diff --git a/crypto/bcrypt.c b/crypto/bcrypt.c index a4eb384a..1ccd4756 100644 --- a/crypto/bcrypt.c +++ b/crypto/bcrypt.c @@ -11,8 +11,8 @@ #include "ssh.h" #include "blowfish.h" -BlowfishContext *bcrypt_setup(const unsigned char *key, int keybytes, - const unsigned char *salt, int saltbytes) +static BlowfishContext *bcrypt_setup(const unsigned char *key, int keybytes, + const unsigned char *salt, int saltbytes) { int i; BlowfishContext *ctx; @@ -32,9 +32,9 @@ BlowfishContext *bcrypt_setup(const unsigned char *key, int keybytes, return ctx; } -void bcrypt_hash(const unsigned char *key, int keybytes, - const unsigned char *salt, int saltbytes, - unsigned char output[32]) +static void bcrypt_hash(const unsigned char *key, int keybytes, + const unsigned char *salt, int saltbytes, + unsigned char output[32]) { BlowfishContext *ctx; int i; @@ -49,10 +49,10 @@ void bcrypt_hash(const unsigned char *key, int keybytes, blowfish_free_context(ctx); } -void bcrypt_genblock(int counter, - const unsigned char hashed_passphrase[64], - const unsigned char *salt, int saltbytes, - unsigned char output[32]) +static void bcrypt_genblock(int counter, + const unsigned char hashed_passphrase[64], + const unsigned char *salt, int saltbytes, + unsigned char output[32]) { unsigned char hashed_salt[64]; diff --git a/crypto/ecc-ssh.c b/crypto/ecc-ssh.c index a43cb841..26a04815 100644 --- a/crypto/ecc-ssh.c +++ b/crypto/ecc-ssh.c @@ -1444,7 +1444,7 @@ typedef struct ecdh_key_m { ecdh_key ek; } ecdh_key_m; -ecdh_key *ssh_ecdhkex_w_new(const ssh_kex *kex, bool is_server) +static ecdh_key *ssh_ecdhkex_w_new(const ssh_kex *kex, bool is_server) { const struct eckex_extra *extra = (const struct eckex_extra *)kex->extra; const struct ec_curve *curve = extra->curve(); @@ -1463,7 +1463,7 @@ ecdh_key *ssh_ecdhkex_w_new(const ssh_kex *kex, bool is_server) return &dhw->ek; } -ecdh_key *ssh_ecdhkex_m_new(const ssh_kex *kex, bool is_server) +static ecdh_key *ssh_ecdhkex_m_new(const ssh_kex *kex, bool is_server) { const struct eckex_extra *extra = (const struct eckex_extra *)kex->extra; const struct ec_curve *curve = extra->curve(); @@ -1637,7 +1637,7 @@ const ssh_kex ssh_ec_kex_curve25519 = { .extra = &kex_extra_curve25519, }; /* Pre-RFC alias */ -const ssh_kex ssh_ec_kex_curve25519_libssh = { +static const ssh_kex ssh_ec_kex_curve25519_libssh = { .name = "curve25519-sha256@libssh.org", .main_type = KEXTYPE_ECDH, .hash = &ssh_sha256, diff --git a/crypto/ntru.c b/crypto/ntru.c index c313c0cc..fb802694 100644 --- a/crypto/ntru.c +++ b/crypto/ntru.c @@ -483,7 +483,8 @@ void ntru_scale(uint16_t *out, const uint16_t *in, uint16_t scale, * Given an array of values mod 3, convert them to values mod q in a * way that maps -1,0,+1 to -1,0,+1. */ -void ntru_expand(uint16_t *out, const uint16_t *in, unsigned p, unsigned q) +static void ntru_expand( + uint16_t *out, const uint16_t *in, unsigned p, unsigned q) { for (size_t i = 0; i < p; i++) { uint16_t v = in[i]; @@ -1393,8 +1394,9 @@ void ntru_encode_plaintext(const uint16_t *plaintext, unsigned p, * * 'out' should therefore expect to receive 32 bytes of data. */ -void ntru_confirmation_hash(uint8_t *out, const uint16_t *plaintext, - const uint16_t *pubkey, unsigned p, unsigned q) +static void ntru_confirmation_hash( + uint8_t *out, const uint16_t *plaintext, + const uint16_t *pubkey, unsigned p, unsigned q) { /* The outer hash object */ ssh_hash *hconfirm = ssh_hash_new(&ssh_sha512); @@ -1450,8 +1452,9 @@ void ntru_confirmation_hash(uint8_t *out, const uint16_t *plaintext, * * The ciphertext is provided in already-encoded form. */ -void ntru_session_hash(uint8_t *out, unsigned ok, const uint16_t *plaintext, - unsigned p, ptrlen ciphertext, ptrlen confirmation_hash) +static void ntru_session_hash( + uint8_t *out, unsigned ok, const uint16_t *plaintext, + unsigned p, ptrlen ciphertext, ptrlen confirmation_hash) { /* The outer hash object */ ssh_hash *hsession = ssh_hash_new(&ssh_sha512); @@ -1866,7 +1869,7 @@ static const ecdh_keyalg ssh_ntru_selector_vt = { .description = ssh_ntru_description, }; -const ssh_kex ssh_ntru_curve25519 = { +static const ssh_kex ssh_ntru_curve25519 = { .name = "sntrup761x25519-sha512@openssh.com", .main_type = KEXTYPE_ECDH, .hash = &ssh_sha512, diff --git a/crypto/openssh-certs.c b/crypto/openssh-certs.c index 979b5488..01bc5cc6 100644 --- a/crypto/openssh-certs.c +++ b/crypto/openssh-certs.c @@ -93,35 +93,37 @@ typedef struct opensshcert_extra { * info appears at all, it's in the same order everywhere, and none of * it is repeated unnecessarily */ enum { DSA_p, DSA_q, DSA_g, DSA_y, DSA_x }; -const unsigned dsa_pub_fmt[] = { DSA_p, DSA_q, DSA_g, DSA_y }; -const unsigned dsa_base_ossh_fmt[] = { DSA_p, DSA_q, DSA_g, DSA_y, DSA_x }; -const unsigned dsa_cert_ossh_fmt[] = { DSA_x }; +static const unsigned dsa_pub_fmt[] = { DSA_p, DSA_q, DSA_g, DSA_y }; +static const unsigned dsa_base_ossh_fmt[] = { + DSA_p, DSA_q, DSA_g, DSA_y, DSA_x }; +static const unsigned dsa_cert_ossh_fmt[] = { DSA_x }; /* ECDSA is almost as nice, except that it pointlessly mentions the * curve name in the public data, which shouldn't be necessary given * that the SSH key id has already implied it. But at least that's * consistent everywhere. */ enum { ECDSA_curve, ECDSA_point, ECDSA_exp }; -const unsigned ecdsa_pub_fmt[] = { ECDSA_curve, ECDSA_point }; -const unsigned ecdsa_base_ossh_fmt[] = { ECDSA_curve, ECDSA_point, ECDSA_exp }; -const unsigned ecdsa_cert_ossh_fmt[] = { ECDSA_exp }; +static const unsigned ecdsa_pub_fmt[] = { ECDSA_curve, ECDSA_point }; +static const unsigned ecdsa_base_ossh_fmt[] = { + ECDSA_curve, ECDSA_point, ECDSA_exp }; +static const unsigned ecdsa_cert_ossh_fmt[] = { ECDSA_exp }; /* Ed25519 has the oddity that the private data following the * certificate in the OpenSSH blob is preceded by an extra copy of the * public data, for no obviously necessary reason since that doesn't * happen in any of the rest of these formats */ enum { EDDSA_point, EDDSA_exp }; -const unsigned eddsa_pub_fmt[] = { EDDSA_point }; -const unsigned eddsa_base_ossh_fmt[] = { EDDSA_point, EDDSA_exp }; -const unsigned eddsa_cert_ossh_fmt[] = { EDDSA_point, EDDSA_exp }; +static const unsigned eddsa_pub_fmt[] = { EDDSA_point }; +static const unsigned eddsa_base_ossh_fmt[] = { EDDSA_point, EDDSA_exp }; +static const unsigned eddsa_cert_ossh_fmt[] = { EDDSA_point, EDDSA_exp }; /* And RSA has the quirk that the modulus and exponent are reversed in * the base key type's OpenSSH blob! */ enum { RSA_e, RSA_n, RSA_d, RSA_p, RSA_q, RSA_iqmp }; -const unsigned rsa_pub_fmt[] = { RSA_e, RSA_n }; -const unsigned rsa_base_ossh_fmt[] = { +static const unsigned rsa_pub_fmt[] = { RSA_e, RSA_n }; +static const unsigned rsa_base_ossh_fmt[] = { RSA_n, RSA_e, RSA_d, RSA_p, RSA_q, RSA_iqmp }; -const unsigned rsa_cert_ossh_fmt[] = { RSA_d, RSA_p, RSA_q, RSA_iqmp }; +static const unsigned rsa_cert_ossh_fmt[] = { RSA_d, RSA_p, RSA_q, RSA_iqmp }; /* * Routines to transform one kind of blob into another based on those @@ -238,7 +240,7 @@ static const ssh_keyalg *opensshcert_related_alg(const ssh_keyalg *self, /* end of list */ #define KEYALG_DEF(name, ssh_alg_id_prefix, ssh_key_id_prefix, fmt_prefix) \ - const struct opensshcert_extra opensshcert_##name##_extra = { \ + static const struct opensshcert_extra opensshcert_##name##_extra = { \ .pub_fmt = { .fmt = fmt_prefix ## _pub_fmt, \ .len = lenof(fmt_prefix ## _pub_fmt) }, \ .base_ossh_fmt = { .fmt = fmt_prefix ## _base_ossh_fmt, \ diff --git a/crypto/rsa.c b/crypto/rsa.c index ad4d9541..aa0e08a6 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -865,7 +865,8 @@ static unsigned ssh_rsa_supported_flags(const ssh_keyalg *self) return SSH_AGENT_RSA_SHA2_256 | SSH_AGENT_RSA_SHA2_512; } -const char *ssh_rsa_alternate_ssh_id(const ssh_keyalg *self, unsigned flags) +static const char *ssh_rsa_alternate_ssh_id( + const ssh_keyalg *self, unsigned flags) { if (flags & SSH_AGENT_RSA_SHA2_512) return ssh_rsa_sha512.ssh_id; diff --git a/import.c b/import.c index f5d6045d..918de50e 100644 --- a/import.c +++ b/import.c @@ -317,7 +317,7 @@ struct openssh_pem_key { strbuf *keyblob; }; -void BinarySink_put_mp_ssh2_from_string(BinarySink *bs, ptrlen str) +static void BinarySink_put_mp_ssh2_from_string(BinarySink *bs, ptrlen str) { const unsigned char *bytes = (const unsigned char *)str.ptr; size_t nbytes = str.len; @@ -1893,7 +1893,7 @@ static bool sshcom_encrypted(BinarySource *filesrc, char **comment) return answer; } -void BinarySink_put_mp_sshcom_from_string(BinarySink *bs, ptrlen str) +static void BinarySink_put_mp_sshcom_from_string(BinarySink *bs, ptrlen str) { const unsigned char *bytes = (const unsigned char *)str.ptr; size_t nbytes = str.len; diff --git a/proxy/cproxy.c b/proxy/cproxy.c index 38e6eef9..40a2f609 100644 --- a/proxy/cproxy.c +++ b/proxy/cproxy.c @@ -26,7 +26,8 @@ strbuf *chap_response(ptrlen challenge, ptrlen password) return sb; } -void BinarySink_put_hex_data(BinarySink *bs, const void *vptr, size_t len) +static void BinarySink_put_hex_data(BinarySink *bs, const void *vptr, + size_t len) { const unsigned char *p = (const unsigned char *)vptr; const char *hexdigits = "0123456789abcdef"; diff --git a/proxy/proxy.c b/proxy/proxy.c index 056dcf19..bca60a35 100644 --- a/proxy/proxy.c +++ b/proxy/proxy.c @@ -35,7 +35,7 @@ static void proxy_negotiator_cleanup(ProxySocket *ps) * Call this when proxy negotiation is complete, so that this * socket can begin working normally. */ -void proxy_activate(ProxySocket *ps) +static void proxy_activate(ProxySocket *ps) { size_t output_before, output_after; diff --git a/ssh/sftp.c b/ssh/sftp.c index 00072f13..1f98c5ec 100644 --- a/ssh/sftp.c +++ b/ssh/sftp.c @@ -21,7 +21,7 @@ static void fxp_internal_error(const char *msg); * Client-specific parts of the send- and receive-packet system. */ -bool sftp_send(struct sftp_packet *pkt) +static bool sftp_send(struct sftp_packet *pkt) { bool ret; sftp_send_prepare(pkt); diff --git a/ssh/sharing.c b/ssh/sharing.c index 827830f5..97337229 100644 --- a/ssh/sharing.c +++ b/ssh/sharing.c @@ -987,8 +987,8 @@ static void share_xchannel_add_message( xc->msgtail = msg; } -void share_dead_xchannel_respond(struct ssh_sharing_connstate *cs, - struct share_xchannel *xc) +static void share_dead_xchannel_respond(struct ssh_sharing_connstate *cs, + struct share_xchannel *xc) { /* * Handle queued incoming messages from the server destined for an @@ -1033,10 +1033,9 @@ void share_dead_xchannel_respond(struct ssh_sharing_connstate *cs, } } -void share_xchannel_confirmation(struct ssh_sharing_connstate *cs, - struct share_xchannel *xc, - struct share_channel *chan, - unsigned downstream_window) +static void share_xchannel_confirmation( + struct ssh_sharing_connstate *cs, struct share_xchannel *xc, + struct share_channel *chan, unsigned downstream_window) { strbuf *packet; @@ -1070,8 +1069,8 @@ void share_xchannel_confirmation(struct ssh_sharing_connstate *cs, strbuf_free(packet); } -void share_xchannel_failure(struct ssh_sharing_connstate *cs, - struct share_xchannel *xc) +static void share_xchannel_failure(struct ssh_sharing_connstate *cs, + struct share_xchannel *xc) { /* * If downstream refuses to open our X channel at all for some @@ -1986,7 +1985,7 @@ static int share_listen_accepting(Plug *plug, * configurations which return the same string from this function will * be treated as potentially shareable with each other. */ -char *ssh_share_sockname(const char *host, int port, Conf *conf) +static char *ssh_share_sockname(const char *host, int port, Conf *conf) { char *username = NULL; char *sockname; diff --git a/ssh/zlib.c b/ssh/zlib.c index e64d37a9..0841faa3 100644 --- a/ssh/zlib.c +++ b/ssh/zlib.c @@ -573,7 +573,7 @@ struct ssh_zlib_compressor { ssh_compressor sc; }; -ssh_compressor *zlib_compress_init(void) +static ssh_compressor *zlib_compress_init(void) { struct Outbuf *out; struct ssh_zlib_compressor *comp = snew(struct ssh_zlib_compressor); @@ -592,7 +592,7 @@ ssh_compressor *zlib_compress_init(void) return &comp->sc; } -void zlib_compress_cleanup(ssh_compressor *sc) +static void zlib_compress_cleanup(ssh_compressor *sc) { struct ssh_zlib_compressor *comp = container_of(sc, struct ssh_zlib_compressor, sc); @@ -604,10 +604,9 @@ void zlib_compress_cleanup(ssh_compressor *sc) sfree(comp); } -void zlib_compress_block(ssh_compressor *sc, - const unsigned char *block, int len, - unsigned char **outblock, int *outlen, - int minlen) +static void zlib_compress_block( + ssh_compressor *sc, const unsigned char *block, int len, + unsigned char **outblock, int *outlen, int minlen) { struct ssh_zlib_compressor *comp = container_of(sc, struct ssh_zlib_compressor, sc); @@ -904,7 +903,7 @@ struct zlib_decompress_ctx { ssh_decompressor dc; }; -ssh_decompressor *zlib_decompress_init(void) +static ssh_decompressor *zlib_decompress_init(void) { struct zlib_decompress_ctx *dctx = snew(struct zlib_decompress_ctx); unsigned char lengths[288]; @@ -927,7 +926,7 @@ ssh_decompressor *zlib_decompress_init(void) return &dctx->dc; } -void zlib_decompress_cleanup(ssh_decompressor *dc) +static void zlib_decompress_cleanup(ssh_decompressor *dc) { struct zlib_decompress_ctx *dctx = container_of(dc, struct zlib_decompress_ctx, dc); @@ -986,9 +985,9 @@ static void zlib_emit_char(struct zlib_decompress_ctx *dctx, int c) #define EATBITS(n) ( dctx->nbits -= (n), dctx->bits >>= (n) ) -bool zlib_decompress_block(ssh_decompressor *dc, - const unsigned char *block, int len, - unsigned char **outblock, int *outlen) +static bool zlib_decompress_block( + ssh_decompressor *dc, const unsigned char *block, int len, + unsigned char **outblock, int *outlen) { struct zlib_decompress_ctx *dctx = container_of(dc, struct zlib_decompress_ctx, dc); diff --git a/terminal/bidi.c b/terminal/bidi.c index 128f84c5..c17671b6 100644 --- a/terminal/bidi.c +++ b/terminal/bidi.c @@ -3558,13 +3558,14 @@ static void reverse_sequences(BidiContext *ctx) } /* - * The Main Bidi Function, and the only function that should be used - * by the outside world. + * The Main Bidi Function. The two wrappers below it present different + * external APIs for different purposes, but everything comes through + * here. * * text: a buffer of size textlen containing text to apply the * Bidirectional algorithm to. */ -void do_bidi_new(BidiContext *ctx, bidi_char *text, size_t textlen) +static void do_bidi_new(BidiContext *ctx, bidi_char *text, size_t textlen) { ensure_arrays(ctx, textlen); ctx->text = text; diff --git a/terminal/terminal.c b/terminal/terminal.c index 4ecfcab5..ee227190 100644 --- a/terminal/terminal.c +++ b/terminal/terminal.c @@ -1537,7 +1537,7 @@ static void set_erase_char(Terminal *term) * lookups which would be involved in fetching them from the former * every time. */ -void term_copy_stuff_from_conf(Terminal *term) +static void term_copy_stuff_from_conf(Terminal *term) { term->ansi_colour = conf_get_bool(term->conf, CONF_ansi_colour); term->no_arabicshaping = conf_get_bool(term->conf, CONF_no_arabicshaping); diff --git a/utils/x11authfile.c b/utils/x11authfile.c index 4fc84ab5..e2358a9d 100644 --- a/utils/x11authfile.c +++ b/utils/x11authfile.c @@ -9,7 +9,7 @@ #include "putty.h" #include "ssh.h" -ptrlen BinarySource_get_string_xauth(BinarySource *src) +static ptrlen BinarySource_get_string_xauth(BinarySource *src) { size_t len = get_uint16(src); return get_data(src, len); @@ -17,7 +17,7 @@ ptrlen BinarySource_get_string_xauth(BinarySource *src) #define get_string_xauth(src) \ BinarySource_get_string_xauth(BinarySource_UPCAST(src)) -void BinarySink_put_stringpl_xauth(BinarySink *bs, ptrlen pl) +static void BinarySink_put_stringpl_xauth(BinarySink *bs, ptrlen pl) { assert((pl.len >> 16) == 0); put_uint16(bs, pl.len); diff --git a/windows/network.c b/windows/network.c index 5dd728cd..2c087b69 100644 --- a/windows/network.c +++ b/windows/network.c @@ -1124,8 +1124,9 @@ Socket *sk_new(SockAddr *addr, int port, bool privport, bool oobinline, return &ret->sock; } -Socket *sk_newlistener_internal(const char *srcaddr, int port, Plug *plug, - bool local_host_only, int orig_address_family) +static Socket *sk_newlistener_internal( + const char *srcaddr, int port, Plug *plug, + bool local_host_only, int orig_address_family) { SOCKET s; SOCKADDR_IN a; @@ -1413,7 +1414,7 @@ static void socket_error_callback(void *vs) * The function which tries to send on a socket once it's deemed * writable. */ -void try_send(NetSocket *s) +static void try_send(NetSocket *s) { while (s->sending_oob || bufchain_size(&s->output_data) > 0) { int nsent; diff --git a/windows/unicode.c b/windows/unicode.c index 72c35ea6..7f0542d8 100644 --- a/windows/unicode.c +++ b/windows/unicode.c @@ -728,7 +728,7 @@ wchar_t xlat_uskbd2cyrllic(int ch) return cyrtab[ch&0x7F]; } -int check_compose_internal(int first, int second, int recurse) +static int check_compose_internal(int first, int second, int recurse) { static const struct {