From 5011589a0b17632ce68b84407569ca0ba5a11c6a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 21 Jan 2015 19:18:47 +0000 Subject: Move more comments that confuse indent Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Conflicts: crypto/bn/rsaz_exp.c crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha256.c ssl/ssl_locl.h Conflicts: crypto/ec/ec2_oct.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/ec/ecp_oct.c crypto/modes/gcm128.c ssl/ssl_locl.h Reviewed-by: Tim Hudson --- apps/apps.c | 10 ++++--- apps/ca.c | 3 +- apps/passwd.c | 3 +- apps/s_apps.h | 3 +- apps/s_server.c | 3 +- crypto/bio/bss_bio.c | 3 +- crypto/bio/bss_rtcp.c | 15 ++++++---- crypto/bn/bn_lib.c | 13 +++++---- crypto/crypto.h | 3 +- crypto/des/des_ver.h | 6 ++-- crypto/dsa/dsa.h | 21 +++++++++----- crypto/rand/md_rand.c | 6 ++-- crypto/seed/seed.h | 3 +- crypto/x509/x509.h | 9 ++++-- demos/engines/ibmca/hw_ibmca.c | 2 +- engines/e_chil.c | 3 +- engines/e_sureware.c | 6 ++-- engines/e_ubsec.c | 8 ++++-- ssl/d1_pkt.c | 3 +- ssl/kssl.c | 9 ++++-- ssl/ssl.h | 51 ++++++++++++++++++++++------------ ssl/ssl_locl.h | 63 ++++++++++++++++++++++++++++-------------- ssl/ssl_task.c | 15 ++++++---- ssl/ssltest.c | 6 ++-- ssl/t1_enc.c | 3 +- 25 files changed, 179 insertions(+), 91 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 8d7d2f9a9e..0543f18b1a 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -110,10 +110,12 @@ */ #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) -#define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get - the declaration of fileno(). The value - 2 is to make sure no function defined - in POSIX-2 is left undefined. */ +/* On VMS, you need to define this to get + * the declaration of fileno(). The value + * 2 is to make sure no function defined + * in POSIX-2 is left undefined. + */ +#define _POSIX_C_SOURCE 2 #endif #include #include diff --git a/apps/ca.c b/apps/ca.c index f82c20360c..f0770b09db 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1474,7 +1474,8 @@ bad: } - if (crlnumberfile != NULL) /* we have a CRL number that need updating */ + /* we have a CRL number that need updating */ + if (crlnumberfile != NULL) if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err; if (crlnumber) diff --git a/apps/passwd.c b/apps/passwd.c index 8e65ed7cbb..e12b5ecea8 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -310,7 +310,8 @@ err: */ static char *md5crypt(const char *passwd, const char *magic, const char *salt) { - static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */ + /* "$apr1$..salt..$.......md5hash..........\0" */ + static char out_buf[6 + 9 + 24 + 2]; unsigned char buf[MD5_DIGEST_LENGTH]; char *salt_out; int n; diff --git a/apps/s_apps.h b/apps/s_apps.h index 820e5c5815..919023ddf5 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -108,7 +108,8 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +/* conflicts with winsock2 stuff on netware */ +#if !defined(OPENSSL_SYS_NETWARE) #include #endif #include diff --git a/apps/s_server.c b/apps/s_server.c index 876d76a72d..400760e1cd 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -157,7 +157,8 @@ #define APPS_WIN16 #endif -#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ +/* conflicts with winsock2 stuff on netware */ +#if !defined(OPENSSL_SYS_NETWARE) #include #endif diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 66a2388382..796921d9a2 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -151,7 +151,8 @@ static int bio_new(BIO *bio) return 0; b->peer = NULL; - b->size = 17*1024; /* enough for one TLS record (just a default) */ + /* enough for one TLS record (just a default) */ + b->size = 17*1024; b->buf = NULL; bio->ptr = b; diff --git a/crypto/bio/bss_rtcp.c b/crypto/bio/bss_rtcp.c index dd6038f3bd..c8145f7d79 100644 --- a/crypto/bio/bss_rtcp.c +++ b/crypto/bio/bss_rtcp.c @@ -76,11 +76,16 @@ typedef unsigned short io_channel; /*************************************************************************/ struct io_status { short status, count; long flags; }; -struct rpc_msg { /* Should have member alignment inhibited */ - char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ - char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ - unsigned short int length; /* Amount of data returned or max to return */ - char data[4092]; /* variable data */ +/* Should have member alignment inhibited */ +struct rpc_msg { + /* 'A'-app data. 'R'-remote client 'G'-global */ + char channel; + /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ + char function; + /* Amount of data returned or max to return */ + unsigned short int length; + /* variable data */ + char data[4092]; }; #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 5be55b996b..388b21f58f 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -369,6 +369,11 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; } + /* + * workaround for ultrix cc: without 'case 0', the optimizer does + * the switch table by doing a=top&3; a--; goto jump_table[a]; + * which fails for top== 0 + */ switch (b->top&3) { case 3: A[2]=B[2]; @@ -376,11 +381,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) case 1: A[0]=B[0]; case 0: ; - /* - * workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 - */ } } @@ -527,12 +527,13 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; } + /* ultrix cc workaround, see comments in bn_expand_internal */ switch (b->top&3) { case 3: A[2]=B[2]; case 2: A[1]=B[1]; case 1: A[0]=B[0]; - case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */ + case 0: ; } #else memcpy(a->d,b->d,sizeof(b->d[0])*b->top); diff --git a/crypto/crypto.h b/crypto/crypto.h index 254b972047..63191dd721 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -285,7 +285,8 @@ typedef struct bio_st BIO_dummy; struct crypto_ex_data_st { STACK_OF(void) *sk; - int dummy; /* gcc is screwing up this data structure :-( */ + /* gcc is screwing up this data structure :-( */ + int dummy; }; DECLARE_STACK_OF(void) diff --git a/crypto/des/des_ver.h b/crypto/des/des_ver.h index d1ada258a6..10e889a572 100644 --- a/crypto/des/des_ver.h +++ b/crypto/des/des_ver.h @@ -67,5 +67,7 @@ #define DES_version OSSL_DES_version #define libdes_version OSSL_libdes_version -OPENSSL_EXTERN const char OSSL_DES_version[]; /* SSLeay version string */ -OPENSSL_EXTERN const char OSSL_libdes_version[]; /* old libdes version string */ +/* SSLeay version string */ +OPENSSL_EXTERN const char OSSL_DES_version[]; +/* old libdes version string */ +OPENSSL_EXTERN const char OSSL_libdes_version[]; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index e79fcf32fd..c6e5e39b03 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -89,13 +89,20 @@ #endif #define DSA_FLAG_CACHE_MONT_P 0x01 -#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA - * implementation now uses constant time - * modular exponentiation for secret exponents - * by default. This flag causes the - * faster variable sliding window method to - * be used for all exponents. - */ +/* new with 0.9.7h; the + * built-in DSA + * implementation now + * uses constant time + * modular exponentiation + * for secret exponents + * by default. This flag + * causes the faster + * variable sliding + * window method to be + * used for all + * exponents. + */ +#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 #ifdef __cplusplus extern "C" { diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index b2f04ff13e..4489c82d8d 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -145,7 +145,8 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread * holds CRYPTO_LOCK_RAND * (to prevent double locking) */ /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ -static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */ +/* valid iff crypto_lock_rand is set */ +static CRYPTO_THREADID locking_threadid; #ifdef PREDICT @@ -498,7 +499,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) for (i=0; i= st_num) st_idx=0; if (i < j) diff --git a/crypto/seed/seed.h b/crypto/seed/seed.h index 6ffa5f024e..877c28a841 100644 --- a/crypto/seed/seed.h +++ b/crypto/seed/seed.h @@ -89,7 +89,8 @@ #error SEED is disabled. #endif -#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */ +/* look whether we need 'long' to get 32 bits */ +#ifdef AES_LONG # ifndef SEED_LONG # define SEED_LONG 1 # endif diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index f8b97dfba8..30a15ebdec 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -570,7 +570,8 @@ X509_ALGOR *encryption; } PBE2PARAM; typedef struct PBKDF2PARAM_st { -ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ +/* Usually OCTET STRING but could be anything */ +ASN1_TYPE *salt; ASN1_INTEGER *iter; ASN1_INTEGER *keylength; X509_ALGOR *prf; @@ -581,7 +582,8 @@ X509_ALGOR *prf; struct pkcs8_priv_key_info_st { - int broken; /* Flag for various broken formats */ + /* Flag for various broken formats */ + int broken; #define PKCS8_OK 0 #define PKCS8_NO_OCTET 1 #define PKCS8_EMBEDDED_PARAM 2 @@ -589,7 +591,8 @@ struct pkcs8_priv_key_info_st #define PKCS8_NEG_PRIVKEY 4 ASN1_INTEGER *version; X509_ALGOR *pkeyalg; - ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ + /* Should be OCTET STRING but some are broken */ + ASN1_TYPE *pkey; STACK_OF(X509_ATTRIBUTE) *attributes; }; diff --git a/demos/engines/ibmca/hw_ibmca.c b/demos/engines/ibmca/hw_ibmca.c index fa690a2286..8838b0015e 100644 --- a/demos/engines/ibmca/hw_ibmca.c +++ b/demos/engines/ibmca/hw_ibmca.c @@ -916,5 +916,5 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #endif /* ENGINE_DYNAMIC_SUPPORT */ -#endif /* !OPENSSL_NO_HW_IBMCA */ +#endif /* !OPENSSL_NO_HW_IBMCA */ #endif /* !OPENSSL_NO_HW */ diff --git a/engines/e_chil.c b/engines/e_chil.c index 9999fcc775..d1ee0c8fef 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -419,7 +419,8 @@ void ENGINE_load_chil(void) static DSO *hwcrhk_dso = NULL; static HWCryptoHook_ContextHandle hwcrhk_context = 0; #ifndef OPENSSL_NO_RSA -static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int hndidx_rsa = -1; #endif /* These are the function pointers that are (un)set when the library has diff --git a/engines/e_sureware.c b/engines/e_sureware.c index d4dac55d0e..f9167c45dd 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -337,10 +337,12 @@ void ENGINE_load_sureware(void) * implicitly. */ static DSO *surewarehk_dso = NULL; #ifndef OPENSSL_NO_RSA -static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int rsaHndidx = -1; #endif #ifndef OPENSSL_NO_DSA -static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +/* Index for KM handle. Not really used yet. */ +static int dsaHndidx = -1; #endif /* These are the function pointers that are (un)set when the library has diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 458f37e996..bf20d527d0 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -782,9 +782,13 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; } - if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */ + if (p_UBSEC_dsa_sign_ioctl(fd, + /* compute hash before signing */ + 0, (unsigned char *)dgst, d_len, - NULL, 0, /* compute random value */ + NULL, + /* compute random value */ + 0, (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), (unsigned char *)dsa->q->d, BN_num_bits(dsa->q), (unsigned char *)dsa->g->d, BN_num_bits(dsa->g), diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 96a3419355..bcbce03e9f 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -695,7 +695,8 @@ again: { if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0) return -1; - dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ + /* Mark receipt of record. */ + dtls1_record_bitmap_update(s, bitmap); } rr->length = 0; s->packet_length = 0; diff --git a/ssl/kssl.c b/ssl/kssl.c index a8ab203627..14a7140aed 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1813,8 +1813,10 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, - 0 /* IGNORE_VNO */, - 0 /* IGNORE_ENCTYPE */, + /* IGNORE_VNO */ + 0, + /* IGNORE_ENCTYPE */ + 0, &entry); if ( krb5rc == KRB5_KT_NOTFOUND ) { rc = 1; @@ -1898,7 +1900,8 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) krb5_free_data_contents(NULL, data); #endif } -#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ +#endif +/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ /* Given pointers to KerberosTime and struct tm structs, convert the diff --git a/ssl/ssl.h b/ssl/ssl.h index 48f4a33d57..35ef9e66ba 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -537,7 +537,8 @@ typedef struct ssl_session_st * the workaround is not needed. Unfortunately some broken SSL/TLS * implementations cannot handle it at all, which is why we include * it in SSL_OP_ALL. */ -#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ +/* added in 0.9.6e */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* SSL_OP_ALL: various bug workarounds that should be rather harmless. * This used to be 0x000FFFFFL before 0.9.7. */ @@ -1344,27 +1345,40 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) /* These alert types are for SSLv3 and TLSv1 */ #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY -#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ -#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ +/* fatal */ +#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE +/* fatal */ +#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW -#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ -#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ -#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ +/* fatal */ +#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE +/* fatal */ +#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE +/* Not for TLS */ +#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN -#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ -#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ -#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ -#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ +/* fatal */ +#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER +/* fatal */ +#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA +/* fatal */ +#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED +/* fatal */ +#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR -#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ -#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ -#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ -#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ +/* fatal */ +#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION +/* fatal */ +#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION +/* fatal */ +#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY +/* fatal */ +#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION @@ -1372,8 +1386,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE -#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ -#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ +/* fatal */ +#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY +/* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1576,7 +1592,8 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type); int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ +/* PEM type */ +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 7ff5d32c9a..87aa785e1c 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -288,28 +288,51 @@ */ /* Bits for algorithm_mkey (key exchange algorithm) */ -#define SSL_kRSA 0x00000001L /* RSA key exchange */ -#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */ -#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */ -#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */ -#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */ -#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ -#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ -#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ -#define SSL_kPSK 0x00000100L /* PSK */ -#define SSL_kGOST 0x00000200L /* GOST key exchange */ +/* RSA key exchange */ +#define SSL_kRSA 0x00000001L +/* DH cert, RSA CA cert */ +/* no such ciphersuites supported! */ +#define SSL_kDHr 0x00000002L +/* DH cert, DSA CA cert */ +/* no such ciphersuite supported! */ +#define SSL_kDHd 0x00000004L +/* tmp DH key no DH cert */ +#define SSL_kEDH 0x00000008L +/* Kerberos5 key exchange */ +#define SSL_kKRB5 0x00000010L +/* ECDH cert, RSA CA cert */ +#define SSL_kECDHr 0x00000020L +/* ECDH cert, ECDSA CA cert */ +#define SSL_kECDHe 0x00000040L +/* ephemeral ECDH */ +#define SSL_kEECDH 0x00000080L +/* PSK */ +#define SSL_kPSK 0x00000100L +/* GOST key exchange */ +#define SSL_kGOST 0x00000200L /* Bits for algorithm_auth (server authentication) */ -#define SSL_aRSA 0x00000001L /* RSA auth */ -#define SSL_aDSS 0x00000002L /* DSS auth */ -#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ -#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */ -#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */ -#define SSL_aKRB5 0x00000020L /* KRB5 auth */ -#define SSL_aECDSA 0x00000040L /* ECDSA auth*/ -#define SSL_aPSK 0x00000080L /* PSK auth */ -#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ -#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ +/* RSA auth */ +#define SSL_aRSA 0x00000001L +/* DSS auth */ +#define SSL_aDSS 0x00000002L +/* no auth (i.e. use ADH or AECDH) */ +#define SSL_aNULL 0x00000004L +/* Fixed DH auth (kDHd or kDHr) */ +/* no such ciphersuites supported! */ +#define SSL_aDH 0x00000008L +/* Fixed ECDH auth (kECDHe or kECDHr) */ +#define SSL_aECDH 0x00000010L +/* KRB5 auth */ +#define SSL_aKRB5 0x00000020L +/* ECDSA auth*/ +#define SSL_aECDSA 0x00000040L +/* PSK auth */ +#define SSL_aPSK 0x00000080L +/* GOST R 34.10-94 signature auth */ +#define SSL_aGOST94 0x00000100L +/* GOST R 34.10-2001 signature auth */ +#define SSL_aGOST01 0x00000200L /* Bits for algorithm_enc (symmetric encryption) */ diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index 86a9a6013d..4381647f2e 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -144,11 +144,16 @@ static int s_nbio=0; #endif #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE" /*************************************************************************/ -struct rpc_msg { /* Should have member alignment inhibited */ - char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ - char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ - unsigned short int length; /* Amount of data returned or max to return */ - char data[4092]; /* variable data */ +/* Should have member alignment inhibited */ +struct rpc_msg { + /* 'A'-app data. 'R'-remote client 'G'-global */ + char channel; + /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ + char function; + /* Amount of data returned or max to return */ + unsigned short int length; + /* variable data */ + char data[4092]; }; #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 80f5a28799..a3cd27d226 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -869,8 +869,10 @@ bad: #ifdef TLSEXT_TYPE_opaque_prf_input SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb); SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb); - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */ - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */ + /* or &co2 or NULL */ + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); + /* or &so2 or NULL */ + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); #endif if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 6d8bc44b66..df287fdf04 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1039,7 +1039,8 @@ int tls1_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); -#if 0 /* not appropriate for TLS, not used for DTLS */ +#if 0 + /* not appropriate for TLS, not used for DTLS */ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); #endif -- cgit v1.2.3