summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2015-01-21 20:18:47 +0100
committerMatt Caswell <matt@openssl.org>2015-01-22 10:20:09 +0100
commit68d39f3ce6ff4f65170d94f7310b3f485f33328d (patch)
tree789d8aeaf5401f2f8f5ee256ba36f5b8edb7261a
parentDelete trailing whitespace from output. (diff)
downloadopenssl-68d39f3ce6ff4f65170d94f7310b3f485f33328d.tar.xz
openssl-68d39f3ce6ff4f65170d94f7310b3f485f33328d.zip
Move more comments that confuse indent
Reviewed-by: Tim Hudson <tjh@openssl.org>
-rw-r--r--apps/apps.c10
-rw-r--r--apps/ca.c3
-rw-r--r--apps/passwd.c3
-rw-r--r--apps/s_apps.h3
-rw-r--r--apps/s_server.c3
-rw-r--r--crypto/bio/bss_bio.c3
-rw-r--r--crypto/bio/bss_rtcp.c15
-rw-r--r--crypto/bn/bn_lib.c13
-rw-r--r--crypto/bn/rsaz_exp.c3
-rw-r--r--crypto/crypto.h3
-rw-r--r--crypto/des/des_ver.h6
-rw-r--r--crypto/dsa/dsa.h27
-rw-r--r--crypto/ec/ec2_oct.c5
-rw-r--r--crypto/ec/ecp_nistp256.c6
-rw-r--r--crypto/ec/ecp_nistp521.c3
-rw-r--r--crypto/ec/ecp_nistputil.c3
-rw-r--r--crypto/ec/ecp_oct.c5
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha1.c6
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha256.c3
-rw-r--r--crypto/modes/gcm128.c3
-rw-r--r--crypto/rand/md_rand.c6
-rw-r--r--crypto/seed/seed.h3
-rw-r--r--crypto/x509/x509.h9
-rw-r--r--demos/engines/ibmca/hw_ibmca.c6
-rw-r--r--engines/e_chil.c3
-rw-r--r--engines/e_sureware.c6
-rw-r--r--engines/e_ubsec.c8
-rw-r--r--ssl/d1_pkt.c3
-rw-r--r--ssl/kssl.c9
-rw-r--r--ssl/ssl.h51
-rw-r--r--ssl/ssl_locl.h72
-rw-r--r--ssl/ssl_task.c15
-rw-r--r--ssl/ssltest.c6
-rw-r--r--ssl/t1_enc.c3
34 files changed, 211 insertions, 115 deletions
diff --git a/apps/apps.c b/apps/apps.c
index ac709a6a3d..2731554a29 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -110,10 +110,12 @@
*/
#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-#define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get
- the declaration of fileno(). The value
- 2 is to make sure no function defined
- in POSIX-2 is left undefined. */
+/* On VMS, you need to define this to get
+ * the declaration of fileno(). The value
+ * 2 is to make sure no function defined
+ * in POSIX-2 is left undefined.
+ */
+#define _POSIX_C_SOURCE 2
#endif
#include <stdio.h>
#include <stdlib.h>
diff --git a/apps/ca.c b/apps/ca.c
index 1778f953d9..cd7abeed76 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1497,7 +1497,8 @@ bad:
}
- if (crlnumberfile != NULL) /* we have a CRL number that need updating */
+ /* we have a CRL number that need updating */
+ if (crlnumberfile != NULL)
if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
if (crlnumber)
diff --git a/apps/passwd.c b/apps/passwd.c
index 8e65ed7cbb..e12b5ecea8 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -310,7 +310,8 @@ err:
*/
static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{
- static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
+ /* "$apr1$..salt..$.......md5hash..........\0" */
+ static char out_buf[6 + 9 + 24 + 2];
unsigned char buf[MD5_DIGEST_LENGTH];
char *salt_out;
int n;
diff --git a/apps/s_apps.h b/apps/s_apps.h
index 625e1eb266..6baae1aa3d 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -108,7 +108,8 @@
* Hudson (tjh@cryptsoft.com).
*
*/
-#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
+/* conflicts with winsock2 stuff on netware */
+#if !defined(OPENSSL_SYS_NETWARE)
#include <sys/types.h>
#endif
#include <openssl/opensslconf.h>
diff --git a/apps/s_server.c b/apps/s_server.c
index 412091dd11..4d55a9a259 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -149,7 +149,8 @@
#include <openssl/e_os2.h>
-#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
+/* conflicts with winsock2 stuff on netware */
+#if !defined(OPENSSL_SYS_NETWARE)
#include <sys/types.h>
#endif
diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
index 6d86587ee3..b948631cd7 100644
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -151,7 +151,8 @@ static int bio_new(BIO *bio)
return 0;
b->peer = NULL;
- b->size = 17*1024; /* enough for one TLS record (just a default) */
+ /* enough for one TLS record (just a default) */
+ b->size = 17*1024;
b->buf = NULL;
bio->ptr = b;
diff --git a/crypto/bio/bss_rtcp.c b/crypto/bio/bss_rtcp.c
index c65cff442f..7a24871ab0 100644
--- a/crypto/bio/bss_rtcp.c
+++ b/crypto/bio/bss_rtcp.c
@@ -76,11 +76,16 @@ typedef unsigned short io_channel;
/*************************************************************************/
struct io_status { short status, count; long flags; };
-struct rpc_msg { /* Should have member alignment inhibited */
- char channel; /* 'A'-app data. 'R'-remote client 'G'-global */
- char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
- unsigned short int length; /* Amount of data returned or max to return */
- char data[4092]; /* variable data */
+/* Should have member alignment inhibited */
+struct rpc_msg {
+ /* 'A'-app data. 'R'-remote client 'G'-global */
+ char channel;
+ /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+ char function;
+ /* Amount of data returned or max to return */
+ unsigned short int length;
+ /* variable data */
+ char data[4092];
};
#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index e664fa6df2..d1f37f6af7 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -351,6 +351,11 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
}
+ /*
+ * workaround for ultrix cc: without 'case 0', the optimizer does
+ * the switch table by doing a=top&3; a--; goto jump_table[a];
+ * which fails for top== 0
+ */
switch (b->top&3)
{
case 3: A[2]=B[2];
@@ -358,11 +363,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
case 1: A[0]=B[0];
case 0:
;
- /*
- * workaround for ultrix cc: without 'case 0', the optimizer does
- * the switch table by doing a=top&3; a--; goto jump_table[a];
- * which fails for top== 0
- */
}
}
@@ -452,12 +452,13 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
}
+ /* ultrix cc workaround, see comments in bn_expand_internal */
switch (b->top&3)
{
case 3: A[2]=B[2];
case 2: A[1]=B[1];
case 1: A[0]=B[0];
- case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
+ case 0: ;
}
#else
memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
diff --git a/crypto/bn/rsaz_exp.c b/crypto/bn/rsaz_exp.c
index 54f5760120..6a1ffe2d4f 100644
--- a/crypto/bn/rsaz_exp.c
+++ b/crypto/bn/rsaz_exp.c
@@ -60,7 +60,8 @@ void rsaz_1024_red2norm_avx2(void *norm,const void *red);
# define ALIGN64
# pragma align 64(one,two80)
#else
-# define ALIGN64 /* not fatal, might hurt performance a little */
+/* not fatal, might hurt performance a little */
+# define ALIGN64
#endif
ALIGN64 static const BN_ULONG one[40] = {
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 7ee56fa38c..f00305dd26 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -286,7 +286,8 @@ typedef struct bio_st BIO_dummy;
struct crypto_ex_data_st
{
STACK_OF(void) *sk;
- int dummy; /* gcc is screwing up this data structure :-( */
+ /* gcc is screwing up this data structure :-( */
+ int dummy;
};
DECLARE_STACK_OF(void)
diff --git a/crypto/des/des_ver.h b/crypto/des/des_ver.h
index d1ada258a6..10e889a572 100644
--- a/crypto/des/des_ver.h
+++ b/crypto/des/des_ver.h
@@ -67,5 +67,7 @@
#define DES_version OSSL_DES_version
#define libdes_version OSSL_libdes_version
-OPENSSL_EXTERN const char OSSL_DES_version[]; /* SSLeay version string */
-OPENSSL_EXTERN const char OSSL_libdes_version[]; /* old libdes version string */
+/* SSLeay version string */
+OPENSSL_EXTERN const char OSSL_DES_version[];
+/* old libdes version string */
+OPENSSL_EXTERN const char OSSL_libdes_version[];
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index a8da6a6927..ac5f9c9c65 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -91,19 +91,20 @@
#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
#define DSA_FLAG_CACHE_MONT_P 0x01
-#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the
- * built-in DSA
- * implementation now
- * uses constant time
- * modular exponentiation
- * for secret exponents
- * by default. This flag
- * causes the faster
- * variable sliding
- * window method to be
- * used for all
- * exponents.
- */
+/* new with 0.9.7h; the
+ * built-in DSA
+ * implementation now
+ * uses constant time
+ * modular exponentiation
+ * for secret exponents
+ * by default. This flag
+ * causes the faster
+ * variable sliding
+ * window method to be
+ * used for all
+ * exponents.
+ */
+#define DSA_FLAG_NO_EXP_CONSTTIME 0x02
/* If this flag is set the DSA method is FIPS compliant and can be used
* in FIPS mode. This is set in the validated module method. If an
diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index 4788a1ea9d..ab05e0e10e 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -390,8 +390,9 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
}
-
- if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+
+ /* test required by X9.62 */
+ if (!EC_POINT_is_on_curve(group, point, ctx))
{
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c
index 10be17ebe6..0d20adc759 100644
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -1563,9 +1563,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
if (!skip)
{
+ /* Arg 1 below is for "mixed" */
point_add(nq[0], nq[1], nq[2],
nq[0], nq[1], nq[2],
- 1 /* mixed */, tmp[0], tmp[1], tmp[2]);
+ 1, tmp[0], tmp[1], tmp[2]);
}
else
{
@@ -1582,9 +1583,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
bits |= get_bit(g_scalar, i);
/* select the point to add, in constant time */
select_point(bits, 16, g_pre_comp[0], tmp);
+ /* Arg 1 below is for "mixed" */
point_add(nq[0], nq[1], nq[2],
nq[0], nq[1], nq[2],
- 1 /* mixed */, tmp[0], tmp[1], tmp[2]);
+ 1, tmp[0], tmp[1], tmp[2]);
}
/* do other additions every 5 doublings */
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 78c21f0089..f97dab67de 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -1460,9 +1460,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
select_point(bits, 16, g_pre_comp, tmp);
if (!skip)
{
+ /* The 1 argument below is for "mixed" */
point_add(nq[0], nq[1], nq[2],
nq[0], nq[1], nq[2],
- 1 /* mixed */, tmp[0], tmp[1], tmp[2]);
+ 1, tmp[0], tmp[1], tmp[2]);
}
else
{
diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c
index 4ab42d814c..c65bb2d911 100644
--- a/crypto/ec/ecp_nistputil.c
+++ b/crypto/ec/ecp_nistputil.c
@@ -79,7 +79,8 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
/* tmp_felem(i-1) is the product of Z(0) .. Z(i-1),
* tmp_felem(i) is the inverse of the product of Z(0) .. Z(i)
*/
- felem_mul(tmp_felem(num), tmp_felem(i-1), tmp_felem(i)); /* 1/Z(i) */
+ /* 1/Z(i) */
+ felem_mul(tmp_felem(num), tmp_felem(i-1), tmp_felem(i));
else
felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */
diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c
index ba891675be..cba7e4a6f7 100644
--- a/crypto/ec/ecp_oct.c
+++ b/crypto/ec/ecp_oct.c
@@ -416,8 +416,9 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
}
-
- if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+
+ /* test required by X9.62 */
+ if (!EC_POINT_is_on_curve(group, point, ctx))
{
ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index ec76393576..3e41f5d419 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -212,7 +212,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
u64 seqnum;
#endif
- if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0) /* ask for IVs in bulk */
+ /* ask for IVs in bulk */
+ if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)
return 0;
ctx = (SHA1_MB_CTX *)(storage+32-((size_t)storage%32)); /* align */
@@ -229,7 +230,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
/* populate descriptors with pointers and IVs */
hash_d[0].ptr = inp;
ciph_d[0].inp = inp;
- ciph_d[0].out = out+5+16; /* 5+16 is place for header and explicit IV */
+ /* 5+16 is place for header and explicit IV */
+ ciph_d[0].out = out+5+16;
memcpy(ciph_d[0].out-16,IVs,16);
memcpy(ciph_d[0].iv,IVs,16); IVs += 16;
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 6c8c958194..affd2f609a 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -227,7 +227,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
/* populate descriptors with pointers and IVs */
hash_d[0].ptr = inp;
ciph_d[0].inp = inp;
- ciph_d[0].out = out+5+16; /* 5+16 is place for header and explicit IV */
+ /* 5+16 is place for header and explicit IV */
+ ciph_d[0].out = out+5+16;
memcpy(ciph_d[0].out-16,IVs,16);
memcpy(ciph_d[0].iv,IVs,16); IVs += 16;
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 7e856b5489..33351684e6 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -2089,7 +2089,8 @@ static const u8 T19[]= {
/* Test Case 20 */
#define K20 K1
#define A20 A1
-static const u8 IV20[64]={0xff,0xff,0xff,0xff}; /* this results in 0xff in counter LSB */
+/* this results in 0xff in counter LSB */
+static const u8 IV20[64]={0xff,0xff,0xff,0xff};
static const u8 P20[288];
static const u8 C20[]= {
0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a,
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 143501e611..2a3a2f4d69 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -158,7 +158,8 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
* holds CRYPTO_LOCK_RAND
* (to prevent double locking) */
/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
+/* valid iff crypto_lock_rand is set */
+static CRYPTO_THREADID locking_threadid;
#ifdef PREDICT
@@ -571,7 +572,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
for (i=0; i<MD_DIGEST_LENGTH/2; i++)
{
- state[st_idx++]^=local_md[i]; /* may compete with other threads */
+ /* may compete with other threads */
+ state[st_idx++]^=local_md[i];
if (st_idx >= st_num)
st_idx=0;
if (i < j)
diff --git a/crypto/seed/seed.h b/crypto/seed/seed.h
index 6ffa5f024e..877c28a841 100644
--- a/crypto/seed/seed.h
+++ b/crypto/seed/seed.h
@@ -89,7 +89,8 @@
#error SEED is disabled.
#endif
-#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */
+/* look whether we need 'long' to get 32 bits */
+#ifdef AES_LONG
# ifndef SEED_LONG
# define SEED_LONG 1
# endif
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index d615171697..017bea9d52 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -571,7 +571,8 @@ X509_ALGOR *encryption;
} PBE2PARAM;
typedef struct PBKDF2PARAM_st {
-ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */
+/* Usually OCTET STRING but could be anything */
+ASN1_TYPE *salt;
ASN1_INTEGER *iter;
ASN1_INTEGER *keylength;
X509_ALGOR *prf;
@@ -582,7 +583,8 @@ X509_ALGOR *prf;
struct pkcs8_priv_key_info_st
{
- int broken; /* Flag for various broken formats */
+ /* Flag for various broken formats */
+ int broken;
#define PKCS8_OK 0
#define PKCS8_NO_OCTET 1
#define PKCS8_EMBEDDED_PARAM 2
@@ -590,7 +592,8 @@ struct pkcs8_priv_key_info_st
#define PKCS8_NEG_PRIVKEY 4
ASN1_INTEGER *version;
X509_ALGOR *pkeyalg;
- ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
+ /* Should be OCTET STRING but some are broken */
+ ASN1_TYPE *pkey;
STACK_OF(X509_ATTRIBUTE) *attributes;
};
diff --git a/demos/engines/ibmca/hw_ibmca.c b/demos/engines/ibmca/hw_ibmca.c
index 743f6d60ad..4a997c85a9 100644
--- a/demos/engines/ibmca/hw_ibmca.c
+++ b/demos/engines/ibmca/hw_ibmca.c
@@ -764,10 +764,12 @@ they could cause potential side affects on either the card or the result */
BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */
pkey += qSize; /* move pointer */
- pkey += pSize - BN_num_bytes(p); /* set up for zero padding of next field */
+ /* set up for zero padding of next field */
+ pkey += pSize - BN_num_bytes(p);
BN_bn2bin(p, pkey);
- pkey += BN_num_bytes(p); /* increment pointer by number of bytes moved */
+ /* increment pointer by number of bytes moved */
+ pkey += BN_num_bytes(p);
BN_bn2bin(q, pkey);
pkey += qSize ; /* move the pointer */
diff --git a/engines/e_chil.c b/engines/e_chil.c
index 9999fcc775..d1ee0c8fef 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -419,7 +419,8 @@ void ENGINE_load_chil(void)
static DSO *hwcrhk_dso = NULL;
static HWCryptoHook_ContextHandle hwcrhk_context = 0;
#ifndef OPENSSL_NO_RSA
-static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */
+/* Index for KM handle. Not really used yet. */
+static int hndidx_rsa = -1;
#endif
/* These are the function pointers that are (un)set when the library has
diff --git a/engines/e_sureware.c b/engines/e_sureware.c
index be7b52f10b..f7fb3b98e5 100644
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -337,10 +337,12 @@ void ENGINE_load_sureware(void)
* implicitly. */
static DSO *surewarehk_dso = NULL;
#ifndef OPENSSL_NO_RSA
-static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */
+/* Index for KM handle. Not really used yet. */
+static int rsaHndidx = -1;
#endif
#ifndef OPENSSL_NO_DSA
-static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */
+/* Index for KM handle. Not really used yet. */
+static int dsaHndidx = -1;
#endif
/* These are the function pointers that are (un)set when the library has
diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c
index 458f37e996..bf20d527d0 100644
--- a/engines/e_ubsec.c
+++ b/engines/e_ubsec.c
@@ -782,9 +782,13 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
goto err;
}
- if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
+ if (p_UBSEC_dsa_sign_ioctl(fd,
+ /* compute hash before signing */
+ 0,
(unsigned char *)dgst, d_len,
- NULL, 0, /* compute random value */
+ NULL,
+ /* compute random value */
+ 0,
(unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 44a83496d4..d39f547ed5 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -712,7 +712,8 @@ again:
{
if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0)
return -1;
- dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
+ /* Mark receipt of record. */
+ dtls1_record_bitmap_update(s, bitmap);
}
rr->length = 0;
s->packet_length = 0;
diff --git a/ssl/kssl.c b/ssl/kssl.c
index 21172f31d5..86dce9a179 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -1813,8 +1813,10 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
princ,
- 0 /* IGNORE_VNO */,
- 0 /* IGNORE_ENCTYPE */,
+ /* IGNORE_VNO */
+ 0,
+ /* IGNORE_ENCTYPE */
+ 0,
&entry);
if ( krb5rc == KRB5_KT_NOTFOUND ) {
rc = 1;
@@ -1898,7 +1900,8 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
krb5_free_data_contents(NULL, data);
#endif
}
-#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
+#endif
+/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
/* Given pointers to KerberosTime and struct tm structs, convert the
diff --git a/ssl/ssl.h b/ssl/ssl.h
index d7dc2fabd3..f0a7f5a8c6 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -582,7 +582,8 @@ struct ssl_session_st
* the workaround is not needed. Unfortunately some broken SSL/TLS
* implementations cannot handle it at all, which is why we include
* it in SSL_OP_ALL. */
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */
+/* added in 0.9.6e */
+#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
* This used to be 0x000FFFFFL before 0.9.7. */
@@ -1699,27 +1700,40 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
/* These alert types are for SSLv3 and TLSv1 */
#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
-#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
-#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
+/* fatal */
+#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE
+/* fatal */
+#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC
#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
-#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
-#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
-#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
+/* fatal */
+#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE
+/* fatal */
+#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE
+/* Not for TLS */
+#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE
#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
-#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
-#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
-#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
-#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
+/* fatal */
+#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER
+/* fatal */
+#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA
+/* fatal */
+#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED
+/* fatal */
+#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR
#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
-#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
-#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
-#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
+/* fatal */
+#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION
+/* fatal */
+#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION
+/* fatal */
+#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY
+/* fatal */
+#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR
#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
@@ -1727,8 +1741,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
-#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
-#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
+/* fatal */
+#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY
+/* fatal */
+#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK
#define SSL_ERROR_NONE 0
#define SSL_ERROR_SSL 1
@@ -2119,7 +2135,8 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
+/* PEM type */
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *file);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 6f49421bd2..23fa47d280 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -288,32 +288,56 @@
*/
/* Bits for algorithm_mkey (key exchange algorithm) */
-#define SSL_kRSA 0x00000001L /* RSA key exchange */
-#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */
-#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */
-#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
-#define SSL_kEDH SSL_kDHE /* synonym */
-#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */
-#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
-#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
-#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
-#define SSL_kEECDH SSL_kECDHE /* synonym */
-#define SSL_kPSK 0x00000100L /* PSK */
-#define SSL_kGOST 0x00000200L /* GOST key exchange */
-#define SSL_kSRP 0x00000400L /* SRP */
+/* RSA key exchange */
+#define SSL_kRSA 0x00000001L
+/* DH cert, RSA CA cert */
+#define SSL_kDHr 0x00000002L
+/* DH cert, DSA CA cert */
+#define SSL_kDHd 0x00000004L
+/* tmp DH key no DH cert */
+#define SSL_kDHE 0x00000008L
+/* synonym */
+#define SSL_kEDH SSL_kDHE
+/* Kerberos5 key exchange */
+#define SSL_kKRB5 0x00000010L
+/* ECDH cert, RSA CA cert */
+#define SSL_kECDHr 0x00000020L
+/* ECDH cert, ECDSA CA cert */
+#define SSL_kECDHe 0x00000040L
+/* ephemeral ECDH */
+#define SSL_kECDHE 0x00000080L
+/* synonym */
+#define SSL_kEECDH SSL_kECDHE
+/* PSK */
+#define SSL_kPSK 0x00000100L
+/* GOST key exchange */
+#define SSL_kGOST 0x00000200L
+/* SRP */
+#define SSL_kSRP 0x00000400L
/* Bits for algorithm_auth (server authentication) */
-#define SSL_aRSA 0x00000001L /* RSA auth */
-#define SSL_aDSS 0x00000002L /* DSS auth */
-#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
-#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */
-#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
-#define SSL_aKRB5 0x00000020L /* KRB5 auth */
-#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
-#define SSL_aPSK 0x00000080L /* PSK auth */
-#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
-#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
-#define SSL_aSRP 0x00000400L /* SRP auth */
+/* RSA auth */
+#define SSL_aRSA 0x00000001L
+/* DSS auth */
+#define SSL_aDSS 0x00000002L
+/* no auth (i.e. use ADH or AECDH) */
+#define SSL_aNULL 0x00000004L
+/* Fixed DH auth (kDHd or kDHr) */
+#define SSL_aDH 0x00000008L
+/* Fixed ECDH auth (kECDHe or kECDHr) */
+#define SSL_aECDH 0x00000010L
+/* KRB5 auth */
+#define SSL_aKRB5 0x00000020L
+/* ECDSA auth*/
+#define SSL_aECDSA 0x00000040L
+/* PSK auth */
+#define SSL_aPSK 0x00000080L
+/* GOST R 34.10-94 signature auth */
+#define SSL_aGOST94 0x00000100L
+/* GOST R 34.10-2001 signature auth */
+#define SSL_aGOST01 0x00000200L
+/* SRP auth */
+#define SSL_aSRP 0x00000400L
/* Bits for algorithm_enc (symmetric encryption) */
diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c
index 592e8580dc..d06055d963 100644
--- a/ssl/ssl_task.c
+++ b/ssl/ssl_task.c
@@ -144,11 +144,16 @@ static int s_nbio=0;
#endif
#define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"
/*************************************************************************/
-struct rpc_msg { /* Should have member alignment inhibited */
- char channel; /* 'A'-app data. 'R'-remote client 'G'-global */
- char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
- unsigned short int length; /* Amount of data returned or max to return */
- char data[4092]; /* variable data */
+/* Should have member alignment inhibited */
+struct rpc_msg {
+ /* 'A'-app data. 'R'-remote client 'G'-global */
+ char channel;
+ /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+ char function;
+ /* Amount of data returned or max to return */
+ unsigned short int length;
+ /* variable data */
+ char data[4092];
};
#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 746bfba539..c9a92903cb 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -1616,8 +1616,10 @@ bad:
#ifdef TLSEXT_TYPE_opaque_prf_input
SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
- SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */
- SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */
+ /* or &co2 or NULL */
+ SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1);
+ /* or &so2 or NULL */
+ SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1);
#endif
if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index ac6c85ea32..255fb5ab79 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1279,7 +1279,8 @@ int tls1_alert_code(int code)
case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
-#if 0 /* not appropriate for TLS, not used for DTLS */
+#if 0
+ /* not appropriate for TLS, not used for DTLS */
case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
(DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
#endif