From b4d45f74c4d393f2bc2272fd51b536d4eae63ccd Mon Sep 17 00:00:00 2001
From: beck <beck@openbsd.org>
Date: Fri, 28 Apr 2023 09:02:04 +0000
Subject: [PATCH] Fix copyright, convert boringssl comments to C style

---
 regress/lib/libcrypto/x509/policy/policy.c | 81 ++++++++++++++--------
 1 file changed, 51 insertions(+), 30 deletions(-)

diff --git a/regress/lib/libcrypto/x509/policy/policy.c b/regress/lib/libcrypto/x509/policy/policy.c
index 5524be2b059..bffc982f8ad 100644
--- a/regress/lib/libcrypto/x509/policy/policy.c
+++ b/regress/lib/libcrypto/x509/policy/policy.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: policy.c,v 1.7 2023/04/28 08:53:20 beck Exp $ */
+/* $OpenBSD: policy.c,v 1.8 2023/04/28 09:02:04 beck Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
- * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2020-2023 Bob Beck <beck@openbsd.org>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -212,8 +212,13 @@ struct verify_cert_test {
 };
 
 struct verify_cert_test verify_cert_tests[] = {
-	// Comments here are from boringssl/crypto/x509/x509_test.cc
-	// The chain is good for |oid1| and |oid2|, but not |oid3|.
+	/*
+	 * Comments here are from boringssl/crypto/x509/x509_test.cc
+	 * certs were generated by
+	 * boringssl/crypto/x509/test/make_policy_certs.go
+	 */
+
+	/* The chain is good for |oid1| and |oid2|, but not |oid3|. */
 	{
 		.id = "nothing  in 1 and 2",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -272,7 +277,7 @@ struct verify_cert_test verify_cert_tests[] = {
 		.policy_oid_to_check2 = OID3,
 		.want_chains = 1,
 	},
-	// The policy extension cannot be parsed.
+	/*  The policy extension cannot be parsed. */
 	{
 		.id = "1 in invalid intermediate poicy",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -323,7 +328,7 @@ struct verify_cert_test verify_cert_tests[] = {
 		.want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
 		.want_legacy_error_depth = 0,
 	},
-	// There is a duplicate policy in the leaf policy extension.
+	/*  There is a duplicate policy in the leaf policy extension. */
 	{
 		.id = "1 in duplicate policy extension in leaf",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -337,7 +342,7 @@ struct verify_cert_test verify_cert_tests[] = {
 		.want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
 		.want_legacy_error_depth = 0,
 	},
-	// There is a duplicate policy in the intermediate policy extension.
+	/*  There is a duplicate policy in the intermediate policy extension. */
 	{
 		.id = "1 in duplicate policy extension in intermediate",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -351,9 +356,11 @@ struct verify_cert_test verify_cert_tests[] = {
 		.want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
 		.want_legacy_error_depth = 0,
 	},
-	// Without |X509_V_FLAG_EXPLICIT_POLICY|, the policy tree is built and
-	// intersected with user-specified policies, but it is not required to result
-	// in any valid policies.
+	/*
+	 * Without |X509_V_FLAG_EXPLICIT_POLICY|, the policy tree is built and
+	 * intersected with user-specified policies, but it is not required to result
+	 * in any valid policies.
+	 */
 	{
 		.id = "nothing with explicit_policy unset",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -369,7 +376,7 @@ struct verify_cert_test verify_cert_tests[] = {
 		.policy_oid_to_check = OID3,
 		.want_chains = 1,
 	},
-	// However, a CA with policy constraints can require an explicit policy.
+	/*  However, a CA with policy constraints can require an explicit policy. */
 	{
 		.id = "oid1 with explicit_policy unset, intermediate requiring policy",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -390,9 +397,11 @@ struct verify_cert_test verify_cert_tests[] = {
 		.want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
 		.want_legacy_error_depth = 0,
 	},
-	// requireExplicitPolicy applies even if the application does not configure a
-	// user-initial-policy-set. If the validation results in no policies, the
-	// chain is invalid.
+	/*
+	 * requireExplicitPolicy applies even if the application does not configure a
+	 * user-initial-policy-set. If the validation results in no policies, the
+	 * chain is invalid.
+	 */
 	{
 		.id = "nothing explict_policy unset, with intermediate requiring policy",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -404,7 +413,7 @@ struct verify_cert_test verify_cert_tests[] = {
 		.want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
 		.want_legacy_error_depth = 0,
 	},
-	// A leaf can also set requireExplicitPolicy but should work with none
+	/* A leaf can also set requireExplicitPolicy but should work with none */
 	{
 		.id = "nothing explicit_policy unset, with leaf requiring policy",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -412,7 +421,7 @@ struct verify_cert_test verify_cert_tests[] = {
 		.leaf_file = CERTSDIR "/" "policy_leaf_require.pem",
 		.want_chains = 1,
 	},
-	// A leaf can also set requireExplicitPolicy but should fail with policy
+	/* A leaf can also set requireExplicitPolicy but should fail with policy */
 	{
 		.id = "oid3, explicit policy unset,  with leaf requiring policy",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -425,8 +434,10 @@ struct verify_cert_test verify_cert_tests[] = {
 		.want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
 		.want_legacy_error_depth = 0,
 	},
-	// requireExplicitPolicy is a count of certificates to skip. If the value is
-	// not zero by the end of the chain, it doesn't count.
+	/*
+	 * requireExplicitPolicy is a count of certificates to skip. If the value is
+	 * not zero by the end of the chain, it doesn't count.
+	 */
 	{
 		.id = "oid3, with intermediate requiring explicit depth 1",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -456,8 +467,10 @@ struct verify_cert_test verify_cert_tests[] = {
 		.policy_oid_to_check = OID3,
 		.want_chains = 1,
 	},
-	// If multiple certificates specify the constraint, the more constrained value
-	// wins.
+	/*
+	 * If multiple certificates specify the constraint, the more constrained value
+	 * wins.
+	 */
 	{
 		.id = "oid3, with leaf and intermediate requiring explicit depth 1",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -484,8 +497,10 @@ struct verify_cert_test verify_cert_tests[] = {
 		.want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
 		.want_legacy_error_depth = 0,
 	},
-	// An intermediate that requires an explicit policy, but then specifies no
-	// policies should fail verification as a result.
+	/*
+	 * An intermediate that requires an explicit policy, but then specifies no
+	 * policies should fail verification as a result.
+	 */
 	{
 		.id = "oid1 with explicit_policy unset, intermediate requiring policy but specifying none",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -498,8 +513,10 @@ struct verify_cert_test verify_cert_tests[] = {
 		.want_legacy_error = X509_V_ERR_NO_EXPLICIT_POLICY,
 		.want_legacy_error_depth = 0,
 	},
-	// A constrained intermediate's policy extension has a duplicate policy, which
-	// is invalid. Historically this, and the above case, leaked memory.
+	/*
+	 * A constrained intermediate's policy extension has a duplicate policy, which
+	 * is invalid. Historically this, and the above case, leaked memory.
+	 */
 	{
 		.id = "oid1 with explicit_policy unset, intermediate requiring policy but has duplicate",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -512,9 +529,10 @@ struct verify_cert_test verify_cert_tests[] = {
 		.want_legacy_error = X509_V_ERR_INVALID_POLICY_EXTENSION,
 		.want_legacy_error_depth = 0,
 	},
-	// The leaf asserts anyPolicy, but the intermediate does not. The resulting
-	// valid policies are the intersection.
-	// (and vice versa)
+	/*
+	 * The leaf asserts anyPolicy, but the intermediate does not. The resulting
+	 * valid policies are the intersection.(and vice versa)
+	 */
 	{
 		.id = "oid1, with explicit_policy set, with leaf asserting any",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -533,7 +551,7 @@ struct verify_cert_test verify_cert_tests[] = {
 		.verify_flags = X509_V_FLAG_EXPLICIT_POLICY,
 		.want_chains = 1,
 	},
-	// Both assert anyPolicy. All policies are valid.
+	/* Both assert anyPolicy. All policies are valid. */
 	{
 		.id = "oid1, with explicit_policy set, with leaf and intermediate asserting any",
 		.root_file = CERTSDIR "/" "policy_root.pem",
@@ -552,8 +570,11 @@ struct verify_cert_test verify_cert_tests[] = {
 		.verify_flags = X509_V_FLAG_EXPLICIT_POLICY,
 		.want_chains = 1,
 	},
-	// boring tests just a trust anchor but behaves differently in this corner case.
-	// for reasons that have nothing to do wiht policy
+	/*
+	 * BoringSSL tests just a trust anchor but behaves differently in this corner case.
+	 * than libressl for reasons that have nothing to do with policy (because parital
+	 * chains and legacy verifier horror)
+	 */
 };
 
 #define N_VERIFY_CERT_TESTS \
-- 
2.20.1