diff options
| author | Matt Caswell <matt@openssl.org> | 2015-01-21 19:18:47 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:38:04 +0000 |
| commit | 0f6c9658231a41492680c55c8a9d55dc83485a89 (patch) | |
| tree | 575b9efe606c26fc8cfa8465b5666394fc5ff870 | |
| parent | 465171841020cdc71f18c451493b7d72bb0ba6ec (diff) | |
| download | openssl-new-0f6c9658231a41492680c55c8a9d55dc83485a89.tar.gz | |
Move more comments that confuse indent
Conflicts:
crypto/dsa/dsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl_locl.h
Conflicts:
crypto/bn/rsaz_exp.c
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c
ssl/ssl_locl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
| -rw-r--r-- | apps/apps.c | 10 | ||||
| -rw-r--r-- | apps/ca.c | 3 | ||||
| -rw-r--r-- | apps/passwd.c | 3 | ||||
| -rw-r--r-- | apps/s_apps.h | 3 | ||||
| -rw-r--r-- | apps/s_server.c | 3 | ||||
| -rw-r--r-- | crypto/bio/bss_bio.c | 3 | ||||
| -rw-r--r-- | crypto/bio/bss_rtcp.c | 15 | ||||
| -rw-r--r-- | crypto/bn/bn_lib.c | 13 | ||||
| -rw-r--r-- | crypto/crypto.h | 3 | ||||
| -rw-r--r-- | crypto/des/des_ver.h | 6 | ||||
| -rw-r--r-- | crypto/dsa/dsa.h | 21 | ||||
| -rw-r--r-- | crypto/ec/ec2_oct.c | 5 | ||||
| -rw-r--r-- | crypto/ec/ecp_nistp256.c | 6 | ||||
| -rw-r--r-- | crypto/ec/ecp_nistp521.c | 3 | ||||
| -rw-r--r-- | crypto/ec/ecp_nistputil.c | 3 | ||||
| -rw-r--r-- | crypto/ec/ecp_oct.c | 5 | ||||
| -rw-r--r-- | crypto/modes/gcm128.c | 3 | ||||
| -rw-r--r-- | crypto/rand/md_rand.c | 6 | ||||
| -rw-r--r-- | crypto/seed/seed.h | 3 | ||||
| -rw-r--r-- | crypto/x509/x509.h | 9 | ||||
| -rw-r--r-- | demos/engines/ibmca/hw_ibmca.c | 2 | ||||
| -rw-r--r-- | engines/e_chil.c | 3 | ||||
| -rw-r--r-- | engines/e_sureware.c | 6 | ||||
| -rw-r--r-- | engines/e_ubsec.c | 8 | ||||
| -rw-r--r-- | ssl/d1_pkt.c | 3 | ||||
| -rw-r--r-- | ssl/kssl.c | 9 | ||||
| -rw-r--r-- | ssl/ssl.h | 51 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 68 | ||||
| -rw-r--r-- | ssl/ssl_task.c | 15 | ||||
| -rw-r--r-- | ssl/ssltest.c | 6 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 3 |
31 files changed, 198 insertions, 102 deletions
diff --git a/apps/apps.c b/apps/apps.c index 3914c40fe9..62670484d8 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -110,10 +110,12 @@ */ #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) -#define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get - the declaration of fileno(). The value - 2 is to make sure no function defined - in POSIX-2 is left undefined. */ +/* On VMS, you need to define this to get + * the declaration of fileno(). The value + * 2 is to make sure no function defined + * in POSIX-2 is left undefined. + */ +#define _POSIX_C_SOURCE 2 #endif #include <stdio.h> #include <stdlib.h> @@ -1491,7 +1491,8 @@ bad: } - if (crlnumberfile != NULL) /* we have a CRL number that need updating */ + /* we have a CRL number that need updating */ + if (crlnumberfile != NULL) if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err; if (crlnumber) diff --git a/apps/passwd.c b/apps/passwd.c index 8e65ed7cbb..e12b5ecea8 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -310,7 +310,8 @@ err: */ static char *md5crypt(const char *passwd, const char *magic, const char *salt) { - static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ + /* "$apr1$..salt..$.......md5hash..........\0" */ + static char out_buf[6 + 9 + 24 + 2]; unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; int n; diff --git a/apps/s_apps.h b/apps/s_apps.h index 820e5c5815..919023ddf5 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -108,7 +108,8 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +/* conflicts with winsock2 stuff on netware */ +#if !defined(OPENSSL_SYS_NETWARE) #include <sys/types.h> #endif #include <openssl/opensslconf.h> diff --git a/apps/s_server.c b/apps/s_server.c index f47328ab35..ba20587c8b 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -157,7 +157,8 @@ #define APPS_WIN16 #endif -#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +/* conflicts with winsock2 stuff on netware */ +#if !defined(OPENSSL_SYS_NETWARE) #include <sys/types.h> #endif diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 6d86587ee3..b948631cd7 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -151,7 +151,8 @@ static int bio_new(BIO *bio) return 0; b->peer = NULL; - b->size = 17*1024; /* enough for one TLS record (just a default) */ + /* enough for one TLS record (just a default) */ + b->size = 17*1024; b->buf = NULL; bio->ptr = b; diff --git a/crypto/bio/bss_rtcp.c b/crypto/bio/bss_rtcp.c index dd6038f3bd..c8145f7d79 100644 --- a/crypto/bio/bss_rtcp.c +++ b/crypto/bio/bss_rtcp.c @@ -76,11 +76,16 @@ typedef unsigned short io_channel; /*************************************************************************/ struct io_status { short status, count; long flags; }; -struct rpc_msg { /* Should have member alignment inhibited */ - char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ - char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ - unsigned short int length; /* Amount of data returned or max to return */ - char data[4092]; /* variable data */ +/* Should have member alignment inhibited */ +struct rpc_msg { + /* 'A'-app data. 'R'-remote client 'G'-global */ + char channel; + /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ + char function; + /* Amount of data returned or max to return */ + unsigned short int length; + /* variable data */ + char data[4092]; }; #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 7a8f8c1450..c711b2d6ce 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -350,6 +350,11 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; } + /* + * workaround for ultrix cc: without 'case 0', the optimizer does + * the switch table by doing a=top&3; a--; goto jump_table[a]; + * which fails for top== 0 + */ switch (b->top&3) { case 3: A[2]=B[2]; @@ -357,11 +362,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) case 1: A[0]=B[0]; case 0: ; - /* - * workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 - */ } } @@ -508,12 +508,13 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; } + /* ultrix cc workaround, see comments in bn_expand_internal */ switch (b->top&3) { case 3: A[2]=B[2]; case 2: A[1]=B[1]; case 1: A[0]=B[0]; - case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */ + case 0: ; } #else memcpy(a->d,b->d,sizeof(b->d[0])*b->top); diff --git a/crypto/crypto.h b/crypto/crypto.h index d0e168949a..1b1ed5ad89 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -285,7 +285,8 @@ typedef struct bio_st BIO_dummy; struct crypto_ex_data_st { STACK_OF(void) *sk; - int dummy; /* gcc is screwing up this data structure :-( */ + /* gcc is screwing up this data structure :-( */ + int dummy; }; DECLARE_STACK_OF(void) diff --git a/crypto/des/des_ver.h b/crypto/des/des_ver.h index d1ada258a6..10e889a572 100644 --- a/crypto/des/des_ver.h +++ b/crypto/des/des_ver.h @@ -67,5 +67,7 @@ #define DES_version OSSL_DES_version #define libdes_version OSSL_libdes_version -OPENSSL_EXTERN const char OSSL_DES_version[]; /* SSLeay version string */ -OPENSSL_EXTERN const char OSSL_libdes_version[]; /* old libdes version string */ +/* SSLeay version string */ +OPENSSL_EXTERN const char OSSL_DES_version[]; +/* old libdes version string */ +OPENSSL_EXTERN const char OSSL_libdes_version[]; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 19422dfefb..bedb99198f 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -89,13 +89,20 @@ #endif #define DSA_FLAG_CACHE_MONT_P 0x01 -#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA - * implementation now uses constant time - * modular exponentiation for secret exponents - * by default. This flag causes the - * faster variable sliding window method to - * be used for all exponents. - */ +/* new with 0.9.7h; the + * built-in DSA + * implementation now + * uses constant time + * modular exponentiation + * for secret exponents + * by default. This flag + * causes the faster + * variable sliding + * window method to be + * used for all + * exponents. + */ +#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* If this flag is set the DSA method is FIPS compliant and can be used * in FIPS mode. This is set in the validated module method. If an diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index c60df5c6f2..943b75baf5 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -390,8 +390,9 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; } - - if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ + + /* test required by X9.62 */ + if (!EC_POINT_is_on_curve(group, point, ctx)) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index f2f8266b11..33fba29155 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1568,9 +1568,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, if (!skip) { + /* Arg 1 below is for "mixed" */ point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], - 1 /* mixed */, tmp[0], tmp[1], tmp[2]); + 1, tmp[0], tmp[1], tmp[2]); } else { @@ -1587,9 +1588,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, bits |= get_bit(g_scalar, i); /* select the point to add, in constant time */ select_point(bits, 16, g_pre_comp[0], tmp); + /* Arg 1 below is for "mixed" */ point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], - 1 /* mixed */, tmp[0], tmp[1], tmp[2]); + 1, tmp[0], tmp[1], tmp[2]); } /* do other additions every 5 doublings */ diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 78c21f0089..f97dab67de 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1460,9 +1460,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, select_point(bits, 16, g_pre_comp, tmp); if (!skip) { + /* The 1 argument below is for "mixed" */ point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], - 1 /* mixed */, tmp[0], tmp[1], tmp[2]); + 1, tmp[0], tmp[1], tmp[2]); } else { diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c index 4ab42d814c..c65bb2d911 100644 --- a/crypto/ec/ecp_nistputil.c +++ b/crypto/ec/ecp_nistputil.c @@ -79,7 +79,8 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, /* tmp_felem(i-1) is the product of Z(0) .. Z(i-1), * tmp_felem(i) is the inverse of the product of Z(0) .. Z(i) */ - felem_mul(tmp_felem(num), tmp_felem(i-1), tmp_felem(i)); /* 1/Z(i) */ + /* 1/Z(i) */ + felem_mul(tmp_felem(num), tmp_felem(i-1), tmp_felem(i)); else felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */ diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index c23983d7f7..0fdd8ad31f 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -416,8 +416,9 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; } - - if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ + + /* test required by X9.62 */ + if (!EC_POINT_is_on_curve(group, point, ctx)) { ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 7152824ed8..4b5269240e 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -2019,7 +2019,8 @@ static const u8 T19[]= { /* Test Case 20 */ #define K20 K1 #define A20 A1 -static const u8 IV20[64]={0xff,0xff,0xff,0xff}; /* this results in 0xff in counter LSB */ +/* this results in 0xff in counter LSB */ +static const u8 IV20[64]={0xff,0xff,0xff,0xff}; static const u8 P20[288]; static const u8 C20[]= { 0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a, diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 888b4eb8dd..ba62046ba5 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -147,7 +147,8 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread * holds CRYPTO_LOCK_RAND * (to prevent double locking) */ /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ -static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */ +/* valid iff crypto_lock_rand is set */ +static CRYPTO_THREADID locking_threadid; #ifdef PREDICT @@ -504,7 +505,8 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) for (i=0; i<MD_DIGEST_LENGTH/2; i++) { - state[st_idx++]^=local_md[i]; /* may compete with other threads */ + /* may compete with other threads */ + state[st_idx++]^=local_md[i]; if (st_idx >= st_num) st_idx=0; if (i < j) diff --git a/crypto/seed/seed.h b/crypto/seed/seed.h index c50fdd3607..ec639456e7 100644 --- a/crypto/seed/seed.h +++ b/crypto/seed/seed.h @@ -89,7 +89,8 @@ #error SEED is disabled. #endif -#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */ +/* look whether we need 'long' to get 32 bits */ +#ifdef AES_LONG # ifndef SEED_LONG # define SEED_LONG 1 # endif diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index b2ab84bd1d..88857bd81f 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -570,7 +570,8 @@ X509_ALGOR *encryption; } PBE2PARAM; typedef struct PBKDF2PARAM_st { -ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ +/* Usually OCTET STRING but could be anything */ +ASN1_TYPE *salt; ASN1_INTEGER *iter; ASN1_INTEGER *keylength; X509_ALGOR *prf; @@ -581,7 +582,8 @@ X509_ALGOR *prf; struct pkcs8_priv_key_info_st { - int broken; /* Flag for various broken formats */ + /* Flag for various broken formats */ + int broken; #define PKCS8_OK 0 #define PKCS8_NO_OCTET 1 #define PKCS8_EMBEDDED_PARAM 2 @@ -589,7 +591,8 @@ struct pkcs8_priv_key_info_st #define PKCS8_NEG_PRIVKEY 4 ASN1_INTEGER *version; X509_ALGOR *pkeyalg; - ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ + /* Should be OCTET STRING but some are broken */ + ASN1_TYPE *pkey; STACK_OF(X509_ATTRIBUTE) *attributes; }; diff --git a/demos/engines/ibmca/hw_ibmca.c b/demos/engines/ibmca/hw_ibmca.c index fa690a2286..8838b0015e 100644 --- a/demos/engines/ibmca/hw_ibmca.c +++ b/demos/engines/ibmca/hw_ibmca.c @@ -916,5 +916,5 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #endif /* ENGINE_DYNAMIC_SUPPORT */
-#endif /* !OPENSSL_NO_HW_IBMCA */
+#endif /* !OPENSSL_NO_HW_IBMCA */ #endif /* !OPENSSL_NO_HW */ diff --git a/engines/e_chil.c b/engines/e_chil.c index 9999fcc775..d1ee0c8fef 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -419,7 +419,8 @@ void ENGINE_load_chil(void) static DSO *hwcrhk_dso = NULL; static HWCryptoHook_ContextHandle hwcrhk_context = 0; #ifndef OPENSSL_NO_RSA -static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int hndidx_rsa = -1; #endif /* These are the function pointers that are (un)set when the library has diff --git a/engines/e_sureware.c b/engines/e_sureware.c index d4dac55d0e..f9167c45dd 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -337,10 +337,12 @@ void ENGINE_load_sureware(void) * implicitly. */ static DSO *surewarehk_dso = NULL; #ifndef OPENSSL_NO_RSA -static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int rsaHndidx = -1; #endif #ifndef OPENSSL_NO_DSA -static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int dsaHndidx = -1; #endif /* These are the function pointers that are (un)set when the library has diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 458f37e996..bf20d527d0 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -782,9 +782,13 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; } - if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */ + if (p_UBSEC_dsa_sign_ioctl(fd, + /* compute hash before signing */ + 0, (unsigned char *)dgst, d_len, - NULL, 0, /* compute random value */ + NULL, + /* compute random value */ + 0, (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), (unsigned char *)dsa->q->d, BN_num_bits(dsa->q), (unsigned char *)dsa->g->d, BN_num_bits(dsa->g), diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index a681432533..867da83a8d 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -711,7 +711,8 @@ again: { if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0) return -1; - dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ + /* Mark receipt of record. */ + dtls1_record_bitmap_update(s, bitmap); } rr->length = 0; s->packet_length = 0; diff --git a/ssl/kssl.c b/ssl/kssl.c index f2b34bc876..6f100eede5 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1813,8 +1813,10 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, - 0 /* IGNORE_VNO */, - 0 /* IGNORE_ENCTYPE */, + /* IGNORE_VNO */ + 0, + /* IGNORE_ENCTYPE */ + 0, &entry); if ( krb5rc == KRB5_KT_NOTFOUND ) { rc = 1; @@ -1898,7 +1900,8 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) krb5_free_data_contents(NULL, data); #endif } -#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ +#endif +/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ /* Given pointers to KerberosTime and struct tm structs, convert the @@ -573,7 +573,8 @@ struct ssl_session_st * the workaround is not needed. Unfortunately some broken SSL/TLS * implementations cannot handle it at all, which is why we include * it in SSL_OP_ALL. */ -#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ +/* added in 0.9.6e */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* SSL_OP_ALL: various bug workarounds that should be rather harmless. * This used to be 0x000FFFFFL before 0.9.7. */ @@ -1537,27 +1538,40 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) /* These alert types are for SSLv3 and TLSv1 */ #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY -#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ -#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ +/* fatal */ +#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW -#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ -#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ -#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ +/* fatal */ +#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN -#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ -#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ -#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ -#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ +/* fatal */ +#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR -#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ -#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ -#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ -#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ +/* fatal */ +#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION @@ -1565,8 +1579,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE -#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ -#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ +/* fatal */ +#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1791,7 +1807,8 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type); int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ +/* PEM type */ +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 81fa46ff7d..7907921b30 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -288,30 +288,54 @@ */ /* Bits for algorithm_mkey (key exchange algorithm) */ -#define SSL_kRSA 0x00000001L /* RSA key exchange */ -#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ -#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ -#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */ -#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */ -#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ -#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ -#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ -#define SSL_kPSK 0x00000100L /* PSK */ -#define SSL_kGOST 0x00000200L /* GOST key exchange */ -#define SSL_kSRP 0x00000400L /* SRP */ +/* RSA key exchange */ +#define SSL_kRSA 0x00000001L +/* DH cert, RSA CA cert */ +/* no such ciphersuites supported! */ +#define SSL_kDHr 0x00000002L +/* DH cert, DSA CA cert */ +/* no such ciphersuite supported! */ +#define SSL_kDHd 0x00000004L +/* tmp DH key no DH cert */ +#define SSL_kEDH 0x00000008L +/* Kerberos5 key exchange */ +#define SSL_kKRB5 0x00000010L +/* ECDH cert, RSA CA cert */ +#define SSL_kECDHr 0x00000020L +/* ECDH cert, ECDSA CA cert */ +#define SSL_kECDHe 0x00000040L +/* ephemeral ECDH */ +#define SSL_kEECDH 0x00000080L +/* PSK */ +#define SSL_kPSK 0x00000100L +/* GOST key exchange */ +#define SSL_kGOST 0x00000200L +/* SRP */ +#define SSL_kSRP 0x00000400L /* Bits for algorithm_auth (server authentication) */ -#define SSL_aRSA 0x00000001L /* RSA auth */ -#define SSL_aDSS 0x00000002L /* DSS auth */ -#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ -#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */ -#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */ -#define SSL_aKRB5 0x00000020L /* KRB5 auth */ -#define SSL_aECDSA 0x00000040L /* ECDSA auth*/ -#define SSL_aPSK 0x00000080L /* PSK auth */ -#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ -#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ -#define SSL_aSRP 0x00000400L /* SRP auth */ +/* RSA auth */ +#define SSL_aRSA 0x00000001L +/* DSS auth */ +#define SSL_aDSS 0x00000002L +/* no auth (i.e. use ADH or AECDH) */ +#define SSL_aNULL 0x00000004L +/* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */ +#define SSL_aDH 0x00000008L +/* Fixed ECDH auth (kECDHe or kECDHr) */ +#define SSL_aECDH 0x00000010L +/* KRB5 auth */ +#define SSL_aKRB5 0x00000020L +/* ECDSA auth*/ +#define SSL_aECDSA 0x00000040L +/* PSK auth */ +#define SSL_aPSK 0x00000080L +/* GOST R 34.10-94 signature auth */ +#define SSL_aGOST94 0x00000100L +/* GOST R 34.10-2001 signature auth */ +#define SSL_aGOST01 0x00000200L +/* SRP auth */ +#define SSL_aSRP 0x00000400L /* Bits for algorithm_enc (symmetric encryption) */ diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index 86a9a6013d..4381647f2e 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -144,11 +144,16 @@ static int s_nbio=0; #endif #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE" /*************************************************************************/ -struct rpc_msg { /* Should have member alignment inhibited */ - char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ - char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ - unsigned short int length; /* Amount of data returned or max to return */ - char data[4092]; /* variable data */ +/* Should have member alignment inhibited */ +struct rpc_msg { + /* 'A'-app data. 'R'-remote client 'G'-global */ + char channel; + /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ + char function; + /* Amount of data returned or max to return */ + unsigned short int length; + /* variable data */ + char data[4092]; }; #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index fc2a279466..a7e91d792d 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1011,8 +1011,10 @@ bad: #ifdef TLSEXT_TYPE_opaque_prf_input SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb); SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb); - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */ - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */ + /* or &co2 or NULL */ + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); + /* or &so2 or NULL */ + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); #endif if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 53db4eb2f1..694e24eb14 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1245,7 +1245,8 @@ int tls1_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); -#if 0 /* not appropriate for TLS, not used for DTLS */ +#if 0 + /* not appropriate for TLS, not used for DTLS */ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); #endif |