Fix copyright, convert boringssl comments to C style

author: beck <> 2023-04-28 09:02:04 +0000
committer: beck <> 2023-04-28 09:02:04 +0000
commit: aa9e472d9d72843ea797751bd80410137bf694ff (patch)
tree: 4fa8e0490130f093beec907baf0aa4745ece9148 /src/regress/lib
parent: ea474aeeb62acfb8478e77decfbe0e24b92352b8 (diff)
download: openbsd-aa9e472d9d72843ea797751bd80410137bf694ff.tar.gz
openbsd-aa9e472d9d72843ea797751bd80410137bf694ff.tar.bz2
openbsd-aa9e472d9d72843ea797751bd80410137bf694ff.zip
1 files changed, 51 insertions, 30 deletions
diff --git a/src/regress/lib/libcrypto/x509/policy/policy.c b/src/regress/lib/libcrypto/x509/policy/policy.c
index 5524be2b05..bffc982f8a 100644
--- a/src/regress/lib/libcrypto/x509/policy/policy.c
+++ b/src/regress/lib/libcrypto/x509/policy/policy.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: policy.c,v 1.7 2023/04/28 08:53:20 beck Exp $ */
+/* $OpenBSD: policy.c,v 1.8 2023/04/28 09:02:04 beck Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
- * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2020-2023 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@@ -212,8 +212,13 @@ struct verify_cert_test {
 };
 struct verify_cert_test verify_cert_tests[] = {
-        // Comments here are from boringssl/crypto/x509/x509_test.cc
+        /*
-        // The chain is good for |oid1| and |oid2|, but not |oid3|.
+         * Comments here are from boringssl/crypto/x509/x509_test.cc
+         * certs were generated by
+         * boringssl/crypto/x509/test/make_policy_certs.go
+         */
+        /* The chain is good for |oid1| and |oid2|, but not |oid3|. */
        {
                .id = "nothing  in 1 and 2",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -272,7 +277,7 @@ struct verify_cert_test verify_cert_tests[] = {
                .policy_oid_to_check2 = OID3,
                .want_chains = 1,
        },
-        // The policy extension cannot be parsed.
+        /*  The policy extension cannot be parsed. */
        {
                .id = "1 in invalid intermediate poicy",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -323,7 +328,7 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
                .want_legacy_error_depth = 0,
        },
-        // There is a duplicate policy in the leaf policy extension.
+        /*  There is a duplicate policy in the leaf policy extension. */
        {
                .id = "1 in duplicate policy extension in leaf",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -337,7 +342,7 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
                .want_legacy_error_depth = 0,
        },
-        // There is a duplicate policy in the intermediate policy extension.
+        /*  There is a duplicate policy in the intermediate policy extension. */
        {
                .id = "1 in duplicate policy extension in intermediate",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -351,9 +356,11 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
                .want_legacy_error_depth = 0,
        },
-        // Without |X509_V_FLAG_EXPLICIT_POLICY|, the policy tree is built and
+        /*
-        // intersected with user-specified policies, but it is not required to result
+         * Without |X509_V_FLAG_EXPLICIT_POLICY|, the policy tree is built and
-        // in any valid policies.
+         * intersected with user-specified policies, but it is not required to result
+         * in any valid policies.
+         */
        {
                .id = "nothing with explicit_policy unset",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -369,7 +376,7 @@ struct verify_cert_test verify_cert_tests[] = {
                .policy_oid_to_check = OID3,
                .want_chains = 1,
        },
-        // However, a CA with policy constraints can require an explicit policy.
+        /*  However, a CA with policy constraints can require an explicit policy. */
        {
                .id = "oid1 with explicit_policy unset, intermediate requiring policy",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -390,9 +397,11 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
                .want_legacy_error_depth = 0,
        },
-        // requireExplicitPolicy applies even if the application does not configure a
+        /*
-        // user-initial-policy-set. If the validation results in no policies, the
+         * requireExplicitPolicy applies even if the application does not configure a
-        // chain is invalid.
+         * user-initial-policy-set. If the validation results in no policies, the
+         * chain is invalid.
+         */
        {
                .id = "nothing explict_policy unset, with intermediate requiring policy",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -404,7 +413,7 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
                .want_legacy_error_depth = 0,
        },
-        // A leaf can also set requireExplicitPolicy but should work with none
+        /* A leaf can also set requireExplicitPolicy but should work with none */
        {
                .id = "nothing explicit_policy unset, with leaf requiring policy",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -412,7 +421,7 @@ struct verify_cert_test verify_cert_tests[] = {
                .leaf_file = CERTSDIR "/" "policy_leaf_require.pem",
                .want_chains = 1,
        },
-        // A leaf can also set requireExplicitPolicy but should fail with policy
+        /* A leaf can also set requireExplicitPolicy but should fail with policy */
        {
                .id = "oid3, explicit policy unset,  with leaf requiring policy",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -425,8 +434,10 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
                .want_legacy_error_depth = 0,
        },
-        // requireExplicitPolicy is a count of certificates to skip. If the value is
+        /*
-        // not zero by the end of the chain, it doesn't count.
+         * requireExplicitPolicy is a count of certificates to skip. If the value is
+         * not zero by the end of the chain, it doesn't count.
+         */
        {
                .id = "oid3, with intermediate requiring explicit depth 1",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -456,8 +467,10 @@ struct verify_cert_test verify_cert_tests[] = {
                .policy_oid_to_check = OID3,
                .want_chains = 1,
        },
-        // If multiple certificates specify the constraint, the more constrained value
+        /*
-        // wins.
+         * If multiple certificates specify the constraint, the more constrained value
+         * wins.
+         */
        {
                .id = "oid3, with leaf and intermediate requiring explicit depth 1",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -484,8 +497,10 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
                .want_legacy_error_depth = 0,
        },
-        // An intermediate that requires an explicit policy, but then specifies no
+        /*
-        // policies should fail verification as a result.
+         * An intermediate that requires an explicit policy, but then specifies no
+         * policies should fail verification as a result.
+         */
        {
                .id = "oid1 with explicit_policy unset, intermediate requiring policy but specifying none",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -498,8 +513,10 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
                .want_legacy_error_depth = 0,
        },
-        // A constrained intermediate's policy extension has a duplicate policy, which
+        /*
-        // is invalid. Historically this, and the above case, leaked memory.
+         * A constrained intermediate's policy extension has a duplicate policy, which
+         * is invalid. Historically this, and the above case, leaked memory.
+         */
        {
                .id = "oid1 with explicit_policy unset, intermediate requiring policy but has duplicate",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -512,9 +529,10 @@ struct verify_cert_test verify_cert_tests[] = {
                .want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
                .want_legacy_error_depth = 0,
        },
-        // The leaf asserts anyPolicy, but the intermediate does not. The resulting
+        /*
-        // valid policies are the intersection.
+         * The leaf asserts anyPolicy, but the intermediate does not. The resulting
-        // (and vice versa)
+         * valid policies are the intersection.(and vice versa)
+         */
        {
                .id = "oid1, with explicit_policy set, with leaf asserting any",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -533,7 +551,7 @@ struct verify_cert_test verify_cert_tests[] = {
                .verify_flags = X509_V_FLAG_EXPLICIT_POLICY,
                .want_chains = 1,
        },
-        // Both assert anyPolicy. All policies are valid.
+        /* Both assert anyPolicy. All policies are valid. */
        {
                .id = "oid1, with explicit_policy set, with leaf and intermediate asserting any",
                .root_file = CERTSDIR "/" "policy_root.pem",
@@ -552,8 +570,11 @@ struct verify_cert_test verify_cert_tests[] = {
                .verify_flags = X509_V_FLAG_EXPLICIT_POLICY,
                .want_chains = 1,
        },
-        // boring tests just a trust anchor but behaves differently in this corner case.
+        /*
-        // for reasons that have nothing to do wiht policy
+         * BoringSSL tests just a trust anchor but behaves differently in this corner case.
+         * than libressl for reasons that have nothing to do with policy (because parital
+         * chains and legacy verifier horror)
+         */
 };
 #define N_VERIFY_CERT_TESTS \
author	beck <>	2023-04-28 09:02:04 +0000
committer	beck <>	2023-04-28 09:02:04 +0000
commit	aa9e472d9d72843ea797751bd80410137bf694ff (patch)
tree	4fa8e0490130f093beec907baf0aa4745ece9148 /src/regress/lib
parent	ea474aeeb62acfb8478e77decfbe0e24b92352b8 (diff)
download	openbsd-aa9e472d9d72843ea797751bd80410137bf694ff.tar.gz openbsd-aa9e472d9d72843ea797751bd80410137bf694ff.tar.bz2 openbsd-aa9e472d9d72843ea797751bd80410137bf694ff.zip