openssl: import 3.0.19 - src - FreeBSD source tree

diff options


context:
space:
mode:

author	Enji Cooper <ngie@FreeBSD.org>	2026-01-29 01:30:35 +0000
committer	Enji Cooper <ngie@FreeBSD.org>	2026-01-29 01:30:35 +0000
commit	677808048e318ef0c4ad69c0c2cc8d82167bffbe (patch)
tree	bef7f1ad0365b42b56b6b8082996024b8483b96b /apps/include
parent	12b8f7324509729dbf5c06c0e8fbc4723d3eefb3 (diff)

vendor/openssl/3.0.19

Diffstat (limited to 'apps/include')

-rw-r--r--

apps/include/app_libctx.h

-rw-r--r--

apps/include/app_params.h

-rw-r--r--

apps/include/apps.h

249

-rw-r--r--

apps/include/apps_ui.h

-rw-r--r--

apps/include/cmp_mock_srv.h

-rw-r--r--

apps/include/engine_loader.h

-rw-r--r--

apps/include/fmt.h

-rw-r--r--

apps/include/function.h

-rw-r--r--

apps/include/http_server.h

-rw-r--r--

apps/include/names.h

-rw-r--r--

apps/include/opt.h

532

-rw-r--r--

apps/include/platform.h

-rw-r--r--

apps/include/s_apps.h

-rw-r--r--

apps/include/vms_term_sock.h

14 files changed, 522 insertions, 512 deletions

diff --git a/apps/include/app_libctx.h b/apps/include/app_libctx.h
index 17c0afc713d2..b7157cec4058 100644
--- a/apps/include/app_libctx.h
+++ b/apps/include/app_libctx.h

@@ -8,9 +8,9 @@

#ifndef OSSL_APPS_LIBCTX_H

-# define OSSL_APPS_LIBCTX_H

+#define OSSL_APPS_LIBCTX_H

-# include <openssl/types.h>

+#include <openssl/types.h>

OSSL_LIB_CTX *app_create_libctx(void);

OSSL_LIB_CTX *app_get0_libctx(void);

diff --git a/apps/include/app_params.h b/apps/include/app_params.h
index 79f8f58b3122..20caf737d4da 100644
--- a/apps/include/app_params.h
+++ b/apps/include/app_params.h

@@ -11,4 +11,3 @@

int print_param_types(const char *thing, const OSSL_PARAM *pdefs, int indent);

void print_param_value(const OSSL_PARAM *p, int indent);

diff --git a/apps/include/apps.h b/apps/include/apps.h
index c7e3e0351cb2..f389968ccd78 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h

@@ -8,44 +8,44 @@

#ifndef OSSL_APPS_H

-# define OSSL_APPS_H

+#define OSSL_APPS_H

-# include "e_os.h" /* struct timeval for DTLS */

-# include "internal/nelem.h"

-# include "internal/sockets.h" /* for openssl_fdset() */

-# include "internal/cryptlib.h" /* ossl_assert() */

-# include <assert.h>

+#include "e_os.h" /* struct timeval for DTLS */

+#include "internal/nelem.h"

+#include "internal/sockets.h" /* for openssl_fdset() */

+#include "internal/cryptlib.h" /* ossl_assert() */

+#include <assert.h>

-# include <stdarg.h>

-# include <sys/types.h>

-# ifndef OPENSSL_NO_POSIX_IO

-# include <sys/stat.h>

-# include <fcntl.h>

-# endif

+#include <stdarg.h>

+#include <sys/types.h>

+#ifndef OPENSSL_NO_POSIX_IO

+#include <sys/stat.h>

+#include <fcntl.h>

+#endif

-# include <openssl/e_os2.h>

-# include <openssl/types.h>

-# include <openssl/bio.h>

-# include <openssl/x509.h>

-# include <openssl/conf.h>

-# include <openssl/txt_db.h>

-# include <openssl/engine.h>

-# include <openssl/ocsp.h>

-# include <openssl/http.h>

-# include <signal.h>

-# include "apps_ui.h"

-# include "opt.h"

-# include "fmt.h"

-# include "platform.h"

-# include "engine_loader.h"

-# include "app_libctx.h"

+#include <openssl/e_os2.h>

+#include <openssl/types.h>

+#include <openssl/bio.h>

+#include <openssl/x509.h>

+#include <openssl/conf.h>

+#include <openssl/txt_db.h>

+#include <openssl/engine.h>

+#include <openssl/ocsp.h>

+#include <openssl/http.h>

+#include <signal.h>

+#include "apps_ui.h"

+#include "opt.h"

+#include "fmt.h"

+#include "platform.h"

+#include "engine_loader.h"

+#include "app_libctx.h"

* quick macro when you need to pass an unsigned char instead of a char.

* this is true for some implementations of the is*() functions, for

* example.

-# define _UC(c) ((unsigned char)(c))

+#define _UC(c) ((unsigned char)(c))

void app_RAND_load_conf(CONF *c, const char *section);

int app_RAND_write(void);

@@ -74,16 +74,16 @@ int app_load_modules(const CONF *config);

CONF *app_load_config_modules(const char *configfile);

void unbuffer(FILE *fp);

void wait_for_async(SSL *s);

-# if defined(OPENSSL_SYS_MSDOS)

+#if defined(OPENSSL_SYS_MSDOS)

int has_stdin_waiting(void);

-# endif

+#endif

void corrupt_signature(const ASN1_STRING *signature);

int set_cert_times(X509 *x, const char *startdate, const char *enddate,

- int days);

+ int days);

int set_crl_lastupdate(X509_CRL *crl, const char *lastupdate);

int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate,

- long days, long hours, long secs);

+ long days, long hours, long secs);

typedef struct args_st {

int size;

@@ -96,8 +96,8 @@ int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data);

void dump_cert_text(BIO *out, X509 *x);

void print_name(BIO *out, const char *title, const X509_NAME *nm);

-void print_bignum_var(BIO *, const BIGNUM *, const char*,

- int, unsigned char *);

+void print_bignum_var(BIO *, const BIGNUM *, const char *,

+ int, unsigned char *);

void print_array(BIO *, const char *, int, const unsigned char *);

int set_nameopt(const char *arg);

unsigned long get_nameopt(void);

@@ -111,53 +111,53 @@ int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);

int add_oid_section(CONF *conf);

X509_REQ *load_csr(const char *file, int format, const char *desc);

X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,

- const char *pass, const char *desc);

+ const char *pass, const char *desc);

#define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc)

X509_CRL *load_crl(const char *uri, int format, int maybe_stdin,

- const char *desc);

+ const char *desc);

void cleanse(char *str);

void clear_free(char *str);

EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin,

- const char *pass, ENGINE *e, const char *desc);

+ const char *pass, ENGINE *e, const char *desc);

EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin,

- const char *pass, ENGINE *e, const char *desc);

+ const char *pass, ENGINE *e, const char *desc);

EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin,

- const char *keytype, const char *desc);

+ const char *keytype, const char *desc);

EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin,

- const char *keytype, const char *desc,

- int suppress_decode_errors);

+ const char *keytype, const char *desc,

+ int suppress_decode_errors);

char *next_item(char *opt); /* in list separated by comma and/or space */

int load_cert_certs(const char *uri,

- X509 **pcert, STACK_OF(X509) **pcerts,

- int exclude_http, const char *pass, const char *desc,

- X509_VERIFY_PARAM *vpm);

+ X509 **pcert, STACK_OF(X509) **pcerts,

+ int exclude_http, const char *pass, const char *desc,

+ X509_VERIFY_PARAM *vpm);

STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,

- const char *desc, X509_VERIFY_PARAM *vpm);

+ const char *desc, X509_VERIFY_PARAM *vpm);

X509_STORE *load_certstore(char *input, const char *pass, const char *desc,

- X509_VERIFY_PARAM *vpm);

+ X509_VERIFY_PARAM *vpm);

int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,

- const char *pass, const char *desc);

+ const char *pass, const char *desc);

int load_crls(const char *uri, STACK_OF(X509_CRL) **crls,

- const char *pass, const char *desc);

+ const char *pass, const char *desc);

int load_key_certs_crls(const char *uri, int format, int maybe_stdin,

- const char *pass, const char *desc,

- EVP_PKEY **ppkey, EVP_PKEY **ppubkey,

- EVP_PKEY **pparams,

- X509 **pcert, STACK_OF(X509) **pcerts,

- X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls);

+ const char *pass, const char *desc,

+ EVP_PKEY **ppkey, EVP_PKEY **ppubkey,

+ EVP_PKEY **pparams,

+ X509 **pcert, STACK_OF(X509) **pcerts,

+ X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls);

int load_key_cert_crl(const char *uri, int format, int maybe_stdin,

- const char *pass, const char *desc,

- EVP_PKEY **ppkey, EVP_PKEY **ppubkey,

- X509 **pcert, X509_CRL **pcrl);

+ const char *pass, const char *desc,

+ EVP_PKEY **ppkey, EVP_PKEY **ppubkey,

+ X509 **pcert, X509_CRL **pcrl);

X509_STORE *setup_verify(const char *CAfile, int noCAfile,

- const char *CApath, int noCApath,

- const char *CAstore, int noCAstore);

+ const char *CApath, int noCApath,

+ const char *CAstore, int noCAstore);

__owur int ctx_set_verify_locations(SSL_CTX *ctx,

- const char *CAfile, int noCAfile,

- const char *CApath, int noCApath,

- const char *CAstore, int noCAstore);

+ const char *CAfile, int noCAfile,

+ const char *CApath, int noCApath,

+ const char *CAstore, int noCAstore);

-# ifndef OPENSSL_NO_CT

+#ifndef OPENSSL_NO_CT

* Sets the file to load the Certificate Transparency log list from.

@@ -166,10 +166,10 @@ __owur int ctx_set_verify_locations(SSL_CTX *ctx,

__owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path);

-# endif

+#endif

ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug);

-# define setup_engine(e, debug) setup_engine_methods(e, (unsigned int)-1, debug)

+#define setup_engine(e, debug) setup_engine_methods(e, (unsigned int)-1, debug)

void release_engine(ENGINE *e);

int init_engine(ENGINE *e);

int finish_engine(ENGINE *e);

@@ -179,31 +179,31 @@ int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e);

const EVP_MD *get_digest_from_engine(const char *name);

const EVP_CIPHER *get_cipher_from_engine(const char *name);

-# ifndef OPENSSL_NO_OCSP

+#ifndef OPENSSL_NO_OCSP

OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host,

- const char *port, const char *path,

- const char *proxy, const char *no_proxy,

- int use_ssl, STACK_OF(CONF_VALUE) *headers,

- int req_timeout);

-# endif

+ const char *port, const char *path,

+ const char *proxy, const char *no_proxy,

+ int use_ssl, STACK_OF(CONF_VALUE) *headers,

+ int req_timeout);

+#endif

/* Functions defined in ca.c and also used in ocsp.c */

int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,

- ASN1_GENERALIZEDTIME **pinvtm, const char *str);

+ ASN1_GENERALIZEDTIME **pinvtm, const char *str);

-# define DB_type 0

-# define DB_exp_date 1

-# define DB_rev_date 2

-# define DB_serial 3 /* index - unique */

-# define DB_file 4

-# define DB_name 5 /* index - unique when active and not

- * disabled */

-# define DB_NUMBER 6

+#define DB_type 0

+#define DB_exp_date 1

+#define DB_rev_date 2

+#define DB_serial 3 /* index - unique */

+#define DB_file 4

+#define DB_name 5 /* index - unique when active and not \

+ * disabled */

+#define DB_NUMBER 6

-# define DB_TYPE_REV 'R' /* Revoked */

-# define DB_TYPE_EXP 'E' /* Expired */

-# define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */

-# define DB_TYPE_SUSP 'S' /* Suspended */

+#define DB_TYPE_REV 'R' /* Revoked */

+#define DB_TYPE_EXP 'E' /* Expired */

+#define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */

+#define DB_TYPE_SUSP 'S' /* Suspended */

typedef struct db_attr_st {

int unique_subject;

@@ -212,9 +212,9 @@ typedef struct ca_db_st {

DB_ATTR attributes;

TXT_DB *db;

char *dbfname;

-# ifndef OPENSSL_NO_POSIX_IO

+#ifndef OPENSSL_NO_POSIX_IO

struct stat dbst;

-# endif

+#endif

} CA_DB;

void app_bail_out(char *fmt, ...);

@@ -222,53 +222,52 @@ void *app_malloc(size_t sz, const char *what);

/* load_serial, save_serial, and rotate_serial are also used for CRL numbers */

BIGNUM *load_serial(const char *serialfile, int *exists, int create,

- ASN1_INTEGER **retai);

+ ASN1_INTEGER **retai);

int save_serial(const char *serialfile, const char *suffix,

- const BIGNUM *serial, ASN1_INTEGER **retai);

+ const BIGNUM *serial, ASN1_INTEGER **retai);

int rotate_serial(const char *serialfile, const char *new_suffix,

- const char *old_suffix);

+ const char *old_suffix);

int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);

CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr);

int index_index(CA_DB *db);

int save_index(const char *dbfile, const char *suffix, CA_DB *db);

int rotate_index(const char *dbfile, const char *new_suffix,

- const char *old_suffix);

+ const char *old_suffix);

void free_index(CA_DB *db);

-# define index_name_cmp_noconst(a, b) \

- index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \

+#define index_name_cmp_noconst(a, b) \

+ index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \

(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))

int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);

int parse_yesno(const char *str, int def);

X509_NAME *parse_name(const char *str, int chtype, int multirdn,

- const char *desc);

+ const char *desc);

void policies_print(X509_STORE_CTX *ctx);

int bio_to_mem(unsigned char **out, int maxlen, BIO *in);

int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);

int x509_ctrl_string(X509 *x, const char *value);

int x509_req_ctrl_string(X509_REQ *x, const char *value);

int init_gen_str(EVP_PKEY_CTX **pctx,

- const char *algname, ENGINE *e, int do_param,

- OSSL_LIB_CTX *libctx, const char *propq);

+ const char *algname, ENGINE *e, int do_param,

+ OSSL_LIB_CTX *libctx, const char *propq);

int do_X509_sign(X509 *x, EVP_PKEY *pkey, const char *md,

- STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx);

+ STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx);

int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts);

int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md,

- STACK_OF(OPENSSL_STRING) *sigopts);

+ STACK_OF(OPENSSL_STRING) *sigopts);

int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey,

- STACK_OF(OPENSSL_STRING) *vfyopts);

+ STACK_OF(OPENSSL_STRING) *vfyopts);

int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md,

- STACK_OF(OPENSSL_STRING) *sigopts);

+ STACK_OF(OPENSSL_STRING) *sigopts);

extern char *psk_key;

unsigned char *next_protos_parse(size_t *outlen, const char *in);

void print_cert_checks(BIO *bio, X509 *x,

- const char *checkhost,

- const char *checkemail, const char *checkip);

+ const char *checkhost,

+ const char *checkemail, const char *checkip);

void store_setup_crl_download(X509_STORE *st);

@@ -280,38 +279,38 @@ typedef struct app_http_tls_info_st {

SSL_CTX *ssl_ctx;

} APP_HTTP_TLS_INFO;

BIO *app_http_tls_cb(BIO *hbio, /* APP_HTTP_TLS_INFO */ void *arg,

- int connect, int detail);

+ int connect, int detail);

void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info);

-# ifndef OPENSSL_NO_SOCK

+#ifndef OPENSSL_NO_SOCK

ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,

- const char *no_proxy, SSL_CTX *ssl_ctx,

- const STACK_OF(CONF_VALUE) *headers,

- long timeout, const char *expected_content_type,

- const ASN1_ITEM *it);

+ const char *no_proxy, SSL_CTX *ssl_ctx,

+ const STACK_OF(CONF_VALUE) *headers,

+ long timeout, const char *expected_content_type,

+ const ASN1_ITEM *it);

ASN1_VALUE *app_http_post_asn1(const char *host, const char *port,

- const char *path, const char *proxy,

- const char *no_proxy, SSL_CTX *ctx,

- const STACK_OF(CONF_VALUE) *headers,

- const char *content_type,

- ASN1_VALUE *req, const ASN1_ITEM *req_it,

- const char *expected_content_type,

- long timeout, const ASN1_ITEM *rsp_it);

-# endif

+ const char *path, const char *proxy,

+ const char *no_proxy, SSL_CTX *ctx,

+ const STACK_OF(CONF_VALUE) *headers,

+ const char *content_type,

+ ASN1_VALUE *req, const ASN1_ITEM *req_it,

+ const char *expected_content_type,

+ long timeout, const ASN1_ITEM *rsp_it);

+#endif

-# define EXT_COPY_NONE 0

-# define EXT_COPY_ADD 1

-# define EXT_COPY_ALL 2

+#define EXT_COPY_NONE 0

+#define EXT_COPY_ADD 1

+#define EXT_COPY_ALL 2

-# define NETSCAPE_CERT_HDR "certificate"

+#define NETSCAPE_CERT_HDR "certificate"

-# define APP_PASS_LEN 1024

+#define APP_PASS_LEN 1024

* IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits

* so that the first bit will never be one, so that the DER encoding

* rules won't force a leading octet.

-# define SERIAL_RAND_BITS 159

+#define SERIAL_RAND_BITS 159

int app_isdir(const char *);

int app_access(const char *, int flag);

@@ -320,8 +319,8 @@ int fileno_stdout(void);

int raw_read_stdin(void *, int);

int raw_write_stdout(const void *, int);

-# define TM_START 0

-# define TM_STOP 1

+#define TM_START 0

+#define TM_STOP 1

double app_tminterval(int stop, int usertime);

void make_uppercase(char *string);

@@ -336,7 +335,7 @@ typedef struct verify_options_st {

extern VERIFY_CB_ARGS verify_args;

OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts,

- const OSSL_PARAM *paramdefs);

+ const OSSL_PARAM *paramdefs);

void app_params_free(OSSL_PARAM *params);

int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name);

void app_providers_cleanup(void);

diff --git a/apps/include/apps_ui.h b/apps/include/apps_ui.h
index 6875b7c372d9..ea41c092f4da 100644
--- a/apps/include/apps_ui.h
+++ b/apps/include/apps_ui.h

@@ -8,10 +8,9 @@

#ifndef OSSL_APPS_UI_H

-# define OSSL_APPS_UI_H

+#define OSSL_APPS_UI_H

-# define PW_MIN_LENGTH 4

+#define PW_MIN_LENGTH 4

typedef struct pw_cb_data {

const void *password;

const char *prompt_info;

diff --git a/apps/include/cmp_mock_srv.h b/apps/include/cmp_mock_srv.h
index 18c141c563c4..e71f0aee86fe 100644
--- a/apps/include/cmp_mock_srv.h
+++ b/apps/include/cmp_mock_srv.h

@@ -9,27 +9,27 @@

#ifndef OSSL_APPS_CMP_MOCK_SRV_H

-# define OSSL_APPS_CMP_MOCK_SRV_H

+#define OSSL_APPS_CMP_MOCK_SRV_H

-# include <openssl/opensslconf.h>

-# ifndef OPENSSL_NO_CMP

+#include <openssl/opensslconf.h>

+#ifndef OPENSSL_NO_CMP

-# include <openssl/cmp.h>

+#include <openssl/cmp.h>

OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx,

- const char *propq);

+ const char *propq);

void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx);

int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);

int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,

- STACK_OF(X509) *chain);

+ STACK_OF(X509) *chain);

int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,

- STACK_OF(X509) *caPubs);

+ STACK_OF(X509) *caPubs);

int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,

- int fail_info, const char *text);

+ int fail_info, const char *text);

int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);

int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);

int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);

-# endif /* !defined(OPENSSL_NO_CMP) */

+#endif /* !defined(OPENSSL_NO_CMP) */

#endif /* !defined(OSSL_APPS_CMP_MOCK_SRV_H) */

diff --git a/apps/include/engine_loader.h b/apps/include/engine_loader.h
index fa80fc96567c..ddf19bc092d3 100644
--- a/apps/include/engine_loader.h
+++ b/apps/include/engine_loader.h

@@ -7,13 +7,13 @@

* https://www.openssl.org/source/license.html

#ifndef HEADER_ENGINE_LOADER_H

-# define HEADER_ENGINE_LOADER_H

+#define HEADER_ENGINE_LOADER_H

-# include <openssl/store.h>

+#include <openssl/store.h>

/* this is a private URI scheme */

-# define ENGINE_SCHEME "org.openssl.engine"

-# define ENGINE_SCHEME_COLON (ENGINE_SCHEME ":")

+#define ENGINE_SCHEME "org.openssl.engine"

+#define ENGINE_SCHEME_COLON (ENGINE_SCHEME ":")

int setup_engine_loader(void);

void destroy_engine_loader(void);

diff --git a/apps/include/fmt.h b/apps/include/fmt.h
index 98dfed7dc0a2..3cb2dc808237 100644
--- a/apps/include/fmt.h
+++ b/apps/include/fmt.h

@@ -23,22 +23,22 @@

* contents. The FORMAT_xxx macros are meant to express an intent with the

* file being read or created.

-# define B_FORMAT_TEXT 0x8000

-# define FORMAT_UNDEF 0

-# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */

-# define FORMAT_BINARY 2 /* Generic binary */

-# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */

-# define FORMAT_ASN1 4 /* ASN.1/DER */

-# define FORMAT_PEM (5 | B_FORMAT_TEXT)

-# define FORMAT_PKCS12 6

-# define FORMAT_SMIME (7 | B_FORMAT_TEXT)

-# define FORMAT_ENGINE 8 /* Not really a file format */

-# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPublicKey format */

-# define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */

-# define FORMAT_MSBLOB 11 /* MS Key blob format */

-# define FORMAT_PVK 12 /* MS PVK file format */

-# define FORMAT_HTTP 13 /* Download using HTTP */

-# define FORMAT_NSS 14 /* NSS keylog format */

+#define B_FORMAT_TEXT 0x8000

+#define FORMAT_UNDEF 0

+#define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */

+#define FORMAT_BINARY 2 /* Generic binary */

+#define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */

+#define FORMAT_ASN1 4 /* ASN.1/DER */

+#define FORMAT_PEM (5 | B_FORMAT_TEXT)

+#define FORMAT_PKCS12 6

+#define FORMAT_SMIME (7 | B_FORMAT_TEXT)

+#define FORMAT_ENGINE 8 /* Not really a file format */

+#define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPublicKey format */

+#define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */

+#define FORMAT_MSBLOB 11 /* MS Key blob format */

+#define FORMAT_PVK 12 /* MS PVK file format */

+#define FORMAT_HTTP 13 /* Download using HTTP */

+#define FORMAT_NSS 14 /* NSS keylog format */

int FMT_istext(int format);

diff --git a/apps/include/function.h b/apps/include/function.h
index 14e8dd388670..e47db320ffec 100644
--- a/apps/include/function.h
+++ b/apps/include/function.h

@@ -8,16 +8,21 @@

#ifndef OSSL_APPS_FUNCTION_H

-# define OSSL_APPS_FUNCTION_H

+#define OSSL_APPS_FUNCTION_H

-# include <openssl/lhash.h>

-# include "opt.h"

+#include <openssl/lhash.h>

+#include "opt.h"

-#define DEPRECATED_NO_ALTERNATIVE "unknown"

+#define DEPRECATED_NO_ALTERNATIVE "unknown"

typedef enum FUNC_TYPE {

- FT_none, FT_general, FT_md, FT_cipher, FT_pkey,

- FT_md_alg, FT_cipher_alg

+ FT_none,

+ FT_general,

+ FT_md,

+ FT_cipher,

+ FT_pkey,

+ FT_md_alg,

+ FT_cipher_alg

} FUNC_TYPE;

typedef struct function_st {

diff --git a/apps/include/http_server.h b/apps/include/http_server.h
index 8c339660a65e..d177cecad3b8 100644
--- a/apps/include/http_server.h
+++ b/apps/include/http_server.h

@@ -1,5 +1,5 @@

* Licensed under the Apache License 2.0 (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -8,42 +8,42 @@

#ifndef OSSL_HTTP_SERVER_H

-# define OSSL_HTTP_SERVER_H

+#define OSSL_HTTP_SERVER_H

-# include "apps.h"

+#include "apps.h"

-# ifndef HAVE_FORK

-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)

-# define HAVE_FORK 0

-# else

-# define HAVE_FORK 1

-# endif

+#ifndef HAVE_FORK

+#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)

+#define HAVE_FORK 0

+#else

+#define HAVE_FORK 1

+#endif

-# if HAVE_FORK

-# undef NO_FORK

-# else

-# define NO_FORK

-# endif

+#if HAVE_FORK

+#undef NO_FORK

+#else

+#define NO_FORK

+#endif

-# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \

+#if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \

&& !defined(OPENSSL_NO_POSIX_IO)

-# define HTTP_DAEMON

-# include <sys/types.h>

-# include <sys/wait.h>

-# include <syslog.h>

-# include <signal.h>

-# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */

-# else

-# undef LOG_DEBUG

-# undef LOG_INFO

-# undef LOG_WARNING

-# undef LOG_ERR

-# define LOG_DEBUG 7

-# define LOG_INFO 6

-# define LOG_WARNING 4

-# define LOG_ERR 3

-# endif

+#define HTTP_DAEMON

+#include <sys/types.h>

+#include <sys/wait.h>

+#include <syslog.h>

+#include <signal.h>

+#define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */

+#else

+#undef LOG_DEBUG

+#undef LOG_INFO

+#undef LOG_WARNING

+#undef LOG_ERR

+#define LOG_DEBUG 7

+#define LOG_INFO 6

+#define LOG_WARNING 4

+#define LOG_ERR 3

+#endif

/*-

* Log a message to syslog if multi-threaded HTTP_DAEMON, else to bio_err

@@ -54,7 +54,7 @@

void log_message(const char *prog, int level, const char *fmt, ...);

-# ifndef OPENSSL_NO_SOCK

+#ifndef OPENSSL_NO_SOCK

/*-

* Initialize an HTTP server by setting up its listening BIO

* prog: the name of the current app

@@ -84,24 +84,24 @@ BIO *http_server_init_bio(const char *prog, const char *port);

* The caller must free any non-NULL *preq, *ppath, and *pcbio pointers.

int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,

- char **ppath, BIO **pcbio, BIO *acbio,

- int *found_keep_alive,

- const char *prog, const char *port,

- int accept_get, int timeout);

+ char **ppath, BIO **pcbio, BIO *acbio,

+ int *found_keep_alive,

+ const char *prog, const char *port,

+ int accept_get, int timeout);

/*-

* Send an ASN.1-formatted HTTP response

* cbio: destination BIO (typically as returned by http_server_get_asn1_req())

* note: cbio should not do an encoding that changes the output length

- * keep_alive: grant persistent connnection

+ * keep_alive: grant persistent connection

* content_type: string identifying the type of the response

* it: the response ASN.1 type

* resp: the response to send

* returns 1 on success, 0 on failure

int http_server_send_asn1_resp(BIO *cbio, int keep_alive,

- const char *content_type,

- const ASN1_ITEM *it, const ASN1_VALUE *resp);

+ const char *content_type,

+ const ASN1_ITEM *it, const ASN1_VALUE *resp);

/*-

* Send a trivial HTTP response, typically to report an error or OK

@@ -112,14 +112,14 @@ int http_server_send_asn1_resp(BIO *cbio, int keep_alive,

int http_server_send_status(BIO *cbio, int status, const char *reason);

-# endif

+#endif

-# ifdef HTTP_DAEMON

+#ifdef HTTP_DAEMON

extern int multi;

extern int acfd;

void socket_timeout(int signum);

void spawn_loop(const char *prog);

-# endif

+#endif

#endif

diff --git a/apps/include/names.h b/apps/include/names.h
index f4d6f6a9a333..bf47459ade52 100644
--- a/apps/include/names.h
+++ b/apps/include/names.h

@@ -10,7 +10,7 @@

#include <openssl/safestack.h>

/* Standard comparing function for names */

-int name_cmp(const char * const *a, const char * const *b);

+int name_cmp(const char *const *a, const char *const *b);

/* collect_names is meant to be used with EVP_{type}_doall_names */

void collect_names(const char *name, void *vdata);

/* Sorts and prints a stack of names to |out| */

diff --git a/apps/include/opt.h b/apps/include/opt.h
index 4f83a0ed53c9..4021fea9826c 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h

@@ -19,283 +19,294 @@

* Common verification options.

-# define OPT_V_ENUM \

- OPT_V__FIRST=2000, \

- OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \

- OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \

- OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \

- OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \

- OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \

- OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \

- OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \

- OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \

- OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \

- OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \

- OPT_V__LAST

+#define OPT_V_ENUM \

+ OPT_V__FIRST = 2000, \

+ OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \

+ OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \

+ OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \

+ OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \

+ OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \

+ OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \

+ OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \

+ OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \

+ OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \

+ OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \

+ OPT_V__LAST

-# define OPT_V_OPTIONS \

- OPT_SECTION("Validation"), \

- { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \

- { "purpose", OPT_V_PURPOSE, 's', \

- "certificate chain purpose"}, \

- { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \

- { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \

- "chain depth limit" }, \

- { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \

- "chain authentication security level" }, \

- { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \

- { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \

- "expected peer hostname" }, \

- { "verify_email", OPT_V_VERIFY_EMAIL, 's', \

- "expected peer email" }, \

- { "verify_ip", OPT_V_VERIFY_IP, 's', \

- "expected peer IP address" }, \

- { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \

- "permit unhandled critical extensions"}, \

- { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \

- { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \

- { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \

- { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \

- { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \

- "set policy variable require-explicit-policy"}, \

- { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \

- "set policy variable inhibit-any-policy"}, \

- { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \

- "set policy variable inhibit-policy-mapping"}, \

- { "x509_strict", OPT_V_X509_STRICT, '-', \

- "disable certificate compatibility work-arounds"}, \

- { "extended_crl", OPT_V_EXTENDED_CRL, '-', \

- "enable extended CRL features"}, \

- { "use_deltas", OPT_V_USE_DELTAS, '-', \

- "use delta CRLs"}, \

- { "policy_print", OPT_V_POLICY_PRINT, '-', \

- "print policy processing diagnostics"}, \

- { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \

- "check root CA self-signatures"}, \

- { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \

- "search trust store first (default)" }, \

- { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \

- { "suiteB_128", OPT_V_SUITEB_128, '-', \

- "Suite B 128-bit mode allowing 192-bit algorithms"}, \

- { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \

- { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \

- "accept chains anchored by intermediate trust-store CAs"}, \

- { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \

+#define OPT_V_OPTIONS \

+ OPT_SECTION("Validation"), \

+ { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set" }, \

+ { "purpose", OPT_V_PURPOSE, 's', \

+ "certificate chain purpose" }, \

+ { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name" }, \

+ { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \

+ "chain depth limit" }, \

+ { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \

+ "chain authentication security level" }, \

+ { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \

+ { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \

+ "expected peer hostname" }, \

+ { "verify_email", OPT_V_VERIFY_EMAIL, 's', \

+ "expected peer email" }, \

+ { "verify_ip", OPT_V_VERIFY_IP, 's', \

+ "expected peer IP address" }, \

+ { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \

+ "permit unhandled critical extensions" }, \

+ { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)" }, \

+ { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \

+ { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \

+ { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks" }, \

+ { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \

+ "set policy variable require-explicit-policy" }, \

+ { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \

+ "set policy variable inhibit-any-policy" }, \

+ { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \

+ "set policy variable inhibit-policy-mapping" }, \

+ { "x509_strict", OPT_V_X509_STRICT, '-', \

+ "disable certificate compatibility work-arounds" }, \

+ { "extended_crl", OPT_V_EXTENDED_CRL, '-', \

+ "enable extended CRL features" }, \

+ { "use_deltas", OPT_V_USE_DELTAS, '-', \

+ "use delta CRLs" }, \

+ { "policy_print", OPT_V_POLICY_PRINT, '-', \

+ "print policy processing diagnostics" }, \

+ { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \

+ "check root CA self-signatures" }, \

+ { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \

+ "search trust store first (default)" }, \

+ { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode" }, \

+ { "suiteB_128", OPT_V_SUITEB_128, '-', \

+ "Suite B 128-bit mode allowing 192-bit algorithms" }, \

+ { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \

+ { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \

+ "accept chains anchored by intermediate trust-store CAs" }, \

+ { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \

{ "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \

{ "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }

-# define OPT_V_CASES \

- OPT_V__FIRST: case OPT_V__LAST: break; \

- case OPT_V_POLICY: \

- case OPT_V_PURPOSE: \

- case OPT_V_VERIFY_NAME: \

- case OPT_V_VERIFY_DEPTH: \

- case OPT_V_VERIFY_AUTH_LEVEL: \

- case OPT_V_ATTIME: \

- case OPT_V_VERIFY_HOSTNAME: \

- case OPT_V_VERIFY_EMAIL: \

- case OPT_V_VERIFY_IP: \

- case OPT_V_IGNORE_CRITICAL: \

- case OPT_V_ISSUER_CHECKS: \

- case OPT_V_CRL_CHECK: \

- case OPT_V_CRL_CHECK_ALL: \

- case OPT_V_POLICY_CHECK: \

- case OPT_V_EXPLICIT_POLICY: \

- case OPT_V_INHIBIT_ANY: \

- case OPT_V_INHIBIT_MAP: \

- case OPT_V_X509_STRICT: \

- case OPT_V_EXTENDED_CRL: \

- case OPT_V_USE_DELTAS: \

- case OPT_V_POLICY_PRINT: \

- case OPT_V_CHECK_SS_SIG: \

- case OPT_V_TRUSTED_FIRST: \

- case OPT_V_SUITEB_128_ONLY: \

- case OPT_V_SUITEB_128: \

- case OPT_V_SUITEB_192: \

- case OPT_V_PARTIAL_CHAIN: \

- case OPT_V_NO_ALT_CHAINS: \

- case OPT_V_NO_CHECK_TIME: \

- case OPT_V_ALLOW_PROXY_CERTS

+#define OPT_V_CASES \

+ OPT_V__FIRST: \

+ case OPT_V__LAST: \

+ break; \

+ case OPT_V_POLICY: \

+ case OPT_V_PURPOSE: \

+ case OPT_V_VERIFY_NAME: \

+ case OPT_V_VERIFY_DEPTH: \

+ case OPT_V_VERIFY_AUTH_LEVEL: \

+ case OPT_V_ATTIME: \

+ case OPT_V_VERIFY_HOSTNAME: \

+ case OPT_V_VERIFY_EMAIL: \

+ case OPT_V_VERIFY_IP: \

+ case OPT_V_IGNORE_CRITICAL: \

+ case OPT_V_ISSUER_CHECKS: \

+ case OPT_V_CRL_CHECK: \

+ case OPT_V_CRL_CHECK_ALL: \

+ case OPT_V_POLICY_CHECK: \

+ case OPT_V_EXPLICIT_POLICY: \

+ case OPT_V_INHIBIT_ANY: \

+ case OPT_V_INHIBIT_MAP: \

+ case OPT_V_X509_STRICT: \

+ case OPT_V_EXTENDED_CRL: \

+ case OPT_V_USE_DELTAS: \

+ case OPT_V_POLICY_PRINT: \

+ case OPT_V_CHECK_SS_SIG: \

+ case OPT_V_TRUSTED_FIRST: \

+ case OPT_V_SUITEB_128_ONLY: \

+ case OPT_V_SUITEB_128: \

+ case OPT_V_SUITEB_192: \

+ case OPT_V_PARTIAL_CHAIN: \

+ case OPT_V_NO_ALT_CHAINS: \

+ case OPT_V_NO_CHECK_TIME: \

+ case OPT_V_ALLOW_PROXY_CERTS

* Common "extended validation" options.

-# define OPT_X_ENUM \

- OPT_X__FIRST=1000, \

- OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \

- OPT_X_CERTFORM, OPT_X_KEYFORM, \

- OPT_X__LAST

+#define OPT_X_ENUM \

+ OPT_X__FIRST = 1000, \

+ OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \

+ OPT_X_CERTFORM, OPT_X_KEYFORM, \

+ OPT_X__LAST

-# define OPT_X_OPTIONS \

- OPT_SECTION("Extended certificate"), \

- { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \

- { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \

- { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \

- { "xchain_build", OPT_X_CHAIN_BUILD, '-', \

- "build certificate chain for the extended certificates"}, \

- { "xcertform", OPT_X_CERTFORM, 'F', \

+#define OPT_X_OPTIONS \

+ OPT_SECTION("Extended certificate"), \

+ { "xkey", OPT_X_KEY, '<', "key for Extended certificates" }, \

+ { "xcert", OPT_X_CERT, '<', "cert for Extended certificates" }, \

+ { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates" }, \

+ { "xchain_build", OPT_X_CHAIN_BUILD, '-', \

+ "build certificate chain for the extended certificates" }, \

+ { "xcertform", OPT_X_CERTFORM, 'F', \

"format of Extended certificate (PEM/DER/P12); has no effect" }, \

- { "xkeyform", OPT_X_KEYFORM, 'F', \

- "format of Extended certificate's key (DER/PEM/P12); has no effect"}

+ { "xkeyform", OPT_X_KEYFORM, 'F', \

+ "format of Extended certificate's key (DER/PEM/P12); has no effect" }

-# define OPT_X_CASES \

- OPT_X__FIRST: case OPT_X__LAST: break; \

- case OPT_X_KEY: \

- case OPT_X_CERT: \

- case OPT_X_CHAIN: \

- case OPT_X_CHAIN_BUILD: \

- case OPT_X_CERTFORM: \

- case OPT_X_KEYFORM

+#define OPT_X_CASES \

+ OPT_X__FIRST: \

+ case OPT_X__LAST: \

+ break; \

+ case OPT_X_KEY: \

+ case OPT_X_CERT: \

+ case OPT_X_CHAIN: \

+ case OPT_X_CHAIN_BUILD: \

+ case OPT_X_CERTFORM: \

+ case OPT_X_KEYFORM

* Common SSL options.

* Any changes here must be coordinated with ../ssl/ssl_conf.c

-# define OPT_S_ENUM \

- OPT_S__FIRST=3000, \

- OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \

- OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \

- OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \

- OPT_S_LEGACYCONN, \

- OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \

- OPT_S_PRIORITIZE_CHACHA, \

- OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \

- OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \

- OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \

- OPT_S_MINPROTO, OPT_S_MAXPROTO, \

- OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S_NO_ETM, OPT_S__LAST

+#define OPT_S_ENUM \

+ OPT_S__FIRST = 3000, \

+ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \

+ OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \

+ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \

+ OPT_S_LEGACYCONN, \

+ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \

+ OPT_S_PRIORITIZE_CHACHA, \

+ OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \

+ OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \

+ OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \

+ OPT_S_MINPROTO, OPT_S_MAXPROTO, \

+ OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S_NO_ETM, OPT_S__LAST

-# define OPT_S_OPTIONS \

- OPT_SECTION("TLS/SSL"), \

- {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \

- {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \

- {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \

- {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \

- {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \

- {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \

- {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \

- {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \

- {"no_ticket", OPT_S_NOTICKET, '-', \

- "Disable use of TLS session tickets"}, \

- {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \

- {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \

- "Enable use of legacy renegotiation (dangerous)"}, \

- {"client_renegotiation", OPT_S_CLIENTRENEG, '-', \

- "Allow client-initiated renegotiation" }, \

- {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \

- "Disable all renegotiation."}, \

- {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \

- "Allow initial connection to servers that don't support RI"}, \

- {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \

- "Disallow session resumption on renegotiation"}, \

- {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \

- "Disallow initial connection to servers that don't support RI"}, \

- {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \

- "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \

- {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \

- "Prioritize ChaCha ciphers when preferred by clients"}, \

- {"strict", OPT_S_STRICT, '-', \

- "Enforce strict certificate checks as per TLS standard"}, \

- {"sigalgs", OPT_S_SIGALGS, 's', \

- "Signature algorithms to support (colon-separated list)" }, \

- {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \

- "Signature algorithms to support for client certificate" \

- " authentication (colon-separated list)" }, \

- {"groups", OPT_S_GROUPS, 's', \

- "Groups to advertise (colon-separated list)" }, \

- {"curves", OPT_S_CURVES, 's', \

- "Groups to advertise (colon-separated list)" }, \

- {"named_curve", OPT_S_NAMEDCURVE, 's', \

- "Elliptic curve used for ECDHE (server-side only)" }, \

- {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \

- {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \

- {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \

- {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \

- {"record_padding", OPT_S_RECORD_PADDING, 's', \

- "Block size to pad TLS 1.3 records to."}, \

- {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \

- "Perform all sorts of protocol violations for testing purposes"}, \

- {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \

- "Disable TLSv1.3 middlebox compat mode" }, \

- {"no_etm", OPT_S_NO_ETM, '-', \

- "Disable Encrypt-then-Mac extension"}

+#define OPT_S_OPTIONS \

+ OPT_SECTION("TLS/SSL"), \

+ { "no_ssl3", OPT_S_NOSSL3, '-', "Just disable SSLv3" }, \

+ { "no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1" }, \

+ { "no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \

+ { "no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2" }, \

+ { "no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3" }, \

+ { "bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility" }, \

+ { "no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \

+ { "comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \

+ { "no_ticket", OPT_S_NOTICKET, '-', \

+ "Disable use of TLS session tickets" }, \

+ { "serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences" }, \

+ { "legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \

+ "Enable use of legacy renegotiation (dangerous)" }, \

+ { "client_renegotiation", OPT_S_CLIENTRENEG, '-', \

+ "Allow client-initiated renegotiation" }, \

+ { "no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \

+ "Disable all renegotiation." }, \

+ { "legacy_server_connect", OPT_S_LEGACYCONN, '-', \

+ "Allow initial connection to servers that don't support RI" }, \

+ { "no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \

+ "Disallow session resumption on renegotiation" }, \

+ { "no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \

+ "Disallow initial connection to servers that don't support RI" }, \

+ { "allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \

+ "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption" }, \

+ { "prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \

+ "Prioritize ChaCha ciphers when preferred by clients" }, \

+ { "strict", OPT_S_STRICT, '-', \

+ "Enforce strict certificate checks as per TLS standard" }, \

+ { "sigalgs", OPT_S_SIGALGS, 's', \

+ "Signature algorithms to support (colon-separated list)" }, \

+ { "client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \

+ "Signature algorithms to support for client certificate" \

+ " authentication (colon-separated list)" }, \

+ { "groups", OPT_S_GROUPS, 's', \

+ "Groups to advertise (colon-separated list)" }, \

+ { "curves", OPT_S_CURVES, 's', \

+ "Groups to advertise (colon-separated list)" }, \

+ { "named_curve", OPT_S_NAMEDCURVE, 's', \

+ "Elliptic curve used for ECDHE (server-side only)" }, \

+ { "cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used" }, \

+ { "ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used" }, \

+ { "min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used" }, \

+ { "max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used" }, \

+ { "record_padding", OPT_S_RECORD_PADDING, 's', \

+ "Block size to pad TLS 1.3 records to." }, \

+ { "debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \

+ "Perform all sorts of protocol violations for testing purposes" }, \

+ { "no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \

+ "Disable TLSv1.3 middlebox compat mode" }, \

+ { "no_etm", OPT_S_NO_ETM, '-', \

+ "Disable Encrypt-then-Mac extension" }

-# define OPT_S_CASES \

- OPT_S__FIRST: case OPT_S__LAST: break; \

- case OPT_S_NOSSL3: \

- case OPT_S_NOTLS1: \

- case OPT_S_NOTLS1_1: \

- case OPT_S_NOTLS1_2: \

- case OPT_S_NOTLS1_3: \

- case OPT_S_BUGS: \

- case OPT_S_NO_COMP: \

- case OPT_S_COMP: \

- case OPT_S_NOTICKET: \

- case OPT_S_SERVERPREF: \

- case OPT_S_LEGACYRENEG: \

- case OPT_S_CLIENTRENEG: \

- case OPT_S_LEGACYCONN: \

- case OPT_S_ONRESUMP: \

- case OPT_S_NOLEGACYCONN: \

- case OPT_S_ALLOW_NO_DHE_KEX: \

- case OPT_S_PRIORITIZE_CHACHA: \

- case OPT_S_STRICT: \

- case OPT_S_SIGALGS: \

- case OPT_S_CLIENTSIGALGS: \

- case OPT_S_GROUPS: \

- case OPT_S_CURVES: \

- case OPT_S_NAMEDCURVE: \

- case OPT_S_CIPHER: \

- case OPT_S_CIPHERSUITES: \

- case OPT_S_RECORD_PADDING: \

- case OPT_S_NO_RENEGOTIATION: \

- case OPT_S_MINPROTO: \

- case OPT_S_MAXPROTO: \

- case OPT_S_DEBUGBROKE: \

- case OPT_S_NO_MIDDLEBOX: \

- case OPT_S_NO_ETM

+#define OPT_S_CASES \

+ OPT_S__FIRST: \

+ case OPT_S__LAST: \

+ break; \

+ case OPT_S_NOSSL3: \

+ case OPT_S_NOTLS1: \

+ case OPT_S_NOTLS1_1: \

+ case OPT_S_NOTLS1_2: \

+ case OPT_S_NOTLS1_3: \

+ case OPT_S_BUGS: \

+ case OPT_S_NO_COMP: \

+ case OPT_S_COMP: \

+ case OPT_S_NOTICKET: \

+ case OPT_S_SERVERPREF: \

+ case OPT_S_LEGACYRENEG: \

+ case OPT_S_CLIENTRENEG: \

+ case OPT_S_LEGACYCONN: \

+ case OPT_S_ONRESUMP: \

+ case OPT_S_NOLEGACYCONN: \

+ case OPT_S_ALLOW_NO_DHE_KEX: \

+ case OPT_S_PRIORITIZE_CHACHA: \

+ case OPT_S_STRICT: \

+ case OPT_S_SIGALGS: \

+ case OPT_S_CLIENTSIGALGS: \

+ case OPT_S_GROUPS: \

+ case OPT_S_CURVES: \

+ case OPT_S_NAMEDCURVE: \

+ case OPT_S_CIPHER: \

+ case OPT_S_CIPHERSUITES: \

+ case OPT_S_RECORD_PADDING: \

+ case OPT_S_NO_RENEGOTIATION: \

+ case OPT_S_MINPROTO: \

+ case OPT_S_MAXPROTO: \

+ case OPT_S_DEBUGBROKE: \

+ case OPT_S_NO_MIDDLEBOX: \

+ case OPT_S_NO_ETM

-#define IS_NO_PROT_FLAG(o) \

- (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \

- || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)

+#define IS_NO_PROT_FLAG(o) \

+ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \

+ || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)

* Random state options.

-# define OPT_R_ENUM \

- OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST

+#define OPT_R_ENUM \

+ OPT_R__FIRST = 1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST

-# define OPT_R_OPTIONS \

- OPT_SECTION("Random state"), \

- {"rand", OPT_R_RAND, 's', "Load the given file(s) into the random number generator"}, \

- {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}

+#define OPT_R_OPTIONS \

+ OPT_SECTION("Random state"), \

+ { "rand", OPT_R_RAND, 's', "Load the given file(s) into the random number generator" }, \

+ { "writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file" }

-# define OPT_R_CASES \

- OPT_R__FIRST: case OPT_R__LAST: break; \

- case OPT_R_RAND: case OPT_R_WRITERAND

+#define OPT_R_CASES \

+ OPT_R__FIRST: \

+ case OPT_R__LAST: \

+ break; \

+ case OPT_R_RAND: \

+ case OPT_R_WRITERAND

* Provider options.

-# define OPT_PROV_ENUM \

- OPT_PROV__FIRST=1600, \

- OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, OPT_PROV_PROPQUERY, \

- OPT_PROV__LAST

+#define OPT_PROV_ENUM \

+ OPT_PROV__FIRST = 1600, \

+ OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, OPT_PROV_PROPQUERY, \

+ OPT_PROV__LAST

-# define OPT_CONFIG_OPTION \

- { "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" }

+#define OPT_CONFIG_OPTION \

+ { "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" }

-# define OPT_PROV_OPTIONS \

- OPT_SECTION("Provider"), \

+#define OPT_PROV_OPTIONS \

+ OPT_SECTION("Provider"), \

{ "provider-path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \

- { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }, \

+ { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }, \

{ "propquery", OPT_PROV_PROPQUERY, 's', "Property query used when fetching algorithms" }

-# define OPT_PROV_CASES \

- OPT_PROV__FIRST: case OPT_PROV__LAST: break; \

- case OPT_PROV_PROVIDER: \

- case OPT_PROV_PROVIDER_PATH: \

- case OPT_PROV_PROPQUERY

+#define OPT_PROV_CASES \

+ OPT_PROV__FIRST: \

+ case OPT_PROV__LAST: \

+ break; \

+ case OPT_PROV_PROVIDER: \

+ case OPT_PROV_PROVIDER_PATH: \

+ case OPT_PROV_PROPQUERY

* Option parsing.

@@ -332,33 +343,31 @@ typedef struct string_int_pair_st {

} OPT_PAIR, STRINT_PAIR;

/* Flags to pass into opt_format; see FORMAT_xxx, below. */

-# define OPT_FMT_PEMDER (1L << 1)

-# define OPT_FMT_PKCS12 (1L << 2)

-# define OPT_FMT_SMIME (1L << 3)

-# define OPT_FMT_ENGINE (1L << 4)

-# define OPT_FMT_MSBLOB (1L << 5)

+#define OPT_FMT_PEMDER (1L << 1)

+#define OPT_FMT_PKCS12 (1L << 2)

+#define OPT_FMT_SMIME (1L << 3)

+#define OPT_FMT_ENGINE (1L << 4)

+#define OPT_FMT_MSBLOB (1L << 5)

/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */

-# define OPT_FMT_NSS (1L << 7)

-# define OPT_FMT_TEXT (1L << 8)

-# define OPT_FMT_HTTP (1L << 9)

-# define OPT_FMT_PVK (1L << 10)

-# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)

-# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)

-# define OPT_FMT_ANY ( \

- OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \

- OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \

- OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)

+#define OPT_FMT_NSS (1L << 7)

+#define OPT_FMT_TEXT (1L << 8)

+#define OPT_FMT_HTTP (1L << 9)

+#define OPT_FMT_PVK (1L << 10)

+#define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)

+#define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)

+#define OPT_FMT_ANY ( \

/* Divide options into sections when displaying usage */

#define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" }

#define OPT_PARAMETERS() { OPT_PARAM_STR, 1, '-', "Parameters:\n" }

const char *opt_path_end(const char *filename);

-char *opt_init(int ac, char **av, const OPTIONS * o);

+char *opt_init(int ac, char **av, const OPTIONS *o);

char *opt_progname(const char *argv0);

char *opt_appname(const char *argv0);

char *opt_getprog(void);

-void opt_help(const OPTIONS * list);

+void opt_help(const OPTIONS *list);

void opt_begin(void);

int opt_next(void);

@@ -383,7 +392,7 @@ int opt_format(const char *s, unsigned long flags, int *result);

void print_format_error(int format, unsigned long flags);

int opt_printf_stderr(const char *fmt, ...);

int opt_string(const char *name, const char **options);

-int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);

+int opt_pair(const char *arg, const OPT_PAIR *pairs, int *result);

int opt_verify(int i, X509_VERIFY_PARAM *vpm);

int opt_rand(int i);

@@ -396,5 +405,4 @@ int opt_num_rest(void);

/* Returns non-zero if legacy paths are still available */

int opt_legacy_okay(void);

#endif /* OSSL_APPS_OPT_H */

diff --git a/apps/include/platform.h b/apps/include/platform.h
index 491559df3152..807431936e21 100644
--- a/apps/include/platform.h
+++ b/apps/include/platform.h

@@ -8,25 +8,25 @@

#ifndef OSSL_APPS_PLATFORM_H

-# define OSSL_APPS_PLATFORM_H

+#define OSSL_APPS_PLATFORM_H

-# include <openssl/e_os2.h>

+#include <openssl/e_os2.h>

-# if defined(OPENSSL_SYS_VMS) && defined(__DECC)

+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)

* VMS C only for now, implemented in vms_decc_init.c

* If other C compilers forget to terminate argv with NULL, this function

* can be re-used.

char **copy_argv(int *argc, char *argv[]);

-# endif

+#endif

-# ifdef _WIN32

+#ifdef _WIN32

* Win32-specific argv initialization that splits OS-supplied UNICODE

* command line string to array of UTF8-encoded strings.

void win32_utf8argv(int *argc, char **argv[]);

-# endif

+#endif

#endif

diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h
index d610df40be3f..b69a07fe7112 100644
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h

@@ -12,53 +12,53 @@

#include <openssl/ssl.h>

#include <openssl/srp.h>

-#define PORT "4433"

-#define PROTOCOL "tcp"

+#define PORT "4433"

+#define PROTOCOL "tcp"

typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);

int report_server_accept(BIO *out, int asock, int with_address, int with_pid);

int do_server(int *accept_sock, const char *host, const char *port,

- int family, int type, int protocol, do_server_cb cb,

- unsigned char *context, int naccept, BIO *bio_s_out);

+ int family, int type, int protocol, do_server_cb cb,

+ unsigned char *context, int naccept, BIO *bio_s_out);

int verify_callback(int ok, X509_STORE_CTX *ctx);

int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);

int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,

- STACK_OF(X509) *chain, int build_chain);

+ STACK_OF(X509) *chain, int build_chain);

int ssl_print_sigalgs(BIO *out, SSL *s);

int ssl_print_point_formats(BIO *out, SSL *s);

int ssl_print_groups(BIO *out, SSL *s, int noshared);

int ssl_print_tmp_key(BIO *out, SSL *s);

int init_client(int *sock, const char *host, const char *port,

- const char *bindhost, const char *bindport,

- int family, int type, int protocol);

+ const char *bindhost, const char *bindport,

+ int family, int type, int protocol);

int should_retry(int i);

void do_ssl_shutdown(SSL *ssl);

long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len,

- int argi, long argl, int ret, size_t *processed);

+ int argi, long argl, int ret, size_t *processed);

void apps_ssl_info_callback(const SSL *s, int where, int ret);

void msg_cb(int write_p, int version, int content_type, const void *buf,

- size_t len, SSL *ssl, void *arg);

+ size_t len, SSL *ssl, void *arg);

void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data,

- int len, void *arg);

+ int len, void *arg);

int generate_cookie_callback(SSL *ssl, unsigned char *cookie,

- unsigned int *cookie_len);

+ unsigned int *cookie_len);

int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,

- unsigned int cookie_len);

+ unsigned int cookie_len);

-#ifdef __VMS /* 31 char symbol name limit */

-# define generate_stateless_cookie_callback generate_stateless_cookie_cb

-# define verify_stateless_cookie_callback verify_stateless_cookie_cb

+#ifdef __VMS /* 31 char symbol name limit */

+#define generate_stateless_cookie_callback generate_stateless_cookie_cb

+#define verify_stateless_cookie_callback verify_stateless_cookie_cb

#endif

int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,

- size_t *cookie_len);

+ size_t *cookie_len);

int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,

- size_t cookie_len);

+ size_t cookie_len);

typedef struct ssl_excert_st SSL_EXCERT;

@@ -70,12 +70,12 @@ void print_verify_detail(SSL *s, BIO *bio);

void print_ssl_summary(SSL *s);

int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx);

int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,

- int crl_download);

+ int crl_download);

int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,

- const char *vfyCAfile, const char *vfyCAstore,

- const char *chCApath, const char *chCAfile,

- const char *chCAstore, STACK_OF(X509_CRL) *crls,

- int crl_download);

+ const char *vfyCAfile, const char *vfyCAstore,

+ const char *chCApath, const char *chCAfile,

+ const char *chCAstore, STACK_OF(X509_CRL) *crls,

+ int crl_download);

void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);

int set_keylog_file(SSL_CTX *ctx, const char *keylog_file);

void print_ca_names(BIO *bio, SSL *s);

@@ -85,14 +85,14 @@ void print_ca_names(BIO *bio, SSL *s);

typedef struct srp_arg_st {

char *srppassin;

char *srplogin;

- int msg; /* copy from c_msg */

- int debug; /* copy from c_debug */

- int amp; /* allow more groups */

- int strength; /* minimal size for N */

+ int msg; /* copy from c_msg */

+ int debug; /* copy from c_debug */

+ int amp; /* allow more groups */

+ int strength; /* minimal size for N */

} SRP_ARG;

int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg,

- int c_debug);

+ int c_debug);

void set_up_dummy_srp(SSL_CTX *ctx);

/* The server side SRP context that we pass to all SRP related callbacks */

@@ -103,6 +103,6 @@ typedef struct srpsrvparm_st {

} srpsrvparm;

int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm,

- char *srpuserseed, char *srp_verifier_file);

+ char *srpuserseed, char *srp_verifier_file);

void lookup_srp_user(srpsrvparm *srp_callback_parm, BIO *bio_s_out);

#endif /* OPENSSL_NO_SRP */

diff --git a/apps/include/vms_term_sock.h b/apps/include/vms_term_sock.h
index eae37b1af931..6e0cda9a3001 100644
--- a/apps/include/vms_term_sock.h
+++ b/apps/include/vms_term_sock.h

@@ -9,23 +9,23 @@

#ifndef OSSL_APPS_VMS_TERM_SOCK_H

-# define OSSL_APPS_VMS_TERM_SOCK_H

+#define OSSL_APPS_VMS_TERM_SOCK_H

** Terminal Socket Function Codes

-# define TERM_SOCK_CREATE 1

-# define TERM_SOCK_DELETE 2

+#define TERM_SOCK_CREATE 1

+#define TERM_SOCK_DELETE 2

** Terminal Socket Status Codes

-# define TERM_SOCK_FAILURE 0

-# define TERM_SOCK_SUCCESS 1

+#define TERM_SOCK_FAILURE 0

+#define TERM_SOCK_SUCCESS 1

** Terminal Socket Prototype

-int TerminalSocket (int FunctionCode, int *ReturnSocket);

+int TerminalSocket(int FunctionCode, int *ReturnSocket);

#endif