diff options
author | Matt Caswell <matt@openssl.org> | 2015-01-21 11:09:58 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:50:57 +0000 |
commit | c7c7a432df2fb0e0a359d5d383817b1348a71db6 (patch) | |
tree | bb78ecc1ddfbe5df8192c7e33f12da61ccfe6aa3 /ssl | |
parent | 5ba9d5bb3b79f32506a4fba061368c18890610e4 (diff) |
indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.
Conflicts:
crypto/bn/bn.h
crypto/ec/ec_lcl.h
crypto/rsa/rsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl.h
ssl/ssl3.h
Conflicts:
crypto/ec/ec_lcl.h
ssl/tls1.h
Conflicts:
crypto/ec/ecp_nistp224.c
crypto/evp/evp.h
ssl/d1_both.c
ssl/ssl.h
ssl/ssl_lib.c
Conflicts:
crypto/bio/bss_file.c
crypto/ec/ec_lcl.h
crypto/evp/evp.h
crypto/store/str_mem.c
crypto/whrlpool/wp_block.c
crypto/x509/x509_vfy.h
ssl/ssl.h
ssl/ssl3.h
ssl/ssltest.c
ssl/t1_lib.c
ssl/tls1.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_both.c | 10 | ||||
-rw-r--r-- | ssl/d1_pkt.c | 4 | ||||
-rw-r--r-- | ssl/s23_srvr.c | 28 | ||||
-rw-r--r-- | ssl/s3_both.c | 3 | ||||
-rw-r--r-- | ssl/ssl.h | 100 | ||||
-rw-r--r-- | ssl/ssl3.h | 37 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 13 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 9 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 12 | ||||
-rw-r--r-- | ssl/ssltest.c | 20 |
10 files changed, 148 insertions, 88 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index b2de60eb0a..5a467c4c0f 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -436,10 +436,15 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) again: i = dtls1_get_message_fragment(s, st1, stn, max, ok); if ( i == DTLS1_HM_BAD_FRAGMENT || - i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ + i == DTLS1_HM_FRAGMENT_RETRY) + { + /* bad fragment received */ goto again; + } else if ( i <= 0 && !*ok) + { return i; + } p = (unsigned char *)s->init_buf->data; msg_len = msg_hdr->msg_len; @@ -1121,7 +1126,8 @@ int dtls1_read_failed(SSL *s, int code) return code; } - if ( ! SSL_in_init(s)) /* done, no need to send a retransmit */ + /* done, no need to send a retransmit */ + if ( ! SSL_in_init(s)) { BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); return code; diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 02d062a2e5..a22e43b507 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -289,8 +289,8 @@ dtls1_get_buffered_record(SSL *s) (((PQ_64BIT)s->d1->handshake_read_seq) << 32) | ((PQ_64BIT)s->d1->r_msg_hdr.frag_off); - if ( ! SSL_in_init(s)) /* if we're not (re)negotiating, - nothing buffered */ + /* if we're not (re)negotiating, nothing buffered */ + if ( ! SSL_in_init(s)) return 0; diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 77c27335aa..12de5a594f 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -232,19 +232,21 @@ end: int ssl23_get_client_hello(SSL *s) { - char buf_space[11]; /* Request this many bytes in initial read. - * We can detect SSL 3.0/TLS 1.0 Client Hellos - * ('type == 3') correctly only when the following - * is in a single record, which is not guaranteed by - * the protocol specification: - * Byte Content - * 0 type \ - * 1/2 version > record header - * 3/4 length / - * 5 msg_type \ - * 6-8 length > Client Hello message - * 9/10 client_version / - */ + /*- + * Request this many bytes in initial read. + * We can detect SSL 3.0/TLS 1.0 Client Hellos + * ('type == 3') correctly only when the following + * is in a single record, which is not guaranteed by + * the protocol specification: + * Byte Content + * 0 type \ + * 1/2 version > record header + * 3/4 length / + * 5 msg_type \ + * 6-8 length > Client Hello message + * 9/10 client_version / + */ + char buf_space[11]; char *buf= &(buf_space[0]); unsigned char *p,*d,*d_len,*dd; unsigned int i; diff --git a/ssl/s3_both.c b/ssl/s3_both.c index b9c6c43c29..32d81b0792 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -214,11 +214,12 @@ int ssl3_get_finished(SSL *s, int a, int b) * change cipher spec message and is in s->s3->tmp.peer_finish_md */ + /* 64 argument should actually be 36+4 :-) */ n=s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, - 64, /* should actually be 36+4 :-) */ + 64, &ok); if (!ok) return((int)n); @@ -773,7 +773,8 @@ struct ssl_ctx_st int verify_mode; unsigned int sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ + /* called 'verify_callback' in the SSL */ + int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* Default generate session ID callback. */ GEN_SESSION_CB generate_session_id; @@ -885,22 +886,28 @@ struct ssl_st * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) */ int version; - int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ + /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ + int type; - SSL_METHOD *method; /* SSLv3 */ + /* SSLv3 */ + SSL_METHOD *method; /* There are 2 BIO's even though they are normally both the * same. This is so data can be read and written to different * handlers */ #ifndef OPENSSL_NO_BIO - BIO *rbio; /* used by SSL_read */ - BIO *wbio; /* used by SSL_write */ - BIO *bbio; /* used during session-id reuse to concatenate - * messages */ + /* used by SSL_read */ + BIO *rbio; + /* used by SSL_write */ + BIO *wbio; + /* used during session-id reuse to concatenate messages */ + BIO *bbio; #else - char *rbio; /* used by SSL_read */ - char *wbio; /* used by SSL_write */ + /* used by SSL_read */ + char *rbio; + /* used by SSL_write */ + char *wbio; char *bbio; #endif /* This holds a variable that indicates what we were doing @@ -921,19 +928,26 @@ struct ssl_st * test instead of an "init" member. */ - int server; /* are we the server side? - mostly used by SSL_clear*/ + /* are we the server side? - mostly used by SSL_clear*/ + int server; - int new_session;/* 1 if we are to use a new session. - * 2 if we are a server and are inside a handshake - * (i.e. not just sending a HelloRequest) - * NB: For servers, the 'new' session may actually be a previously - * cached session or even the previous session unless - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ - int quiet_shutdown;/* don't send shutdown packets */ - int shutdown; /* we have shut things down, 0x01 sent, 0x02 - * for received */ - int state; /* where we are */ - int rstate; /* where we are when reading */ + /* + * 1 if we are to use a new session. + * 2 if we are a server and are inside a handshake + * (i.e. not just sending a HelloRequest) + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set + */ + int new_session; + /* don't send shutdown packets */ + int quiet_shutdown; + /* we have shut things down, 0x01 sent, 0x02 for received */ + int shutdown; + /* where we are */ + int state; + /* where we are when reading */ + int rstate; BUF_MEM *init_buf; /* buffer used during init */ void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ @@ -1005,17 +1019,25 @@ struct ssl_st GEN_SESSION_CB generate_session_id; /* Used in SSL2 and SSL3 */ - int verify_mode; /* 0 don't care about verify failure. - * 1 fail if verify fails */ - int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ + /* + * 0 don't care about verify failure. + * 1 fail if verify fails + */ + int verify_mode; + /* fail if callback returns 0 */ + int (*verify_callback)(int ok,X509_STORE_CTX *ctx); - void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ + /* optional informational callback */ + void (*info_callback)(const SSL *ssl,int type,int val); - int error; /* error bytes to be written */ - int error_code; /* actual code */ + /* error bytes to be written */ + int error; + /* actual code */ + int error_code; #ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ + /* Kerberos 5 context */ + KSSL_CTX *kssl_ctx; #endif /* OPENSSL_NO_KRB5 */ SSL_CTX *ctx; @@ -1031,12 +1053,14 @@ struct ssl_st STACK_OF(X509_NAME) *client_CA; int references; - unsigned long options; /* protocol behaviour */ - unsigned long mode; /* API behaviour */ + /* protocol behaviour */ + unsigned long options; + /* API behaviour */ + unsigned long mode; long max_cert_list; int first_packet; - int client_version; /* what was passed, used for - * SSLv3/TLS rollback check */ + /* what was passed, used for SSLv3/TLS rollback check */ + int client_version; #ifndef OPENSSL_NO_TLSEXT /* TLS extension debug callback */ void (*tlsext_debug_cb)(SSL *s, int client_server, int type, @@ -1044,11 +1068,13 @@ struct ssl_st void *arg); void *tlsext_debug_arg; char *tlsext_hostname; - int servername_done; /* no further mod of servername - 0 : call the servername extension callback. - 1 : prepare 2, allow last ack just after in server callback. - 2 : don't call servername callback, no ack in server hello - */ + /*- + * no further mod of servername + * 0 : call the servername extension callback. + * 1 : prepare 2, allow last ack just after in server callback. + * 2 : don't call servername callback, no ack in server hello + */ + int servername_done; /* certificate status request info */ /* Status type or -1 if no status type */ int tlsext_status_type; diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 76f922e356..94767df4a0 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -301,23 +301,34 @@ extern "C" { typedef struct ssl3_record_st { -/*r */ int type; /* type of record */ -/*rw*/ unsigned int length; /* How many bytes available */ -/*r */ unsigned int off; /* read/write offset into 'buf' */ -/*rw*/ unsigned char *data; /* pointer to the record data */ -/*rw*/ unsigned char *input; /* where the decode bytes are */ -/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ -/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ -/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ + /* type of record */ +/*r */ int type; + /* How many bytes available */ +/*rw*/ unsigned int length; + /* read/write offset into 'buf' */ +/*r */ unsigned int off; + /* pointer to the record data */ +/*rw*/ unsigned char *data; + /* where the decode bytes are */ +/*rw*/ unsigned char *input; + /* only used with decompression - malloc()ed */ +/*r */ unsigned char *comp; + /* epoch number, needed by DTLS1 */ +/*r */ unsigned long epoch; + /* sequence number, needed by DTLS1 */ +/*r */ PQ_64BIT seq_num; } SSL3_RECORD; typedef struct ssl3_buffer_st { - unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, - * see ssl3_setup_buffers() */ - size_t len; /* buffer size */ - int offset; /* where to 'copy from' */ - int left; /* how many bytes left */ + /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ + unsigned char *buf; + /* buffer size */ + size_t len; + /* where to 'copy from' */ + int offset; + /* how many bytes left */ + int left; } SSL3_BUFFER; #define SSL3_CT_RSA_SIGN 1 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 409b9e7a2b..57d6138d3a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -172,10 +172,15 @@ int SSL_clear(SSL *s) s->hit=0; s->shutdown=0; -#if 0 /* Disabled since version 1.10 of this file (early return not - * needed because SSL_clear is not called when doing renegotiation) */ - /* This is set if we are doing dynamic renegotiation so keep - * the old cipher. It is sort of a SSL_clear_lite :-) */ +#if 0 + /* + * Disabled since version 1.10 of this file (early return not + * needed because SSL_clear is not called when doing renegotiation) + */ + /* + * This is set if we are doing dynamic renegotiation so keep + * the old cipher. It is sort of a SSL_clear_lite :-) + */ if (s->new_session) return(1); #else if (s->new_session) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index dd5c4ac012..43ef447029 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -420,9 +420,12 @@ typedef struct cert_pkey_st typedef struct cert_st { /* Current active set */ - CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array - * Probably it would make more sense to store - * an index, not a pointer. */ + /* + * ALWAYS points to an element of the pkeys array + * Probably it would make more sense to store + * an index, not a pointer. + */ + CERT_PKEY *key; /* The following masks are for the key and auth * algorithms that are supported by the certs below */ diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index e7802e1d9e..abf2279dcf 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -772,9 +772,11 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) if ((s->next == NULL) || (s->prev == NULL)) return; if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) - { /* last element in list */ + { + /* last element in list */ if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* only one element in list */ + { + /* only one element in list */ ctx->session_cache_head=NULL; ctx->session_cache_tail=NULL; } @@ -787,12 +789,14 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) else { if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) - { /* first element in list */ + { + /* first element in list */ ctx->session_cache_head=s->next; s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); } else - { /* middle of list */ + { + /* middle of list */ s->next->prev=s->prev; s->prev->next=s->next; } diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 020b576b3d..9ddda94139 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -114,8 +114,8 @@ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ -#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly - on Linux and GNU platforms. */ +/* Or gethostname won't be declared properly on Linux and GNU platforms. */ +#define _BSD_SOURCE 1 #include <assert.h> #include <errno.h> @@ -128,8 +128,8 @@ #define USE_SOCKETS #include "e_os.h" -#define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on - VMS (at least with DECompHP C). */ +/* Or isascii won't be declared properly on VMS (at least with DECompHP C). */ +#define _XOPEN_SOURCE 500 #include <ctype.h> #include <openssl/bio.h> @@ -154,11 +154,13 @@ #endif #include <openssl/bn.h> -#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly - on Compaq platforms (at least with DEC C). - Do not try to put it earlier, or IPv6 includes - get screwed... - */ +/* + * Or gethostname won't be declared properly + * on Compaq platforms (at least with DEC C). + * Do not try to put it earlier, or IPv6 includes + * get screwed... +*/ +#define _XOPEN_SOURCE_EXTENDED 1 #ifdef OPENSSL_SYS_WINDOWS #include <winsock.h> |