diff options
author | Matt Caswell <matt@openssl.org> | 2015-01-21 11:09:58 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:50:57 +0000 |
commit | c7c7a432df2fb0e0a359d5d383817b1348a71db6 (patch) | |
tree | bb78ecc1ddfbe5df8192c7e33f12da61ccfe6aa3 | |
parent | 5ba9d5bb3b79f32506a4fba061368c18890610e4 (diff) |
indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.
Conflicts:
crypto/bn/bn.h
crypto/ec/ec_lcl.h
crypto/rsa/rsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl.h
ssl/ssl3.h
Conflicts:
crypto/ec/ec_lcl.h
ssl/tls1.h
Conflicts:
crypto/ec/ecp_nistp224.c
crypto/evp/evp.h
ssl/d1_both.c
ssl/ssl.h
ssl/ssl_lib.c
Conflicts:
crypto/bio/bss_file.c
crypto/ec/ec_lcl.h
crypto/evp/evp.h
crypto/store/str_mem.c
crypto/whrlpool/wp_block.c
crypto/x509/x509_vfy.h
ssl/ssl.h
ssl/ssl3.h
ssl/ssltest.c
ssl/t1_lib.c
ssl/tls1.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
-rw-r--r-- | apps/s_client.c | 4 | ||||
-rw-r--r-- | crypto/asn1/a_utctm.c | 19 | ||||
-rw-r--r-- | crypto/bio/bss_log.c | 7 | ||||
-rw-r--r-- | crypto/bn/bn.h | 24 | ||||
-rw-r--r-- | crypto/bn/bn_lib.c | 9 | ||||
-rw-r--r-- | crypto/des/read_pwd.c | 3 | ||||
-rw-r--r-- | crypto/dh/dh.h | 17 | ||||
-rw-r--r-- | crypto/ec/ec_lcl.h | 63 | ||||
-rw-r--r-- | crypto/evp/evp.h | 65 | ||||
-rw-r--r-- | crypto/rand/rand_win.c | 13 | ||||
-rw-r--r-- | crypto/rsa/rsa.h | 58 | ||||
-rw-r--r-- | crypto/rsa/rsa_eay.c | 11 | ||||
-rw-r--r-- | crypto/sha/sha.h | 9 | ||||
-rw-r--r-- | crypto/stack/safestack.h | 3 | ||||
-rw-r--r-- | crypto/store/str_mem.c | 35 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.h | 86 | ||||
-rw-r--r-- | crypto/x509/x509type.c | 4 | ||||
-rw-r--r-- | demos/easy_tls/easy-tls.c | 4 | ||||
-rw-r--r-- | demos/engines/ibmca/hw_ibmca.c | 2 | ||||
-rw-r--r-- | ms/applink.c | 9 | ||||
-rw-r--r-- | ssl/d1_both.c | 10 | ||||
-rw-r--r-- | ssl/d1_pkt.c | 4 | ||||
-rw-r--r-- | ssl/s23_srvr.c | 28 | ||||
-rw-r--r-- | ssl/s3_both.c | 3 | ||||
-rw-r--r-- | ssl/ssl.h | 100 | ||||
-rw-r--r-- | ssl/ssl3.h | 37 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 13 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 9 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 12 | ||||
-rw-r--r-- | ssl/ssltest.c | 20 |
30 files changed, 426 insertions, 255 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 857d5189b5..5ebbd2c709 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1464,7 +1464,9 @@ static void print_stuff(BIO *bio, SSL *s, int full) if (peer != NULL) { BIO_printf(bio,"Server certificate\n"); - if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */ + + /* Redundant if we showed the whole chain */ + if (!(c_showcerts && got_a_chain)) PEM_write_bio_X509(bio,peer); X509_NAME_oneline(X509_get_subject_name(peer), buf,sizeof buf); diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index d31c028193..1aedec9a1e 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -291,13 +291,16 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) } #undef g2 - return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone - * instead of UTC, and unless we rewrite OpenSSL - * in Lisp we cannot locally change the timezone - * without possibly interfering with other parts - * of the program. timegm, which uses UTC, is - * non-standard. - * Also time_t is inappropriate for general - * UTC times because it may a 32 bit type. */ + /* + * FIXME: mktime assumes the current timezone + * instead of UTC, and unless we rewrite OpenSSL + * in Lisp we cannot locally change the timezone + * without possibly interfering with other parts + * of the program. timegm, which uses UTC, is + * non-standard. + * Also time_t is inappropriate for general + * UTC times because it may a 32 bit type. + */ + return mktime(&tm)-offset*60; } #endif diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 6360dbc820..0b887f8925 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -295,8 +295,11 @@ static void xsyslog(BIO *bp, int priority, const char *string) case LOG_DEBUG: evtype = EVENTLOG_INFORMATION_TYPE; break; - default: /* Should never happen, but set it - as error anyway. */ + default: + /* + * Should never happen, but set it + * as error anyway. + */ evtype = EVENTLOG_ERROR_TYPE; break; } diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 2062da202e..9cdbd62b63 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -245,16 +245,22 @@ extern "C" { #define BN_FLG_MALLOCED 0x01 #define BN_FLG_STATIC_DATA 0x02 -#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, - * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, - * BN_div() will call BN_div_no_branch, - * BN_mod_inverse() will call BN_mod_inverse_no_branch. - */ -#ifndef OPENSSL_NO_DEPRECATED -#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ - /* avoid leaking exponent information through timings - * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ +#define BN_FLG_CONSTTIME 0x04 + +#ifdef OPENSSL_NO_DEPRECATED +/* deprecated name for the flag */ +#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +/* + * avoid leaking exponent information through timings + * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) + */ #endif #ifndef OPENSSL_NO_DEPRECATED diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index de139ee279..fedf864988 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -355,9 +355,12 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) case 3: A[2]=B[2]; case 2: A[1]=B[1]; case 1: A[0]=B[0]; - case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 */ + case 0: + /* + * workaround for ultrix cc: without 'case 0', the optimizer does + * the switch table by doing a=top&3; a--; goto jump_table[a]; + * which fails for top== 0 + */ ; } } diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index ce5fa00a37..5c82e2fdc1 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -75,7 +75,8 @@ #endif #endif -/* #define SIGACTION */ /* Define this if you have sigaction() */ +/* Define this if you have sigaction() */ +/* #define SIGACTION */ #ifdef WIN16TTY #undef OPENSSL_SYS_WIN16 diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 1c687054a5..175b1795b4 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -80,13 +80,16 @@ #define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 #define DH_FLAG_CACHE_MONT_P 0x01 -#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH - * implementation now uses constant time - * modular exponentiation for secret exponents - * by default. This flag causes the - * faster variable sliding window method to - * be used for all exponents. - */ + +/* + * new with 0.9.7h; the built-in DH + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +#define DH_FLAG_NO_EXP_CONSTTIME 0x02 #ifdef __cplusplus extern "C" { diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 80c0d6310e..5818d07f1d 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -200,34 +200,41 @@ struct ec_group_st { /* The following members are handled by the method functions, * even if they appear generic */ - BIGNUM field; /* Field specification. - * For curves over GF(p), this is the modulus; - * for curves over GF(2^m), this is the - * irreducible polynomial defining the field. - */ - - unsigned int poly[5]; /* Field specification for curves over GF(2^m). - * The irreducible f(t) is then of the form: - * t^poly[0] + t^poly[1] + ... + t^poly[k] - * where m = poly[0] > poly[1] > ... > poly[k] = 0. - */ - - BIGNUM a, b; /* Curve coefficients. - * (Here the assumption is that BIGNUMs can be used - * or abused for all kinds of fields, not just GF(p).) - * For characteristic > 3, the curve is defined - * by a Weierstrass equation of the form - * y^2 = x^3 + a*x + b. - * For characteristic 2, the curve is defined by - * an equation of the form - * y^2 + x*y = x^3 + a*x^2 + b. - */ - - int a_is_minus3; /* enable optimized point arithmetics for special case */ - - void *field_data1; /* method-specific (e.g., Montgomery structure) */ - void *field_data2; /* method-specific */ - int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */ + /* Field specification. + * For curves over GF(p), this is the modulus; + * for curves over GF(2^m), this is the + * irreducible polynomial defining the field. + */ + BIGNUM field; + + /* Field specification for curves over GF(2^m). + * The irreducible f(t) is then of the form: + * t^poly[0] + t^poly[1] + ... + t^poly[k] + * where m = poly[0] > poly[1] > ... > poly[k] = 0. + */ + unsigned int poly[5]; + + /* Curve coefficients. + * (Here the assumption is that BIGNUMs can be used + * or abused for all kinds of fields, not just GF(p).) + * For characteristic > 3, the curve is defined + * by a Weierstrass equation of the form + * y^2 = x^3 + a*x + b. + * For characteristic 2, the curve is defined by + * an equation of the form + * y^2 + x*y = x^3 + a*x^2 + b. + */ + BIGNUM a, b; + + /* enable optimized point arithmetics for special case */ + int a_is_minus3; + + /* method-specific (e.g., Montgomery structure) */ + void *field_data1; + /* method-specific */ + void *field_data2; + /* method-specific */ + int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); } /* EC_GROUP */; struct ec_key_st { diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 9a0e790403..1f24aff2e7 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -260,10 +260,11 @@ typedef struct void *key; } EVP_MD_SVCTX; -#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single - * block */ +/* digest can only handle a single block */ +#define EVP_MD_FLAG_ONESHOT 0x0001 -#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ +/* Note if suitable for use in FIPS mode */ +#define EVP_MD_FLAG_FIPS 0x0400 #define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */ @@ -333,19 +334,33 @@ struct evp_cipher_st { int nid; int block_size; - int key_len; /* Default value for variable length ciphers */ + + /* Default value for variable length ciphers */ + int key_len; int iv_len; - unsigned long flags; /* Various flags */ + + /* Various flags */ + unsigned long flags; + + /* init key */ int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); /* init key */ + const unsigned char *iv, int enc); + + /* encrypt/decrypt data */ int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */ - int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ - int ctx_size; /* how big ctx->cipher_data needs to be */ - int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ - int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ - int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ - void *app_data; /* Application data */ + const unsigned char *in, unsigned int inl); + /* cleanup ctx */ + int (*cleanup)(EVP_CIPHER_CTX *); + /* how big ctx->cipher_data needs to be */ + int ctx_size; + /* Populate a ASN1_TYPE with parameters */ + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Get parameters from a ASN1_TYPE */ + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); + /* Miscellaneous operations */ + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); + /* Application data */ + void *app_data; } /* EVP_CIPHER */; /* Values for cipher flags */ @@ -420,14 +435,22 @@ struct evp_cipher_ctx_st typedef struct evp_Encode_Ctx_st { - int num; /* number saved in a partial encode/decode */ - int length; /* The length is either the output line length - * (in input bytes) or the shortest input line - * length that is ok. Once decoding begins, - * the length is adjusted up each time a longer - * line is decoded */ - unsigned char enc_data[80]; /* data to encode */ - int line_num; /* number read on current line */ + /* number saved in a partial encode/decode */ + int num; + + /* The length is either the output line length + * (in input bytes) or the shortest input line + * length that is ok. Once decoding begins, + * the length is adjusted up each time a longer + * line is decoded + */ + int length; + + /* data to encode */ + unsigned char enc_data[80]; + + /* number read on current line */ + int line_num; int expect_nl; } EVP_ENCODE_CTX; diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 30778d183c..6ec7097885 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -177,12 +177,13 @@ typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); #include <lmcons.h> #include <lmstats.h> -#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE - * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was - * was added to the Platform SDK to allow the NET API to be used in - * non-Unicode applications provided that Unicode strings were still - * used for input. LMSTR is defined as LPWSTR. - */ +#if 1 +/* The NET API is Unicode only. It requires the use of the UNICODE + * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was + * was added to the Platform SDK to allow the NET API to be used in + * non-Unicode applications provided that Unicode strings were still + * used for input. LMSTR is defined as LPWSTR. + */ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 99c90bead7..f93fdbc591 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -188,7 +188,9 @@ struct rsa_st # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 #endif #ifndef OPENSSL_RSA_MAX_PUBEXP_BITS -# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ + +/* exponent limit enforced for "large" modulus only */ +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 #endif #define RSA_3 0x3L @@ -211,30 +213,36 @@ struct rsa_st */ #define RSA_FLAG_SIGN_VER 0x0040 -#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in - * RSA implementation now uses blinding by - * default (ignoring RSA_FLAG_BLINDING), - * but other engines might not need it - */ -#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA - * implementation now uses constant time - * operations by default in private key operations, - * e.g., constant time modular exponentiation, - * modular inverse without leaking branches, - * division without leaking branches. This - * flag disables these constant time - * operations and results in faster RSA - * private key operations. - */ -#ifndef OPENSSL_NO_DEPRECATED -#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/ - /* new with 0.9.7h; the built-in RSA - * implementation now uses constant time - * modular exponentiation for secret exponents - * by default. This flag causes the - * faster variable sliding window method to - * be used for all exponents. - */ +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +#define RSA_FLAG_NO_BLINDING 0x0080 +/* + * new with 0.9.8f; the built-in RSA + * implementation now uses constant time + * operations by default in private key operations, + * e.g., constant time modular exponentiation, + * modular inverse without leaking branches, + * division without leaking branches. This + * flag disables these constant time + * operations and results in faster RSA + * private key operations. + */ +#define RSA_FLAG_NO_CONSTTIME 0x0100 +#ifdef OPENSSL_USE_DEPRECATED +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME #endif diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 203d702321..a249f91fe6 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -283,11 +283,12 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) { /* resort to rsa->mt_blinding instead */ - *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert() - * that the BN_BLINDING is shared, meaning that accesses - * require locks, and that the blinding factor must be - * stored outside the BN_BLINDING - */ + /* instructs rsa_blinding_convert(), rsa_blinding_invert() + * that the BN_BLINDING is shared, meaning that accesses + * require locks, and that the blinding factor must be + * stored outside the BN_BLINDING + */ + *local = 0; if (rsa->mt_blinding == NULL) { diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index 6965f3e2a3..9bc6a20336 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -158,9 +158,12 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); * being exactly 64-bit wide. See Implementation Notes in sha512.c * for further details. */ -#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a - * contiguous array of 64 bit - * wide big-endian values. */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +#define SHA512_CBLOCK (SHA_LBLOCK*8) #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) #define SHA_LONG64 unsigned __int64 #define U64(C) C##UI64 diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index b59c6409e4..8cc4ae6ea6 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -80,7 +80,8 @@ STACK_OF(type) \ STACK stack; \ }; -#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/ +/* nada (obsolete in new safestack approach)*/ +#define IMPLEMENT_STACK_OF(type) /* SKM_sk_... stack macros are internal to safestack.h: * never use them directly, use sk_<type>_... instead */ diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 527757ae09..f713dc8f6a 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -85,21 +85,34 @@ struct mem_object_data_st struct mem_data_st { - STACK *data; /* A stack of mem_object_data_st, - sorted with STORE_ATTR_INFO_compare(). */ - unsigned int compute_components : 1; /* Currently unused, but can - be used to add attributes - from parts of the data. */ + /* + * A stack of mem_object_data_st, + * sorted with STORE_ATTR_INFO_compare(). + */ + STACK *data; + /* Currently unused, but can + * be used to add attributes + * from parts of the data. + */ + unsigned int compute_components : 1; }; struct mem_ctx_st { - int type; /* The type we're searching for */ - STACK *search_attributes; /* Sets of attributes to search for. - Each element is a STORE_ATTR_INFO. */ - int search_index; /* which of the search attributes we found a match - for, -1 when we still haven't found any */ - int index; /* -1 as long as we're searching for the first */ + /* The type we're searching for */ + int type; + /* + * Sets of attributes to search for. + * Each element is a STORE_ATTR_INFO. + */ + STACK *search_attributes; + /* + * which of the search attributes we found a match + * for, -1 when we still haven't found any + */ + int search_index; + /* -1 as long as we're searching for the first */ + int index; }; static int mem_init(STORE *s); diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index d3c3fd2144..aa35ab33f9 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -190,14 +190,22 @@ struct x509_store_st X509_VERIFY_PARAM *param; /* Callbacks for various operations */ - int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ - int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ - int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + /* called to verify a certificate */ + int (*verify)(X509_STORE_CTX *ctx); + /* error callback */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); + /* get issuers cert from ctx */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + /* check issued */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + /* Check revocation status of chain */ + int (*check_revocation)(X509_STORE_CTX *ctx); + /* retrieve CRL */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + /* Check CRL validity */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); int (*cleanup)(X509_STORE_CTX *ctx); CRYPTO_EX_DATA ex_data; @@ -226,42 +234,62 @@ struct x509_lookup_st struct x509_store_ctx_st /* X509_STORE_CTX */ { X509_STORE *ctx; - int current_method; /* used when looking up certs */ + /* used when looking up certs */ + int current_method; /* The following are set by the caller */ - X509 *cert; /* The cert to check */ - STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ - STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ + /* The cert to check */ + X509 *cert; + /* chain of X509s - untrusted - passed in */ + STACK_OF(X509) *untrusted; + /* set of CRLs passed in */ + STACK_OF(X509_CRL) *crls; X509_VERIFY_PARAM *param; - void *other_ctx; /* Other info for use with get_issuer() */ + /* Other info for use with get_issuer() */ + void *other_ctx; /* Callbacks for various operations */ - int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ - int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ - int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + /* called to verify a certificate */ + int (*verify)(X509_STORE_CTX *ctx); + /* error callback */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); + /* get issuers cert from ctx */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + /* check issued */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + /* Check revocation status of chain */ + int (*check_revocation)(X509_STORE_CTX *ctx); + /* retrieve CRL */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + /* Check CRL validity */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); int (*check_policy)(X509_STORE_CTX *ctx); int (*cleanup)(X509_STORE_CTX *ctx); /* The following is built up */ - int valid; /* if 0, rebuild chain */ - int last_untrusted; /* index of last untrusted cert */ - STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ - X509_POLICY_TREE *tree; /* Valid policy tree */ - - int explicit_policy; /* Require explicit policy value */ + /* if 0, rebuild chain */ + int valid; + /* index of last untrusted cert */ + int last_untrusted; + /* chain of X509s - built up and trusted */ + STACK_OF(X509) *chain; + /* Valid policy tree */ + X509_POLICY_TREE *tree; + + /* Require explicit policy value */ + int explicit_policy; /* When something goes wrong, this is why */ int error_depth; int error; X509 *current_cert; - X509 *current_issuer; /* cert currently being tested as valid issuer */ - X509_CRL *current_crl; /* current CRL */ + /* cert currently being tested as valid issuer */ + X509 *current_issuer; + /* current CRL */ + X509_CRL *current_crl; CRYPTO_EX_DATA ex_data; } /* X509_STORE_CTX */; diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 2cd994c5b0..86ea98c382 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -112,8 +112,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) break; } - if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look - for, not bytes */ + /* /8 because it's 1024 bits we look for, not bytes */ + if (EVP_PKEY_size(pk) <= 1024/8) ret|=EVP_PKT_EXP; if(pkey==NULL) EVP_PKEY_free(pk); return(ret); diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index b433036715..e6b9b865c8 100644 --- a/demos/easy_tls/easy-tls.c +++ b/ |