diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/a_utctm.c | 19 | ||||
-rw-r--r-- | crypto/bio/bss_file.c | 9 | ||||
-rw-r--r-- | crypto/bio/bss_log.c | 7 | ||||
-rw-r--r-- | crypto/bn/bn.h | 22 | ||||
-rw-r--r-- | crypto/bn/bn_lib.c | 9 | ||||
-rw-r--r-- | crypto/des/read_pwd.c | 3 | ||||
-rw-r--r-- | crypto/dh/dh.h | 17 | ||||
-rw-r--r-- | crypto/ec/ec_lcl.h | 76 | ||||
-rw-r--r-- | crypto/ec/ecp_nistp224.c | 9 | ||||
-rw-r--r-- | crypto/evp/evp.h | 84 | ||||
-rw-r--r-- | crypto/rand/rand_win.c | 13 | ||||
-rw-r--r-- | crypto/rsa/rsa.h | 56 | ||||
-rw-r--r-- | crypto/rsa/rsa_eay.c | 11 | ||||
-rw-r--r-- | crypto/sha/sha.h | 9 | ||||
-rw-r--r-- | crypto/stack/safestack.h | 3 | ||||
-rw-r--r-- | crypto/store/str_mem.c | 41 | ||||
-rw-r--r-- | crypto/whrlpool/wp_block.c | 7 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.h | 99 | ||||
-rw-r--r-- | crypto/x509/x509type.c | 4 |
19 files changed, 314 insertions, 184 deletions
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 468123cc6f..08ece293bf 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -346,13 +346,16 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) } #undef g2 - return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone - * instead of UTC, and unless we rewrite OpenSSL - * in Lisp we cannot locally change the timezone - * without possibly interfering with other parts - * of the program. timegm, which uses UTC, is - * non-standard. - * Also time_t is inappropriate for general - * UTC times because it may a 32 bit type. */ + /* + * FIXME: mktime assumes the current timezone + * instead of UTC, and unless we rewrite OpenSSL + * in Lisp we cannot locally change the timezone + * without possibly interfering with other parts + * of the program. timegm, which uses UTC, is + * non-standard. + * Also time_t is inappropriate for general + * UTC times because it may a 32 bit type. + */ + return mktime(&tm)-offset*60; } #endif diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 962b4068ea..01df9702d6 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -153,9 +153,14 @@ BIO *BIO_new_file(const char *filename, const char *mode) wmode,sizeof(wmode)/sizeof(wmode[0])) && (file=_wfopen(wfilename,wmode))==NULL && (errno==ENOENT || errno==EBADF) - ) /* UTF-8 decode succeeded, but no file, filename - * could still have been locale-ized... */ + ) + { + /* + * UTF-8 decode succeeded, but no file, filename + * could still have been locale-ized... + */ file = fopen(filename,mode); + } } else if (GetLastError()==ERROR_NO_UNICODE_TRANSLATION) { diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 1cc413a916..39b6af1974 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -276,8 +276,11 @@ static void xsyslog(BIO *bp, int priority, const char *string) case LOG_DEBUG: evtype = EVENTLOG_INFORMATION_TYPE; break; - default: /* Should never happen, but set it - as error anyway. */ + default: + /* + * Should never happen, but set it + * as error anyway. + */ evtype = EVENTLOG_ERROR_TYPE; break; } diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index d744b9f609..e85916b30e 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -257,16 +257,22 @@ extern "C" { #define BN_FLG_MALLOCED 0x01 #define BN_FLG_STATIC_DATA 0x02 -#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, - * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, - * BN_div() will call BN_div_no_branch, - * BN_mod_inverse() will call BN_mod_inverse_no_branch. - */ + +/* + * avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ +#define BN_FLG_CONSTTIME 0x04 #ifdef OPENSSL_USE_DEPRECATED -#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ - /* avoid leaking exponent information through timings - * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ +/* deprecated name for the flag */ +#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +/* + * avoid leaking exponent information through timings + * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) + */ #endif #ifdef OPENSSL_USE_DEPRECATED diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 886de0d81f..133fbb5a57 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -356,9 +356,12 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) case 3: A[2]=B[2]; case 2: A[1]=B[1]; case 1: A[0]=B[0]; - case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 */ + case 0: + /* + * workaround for ultrix cc: without 'case 0', the optimizer does + * the switch table by doing a=top&3; a--; goto jump_table[a]; + * which fails for top== 0 + */ ; } } diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index f5f10266a6..bff361bd62 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -75,7 +75,8 @@ #endif #endif -/* #define SIGACTION */ /* Define this if you have sigaction() */ +/* Define this if you have sigaction() */ +/* #define SIGACTION */ /* 06-Apr-92 Luke Brennan Support for VMS */ #include "des_locl.h" diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 28a8e9506e..14f4e47bb4 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -80,13 +80,16 @@ #define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 #define DH_FLAG_CACHE_MONT_P 0x01 -#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH - * implementation now uses constant time - * modular exponentiation for secret exponents - * by default. This flag causes the - * faster variable sliding window method to - * be used for all exponents. - */ + +/* + * new with 0.9.7h; the built-in DH + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* If this flag is set the DH method is FIPS compliant and can be used * in FIPS mode. This is set in the validated module method. If an diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index b7982d91de..1f175a9820 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -205,39 +205,49 @@ struct ec_group_st { /* The following members are handled by the method functions, * even if they appear generic */ - BIGNUM *field; /* Field specification. - * For curves over GF(p), this is the modulus; - * for curves over GF(2^m), this is the - * irreducible polynomial defining the field. - */ - - int poly[6]; /* Field specification for curves over GF(2^m). - * The irreducible f(t) is then of the form: - * t^poly[0] + t^poly[1] + ... + t^poly[k] - * where m = poly[0] > poly[1] > ... > poly[k] = 0. - * The array is terminated with poly[k+1]=-1. - * All elliptic curve irreducibles have at most 5 - * non-zero terms. - */ - - BIGNUM *a, *b; /* Curve coefficients. - * (Here the assumption is that BIGNUMs can be used - * or abused for all kinds of fields, not just GF(p).) - * For characteristic > 3, the curve is defined - * by a Weierstrass equation of the form - * y^2 = x^3 + a*x + b. - * For characteristic 2, the curve is defined by - * an equation of the form - * y^2 + x*y = x^3 + a*x^2 + b. - */ - - int a_is_minus3; /* enable optimized point arithmetics for special case */ - - void *field_data1; /* method-specific (e.g., Montgomery structure) */ - void *field_data2; /* method-specific */ - int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */ - - BN_MONT_CTX *mont_data; /* data for ECDSA inverse */ + /* Field specification. + * For curves over GF(p), this is the modulus; + * for curves over GF(2^m), this is the + * irreducible polynomial defining the field. + */ + BIGNUM *field; + + /* Field specification for curves over GF(2^m). + * The irreducible f(t) is then of the form: + * t^poly[0] + t^poly[1] + ... + t^poly[k] + * where m = poly[0] > poly[1] > ... > poly[k] = 0. + * The array is terminated with poly[k+1]=-1. + * All elliptic curve irreducibles have at most 5 + * non-zero terms. + */ + int poly[6]; + + /* Curve coefficients. + * (Here the assumption is that BIGNUMs can be used + * or abused for all kinds of fields, not just GF(p).) + * For characteristic > 3, the curve is defined + * by a Weierstrass equation of the form + * y^2 = x^3 + a*x + b. + * For characteristic 2, the curve is defined by + * an equation of the form + * y^2 + x*y = x^3 + a*x^2 + b. + */ + BIGNUM *a, *b; + + /* enable optimized point arithmetics for special case */ + int a_is_minus3; + + /* method-specific (e.g., Montgomery structure) */ + void *field_data1; + + /* method-specific */ + void *field_data2; + + /* method-specific */ + int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); + + /* data for ECDSA inverse */ + BN_MONT_CTX *mont_data; } /* EC_GROUP */; struct ec_key_st { diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 192bb1d2b8..45d5e089a3 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1017,9 +1017,12 @@ static void point_add(felem x3, felem y3, felem z3, felem_assign(z3, z_out); } -/* select_point selects the |idx|th point from a precomputation table and - * copies it to out. */ -static void select_point(const u64 idx, unsigned int size, const felem pre_comp[/*size*/][3], felem out[3]) +/* + * select_point selects the |idx|th point from a precomputation table and + * copies it to out. + * The pre_comp array argument should be size of |size| argument + */ +static void select_point(const u64 idx, unsigned int size, const felem pre_comp[][3], felem out[3]) { unsigned i, j; limb *outlimbs = &out[0][0]; diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index d062f9121e..f7f53138b9 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -190,13 +190,16 @@ typedef int evp_verify_method(int type,const unsigned char *m, unsigned int m_length,const unsigned char *sigbuf, unsigned int siglen, void *key); -#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single - * block */ - -#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used - * which is a copy of an existing - * one for a specific public key type. - * EVP_dss1() etc */ +/* digest can only handle a single block */ +#define EVP_MD_FLAG_ONESHOT 0x0001 + +/* + * digest is a "clone" digest used + * which is a copy of an existing + * one for a specific public key type. + * EVP_dss1() etc + */ +#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ @@ -218,7 +221,8 @@ typedef int evp_verify_method(int type,const unsigned char *m, #define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 -#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ +/* Note if suitable for use in FIPS mode */ +#define EVP_MD_FLAG_FIPS 0x0400 /* Digest ctrls */ @@ -311,19 +315,39 @@ struct evp_cipher_st { int nid; int block_size; - int key_len; /* Default value for variable length ciphers */ + + /* Default value for variable length ciphers */ + int key_len; int iv_len; - unsigned long flags; /* Various flags */ + + /* Various flags */ + unsigned long flags; + + /* init key */ int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); /* init key */ + const unsigned char *iv, int enc); + + /* encrypt/decrypt data */ int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl);/* encrypt/decrypt data */ - int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ - int ctx_size; /* how big ctx->cipher_data needs to be */ - int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ - int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ - int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ - void *app_data; /* Application data */ + const unsigned char *in, size_t inl); + + /* cleanup ctx */ + int (*cleanup)(EVP_CIPHER_CTX *); + + /* how big ctx->cipher_data needs to be */ + int ctx_size; + + /* Populate a ASN1_TYPE with parameters */ + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); + + /* Get parameters from a ASN1_TYPE */ + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); + + /* Miscellaneous operations */ + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); + + /* Application data */ + void *app_data; } /* EVP_CIPHER */; /* Values for cipher flags */ @@ -466,14 +490,22 @@ struct evp_cipher_ctx_st typedef struct evp_Encode_Ctx_st { - int num; /* number saved in a partial encode/decode */ - int length; /* The length is either the output line length - * (in input bytes) or the shortest input line - * length that is ok. Once decoding begins, - * the length is adjusted up each time a longer - * line is decoded */ - unsigned char enc_data[80]; /* data to encode */ - int line_num; /* number read on current line */ + /* number saved in a partial encode/decode */ + int num; + + /* The length is either the output line length + * (in input bytes) or the shortest input line + * length that is ok. Once decoding begins, + * the length is adjusted up each time a longer + * line is decoded + */ + int length; + + /* data to encode */ + unsigned char enc_data[80]; + + /* number read on current line */ + int line_num; int expect_nl; } EVP_ENCODE_CTX; diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 4d74150942..c81935c38c 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -179,12 +179,13 @@ typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); #include <lmcons.h> #include <lmstats.h> -#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE - * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was - * was added to the Platform SDK to allow the NET API to be used in - * non-Unicode applications provided that Unicode strings were still - * used for input. LMSTR is defined as LPWSTR. - */ +#if 1 +/* The NET API is Unicode only. It requires the use of the UNICODE + * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was + * was added to the Platform SDK to allow the NET API to be used in + * non-Unicode applications provided that Unicode strings were still + * used for input. LMSTR is defined as LPWSTR. + */ typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 669b601ca8..9acc5f8821 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -170,7 +170,9 @@ struct rsa_st # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 #endif #ifndef OPENSSL_RSA_MAX_PUBEXP_BITS -# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ + +/* exponent limit enforced for "large" modulus only */ +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 #endif #define RSA_3 0x3L @@ -193,30 +195,36 @@ struct rsa_st */ #define RSA_FLAG_SIGN_VER 0x0040 -#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in - * RSA implementation now uses blinding by - * default (ignoring RSA_FLAG_BLINDING), - * but other engines might not need it - */ -#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA - * implementation now uses constant time - * operations by default in private key operations, - * e.g., constant time modular exponentiation, - * modular inverse without leaking branches, - * division without leaking branches. This - * flag disables these constant time - * operations and results in faster RSA - * private key operations. - */ +/* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ +#define RSA_FLAG_NO_BLINDING 0x0080 +/* + * new with 0.9.8f; the built-in RSA + * implementation now uses constant time + * operations by default in private key operations, + * e.g., constant time modular exponentiation, + * modular inverse without leaking branches, + * division without leaking branches. This + * flag disables these constant time + * operations and results in faster RSA + * private key operations. + */ +#define RSA_FLAG_NO_CONSTTIME 0x0100 #ifdef OPENSSL_USE_DEPRECATED -#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/ - /* new with 0.9.7h; the built-in RSA - * implementation now uses constant time - * modular exponentiation for secret exponents - * by default. This flag causes the - * faster variable sliding window method to - * be used for all exponents. - */ +/* deprecated name for the flag*/ +/* + * new with 0.9.7h; the built-in RSA + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME #endif diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 3e08fe77dd..4b7aa5f68e 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -286,11 +286,12 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) { /* resort to rsa->mt_blinding instead */ - *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert() - * that the BN_BLINDING is shared, meaning that accesses - * require locks, and that the blinding factor must be - * stored outside the BN_BLINDING - */ + /* instructs rsa_blinding_convert(), rsa_blinding_invert() + * that the BN_BLINDING is shared, meaning that accesses + * require locks, and that the blinding factor must be + * stored outside the BN_BLINDING + */ + *local = 0; if (rsa->mt_blinding == NULL) { diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index 95d9b60072..1c27d50ed5 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -151,9 +151,12 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); * being exactly 64-bit wide. See Implementation Notes in sha512.c * for further details. */ -#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a - * contiguous array of 64 bit - * wide big-endian values. */ +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +#define SHA512_CBLOCK (SHA_LBLOCK*8) #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) #define SHA_LONG64 unsigned __int64 #define U64(C) C##UI64 diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 99393cb2db..60a9867f48 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -98,7 +98,8 @@ STACK_OF(type) \ _STACK stack; \ }; -#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/ +/* nada (obsolete in new safestack approach)*/ +#define IMPLEMENT_STACK_OF(type) /*- diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 8ac4f7e55c..021d828325 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -86,25 +86,38 @@ typedef struct mem_object_data_st DECLARE_STACK_OF(MEM_OBJECT_DATA) struct mem_data_st { - STACK_OF(MEM_OBJECT_DATA) *data; /* sorted with - * STORE_ATTR_INFO_compare(). */ - unsigned int compute_components : 1; /* Currently unused, but can - be used to add attributes - from parts of the data. */ + /* + * sorted with + * STORE_ATTR_INFO_compare(). + */ + STACK_OF(MEM_OBJECT_DATA) *data; + /* + * Currently unused, but can + * be used to add attributes + * from parts of the data. + */ + unsigned int compute_components : 1; }; DECLARE_STACK_OF(STORE_ATTR_INFO) struct mem_ctx_st { - int type; /* The type we're searching for */ - STACK_OF(STORE_ATTR_INFO) *search_attributes; /* Sets of - attributes to search for. Each - element is a STORE_ATTR_INFO. */ - int search_index; /* which of the search attributes we - found a match for, -1 when we still - haven't found any */ - int index; /* -1 as long as we're searching for - the first */ + /* The type we're searching for */ + int type; + /* + * Sets of + * attributes to search for. Each + * element is a STORE_ATTR_INFO. + */ + STACK_OF(STORE_ATTR_INFO) *search_attributes; + /* + * which of the search attributes we + * found a match for, -1 when we still + * haven't found any + */ + int search_index; + /* -1 as long as we're searching for the first */ + int index; }; static int mem_init(STORE *s); diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index b5d22fc4bd..e8b457f905 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -64,8 +64,11 @@ typedef unsigned long long u64; # define SMALL_REGISTER_BANK # if defined(WHIRLPOOL_ASM) # ifndef OPENSSL_SMALL_FOOTPRINT -# define OPENSSL_SMALL_FOOTPRINT /* it appears that for elder non-MMX - CPUs this is actually faster! */ +/* + * it appears that for elder non-MMX + * CPUs this is actually faster! + */ +# define OPENSSL_SMALL_FOOTPRINT # endif # define GO_FOR_MMX(ctx,inp,num) do { \ extern unsigned long OPENSSL_ia32cap_P[]; \ diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 35cbc556d3..49b1aa75fc 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -195,14 +195,22 @@ struct x509_store_st X509_VERIFY_PARAM *param; /* Callbacks for various operations */ - int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ - int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ - int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + /* called to verify a certificate */ + int (*verify)(X509_STORE_CTX *ctx); + /* error callback */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); + /* get issuers cert from ctx */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + /* check issued */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + /* Check revocation status of chain */ + int (*check_revocation)(X509_STORE_CTX *ctx); + /* retrieve CRL */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + /* Check CRL validity */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup)(X509_STORE_CTX *ctx); @@ -233,49 +241,72 @@ struct x509_lookup_st struct x509_store_ctx_st /* X509_STORE_CTX */ { X509_STORE *ctx; - int current_method; /* used when looking up certs */ + /* used when looking up certs */ + int current_method; /* The following are set by the caller */ - X509 *cert; /* The cert to check */ - STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ - STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ + /* The cert to check */ + X509 *cert; + /* chain of X509s - untrusted - passed in */ + STACK_OF(X509) *untrusted; + /* set of CRLs passed in */ + STACK_OF(X509_CRL) *crls; X509_VERIFY_PARAM *param; - void *other_ctx; /* Other info for use with get_issuer() */ + /* Other info for use with get_issuer() */ + void *other_ctx; /* Callbacks for various operations */ - int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ - int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ - int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + /* called to verify a certificate */ + int (*verify)(X509_STORE_CTX *ctx); + /* error callback */ + int (*verify_cb)(int ok,X509_STORE_CTX *ctx); + /* get issuers cert from ctx */ + int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + /* check issued */ + int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + /* Check revocation status of chain */ + int (*check_revocation)(X509_STORE_CTX *ctx); + /* retrieve CRL */ + int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); + /* Check CRL validity */ + int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); + /* Check certificate against CRL */ + int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); int (*check_policy)(X509_STORE_CTX *ctx); STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup)(X509_STORE_CTX *ctx); /* The following is built up */ - int valid; /* if 0, rebuild chain */ - int last_untrusted; /* index of last untrusted cert */ - STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ - X509_POLICY_TREE *tree; /* Valid policy tree */ - - int explicit_policy; /* Require explicit policy value */ + /* if 0, rebuild chain */ + int valid; + /* index of last untrusted cert */ + int last_untrusted; + /* chain of X509s - built up and trusted */ + STACK_OF(X509) *chain; + /* Valid policy tree */ + X509_POLICY_TREE *tree; + + /* Require explicit policy value */ + int explicit_policy; /* When something goes wrong, this is why */ int error_depth; int error; X509 *current_cert; - X509 *current_issuer; /* cert currently being tested as valid issuer */ - X509_CRL *current_crl; /* current CRL */ - - int current_crl_score; /* score of current CRL */ - unsigned int current_reasons; /* Reason mask */ - - X509_STORE_CTX *parent; /* For CRL path validation: parent context */ + /* cert currently being tested as valid issuer */ + X509 *current_issuer; + /* current CRL */ + X509_CRL *current_crl; + + /* score of current CRL */ + int current_crl_score; + /* Reason mask */ + unsigned int current_reasons; + + /* For CRL path validation: parent context */ + X509_STORE_CTX *parent; CRYPTO_EX_DATA ex_data; } /* X509_STORE_CTX */; diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 9702ec5310..66e3c6d8d6 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -122,8 +122,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) } } - if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look - for, not bytes */ + /* /8 because it's 1024 bits we look for, not bytes */ + if (EVP_PKEY_size(pk) <= 1024/8) ret|=EVP_PKT_EXP; if(pkey==NULL) EVP_PKEY_free(pk); return(ret); |