From: Tim Hudson Date: Sun, 28 Dec 2014 02:48:40 +0000 (+1000) Subject: mark all block comments that need format preserving so that X-Git-Tag: OpenSSL_0_9_8-post-reformat~43 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b558c8d59782dab2809a1530cbbcd9f38785302b;p=oweals%2Fopenssl.git mark all block comments that need format preserving so that indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Conflicts: crypto/rc4/rc4_enc.c crypto/x509v3/v3_scts.c crypto/x509v3/v3nametest.c ssl/d1_both.c ssl/s3_srvr.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_lib.c Conflicts: crypto/asn1/a_sign.c crypto/bn/bn_div.c crypto/dsa/dsa_asn1.c crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/modes/gcm128.c crypto/opensslv.h ssl/d1_both.c ssl/heartbeat_test.c ssl/s3_clnt.c ssl/s3_srvr.c ssl/ssl_sess.c ssl/t1_lib.c test/testutil.h Conflicts: apps/openssl.c apps/ts.c apps/vms_decc_init.c crypto/aes/aes_core.c crypto/aes/aes_x86core.c crypto/dsa/dsa_ameth.c crypto/ec/ec2_mult.c crypto/evp/evp.h crypto/objects/objects.h crypto/rsa/rsa_pss.c crypto/stack/safestack.h crypto/ts/ts.h crypto/ts/ts_rsp_verify.c crypto/whrlpool/wp_dgst.c crypto/x509v3/v3_ncons.c e_os2.h engines/ccgost/gost89.c engines/ccgost/gost_ctl.c engines/ccgost/gost_keywrap.c engines/ccgost/gost_keywrap.h engines/ccgost/gost_sign.c ssl/kssl.c ssl/s3_srvr.c Reviewed-by: Tim Hudson --- diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 305cdfc6af..d92c0eb44e 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -69,7 +69,8 @@ #include #include -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -in arg - input file - default stdin * -i - indent the details by depth * -offset - where in the file to start diff --git a/apps/ca.c b/apps/ca.c index 45c3183b9b..37d1755e53 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2780,7 +2780,8 @@ char *make_revocation_str(int rev_type, char *rev_arg) return str; } -/* Convert revocation field to X509_REVOKED entry +/*- + * Convert revocation field to X509_REVOKED entry * return code: * 0 error * 1 OK diff --git a/apps/crl2p7.c b/apps/crl2p7.c index f164a3ad94..eb7c6bfa0c 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -76,7 +76,8 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); #undef PROG #define PROG crl2pkcs7_main -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/dh.c b/apps/dh.c index 7e45bd3356..3595a8e88f 100644 --- a/apps/dh.c +++ b/apps/dh.c @@ -74,7 +74,8 @@ #undef PROG #define PROG dh_main -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/dhparam.c b/apps/dhparam.c index 4a9594ea46..9175b28270 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -132,7 +132,8 @@ #define DEFBITS 512 -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/dsa.c b/apps/dsa.c index 5e68a56cfd..8833f44cfb 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -74,7 +74,8 @@ #undef PROG #define PROG dsa_main -/* -inform arg - input format - default PEM (one of DER, NET or PEM) +/*- + * -inform arg - input format - default PEM (one of DER, NET or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/dsaparam.c b/apps/dsaparam.c index fe72c1d3df..7b8c4bada7 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -80,7 +80,8 @@ #undef PROG #define PROG dsaparam_main -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/ec.c b/apps/ec.c index 6b3d3ad91b..0bb148161f 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -70,7 +70,8 @@ #undef PROG #define PROG ec_main -/* -inform arg - input format - default PEM (one of DER, NET or PEM) +/*- + * -inform arg - input format - default PEM (one of DER, NET or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/ecparam.c b/apps/ecparam.c index 2d3fd30324..bba8229619 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -87,7 +87,8 @@ #undef PROG #define PROG ecparam_main -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/passwd.c b/apps/passwd.c index 9ca25dd1da..8e65ed7cbb 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -43,7 +43,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, char *passwd, BIO *out, int quiet, int table, int reverse, size_t pw_maxlen, int usecrypt, int use1, int useapr1); -/* -crypt - standard Unix password algorithm (default) +/*- + * -crypt - standard Unix password algorithm (default) * -1 - MD5-based password algorithm * -apr1 - MD5-based password algorithm, Apache variant * -salt string - salt diff --git a/apps/rand.c b/apps/rand.c index 790e79592c..dc931596fd 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -66,7 +66,8 @@ #undef PROG #define PROG rand_main -/* -out file - write to file +/*- + * -out file - write to file * -rand file:file - PRNG seed files * -base64 - base64 encode output * -hex - hex encode output diff --git a/apps/req.c b/apps/req.c index afabd6ca78..a6d180e973 100644 --- a/apps/req.c +++ b/apps/req.c @@ -105,7 +105,8 @@ #undef PROG #define PROG req_main -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/rsa.c b/apps/rsa.c index 930f1f038a..e20f5f8e06 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -74,7 +74,8 @@ #undef PROG #define PROG rsa_main -/* -inform arg - input format - default PEM (one of DER, NET or PEM) +/*- + * -inform arg - input format - default PEM (one of DER, NET or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/s_socket.c b/apps/s_socket.c index 6d1d7d749d..3be3dccfc3 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -423,7 +423,7 @@ redoit: return(0); } -/* +/*- ling.l_onoff=1; ling.l_linger=0; i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); diff --git a/apps/spkac.c b/apps/spkac.c index 0e01ea9947..149db1784b 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -73,7 +73,8 @@ #undef PROG #define PROG spkac_main -/* -in arg - input file - default stdin +/*- + * -in arg - input file - default stdin * -out arg - output file - default stdout */ diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index cffdd4daec..8180d98da9 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -43,7 +43,7 @@ #include "aes_locl.h" -/* +/*- Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; Te2[x] = S [x].[01, 03, 02, 01]; diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 159681fbcb..99c360860b 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -54,7 +54,8 @@ */ -/* This is an implementation of the ASN1 Time structure which is: +/*- + * This is an implementation of the ASN1 Time structure which is: * Time ::= CHOICE { * utcTime UTCTime, * generalTime GeneralizedTime } diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c index 508e11e527..2105306fea 100644 --- a/crypto/asn1/a_utf8.c +++ b/crypto/asn1/a_utf8.c @@ -63,7 +63,8 @@ /* UTF8 utilities */ -/* This parses a UTF8 string one character at a time. It is passed a pointer +/*- + * This parses a UTF8 string one character at a time. It is passed a pointer * to the string and the length of the string. It sets 'value' to the value of * the current character. It returns the number of characters read or a * negative error code: diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index bd7af2d509..113145820d 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -353,7 +353,8 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; TYPEDEF_D2I2D_OF(void); -/* The following macros and typedefs allow an ASN1_ITEM +/*- + * The following macros and typedefs allow an ASN1_ITEM * to be embedded in a structure and referenced. Since * the ASN1_ITEM pointers need to be globally accessible * (possibly from shared libraries) they may exist in diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h index ac14f9415b..574282b26c 100644 --- a/crypto/asn1/asn1t.h +++ b/crypto/asn1/asn1t.h @@ -129,7 +129,8 @@ extern "C" { /* This is a ASN1 type which just embeds a template */ -/* This pair helps declare a SEQUENCE. We can do: +/*- + * This pair helps declare a SEQUENCE. We can do: * * ASN1_SEQUENCE(stname) = { * ... SEQUENCE components ... @@ -219,7 +220,8 @@ extern "C" { ASN1_ITEM_end(tname) -/* This pair helps declare a CHOICE type. We can do: +/*- + * This pair helps declare a CHOICE type. We can do: * * ASN1_CHOICE(chname) = { * ... CHOICE options ... diff --git a/crypto/asn1/x_attrib.c b/crypto/asn1/x_attrib.c index 1e3713f18f..04ae991115 100644 --- a/crypto/asn1/x_attrib.c +++ b/crypto/asn1/x_attrib.c @@ -62,7 +62,8 @@ #include #include -/* X509_ATTRIBUTE: this has the following form: +/*- + * X509_ATTRIBUTE: this has the following form: * * typedef struct x509_attributes_st * { diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c index 59ca8ce329..ac9a320fc1 100644 --- a/crypto/asn1/x_req.c +++ b/crypto/asn1/x_req.c @@ -61,7 +61,8 @@ #include #include -/* X509_REQ_INFO is handled in an unusual way to get round +/*- + * X509_REQ_INFO is handled in an unusual way to get round * invalid encodings. Some broken certificate requests don't * encode the attributes field if it is empty. This is in * violation of PKCS#10 but we need to tolerate it. We do diff --git a/crypto/bf/blowfish.h b/crypto/bf/blowfish.h index d24ffccb65..960645abe7 100644 --- a/crypto/bf/blowfish.h +++ b/crypto/bf/blowfish.h @@ -72,7 +72,7 @@ extern "C" { #define BF_ENCRYPT 1 #define BF_DECRYPT 0 -/* +/*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! * ! BF_LONG_LOG2 has to be defined along. ! diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 3a87b0ec0b..06202552d6 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -94,7 +94,7 @@ * on all source code distributions. */ -/* +/*- * This code contains numerious changes and enhancements which were * made by lots of contributors over the last years to Patrick Powell's * original code: diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index 03bd3b2875..875c3950a0 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -188,7 +188,8 @@ extern "C" { #define BIO_GHBN_CTRL_FLUSH 5 /* Mostly used in the SSL BIO */ -/* Not used anymore +/*- + * Not used anymore * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 @@ -322,7 +323,8 @@ DECLARE_STACK_OF(BIO) typedef struct bio_f_buffer_ctx_struct { - /* Buffers are setup like this: + /*- + * Buffers are setup like this: * * <---------------------- size -----------------------> * +---------------------------------------------------+ @@ -661,7 +663,8 @@ int BIO_dump_fp(FILE *fp, const char *s, int len); int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); #endif struct hostent *BIO_gethostbyname(const char *name); -/* We might want a thread-safe interface too: +/*- + * We might want a thread-safe interface too: * struct hostent *BIO_gethostbyname_r(const char *name, * struct hostent *result, void *buffer, size_t buflen); * or something similar (caller allocates a struct hostent, diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index e7fb892eaa..3411582e0d 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -436,7 +436,7 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ret=(long)data->bind_mode; break; case BIO_CTRL_DUP: -/* dbio=(BIO *)ptr; +/*- dbio=(BIO *)ptr; if (data->param_port) EAY EAY BIO_set_port(dbio,data->param_port); if (data->param_hostname) diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 76bd48e767..66a2388382 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -269,7 +269,8 @@ static int bio_read(BIO *bio, char *buf, int size_) return size; } -/* non-copying interface: provide pointer to available data in buffer +/*- + * non-copying interface: provide pointer to available data in buffer * bio_nread0: return number of available bytes * bio_nread: also advance index * (example usage: bio_nread0(), read from buffer, bio_nread() @@ -422,7 +423,8 @@ static int bio_write(BIO *bio, const char *buf, int num_) return num; } -/* non-copying interface: provide pointer to region to write to +/*- + * non-copying interface: provide pointer to region to write to * bio_nwrite0: check how much space is available * bio_nwrite: also increase length * (example usage: bio_nwrite0(), write to buffer, bio_nwrite() diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index eba8304f0a..e65ddef20a 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -2,7 +2,7 @@ #ifdef __SUNPRO_C # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ #else -/* +/*- * x86_64 BIGNUM accelerator version 0.1, December 2002. * * Implemented by Andy Polyakov for the OpenSSL @@ -61,7 +61,7 @@ #undef mul_add #undef sqr -/* +/*- * "m"(a), "+m"(r) is the way to favor DirectPath ยต-code; * "g"(0) let the compiler to decide where does it * want to keep the value of zero; diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 688a4e7e86..a9ec4c5214 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -670,7 +670,8 @@ BIGNUM *bn_expand2(BIGNUM *a, int words); BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ #endif -/* Bignum consistency macros +/*- + * Bignum consistency macros * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from * bignum data after direct manipulations on the data. There is also an * "internal" macro, bn_check_top(), for verifying that there are no leading diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index 9405163706..042103ccac 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -69,7 +69,8 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) bn_check_top(a); bn_check_top(b); - /* a + b a+b + /*- + * a + b a+b * a + -b a-b * -a + b b-a * -a + -b -(a+b) @@ -269,7 +270,8 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) bn_check_top(a); bn_check_top(b); - /* a - b a-b + /*- + * a - b a-b * a - -b a+b * -a - b -(a+b) * -a - -b b-a diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 78c6507113..c1047e8141 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -169,7 +169,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, #endif /* OPENSSL_NO_ASM */ -/* BN_div[_no_branch] computes dv := num / divisor, rounding towards +/*- + * BN_div[_no_branch] computes dv := num / divisor, rounding towards * zero, and sets up rm such that dv*divisor + rm = num holds. * Thus: * dv->neg == num->neg ^ divisor->neg (unless the result is zero) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 2e1e4e7fd8..a8276adeb4 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -170,7 +170,8 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, bn_check_top(p); bn_check_top(m); - /* For even modulus m = 2^k*m_odd, it might make sense to compute + /*- + * For even modulus m = 2^k*m_odd, it might make sense to compute * a^p mod m_odd and a^p mod 2^k separately (with Montgomery * exponentiation for the odd part), using appropriate exponent * reductions, and combine the results using the CRT. diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 4a352119ba..8ff0439370 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -246,7 +246,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, if (!BN_nnmod(B, B, A, ctx)) goto err; } sign = -1; - /* From B = a mod |n|, A = |n| it follows that + /*- + * From B = a mod |n|, A = |n| it follows that * * 0 <= B < A, * -sign*X*a == B (mod |n|), @@ -263,7 +264,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, while (!BN_is_zero(B)) { - /* + /*- * 0 < B < |n|, * 0 < A <= |n|, * (1) -sign*X*a == B (mod |n|), @@ -310,7 +311,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, } - /* We still have (1) and (2). + /*- + * We still have (1) and (2). * Both A and B are odd. * The following computations ensure that * @@ -346,7 +348,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, { BIGNUM *tmp; - /* + /*- * 0 < B < A, * (*) -sign*X*a == B (mod |n|), * sign*Y*a == A (mod |n|) @@ -393,7 +395,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, if (!BN_div(D,M,A,B,ctx)) goto err; } - /* Now + /*- + * Now * A = D*B + M; * thus we have * (**) sign*Y*a == D*B + M (mod |n|). @@ -406,7 +409,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, B=M; /* ... so we have 0 <= B < A again */ - /* Since the former M is now B and the former B is now A, + /*- + * Since the former M is now B and the former B is now A, * (**) translates into * sign*Y*a == D*A + B (mod |n|), * i.e. @@ -459,7 +463,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, } } - /* + /*- * The while loop (Euclid's algorithm) ends when * A == gcd(a,n); * we have @@ -547,7 +551,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, if (!BN_nnmod(B, pB, A, ctx)) goto err; } sign = -1; - /* From B = a mod |n|, A = |n| it follows that + /*- + * From B = a mod |n|, A = |n| it follows that * * 0 <= B < A, * -sign*X*a == B (mod |n|), @@ -558,7 +563,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, { BIGNUM *tmp; - /* + /*- * 0 < B < A, * (*) -sign*X*a == B (mod |n|), * sign*Y*a == A (mod |n|) @@ -573,7 +578,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, /* (D, M) := (A/B, A%B) ... */ if (!BN_div(D,M,pA,B,ctx)) goto err; - /* Now + /*- + * Now * A = D*B + M; * thus we have * (**) sign*Y*a == D*B + M (mod |n|). @@ -586,7 +592,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, B=M; /* ... so we have 0 <= B < A again */ - /* Since the former M is now B and the former B is now A, + /*- + * Since the former M is now B and the former B is now A, * (**) translates into * sign*Y*a == D*A + B (mod |n|), * i.e. @@ -614,7 +621,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, sign = -sign; } - /* + /*- * The while loop (Euclid's algorithm) ends when * A == gcd(a,n); * we have diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 27ac4397a1..88c1711af4 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -119,7 +119,7 @@ extern "C" { #endif -/* +/*- * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * * diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index c288844aa5..de139ee279 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -71,7 +71,8 @@ const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT; /* This stuff appears to be completely unused, so is deprecated */ #ifndef OPENSSL_NO_DEPRECATED -/* For a 32 bit machine +/*- + * For a 32 bit machine * 2 - 4 == 128 * 3 - 8 == 256 * 4 - 16 == 512 diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 12e5be80eb..f53985d750 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -379,7 +379,8 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, /* Karatsuba recursive multiplication algorithm * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ -/* r is 2*n2 words in size, +/*- + * r is 2*n2 words in size, * a and b are both n2 words in size. * n2 must be a power of 2. * We multiply and return the result. @@ -500,7 +501,8 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p); } - /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) */ @@ -517,7 +519,8 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); } - /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) * c1 holds the carry bits @@ -676,7 +679,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, } } - /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) */ @@ -693,7 +697,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); } - /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) * c1 holds the carry bits @@ -720,7 +725,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, } } -/* a and b must be the same size, which is n2. +/*- + * a and b must be the same size, which is n2. * r needs to be n2 words and t needs to be n2*2 */ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, @@ -749,7 +755,8 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, } } -/* a and b must be the same size, which is n2. +/*- + * a and b must be the same size, which is n2. * r needs to be n2 words and t needs to be n2*2 * l is the low words of the output. * t needs to be n2*3 @@ -820,7 +827,8 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2])); } - /* s0 == low(al*bl) + /*- + * s0 == low(al*bl) * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) * We know s0 and s1 so the only unknown is high(al*bl) * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) @@ -857,16 +865,19 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, lp[i]=((~mp[i])+1)&BN_MASK2; } - /* s[0] = low(al*bl) + /*- + * s[0] = low(al*bl) * t[3] = high(al*bl) * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign * r[10] = (a[1]*b[1]) */ - /* R[10] = al*bl + /*- + * R[10] = al*bl * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0]) * R[32] = ah*bh */ - /* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow) + /*- + * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow) * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow) * R[3]=r[1]+(carry/borrow) */ diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index 2e8efb8dae..b5f57e51f2 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -171,7 +171,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, i,ctx); /* BN_reciprocal returns i, or -1 for an error */ if (recp->shift == -1) goto err; - /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| + /*- + * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))| * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)| * = |m/N| diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index 65bbf165d0..b1b6f9b0a2 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -194,7 +194,8 @@ void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) } #ifdef BN_RECURSION -/* r is 2*n words in size, +/*- + * r is 2*n words in size, * a and b are both n words in size. (There's not actually a 'b' here ...) * n must be a power of 2. * We multiply and return the result. @@ -256,7 +257,8 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) bn_sqr_recursive(r,a,n,p); bn_sqr_recursive(&(r[n2]),&(a[n]),n,p); - /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero + /*- + * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) */ @@ -266,7 +268,8 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) /* t[32] is negative */ c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); - /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) + /*- + * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) * r[10] holds (a[0]*a[0]) * r[32] holds (a[1]*a[1]) * c1 holds the carry bits diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 6beaf9e5e5..04cf4a0bf8 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -135,7 +135,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (e == 1) { - /* The easy case: (|p|-1)/2 is odd, so 2 has an inverse + /*- + * The easy case: (|p|-1)/2 is odd, so 2 has an inverse * modulo (|p|-1)/2, and square roots can be computed * directly by modular exponentiation. * We have @@ -152,7 +153,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (e == 2) { - /* |p| == 5 (mod 8) + /*- + * |p| == 5 (mod 8) * * In this case 2 is always a non-square since * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. @@ -262,7 +264,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto end; } - /* Now we know that (if p is indeed prime) there is an integer + /*- + * Now we know that (if p is indeed prime) there is an integer * k, 0 <= k < 2^e, such that * * a^q * y^k == 1 (mod p). @@ -318,7 +321,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) while (1) { - /* Now b is a^q * y^k for some even k (0 <= k < 2^E + /*- + * Now b is a^q * y^k for some even k (0 <= k < 2^E * where E refers to the original value of e, which we * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). * diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index a168339b7d..ff99da9442 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -609,7 +609,8 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) } e++; } - /* So at this point we have + /*- + * So at this point we have * np which is the start of the name string which is * '\0' terminated. * cp which is the start of the section string which is diff --git a/crypto/constant_time_locl.h b/crypto/constant_time_locl.h index 8af98c1683..6410ca789b 100644 --- a/crypto/constant_time_locl.h +++ b/crypto/constant_time_locl.h @@ -1,5 +1,5 @@ /* crypto/constant_time_locl.h */ -/* +/*- * Utilities for constant-time cryptography. * * Author: Emilia Kasper (emilia@openssl.org) @@ -53,7 +53,7 @@ extern "C" { #endif -/* +/*- * The boolean methods return a bitmask of all ones (0xff...f) for true * and 0 for false. This is useful for choosing a value based on the result * of a conditional in constant time. For example, @@ -112,7 +112,7 @@ static inline unsigned int constant_time_eq_int(int a, int b); static inline unsigned char constant_time_eq_int_8(int a, int b); -/* +/*- * Returns (mask & a) | (~mask & b). * * When |mask| is all 1s or all 0s (as returned by the methods above), diff --git a/crypto/constant_time_test.c b/crypto/constant_time_test.c index d9c6a44aed..82c2d96846 100644 --- a/crypto/constant_time_test.c +++ b/crypto/constant_time_test.c @@ -1,5 +1,5 @@ /* crypto/constant_time_test.c */ -/* +/*- * Utilities for constant-time cryptography. * * Author: Emilia Kasper (emilia@openssl.org) diff --git a/crypto/crypto.h b/crypto/crypto.h index 6161697cdc..0450b21816 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -503,7 +503,8 @@ int CRYPTO_remove_all_info(void); void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p); void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p); void CRYPTO_dbg_free(void *addr,int before_p); -/* Tell the debugging code about options. By default, the following values +/*- + * Tell the debugging code about options. By default, the following values * apply: * * 0: Clear all options. diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h index 4b9ecff233..5999155b31 100644 --- a/crypto/des/des_locl.h +++ b/crypto/des/des_locl.h @@ -360,7 +360,8 @@ #endif #endif - /* IP and FP + /*- + * IP and FP * The problem is more of a geometric problem that random bit fiddling. 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index 2b2c372354..5ac4c1bf65 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -1,6 +1,7 @@ /* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */ -/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING +/*- + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * * The function names in here are deprecated and are only present to * provide an interface compatible with openssl 0.9.6 and older as diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 64b92a34fe..b5bcf8f74b 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -380,7 +380,7 @@ int main(int argc, char *argv[]) DES_ENCRYPT); DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3, &iv3,&iv2,DES_ENCRYPT); - /* if (memcmp(cbc_out,cbc3_ok, + /*- if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c index e7da2ec66b..a463a78a50 100644 --- a/crypto/des/enc_read.c +++ b/crypto/des/enc_read.c @@ -66,7 +66,7 @@ OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE; -/* +/*- * WARNINGS: * * - The data format used by DES_enc_write() and DES_enc_read() diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c index c2f032c9a6..514f915f19 100644 --- a/crypto/des/enc_writ.c +++ b/crypto/des/enc_writ.c @@ -63,7 +63,7 @@ #include "des_locl.h" #include -/* +/*- * WARNINGS: * * - The data format used by DES_enc_write() and DES_enc_read() diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c index fda23d522f..fdd8655c12 100644 --- a/crypto/des/ncbc_enc.c +++ b/crypto/des/ncbc_enc.c @@ -1,5 +1,5 @@ /* crypto/des/ncbc_enc.c */ -/* +/*- * #included by: * cbc_enc.c (DES_cbc_encrypt) * des_enc.c (DES_ncbc_encrypt) diff --git a/crypto/des/rpc_des.h b/crypto/des/rpc_des.h index 41328d7965..94a1d11aff 100644 --- a/crypto/des/rpc_des.h +++ b/crypto/des/rpc_des.h @@ -57,7 +57,7 @@ */ /* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */ -/* +/*- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for * unrestricted use provided that this legend is included on all tape * media and as a part of the software program in whole or part. Users diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index c0806d593c..c94dd975fa 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -109,7 +109,8 @@ int DES_check_key_parity(const_DES_cblock *key) return(1); } -/* Weak and semi week keys as take from +/*- + * Weak and semi week keys as take from * %A D.W. Davies * %A W.L. Price * %T Security for Computer Networks @@ -406,7 +407,7 @@ int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule) { return(DES_set_key(key,schedule)); } -/* +/*- #undef des_fixup_key_parity void des_fixup_key_parity(des_cblock *key) { diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 316cb9221d..22f66c736e 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -61,7 +61,8 @@ #include #include -/* Check that p is a safe prime and +/*- + * Check that p is a safe prime and * if g is 2, 3 or 5, check that it is a suitable generator * where * for 2, p mod 24 == 11 diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 999e1deb40..7da6de3ee4 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -77,7 +77,8 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c return dh_builtin_genparams(ret, prime_len, generator, cb); } -/* We generate DH parameters as follows +/*- + * We generate DH parameters as follows * find a prime q which is prime_len/2 bits long. * p=(2*q)+1 or (p-1)/2 = q * For this case, g is a generator if diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 1727760806..558fa7e40a 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -89,7 +89,8 @@ NULL, NULL }; -/* These macro wrappers replace attempts to use the dsa_mod_exp() and +/*- + * These macro wrappers replace attempts to use the dsa_mod_exp() and * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of * having a the macro work as an expression by bundling an "err_instr". So; * diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 2c434ee8a6..ece99495f4 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -148,7 +148,8 @@ static int vms_load(DSO *dso) goto err; } - /* A file specification may look like this: + /*- + * A file specification may look like this: * * node::dev:[dir-spec]name.type;ver * diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 367307f9fd..1ab5f1448e 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -108,7 +108,7 @@ typedef enum { typedef struct ec_method_st EC_METHOD; typedef struct ec_group_st - /* + /*- EC_METHOD *meth; -- field definition -- curve coefficients diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index 6b570a3f91..b54dc50c30 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -138,7 +138,8 @@ static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM return ret; } -/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) +/*- + * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) * using Montgomery point multiplication algorithm Mxy() in appendix of * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation". @@ -206,7 +207,8 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG return ret; } -/* Computes scalar*point and stores the result in r. +/*- + * Computes scalar*point and stores the result in r. * point can not equal r. * Uses a modified algorithm 2P of * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over @@ -311,7 +313,8 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, } -/* Computes the sum +/*- + * Computes the sum * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] * gracefully ignoring NULL scalar values. */ diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index c06b3b667f..f1fc010561 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -835,7 +835,8 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_ lh = BN_CTX_get(ctx); if (lh == NULL) goto err; - /* We have a curve defined by a Weierstrass equation + /*- + * We have a curve defined by a Weierstrass equation * y^2 + x*y = x^3 + a*x^2 + b. * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 * <=> ((x + a) * x + y ) * x + b + y^2 = 0 @@ -855,7 +856,8 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_ } -/* Indicates whether two points are equal. +/*- + * Indicates whether two points are equal. * Return values: * -1 error * 0 equal (in affine coordinates) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index fdd7aa2755..80c0d6310e 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -112,7 +112,8 @@ struct ec_method_st { void (*point_clear_finish)(EC_POINT *); int (*point_copy)(EC_POINT *, const EC_POINT *); - /* used by EC_POINT_set_to_infinity, + /*- + * used by EC_POINT_set_to_infinity, * EC_POINT_set_Jprojective_coordinates_GFp, * EC_POINT_get_Jprojective_coordinates_GFp, * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index ee42269726..12a3102712 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -618,7 +618,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (!(tmp = EC_POINT_new(group))) goto err; - /* prepare precomputed values: + /*- + * prepare precomputed values: * val_sub[i][0] := points[i] * val_sub[i][1] := 3 * points[i] * val_sub[i][2] := 5 * points[i] @@ -743,7 +744,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } -/* ec_wNAF_precompute_mult() +/*- + * ec_wNAF_precompute_mult() * creates an EC_PRE_COMP object with preprecomputed multiples of the generator * for use with wNAF splitting as implemented in ec_wNAF_mul(). * diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 1dc35d72a0..e24c7a49d2 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -312,9 +312,11 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) if (!BN_copy(b, &group->b)) goto err; } - /* check the discriminant: + /*- + * check the discriminant: * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) - * 0 =< a, b < p */ + * 0 =< a, b < p + */ if (BN_is_zero(a)) { if (BN_is_zero(b)) goto err; @@ -1326,7 +1328,8 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C Z6 = BN_CTX_get(ctx); if (Z6 == NULL) goto err; - /* We have a curve defined by a Weierstrass equation + /*- + * We have a curve defined by a Weierstrass equation * y^2 = x^3 + a*x + b. * The point to consider is given in Jacobian projective coordinates * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). @@ -1432,7 +1435,8 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT * Zb23 = BN_CTX_get(ctx); if (Zb23 == NULL) goto end; - /* We have to decide whether + /*- + * We have to decide whether * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), * or equivalently, whether * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index 188b9d57b4..2a350eb9c0 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -62,7 +62,8 @@ #include #endif -/* returns +/*- + * returns * 1: correct signature * 0: incorrect signature * -1: error @@ -76,7 +77,8 @@ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); } -/* returns +/*- + * returns * 1: correct signature * 0: incorrect signature * -1: error diff --git a/crypto/engine/eng_padlock.c b/crypto/engine/eng_padlock.c index 743558ab33..27992b7d54 100644 --- a/crypto/engine/eng_padlock.c +++ b/crypto/engine/eng_padlock.c @@ -1,4 +1,4 @@ -/* +/*- * Support for VIA PadLock Advanced Cryptography Engine (ACE) * Written by Michal Ludvig * http://www.logix.cz/michal diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index b4e0444fb8..cdb12a06ea 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -283,7 +283,8 @@ typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); -/* These callback types are for an ENGINE's handler for cipher and digest logic. +/*- + * These callback types are for an ENGINE's handler for cipher and digest logic. * These handlers have these prototypes; * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); @@ -350,13 +351,14 @@ void ENGINE_load_builtin_engines(void); unsigned int ENGINE_get_table_flags(void); void ENGINE_set_table_flags(unsigned int flags); -/* Manage registration of ENGINEs per "table". For each type, there are 3 +/*- Manage registration of ENGINEs per "table". For each type, there are 3 * functions; * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) * ENGINE_unregister_***(e) - unregister the implementation from 'e' * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list * Cleanup is automatically registered from each table when required, so - * ENGINE_cleanup() will reverse any "register" operations. */ + * ENGINE_cleanup() will reverse any "register" operations. + */ int ENGINE_register_RSA(ENGINE *e); void ENGINE_unregister_RSA(ENGINE *e); diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index f6ac94c6e1..fb3c64521a 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -385,7 +385,7 @@ static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) return(ret); } -/* +/*- void BIO_set_cipher_ctx(b,c) BIO *b; EVP_CIPHER_ctx *c; diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index ed5c1135fd..199e5e6a83 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -253,7 +253,7 @@ static int md_gets(BIO *bp, char *buf, int size) return((int)ret); } -/* +/*- static int md_puts(bp,str) BIO *bp; char *str; diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 98bc1ab409..e9befe9832 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -/* +/*- From: Arne Ansper Why BIO_f_reliable? diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 69f7ccad69..7c40c45fe1 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -74,7 +74,8 @@ #define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) #endif -/* 64 char lines +/*- + * 64 char lines * pad input with 0 * left over chars are set to = * 1 byte => xx== @@ -88,7 +89,8 @@ static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\ abcdefghijklmnopqrstuvwxyz0123456789+/"; -/* 0xF0 is a EOLN +/*- + * 0xF0 is a EOLN * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing). * 0xF2 is EOF * 0xE0 is ignore at start of line. @@ -228,7 +230,8 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) ctx->expect_nl=0; } -/* -1 for error +/*- + * -1 for error * 0 for last line * 1 for full line */ diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 79c097181f..9a0e790403 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -79,7 +79,7 @@ #include #endif -/* +/*- #define EVP_RC2_KEY_SIZE 16 #define EVP_RC4_KEY_SIZE 16 #define EVP_BLOWFISH_KEY_SIZE 16 diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index ef6c432538..f2ff3142b5 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -157,7 +157,7 @@ BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ init_key, cleanup, set_asn1, get_asn1, ctrl) -/* +/*- #define BLOCK_CIPHER_defs(cname, kstruct, \ nid, block_size, key_len, iv_len, flags,\ init_key, cleanup, set_asn1, get_asn1, ctrl)\ diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c index 8cc8fcb0bd..93613c9254 100644 --- a/crypto/evp/p_seal.c +++ b/crypto/evp/p_seal.c @@ -94,7 +94,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek return(npubk); } -/* MACRO +/*- MACRO void EVP_SealUpdate(ctx,out,outl,in,inl) EVP_CIPHER_CTX *ctx; unsigned char *out; diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c index d509f8116e..9764c0cfbe 100644 --- a/crypto/idea/ideatest.c +++ b/crypto/idea/ideatest.c @@ -100,7 +100,7 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={ 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A, 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45 -/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ }; diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index 9736f89854..605d506585 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -349,7 +349,7 @@ int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx) BIGNUM *t1 = BN_new(); BIGNUM *t2 = BN_new(); - /* + /*- * X = g^{(xa + xc + xd) * xb * s} * t1 = g^xa */ @@ -361,7 +361,7 @@ int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx) /* t2 = xb * s */ BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx); - /* + /*- * ZKP(xb * s) * XXX: this is kinda funky, because we're using * @@ -386,7 +386,7 @@ static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx) BIGNUM *t2 = BN_new(); BIGNUM *t3 = BN_new(); - /* + /*- * K = (gx/g^{xb * xd * s})^{xb} * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb} * = (g^{(xa + xc) * xd * s})^{xb} @@ -419,7 +419,7 @@ int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received) BIGNUM *t2 = BN_new(); int ret = 0; - /* + /*- * g' = g^{xc + xa + xb} [from our POV] * t1 = xa + xb */ diff --git a/crypto/jpake/jpaketest.c b/crypto/jpake/jpaketest.c index 792fc49eb4..62cb63e59f 100644 --- a/crypto/jpake/jpaketest.c +++ b/crypto/jpake/jpaketest.c @@ -128,12 +128,12 @@ int main(int argc, char **argv) ERR_load_crypto_strings(); - /* + /*- BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"); BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a"); BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5"); */ - /* + /*- p = BN_new(); BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL); */ diff --git a/crypto/krb5/krb5_asn.h b/crypto/krb5/krb5_asn.h index 41725d0dc4..7d7868d7ef 100644 --- a/crypto/krb5/krb5_asn.h +++ b/crypto/krb5/krb5_asn.h @@ -71,14 +71,14 @@ extern "C" { /* ASN.1 from Kerberos RFC 1510 -*/ + */ -/* EncryptedData ::= SEQUENCE { -** etype[0] INTEGER, -- EncryptionType -** kvno[1] INTEGER OPTIONAL, -** cipher[2] OCTET STRING -- ciphertext -** } -*/ +/*- EncryptedData ::= SEQUENCE { + * etype[0] INTEGER, -- EncryptionType + * kvno[1] INTEGER OPTIONAL, + * cipher[2] OCTET STRING -- ciphertext + * } + */ typedef struct krb5_encdata_st { ASN1_INTEGER *etype; @@ -88,11 +88,11 @@ typedef struct krb5_encdata_st DECLARE_STACK_OF(KRB5_ENCDATA) -/* PrincipalName ::= SEQUENCE { -** name-type[0] INTEGER, -** name-string[1] SEQUENCE OF GeneralString -** } -*/ +/*- PrincipalName ::= SEQUENCE { + * name-type[0] INTEGER, + * name-string[1] SEQUENCE OF GeneralString + * } + */ typedef struct krb5_princname_st { ASN1_INTEGER *nametype; @@ -102,13 +102,13 @@ typedef struct krb5_princname_st DECLARE_STACK_OF(KRB5_PRINCNAME) -/* Ticket ::= [APPLICATION 1] SEQUENCE { -** tkt-vno[0] INTEGER, -** realm[1] Realm, -** sname[2] PrincipalName, -** enc-part[3] EncryptedData -** } -*/ +/*- Ticket ::= [APPLICATION 1] SEQUENCE { + * tkt-vno[0] INTEGER, + * realm[1] Realm, + * sname[2] PrincipalName, + * enc-part[3] EncryptedData + * } + */ typedef struct krb5_tktbody_st { ASN1_INTEGER *tktvno; @@ -121,17 +121,17 @@ typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET; DECLARE_STACK_OF(KRB5_TKTBODY) -/* AP-REQ ::= [APPLICATION 14] SEQUENCE { -** pvno[0] INTEGER, -** msg-type[1] INTEGER, -** ap-options[2] APOptions, -** ticket[3] Ticket, -** authenticator[4] EncryptedData -** } -** -** APOptions ::= BIT STRING { -** reserved(0), use-session-key(1), mutual-required(2) } -*/ +/*- AP-REQ ::= [APPLICATION 14] SEQUENCE { + * pvno[0] INTEGER, + * msg-type[1] INTEGER, + * ap-options[2] APOptions, + * ticket[3] Ticket, + * authenticator[4] EncryptedData + * } + * + * APOptions ::= BIT STRING { + * reserved(0), use-session-key(1), mutual-required(2) } + */ typedef struct krb5_ap_req_st { ASN1_INTEGER *pvno; @@ -148,11 +148,11 @@ DECLARE_STACK_OF(KRB5_APREQBODY) /* Authenticator Stuff */ -/* Checksum ::= SEQUENCE { -** cksumtype[0] INTEGER, -** checksum[1] OCTET STRING -** } -*/ +/*- Checksum ::= SEQUENCE { + * cksumtype[0] INTEGER, + * checksum[1] OCTET STRING + * } + */ typedef struct krb5_checksum_st { ASN1_INTEGER *ctype; @@ -162,11 +162,11 @@ typedef struct krb5_checksum_st DECLARE_STACK_OF(KRB5_CHECKSUM) -/* EncryptionKey ::= SEQUENCE { -** keytype[0] INTEGER, -** keyvalue[1] OCTET STRING -** } -*/ +/*- EncryptionKey ::= SEQUENCE { + * keytype[0] INTEGER, + * keyvalue[1] OCTET STRING + * } + */ typedef struct krb5_encryptionkey_st { ASN1_INTEGER *ktype; @@ -176,11 +176,11 @@ typedef struct krb5_encryptionkey_st DECLARE_STACK_OF(KRB5_ENCKEY) -/* AuthorizationData ::= SEQUENCE OF SEQUENCE { -** ad-type[0] INTEGER, -** ad-data[1] OCTET STRING -** } -*/ +/*- AuthorizationData ::= SEQUENCE OF SEQUENCE { + * ad-type[0] INTEGER, + * ad-data[1] OCTET STRING + * } + */ typedef struct krb5_authorization_st { ASN1_INTEGER *adtype; @@ -190,19 +190,19 @@ typedef struct krb5_authorization_st DECLARE_STACK_OF(KRB5_AUTHDATA) -/* -- Unencrypted authenticator -** Authenticator ::= [APPLICATION 2] SEQUENCE { -** authenticator-vno[0] INTEGER, -** crealm[1] Realm, -** cname[2] PrincipalName, -** cksum[3] Checksum OPTIONAL, -** cusec[4] INTEGER, -** ctime[5] KerberosTime, -** subkey[6] EncryptionKey OPTIONAL, -** seq-number[7] INTEGER OPTIONAL, -** authorization-data[8] AuthorizationData OPTIONAL -** } -*/ +/*- -- Unencrypted authenticator + * Authenticator ::= [APPLICATION 2] SEQUENCE { + * authenticator-vno[0] INTEGER, + * crealm[1] Realm, + * cname[2] PrincipalName, + * cksum[3] Checksum OPTIONAL, + * cusec[4] INTEGER, + * ctime[5] KerberosTime, + * subkey[6] EncryptionKey OPTIONAL, + * seq-number[7] INTEGER OPTIONAL, + * authorization-data[8] AuthorizationData OPTIONAL + * } + */ typedef struct krb5_authenticator_st { ASN1_INTEGER *avno; @@ -220,15 +220,15 @@ typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT; DECLARE_STACK_OF(KRB5_AUTHENTBODY) -/* DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = -** type *name##_new(void); -** void name##_free(type *a); -** DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = -** DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = -** type *d2i_##name(type **a, const unsigned char **in, long len); -** int i2d_##name(type *a, unsigned char **out); -** DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it -*/ +/*- DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = + * type *name##_new(void); + * void name##_free(type *a); + * DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = + * DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = + * type *d2i_##name(type **a, const unsigned char **in, long len); + * int i2d_##name(type *a, unsigned char **out); + * DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it + */ DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA) DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME) diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 0b41f87621..06e4562e17 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -56,7 +56,8 @@ * [including the GNU Public Licence.] */ -/* Code for dynamic hash table routines +/*- + * Code for dynamic hash table routines * Author - Eric Young v 2.0 * * 2.2 eay - added #include "crypto.h" so the memory leak checking code is diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 486d6ca6f4..e4c1700965 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -49,7 +49,7 @@ * */ -/* +/*- * This is a generic 32 bit "collector" for message digest algorithms. * Whenever needed it collects input character stream into chunks of * 32 bit values and invokes a block function that performs actual hash diff --git a/crypto/md4/md4.h b/crypto/md4/md4.h index ba1fe4a6ee..f661a8baf9 100644 --- a/crypto/md4/md4.h +++ b/crypto/md4/md4.h @@ -70,7 +70,7 @@ extern "C" { #error MD4 is disabled. #endif -/* +/*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then ! * ! MD4_LONG_LOG2 has to be defined along. ! diff --git a/crypto/o_time.c b/crypto/o_time.c index e29091d650..6817a1eefa 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -139,7 +139,8 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) /* Since there was no gmtime_r() to do this stuff for us, we have to do it the hard way. */ { - /* The VMS epoch is the astronomical Smithsonian date, + /*- + * The VMS epoch is the astronomical Smithsonian date, if I remember correctly, which is November 17, 1858. Furthermore, time is measure in thenths of microseconds and stored in quadwords (64 bit integers). unix_epoch diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index 7242f76fb0..6659acef18 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -639,7 +639,8 @@ #define NID_ripemd160WithRSA 119 #define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L -/* Taken from rfc2040 +/*- + * Taken from rfc2040 * RC5_CBC_Parameters ::= SEQUENCE { * version INTEGER (v1_0(16)), * rounds INTEGER (8..127), diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index a0577a717e..0b6976eddf 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -89,7 +89,7 @@ extern "C" { #define OCSP_RESPID_KEY 0x400 #define OCSP_NOTIME 0x800 -/* CertID ::= SEQUENCE { +/*- CertID ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * issuerNameHash OCTET STRING, -- Hash of Issuer's DN * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) @@ -105,7 +105,7 @@ typedef struct ocsp_cert_id_st DECLARE_STACK_OF(OCSP_CERTID) -/* Request ::= SEQUENCE { +/*- Request ::= SEQUENCE { * reqCert CertID, * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } */ @@ -119,7 +119,7 @@ DECLARE_STACK_OF(OCSP_ONEREQ) DECLARE_ASN1_SET_OF(OCSP_ONEREQ) -/* TBSRequest ::= SEQUENCE { +/*- TBSRequest ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, * requestorName [1] EXPLICIT GeneralName OPTIONAL, * requestList SEQUENCE OF Request, @@ -133,7 +133,7 @@ typedef struct ocsp_req_info_st STACK_OF(X509_EXTENSION) *requestExtensions; } OCSP_REQINFO; -/* Signature ::= SEQUENCE { +/*- Signature ::= SEQUENCE { * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING, * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } @@ -145,7 +145,7 @@ typedef struct ocsp_signature_st STACK_OF(X509) *certs; } OCSP_SIGNATURE; -/* OCSPRequest ::= SEQUENCE { +/*- OCSPRequest ::= SEQUENCE { * tbsRequest TBSRequest, * optionalSignature [0] EXPLICIT Signature OPTIONAL } */ @@ -155,7 +155,7 @@ typedef struct ocsp_request_st OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ } OCSP_REQUEST; -/* OCSPResponseStatus ::= ENUMERATED { +/*- OCSPResponseStatus ::= ENUMERATED { * successful (0), --Response has valid confirmations * malformedRequest (1), --Illegal confirmation request * internalError (2), --Internal error in issuer @@ -172,7 +172,7 @@ typedef struct ocsp_request_st #define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 #define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 -/* ResponseBytes ::= SEQUENCE { +/*- ResponseBytes ::= SEQUENCE { * responseType OBJECT IDENTIFIER, * response OCTET STRING } */ @@ -182,7 +182,7 @@ typedef struct ocsp_resp_bytes_st ASN1_OCTET_STRING *response; } OCSP_RESPBYTES; -/* OCSPResponse ::= SEQUENCE { +/*- OCSPResponse ::= SEQUENCE { * responseStatus OCSPResponseStatus, * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } */ @@ -192,7 +192,7 @@ struct ocsp_response_st OCSP_RESPBYTES *responseBytes; }; -/* ResponderID ::= CHOICE { +/*- ResponderID ::= CHOICE { * byName [1] Name, * byKey [2] KeyHash } */ @@ -210,11 +210,11 @@ struct ocsp_responder_id_st DECLARE_STACK_OF(OCSP_RESPID) DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) -/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key +/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key * --(excluding the tag and length fields) */ -/* RevokedInfo ::= SEQUENCE { +/*- RevokedInfo ::= SEQUENCE { * revocationTime GeneralizedTime, * revocationReason [0] EXPLICIT CRLReason OPTIONAL } */ @@ -224,7 +224,7 @@ typedef struct ocsp_revoked_info_st ASN1_ENUMERATED *revocationReason; } OCSP_REVOKEDINFO; -/* CertStatus ::= CHOICE { +/*- CertStatus ::= CHOICE { * good [0] IMPLICIT NULL, * revoked [1] IMPLICIT RevokedInfo, * unknown [2] IMPLICIT UnknownInfo } @@ -242,7 +242,7 @@ typedef struct ocsp_cert_status_st } value; } OCSP_CERTSTATUS; -/* SingleResponse ::= SEQUENCE { +/*- SingleResponse ::= SEQUENCE { * certID CertID, * certStatus CertStatus, * thisUpdate GeneralizedTime, @@ -261,7 +261,7 @@ typedef struct ocsp_single_response_st DECLARE_STACK_OF(OCSP_SINGLERESP) DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) -/* ResponseData ::= SEQUENCE { +/*- ResponseData ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, * responderID ResponderID, * producedAt GeneralizedTime, @@ -277,7 +277,7 @@ typedef struct ocsp_response_data_st STACK_OF(X509_EXTENSION) *responseExtensions; } OCSP_RESPDATA; -/* BasicOCSPResponse ::= SEQUENCE { +/*- BasicOCSPResponse ::= SEQUENCE { * tbsResponseData ResponseData, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING, @@ -307,7 +307,7 @@ typedef struct ocsp_basic_response_st STACK_OF(X509) *certs; } OCSP_BASICRESP; -/* +/*- * CRLReason ::= ENUMERATED { * unspecified (0), * keyCompromise (1), @@ -328,7 +328,8 @@ typedef struct ocsp_basic_response_st #define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 #define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 -/* CrlID ::= SEQUENCE { +/*- + * CrlID ::= SEQUENCE { * crlUrl [0] EXPLICIT IA5String OPTIONAL, * crlNum [1] EXPLICIT INTEGER OPTIONAL, * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } @@ -340,7 +341,8 @@ typedef struct ocsp_crl_id_st ASN1_GENERALIZEDTIME *crlTime; } OCSP_CRLID; -/* ServiceLocator ::= SEQUENCE { +/*- + * ServiceLocator ::= SEQUENCE { * issuer Name, * locator AuthorityInfoAccessSyntax OPTIONAL } */ diff --git a/crypto/opensslv.h b/crypto/opensslv.h index b9e7795b2d..9366d2e06c 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -1,7 +1,8 @@ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H -/* Numeric release version identifier: +/*- + * Numeric release version identifier: * MNNFFPPS: major minor fix patch status * The status nibble has one of the values 0 for development, 1 to e for betas * 1 to 14, and f for release. The patch level is exactly that. @@ -34,7 +35,8 @@ #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT -/* The macros below are to be used for shared library (.so, .dll, ...) +/*- + * The macros below are to be used for shared library (.so, .dll, ...) * versioning. That kind of versioning works a bit differently between * operating systems. The most usual scheme is to set a major and a minor * number, and have the runtime loader check that the major number is equal diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index cc092d262d..7cffb81a4a 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -76,7 +76,7 @@ extern "C" { #undef PKCS7_SIGNER_INFO #endif -/* +/*- Encryption_ID DES-CBC Digest_ID MD5 Digest_Encryption_ID rsaEncryption diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 50bce6caba..b71f5eb6fd 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -58,7 +58,7 @@ #include #include -/* +/*- * Query the EGD . * * This module supplies three routines: diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c index 0e117436bb..945b179fc4 100644 --- a/crypto/rc2/rc2test.c +++ b/crypto/rc2/rc2test.c @@ -129,7 +129,7 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={ 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A, 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45 -/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ }; diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c index 0660ea60a2..4a15ffa619 100644 --- a/crypto/rc4/rc4_enc.c +++ b/crypto/rc4/rc4_enc.c @@ -79,7 +79,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, d=key->data; #if defined(RC4_CHUNK) - /* + /*- * The original reason for implementing this(*) was the fact that * pre-21164a Alpha CPUs don't have byte load/store instructions * and e.g. a byte store has to be done with 64-bit load, shift, @@ -126,7 +126,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, RC4_CHUNK ichunk,otp; const union { long one; char little; } is_endian = {1}; - /* + /*- * I reckon we can afford to implement both endian * cases and to decide which way to take at run-time * because the machine code appears to be very compact diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 2bda491a09..e336c37d57 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -82,7 +82,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, unsigned char H_[EVP_MAX_MD_SIZE]; hLen = M_EVP_MD_size(Hash); - /* + /*- * Negative sLen has special meanings: * -1 sLen == hLen * -2 salt length is autorecovered from signature @@ -177,7 +177,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, EVP_MD_CTX ctx; hLen = M_EVP_MD_size(Hash); - /* + /*- * Negative sLen has special meanings: * -1 sLen == hLen * -2 salt length is maximized diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index 47a2c29f66..6965f3e2a3 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -74,7 +74,7 @@ extern "C" { #define FIPS_SHA_SIZE_T size_t #endif -/* +/*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! * ! SHA_LONG_LOG2 has to be defined along. ! diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index 9e91bcad04..85f4c29c24 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -10,7 +10,7 @@ #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) -/* +/*- * IMPLEMENTATION NOTES. * * As you might have noticed 32-bit hash algorithms: diff --git a/crypto/ui/ui.h b/crypto/ui/ui.h index 018296412b..2280930e22 100644 --- a/crypto/ui/ui.h +++ b/crypto/ui/ui.h @@ -84,7 +84,8 @@ UI *UI_new(void); UI *UI_new_method(const UI_METHOD *method); void UI_free(UI *ui); -/* The following functions are used to add strings to be printed and prompt +/*- + The following functions are used to add strings to be printed and prompt strings to prompt for data. The names are UI_{add,dup}__string and UI_{add,dup}_input_boolean. @@ -243,7 +244,8 @@ UI_METHOD *UI_OpenSSL(void); /* ---------- For method writers ---------- */ -/* A method contains a number of functions that implement the low level +/*- + A method contains a number of functions that implement the low level of the User Interface. The functions are: an opener This function starts a session, maybe by opening diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index e77ee69106..072de2066b 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -522,7 +522,7 @@ typedef struct Netscape_certificate_sequence STACK_OF(X509) *certs; } NETSCAPE_CERT_SEQUENCE; -/* Unused (and iv length is wrong) +/*- Unused (and iv length is wrong) typedef struct CBCParameter_st { unsigned char iv[8]; diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index b486171868..5100c92779 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -479,7 +479,8 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x } -/* Try to get issuer certificate from store. Due to limitations +/*- + * Try to get issuer certificate from store. Due to limitations * of the API this can only retrieve a single certificate matching * a given subject name. However it will fill the cache with all * matching certificates, so we can examine the cache for all diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 86ae35f69d..d3c3fd2144 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -95,7 +95,7 @@ typedef struct x509_file_st } X509_CERT_FILE_CTX; /*******************************/ -/* +/*- SSL_CTX -> X509_STORE -> X509_LOOKUP ->X509_LOOKUP_METHOD diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 01c5541e2e..f9877e480c 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -99,7 +99,8 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) OPENSSL_free(param); } -/* This function determines how parameters are "inherited" from one structure +/*- + * This function determines how parameters are "inherited" from one structure * to another. There are several different ways this can happen. * * 1. If a child structure needs to have its values initialized from a parent diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index 068abfe5f0..d8fc35a134 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -157,14 +157,16 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) set_prev=ret->set-1; set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set; - /* set_prev is the previous set + /*- + * set_prev is the previous set * set is the current set * set_next is the following * prev 1 1 1 1 1 1 1 1 * set 1 1 2 2 * next 1 1 2 2 2 2 3 2 * so basically only if prev and next differ by 2, then - * re-number down by 1 */ + * re-number down by 1 + */ if (set_prev+1 < set_next) for (i=loc; iset--; diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 92ad0a2b39..85966fe451 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -583,7 +583,8 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) } -/* Application policy checking function. +/*- + * Application policy checking function. * Return codes: * 0 Internal Error. * 1 Successful. diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index e18751e01c..b916d7339d 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -436,7 +436,8 @@ static void x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_SET; } -/* CA checks common to all purposes +/*- + * CA checks common to all purposes * return codes: * 0 not a CA * 1 is a CA @@ -599,7 +600,8 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) return 1; } -/* Various checks to see if one certificate issued the second. +/*- + * Various checks to see if one certificate issued the second. * This can be used to prune a set of possible issuer certificates * which have been looked up using some simple method such as by * subject name. diff --git a/demos/asn1/ocsp.c b/demos/asn1/ocsp.c index e89f1f72a6..e2535f3cf6 100644 --- a/demos/asn1/ocsp.c +++ b/demos/asn1/ocsp.c @@ -62,7 +62,8 @@ -/* Example of new ASN1 code, OCSP request +/*- + Example of new ASN1 code, OCSP request OCSPRequest ::= SEQUENCE { tbsRequest TBSRequest, diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index 9cd8314c3e..952e537712 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -3,7 +3,7 @@ * easy-tls.c -- generic TLS proxy. * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $ */ -/* +/*- (c) Copyright 1999 Bodo Moeller. All rights reserved. This is free software; you can redistributed and/or modify it @@ -14,7 +14,7 @@ or - the following license: */ -/* +/*- * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that each of the following * conditions is met: @@ -185,7 +185,8 @@ tls_start_proxy_defaultargs(void) return ret; } -/* Slice in TLS proxy process at fd. +/*- + * Slice in TLS proxy process at fd. * Return value: * 0 ok (*pid is set to child's PID if pid != NULL), * < 0 look at errno diff --git a/e_os.h b/e_os.h index d8ac803c50..712e0bc17f 100644 --- a/e_os.h +++ b/e_os.h @@ -388,7 +388,8 @@ static __inline unsigned int _strlen31(const char *str) # define NUL_DEV "NLA0:" /* We don't have any well-defined random devices on VMS, yet... */ # undef DEVRANDOM - /* We need to do this since VMS has the following coding on status codes: + /*- + We need to do this since VMS has the following coding on status codes: Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ... The important thing to know is that odd numbers are considered diff --git a/e_os2.h b/e_os2.h index 9da0b65448..d8e7d02101 100644 --- a/e_os2.h +++ b/e_os2.h @@ -216,24 +216,25 @@ extern "C" { # define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ #endif -/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare - certain global symbols that, with some compilers under VMS, have to be - defined and declared explicitely with globaldef and globalref. - Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare - DLL exports and imports for compilers under Win32. These are a little - more complicated to use. Basically, for any library that exports some - global variables, the following code must be present in the header file - that declares them, before OPENSSL_EXTERN is used: - - #ifdef SOME_BUILD_FLAG_MACRO - # undef OPENSSL_EXTERN - # define OPENSSL_EXTERN OPENSSL_EXPORT - #endif - - The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL - have some generally sensible values, and for OPENSSL_EXTERN to have the - value OPENSSL_IMPORT. -*/ +/*- + * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare + * certain global symbols that, with some compilers under VMS, have to be + * defined and declared explicitely with globaldef and globalref. + * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare + * DLL exports and imports for compilers under Win32. These are a little + * more complicated to use. Basically, for any library that exports some + * global variables, the following code must be present in the header file + * that declares them, before OPENSSL_EXTERN is used: + * + * #ifdef SOME_BUILD_FLAG_MACRO + * # undef OPENSSL_EXTERN + * # define OPENSSL_EXTERN OPENSSL_EXPORT + * #endif + * + * The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL + * have some generally sensible values, and for OPENSSL_EXTERN to have the + * value OPENSSL_IMPORT. + */ #if defined(OPENSSL_SYS_VMS_NODECC) # define OPENSSL_EXPORT globalref @@ -250,16 +251,17 @@ extern "C" { #endif #define OPENSSL_EXTERN OPENSSL_IMPORT -/* Macros to allow global variables to be reached through function calls when - required (if a shared library version requvres it, for example. - The way it's done allows definitions like this: - - // in foobar.c - OPENSSL_IMPLEMENT_GLOBAL(int,foobar) = 0; - // in foobar.h - OPENSSL_DECLARE_GLOBAL(int,foobar); - #define foobar OPENSSL_GLOBAL_REF(foobar) -*/ +/*- + * Macros to allow global variables to be reached through function calls when + * required (if a shared library version requires it, for example. + * The way it's done allows definitions like this: + * + * // in foobar.c + * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0) + * // in foobar.h + * OPENSSL_DECLARE_GLOBAL(int,foobar); + * #define foobar OPENSSL_GLOBAL_REF(foobar) + */ #ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION # define OPENSSL_IMPLEMENT_GLOBAL(type,name) \ extern type _hide_##name; \ diff --git a/engines/e_chil.c b/engines/e_chil.c index fca7a9cea6..a03b0c0389 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -76,7 +76,8 @@ #ifndef OPENSSL_NO_HW #ifndef OPENSSL_NO_HW_CHIL -/* Attribution notice: nCipher have said several times that it's OK for +/*- + * Attribution notice: nCipher have said several times that it's OK for * us to implement a general interface to their boxes, and recently declared * their HWCryptoHook to be public, and therefore available for us to use. * Thanks, nCipher. diff --git a/engines/e_gmp.c b/engines/e_gmp.c index a1a2d2bda6..96f0efdd10 100644 --- a/engines/e_gmp.c +++ b/engines/e_gmp.c @@ -62,7 +62,8 @@ * otherwise paths must be specified - eg. try configuring with * "enable-gmp -I -L -lgmp". YMMV. */ -/* As for what this does - it's a largely unoptimised implementation of an +/*- + * As for what this does - it's a largely unoptimised implementation of an * ENGINE that uses the GMP library to perform RSA private key operations. To * obtain more information about what "unoptimised" means, see my original mail * on the subject (though ignore the build instructions which have since diff --git a/engines/vendor_defns/hwcryptohook.h b/engines/vendor_defns/hwcryptohook.h index 482f1f2d11..f84f9d0054 100644 --- a/engines/vendor_defns/hwcryptohook.h +++ b/engines/vendor_defns/hwcryptohook.h @@ -1,4 +1,4 @@ -/* +/*- * ModExp / RSA (with/without KM) plugin API * * The application will load a dynamic library which @@ -84,7 +84,8 @@ #if HWCRYPTOHOOK_DECLARE_APPTYPES -/* These structs are defined by the application and opaque to the +/*- + * These structs are defined by the application and opaque to the * crypto plugin. The application may define these as it sees fit. * Default declarations are provided here, but the application may * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0 @@ -100,7 +101,8 @@ typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext; #endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */ -/* These next two structs are opaque to the application. The crypto +/*- + * These next two structs are opaque to the application. The crypto * plugin will return pointers to them; the caller simply manipulates * the pointers. */ @@ -111,7 +113,8 @@ typedef struct { char *buf; size_t size; } HWCryptoHook_ErrMsgBuf; -/* Used for error reporting. When a HWCryptoHook function fails it +/*- + * Used for error reporting. When a HWCryptoHook function fails it * will return a sentinel value (0 for pointer-valued functions, or a * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for * integer-valued ones). It will, if an ErrMsgBuf is passed, also put @@ -130,7 +133,8 @@ typedef struct HWCryptoHook_MPIStruct { unsigned char *buf; size_t size; } HWCryptoHook_MPI; -/* When one of these is returned, a pointer is passed to the function. +/*- + * When one of these is returned, a pointer is passed to the function. * At call, size is the space available. Afterwards it is updated to * be set to the actual length (which may be more than the space available, * if there was not enough room and the result was truncated). @@ -143,7 +147,8 @@ typedef struct HWCryptoHook_MPIStruct { #define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL #define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL -/* Enable requesting fallback to software in case of problems with the +/*- + * Enable requesting fallback to software in case of problems with the * hardware support. This indicates to the crypto provider that the * application is prepared to fall back to software operation if the * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK. @@ -154,7 +159,8 @@ typedef struct HWCryptoHook_MPIStruct { */ #define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL -/* Without _SimpleForkCheck the library is allowed to assume that the +/*- + * Without _SimpleForkCheck the library is allowed to assume that the * application will not fork and call the library in the child(ren). * * When it is specified, this is allowed. However, after a fork @@ -174,7 +180,8 @@ typedef struct { int mslimbfirst; /* 0 or 1 */ int msbytefirst; /* 0 or 1; -1 = native */ - /* All the callback functions should return 0 on success, or a + /*- + * All the callback functions should return 0 on success, or a * nonzero integer (whose value will be visible in the error message * put in the buffer passed to the call). * @@ -183,7 +190,8 @@ typedef struct { * The callbacks may not call down again into the crypto plugin. */ - /* For thread-safety. Set everything to 0 if you promise only to be + /*- + * For thread-safety. Set everything to 0 if you promise only to be * singlethreaded. maxsimultaneous is the number of calls to * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to * put there then say 0 and the hook library will use a default. @@ -207,7 +215,8 @@ typedef struct { void (*mutex_release)(HWCryptoHook_Mutex*); void (*mutex_destroy)(HWCryptoHook_Mutex*); - /* For greater efficiency, can use condition vars internally for + /*- + * For greater efficiency, can use condition vars internally for * synchronisation. In this case maxsimultaneous is ignored, but * the other mutex stuff must be available. In singlethreaded * programs, set everything to 0. @@ -219,7 +228,8 @@ typedef struct { void (*condvar_broadcast)(HWCryptoHook_CondVar*); void (*condvar_destroy)(HWCryptoHook_CondVar*); - /* The semantics of acquiring and releasing mutexes and broadcasting + /*- + * The semantics of acquiring and releasing mutexes and broadcasting * and waiting on condition variables are expected to be those from * POSIX threads (pthreads). The mutexes may be (in pthread-speak) * fast mutexes, recursive mutexes, or nonrecursive ones. @@ -234,7 +244,8 @@ typedef struct { int *len_io, char *buf, HWCryptoHook_PassphraseContext *ppctx, HWCryptoHook_CallerContext *cactx); - /* Passphrases and the prompt_info, if they contain high-bit-set + /*- + * Passphrases and the prompt_info, if they contain high-bit-set * characters, are UTF-8. The prompt_info may be a null pointer if * no prompt information is available (it should not be an empty * string). It will not contain text like `enter passphrase'; @@ -251,7 +262,8 @@ typedef struct { const char *wrong_info, HWCryptoHook_PassphraseContext *ppctx, HWCryptoHook_CallerContext *cactx); - /* Requests that the human user physically insert a different + /*- + * Requests that the human user physically insert a different * smartcard, DataKey, etc. The plugin should check whether the * currently inserted token(s) are appropriate, and if they are it * should not make this call. @@ -263,7 +275,8 @@ typedef struct { * syntactically similar to that of prompt_info. */ - /* Note that a single LoadKey operation might cause several calls to + /*- + * Note that a single LoadKey operation might cause several calls to * getpassphrase and/or requestphystoken. If requestphystoken is * not provided (ie, a null pointer is passed) then the plugin may * not support loading keys for which authorisation by several cards @@ -285,7 +298,8 @@ typedef struct { */ void (*logmessage)(void *logstream, const char *message); - /* A log message will be generated at least every time something goes + /*- + * A log message will be generated at least every time something goes * wrong and an ErrMsgBuf is filled in (or would be if one was * provided). Other diagnostic information may be written there too, * including more detailed reasons for errors which are reported in an @@ -325,7 +339,8 @@ HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *init HWCryptoHook_CallerContext *cactx); extern HWCryptoHook_Init_t HWCryptoHook_Init; -/* Caller should set initinfosize to the size of the HWCryptoHook struct, +/*- + * Caller should set initinfosize to the size of the HWCryptoHook struct, * so it can be extended later. * * On success, a message for display or logging by the server, @@ -334,7 +349,8 @@ extern HWCryptoHook_Init_t HWCryptoHook_Init; * usual. */ -/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED +/*- + * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of * the output MPI buffer(s) was too small; the sizes of all have been * set to the desired size (and for those where the buffer was large @@ -345,7 +361,8 @@ extern HWCryptoHook_Init_t HWCryptoHook_Init; * _NoStderr at init time then messages may be reported to stderr. */ -/* The RSAImmed* functions (and key managed RSA) only work with +/*- + * The RSAImmed* functions (and key managed RSA) only work with * modules which have an RSA patent licence - currently that means KM * units; the ModExp* ones work with all modules, so you need a patent * licence in the software in the US. They are otherwise identical. @@ -404,7 +421,8 @@ int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx, const HWCryptoHook_ErrMsgBuf *errors); extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv; -/* The RSAImmed* and ModExp* functions may return E_FAILED or +/*- + * The RSAImmed* and ModExp* functions may return E_FAILED or * E_FALLBACK for failure. * * E_FAILED means the failure is permanent and definite and there @@ -426,7 +444,8 @@ int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx, const HWCryptoHook_ErrMsgBuf *errors, HWCryptoHook_PassphraseContext *ppctx); extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey; -/* The key_ident is a null-terminated string configured by the +/*- + * The key_ident is a null-terminated string configured by the * user via the application's usual configuration mechanisms. * It is provided to the user by the crypto provider's key management * system. The user must be able to enter at least any string of between @@ -449,7 +468,8 @@ int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k, HWCryptoHook_MPI *e, const HWCryptoHook_ErrMsgBuf *errors); extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey; -/* The crypto plugin will not store certificates. +/*- + * The crypto plugin will not store certificates. * * Although this function for acquiring the public key value is * provided, it is not the purpose of this API to deal fully with the diff --git a/engines/vendor_defns/sureware.h b/engines/vendor_defns/sureware.h index e46b000ddc..f87867440e 100644 --- a/engines/vendor_defns/sureware.h +++ b/engines/vendor_defns/sureware.h @@ -1,22 +1,21 @@ -/* -* Written by Corinne Dive-Reclus(cdive@baltimore.com) -* -* Copyright@2001 Baltimore Technologies Ltd. -* * -* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND * -* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * -* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * -* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE * -* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * -* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * -* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * -* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * -* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * -* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * -* SUCH DAMAGE. * -* -* -*/ +/*- + * Written by Corinne Dive-Reclus(cdive@baltimore.com) + * + * Copyright@2001 Baltimore Technologies Ltd. + * + * THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + #ifdef WIN32 #define SW_EXPORT __declspec ( dllexport ) #else @@ -31,29 +30,29 @@ #define SUREWAREHOOK_ERROR_UNIT_FAILURE -3 #define SUREWAREHOOK_ERROR_DATA_SIZE -4 #define SUREWAREHOOK_ERROR_INVALID_PAD -5 -/* +/*- * -----------------WARNING----------------------------------- * In all the following functions: * msg is a string with at least 24 bytes free. * A 24 bytes string will be concatenated to the existing content of msg. */ -/* +/*- * SureWare Initialisation function * in param threadsafe, if !=0, thread safe enabled * return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success */ typedef int SureWareHook_Init_t(char*const msg,int threadsafe); extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init; -/* +/*- * SureWare Finish function */ typedef void SureWareHook_Finish_t(void); extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish; -/* +/*- * PRE_CONDITION: * DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE */ -/* +/*- * SureWare RAND Bytes function * In case of failure, the content of buf is unpredictable. * return 1 if success @@ -68,7 +67,7 @@ extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish; typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num); extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes; -/* +/*- * SureWare RAND Seed function * Adds some seed to the Hardware Random Number Generator * return 1 if success @@ -83,7 +82,7 @@ extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes; typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num); extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed; -/* +/*- * SureWare Load Private Key function * return 1 if success * SureWareHOOK_ERROR_FAILED if error while processing @@ -98,7 +97,7 @@ extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed; typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype); extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey; -/* +/*- * SureWare Info Public Key function * return 1 if success * SureWareHOOK_ERROR_FAILED if error while processing @@ -114,7 +113,7 @@ typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigne char *keytype); extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey; -/* +/*- * SureWare Load Public Key function * return 1 if success * SureWareHOOK_ERROR_FAILED if error while processing @@ -130,7 +129,7 @@ typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,uns unsigned long *n, unsigned long *e); extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey; -/* +/*- * SureWare Load DSA Public Key function * return 1 if success * SureWareHOOK_ERROR_FAILED if error while processing @@ -149,7 +148,7 @@ typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,uns unsigned long *g); extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey; -/* +/*- * SureWare Free function * Destroy the key into the hardware if destroy==1 */ @@ -159,7 +158,7 @@ extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free; #define SUREWARE_PKCS1_PAD 1 #define SUREWARE_ISO9796_PAD 2 #define SUREWARE_NO_PAD 0 -/* +/*- * SureWare RSA Private Decryption * return 1 if success * SureWareHOOK_ERROR_FAILED if error while processing @@ -180,7 +179,7 @@ typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *f int *tlen,unsigned char *to, char *prsa,int padding); extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec; -/* +/*- * SureWare RSA Signature * return 1 if success * SureWareHOOK_ERROR_FAILED if error while processing @@ -201,7 +200,7 @@ typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from, int *tlen,unsigned char *to, char *prsa,int padding); extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign; -/* +/*- * SureWare DSA Signature * return 1 if success * SureWareHOOK_ERROR_FAILED if error while processing @@ -219,7 +218,7 @@ typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign; -/* +/*- * SureWare Mod Exp * return 1 if success * SureWareHOOK_ERROR_FAILED if error while processing diff --git a/ms/tlhelp32.h b/ms/tlhelp32.h index 8f4222e34f..e15b7e2282 100644 --- a/ms/tlhelp32.h +++ b/ms/tlhelp32.h @@ -1,4 +1,4 @@ -/* +/*- tlhelp32.h - Include file for Tool help functions. Written by Mumit Khan diff --git a/ssl/d1_both.c b/ssl/d1_both.c index d2bbb6b053..b2de60eb0a 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -529,7 +529,8 @@ static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) { - /* (0) check whether the desired fragment is available + /*- + * (0) check whether the desired fragment is available * if so: * (1) copy over the fragment to s->init_buf->data[] * (2) update s->init_num @@ -986,7 +987,8 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); } -/* for these 2 messages, we need to +/*- + * for these 2 messages, we need to * ssl->enc_read_ctx re-init * ssl->s3->read_sequence zero * ssl->s3->read_mac_secret re-init @@ -1262,7 +1264,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, struct dtls1_retransmit_state saved_state; unsigned char save_write_sequence[8]; - /* + /*- OPENSSL_assert(s->init_num == 0); OPENSSL_assert(s->init_off == 0); */ diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index bc478c240c..ae888d966c 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -471,7 +471,8 @@ printf("\n"); } rr->off=0; - /* So at this point the following is true + /*- + * So at this point the following is true * ssl->s3->rrec.type is the type of record * ssl->s3->rrec.length == number of bytes in record * ssl->s3->rrec.off == offset to first valid byte @@ -491,7 +492,8 @@ err: } -/* Call this to get a new input record. +/*- + * Call this to get a new input record. * It will return <= 0 if more data is needed, normally due to an error * or non-blocking IO. * When it finishes, one packet has been decoded and can be found in @@ -663,7 +665,8 @@ again: } -/* Return up to 'len' payload bytes received in 'type' records. +/*- + * Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) @@ -731,10 +734,12 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) start: s->rwstate=SSL_NOTHING; - /* s->s3->rrec.type - is the type of record + /*- + * s->s3->rrec.type - is the type of record * s->s3->rrec.data, - data * s->s3->rrec.off, - offset into 'data' for next read - * s->s3->rrec.length, - number of bytes. */ + * s->s3->rrec.length, - number of bytes. + */ rr = &(s->s3->rrec); /* We are not handshaking and have no data yet, diff --git a/ssl/kssl.c b/ssl/kssl.c index 5cba28b89b..c550cec9fc 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -56,15 +56,16 @@ */ -/* ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl -** -** 19990701 VRS Started. -** 200011?? Jeffrey Altman, Richard Levitte -** Generalized for Heimdal, Newer MIT, & Win32. -** Integrated into main OpenSSL 0.9.7 snapshots. -** 20010413 Simon Wilkinson, VRS -** Real RFC2712 KerberosWrapper replaces AP_REQ. -*/ +/*- + * ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl + * + * 19990701 VRS Started. + * 200011?? Jeffrey Altman, Richard Levitte + * Generalized for Heimdal, Newer MIT, & Win32. + * Integrated into main OpenSSL 0.9.7 snapshots. + * 20010413 Simon Wilkinson, VRS + * Real RFC2712 KerberosWrapper replaces AP_REQ. + */ #include @@ -807,10 +808,10 @@ char } /* Given KRB5 enctype (basically DES or 3DES), -** return closest match openssl EVP_ encryption algorithm. -** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes. -** Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK. -*/ + * return closest match openssl EVP_ encryption algorithm. + * Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes. + * Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK. + */ const EVP_CIPHER * kssl_map_enc(krb5_enctype enctype) { @@ -835,10 +836,10 @@ kssl_map_enc(krb5_enctype enctype) /* Return true:1 if p "looks like" the start of the real authenticator -** described in kssl_skip_confound() below. The ASN.1 pattern is -** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and -** xx and yy are possibly multi-byte length fields. -*/ + * described in kssl_skip_confound() below. The ASN.1 pattern is + * "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and + * xx and yy are possibly multi-byte length fields. + */ int kssl_test_confound(unsigned char *p) { int len = 2; @@ -865,15 +866,15 @@ int kssl_test_confound(unsigned char *p) } /* Allocate, fill, and return cksumlens array of checksum lengths. -** This array holds just the unique elements from the krb5_cksumarray[]. -** array[n] == 0 signals end of data. -** -** The krb5_cksumarray[] was an internal variable that has since been -** replaced by a more general method for storing the data. It should -** not be used. Instead we use real API calls and make a guess for -** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 -** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. -*/ + * This array holds just the unique elements from the krb5_cksumarray[]. + * array[n] == 0 signals end of data. + * + * The krb5_cksumarray[] was an internal variable that has since been + * replaced by a more general method for storing the data. It should + * not be used. Instead we use real API calls and make a guess for + * what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 + * it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. + */ size_t *populate_cksumlens(void) { int i, j, n; @@ -906,12 +907,12 @@ size_t *populate_cksumlens(void) } /* Return pointer to start of real authenticator within authenticator, or -** return NULL on error. -** Decrypted authenticator looks like this: -** [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r] -** This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the -** krb5_auth_con_getcksumtype() function advertised in its krb5.h. -*/ + * return NULL on error. + * Decrypted authenticator looks like this: + * [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r] + * This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the + * krb5_auth_con_getcksumtype() function advertised in its krb5.h. + */ unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a) { int i, conlen; @@ -933,8 +934,8 @@ unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a) /* Set kssl_err error info when reason text is a simple string -** kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; } -*/ + * kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; } + */ void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text) { @@ -1023,8 +1024,8 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk) /* Display contents of krb5_principal_data struct, for debugging -** (krb5_principal is typedef'd == krb5_principal_data *) -*/ + * (krb5_principal is typedef'd == krb5_principal_data *) + */ void print_krb5_princ(char *label, krb5_principal_data *princ) { @@ -1046,16 +1047,16 @@ print_krb5_princ(char *label, krb5_principal_data *princ) } -/* Given krb5 service (typically "kssl") and hostname in kssl_ctx, -** Return encrypted Kerberos ticket for service @ hostname. -** If authenp is non-NULL, also return encrypted authenticator, -** whose data should be freed by caller. -** (Originally was: Create Kerberos AP_REQ message for SSL Client.) -** -** 19990628 VRS Started; Returns Kerberos AP_REQ message. -** 20010409 VRS Modified for RFC2712; Returns enc tkt. -** 20010606 VRS May also return optional authenticator. -*/ +/*- Given krb5 service (typically "kssl") and hostname in kssl_ctx, + * Return encrypted Kerberos ticket for service @ hostname. + * If authenp is non-NULL, also return encrypted authenticator, + * whose data should be freed by caller. + * (Originally was: Create Kerberos AP_REQ message for SSL Client.) + * + * 19990628 VRS Started; Returns Kerberos AP_REQ message. + * 20010409 VRS Modified for RFC2712; Returns enc tkt. + * 20010606 VRS May also return optional authenticator. + */ krb5_error_code kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, /* OUT */ krb5_data **enc_ticketp, @@ -1140,8 +1141,8 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, krb5rc = KRB5KRB_ERR_GENERIC; /* caller should free data of krb5_app_req */ /* 20010406 VRS deleted for real KerberosWrapper - ** 20010605 VRS reinstated to offer Authenticator to KerberosWrapper - */ + * 20010605 VRS reinstated to offer Authenticator to KerberosWrapper + */ krb5_app_req.length = 0; if (authenp) { @@ -1213,17 +1214,18 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, } -/* Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket. -** Return Kerberos error code and kssl_err struct on error. -** Allocates krb5_ticket and krb5_principal; caller should free these. -** -** 20010410 VRS Implemented krb5_decode_ticket() as -** old_krb5_decode_ticket(). Missing from MIT1.0.6. -** 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions. -** Re-used some of the old krb5_decode_ticket() -** code here. This tkt should alloc/free just -** like the real thing. -*/ +/*- + * Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket. + * Return Kerberos error code and kssl_err struct on error. + * Allocates krb5_ticket and krb5_principal; caller should free these. + * + * 20010410 VRS Implemented krb5_decode_ticket() as + * old_krb5_decode_ticket(). Missing from MIT1.0.6. + * 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions. + * Re-used some of the old krb5_decode_ticket() + * code here. This tkt should alloc/free just + * like the real thing. + */ krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context, /* IN */ KRB5_TKTBODY *asn1ticket, @@ -1298,12 +1300,12 @@ kssl_TKT2tkt( /* IN */ krb5_context krb5context, /* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), -** and krb5 AP_REQ message & message length, -** Return Kerberos session key and client principle -** to SSL Server in KSSL_CTX *kssl_ctx. -** -** 19990702 VRS Started. -*/ + * and krb5 AP_REQ message & message length, + * Return Kerberos session key and client principle + * to SSL Server in KSSL_CTX *kssl_ctx. + * + * 19990702 VRS Started. + */ krb5_error_code kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, /* IN */ krb5_data *indata, @@ -1418,19 +1420,20 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, } } - /* Actual Kerberos5 krb5_recvauth() has initial conversation here - ** o check KRB5_SENDAUTH_BADAUTHVERS - ** unless KRB5_RECVAUTH_SKIP_VERSION - ** o check KRB5_SENDAUTH_BADAPPLVERS - ** o send "0" msg if all OK - */ + /*- Actual Kerberos5 krb5_recvauth() has initial conversation here + * o check KRB5_SENDAUTH_BADAUTHVERS + * unless KRB5_RECVAUTH_SKIP_VERSION + * o check KRB5_SENDAUTH_BADAPPLVERS + * o send "0" msg if all OK + */ - /* 20010411 was using AP_REQ instead of true KerberosWrapper - ** - ** if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, - ** &krb5in_data, krb5server, krb5keytab, - ** &ap_option, &krb5ticket)) != 0) { Error } - */ + /*- + * 20010411 was using AP_REQ instead of true KerberosWrapper + * + * if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, + * &krb5in_data, krb5server, krb5keytab, + * &ap_option, &krb5ticket)) != 0) { Error } + */ p = (unsigned char *)indata->data; if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p, @@ -1567,8 +1570,8 @@ kssl_ctx_new(void) /* Frees a kssl_ctx struct and any allocated memory it holds. -** Returns NULL. -*/ + * Returns NULL. + */ KSSL_CTX * kssl_ctx_free(KSSL_CTX *kssl_ctx) { @@ -1588,9 +1591,9 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx) /* Given an array of (krb5_data *) entity (and optional realm), -** set the plain (char *) client_princ or service_host member -** of the kssl_ctx struct. -*/ + * set the plain (char *) client_princ or service_host member + * of the kssl_ctx struct. + */ krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, krb5_data *realm, krb5_data *entity, int nentities) @@ -1643,11 +1646,11 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, } -/* Set one of the plain (char *) string members of the kssl_ctx struct. -** Default values should be: -** which == KSSL_SERVICE => "khost" (KRB5SVC) -** which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB) -*/ +/*- Set one of the plain (char *) string members of the kssl_ctx struct. + * Default values should be: + * which == KSSL_SERVICE => "khost" (KRB5SVC) + * which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB) + */ krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) { @@ -1681,8 +1684,8 @@ kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) /* Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx -** struct. Clear kssl_ctx->key if Kerberos session key is NULL. -*/ + * struct. Clear kssl_ctx->key if Kerberos session key is NULL. + */ krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session) { @@ -1896,12 +1899,12 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) /* Given pointers to KerberosTime and struct tm structs, convert the -** KerberosTime string to struct tm. Note that KerberosTime is a -** ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional -** seconds as defined in RFC 1510. -** Return pointer to the (partially) filled in struct tm on success, -** return NULL on failure. -*/ + * KerberosTime string to struct tm. Note that KerberosTime is a + * ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional + * seconds as defined in RFC 1510. + * Return pointer to the (partially) filled in struct tm on success, + * return NULL on failure. + */ struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) { char c, *p; @@ -1924,10 +1927,10 @@ struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) /* Helper function for kssl_validate_times(). -** We need context->clockskew, but krb5_context is an opaque struct. -** So we try to sneek the clockskew out through the replay cache. -** If that fails just return a likely default (300 seconds). -*/ + * We need context->clockskew, but krb5_context is an opaque struct. + * So we try to sneek the clockskew out through the replay cache. + * If that fails just return a likely default (300 seconds). + */ krb5_deltat get_rc_clockskew(krb5_context context) { krb5_rcache rc; @@ -1944,15 +1947,15 @@ krb5_deltat get_rc_clockskew(krb5_context context) /* kssl_validate_times() combines (and more importantly exposes) -** the MIT KRB5 internal function krb5_validate_times() and the -** in_clock_skew() macro. The authenticator client time is checked -** to be within clockskew secs of the current time and the current -** time is checked to be within the ticket start and expire times. -** Either check may be omitted by supplying a NULL value. -** Returns 0 for valid times, SSL_R_KRB5* error codes otherwise. -** See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c -** 20010420 VRS -*/ + * the MIT KRB5 internal function krb5_validate_times() and the + * in_clock_skew() macro. The authenticator client time is checked + * to be within clockskew secs of the current time and the current + * time is checked to be within the ticket start and expire times. + * Either check may be omitted by supplying a NULL value. + * Returns 0 for valid times, SSL_R_KRB5* error codes otherwise. + * See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c + * 20010420 VRS + */ krb5_error_code kssl_validate_times( krb5_timestamp atime, krb5_ticket_times *ttimes) { @@ -1984,12 +1987,12 @@ krb5_error_code kssl_validate_times( krb5_timestamp atime, /* Decode and decrypt given DER-encoded authenticator, then pass -** authenticator ctime back in *atimep (or 0 if time unavailable). -** Returns krb5_error_code and kssl_err on error. A NULL -** authenticator (authentp->length == 0) is not considered an error. -** Note that kssl_check_authent() makes use of the KRB5 session key; -** you must call kssl_sget_tkt() to get the key before calling this routine. -*/ + * authenticator ctime back in *atimep (or 0 if time unavailable). + * Returns krb5_error_code and kssl_err on error. A NULL + * authenticator (authentp->length == 0) is not considered an error. + * Note that kssl_check_authent() makes use of the KRB5 session key; + * you must call kssl_sget_tkt() to get the key before calling this routine. + */ krb5_error_code kssl_check_authent( /* IN */ KSSL_CTX *kssl_ctx, /* IN */ krb5_data *authentp, @@ -2068,9 +2071,9 @@ krb5_error_code kssl_check_authent( if (enc == NULL) { /* Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1. - ** This enctype indicates the authenticator was encrypted - ** using key-usage derived keys which openssl cannot decrypt. - */ + * This enctype indicates the authenticator was encrypted + * using key-usage derived keys which openssl cannot decrypt. + */ goto err; } @@ -2144,10 +2147,10 @@ krb5_error_code kssl_check_authent( /* Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host), -** because I dont't know how to stub varargs. -** Returns krb5_error_code == ENOMEM on alloc error, otherwise -** passes back newly constructed principal, which should be freed by caller. -*/ + * because I don't know how to stub varargs. + * Returns krb5_error_code == ENOMEM on alloc error, otherwise + * passes back newly constructed principal, which should be freed by caller. + */ krb5_error_code kssl_build_principal_2( /* UPDATE */ krb5_context context, /* OUT */ krb5_principal *princ, diff --git a/ssl/kssl.h b/ssl/kssl.h index a3d20e1ccb..c7e16a5a95 100644 --- a/ssl/kssl.h +++ b/ssl/kssl.h @@ -76,9 +76,9 @@ extern "C" { #endif /* -** Depending on which KRB5 implementation used, some types from -** the other may be missing. Resolve that here and now -*/ + * Depending on which KRB5 implementation used, some types from + * the other may be missing. Resolve that here and now + */ #ifdef KRB5_HEIMDAL typedef unsigned char krb5_octet; #define FAR @@ -91,10 +91,10 @@ typedef unsigned char krb5_octet; #endif /* Uncomment this to debug kssl problems or -** to trace usage of the Kerberos session key -** -** #define KSSL_DEBUG -*/ + * to trace usage of the Kerberos session key + * + * #define KSSL_DEBUG + */ #ifndef KRB5SVC #define KRB5SVC "host" @@ -123,10 +123,10 @@ typedef struct kssl_err_st { } KSSL_ERR; -/* Context for passing -** (1) Kerberos session key to SSL, and -** (2) Config data between application and SSL lib -*/ +/*- Context for passing + * (1) Kerberos session key to SSL, and + * (2) Config data between application and SSL lib + */ typedef struct kssl_ctx_st { /* used by: disposition: */ diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 5486a3621d..25e1422520 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -413,7 +413,8 @@ int ssl23_get_client_hello(SSL *s) v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ v[1] = p[4]; - /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 + /*- + * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 * header is sent directly on the wire, not wrapped as a TLS * record. It's format is: * Byte Content diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 86ad59858c..b9c6c43c29 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -272,7 +272,8 @@ f_err: return(0); } -/* for these 2 messages, we need to +/*- + * for these 2 messages, we need to * ssl->enc_read_ctx re-init * ssl->s3->read_sequence zero * ssl->s3->read_mac_secret re-init diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 320330ffd9..9ee6a941c5 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -68,14 +68,16 @@ * supported by TLS.) */ #define MAX_HASH_BLOCK_SIZE 128 -/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC +/*- + * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC * record in |rec| by updating |rec->length| in constant time. * * block_size: the block size of the cipher used to encrypt the record. * returns: * 0: (in non-constant time) if the record is publicly invalid. * 1: if the padding was valid - * -1: otherwise. */ + * -1: otherwise. + */ int ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, @@ -99,7 +101,8 @@ int ssl3_cbc_remove_padding(const SSL* s, return constant_time_select_int(good, 1, -1); } -/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC +/*- + * tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC * record in |rec| in constant time and returns 1 if the padding is valid and * -1 otherwise. It also removes any explicit IV from the start of the record * without leaking any timing about whether there was enough space after the @@ -109,7 +112,8 @@ int ssl3_cbc_remove_padding(const SSL* s, * returns: * 0: (in non-constant time) if the record is publicly invalid. * 1: if the padding was valid - * -1: otherwise. */ + * -1: otherwise. + */ int tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, @@ -189,7 +193,8 @@ int tls1_cbc_remove_padding(const SSL* s, return constant_time_select_int(good, 1, -1); } -/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in +/*- + * ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in * constant time (independent of the concrete value of rec->length, which may * vary within a 256-byte window). * @@ -371,7 +376,8 @@ char ssl3_cbc_record_digest_supported(const EVP_MD *digest) } } -/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS +/*- + * ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS * record. * * ctx: the EVP_MD_CTX from which we take the hash function. @@ -389,7 +395,8 @@ char ssl3_cbc_record_digest_supported(const EVP_MD *digest) * On entry: by virtue of having been through one of the remove_padding * functions, above, we know that data_plus_mac_size is large enough to contain * a padding byte and MAC. (If the padding was invalid, it might contain the - * padding too. ) */ + * padding too. ) + */ void ssl3_cbc_digest_record( const EVP_MD *digest, unsigned char* md_out, diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 3352e2d19a..68e237a2ad 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2098,24 +2098,25 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } - /* 20010406 VRS - Earlier versions used KRB5 AP_REQ - ** in place of RFC 2712 KerberosWrapper, as in: - ** - ** Send ticket (copy to *p, set n = length) - ** n = krb5_ap_req.length; - ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - ** if (krb5_ap_req.data) - ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - ** - ** Now using real RFC 2712 KerberosWrapper - ** (Thanks to Simon Wilkinson ) - ** Note: 2712 "opaque" types are here replaced - ** with a 2-byte length followed by the value. - ** Example: - ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms - ** Where "xx xx" = length bytes. Shown here with - ** optional authenticator omitted. - */ + /*- + * 20010406 VRS - Earlier versions used KRB5 AP_REQ + * in place of RFC 2712 KerberosWrapper, as in: + * + * Send ticket (copy to *p, set n = length) + * n = krb5_ap_req.length; + * memcpy(p, krb5_ap_req.data, krb5_ap_req.length); + * if (krb5_ap_req.data) + * kssl_krb5_free_data_contents(NULL,&krb5_ap_req); + * + * Now using real RFC 2712 KerberosWrapper + * (Thanks to Simon Wilkinson ) + * Note: 2712 "opaque" types are here replaced + * with a 2-byte length followed by the value. + * Example: + * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms + * Where "xx xx" = length bytes. Shown here with + * optional authenticator omitted. + */ /* KerberosWrapper.Ticket */ s2n(enc_ticket->length,p); @@ -2146,12 +2147,13 @@ int ssl3_send_client_key_exchange(SSL *s) if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) goto err; - /* 20010420 VRS. Tried it this way; failed. - ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - ** kssl_ctx->length); - ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ + /*- + * 20010420 VRS. Tried it this way; failed. + * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); + * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, + * kssl_ctx->length); + * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); + */ memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, @@ -2268,7 +2270,8 @@ int ssl3_send_client_key_exchange(SSL *s) */ if ((l & SSL_kECDH) && (s->cert != NULL)) { - /* XXX: For now, we do not support client + /*- + * XXX: For now, we do not support client * authentication using ECDH certificates. * To add such support, one needs to add * code that checks for appropriate diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 1adc301911..75cae7f20d 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -237,7 +237,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) * ssl3_get_record to loop forever. */ #define MAX_EMPTY_RECORDS 32 -/* Call this to get a new input record. +/*- + * Call this to get a new input record. * It will return <= 0 if more data is needed, normally due to an error * or non-blocking IO. * When it finishes, one packet has been decoded and can be found in @@ -363,10 +364,12 @@ again: rr->data=rr->input; enc_err = s->method->ssl3_enc->enc(s,0); - /* enc_err is: + /*- + * enc_err is: * 0: (in non-constant time) if the record is publically invalid. * 1: if the padding is valid - * -1: if the padding is invalid */ + * -1: if the padding is invalid + */ if (enc_err == 0) { al=SSL_AD_DECRYPTION_FAILED; @@ -473,7 +476,8 @@ printf("\n"); } rr->off=0; - /* So at this point the following is true + /*- + * So at this point the following is true * ssl->s3->rrec.type is the type of record * ssl->s3->rrec.length == number of bytes in record * ssl->s3->rrec.off == offset to first valid byte @@ -819,7 +823,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, } } -/* Return up to 'len' payload bytes received in 'type' records. +/*- + * Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) @@ -901,10 +906,12 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) start: s->rwstate=SSL_NOTHING; - /* s->s3->rrec.type - is the type of record + /*- + * s->s3->rrec.type - is the type of record * s->s3->rrec.data, - data * s->s3->rrec.off, - offset into 'data' for next read - * s->s3->rrec.length, - number of bytes. */ + * s->s3->rrec.length, - number of bytes. + */ rr = &(s->s3->rrec); /* get new packet if necessary */ @@ -1011,9 +1018,11 @@ start: } } - /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; + /*- + * s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ + * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) + */ /* If we are a client, check for an incoming 'Hello Request': */ if ((!s->server) && diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 496ae80a25..06485c9af8 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1111,7 +1111,8 @@ int ssl3_get_client_hello(SSL *s) s->s3->tmp.new_cipher=s->session->cipher; } - /* we now have the following setup. + /*- + * we now have the following setup. * client_random * cipher_list - our prefered list of ciphers * ciphers - the clients prefered list of ciphers @@ -2180,12 +2181,12 @@ int ssl3_get_client_key_exchange(SSL *s) } - /* Was doing kssl_ctx_free() here, - ** but it caused problems for apache. - ** kssl_ctx = kssl_ctx_free(kssl_ctx); - ** if (s->kssl_ctx) s->kssl_ctx = NULL; - */ - } + /*- Was doing kssl_ctx_free() here, + * but it caused problems for apache. + * kssl_ctx = kssl_ctx_free(kssl_ctx); + * if (s->kssl_ctx) s->kssl_ctx = NULL; + */ + } else #endif /* OPENSSL_NO_KRB5 */ @@ -2790,7 +2791,8 @@ int ssl3_send_newsession_ticket(SSL *s) */ if (slen > 0xFF00) return -1; - /* Grow buffer if need be: the length calculation is as + /*- + * Grow buffer if need be: the length calculation is as * follows 1 (size of message name) + 3 (message length * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + * 16 (key name) + max_iv_len (iv length) + @@ -2882,7 +2884,8 @@ int ssl3_send_cert_status(SSL *s) if (s->state == SSL3_ST_SW_CERT_STATUS_A) { unsigned char *p; - /* Grow buffer if need be: the length calculation is as + /*- + * Grow buffer if need be: the length calculation is as * follows 1 (message type) + 3 (message length) + * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) diff --git a/ssl/ssl.h b/ssl/ssl.h index 8420100cf0..ec604a930e 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -299,7 +299,7 @@ extern "C" { #define SSL_TXT_ALL "ALL" #define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */ -/* +/*- * COMPLEMENTOF* definitions. These identifiers are used to (de-select) * ciphers normally not being used. * Example: "RC4" will activate all ciphers using RC4 including ciphers @@ -398,7 +398,8 @@ typedef struct ssl_method_st long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); } SSL_METHOD; -/* Lets make this into an ASN.1 type structure as follows +/*- + * Lets make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { * version INTEGER, -- structure version number * SSLversion INTEGER, -- SSL version number diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index c16ba15188..c364c142c7 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1337,12 +1337,14 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) if (cm == NULL || cm->type == NID_undef) return 1; - /* According to draft-ietf-tls-compression-04.txt, the - compression number ranges should be the following: - - 0 to 63: methods defined by the IETF - 64 to 192: external party methods assigned by IANA - 193 to 255: reserved for private use */ + /*- + * According to draft-ietf-tls-compression-04.txt, the + * compression number ranges should be the following: + * + * 0 to 63: methods defined by the IETF + * 64 to 192: external party methods assigned by IANA + * 193 to 255: reserved for private use + */ if (id < 193 || id > 255) { SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index d4b642c5aa..a06e81c5c2 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -345,7 +345,7 @@ /* we have used 000001ff - 23 bits left to go */ -/* +/*- * Macros to check the export status and cipher strength for export ciphers. * Even though the macros for EXPORT and EXPORT40/56 have similar names, * their meaning is different: @@ -387,7 +387,8 @@ #define SSL_PKEY_ECC 5 #define SSL_PKEY_NUM 6 -/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | +/*- + * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index b5ce44b47c..86a9a6013d 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -57,7 +57,7 @@ */ /* VMS */ -/* +/*- * DECnet object for servicing SSL. We accept the inbound and speak a * simple protocol for multiplexing the 2 data streams (application and * ssl data) over this logical link. @@ -273,7 +273,7 @@ int doit(io_channel chan, SSL_CTX *s_ctx ) c_to_s=BIO_new(BIO_s_rtcp()); s_to_c=BIO_new(BIO_s_rtcp()); if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; -/* original, DRM 24-SEP-1997 +/*- original, DRM 24-SEP-1997 BIO_set_fd ( c_to_s, "", chan ); BIO_set_fd ( s_to_c, "", chan ); */ diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 26ff634ea3..995d185052 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -985,7 +985,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, do { - /* c_ssl_bio: SSL filter BIO + /*- + * c_ssl_bio: SSL filter BIO * * client: pseudo-I/O for SSL library * @@ -1807,11 +1808,12 @@ static void process_proxy_debug(int indent, const char *format, ...) vfprintf(stderr, my_format, args); va_end(args); } -/* Priority levels: - 0 [!]var, () - 1 & ^ - 2 | -*/ +/*- + * Priority levels: + * 0 [!]var, () + * 1 & ^ + * 2 | + */ static int process_proxy_cond_adders(unsigned int letters[26], const char *cond, const char **cond_end, int *pos, int indent); static int process_proxy_cond_val(unsigned int letters[26], @@ -2163,7 +2165,8 @@ static void free_tmp_rsa(void) #endif #ifndef OPENSSL_NO_DH -/* These DH parameters have been generated as follows: +/*- + * These DH parameters have been generated as follows: * $ openssl dhparam -C -noout 512 * $ openssl dhparam -C -noout 1024 * $ openssl dhparam -C -noout -dsaparam 1024 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 68c527dfdf..bfcb7133c0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -148,13 +148,14 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha unsigned long size_str; long lenmax; - /* check for enough space. - 4 for the servername type and entension length - 2 for servernamelist length - 1 for the hostname type - 2 for hostname length - + hostname length - */ + /*- + * check for enough space. + * 4 for the servername type and entension length + * 2 for servernamelist length + * 1 for the hostname type + * 2 for hostname length + * + hostname length + */ if ((lenmax = limit - ret - 9) < 0 || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) @@ -345,7 +346,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha } #ifndef OPENSSL_NO_EC -/* ssl_check_for_safari attempts to fingerprint Safari using OS X +/*- + * ssl_check_for_safari attempts to fingerprint Safari using OS X * SecureTransport using the TLS extension block in |d|, of length |n|. * Safari, since 10.6, sends exactly these extensions, in this order: * SNI, @@ -462,28 +464,30 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (s->tlsext_debug_cb) s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); -/* The servername extension is treated as follows: - - - Only the hostname type is supported with a maximum length of 255. - - The servername is rejected if too long or if it contains zeros, - in which case an fatal alert is generated. - - The servername field is maintained together with the session cache. - - When a session is resumed, the servername call back invoked in order - to allow the application to position itself to the right context. - - The servername is acknowledged if it is new for a session or when - it is identical to a previously used for the same session. - Applications can control the behaviour. They can at any time - set a 'desirable' servername for a new SSL object. This can be the - case for example with HTTPS when a Host: header field is received and - a renegotiation is requested. In this case, a possible servername - presented in the new client hello is only acknowledged if it matches - the value of the Host: field. - - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - if they provide for changing an explicit servername context for the session, - i.e. when the session has been established with a servername extension. - - On session reconnect, the servername extension may be absent. - -*/ +/*- + * The servername extension is treated as follows: + * + * - Only the hostname type is supported with a maximum length of 255. + * - The servername is rejected if too long or if it contains zeros, + * in which case an fatal alert is generated. + * - The servername field is maintained together with the session cache. + * - When a session is resumed, the servername call back invoked in order + * to allow the application to position itself to the right context. + * - The servername is acknowledged if it is new for a session or when + * it is identical to a previously used for the same session. + * Applications can control the behaviour. They can at any time + * set a 'desirable' servername for a new SSL object. This can be the + * case for example with HTTPS when a Host: header field is received and + * a renegotiation is requested. In this case, a possible servername + * presented in the new client hello is only acknowledged if it matches + * the value of the Host: field. + * - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + * if they provide for changing an explicit servername context for the + * session, i.e. when the session has been established with a servername + * extension. + * - On session reconnect, the servername extension may be absent. + * + */ if (type == TLSEXT_TYPE_server_name) { diff --git a/test/methtest.c b/test/methtest.c index 005c2f4822..b73421783c 100644 --- a/test/methtest.c +++ b/test/methtest.c @@ -84,7 +84,7 @@ char *argv[]; METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs"); METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2); -/* tmp=METH_new(x509_by_issuer_dir); +/*- tmp=METH_new(x509_by_issuer_dir); METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); METH_push(top,METH_X509_BY_ISSUER,tmp);