From: Matt Caswell Date: Wed, 21 Jan 2015 11:09:58 +0000 (+0000) Subject: indent has problems with comments that are on the right hand side of a line. X-Git-Tag: OpenSSL_0_9_8-post-reformat~23 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c7c7a432df2fb0e0a359d5d383817b1348a71db6;p=oweals%2Fopenssl.git indent has problems with comments that are on the right hand side of a line. Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Conflicts: crypto/bn/bn.h crypto/ec/ec_lcl.h crypto/rsa/rsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl.h ssl/ssl3.h Conflicts: crypto/ec/ec_lcl.h ssl/tls1.h Conflicts: crypto/ec/ecp_nistp224.c crypto/evp/evp.h ssl/d1_both.c ssl/ssl.h ssl/ssl_lib.c Conflicts: crypto/bio/bss_file.c crypto/ec/ec_lcl.h crypto/evp/evp.h crypto/store/str_mem.c crypto/whrlpool/wp_block.c crypto/x509/x509_vfy.h ssl/ssl.h ssl/ssl3.h ssl/ssltest.c ssl/t1_lib.c ssl/tls1.h Reviewed-by: Tim Hudson --- diff --git a/apps/s_client.c b/apps/s_client.c index 857d5189b5..5ebbd2c709 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1464,7 +1464,9 @@ static void print_stuff(BIO *bio, SSL *s, int full) if (peer != NULL) { BIO_printf(bio,"Server certificate\n"); - if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */ + + /* Redundant if we showed the whole chain */ + if (!(c_showcerts && got_a_chain)) PEM_write_bio_X509(bio,peer); X509_NAME_oneline(X509_get_subject_name(peer), buf,sizeof buf); diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index d31c028193..1aedec9a1e 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -291,13 +291,16 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) } #undef g2 - return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone - * instead of UTC, and unless we rewrite OpenSSL - * in Lisp we cannot locally change the timezone - * without possibly interfering with other parts - * of the program. timegm, which uses UTC, is - * non-standard. - * Also time_t is inappropriate for general - * UTC times because it may a 32 bit type. */ + /* + * FIXME: mktime assumes the current timezone + * instead of UTC, and unless we rewrite OpenSSL + * in Lisp we cannot locally change the timezone + * without possibly interfering with other parts + * of the program. timegm, which uses UTC, is + * non-standard. + * Also time_t is inappropriate for general + * UTC times because it may a 32 bit type. + */ + return mktime(&tm)-offset*60; } #endif diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 6360dbc820..0b887f8925 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -295,8 +295,11 @@ static void xsyslog(BIO *bp, int priority, const char *string) case LOG_DEBUG: evtype = EVENTLOG_INFORMATION_TYPE; break; - default: /* Should never happen, but set it - as error anyway. */ + default: + /* + * Should never happen, but set it + * as error anyway. + */ evtype = EVENTLOG_ERROR_TYPE; break; } diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 2062da202e..9cdbd62b63 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -245,16 +245,22 @@ extern "C" { #define BN_FLG_MALLOCED 0x01 #define BN_FLG_STATIC_DATA 0x02 -#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, - * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, - * BN_div() will call BN_div_no_branch, - * BN_mod_inverse() will call BN_mod_inverse_no_branch. - */ -#ifndef OPENSSL_NO_DEPRECATED -#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ - /* avoid leaking exponent information through timings - * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ +#define BN_FLG_CONSTTIME 0x04 + +#ifdef OPENSSL_NO_DEPRECATED +/* deprecated name for the flag */ +#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +/* + * avoid leaking exponent information through timings + * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) + */ #endif #ifndef OPENSSL_NO_DEPRECATED diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index de139ee279..fedf864988 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -355,9 +355,12 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) case 3: A[2]=B[2]; case 2: A[1]=B[1]; case 1: A[0]=B[0]; - case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 */ + case 0: + /* + * workaround for ultrix cc: without 'case 0', the optimizer does + * the switch table by doing a=top&3; a--; goto jump_table[a]; + * which fails for top== 0 + */ ; } } diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index ce5fa00a37..5c82e2fdc1 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -75,7 +75,8 @@ #endif #endif -/* #define SIGACTION */ /* Define this if you have sigaction() */ +/* Define this if you have sigaction() */ +/* #define SIGACTION */ #ifdef WIN16TTY #undef OPENSSL_SYS_WIN16 diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 1c687054a5..175b1795b4 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -80,13 +80,16 @@ #define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 #define DH_FLAG_CACHE_MONT_P 0x01 -#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH - * implementation now uses constant time - * modular exponentiation for secret exponents - * by default. This flag causes the - * faster variable sliding window method to - * be used for all exponents. - */ + +/* + * new with 0.9.7h; the built-in DH + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +#define DH_FLAG_NO_EXP_CONSTTIME 0x02 #ifdef __cplusplus extern "C" { diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 80c0d6310e..5818d07f1d 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -200,34 +200,41 @@ struct ec_group_st { /* The following members are handled by the method functions, * even if they appear generic */ - BIGNUM field; /* Field specification. - * For curves over GF(p), this is the modulus; - * for curves over GF(2^m), this is the - * irreducible polynomial defining the field. - */ - - unsigned int poly[5]; /* Field specification for curves over GF(2^m). - * The irreducible f(t) is then of the form: - * t^poly[0] + t^poly[1] + ... + t^poly[k] - * where m = poly[0] > poly[1] > ... > poly[k] = 0. - */ - - BIGNUM a, b; /* Curve coefficients. - * (Here the assumption is that BIGNUMs can be used - * or abused for all kinds of fields, not just GF(p).) - * For characteristic > 3, the curve is defined - * by a Weierstrass equation of the form - * y^2 = x^3 + a*x + b. - * For characteristic 2, the curve is defined by - * an equation of the form - * y^2 + x*y = x^3 + a*x^2 + b. - */ - - int a_is_minus3; /* enable optimized point arithmetics for special case */ - - void *field_data1; /* method-specific (e.g., Montgomery structure) */ - void *field_data2; /* method-specific */ - int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */ + /* Field specification. + * For curves over GF(p), this is the modulus; + * for curves over GF(2^m), this is the + * irreducible polynomial defining the field. + */ + BIGNUM field; + + /* Field specification for curves over GF(2^m). + * The irreducible f(t) is then of the form: + * t^poly[0] + t^poly[1] + ... + t^poly[k] + * where m = poly[0] > poly[1] > ... > poly[k] = 0. + */ + unsigned int poly[5]; + + /* Curve coefficients. + * (Here the assumption is that BIGNUMs can be used + * or abused for all kinds of fields, not just GF(p).) + * For characteristic > 3, the curve is defined + * by a Weierstrass equation of the form + * y^2 = x^3 + a*x + b. + * For characteristic 2, the curve is defined by + * an equation of the form + * y^2 + x*y = x^3 + a*x^2 + b. + */ + BIGNUM a, b; + + /* enable optimized point arithmetics for special case */ + int a_is_minus3; + + /* method-specific (e.g., Montgomery structure) */ + void *field_data1; + /* method-specific */ + void *field_data2; + /* method-specific */ + int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); } /* EC_GROUP */; struct ec_key_st { diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 9a0e790403..1f24aff2e7 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -260,10 +260,11 @@ typedef struct void *key; } EVP_MD_SVCTX; -#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single - * block */ +/* digest can only handle a single block */ +#define EVP_MD_FLAG_ONESHOT 0x0001 -#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ +/* Note if suitable for use in FIPS mode */ +#define EVP_MD_FLAG_FIPS 0x0400 #define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */ @@ -333,19 +334,33 @@ struct evp_cipher_st { int nid; int block_size; - int key_len; /* Default value for variable length ciphers */ + + /* Default value for variable length ciphers */ + int key_len; int iv_len; - unsigned long flags; /* Various flags */ + + /* Various flags */ + unsigned long flags; + + /* init key */ int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); /* init key */ + const unsigned char *iv, int enc); + + /* encrypt/decrypt data */ int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */ - int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ - int ctx_size; /* how big ctx->cipher_data needs to be */ - int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ - int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ - int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ - void *app_data; /* Application data */ + const unsigned char *in, unsigned int inl); + /* cleanup ctx */ + int (*cleanup)(EVP_CIPHER_CTX *); + /* how big ctx->cipher_data needs to be */ + int ctx_size; + /* Populate a ASN1_TYPE with parameters */ + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Get parameters from a ASN1_TYPE */ + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Miscellaneous operations */ + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); + /* Application data */ + void *app_data; } /* EVP_CIPHER */; /* Values for cipher flags */ @@ -420,14 +435,22 @@ struct evp_cipher_ctx_st typedef struct evp_Encode_Ctx_st { - int num; /* number saved in a partial encode/decode */ - int length; /* The length is either the output line length - * (in input bytes) or the shortest input line - * length that is ok. Once decoding begins, - * the length is adjusted up each time a longer - * line is decoded */ - unsigned char enc_data[80]; /* data to encode */ - int line_num; /* number read on current line */ + /* number saved in a partial encode/decode */ + int num; + + /* The length is either the output line length + * (in input bytes) or the shortest input line + * length that is ok. Once decoding begins, + * the length is adjusted up each time a longer + * line is decoded + */ + int length; + + /* data to encode */ + unsigned char enc_data[80]; + + /* number read on current line */ + int line_num; int expect_nl; } EVP_ENCODE_CTX; diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 30778d183c..6ec7097885 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -177,12 +177,13 @@ typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); #include #include -#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE - * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was - * was added to the Platform SDK to allow the NET API to be used in - * non-Unicode applications provided that Unicode strings were still - * used for input. LMSTR is defined as LPWSTR. - */ +#if 1 +/* The NET API is Unicode only. It requires the use of the UNICODE + * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was + * was added to the Platform SDK to allow the NET API to be used in + * non-Unicode applications provided that Unicode strings were still + * used for input. LMSTR is defined as LPWSTR. + */ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 99c90bead7..f93fdbc591 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -188,7 +188,9 @@ struct rsa_st # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 #endif #ifndef OPENSSL_RSA_MAX_PUBEXP_BITS -# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ + +/* exponent limit enforced for "large" modulus only */ +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 #endif #define RSA_3 0x3L @@ -211,30 +213,36 @@ struct rsa_st */ #define RSA_FLAG_SIGN_VER 0x0040 -#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in - * RSA implementation now uses blinding by - * default (ignoring RSA_FLAG_BLINDING), - * but other engines might not need it - */ -#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA - * implementation now uses constant time - * operations by default in private key operations, - * e.g., constant time modular exponentiation, - * modular inverse without leaking branches, - * division without leaking branches. This - * flag disables these constant time - * operations and results in faster RSA - * private key operations. - */ -#ifndef OPENSSL_NO_DEPRECATED -#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/ - /* new with 0.9.7h; the built-in RSA - * implementation now uses constant time - * modular exponentiation for secret exponents - * by default. This flag causes the - * faster variable sliding window method to - * be used for all exponents. - */ +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +#define RSA_FLAG_NO_BLINDING 0x0080 +/* + * new with 0.9.8f; the built-in RSA + * implementation now uses constant time + * operations by default in private key operations, + * e.g., constant time modular exponentiation, + * modular inverse without leaking branches, + * division without leaking branches. This + * flag disables these constant time + * operations and results in faster RSA + * private key operations. + */ +#define RSA_FLAG_NO_CONSTTIME 0x0100 +#ifdef OPENSSL_USE_DEPRECATED +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME #endif diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 203d702321..a249f91fe6 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -283,11 +283,12 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) { /* resort to rsa->mt_blinding instead */ - *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert() - * that the BN_BLINDING is shared, meaning that accesses - * require locks, and that the blinding factor must be - * stored outside the BN_BLINDING - */ + /* instructs rsa_blinding_convert(), rsa_blinding_invert() + * that the BN_BLINDING is shared, meaning that accesses + * require locks, and that the blinding factor must be + * stored outside the BN_BLINDING + */ + *local = 0; if (rsa->mt_blinding == NULL) { diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index 6965f3e2a3..9bc6a20336 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -158,9 +158,12 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); * being exactly 64-bit wide. See Implementation Notes in sha512.c * for further details. */ -#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a - * contiguous array of 64 bit - * wide big-endian values. */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +#define SHA512_CBLOCK (SHA_LBLOCK*8) #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) #define SHA_LONG64 unsigned __int64 #define U64(C) C##UI64 diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index b59c6409e4..8cc4ae6ea6 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -80,7 +80,8 @@ STACK_OF(type) \ STACK stack; \ }; -#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/ +/* nada (obsolete in new safestack approach)*/ +#define IMPLEMENT_STACK_OF(type) /* SKM_sk_... stack macros are internal to safestack.h: * never use them directly, use sk__... instead */ diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 527757ae09..f713dc8f6a 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -85,21 +85,34 @@ struct mem_object_data_st struct mem_data_st { - STACK *data; /* A stack of mem_object_data_st, - sorted with STORE_ATTR_INFO_compare(). */ - unsigned int compute_components : 1; /* Currently unused, but can - be used to add attributes - from parts of the data. */ + /* + * A stack of mem_object_data_st, + * sorted with STORE_ATTR_INFO_compare(). + */ + STACK *data; + /* Currently unused, but can + * be used to add attributes + * from parts of the data. + */ + unsigned int compute_components : 1; }; struct mem_ctx_st { - int type; /* The type we're searching for */ - STACK *search_attributes; /* Sets of attributes to search for. - Each element is a STORE_ATTR_INFO. */ - int search_index; /* which of the search attributes we found a match - for, -1 when we still haven't found any */ - int index; /* -1 as long as we're searching for the first */ + /* The type we're searching for */ + int type; + /* + * Sets of attributes to search for. + * Each element is a STORE_ATTR_INFO. + */ + STACK *search_attributes; + /* + * which of the search attributes we found a match + * for, -1 when we still haven't found any + */ + int search_index; + /* -1 as long as we're searching for the first */ + int index; }; static int mem_init(STORE *s); diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index d3c3fd2144..aa35ab33f9 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -190,14 +190,22 @@ struct x509_store_st X509_VERIFY_PARAM *param; /* Callbacks for various operations */ - int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ - int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ - int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + /* called to verify a certificate */ + int (*verify)(X509_STORE_CTX *ctx); + /* error callback */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); + /* get issuers cert from ctx */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + /* check issued */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + /* Check revocation status of chain */ + int (*check_revocation)(X509_STORE_CTX *ctx); + /* retrieve CRL */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + /* Check CRL validity */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); int (*cleanup)(X509_STORE_CTX *ctx); CRYPTO_EX_DATA ex_data; @@ -226,42 +234,62 @@ struct x509_lookup_st struct x509_store_ctx_st /* X509_STORE_CTX */ { X509_STORE *ctx; - int current_method; /* used when looking up certs */ + /* used when looking up certs */ + int current_method; /* The following are set by the caller */ - X509 *cert; /* The cert to check */ - STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ - STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ + /* The cert to check */ + X509 *cert; + /* chain of X509s - untrusted - passed in */ + STACK_OF(X509) *untrusted; + /* set of CRLs passed in */ + STACK_OF(X509_CRL) *crls; X509_VERIFY_PARAM *param; - void *other_ctx; /* Other info for use with get_issuer() */ + /* Other info for use with get_issuer() */ + void *other_ctx; /* Callbacks for various operations */ - int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ - int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ - int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + /* called to verify a certificate */ + int (*verify)(X509_STORE_CTX *ctx); + /* error callback */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); + /* get issuers cert from ctx */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + /* check issued */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + /* Check revocation status of chain */ + int (*check_revocation)(X509_STORE_CTX *ctx); + /* retrieve CRL */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + /* Check CRL validity */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); int (*check_policy)(X509_STORE_CTX *ctx); int (*cleanup)(X509_STORE_CTX *ctx); /* The following is built up */ - int valid; /* if 0, rebuild chain */ - int last_untrusted; /* index of last untrusted cert */ - STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ - X509_POLICY_TREE *tree; /* Valid policy tree */ - - int explicit_policy; /* Require explicit policy value */ + /* if 0, rebuild chain */ + int valid; + /* index of last untrusted cert */ + int last_untrusted; + /* chain of X509s - built up and trusted */ + STACK_OF(X509) *chain; + /* Valid policy tree */ + X509_POLICY_TREE *tree; + + /* Require explicit policy value */ + int explicit_policy; /* When something goes wrong, this is why */ int error_depth; int error; X509 *current_cert; - X509 *current_issuer; /* cert currently being tested as valid issuer */ - X509_CRL *current_crl; /* current CRL */ + /* cert currently being tested as valid issuer */ + X509 *current_issuer; + /* current CRL */ + X509_CRL *current_crl; CRYPTO_EX_DATA ex_data; } /* X509_STORE_CTX */; diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 2cd994c5b0..86ea98c382 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -112,8 +112,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) break; } - if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look - for, not bytes */ + /* /8 because it's 1024 bits we look for, not bytes */ + if (EVP_PKEY_size(pk) <= 1024/8) ret|=EVP_PKT_EXP; if(pkey==NULL) EVP_PKEY_free(pk); return(ret); diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index b433036715..e6b9b865c8 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -708,7 +708,9 @@ tls_create_ctx(struct tls_create_ctx_args a, void *apparg) SSL_CTX_set_verify_depth(ret, a.verify_depth); if (a.ca_file != NULL) { - r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL /* no CA-directory */); /* does not report failure if file does not exist ... */ + /* does not report failure if file does not exist ... */ + /* NULL argument means no CA-directory */ + r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL); if (!r) { err_pref_1 = " while processing certificate file "; err_pref_2 = a.ca_file; diff --git a/demos/engines/ibmca/hw_ibmca.c b/demos/engines/ibmca/hw_ibmca.c index 0c2c39b8a7..fa690a2286 100644 --- a/demos/engines/ibmca/hw_ibmca.c +++ b/demos/engines/ibmca/hw_ibmca.c @@ -917,4 +917,4 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #endif /* !OPENSSL_NO_HW_IBMCA */ -#endif /* !OPENSSL_NO_HW */ +#endif /* !OPENSSL_NO_HW */ diff --git a/ms/applink.c b/ms/applink.c index 54a0a64262..76f1c40d0a 100644 --- a/ms/applink.c +++ b/ms/applink.c @@ -46,9 +46,12 @@ extern "C" { __declspec(dllexport) void ** #if defined(__BORLANDC__) -__stdcall /* __stdcall appears to be the only way to get the name - * decoration right with Borland C. Otherwise it works - * purely incidentally, as we pass no parameters. */ +/* + * __stdcall appears to be the only way to get the name + * decoration right with Borland C. Otherwise it works + * purely incidentally, as we pass no parameters. + */ +__stdcall #else __cdecl #endif diff --git a/ssl/d1_both.c b/ssl/d1_both.c index b2de60eb0a..5a467c4c0f 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -436,10 +436,15 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) again: i = dtls1_get_message_fragment(s, st1, stn, max, ok); if ( i == DTLS1_HM_BAD_FRAGMENT || - i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ + i == DTLS1_HM_FRAGMENT_RETRY) + { + /* bad fragment received */ goto again; + } else if ( i <= 0 && !*ok) + { return i; + } p = (unsigned char *)s->init_buf->data; msg_len = msg_hdr->msg_len; @@ -1121,7 +1126,8 @@ int dtls1_read_failed(SSL *s, int code) return code; } - if ( ! SSL_in_init(s)) /* done, no need to send a retransmit */ + /* done, no need to send a retransmit */ + if ( ! SSL_in_init(s)) { BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); return code; diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 02d062a2e5..a22e43b507 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -289,8 +289,8 @@ dtls1_get_buffered_record(SSL *s) (((PQ_64BIT)s->d1->handshake_read_seq) << 32) | ((PQ_64BIT)s->d1->r_msg_hdr.frag_off); - if ( ! SSL_in_init(s)) /* if we're not (re)negotiating, - nothing buffered */ + /* if we're not (re)negotiating, nothing buffered */ + if ( ! SSL_in_init(s)) return 0; diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 77c27335aa..12de5a594f 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -232,19 +232,21 @@ end: int ssl23_get_client_hello(SSL *s) { - char buf_space[11]; /* Request this many bytes in initial read. - * We can detect SSL 3.0/TLS 1.0 Client Hellos - * ('type == 3') correctly only when the following - * is in a single record, which is not guaranteed by - * the protocol specification: - * Byte Content - * 0 type \ - * 1/2 version > record header - * 3/4 length / - * 5 msg_type \ - * 6-8 length > Client Hello message - * 9/10 client_version / - */ + /*- + * Request this many bytes in initial read. + * We can detect SSL 3.0/TLS 1.0 Client Hellos + * ('type == 3') correctly only when the following + * is in a single record, which is not guaranteed by + * the protocol specification: + * Byte Content + * 0 type \ + * 1/2 version > record header + * 3/4 length / + * 5 msg_type \ + * 6-8 length > Client Hello message + * 9/10 client_version / + */ + char buf_space[11]; char *buf= &(buf_space[0]); unsigned char *p,*d,*d_len,*dd; unsigned int i; diff --git a/ssl/s3_both.c b/ssl/s3_both.c index b9c6c43c29..32d81b0792 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -214,11 +214,12 @@ int ssl3_get_finished(SSL *s, int a, int b) * change cipher spec message and is in s->s3->tmp.peer_finish_md */ + /* 64 argument should actually be 36+4 :-) */ n=s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, - 64, /* should actually be 36+4 :-) */ + 64, &ok); if (!ok) return((int)n); diff --git a/ssl/ssl.h b/ssl/ssl.h index 035322738d..0b3829929a 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -773,7 +773,8 @@ struct ssl_ctx_st int verify_mode; unsigned int sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ + /* called 'verify_callback' in the SSL */ + int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* Default generate session ID callback. */ GEN_SESSION_CB generate_session_id; @@ -885,22 +886,28 @@ struct ssl_st * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) */ int version; - int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ + /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ + int type; - SSL_METHOD *method; /* SSLv3 */ + /* SSLv3 */ + SSL_METHOD *method; /* There are 2 BIO's even though they are normally both the * same. This is so data can be read and written to different * handlers */ #ifndef OPENSSL_NO_BIO - BIO *rbio; /* used by SSL_read */ - BIO *wbio; /* used by SSL_write */ - BIO *bbio; /* used during session-id reuse to concatenate - * messages */ + /* used by SSL_read */ + BIO *rbio; + /* used by SSL_write */ + BIO *wbio; + /* used during session-id reuse to concatenate messages */ + BIO *bbio; #else - char *rbio; /* used by SSL_read */ - char *wbio; /* used by SSL_write */ + /* used by SSL_read */ + char *rbio; + /* used by SSL_write */ + char *wbio; char *bbio; #endif /* This holds a variable that indicates what we were doing @@ -921,19 +928,26 @@ struct ssl_st * test instead of an "init" member. */ - int server; /* are we the server side? - mostly used by SSL_clear*/ + /* are we the server side? - mostly used by SSL_clear*/ + int server; - int new_session;/* 1 if we are to use a new session. - * 2 if we are a server and are inside a handshake - * (i.e. not just sending a HelloRequest) - * NB: For servers, the 'new' session may actually be a previously - * cached session or even the previous session unless - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ - int quiet_shutdown;/* don't send shutdown packets */ - int shutdown; /* we have shut things down, 0x01 sent, 0x02 - * for received */ - int state; /* where we are */ - int rstate; /* where we are when reading */ + /* + * 1 if we are to use a new session. + * 2 if we are a server and are inside a handshake + * (i.e. not just sending a HelloRequest) + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set + */ + int new_session; + /* don't send shutdown packets */ + int quiet_shutdown; + /* we have shut things down, 0x01 sent, 0x02 for received */ + int shutdown; + /* where we are */ + int state; + /* where we are when reading */ + int rstate; BUF_MEM *init_buf; /* buffer used during init */ void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ @@ -1005,17 +1019,25 @@ struct ssl_st GEN_SESSION_CB generate_session_id; /* Used in SSL2 and SSL3 */ - int verify_mode; /* 0 don't care about verify failure. - * 1 fail if verify fails */ - int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ + /* + * 0 don't care about verify failure. + * 1 fail if verify fails + */ + int verify_mode; + /* fail if callback returns 0 */ + int (*verify_callback)(int ok,X509_STORE_CTX *ctx); - void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ + /* optional informational callback */ + void (*info_callback)(const SSL *ssl,int type,int val); - int error; /* error bytes to be written */ - int error_code; /* actual code */ + /* error bytes to be written */ + int error; + /* actual code */ + int error_code; #ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ + /* Kerberos 5 context */ + KSSL_CTX *kssl_ctx; #endif /* OPENSSL_NO_KRB5 */ SSL_CTX *ctx; @@ -1031,12 +1053,14 @@ struct ssl_st STACK_OF(X509_NAME) *client_CA; int references; - unsigned long options; /* protocol behaviour */ - unsigned long mode; /* API behaviour */ + /* protocol behaviour */ + unsigned long options; + /* API behaviour */ + unsigned long mode; long max_cert_list; int first_packet; - int client_version; /* what was passed, used for - * SSLv3/TLS rollback check */ + /* what was passed, used for SSLv3/TLS rollback check */ + int client_version; #ifndef OPENSSL_NO_TLSEXT /* TLS extension debug callback */ void (*tlsext_debug_cb)(SSL *s, int client_server, int type, @@ -1044,11 +1068,13 @@ struct ssl_st void *arg); void *tlsext_debug_arg; char *tlsext_hostname; - int servername_done; /* no further mod of servername - 0 : call the servername extension callback. - 1 : prepare 2, allow last ack just after in server callback. - 2 : don't call servername callback, no ack in server hello - */ + /*- + * no further mod of servername + * 0 : call the servername extension callback. + * 1 : prepare 2, allow last ack just after in server callback. + * 2 : don't call servername callback, no ack in server hello + */ + int servername_done; /* certificate status request info */ /* Status type or -1 if no status type */ int tlsext_status_type; diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 76f922e356..94767df4a0 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -301,23 +301,34 @@ extern "C" { typedef struct ssl3_record_st { -/*r */ int type; /* type of record */ -/*rw*/ unsigned int length; /* How many bytes available */ -/*r */ unsigned int off; /* read/write offset into 'buf' */ -/*rw*/ unsigned char *data; /* pointer to the record data */ -/*rw*/ unsigned char *input; /* where the decode bytes are */ -/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ -/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ -/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ + /* type of record */ +/*r */ int type; + /* How many bytes available */ +/*rw*/ unsigned int length; + /* read/write offset into 'buf' */ +/*r */ unsigned int off; + /* pointer to the record data */ +/*rw*/ unsigned char *data; + /* where the decode bytes are */ +/*rw*/ unsigned char *input; + /* only used with decompression - malloc()ed */ +/*r */ unsigned char *comp; + /* epoch number, needed by DTLS1 */ +/*r */ unsigned long epoch; + /* sequence number, needed by DTLS1 */ +/*r */ PQ_64BIT seq_num; } SSL3_RECORD; typedef struct ssl3_buffer_st { - unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, - * see ssl3_setup_buffers() */ - size_t len; /* buffer size */ - int offset; /* where to 'copy from' */ - int left; /* how many bytes left */ + /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ + unsigned char *buf; + /* buffer size */ + size_t len; + /* where to 'copy from' */ + int offset; + /* how many bytes left */ + int left; } SSL3_BUFFER; #define SSL3_CT_RSA_SIGN 1 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 409b9e7a2b..57d6138d3a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -172,10 +172,15 @@ int SSL_clear(SSL *s) s->hit=0; s->shutdown=0; -#if 0 /* Disabled since version 1.10 of this file (early return not - * needed because SSL_clear is not called when doing renegotiation) */ - /* This is set if we are doing dynamic renegotiation so keep - * the old cipher. It is sort of a SSL_clear_lite :-) */ +#if 0 + /* + * Disabled since version 1.10 of this file (early return not + * needed because SSL_clear is not called when doing renegotiation) + */ + /* + * This is set if we are doing dynamic renegotiation so keep + * the old cipher. It is sort of a SSL_clear_lite :-) + */ if (s->new_session) return(1); #else if (s->new_session) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index dd5c4ac012..43ef447029 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -420,9 +420,12 @@ typedef struct cert_pkey_st typedef struct cert_st { /* Current active set */ - CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array - * Probably it would make more sense to store - * an index, not a pointer. */ + /* + * ALWAYS points to an element of the pkeys array + * Probably it would make more sense to store + * an index, not a pointer. + */ + CERT_PKEY *key; /* The following masks are for the key and auth * algorithms that are supported by the certs below */ diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index e7802e1d9e..abf2279dcf 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -772,9 +772,11 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) if ((s->next == NULL) || (s->prev == NULL)) return; if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) - { /* last element in list */ + { + /* last element in list */ if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* only one element in list */ + { + /* only one element in list */ ctx->session_cache_head=NULL; ctx->session_cache_tail=NULL; } @@ -787,12 +789,14 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) else { if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* first element in list */ + { + /* first element in list */ ctx->session_cache_head=s->next; s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); } else - { /* middle of list */ + { + /* middle of list */ s->next->prev=s->prev; s->prev->next=s->next; } diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 020b576b3d..9ddda94139 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -114,8 +114,8 @@ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ -#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly - on Linux and GNU platforms. */ +/* Or gethostname won't be declared properly on Linux and GNU platforms. */ +#define _BSD_SOURCE 1 #include #include @@ -128,8 +128,8 @@ #define USE_SOCKETS #include "e_os.h" -#define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on - VMS (at least with DECompHP C). */ +/* Or isascii won't be declared properly on VMS (at least with DECompHP C). */ +#define _XOPEN_SOURCE 500 #include #include @@ -154,11 +154,13 @@ #endif #include -#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly - on Compaq platforms (at least with DEC C). - Do not try to put it earlier, or IPv6 includes - get screwed... - */ +/* + * Or gethostname won't be declared properly + * on Compaq platforms (at least with DEC C). + * Do not try to put it earlier, or IPv6 includes + * get screwed... +*/ +#define _XOPEN_SOURCE_EXTENDED 1 #ifdef OPENSSL_SYS_WINDOWS #include