diff options
| -rw-r--r-- | apps/ca.c | 3 | ||||
| -rw-r--r-- | apps/passwd.c | 3 | ||||
| -rw-r--r-- | apps/s_apps.h | 3 | ||||
| -rw-r--r-- | apps/s_server.c | 3 | ||||
| -rw-r--r-- | crypto/bio/bss_bio.c | 3 | ||||
| -rw-r--r-- | crypto/bio/bss_rtcp.c | 15 | ||||
| -rw-r--r-- | crypto/bn/bn_lib.c | 13 | ||||
| -rw-r--r-- | crypto/crypto.h | 3 | ||||
| -rw-r--r-- | crypto/des/des_ver.h | 6 | ||||
| -rw-r--r-- | crypto/dsa/dsa.h | 21 | ||||
| -rw-r--r-- | crypto/rand/md_rand.c | 6 | ||||
| -rw-r--r-- | crypto/seed/seed.h | 3 | ||||
| -rw-r--r-- | crypto/x509/x509.h | 9 | ||||
| -rw-r--r-- | demos/engines/ibmca/hw_ibmca.c | 2 | ||||
| -rw-r--r-- | engines/e_chil.c | 3 | ||||
| -rw-r--r-- | engines/e_sureware.c | 6 | ||||
| -rw-r--r-- | engines/e_ubsec.c | 8 | ||||
| -rw-r--r-- | ssl/kssl.c | 9 | ||||
| -rw-r--r-- | ssl/ssl.h | 51 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 39 | ||||
| -rw-r--r-- | ssl/ssl_task.c | 15 |
21 files changed, 148 insertions, 76 deletions
@@ -1464,7 +1464,8 @@ bad: } - if (crlnumberfile != NULL) /* we have a CRL number that need updating */ + /* we have a CRL number that need updating */ + if (crlnumberfile != NULL) if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err; if (!X509_CRL_sign(crl,pkey,dgst)) goto err; diff --git a/apps/passwd.c b/apps/passwd.c index 8e65ed7cbb..e12b5ecea8 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -310,7 +310,8 @@ err: */ static char *md5crypt(const char *passwd, const char *magic, const char *salt) { - static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ + /* "$apr1$..salt..$.......md5hash..........\0" */ + static char out_buf[6 + 9 + 24 + 2]; unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; int n; diff --git a/apps/s_apps.h b/apps/s_apps.h index f5a39bae66..6918eabd9d 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -108,7 +108,8 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +/* conflicts with winsock2 stuff on netware */ +#if !defined(OPENSSL_SYS_NETWARE) #include <sys/types.h> #endif #include <openssl/opensslconf.h> diff --git a/apps/s_server.c b/apps/s_server.c index a6af637bcf..4ef91f704f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -131,7 +131,8 @@ #define APPS_WIN16 #endif -#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +/* conflicts with winsock2 stuff on netware */ +#if !defined(OPENSSL_SYS_NETWARE) #include <sys/types.h> #endif diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 66a2388382..796921d9a2 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -151,7 +151,8 @@ static int bio_new(BIO *bio) return 0; b->peer = NULL; - b->size = 17*1024; /* enough for one TLS record (just a default) */ + /* enough for one TLS record (just a default) */ + b->size = 17*1024; b->buf = NULL; bio->ptr = b; diff --git a/crypto/bio/bss_rtcp.c b/crypto/bio/bss_rtcp.c index dd6038f3bd..c8145f7d79 100644 --- a/crypto/bio/bss_rtcp.c +++ b/crypto/bio/bss_rtcp.c @@ -76,11 +76,16 @@ typedef unsigned short io_channel; /*************************************************************************/ struct io_status { short status, count; long flags; }; -struct rpc_msg { /* Should have member alignment inhibited */ - char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ - char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ - unsigned short int length; /* Amount of data returned or max to return */ - char data[4092]; /* variable data */ +/* Should have member alignment inhibited */ +struct rpc_msg { + /* 'A'-app data. 'R'-remote client 'G'-global */ + char channel; + /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ + char function; + /* Amount of data returned or max to return */ + unsigned short int length; + /* variable data */ + char data[4092]; }; #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 4627153e3d..8bcd6c426e 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -350,6 +350,11 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; } + /* + * workaround for ultrix cc: without 'case 0', the optimizer does + * the switch table by doing a=top&3; a--; goto jump_table[a]; + * which fails for top== 0 + */ switch (b->top&3) { case 3: A[2]=B[2]; @@ -357,11 +362,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) case 1: A[0]=B[0]; case 0: ; - /* - * workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 - */ } } @@ -508,12 +508,13 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; } + /* ultrix cc workaround, see comments in bn_expand_internal */ switch (b->top&3) { case 3: A[2]=B[2]; case 2: A[1]=B[1]; case 1: A[0]=B[0]; - case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */ + case 0: ; } #else memcpy(a->d,b->d,sizeof(b->d[0])*b->top); diff --git a/crypto/crypto.h b/crypto/crypto.h index 1721b02bd4..8d5a812438 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -289,7 +289,8 @@ typedef struct bio_st BIO_dummy; struct crypto_ex_data_st { STACK *sk; - int dummy; /* gcc is screwing up this data structure :-( */ + /* gcc is screwing up this data structure :-( */ + int dummy; }; /* This stuff is basically class callback functions diff --git a/crypto/des/des_ver.h b/crypto/des/des_ver.h index d1ada258a6..10e889a572 100644 --- a/crypto/des/des_ver.h +++ b/crypto/des/des_ver.h @@ -67,5 +67,7 @@ #define DES_version OSSL_DES_version #define libdes_version OSSL_libdes_version -OPENSSL_EXTERN const char OSSL_DES_version[]; /* SSLeay version string */ -OPENSSL_EXTERN const char OSSL_libdes_version[]; /* old libdes version string */ +/* SSLeay version string */ +OPENSSL_EXTERN const char OSSL_DES_version[]; +/* old libdes version string */ +OPENSSL_EXTERN const char OSSL_libdes_version[]; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 6c85d22b2d..48d75b8c5c 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -91,13 +91,20 @@ #define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 #define DSA_FLAG_CACHE_MONT_P 0x01 -#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA - * implementation now uses constant time - * modular exponentiation for secret exponents - * by default. This flag causes the - * faster variable sliding window method to - * be used for all exponents. - */ +/* new with 0.9.7h; the + * built-in DSA + * implementation now + * uses constant time + * modular exponentiation + * for secret exponents + * by default. This flag + * causes the faster + * variable sliding + * window method to be + * used for all + * exponents. + */ +#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* If this flag is set the DSA method is FIPS compliant and can be used * in FIPS mode. This is set in the validated module method. If an diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 0f8dd3e00f..b55a2d88f2 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -149,7 +149,8 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread * holds CRYPTO_LOCK_RAND * (to prevent double locking) */ /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ -static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ +/* valid iff crypto_lock_rand is set */ +static unsigned long locking_thread = 0; #ifdef PREDICT @@ -491,7 +492,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) for (i=0; i<MD_DIGEST_LENGTH/2; i++) { - state[st_idx++]^=local_md[i]; /* may compete with other threads */ + /* may compete with other threads */ + state[st_idx++]^=local_md[i]; if (st_idx >= st_num) st_idx=0; if (i < j) diff --git a/crypto/seed/seed.h b/crypto/seed/seed.h index 427915ed9a..318cb1a026 100644 --- a/crypto/seed/seed.h +++ b/crypto/seed/seed.h @@ -87,7 +87,8 @@ #error SEED is disabled. #endif -#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */ +/* look whether we need 'long' to get 32 bits */ +#ifdef AES_LONG # ifndef SEED_LONG # define SEED_LONG 1 # endif diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 072de2066b..d7f6c04185 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -544,7 +544,8 @@ X509_ALGOR *encryption; } PBE2PARAM; typedef struct PBKDF2PARAM_st { -ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ +/* Usually OCTET STRING but could be anything */ +ASN1_TYPE *salt; ASN1_INTEGER *iter; ASN1_INTEGER *keylength; X509_ALGOR *prf; @@ -555,14 +556,16 @@ X509_ALGOR *prf; typedef struct pkcs8_priv_key_info_st { - int broken; /* Flag for various broken formats */ + /* Flag for various broken formats */ + int broken; #define PKCS8_OK 0 #define PKCS8_NO_OCTET 1 #define PKCS8_EMBEDDED_PARAM 2 #define PKCS8_NS_DB 3 ASN1_INTEGER *version; X509_ALGOR *pkeyalg; - ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ + /* Should be OCTET STRING but some are broken */ + ASN1_TYPE *pkey; STACK_OF(X509_ATTRIBUTE) *attributes; } PKCS8_PRIV_KEY_INFO; diff --git a/demos/engines/ibmca/hw_ibmca.c b/demos/engines/ibmca/hw_ibmca.c index fa690a2286..8838b0015e 100644 --- a/demos/engines/ibmca/hw_ibmca.c +++ b/demos/engines/ibmca/hw_ibmca.c @@ -916,5 +916,5 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #endif /* ENGINE_DYNAMIC_SUPPORT */
-#endif /* !OPENSSL_NO_HW_IBMCA */
+#endif /* !OPENSSL_NO_HW_IBMCA */ #endif /* !OPENSSL_NO_HW */ diff --git a/engines/e_chil.c b/engines/e_chil.c index a03b0c0389..4d3320a270 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -420,7 +420,8 @@ void ENGINE_load_chil(void) static DSO *hwcrhk_dso = NULL; static HWCryptoHook_ContextHandle hwcrhk_context = 0; #ifndef OPENSSL_NO_RSA -static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int hndidx_rsa = -1; #endif /* These are the function pointers that are (un)set when the library has diff --git a/engines/e_sureware.c b/engines/e_sureware.c index 74a6137b92..908bce9d24 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -337,10 +337,12 @@ void ENGINE_load_sureware(void) * implicitly. */ static DSO *surewarehk_dso = NULL; #ifndef OPENSSL_NO_RSA -static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int rsaHndidx = -1; #endif #ifndef OPENSSL_NO_DSA -static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int dsaHndidx = -1; #endif /* These are the function pointers that are (un)set when the library has diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index f84ec98bf3..c9d3b8662e 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -781,9 +781,13 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; } - if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */ + if (p_UBSEC_dsa_sign_ioctl(fd, + /* compute hash before signing */ + 0, (unsigned char *)dgst, d_len, - NULL, 0, /* compute random value */ + NULL, + /* compute random value */ + 0, (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), (unsigned char *)dsa->q->d, BN_num_bits(dsa->q), (unsigned char *)dsa->g->d, BN_num_bits(dsa->g), diff --git a/ssl/kssl.c b/ssl/kssl.c index d57f000825..7a29023d1e 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1812,8 +1812,10 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, - 0 /* IGNORE_VNO */, - 0 /* IGNORE_ENCTYPE */, + /* IGNORE_VNO */ + 0, + /* IGNORE_ENCTYPE */ + 0, &entry); if ( krb5rc == KRB5_KT_NOTFOUND ) { rc = 1; @@ -1897,7 +1899,8 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) krb5_free_data_contents(NULL, data); #endif } -#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ +#endif +/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ /* Given pointers to KerberosTime and struct tm structs, convert the @@ -505,7 +505,8 @@ typedef struct ssl_session_st * the workaround is not needed. Unfortunately some broken SSL/TLS * implementations cannot handle it at all, which is why we include * it in SSL_OP_ALL. */ -#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ +/* added in 0.9.6e */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* SSL_OP_ALL: various bug workarounds that should be rather harmless. * This used to be 0x000FFFFFL before 0.9.7. */ @@ -1219,27 +1220,40 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_AD_REASON_OFFSET 1000 /* These alert types are for SSLv3 and TLSv1 */ #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY -#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ -#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ +/* fatal */ +#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW -#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ -#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ -#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ +/* fatal */ +#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN -#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ -#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ -#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ -#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ +/* fatal */ +#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR -#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ -#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ -#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ -#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ +/* fatal */ +#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION @@ -1247,8 +1261,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE -#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ -#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ +/* fatal */ +#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1445,7 +1461,8 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type); int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ +/* PEM type */ +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 43ef447029..e405d4b4b3 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -261,25 +261,38 @@ * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. */ #define SSL_MKEY_MASK 0x000000FFL -#define SSL_kRSA 0x00000001L /* RSA key exchange */ -#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ -#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ +/* RSA key exchange */ +#define SSL_kRSA 0x00000001L +/* DH cert RSA CA cert */ +#define SSL_kDHr 0x00000002L +/* DH cert DSA CA cert */ +#define SSL_kDHd 0x00000004L #define SSL_kFZA 0x00000008L -#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ -#define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ -#define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */ -#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ +/* tmp DH key no DH cert */ +#define SSL_kEDH 0x00000010L +/* Kerberos5 key exchange */ +#define SSL_kKRB5 0x00000020L +/* ECDH w/ long-term keys */ +#define SSL_kECDH 0x00000040L +/* ephemeral ECDH */ +#define SSL_kECDHE 0x00000080L #define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) #define SSL_AUTH_MASK 0x00007F00L -#define SSL_aRSA 0x00000100L /* Authenticate with RSA */ -#define SSL_aDSS 0x00000200L /* Authenticate with DSS */ +/* Authenticate with RSA */ +#define SSL_aRSA 0x00000100L +/* Authenticate with DSS */ +#define SSL_aDSS 0x00000200L #define SSL_DSS SSL_aDSS #define SSL_aFZA 0x00000400L -#define SSL_aNULL 0x00000800L /* no Authenticate, ADH */ -#define SSL_aDH 0x00001000L /* no Authenticate, ADH */ -#define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */ -#define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */ +/* no Authenticate, ADH */ +#define SSL_aNULL 0x00000800L +/* no Authenticate, ADH */ +#define SSL_aDH 0x00001000L +/* Authenticate with KRB5 */ +#define SSL_aKRB5 0x00002000L +/* Authenticate with ECDSA */ +#define SSL_aECDSA 0x00004000L #define SSL_NULL (SSL_eNULL) #define SSL_ADH (SSL_kEDH|SSL_aNULL) diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index 86a9a6013d..4381647f2e 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -144,11 +144,16 @@ static int s_nbio=0; #endif #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE" /*************************************************************************/ -struct rpc_msg { /* Should have member alignment inhibited */ - char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ - char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ - unsigned short int length; /* Amount of data returned or max to return */ - char data[4092]; /* variable data */ +/* Should have member alignment inhibited */ +struct rpc_msg { + /* 'A'-app data. 'R'-remote client 'G'-global */ + char channel; + /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ + char function; + /* Amount of data returned or max to return */ + unsigned short int length; + /* variable data */ + char data[4092]; }; #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) |