(USE_MBEDTLS_MD5) +#elif defined(USE_MBEDTLS) && \ + defined(PSA_WANT_ALG_MD5) && PSA_WANT_ALG_MD5 /* mbedTLS 4+ */ +#include typedef psa_hash_operation_t my_md5_ctx; @@ -168,7 +147,15 @@ static void my_md5_final(unsigned char *digest, void *ctx) (void)psa_hash_finish(ctx, digest, 16, &actual_length); } -#elif defined(AN_APPLE_OS) +#elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \ + (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040) && \ + defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && \ + (__MAC_OS_X_VERSION_MIN_REQUIRED < 101500)) || \ + (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \ + (__IPHONE_OS_VERSION_MAX_ALLOWED >= 20000) && \ + defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && \ + (__IPHONE_OS_VERSION_MIN_REQUIRED < 130000)) +#include /* For Apple operating systems: CommonCrypto has the functions we need. These functions are available on Tiger and later, as well as iOS 2.0 @@ -198,6 +185,7 @@ static void my_md5_final(unsigned char *digest, void *ctx) } #elif defined(USE_WIN32_CRYPTO) +#include struct md5_ctx { HCRYPTPROV hCryptProv; diff --git a/lib/parsedate.c b/lib/parsedate.c index 9a3060bd50..29b0932d7c 100644 --- a/lib/parsedate.c +++ b/lib/parsedate.c @@ -80,13 +80,6 @@ */ -#define PARSEDATE_OK 0 -#define PARSEDATE_FAIL -1 -#define PARSEDATE_LATER 1 -#if defined(HAVE_TIME_T_UNSIGNED) || (SIZEOF_TIME_T < 5) -#define PARSEDATE_SOONER 2 -#endif - #if !defined(CURL_DISABLE_PARSEDATE) || !defined(CURL_DISABLE_FTP) || \ !defined(CURL_DISABLE_FILE) || defined(USE_GNUTLS) /* These names are also used by FTP and FILE code */ @@ -99,7 +92,16 @@ const char * const Curl_month[] = { }; #endif +#define PARSEDATE_OK 0 +#define PARSEDATE_FAIL -1 + #ifndef CURL_DISABLE_PARSEDATE + +#define PARSEDATE_LATER 1 +#if defined(HAVE_TIME_T_UNSIGNED) || (SIZEOF_TIME_T < 5) +#define PARSEDATE_SOONER 2 +#endif + static const char * const weekday[] = { "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday" }; diff --git a/lib/progress.c b/lib/progress.c index 7daa4b4b3e..6cde5678be 100644 --- a/lib/progress.c +++ b/lib/progress.c @@ -30,9 +30,6 @@ #include "transfer.h" #include "curlx/strcopy.h" -/* check rate limits within this many recent milliseconds, at minimum. */ -#define MIN_RATE_LIMIT_PERIOD 3000 - #ifndef CURL_DISABLE_PROGRESS_METER /* Provide a string that is 7 letters long (plus the zero byte). diff --git a/lib/setopt.c b/lib/setopt.c index 1bb75131ef..781151512c 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -188,8 +188,10 @@ static CURLcode setstropt_interface(char *option, char **devp, return CURLE_OK; } +#ifdef USE_SSL #define C_SSLVERSION_VALUE(x) (x & 0xffff) #define C_SSLVERSION_MAX_VALUE(x) ((unsigned long)x & 0xffff0000) +#endif static CURLcode protocol2num(const char *str, curl_prot_t *val) { diff --git a/lib/sha256.c b/lib/sha256.c index c042c1bb0c..8e581fec78 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -35,25 +35,6 @@ #error "mbedTLS 3.2.0 or later required" #endif #include -#if defined(PSA_WANT_ALG_SHA_256) && PSA_WANT_ALG_SHA_256 /* mbedTLS 4+ */ -#define USE_MBEDTLS_SHA256 -#endif -#endif - -#ifdef USE_OPENSSL -#include -#elif defined(USE_GNUTLS) -#include -#elif defined(USE_MBEDTLS_SHA256) -#include -#elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \ - (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040)) || \ - (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \ - (__IPHONE_OS_VERSION_MAX_ALLOWED >= 20000)) -#include -#define AN_APPLE_OS -#elif defined(USE_WIN32_CRYPTO) -#include #endif /* Please keep the SSL backend-specific #if branches in this order: @@ -69,6 +50,7 @@ */ #ifdef USE_OPENSSL +#include struct ossl_sha256_ctx { EVP_MD_CTX *openssl_ctx; @@ -105,6 +87,7 @@ static void my_sha256_final(unsigned char *digest, void *in) } #elif defined(USE_GNUTLS) +#include typedef struct sha256_ctx my_sha256_ctx; @@ -126,7 +109,9 @@ static void my_sha256_final(unsigned char *digest, void *ctx) sha256_digest(ctx, SHA256_DIGEST_SIZE, digest); } -#elif defined(USE_MBEDTLS_SHA256) +#elif defined(USE_MBEDTLS) && \ + defined(PSA_WANT_ALG_SHA_256) && PSA_WANT_ALG_SHA_256 /* mbedTLS 4+ */ +#include typedef psa_hash_operation_t my_sha256_ctx; @@ -152,7 +137,12 @@ static void my_sha256_final(unsigned char *digest, void *ctx) &actual_length); } -#elif defined(AN_APPLE_OS) +#elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \ + (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040)) || \ + (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \ + (__IPHONE_OS_VERSION_MAX_ALLOWED >= 20000)) +#include + typedef CC_SHA256_CTX my_sha256_ctx; static CURLcode my_sha256_init(void *ctx) @@ -174,6 +164,7 @@ static void my_sha256_final(unsigned char *digest, void *ctx) } #elif defined(USE_WIN32_CRYPTO) +#include struct sha256_ctx { HCRYPTPROV hCryptProv; diff --git a/lib/url.c b/lib/url.c index 3c0d913432..f0b6b0d5b2 100644 --- a/lib/url.c +++ b/lib/url.c @@ -133,7 +133,7 @@ static void data_priority_cleanup(struct Curl_easy *data); # error READBUFFER_SIZE is too small #endif -#ifdef USE_UNIX_SOCKETS +#if !defined(CURL_DISABLE_PROXY) && defined(USE_UNIX_SOCKETS) #define UNIX_SOCKET_PREFIX "localhost" #endif @@ -614,10 +614,6 @@ static bool socks_proxy_info_matches(const struct proxy_info *data, return FALSE; return TRUE; } -#else -/* disabled, will not get called */ -#define proxy_info_matches(x, y) FALSE -#define socks_proxy_info_matches(x, y) FALSE #endif /* A connection has to have been idle for less than 'conn_max_idle_ms' diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c index d0aae81b80..385f6a10b3 100644 --- a/lib/vauth/ntlm.c +++ b/lib/vauth/ntlm.c @@ -41,6 +41,9 @@ #include "../curlx/strdup.h" #include "../curl_endian.h" +/* "NTLMSSP" signature is always in ASCII regardless of the platform */ +#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50" + /* NTLM buffer fixed size, large enough for long user + host + domain */ #define NTLM_BUFSIZE 1024 @@ -58,6 +61,7 @@ /* Requests that the server's authentication realm be included in the Type 2 message. */ +#if DEBUG_ME /* unknown (1 << 3) */ #define NTLMFLAG_NEGOTIATE_SIGN (1 << 4) /* Specifies that authenticated communication between the client and server @@ -73,10 +77,12 @@ #define NTLMFLAG_NEGOTIATE_LM_KEY (1 << 7) /* Indicates that the LAN Manager session key should be used for signing and sealing authenticated communications. */ +#endif #define NTLMFLAG_NEGOTIATE_NTLM_KEY (1 << 9) /* Indicates that NTLM authentication is being used. */ +#if DEBUG_ME /* unknown (1 << 10) */ #define NTLMFLAG_NEGOTIATE_ANONYMOUS (1 << 11) @@ -95,11 +101,13 @@ /* Sent by the server to indicate that the server and client are on the same machine. Implies that the client may use a pre-established local security context rather than responding to the challenge. */ +#endif #define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN (1 << 15) /* Indicates that authenticated communication between the client and server should be signed with a "dummy" signature. */ +#if DEBUG_ME #define NTLMFLAG_TARGET_TYPE_DOMAIN (1 << 16) /* Sent by the server in the Type 2 message to indicate that the target authentication realm is a domain. */ @@ -112,11 +120,13 @@ /* Sent by the server in the Type 2 message to indicate that the target authentication realm is a share. Presumably, this is for share-level authentication. Usage is unclear. */ +#endif #define NTLMFLAG_NEGOTIATE_NTLM2_KEY (1 << 19) /* Indicates that the NTLM2 signing and sealing scheme should be used for protecting authenticated communications. */ +#if DEBUG_ME #define NTLMFLAG_REQUEST_INIT_RESPONSE (1 << 20) /* unknown purpose */ @@ -125,11 +135,13 @@ #define NTLMFLAG_REQUEST_NONNT_SESSION_KEY (1 << 22) /* unknown purpose */ +#endif #define NTLMFLAG_NEGOTIATE_TARGET_INFO (1 << 23) /* Sent by the server in the Type 2 message to indicate that it is including a Target Information block in the message. */ +#if DEBUG_ME /* unknown (1<24) */ /* unknown (1<25) */ /* unknown (1<26) */ @@ -146,10 +158,6 @@ #define NTLMFLAG_NEGOTIATE_56 (1 << 31) /* Indicates that 56-bit encryption is supported. */ -/* "NTLMSSP" signature is always in ASCII regardless of the platform */ -#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50" - -#if DEBUG_ME #define DEBUG_OUT(x) x static void ntlm_print_flags(FILE *handle, unsigned long flags) { diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c index 61e7d3452e..66bb5770f1 100644 --- a/lib/vquic/curl_ngtcp2.c +++ b/lib/vquic/curl_ngtcp2.c @@ -376,10 +376,6 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) } } -/* ngtcp2 default congestion controller does not perform pacing. Limit - the maximum packet burst to MAX_PKT_BURST packets. */ -#define MAX_PKT_BURST 10 - struct pkt_io_ctx { struct Curl_cfilter *cf; struct Curl_easy *data; diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c index e5913eaf59..fc31c06a46 100644 --- a/lib/vquic/curl_quiche.c +++ b/lib/vquic/curl_quiche.c @@ -53,16 +53,12 @@ /* HTTP/3 error values defined in RFC 9114, ch. 8.1 */ #define CURL_H3_NO_ERROR 0x0100 +#define MAX_PKT_BURST 10 + #define QUIC_MAX_STREAMS 100 #define H3_STREAM_WINDOW_SIZE (1024 * 128) #define H3_STREAM_CHUNK_SIZE (1024 * 16) -/* The pool keeps spares around and half of a full stream windows seems good. - * More does not seem to improve performance. The benefit of the pool is that - * stream buffer to not keep spares. Memory consumption goes down when streams - * run empty, have a large upload done, etc. */ -#define H3_STREAM_POOL_SPARES \ - (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE) / 2 /* Receive and Send max number of chunks just follows from the * chunk size and window size */ #define H3_STREAM_RECV_CHUNKS \ diff --git a/lib/vquic/vquic.c b/lib/vquic/vquic.c index 2a85c750d7..7fef051f4c 100644 --- a/lib/vquic/vquic.c +++ b/lib/vquic/vquic.c @@ -225,11 +225,13 @@ out: return result; } +#ifdef CURLVERBOSE #ifdef HAVE_SENDMSG #define VQUIC_SEND_METHOD "sendmsg" #else #define VQUIC_SEND_METHOD "send" #endif +#endif static CURLcode send_packet_no_gso(struct Curl_cfilter *cf, struct Curl_easy *data, diff --git a/lib/vquic/vquic_int.h b/lib/vquic/vquic_int.h index 0652f69662..4da3c2f192 100644 --- a/lib/vquic/vquic_int.h +++ b/lib/vquic/vquic_int.h @@ -29,7 +29,6 @@ #include "../bufq.h" -#define MAX_PKT_BURST 10 #define MAX_UDP_PAYLOAD_SIZE 1452 /* definitions from RFC 9114, ch 8.1 */ diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 2184720581..0e039386c1 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -4430,9 +4430,9 @@ static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509 *cert, return result; } -#if !(defined(LIBRESSL_VERSION_NUMBER) && \ - LIBRESSL_VERSION_NUMBER < 0x3060000fL) && \ - !defined(HAVE_BORINGSSL_LIKE) && defined(CURLVERBOSE) +#ifdef CURLVERBOSE +#if !defined(HAVE_BORINGSSL_LIKE) && \ + !(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3060000fL) static void infof_certstack(struct Curl_easy *data, const SSL *ssl) { STACK_OF(X509) *certstack; @@ -4505,6 +4505,7 @@ static void infof_certstack(struct Curl_easy *data, const SSL *ssl) #else #define infof_certstack(data, ssl) #endif +#endif /* CURLVERBOSE */ static CURLcode ossl_check_issuer(struct Curl_cfilter *cf, struct Curl_easy *data, diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index 938acba3e1..41965062f0 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -30,7 +30,6 @@ #ifdef USE_WOLFSSL -#define WOLFSSL_OPTIONS_IGNORE_SYS #include #include diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c index 1efb6ae1cb..27fe149dcb 100644 --- a/lib/vtls/x509asn1.c +++ b/lib/vtls/x509asn1.c @@ -50,6 +50,7 @@ /* Largest supported ASN.1 structure. */ #define CURL_ASN1_MAX ((size_t)0x40000) /* 256K */ +#ifdef WANT_EXTRACT_CERTINFO /* ASN.1 classes. */ /* #define CURL_ASN1_UNIVERSAL 0 */ /* #define CURL_ASN1_APPLICATION 1 */ @@ -86,7 +87,6 @@ /* #define CURL_ASN1_CHARACTER_STRING 29 */ #define CURL_ASN1_BMP_STRING 30 -#ifdef WANT_EXTRACT_CERTINFO /* ASN.1 OID table entry. */ struct Curl_OID { const char *numoid; /* Dotted-numeric OID. */ diff --git a/lib/ws.c b/lib/ws.c index f990c80271..5c37236315 100644 --- a/lib/ws.c +++ b/lib/ws.c @@ -63,7 +63,9 @@ #define WSBIT_OPCODE_CLOSE 0x8 #define WSBIT_OPCODE_PING 0x9 #define WSBIT_OPCODE_PONG 0xa +#ifdef CURLVERBOSE #define WSBIT_OPCODE_MASK 0xf +#endif #define WSBIT_MASK 0x80 diff --git a/m4/curl-wolfssl.m4 b/m4/curl-wolfssl.m4 index d20d00ffbd..9e09be7fea 100644 --- a/m4/curl-wolfssl.m4 +++ b/m4/curl-wolfssl.m4 @@ -83,6 +83,7 @@ if test "$OPT_WOLFSSL" != "no"; then fi if test "$USE_WOLFSSL" != "yes"; then + CPPFLAGS="$CPPFLAGS -DWOLFSSL_OPTIONS_IGNORE_SYS" LDFLAGS="$LDFLAGS $addld" LDFLAGSPC="$LDFLAGSPC $addld" diff --git a/src/tool_doswin.c b/src/tool_doswin.c index ad290f377a..45886952d6 100644 --- a/src/tool_doswin.c +++ b/src/tool_doswin.c @@ -27,8 +27,6 @@ #ifdef _WIN32 # include -# undef PATH_MAX -# define PATH_MAX MAX_PATH #elif !defined(__DJGPP__) || (__DJGPP__ < 2) /* DJGPP 2.0 has _use_lfn() */ # define CURL_USE_LFN(f) 0 /* long filenames never available */ #elif defined(__DJGPP__) @@ -552,12 +550,12 @@ CURLcode FindWin32CACert(struct OperationConfig *config, { CURLcode result = CURLE_OK; DWORD res_len; - TCHAR buf[PATH_MAX]; + TCHAR buf[MAX_PATH]; TCHAR *ptr = NULL; buf[0] = TEXT('\0'); - res_len = SearchPath(NULL, bundle_file, NULL, PATH_MAX, buf, &ptr); + res_len = SearchPath(NULL, bundle_file, NULL, MAX_PATH, buf, &ptr); if(res_len > 0) { curlx_free(config->cacert); config->cacert = curlx_convert_tchar_to_UTF8(buf); diff --git a/src/var.c b/src/var.c index 306ed1b02b..fbb35a7d01 100644 --- a/src/var.c +++ b/src/var.c @@ -369,8 +369,6 @@ static ParameterError addvariable(const char *name, return PARAM_NO_MEM; } -#define MAX_FILENAME 10000 - ParameterError setvariable(const char *input) { const char *name;