From 68d39f3ce6ff4f65170d94f7310b3f485f33328d Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 21 Jan 2015 19:18:47 +0000 Subject: [PATCH] Move more comments that confuse indent Reviewed-by: Tim Hudson --- apps/apps.c | 10 +++-- apps/ca.c | 3 +- apps/passwd.c | 3 +- apps/s_apps.h | 3 +- apps/s_server.c | 3 +- crypto/bio/bss_bio.c | 3 +- crypto/bio/bss_rtcp.c | 15 ++++--- crypto/bn/bn_lib.c | 13 +++--- crypto/bn/rsaz_exp.c | 3 +- crypto/crypto.h | 3 +- crypto/des/des_ver.h | 6 ++- crypto/dsa/dsa.h | 27 +++++------ crypto/ec/ec2_oct.c | 5 ++- crypto/ec/ecp_nistp256.c | 6 ++- crypto/ec/ecp_nistp521.c | 3 +- crypto/ec/ecp_nistputil.c | 3 +- crypto/ec/ecp_oct.c | 5 ++- crypto/evp/e_aes_cbc_hmac_sha1.c | 6 ++- crypto/evp/e_aes_cbc_hmac_sha256.c | 3 +- crypto/modes/gcm128.c | 3 +- crypto/rand/md_rand.c | 6 ++- crypto/seed/seed.h | 3 +- crypto/x509/x509.h | 9 ++-- demos/engines/ibmca/hw_ibmca.c | 6 ++- engines/e_chil.c | 3 +- engines/e_sureware.c | 6 ++- engines/e_ubsec.c | 8 +++- ssl/d1_pkt.c | 3 +- ssl/kssl.c | 9 ++-- ssl/ssl.h | 51 ++++++++++++++------- ssl/ssl_locl.h | 72 ++++++++++++++++++++---------- ssl/ssl_task.c | 15 ++++--- ssl/ssltest.c | 6 ++- ssl/t1_enc.c | 3 +- 34 files changed, 211 insertions(+), 115 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index ac709a6a3d..2731554a29 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -110,10 +110,12 @@ */ #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) -#define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get - the declaration of fileno(). The value - 2 is to make sure no function defined - in POSIX-2 is left undefined. */ +/* On VMS, you need to define this to get + * the declaration of fileno(). The value + * 2 is to make sure no function defined + * in POSIX-2 is left undefined. + */ +#define _POSIX_C_SOURCE 2 #endif #include #include diff --git a/apps/ca.c b/apps/ca.c index 1778f953d9..cd7abeed76 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1497,7 +1497,8 @@ bad: } - if (crlnumberfile != NULL) /* we have a CRL number that need updating */ + /* we have a CRL number that need updating */ + if (crlnumberfile != NULL) if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err; if (crlnumber) diff --git a/apps/passwd.c b/apps/passwd.c index 8e65ed7cbb..e12b5ecea8 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -310,7 +310,8 @@ err: */ static char *md5crypt(const char *passwd, const char *magic, const char *salt) { - static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ + /* "$apr1$..salt..$.......md5hash..........\0" */ + static char out_buf[6 + 9 + 24 + 2]; unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; int n; diff --git a/apps/s_apps.h b/apps/s_apps.h index 625e1eb266..6baae1aa3d 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -108,7 +108,8 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +/* conflicts with winsock2 stuff on netware */ +#if !defined(OPENSSL_SYS_NETWARE) #include #endif #include diff --git a/apps/s_server.c b/apps/s_server.c index 412091dd11..4d55a9a259 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -149,7 +149,8 @@ #include -#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +/* conflicts with winsock2 stuff on netware */ +#if !defined(OPENSSL_SYS_NETWARE) #include #endif diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 6d86587ee3..b948631cd7 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -151,7 +151,8 @@ static int bio_new(BIO *bio) return 0; b->peer = NULL; - b->size = 17*1024; /* enough for one TLS record (just a default) */ + /* enough for one TLS record (just a default) */ + b->size = 17*1024; b->buf = NULL; bio->ptr = b; diff --git a/crypto/bio/bss_rtcp.c b/crypto/bio/bss_rtcp.c index c65cff442f..7a24871ab0 100644 --- a/crypto/bio/bss_rtcp.c +++ b/crypto/bio/bss_rtcp.c @@ -76,11 +76,16 @@ typedef unsigned short io_channel; /*************************************************************************/ struct io_status { short status, count; long flags; }; -struct rpc_msg { /* Should have member alignment inhibited */ - char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ - char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ - unsigned short int length; /* Amount of data returned or max to return */ - char data[4092]; /* variable data */ +/* Should have member alignment inhibited */ +struct rpc_msg { + /* 'A'-app data. 'R'-remote client 'G'-global */ + char channel; + /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ + char function; + /* Amount of data returned or max to return */ + unsigned short int length; + /* variable data */ + char data[4092]; }; #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index e664fa6df2..d1f37f6af7 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -351,6 +351,11 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; } + /* + * workaround for ultrix cc: without 'case 0', the optimizer does + * the switch table by doing a=top&3; a--; goto jump_table[a]; + * which fails for top== 0 + */ switch (b->top&3) { case 3: A[2]=B[2]; @@ -358,11 +363,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) case 1: A[0]=B[0]; case 0: ; - /* - * workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 - */ } } @@ -452,12 +452,13 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; } + /* ultrix cc workaround, see comments in bn_expand_internal */ switch (b->top&3) { case 3: A[2]=B[2]; case 2: A[1]=B[1]; case 1: A[0]=B[0]; - case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */ + case 0: ; } #else memcpy(a->d,b->d,sizeof(b->d[0])*b->top); diff --git a/crypto/bn/rsaz_exp.c b/crypto/bn/rsaz_exp.c index 54f5760120..6a1ffe2d4f 100644 --- a/crypto/bn/rsaz_exp.c +++ b/crypto/bn/rsaz_exp.c @@ -60,7 +60,8 @@ void rsaz_1024_red2norm_avx2(void *norm,const void *red); # define ALIGN64 # pragma align 64(one,two80) #else -# define ALIGN64 /* not fatal, might hurt performance a little */ +/* not fatal, might hurt performance a little */ +# define ALIGN64 #endif ALIGN64 static const BN_ULONG one[40] = { diff --git a/crypto/crypto.h b/crypto/crypto.h index 7ee56fa38c..f00305dd26 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -286,7 +286,8 @@ typedef struct bio_st BIO_dummy; struct crypto_ex_data_st { STACK_OF(void) *sk; - int dummy; /* gcc is screwing up this data structure :-( */ + /* gcc is screwing up this data structure :-( */ + int dummy; }; DECLARE_STACK_OF(void) diff --git a/crypto/des/des_ver.h b/crypto/des/des_ver.h index d1ada258a6..10e889a572 100644 --- a/crypto/des/des_ver.h +++ b/crypto/des/des_ver.h @@ -67,5 +67,7 @@ #define DES_version OSSL_DES_version #define libdes_version OSSL_libdes_version -OPENSSL_EXTERN const char OSSL_DES_version[]; /* SSLeay version string */ -OPENSSL_EXTERN const char OSSL_libdes_version[]; /* old libdes version string */ +/* SSLeay version string */ +OPENSSL_EXTERN const char OSSL_DES_version[]; +/* old libdes version string */ +OPENSSL_EXTERN const char OSSL_libdes_version[]; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index a8da6a6927..ac5f9c9c65 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -91,19 +91,20 @@ #define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 #define DSA_FLAG_CACHE_MONT_P 0x01 -#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the - * built-in DSA - * implementation now - * uses constant time - * modular exponentiation - * for secret exponents - * by default. This flag - * causes the faster - * variable sliding - * window method to be - * used for all - * exponents. - */ +/* new with 0.9.7h; the + * built-in DSA + * implementation now + * uses constant time + * modular exponentiation + * for secret exponents + * by default. This flag + * causes the faster + * variable sliding + * window method to be + * used for all + * exponents. + */ +#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* If this flag is set the DSA method is FIPS compliant and can be used * in FIPS mode. This is set in the validated module method. If an diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index 4788a1ea9d..ab05e0e10e 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -390,8 +390,9 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; } - - if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ + + /* test required by X9.62 */ + if (!EC_POINT_is_on_curve(group, point, ctx)) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 10be17ebe6..0d20adc759 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1563,9 +1563,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, if (!skip) { + /* Arg 1 below is for "mixed" */ point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], - 1 /* mixed */, tmp[0], tmp[1], tmp[2]); + 1, tmp[0], tmp[1], tmp[2]); } else { @@ -1582,9 +1583,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, bits |= get_bit(g_scalar, i); /* select the point to add, in constant time */ select_point(bits, 16, g_pre_comp[0], tmp); + /* Arg 1 below is for "mixed" */ point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], - 1 /* mixed */, tmp[0], tmp[1], tmp[2]); + 1, tmp[0], tmp[1], tmp[2]); } /* do other additions every 5 doublings */ diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 78c21f0089..f97dab67de 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1460,9 +1460,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, select_point(bits, 16, g_pre_comp, tmp); if (!skip) { + /* The 1 argument below is for "mixed" */ point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], - 1 /* mixed */, tmp[0], tmp[1], tmp[2]); + 1, tmp[0], tmp[1], tmp[2]); } else { diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c index 4ab42d814c..c65bb2d911 100644 --- a/crypto/ec/ecp_nistputil.c +++ b/crypto/ec/ecp_nistputil.c @@ -79,7 +79,8 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, /* tmp_felem(i-1) is the product of Z(0) .. Z(i-1), * tmp_felem(i) is the inverse of the product of Z(0) .. Z(i) */ - felem_mul(tmp_felem(num), tmp_felem(i-1), tmp_felem(i)); /* 1/Z(i) */ + /* 1/Z(i) */ + felem_mul(tmp_felem(num), tmp_felem(i-1), tmp_felem(i)); else felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */ diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index ba891675be..cba7e4a6f7 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -416,8 +416,9 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; } - - if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ + + /* test required by X9.62 */ + if (!EC_POINT_is_on_curve(group, point, ctx)) { ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index ec76393576..3e41f5d419 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -212,7 +212,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, u64 seqnum; #endif - if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0) /* ask for IVs in bulk */ + /* ask for IVs in bulk */ + if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0) return 0; ctx = (SHA1_MB_CTX *)(storage+32-((size_t)storage%32)); /* align */ @@ -229,7 +230,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, /* populate descriptors with pointers and IVs */ hash_d[0].ptr = inp; ciph_d[0].inp = inp; - ciph_d[0].out = out+5+16; /* 5+16 is place for header and explicit IV */ + /* 5+16 is place for header and explicit IV */ + ciph_d[0].out = out+5+16; memcpy(ciph_d[0].out-16,IVs,16); memcpy(ciph_d[0].iv,IVs,16); IVs += 16; diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 6c8c958194..affd2f609a 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -227,7 +227,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, /* populate descriptors with pointers and IVs */ hash_d[0].ptr = inp; ciph_d[0].inp = inp; - ciph_d[0].out = out+5+16; /* 5+16 is place for header and explicit IV */ + /* 5+16 is place for header and explicit IV */ + ciph_d[0].out = out+5+16; memcpy(ciph_d[0].out-16,IVs,16); memcpy(ciph_d[0].iv,IVs,16); IVs += 16; diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 7e856b5489..33351684e6 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -2089,7 +2089,8 @@ static const u8 T19[]= { /* Test Case 20 */ #define K20 K1 #define A20 A1 -static const u8 IV20[64]={0xff,0xff,0xff,0xff}; /* this results in 0xff in counter LSB */ +/* this results in 0xff in counter LSB */ +static const u8 IV20[64]={0xff,0xff,0xff,0xff}; static const u8 P20[288]; static const u8 C20[]= { 0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a, diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 143501e611..2a3a2f4d69 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -158,7 +158,8 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread * holds CRYPTO_LOCK_RAND * (to prevent double locking) */ /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ -static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */ +/* valid iff crypto_lock_rand is set */ +static CRYPTO_THREADID locking_threadid; #ifdef PREDICT @@ -571,7 +572,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) for (i=0; i= st_num) st_idx=0; if (i < j) diff --git a/crypto/seed/seed.h b/crypto/seed/seed.h index 6ffa5f024e..877c28a841 100644 --- a/crypto/seed/seed.h +++ b/crypto/seed/seed.h @@ -89,7 +89,8 @@ #error SEED is disabled. #endif -#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */ +/* look whether we need 'long' to get 32 bits */ +#ifdef AES_LONG # ifndef SEED_LONG # define SEED_LONG 1 # endif diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index d615171697..017bea9d52 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -571,7 +571,8 @@ X509_ALGOR *encryption; } PBE2PARAM; typedef struct PBKDF2PARAM_st { -ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ +/* Usually OCTET STRING but could be anything */ +ASN1_TYPE *salt; ASN1_INTEGER *iter; ASN1_INTEGER *keylength; X509_ALGOR *prf; @@ -582,7 +583,8 @@ X509_ALGOR *prf; struct pkcs8_priv_key_info_st { - int broken; /* Flag for various broken formats */ + /* Flag for various broken formats */ + int broken; #define PKCS8_OK 0 #define PKCS8_NO_OCTET 1 #define PKCS8_EMBEDDED_PARAM 2 @@ -590,7 +592,8 @@ struct pkcs8_priv_key_info_st #define PKCS8_NEG_PRIVKEY 4 ASN1_INTEGER *version; X509_ALGOR *pkeyalg; - ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ + /* Should be OCTET STRING but some are broken */ + ASN1_TYPE *pkey; STACK_OF(X509_ATTRIBUTE) *attributes; }; diff --git a/demos/engines/ibmca/hw_ibmca.c b/demos/engines/ibmca/hw_ibmca.c index 743f6d60ad..4a997c85a9 100644 --- a/demos/engines/ibmca/hw_ibmca.c +++ b/demos/engines/ibmca/hw_ibmca.c @@ -764,10 +764,12 @@ they could cause potential side affects on either the card or the result */ BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */ pkey += qSize; /* move pointer */ - pkey += pSize - BN_num_bytes(p); /* set up for zero padding of next field */ + /* set up for zero padding of next field */ + pkey += pSize - BN_num_bytes(p); BN_bn2bin(p, pkey); - pkey += BN_num_bytes(p); /* increment pointer by number of bytes moved */ + /* increment pointer by number of bytes moved */ + pkey += BN_num_bytes(p); BN_bn2bin(q, pkey); pkey += qSize ; /* move the pointer */ diff --git a/engines/e_chil.c b/engines/e_chil.c index 9999fcc775..d1ee0c8fef 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -419,7 +419,8 @@ void ENGINE_load_chil(void) static DSO *hwcrhk_dso = NULL; static HWCryptoHook_ContextHandle hwcrhk_context = 0; #ifndef OPENSSL_NO_RSA -static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int hndidx_rsa = -1; #endif /* These are the function pointers that are (un)set when the library has diff --git a/engines/e_sureware.c b/engines/e_sureware.c index be7b52f10b..f7fb3b98e5 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -337,10 +337,12 @@ void ENGINE_load_sureware(void) * implicitly. */ static DSO *surewarehk_dso = NULL; #ifndef OPENSSL_NO_RSA -static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int rsaHndidx = -1; #endif #ifndef OPENSSL_NO_DSA -static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int dsaHndidx = -1; #endif /* These are the function pointers that are (un)set when the library has diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 458f37e996..bf20d527d0 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -782,9 +782,13 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; } - if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */ + if (p_UBSEC_dsa_sign_ioctl(fd, + /* compute hash before signing */ + 0, (unsigned char *)dgst, d_len, - NULL, 0, /* compute random value */ + NULL, + /* compute random value */ + 0, (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), (unsigned char *)dsa->q->d, BN_num_bits(dsa->q), (unsigned char *)dsa->g->d, BN_num_bits(dsa->g), diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 44a83496d4..d39f547ed5 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -712,7 +712,8 @@ again: { if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0) return -1; - dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ + /* Mark receipt of record. */ + dtls1_record_bitmap_update(s, bitmap); } rr->length = 0; s->packet_length = 0; diff --git a/ssl/kssl.c b/ssl/kssl.c index 21172f31d5..86dce9a179 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1813,8 +1813,10 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, - 0 /* IGNORE_VNO */, - 0 /* IGNORE_ENCTYPE */, + /* IGNORE_VNO */ + 0, + /* IGNORE_ENCTYPE */ + 0, &entry); if ( krb5rc == KRB5_KT_NOTFOUND ) { rc = 1; @@ -1898,7 +1900,8 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) krb5_free_data_contents(NULL, data); #endif } -#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ +#endif +/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ /* Given pointers to KerberosTime and struct tm structs, convert the diff --git a/ssl/ssl.h b/ssl/ssl.h index d7dc2fabd3..f0a7f5a8c6 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -582,7 +582,8 @@ struct ssl_session_st * the workaround is not needed. Unfortunately some broken SSL/TLS * implementations cannot handle it at all, which is why we include * it in SSL_OP_ALL. */ -#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ +/* added in 0.9.6e */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* SSL_OP_ALL: various bug workarounds that should be rather harmless. * This used to be 0x000FFFFFL before 0.9.7. */ @@ -1699,27 +1700,40 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) /* These alert types are for SSLv3 and TLSv1 */ #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY -#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ -#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ +/* fatal */ +#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW -#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ -#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ -#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ +/* fatal */ +#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN -#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ -#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ -#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ -#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ +/* fatal */ +#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR -#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ -#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ -#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ -#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ +/* fatal */ +#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION @@ -1727,8 +1741,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE -#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ -#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ +/* fatal */ +#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -2119,7 +2135,8 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type); int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ +/* PEM type */ +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 6f49421bd2..23fa47d280 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -288,32 +288,56 @@ */ /* Bits for algorithm_mkey (key exchange algorithm) */ -#define SSL_kRSA 0x00000001L /* RSA key exchange */ -#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ -#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ -#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ -#define SSL_kEDH SSL_kDHE /* synonym */ -#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */ -#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ -#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ -#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ -#define SSL_kEECDH SSL_kECDHE /* synonym */ -#define SSL_kPSK 0x00000100L /* PSK */ -#define SSL_kGOST 0x00000200L /* GOST key exchange */ -#define SSL_kSRP 0x00000400L /* SRP */ +/* RSA key exchange */ +#define SSL_kRSA 0x00000001L +/* DH cert, RSA CA cert */ +#define SSL_kDHr 0x00000002L +/* DH cert, DSA CA cert */ +#define SSL_kDHd 0x00000004L +/* tmp DH key no DH cert */ +#define SSL_kDHE 0x00000008L +/* synonym */ +#define SSL_kEDH SSL_kDHE +/* Kerberos5 key exchange */ +#define SSL_kKRB5 0x00000010L +/* ECDH cert, RSA CA cert */ +#define SSL_kECDHr 0x00000020L +/* ECDH cert, ECDSA CA cert */ +#define SSL_kECDHe 0x00000040L +/* ephemeral ECDH */ +#define SSL_kECDHE 0x00000080L +/* synonym */ +#define SSL_kEECDH SSL_kECDHE +/* PSK */ +#define SSL_kPSK 0x00000100L +/* GOST key exchange */ +#define SSL_kGOST 0x00000200L +/* SRP */ +#define SSL_kSRP 0x00000400L /* Bits for algorithm_auth (server authentication) */ -#define SSL_aRSA 0x00000001L /* RSA auth */ -#define SSL_aDSS 0x00000002L /* DSS auth */ -#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ -#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ -#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */ -#define SSL_aKRB5 0x00000020L /* KRB5 auth */ -#define SSL_aECDSA 0x00000040L /* ECDSA auth*/ -#define SSL_aPSK 0x00000080L /* PSK auth */ -#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ -#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ -#define SSL_aSRP 0x00000400L /* SRP auth */ +/* RSA auth */ +#define SSL_aRSA 0x00000001L +/* DSS auth */ +#define SSL_aDSS 0x00000002L +/* no auth (i.e. use ADH or AECDH) */ +#define SSL_aNULL 0x00000004L +/* Fixed DH auth (kDHd or kDHr) */ +#define SSL_aDH 0x00000008L +/* Fixed ECDH auth (kECDHe or kECDHr) */ +#define SSL_aECDH 0x00000010L +/* KRB5 auth */ +#define SSL_aKRB5 0x00000020L +/* ECDSA auth*/ +#define SSL_aECDSA 0x00000040L +/* PSK auth */ +#define SSL_aPSK 0x00000080L +/* GOST R 34.10-94 signature auth */ +#define SSL_aGOST94 0x00000100L +/* GOST R 34.10-2001 signature auth */ +#define SSL_aGOST01 0x00000200L +/* SRP auth */ +#define SSL_aSRP 0x00000400L /* Bits for algorithm_enc (symmetric encryption) */ diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index 592e8580dc..d06055d963 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -144,11 +144,16 @@ static int s_nbio=0; #endif #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE" /*************************************************************************/ -struct rpc_msg { /* Should have member alignment inhibited */ - char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ - char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ - unsigned short int length; /* Amount of data returned or max to return */ - char data[4092]; /* variable data */ +/* Should have member alignment inhibited */ +struct rpc_msg { + /* 'A'-app data. 'R'-remote client 'G'-global */ + char channel; + /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ + char function; + /* Amount of data returned or max to return */ + unsigned short int length; + /* variable data */ + char data[4092]; }; #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 746bfba539..c9a92903cb 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1616,8 +1616,10 @@ bad: #ifdef TLSEXT_TYPE_opaque_prf_input SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb); SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb); - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */ - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */ + /* or &co2 or NULL */ + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); + /* or &so2 or NULL */ + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); #endif if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index ac6c85ea32..255fb5ab79 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1279,7 +1279,8 @@ int tls1_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); -#if 0 /* not appropriate for TLS, not used for DTLS */ +#if 0 + /* not appropriate for TLS, not used for DTLS */ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); #endif -- 2.39.2