From: Matt Caswell Date: Mon, 5 Jan 2015 11:30:03 +0000 (+0000) Subject: Re-align some comments after running the reformat script. X-Git-Tag: OpenSSL_1_0_1-post-reformat^0 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cda8845ded7c0739c9142283ed4c449130b1b546;p=oweals%2Fopenssl.git Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) This commit is for the 1.0.1 changes Reviewed-by: Tim Hudson --- diff --git a/apps/ca.c b/apps/ca.c index ec8ca63a58..174ad9abb5 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -610,10 +610,10 @@ int MAIN(int argc, char **argv) oid_bio = BIO_new_file(p, "r"); if (oid_bio == NULL) { - /*- - BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); - ERR_print_errors(bio_err); - */ + /*- + BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); + ERR_print_errors(bio_err); + */ ERR_clear_error(); } else { OBJ_create_objects(oid_bio); diff --git a/apps/gendh.c b/apps/gendh.c index 2d919495f4..adaa101783 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -122,8 +122,8 @@ int MAIN(int argc, char **argv) outfile = *(++argv); } else if (strcmp(*argv, "-2") == 0) g = 2; - /*- else if (strcmp(*argv,"-3") == 0) - g=3; */ +/*- else if (strcmp(*argv,"-3") == 0) + g=3; */ else if (strcmp(*argv, "-5") == 0) g = 5; # ifndef OPENSSL_NO_ENGINE diff --git a/apps/openssl.c b/apps/openssl.c index e6109a0dd1..112ed7e602 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -231,27 +231,27 @@ int main(int Argc, char *ARGV[]) long errline; #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) - /*- - * 2011-03-22 SMS. - * If we have 32-bit pointers everywhere, then we're safe, and - * we bypass this mess, as on non-VMS systems. (See ARGV, - * above.) - * Problem 1: Compaq/HP C before V7.3 always used 32-bit - * pointers for argv[]. - * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers - * everywhere else, we always allocate and use a 64-bit - * duplicate of argv[]. - * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed - * to NULL-terminate a 64-bit argv[]. (As this was written, the - * compiler ECO was available only on IA64.) - * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a - * 64-bit argv[argc] for NULL, and, if necessary, use a - * (properly) NULL-terminated (64-bit) duplicate of argv[]. - * The same code is used in either case to duplicate argv[]. - * Some of these decisions could be handled in preprocessing, - * but the code tends to get even uglier, and the penalty for - * deciding at compile- or run-time is tiny. - */ + /*- + * 2011-03-22 SMS. + * If we have 32-bit pointers everywhere, then we're safe, and + * we bypass this mess, as on non-VMS systems. (See ARGV, + * above.) + * Problem 1: Compaq/HP C before V7.3 always used 32-bit + * pointers for argv[]. + * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers + * everywhere else, we always allocate and use a 64-bit + * duplicate of argv[]. + * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed + * to NULL-terminate a 64-bit argv[]. (As this was written, the + * compiler ECO was available only on IA64.) + * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a + * 64-bit argv[argc] for NULL, and, if necessary, use a + * (properly) NULL-terminated (64-bit) duplicate of argv[]. + * The same code is used in either case to duplicate argv[]. + * Some of these decisions could be handled in preprocessing, + * but the code tends to get even uglier, and the penalty for + * deciding at compile- or run-time is tiny. + */ char **Argv = NULL; int free_Argv = 0; diff --git a/apps/req.c b/apps/req.c index c72efd5ae8..57781c93c4 100644 --- a/apps/req.c +++ b/apps/req.c @@ -502,10 +502,10 @@ int MAIN(int argc, char **argv) oid_bio = BIO_new_file(p, "r"); if (oid_bio == NULL) { - /*- - BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); - ERR_print_errors(bio_err); - */ + /*- + BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); + ERR_print_errors(bio_err); + */ } else { OBJ_create_objects(oid_bio); BIO_free(oid_bio); diff --git a/apps/s_cb.c b/apps/s_cb.c index c47cf7b09e..7918500a6c 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -191,10 +191,10 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) { if (cert_file != NULL) { - /*- - SSL *ssl; - X509 *x509; - */ + /*- + SSL *ssl; + X509 *x509; + */ if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) { @@ -212,20 +212,20 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) return (0); } - /*- - In theory this is no longer needed - ssl=SSL_new(ctx); - x509=SSL_get_certificate(ssl); - - if (x509 != NULL) { - EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(x509); - EVP_PKEY_copy_parameters(pktmp, - SSL_get_privatekey(ssl)); - EVP_PKEY_free(pktmp); - } - SSL_free(ssl); - */ + /*- + In theory this is no longer needed + ssl=SSL_new(ctx); + x509=SSL_get_certificate(ssl); + + if (x509 != NULL) { + EVP_PKEY *pktmp; + pktmp = X509_get_pubkey(x509); + EVP_PKEY_copy_parameters(pktmp, + SSL_get_privatekey(ssl)); + EVP_PKEY_free(pktmp); + } + SSL_free(ssl); + */ /* * If we are using DSA, we can copy the parameters from the private diff --git a/apps/s_client.c b/apps/s_client.c index cc968defb0..0bbc065248 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1559,8 +1559,8 @@ int MAIN(int argc, char **argv) openssl_fdset(SSL_get_fd(con), &writefds); } #endif -/*- printf("mode tty(%d %d%d) ssl(%d%d)\n", - tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ +/*- printf("mode tty(%d %d%d) ssl(%d%d)\n", + tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ /* * Note: under VMS with SOCKETSHR the second parameter is diff --git a/apps/s_socket.c b/apps/s_socket.c index 802896a6aa..9e5565d16a 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -426,13 +426,13 @@ static int do_accept(int acc_sock, int *sock, char **host) } /*- - ling.l_onoff=1; - ling.l_linger=0; - i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); - if (i < 0) { perror("linger"); return(0); } - i=0; - i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); - if (i < 0) { perror("keepalive"); return(0); } + ling.l_onoff=1; + ling.l_linger=0; + i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); + if (i < 0) { perror("linger"); return(0); } + i=0; + i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); + if (i < 0) { perror("keepalive"); return(0); } */ if (host == NULL) diff --git a/apps/ts.c b/apps/ts.c index 6a24dcbf9e..341a42bb12 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -1101,19 +1101,19 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file) static int MS_CALLBACK verify_cb(int ok, X509_STORE_CTX *ctx) { - /*- - char buf[256]; - - if (!ok) - { - X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), - buf, sizeof(buf)); - printf("%s\n", buf); - printf("error %d at %d depth lookup: %s\n", - ctx->error, ctx->error_depth, - X509_verify_cert_error_string(ctx->error)); - } - */ + /*- + char buf[256]; + + if (!ok) + { + X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), + buf, sizeof(buf)); + printf("%s\n", buf); + printf("error %d at %d depth lookup: %s\n", + ctx->error, ctx->error_depth, + X509_verify_cert_error_string(ctx->error)); + } + */ return ok; } diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 2a8c3a336c..51c6a0c34d 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -252,13 +252,13 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature); if (rv == 1) outl = signature->length; - /*- - * Return value meanings: - * <=0: error. - * 1: method does everything. - * 2: carry on as normal. - * 3: ASN1 method sets algorithm identifiers: just sign. - */ + /*- + * Return value meanings: + * <=0: error. + * 1: method does everything. + * 2: carry on as normal. + * 3: ASN1 method sets algorithm identifiers: just sign. + */ if (rv <= 0) ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); if (rv <= 1) diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 7469f07f25..bda882c40b 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -530,13 +530,13 @@ int BIO_socket_ioctl(int fd, long type, void *arg) i = ioctlsocket(fd, type, (char *)arg); # else # if defined(OPENSSL_SYS_VMS) - /*- - * 2011-02-18 SMS. - * VMS ioctl() can't tolerate a 64-bit "void *arg", but we - * observe that all the consumers pass in an "unsigned long *", - * so we arrange a local copy with a short pointer, and use - * that, instead. - */ + /*- + * 2011-02-18 SMS. + * VMS ioctl() can't tolerate a 64-bit "void *arg", but we + * observe that all the consumers pass in an "unsigned long *", + * so we arrange a local copy with a short pointer, and use + * that, instead. + */ # if __INITIAL_POINTER_SIZE == 64 # define ARG arg_32p # pragma pointer_size save diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c index d9d0dc6bf4..e0c79e8291 100644 --- a/crypto/bio/bf_null.c +++ b/crypto/bio/bf_null.c @@ -103,11 +103,11 @@ static int nullf_free(BIO *a) { if (a == NULL) return (0); - /*- - a->ptr=NULL; - a->init=0; - a->flags=0; - */ + /*- + a->ptr=NULL; + a->init=0; + a->flags=0; + */ return (1); } diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index 2298f301a6..81f13c725c 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -343,15 +343,15 @@ struct bio_st { DECLARE_STACK_OF(BIO) typedef struct bio_f_buffer_ctx_struct { - /*- - * Buffers are setup like this: - * - * <---------------------- size -----------------------> - * +---------------------------------------------------+ - * | consumed | remaining | free space | - * +---------------------------------------------------+ - * <-- off --><------- len -------> - */ + /*- + * Buffers are setup like this: + * + * <---------------------- size -----------------------> + * +---------------------------------------------------+ + * | consumed | remaining | free space | + * +---------------------------------------------------+ + * <-- off --><------- len -------> + */ /*- BIO *bio; *//* * this is now in the BIO struct */ diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 1a1e4d99ac..d08292c3e9 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -421,12 +421,12 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ret = (long)data->bind_mode; break; case BIO_CTRL_DUP: -/*- dbio=(BIO *)ptr; - if (data->param_port) EAY EAY - BIO_set_port(dbio,data->param_port); - if (data->param_hostname) - BIO_set_hostname(dbio,data->param_hostname); - BIO_set_nbio(dbio,data->nbio); */ +/*- dbio=(BIO *)ptr; + if (data->param_port) EAY EAY + BIO_set_port(dbio,data->param_port); + if (data->param_hostname) + BIO_set_hostname(dbio,data->param_hostname); + BIO_set_nbio(dbio,data->nbio); */ break; default: diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index c48665a038..2f3d110449 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -69,12 +69,12 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) bn_check_top(a); bn_check_top(b); - /*- - * a + b a+b - * a + -b a-b - * -a + b b-a - * -a + -b -(a+b) - */ + /*- + * a + b a+b + * a + -b a-b + * -a + b b-a + * -a + -b -(a+b) + */ if (a_neg ^ b->neg) { /* only one is negative */ if (a_neg) { @@ -265,12 +265,12 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) bn_check_top(a); bn_check_top(b); - /*- - * a - b a-b - * a - -b a+b - * -a - b -(a+b) - * -a - -b b-a - */ + /*- + * a - b a-b + * a - -b a+b + * -a - b -(a+b) + * -a - -b b-a + */ if (a->neg) { if (b->neg) { tmp = a; diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 1ded193738..fca401450a 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -186,36 +186,36 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, bn_check_top(p); bn_check_top(m); - /*- - * For even modulus m = 2^k*m_odd, it might make sense to compute - * a^p mod m_odd and a^p mod 2^k separately (with Montgomery - * exponentiation for the odd part), using appropriate exponent - * reductions, and combine the results using the CRT. - * - * For now, we use Montgomery only if the modulus is odd; otherwise, - * exponentiation using the reciprocal-based quick remaindering - * algorithm is used. - * - * (Timing obtained with expspeed.c [computations a^p mod m - * where a, p, m are of the same length: 256, 512, 1024, 2048, - * 4096, 8192 bits], compared to the running time of the - * standard algorithm: - * - * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration] - * 55 .. 77 % [UltraSparc processor, but - * debug-solaris-sparcv8-gcc conf.] - * - * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration] - * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc] - * - * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont - * at 2048 and more bits, but at 512 and 1024 bits, it was - * slower even than the standard algorithm! - * - * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations] - * should be obtained when the new Montgomery reduction code - * has been integrated into OpenSSL.) - */ + /*- + * For even modulus m = 2^k*m_odd, it might make sense to compute + * a^p mod m_odd and a^p mod 2^k separately (with Montgomery + * exponentiation for the odd part), using appropriate exponent + * reductions, and combine the results using the CRT. + * + * For now, we use Montgomery only if the modulus is odd; otherwise, + * exponentiation using the reciprocal-based quick remaindering + * algorithm is used. + * + * (Timing obtained with expspeed.c [computations a^p mod m + * where a, p, m are of the same length: 256, 512, 1024, 2048, + * 4096, 8192 bits], compared to the running time of the + * standard algorithm: + * + * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration] + * 55 .. 77 % [UltraSparc processor, but + * debug-solaris-sparcv8-gcc conf.] + * + * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration] + * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc] + * + * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont + * at 2048 and more bits, but at 512 and 1024 bits, it was + * slower even than the standard algorithm! + * + * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations] + * should be obtained when the new Montgomery reduction code + * has been integrated into OpenSSL.) + */ #define MONT_MUL_MOD #define MONT_EXP_WORD diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 02fb7c462d..97c55ab720 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -268,13 +268,13 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, goto err; } sign = -1; - /*- - * From B = a mod |n|, A = |n| it follows that - * - * 0 <= B < A, - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - */ + /*- + * From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + */ if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) { /* @@ -286,12 +286,12 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, int shift; while (!BN_is_zero(B)) { - /*- - * 0 < B < |n|, - * 0 < A <= |n|, - * (1) -sign*X*a == B (mod |n|), - * (2) sign*Y*a == A (mod |n|) - */ + /*- + * 0 < B < |n|, + * 0 < A <= |n|, + * (1) -sign*X*a == B (mod |n|), + * (2) sign*Y*a == A (mod |n|) + */ /* * Now divide B by the maximum possible power of two in the @@ -337,18 +337,18 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, goto err; } - /*- - * We still have (1) and (2). - * Both A and B are odd. - * The following computations ensure that - * - * 0 <= B < |n|, - * 0 < A < |n|, - * (1) -sign*X*a == B (mod |n|), - * (2) sign*Y*a == A (mod |n|), - * - * and that either A or B is even in the next iteration. - */ + /*- + * We still have (1) and (2). + * Both A and B are odd. + * The following computations ensure that + * + * 0 <= B < |n|, + * 0 < A < |n|, + * (1) -sign*X*a == B (mod |n|), + * (2) sign*Y*a == A (mod |n|), + * + * and that either A or B is even in the next iteration. + */ if (BN_ucmp(B, A) >= 0) { /* -sign*(X + Y)*a == B - A (mod |n|) */ if (!BN_uadd(X, X, Y)) @@ -377,11 +377,11 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, while (!BN_is_zero(B)) { BIGNUM *tmp; - /*- - * 0 < B < A, - * (*) -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|) - */ + /*- + * 0 < B < A, + * (*) -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|) + */ /* (D, M) := (A/B, A%B) ... */ if (BN_num_bits(A) == BN_num_bits(B)) { @@ -428,12 +428,12 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, goto err; } - /*- - * Now - * A = D*B + M; - * thus we have - * (**) sign*Y*a == D*B + M (mod |n|). - */ + /*- + * Now + * A = D*B + M; + * thus we have + * (**) sign*Y*a == D*B + M (mod |n|). + */ tmp = A; /* keep the BIGNUM object, the value does not * matter */ @@ -443,25 +443,25 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, B = M; /* ... so we have 0 <= B < A again */ - /*- - * Since the former M is now B and the former B is now A, - * (**) translates into - * sign*Y*a == D*A + B (mod |n|), - * i.e. - * sign*Y*a - D*A == B (mod |n|). - * Similarly, (*) translates into - * -sign*X*a == A (mod |n|). - * - * Thus, - * sign*Y*a + D*sign*X*a == B (mod |n|), - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. - */ + /*- + * Since the former M is now B and the former B is now A, + * (**) translates into + * sign*Y*a == D*A + B (mod |n|), + * i.e. + * sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * -sign*X*a == A (mod |n|). + * + * Thus, + * sign*Y*a + D*sign*X*a == B (mod |n|), + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ /* * most of the time D is very small, so we can optimize tmp := @@ -498,13 +498,13 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, } } - /*- - * The while loop (Euclid's algorithm) ends when - * A == gcd(a,n); - * we have - * sign*Y*a == A (mod |n|), - * where Y is non-negative. - */ + /*- + * The while loop (Euclid's algorithm) ends when + * A == gcd(a,n); + * we have + * sign*Y*a == A (mod |n|), + * where Y is non-negative. + */ if (sign < 0) { if (!BN_sub(Y, n, Y)) @@ -588,22 +588,22 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, goto err; } sign = -1; - /*- - * From B = a mod |n|, A = |n| it follows that - * - * 0 <= B < A, - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - */ + /*- + * From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + */ while (!BN_is_zero(B)) { BIGNUM *tmp; - /*- - * 0 < B < A, - * (*) -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|) - */ + /*- + * 0 < B < A, + * (*) -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|) + */ /* * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, @@ -616,12 +616,12 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, if (!BN_div(D, M, pA, B, ctx)) goto err; - /*- - * Now - * A = D*B + M; - * thus we have - * (**) sign*Y*a == D*B + M (mod |n|). - */ + /*- + * Now + * A = D*B + M; + * thus we have + * (**) sign*Y*a == D*B + M (mod |n|). + */ tmp = A; /* keep the BIGNUM object, the value does not * matter */ @@ -631,25 +631,25 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, B = M; /* ... so we have 0 <= B < A again */ - /*- - * Since the former M is now B and the former B is now A, - * (**) translates into - * sign*Y*a == D*A + B (mod |n|), - * i.e. - * sign*Y*a - D*A == B (mod |n|). - * Similarly, (*) translates into - * -sign*X*a == A (mod |n|). - * - * Thus, - * sign*Y*a + D*sign*X*a == B (mod |n|), - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. - */ + /*- + * Since the former M is now B and the former B is now A, + * (**) translates into + * sign*Y*a == D*A + B (mod |n|), + * i.e. + * sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * -sign*X*a == A (mod |n|). + * + * Thus, + * sign*Y*a + D*sign*X*a == B (mod |n|), + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ if (!BN_mul(tmp, D, X, ctx)) goto err; @@ -663,13 +663,13 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, sign = -sign; } - /*- - * The while loop (Euclid's algorithm) ends when - * A == gcd(a,n); - * we have - * sign*Y*a == A (mod |n|), - * where Y is non-negative. - */ + /*- + * The while loop (Euclid's algorithm) ends when + * A == gcd(a,n); + * we have + * sign*Y*a == A (mod |n|), + * where Y is non-negative. + */ if (sign < 0) { if (!BN_sub(Y, n, Y)) diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c index 71808321d5..88d731ac75 100644 --- a/crypto/bn/bn_kron.c +++ b/crypto/bn/bn_kron.c @@ -66,13 +66,13 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) int ret = -2; /* avoid 'uninitialized' warning */ int err = 0; BIGNUM *A, *B, *tmp; - /*- - * In 'tab', only odd-indexed entries are relevant: - * For any odd BIGNUM n, - * tab[BN_lsw(n) & 7] - * is $(-1)^{(n^2-1)/8}$ (using TeX notation). - * Note that the sign of n does not matter. - */ + /*- + * In 'tab', only odd-indexed entries are relevant: + * For any odd BIGNUM n, + * tab[BN_lsw(n) & 7] + * is $(-1)^{(n^2-1)/8}$ (using TeX notation). + * Note that the sign of n does not matter. + */ static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 }; bn_check_top(a); diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 3b751d3edc..b174850b6b 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -527,11 +527,11 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); } - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign + * r[10] holds (a[0]*b[0]) + * r[32] holds (b[1]*b[1]) + */ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); @@ -542,12 +542,12 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); } - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - * c1 holds the carry bits - */ + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) + * r[10] holds (a[0]*b[0]) + * r[32] holds (b[1]*b[1]) + * c1 holds the carry bits + */ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); if (c1) { p = &(r[n + n2]); @@ -689,11 +689,11 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, } } - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign + * r[10] holds (a[0]*b[0]) + * r[32] holds (b[1]*b[1]) + */ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); @@ -704,12 +704,12 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); } - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - * c1 holds the carry bits - */ + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) + * r[10] holds (a[0]*b[0]) + * r[32] holds (b[1]*b[1]) + * c1 holds the carry bits + */ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); if (c1) { p = &(r[n + n2]); @@ -828,13 +828,13 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2])); } - /*- - * s0 == low(al*bl) - * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) - * We know s0 and s1 so the only unknown is high(al*bl) - * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) - * high(al*bl) == s1 - (r[0]+l[0]+t[0]) - */ + /*- + * s0 == low(al*bl) + * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) + * We know s0 and s1 so the only unknown is high(al*bl) + * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) + * high(al*bl) == s1 - (r[0]+l[0]+t[0]) + */ if (l != NULL) { lp = &(t[n2 + n]); c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n)); @@ -859,22 +859,22 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, lp[i] = ((~mp[i]) + 1) & BN_MASK2; } - /*- - * s[0] = low(al*bl) - * t[3] = high(al*bl) - * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign - * r[10] = (a[1]*b[1]) - */ - /*- - * R[10] = al*bl - * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0]) - * R[32] = ah*bh - */ - /*- - * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow) - * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow) - * R[3]=r[1]+(carry/borrow) - */ + /*- + * s[0] = low(al*bl) + * t[3] = high(al*bl) + * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign + * r[10] = (a[1]*b[1]) + */ + /*- + * R[10] = al*bl + * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0]) + * R[32] = ah*bh + */ + /*- + * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow) + * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow) + * R[3]=r[1]+(carry/borrow) + */ if (l != NULL) { lp = &(t[n2]); c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n)); diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 71a347e259..4dcaae32bf 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -106,12 +106,12 @@ char *BN_bn2dec(const BIGNUM *a) BIGNUM *t = NULL; BN_ULONG *bn_data = NULL, *lp; - /*- - * get an upper bound for the length of the decimal integer - * num <= (BN_num_bits(a) + 1) * log(2) - * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) - * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 - */ + /*- + * get an upper bound for the length of the decimal integer + * num <= (BN_num_bits(a) + 1) * log(2) + * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) + * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 + */ i = BN_num_bits(a) * 3; num = (i / 10 + i / 1000 + 1) + 1; bn_data = diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index 51daae4481..3ca69879ee 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -249,23 +249,23 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) bn_sqr_recursive(r, a, n, p); bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); - /*- - * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ + /*- + * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero + * r[10] holds (a[0]*b[0]) + * r[32] holds (b[1]*b[1]) + */ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); /* t[32] is negative */ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); - /*- - * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) - * r[10] holds (a[0]*a[0]) - * r[32] holds (a[1]*a[1]) - * c1 holds the carry bits - */ + /*- + * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) + * r[10] holds (a[0]*a[0]) + * r[32] holds (a[1]*a[1]) + * c1 holds the carry bits + */ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); if (c1) { p = &(r[n + n2]); diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 772c8080bb..232af99a21 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -132,14 +132,14 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* we'll set q later (if needed) */ if (e == 1) { - /*- - * The easy case: (|p|-1)/2 is odd, so 2 has an inverse - * modulo (|p|-1)/2, and square roots can be computed - * directly by modular exponentiation. - * We have - * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2), - * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1. - */ + /*- + * The easy case: (|p|-1)/2 is odd, so 2 has an inverse + * modulo (|p|-1)/2, and square roots can be computed + * directly by modular exponentiation. + * We have + * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2), + * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1. + */ if (!BN_rshift(q, p, 2)) goto end; q->neg = 0; @@ -152,32 +152,32 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } if (e == 2) { - /*- - * |p| == 5 (mod 8) - * - * In this case 2 is always a non-square since - * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. - * So if a really is a square, then 2*a is a non-square. - * Thus for - * b := (2*a)^((|p|-5)/8), - * i := (2*a)*b^2 - * we have - * i^2 = (2*a)^((1 + (|p|-5)/4)*2) - * = (2*a)^((p-1)/2) - * = -1; - * so if we set - * x := a*b*(i-1), - * then - * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) - * = a^2 * b^2 * (-2*i) - * = a*(-i)*(2*a*b^2) - * = a*(-i)*i - * = a. - * - * (This is due to A.O.L. Atkin, - * , - * November 1992.) - */ + /*- + * |p| == 5 (mod 8) + * + * In this case 2 is always a non-square since + * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. + * So if a really is a square, then 2*a is a non-square. + * Thus for + * b := (2*a)^((|p|-5)/8), + * i := (2*a)*b^2 + * we have + * i^2 = (2*a)^((1 + (|p|-5)/4)*2) + * = (2*a)^((p-1)/2) + * = -1; + * so if we set + * x := a*b*(i-1), + * then + * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) + * = a^2 * b^2 * (-2*i) + * = a*(-i)*(2*a*b^2) + * = a*(-i)*i + * = a. + * + * (This is due to A.O.L. Atkin, + * , + * November 1992.) + */ /* t := 2*a */ if (!BN_mod_lshift1_quick(t, A, p)) @@ -277,24 +277,24 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto end; } - /*- - * Now we know that (if p is indeed prime) there is an integer - * k, 0 <= k < 2^e, such that - * - * a^q * y^k == 1 (mod p). - * - * As a^q is a square and y is not, k must be even. - * q+1 is even, too, so there is an element - * - * X := a^((q+1)/2) * y^(k/2), - * - * and it satisfies - * - * X^2 = a^q * a * y^k - * = a, - * - * so it is the square root that we are looking for. - */ + /*- + * Now we know that (if p is indeed prime) there is an integer + * k, 0 <= k < 2^e, such that + * + * a^q * y^k == 1 (mod p). + * + * As a^q is a square and y is not, k must be even. + * q+1 is even, too, so there is an element + * + * X := a^((q+1)/2) * y^(k/2), + * + * and it satisfies + * + * X^2 = a^q * a * y^k + * = a, + * + * so it is the square root that we are looking for. + */ /* t := (q-1)/2 (note that q is odd) */ if (!BN_rshift1(t, q)) @@ -333,15 +333,15 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto end; while (1) { - /*- - * Now b is a^q * y^k for some even k (0 <= k < 2^E - * where E refers to the original value of e, which we - * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). - * - * We have a*b = x^2, - * y^2^(e-1) = -1, - * b^2^(e-1) = 1. - */ + /*- + * Now b is a^q * y^k for some even k (0 <= k < 2^E + * where E refers to the original value of e, which we + * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). + * + * We have a*b = x^2, + * y^2^(e-1) = -1, + * b^2^(e-1) = 1. + */ if (BN_is_one(b)) { if (!BN_copy(ret, x)) diff --git a/crypto/cast/casttest.c b/crypto/cast/casttest.c index b3bd85c520..dc31bc6604 100644 --- a/crypto/cast/casttest.c +++ b/crypto/cast/casttest.c @@ -134,9 +134,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ }; # endif diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 30a1992150..e3ffeb21ef 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -567,16 +567,16 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) } e++; } - /*- - * So at this point we have - * np which is the start of the name string which is - * '\0' terminated. - * cp which is the start of the section string which is - * '\0' terminated. - * e is the 'next point after'. - * r and rr are the chars replaced by the '\0' - * rp and rrp is where 'r' and 'rr' came from. - */ + /*- + * So at this point we have + * np which is the start of the name string which is + * '\0' terminated. + * cp which is the start of the section string which is + * '\0' terminated. + * e is the 'next point after'. + * r and rr are the chars replaced by the '\0' + * rp and rrp is where 'r' and 'rr' came from. + */ p = _CONF_get_string(conf, cp, np); if (rrp != NULL) *rrp = rr; diff --git a/crypto/des/des.c b/crypto/des/des.c index 402695160d..2bff281258 100644 --- a/crypto/des/des.c +++ b/crypto/des/des.c @@ -228,14 +228,14 @@ int main(int argc, char **argv) } if (error) usage(); - /*- - * We either - * do checksum or - * do encrypt or - * do decrypt or - * do decrypt then ckecksum or - * do checksum then encrypt - */ + /*- + * We either + * do checksum or + * do encrypt or + * do decrypt or + * do decrypt then ckecksum or + * do checksum then encrypt + */ if (((eflag + dflag) == 1) || cflag) { if (eflag) do_encrypt = DES_ENCRYPT; diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 994eeefd53..c6be342038 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -404,13 +404,13 @@ int main(int argc, char *argv[]) DES_ENCRYPT); DES_ede3_cbcm_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2, &ks3, &iv3, &iv2, DES_ENCRYPT); - /*- if (memcmp(cbc_out,cbc3_ok, - (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) - { - printf("des_ede3_cbc_encrypt encrypt error\n"); - err=1; - } - */ +/*- if (memcmp(cbc_out,cbc3_ok, + (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) + { + printf("des_ede3_cbc_encrypt encrypt error\n"); + err=1; + } +*/ memcpy(iv3, cbc_iv, sizeof(cbc_iv)); memset(iv2, '\0', sizeof iv2); DES_ede3_cbcm_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, &iv2, diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c index ed44abcaea..fcb66541bd 100644 --- a/crypto/des/enc_read.c +++ b/crypto/des/enc_read.c @@ -205,12 +205,12 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, */ num = len; } else { - /*- - * >output is a multiple of 8 byes, if len < rnum - * >we must be careful. The user must be aware that this - * >routine will write more bytes than he asked for. - * >The length of the buffer must be correct. - * FIXED - Should be ok now 18-9-90 - eay */ + /*- + * >output is a multiple of 8 byes, if len < rnum + * >we must be careful. The user must be aware that this + * >routine will write more bytes than he asked for. + * >The length of the buffer must be correct. + * FIXED - Should be ok now 18-9-90 - eay */ if (len < rnum) { if (DES_rw_mode & DES_PCBC_MODE) diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c index 03399bc297..45c67505a6 100644 --- a/crypto/des/ofb64ede.c +++ b/crypto/des/ofb64ede.c @@ -102,8 +102,8 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in, n = (n + 1) & 0x07; } if (save) { -/*- v0=ti[0]; - v1=ti[1];*/ +/*- v0=ti[0]; + v1=ti[1];*/ iv = &(*ivec)[0]; l2c(v0, iv); l2c(v1, iv); diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 3fa64328f6..61a73b34c6 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -200,11 +200,11 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto decerr; if (sk_ASN1_TYPE_num(ndsa) != 2) goto decerr; - /*- - * Handle Two broken types: - * SEQUENCE {parameters, priv_key} - * SEQUENCE {pub_key, priv_key} - */ + /*- + * Handle Two broken types: + * SEQUENCE {parameters, priv_key} + * SEQUENCE {pub_key, priv_key} + */ t1 = sk_ASN1_TYPE_value(ndsa, 0); t2 = sk_ASN1_TYPE_value(ndsa, 1); diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 511858a681..14d885df15 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -178,23 +178,23 @@ static int vms_load(DSO *dso) goto err; } - /*- - * A file specification may look like this: - * - * node::dev:[dir-spec]name.type;ver - * - * or (for compatibility with TOPS-20): - * - * node::dev:name.type;ver - * - * and the dir-spec uses '.' as separator. Also, a dir-spec - * may consist of several parts, with mixed use of [] and <>: - * - * [dir1.] - * - * We need to split the file specification into the name and - * the rest (both before and after the name itself). - */ + /*- + * A file specification may look like this: + * + * node::dev:[dir-spec]name.type;ver + * + * or (for compatibility with TOPS-20): + * + * node::dev:name.type;ver + * + * and the dir-spec uses '.' as separator. Also, a dir-spec + * may consist of several parts, with mixed use of [] and <>: + * + * [dir1.] + * + * We need to split the file specification into the name and + * the rest (both before and after the name itself). + */ /* * Start with trying to find the end of a dir-spec, and save the position * of the byte after in sp1 diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 390d973850..c4e7aea938 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -116,14 +116,14 @@ typedef enum { typedef struct ec_method_st EC_METHOD; typedef struct ec_group_st - /*- - EC_METHOD *meth; - -- field definition - -- curve coefficients - -- optional generator with associated information (order, cofactor) - -- optional extra data (precomputed table for fast computation of multiples of generator) - -- ASN1 stuff - */ + /*- + EC_METHOD *meth; + -- field definition + -- curve coefficients + -- optional generator with associated information (order, cofactor) + -- optional extra data (precomputed table for fast computation of multiples of generator) + -- ASN1 stuff + */ EC_GROUP; typedef struct ec_point_st EC_POINT; diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 9a39477f30..077c7fc8dd 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -632,12 +632,12 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, if (lh == NULL) goto err; - /*- - * We have a curve defined by a Weierstrass equation - * y^2 + x*y = x^3 + a*x^2 + b. - * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 - * <=> ((x + a) * x + y ) * x + b + y^2 = 0 - */ + /*- + * We have a curve defined by a Weierstrass equation + * y^2 + x*y = x^3 + a*x^2 + b. + * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 + * <=> ((x + a) * x + y ) * x + b + y^2 = 0 + */ if (!BN_GF2m_add(lh, &point->X, &group->a)) goto err; if (!field_mul(group, lh, lh, &point->X, ctx)) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index fb6a43e6ad..319e651f67 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -120,14 +120,14 @@ struct ec_method_st { void (*point_finish) (EC_POINT *); void (*point_clear_finish) (EC_POINT *); int (*point_copy) (EC_POINT *, const EC_POINT *); - /*- - * used by EC_POINT_set_to_infinity, - * EC_POINT_set_Jprojective_coordinates_GFp, - * EC_POINT_get_Jprojective_coordinates_GFp, - * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, - * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, - * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: - */ + /*- + * used by EC_POINT_set_to_infinity, + * EC_POINT_set_Jprojective_coordinates_GFp, + * EC_POINT_get_Jprojective_coordinates_GFp, + * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, + * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, + * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: + */ int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *); int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *, EC_POINT *, const BIGNUM *x, diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 807641a0f4..23b8c3089b 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -602,13 +602,13 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (!(tmp = EC_POINT_new(group))) goto err; - /*- - * prepare precomputed values: - * val_sub[i][0] := points[i] - * val_sub[i][1] := 3 * points[i] - * val_sub[i][2] := 5 * points[i] - * ... - */ + /*- + * prepare precomputed values: + * val_sub[i][0] := points[i] + * val_sub[i][1] := 3 * points[i] + * val_sub[i][2] := 5 * points[i] + * ... + */ for (i = 0; i < num + num_scalar; i++) { if (i < num) { if (!EC_POINT_copy(val_sub[i][0], points[i])) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index ece7b75400..9a59ef0c19 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -618,11 +618,11 @@ static void felem_reduce(felem out, const widefelem in) /* output[3] <= 2^56 + 2^16 */ out[2] = output[2] & 0x00ffffffffffffff; - /*- - * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, - * out[3] <= 2^56 + 2^16 (due to final carry), - * so out < 2*p - */ + /*- + * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, + * out[3] <= 2^56 + 2^16 (due to final carry), + * so out < 2*p + */ out[3] = output[3]; } @@ -1048,10 +1048,10 @@ static void point_add(felem x3, felem y3, felem z3, felem_scalar(ftmp5, 2); /* ftmp5[i] < 2 * 2^57 = 2^58 */ - /*- - * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 - - * 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - */ + /*- + * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 - + * 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 + */ felem_diff_128_64(tmp2, ftmp5); /* tmp2[i] < 2^117 + 2^64 + 8 < 2^118 */ felem_reduce(x_out, tmp2); @@ -1066,10 +1066,10 @@ static void point_add(felem x3, felem y3, felem z3, felem_mul(tmp2, ftmp3, ftmp2); /* tmp2[i] < 4 * 2^57 * 2^59 = 2^118 */ - /*- - * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) - - * z2^3*y1*(z1^2*x2 - z2^2*x1)^3 - */ + /*- + * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) - + * z2^3*y1*(z1^2*x2 - z2^2*x1)^3 + */ widefelem_diff(tmp2, tmp); /* tmp2[i] < 2^118 + 2^120 < 2^121 */ felem_reduce(y_out, tmp2); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index ea63c10f49..a5887086c6 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -437,25 +437,25 @@ static void felem_shrink(smallfelem out, const felem in) /* As tmp[3] < 2^65, high is either 1 or 0 */ high <<= 63; high >>= 63; - /*- - * high is: - * all ones if the high word of tmp[3] is 1 - * all zeros if the high word of tmp[3] if 0 */ + /*- + * high is: + * all ones if the high word of tmp[3] is 1 + * all zeros if the high word of tmp[3] if 0 */ low = tmp[3]; mask = low >> 63; - /*- - * mask is: - * all ones if the MSB of low is 1 - * all zeros if the MSB of low if 0 */ + /*- + * mask is: + * all ones if the MSB of low is 1 + * all zeros if the MSB of low if 0 */ low &= bottom63bits; low -= kPrime3Test; /* if low was greater than kPrime3Test then the MSB is zero */ low = ~low; low >>= 63; - /*- - * low is: - * all ones if low was > kPrime3Test - * all zeros if low was <= kPrime3Test */ + /*- + * low is: + * all ones if low was > kPrime3Test + * all zeros if low was <= kPrime3Test */ mask = (mask & low) | high; tmp[0] -= mask & kPrime[0]; tmp[1] -= mask & kPrime[1]; @@ -795,17 +795,17 @@ static void felem_reduce(felem out, const longfelem in) felem_reduce_(out, in); - /*- - * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 - * out[1] > 2^100 - 2^64 - 7*2^96 > 0 - * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0 - * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0 - * - * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 - * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101 - * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101 - * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101 - */ + /*- + * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 + * out[1] > 2^100 - 2^64 - 7*2^96 > 0 + * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0 + * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0 + * + * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 + * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101 + * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101 + * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101 + */ } /*- @@ -824,17 +824,17 @@ static void felem_reduce_zero105(felem out, const longfelem in) felem_reduce_(out, in); - /*- - * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 - * out[1] > 2^105 - 2^71 - 2^103 > 0 - * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0 - * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0 - * - * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 - * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 - * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106 - * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 - */ + /*- + * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 + * out[1] > 2^105 - 2^71 - 2^103 > 0 + * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0 + * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0 + * + * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 + * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 + * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106 + * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 + */ } /* @@ -1099,7 +1099,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in) * * Building on top of the field operations we have the operations on the * elliptic curve group itself. Points on the curve are represented in Jacobian - * coordinates */ + * coordinates + */ /*- * point_double calculates 2*(x_in, y_in, z_in) @@ -1108,7 +1109,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in) * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b * * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed. - * while x_out == y_in is not (maybe this works, but it's not tested). */ + * while x_out == y_in is not (maybe this works, but it's not tested). + */ static void point_double(felem x_out, felem y_out, felem z_out, const felem x_in, const felem y_in, const felem z_in) @@ -1239,7 +1241,8 @@ static void copy_small_conditional(felem out, const smallfelem in, limb mask) * This function includes a branch for checking whether the two input points * are equal, (while not equal to the point at infinity). This case never * happens during single point multiplication, so there is no timing leak for - * ECDH or ECDSA signing. */ + * ECDH or ECDSA signing. + */ static void point_add(felem x3, felem y3, felem z3, const felem x1, const felem y1, const felem z1, const int mixed, const smallfelem x2, diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index c1ef3fedac..cc7634512d 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -414,15 +414,16 @@ static void felem_square(largefelem out, const felem in) felem_scalar(inx2, in, 2); felem_scalar(inx4, in, 4); - /*- - * We have many cases were we want to do - * in[x] * in[y] + - * in[y] * in[x] - * This is obviously just - * 2 * in[x] * in[y] - * However, rather than do the doubling on the 128 bit result, we - * double one of the inputs to the multiplication by reading from - * |inx2| */ + /*- + * We have many cases were we want to do + * in[x] * in[y] + + * in[y] * in[x] + * This is obviously just + * 2 * in[x] * in[y] + * However, rather than do the doubling on the 128 bit result, we + * double one of the inputs to the multiplication by reading from + * |inx2| + */ out[0] = ((uint128_t) in[0]) * in[0]; out[1] = ((uint128_t) in[0]) * inx2[1]; @@ -610,10 +611,10 @@ static void felem_reduce(felem out, const largefelem in) out[1] += ((limb) in[0]) >> 58; out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6; - /*- - * out[1] < 2^58 + 2^6 + 2^58 - * = 2^59 + 2^6 - */ + /*- + * out[1] < 2^58 + 2^6 + 2^58 + * = 2^59 + 2^6 + */ out[2] += ((limb) (in[0] >> 64)) >> 52; out[2] += ((limb) in[1]) >> 58; @@ -642,10 +643,10 @@ static void felem_reduce(felem out, const largefelem in) out[8] += ((limb) in[7]) >> 58; out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6; - /*- - * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 - * < 2^59 + 2^13 - */ + /*- + * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 + * < 2^59 + 2^13 + */ overflow1 = ((limb) (in[7] >> 64)) >> 52; overflow1 += ((limb) in[8]) >> 58; @@ -660,11 +661,11 @@ static void felem_reduce(felem out, const largefelem in) out[1] += out[0] >> 58; out[0] &= bottom58bits; - /*- - * out[0] < 2^58 - * out[1] < 2^59 + 2^6 + 2^13 + 2^2 - * < 2^59 + 2^14 - */ + /*- + * out[0] < 2^58 + * out[1] < 2^59 + 2^6 + 2^13 + 2^2 + * < 2^59 + 2^14 + */ } static void felem_square_reduce(felem out, const felem in) @@ -1055,13 +1056,13 @@ point_double(felem x_out, felem y_out, felem z_out, felem_scalar64(ftmp2, 3); /* ftmp2[i] < 3*2^60 + 3*2^15 */ felem_mul(tmp, ftmp, ftmp2); - /*- - * tmp[i] < 17(3*2^121 + 3*2^76) - * = 61*2^121 + 61*2^76 - * < 64*2^121 + 64*2^76 - * = 2^127 + 2^82 - * < 2^128 - */ + /*- + * tmp[i] < 17(3*2^121 + 3*2^76) + * = 61*2^121 + 61*2^76 + * < 64*2^121 + 64*2^76 + * = 2^127 + 2^82 + * < 2^128 + */ felem_reduce(alpha, tmp); /* x' = alpha^2 - 8*beta */ @@ -1096,30 +1097,30 @@ point_double(felem x_out, felem y_out, felem z_out, felem_diff64(beta, x_out); /* beta[i] < 2^61 + 2^60 + 2^16 */ felem_mul(tmp, alpha, beta); - /*- - * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16)) - * = 17*(2^120 + 2^75 + 2^119 + 2^74 + 2^75 + 2^30) - * = 17*(2^120 + 2^119 + 2^76 + 2^74 + 2^30) - * < 2^128 - */ + /*- + * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16)) + * = 17*(2^120 + 2^75 + 2^119 + 2^74 + 2^75 + 2^30) + * = 17*(2^120 + 2^119 + 2^76 + 2^74 + 2^30) + * < 2^128 + */ felem_square(tmp2, gamma); - /*- - * tmp2[i] < 17*(2^59 + 2^14)^2 - * = 17*(2^118 + 2^74 + 2^28) - */ + /*- + * tmp2[i] < 17*(2^59 + 2^14)^2 + * = 17*(2^118 + 2^74 + 2^28) + */ felem_scalar128(tmp2, 8); - /*- - * tmp2[i] < 8*17*(2^118 + 2^74 + 2^28) - * = 2^125 + 2^121 + 2^81 + 2^77 + 2^35 + 2^31 - * < 2^126 - */ + /*- + * tmp2[i] < 8*17*(2^118 + 2^74 + 2^28) + * = 2^125 + 2^121 + 2^81 + 2^77 + 2^35 + 2^31 + * < 2^126 + */ felem_diff128(tmp, tmp2); - /*- - * tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30) - * = 2^127 + 2^124 + 2^122 + 2^120 + 2^118 + 2^80 + 2^78 + 2^76 + - * 2^74 + 2^69 + 2^34 + 2^30 - * < 2^128 - */ + /*- + * tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30) + * = 2^127 + 2^124 + 2^122 + 2^120 + 2^118 + 2^80 + 2^78 + 2^76 + + * 2^74 + 2^69 + 2^34 + 2^30 + * < 2^128 + */ felem_reduce(y_out, tmp); } @@ -1281,11 +1282,11 @@ static void point_add(felem x3, felem y3, felem z3, felem_scalar128(tmp2, 2); /* tmp2[i] < 17*2^121 */ felem_diff128(tmp, tmp2); - /*- - * tmp[i] < 2^127 - 2^69 + 17*2^122 - * = 2^126 - 2^122 - 2^6 - 2^2 - 1 - * < 2^127 - */ + /*- + * tmp[i] < 2^127 - 2^69 + 17*2^122 + * = 2^126 - 2^122 - 2^6 - 2^2 - 1 + * < 2^127 + */ felem_reduce(y_out, tmp); copy_conditional(x_out, x2, z1_is_zero); diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index 77627bb5c4..e5cec8be82 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -96,11 +96,11 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, if (y == NULL) goto err; - /*- - * Recover y. We have a Weierstrass equation - * y^2 = x^3 + a*x + b, - * so y is one of the square roots of x^3 + a*x + b. - */ + /*- + * Recover y. We have a Weierstrass equation + * y^2 = x^3 + a*x + b, + * so y is one of the square roots of x^3 + a*x + b. + */ /* tmp1 := x^3 */ if (!BN_nnmod(x, x_, &group->field, ctx)) diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index d196dedfb3..2b848216d7 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -320,11 +320,11 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) goto err; } - /*- - * check the discriminant: - * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) - * 0 =< a, b < p - */ + /*- + * check the discriminant: + * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) + * 0 =< a, b < p + */ if (BN_is_zero(a)) { if (BN_is_zero(b)) goto err; @@ -900,10 +900,10 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, goto err; if (!BN_mod_add_quick(n1, n0, n1, p)) goto err; - /*- - * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) - * = 3 * X_a^2 - 3 * Z_a^4 - */ + /*- + * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) + * = 3 * X_a^2 - 3 * Z_a^4 + */ } else { if (!field_sqr(group, n0, &a->X, ctx)) goto err; @@ -1024,15 +1024,15 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, if (Z6 == NULL) goto err; - /*- - * We have a curve defined by a Weierstrass equation - * y^2 = x^3 + a*x + b. - * The point to consider is given in Jacobian projective coordinates - * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). - * Substituting this and multiplying by Z^6 transforms the above equation into - * Y^2 = X^3 + a*X*Z^4 + b*Z^6. - * To test this, we add up the right-hand side in 'rh'. - */ + /*- + * We have a curve defined by a Weierstrass equation + * y^2 = x^3 + a*x + b. + * The point to consider is given in Jacobian projective coordinates + * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). + * Substituting this and multiplying by Z^6 transforms the above equation into + * Y^2 = X^3 + a*X*Z^4 + b*Z^6. + * To test this, we add up the right-hand side in 'rh'. + */ /* rh := X^2 */ if (!field_sqr(group, rh, &point->X, ctx)) @@ -1099,12 +1099,12 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { - /*- - * return values: - * -1 error - * 0 equal (in affine coordinates) - * 1 not equal - */ + /*- + * return values: + * -1 error + * 0 equal (in affine coordinates) + * 1 not equal + */ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); @@ -1143,12 +1143,12 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, if (Zb23 == NULL) goto end; - /*- - * We have to decide whether - * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), - * or equivalently, whether - * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). - */ + /*- + * We have to decide whether + * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), + * or equivalently, whether + * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). + */ if (!b->Z_is_one) { if (!field_sqr(group, Zb23, &b->Z, ctx)) diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c index d137a8f03a..a967dd58a7 100644 --- a/crypto/idea/ideatest.c +++ b/crypto/idea/ideatest.c @@ -102,9 +102,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ }; static int cfb64_test(unsigned char *cfb_cipher); diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index e33b6fba48..53c5c138bb 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -434,9 +434,9 @@ unsigned long lh_strhash(const char *c) if ((c == NULL) || (*c == '\0')) return (ret); /*- - unsigned char b[16]; - MD5(c,strlen(c),b); - return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); + unsigned char b[16]; + MD5(c,strlen(c),b); + return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); */ n = 0x100; diff --git a/crypto/o_time.c b/crypto/o_time.c index 292bf07ee1..e18b71d484 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -159,30 +159,30 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) * do it the hard way. */ { - /*- - * The VMS epoch is the astronomical Smithsonian date, - if I remember correctly, which is November 17, 1858. - Furthermore, time is measure in thenths of microseconds - and stored in quadwords (64 bit integers). unix_epoch - below is January 1st 1970 expressed as a VMS time. The - following code was used to get this number: - - #include - #include - #include - #include - - main() - { - unsigned long systime[2]; - unsigned short epoch_values[7] = - { 1970, 1, 1, 0, 0, 0, 0 }; - - lib$cvt_vectim(epoch_values, systime); - - printf("%u %u", systime[0], systime[1]); - } - */ + /*- + * The VMS epoch is the astronomical Smithsonian date, + if I remember correctly, which is November 17, 1858. + Furthermore, time is measure in thenths of microseconds + and stored in quadwords (64 bit integers). unix_epoch + below is January 1st 1970 expressed as a VMS time. The + following code was used to get this number: + + #include + #include + #include + #include + + main() + { + unsigned long systime[2]; + unsigned short epoch_values[7] = + { 1970, 1, 1, 0, 0, 0, 0 }; + + lib$cvt_vectim(epoch_values, systime); + + printf("%u %u", systime[0], systime[1]); + } + */ unsigned long unix_epoch[2] = { 1273708544, 8164711 }; unsigned long deltatime[2]; unsigned long systime[2]; diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 000a6ca72c..a33025809e 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -173,8 +173,8 @@ typedef struct pem_ctx_st { struct { int cipher; /*- - unused, and wrong size - unsigned char iv[8]; */ + unused, and wrong size + unsigned char iv[8]; */ } DEK_info; PEM_USER *originator; @@ -182,9 +182,9 @@ typedef struct pem_ctx_st { int num_recipient; PEM_USER **recipient; - /*- - XXX(ben): don#t think this is used! - STACK *x509_chain; / * certificate chain */ +/*- + XXX(ben): don#t think this is used! + STACK *x509_chain; / * certificate chain */ EVP_MD *md; /* signature type */ int md_enc; /* is the md encrypted or not? */ @@ -194,9 +194,9 @@ typedef struct pem_ctx_st { EVP_CIPHER *dec; /* date encryption cipher */ int key_len; /* key length */ unsigned char *key; /* key */ - /*- - unused, and wrong size - unsigned char iv[8]; */ + /*- + unused, and wrong size + unsigned char iv[8]; */ int data_enc; /* is the data encrypted */ int data_len; diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 8abb536d20..9537c56a78 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -112,10 +112,10 @@ static FILE *(*const vms_fopen)(const char *, const char *, ...) = int RAND_load_file(const char *file, long bytes) { - /*- - * If bytes >= 0, read up to 'bytes' bytes. - * if bytes == -1, read complete file. - */ + /*- + * If bytes >= 0, read up to 'bytes' bytes. + * if bytes == -1, read complete file. + */ MS_STATIC unsigned char buf[BUFSIZE]; #ifndef OPENSSL_NO_POSIX_IO diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c index 8347356312..e61df342ea 100644 --- a/crypto/rc2/rc2test.c +++ b/crypto/rc2/rc2test.c @@ -134,9 +134,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ }; /* diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c index 583e8e5de6..6ebd54d46c 100644 --- a/crypto/rc4/rc4_enc.c +++ b/crypto/rc4/rc4_enc.c @@ -80,36 +80,36 @@ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, d = key->data; #if defined(RC4_CHUNK) - /*- - * The original reason for implementing this(*) was the fact that - * pre-21164a Alpha CPUs don't have byte load/store instructions - * and e.g. a byte store has to be done with 64-bit load, shift, - * and, or and finally 64-bit store. Peaking data and operating - * at natural word size made it possible to reduce amount of - * instructions as well as to perform early read-ahead without - * suffering from RAW (read-after-write) hazard. This resulted - * in ~40%(**) performance improvement on 21064 box with gcc. - * But it's not only Alpha users who win here:-) Thanks to the - * early-n-wide read-ahead this implementation also exhibits - * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending - * on sizeof(RC4_INT)). - * - * (*) "this" means code which recognizes the case when input - * and output pointers appear to be aligned at natural CPU - * word boundary - * (**) i.e. according to 'apps/openssl speed rc4' benchmark, - * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... - * - * Cavets. - * - * - RC4_CHUNK="unsigned long long" should be a #1 choice for - * UltraSPARC. Unfortunately gcc generates very slow code - * (2.5-3 times slower than one generated by Sun's WorkShop - * C) and therefore gcc (at least 2.95 and earlier) should - * always be told that RC4_CHUNK="unsigned long". - * - * - */ + /*- + * The original reason for implementing this(*) was the fact that + * pre-21164a Alpha CPUs don't have byte load/store instructions + * and e.g. a byte store has to be done with 64-bit load, shift, + * and, or and finally 64-bit store. Peaking data and operating + * at natural word size made it possible to reduce amount of + * instructions as well as to perform early read-ahead without + * suffering from RAW (read-after-write) hazard. This resulted + * in ~40%(**) performance improvement on 21064 box with gcc. + * But it's not only Alpha users who win here:-) Thanks to the + * early-n-wide read-ahead this implementation also exhibits + * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending + * on sizeof(RC4_INT)). + * + * (*) "this" means code which recognizes the case when input + * and output pointers appear to be aligned at natural CPU + * word boundary + * (**) i.e. according to 'apps/openssl speed rc4' benchmark, + * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... + * + * Cavets. + * + * - RC4_CHUNK="unsigned long long" should be a #1 choice for + * UltraSPARC. Unfortunately gcc generates very slow code + * (2.5-3 times slower than one generated by Sun's WorkShop + * C) and therefore gcc (at least 2.95 and earlier) should + * always be told that RC4_CHUNK="unsigned long". + * + * + */ # define RC4_STEP ( \ x=(x+1) &0xff, \ @@ -131,34 +131,34 @@ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, 1 }; - /*- - * I reckon we can afford to implement both endian - * cases and to decide which way to take at run-time - * because the machine code appears to be very compact - * and redundant 1-2KB is perfectly tolerable (i.e. - * in case the compiler fails to eliminate it:-). By - * suggestion from Terrel Larson - * who also stands for the is_endian union:-) - * - * Special notes. - * - * - is_endian is declared automatic as doing otherwise - * (declaring static) prevents gcc from eliminating - * the redundant code; - * - compilers (those I've tried) don't seem to have - * problems eliminating either the operators guarded - * by "if (sizeof(RC4_CHUNK)==8)" or the condition - * expressions themselves so I've got 'em to replace - * corresponding #ifdefs from the previous version; - * - I chose to let the redundant switch cases when - * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed - * before); - * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in - * [LB]ESHFT guards against "shift is out of range" - * warnings when sizeof(RC4_CHUNK)!=8 - * - * - */ + /*- + * I reckon we can afford to implement both endian + * cases and to decide which way to take at run-time + * because the machine code appears to be very compact + * and redundant 1-2KB is perfectly tolerable (i.e. + * in case the compiler fails to eliminate it:-). By + * suggestion from Terrel Larson + * who also stands for the is_endian union:-) + * + * Special notes. + * + * - is_endian is declared automatic as doing otherwise + * (declaring static) prevents gcc from eliminating + * the redundant code; + * - compilers (those I've tried) don't seem to have + * problems eliminating either the operators guarded + * by "if (sizeof(RC4_CHUNK)==8)" or the condition + * expressions themselves so I've got 'em to replace + * corresponding #ifdefs from the previous version; + * - I chose to let the redundant switch cases when + * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed + * before); + * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in + * [LB]ESHFT guards against "shift is out of range" + * warnings when sizeof(RC4_CHUNK)!=8 + * + * + */ if (!is_endian.little) { /* BIG-ENDIAN CASE */ # define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) { diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index b6a28cc3ff..41bc0844e4 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -97,12 +97,12 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, hLen = EVP_MD_size(Hash); if (hLen < 0) goto err; - /*- - * Negative sLen has special meanings: - * -1 sLen == hLen - * -2 salt length is autorecovered from signature - * -N reserved - */ + /*- + * Negative sLen has special meanings: + * -1 sLen == hLen + * -2 salt length is autorecovered from signature + * -N reserved + */ if (sLen == -1) sLen = hLen; else if (sLen == -2) @@ -201,12 +201,12 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, hLen = EVP_MD_size(Hash); if (hLen < 0) goto err; - /*- - * Negative sLen has special meanings: - * -1 sLen == hLen - * -2 salt length is maximized - * -N reserved - */ + /*- + * Negative sLen has special meanings: + * -1 sLen == hLen + * -2 salt length is maximized + * -N reserved + */ if (sLen == -1) sLen = hLen; else if (sLen == -2) diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index 34664f0fc8..8f67db6ee3 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -333,8 +333,8 @@ int main(int argc, char *argv[]) fprintf(stderr, "-----\n"); lh_stats(SSL_CTX_sessions(s_ctx), stderr); fprintf(stderr, "-----\n"); - /*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr); - fprintf(stderr,"-----\n"); */ + /*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr); + fprintf(stderr,"-----\n"); */ lh_node_usage_stats(SSL_CTX_sessions(s_ctx), stderr); fprintf(stderr, "-----\n"); } @@ -369,11 +369,11 @@ int ndoit(SSL_CTX *ssl_ctx[2]) fprintf(stdout, "started thread %lu\n", CRYPTO_thread_id()); for (i = 0; i < number_of_loops; i++) { -/*- fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n", - CRYPTO_thread_id(),i, - ssl_ctx[0]->references, - ssl_ctx[1]->references); */ - /* pthread_delay_np(&tm); */ +/*- fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n", + CRYPTO_thread_id(),i, + ssl_ctx[0]->references, + ssl_ctx[1]->references); */ +/* pthread_delay_np(&tm); */ ret = doit(ctx); if (ret != 0) { @@ -801,23 +801,23 @@ void solaris_locking_callback(int mode, int type, char *file, int line) (type & CRYPTO_READ) ? "r" : "w", file, line); # endif - /*- - if (CRYPTO_LOCK_SSL_CERT == type) - fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", - CRYPTO_thread_id(), - mode,file,line); - */ + /*- + if (CRYPTO_LOCK_SSL_CERT == type) + fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", + CRYPTO_thread_id(), + mode,file,line); + */ if (mode & CRYPTO_LOCK) { /*- - if (mode & CRYPTO_READ) - rw_rdlock(&(lock_cs[type])); - else - rw_wrlock(&(lock_cs[type])); */ + if (mode & CRYPTO_READ) + rw_rdlock(&(lock_cs[type])); + else + rw_wrlock(&(lock_cs[type])); */ mutex_lock(&(lock_cs[type])); lock_count[type]++; } else { -/* rw_unlock(&(lock_cs[type])); */ +/* rw_unlock(&(lock_cs[type])); */ mutex_unlock(&(lock_cs[type])); } } @@ -987,10 +987,10 @@ void pthreads_locking_callback(int mode, int type, char *file, int line) (type & CRYPTO_READ) ? "r" : "w", file, line); # endif /*- - if (CRYPTO_LOCK_SSL_CERT == type) - fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", - CRYPTO_thread_id(), - mode,file,line); + if (CRYPTO_LOCK_SSL_CERT == type) + fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", + CRYPTO_thread_id(), + mode,file,line); */ if (mode & CRYPTO_LOCK) { pthread_mutex_lock(&(lock_cs[type])); diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c index 24f7bb9d38..e33bb4f833 100644 --- a/crypto/whrlpool/wp_dgst.c +++ b/crypto/whrlpool/wp_dgst.c @@ -132,18 +132,18 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits) } else /* bit-oriented loop */ #endif { - /*- - inp - | - +-------+-------+------- - ||||||||||||||||||||| - +-------+-------+------- - +-------+-------+-------+-------+------- - |||||||||||||| c->data - +-------+-------+-------+-------+------- - | - c->bitoff/8 - */ + /*- + inp + | + +-------+-------+------- + ||||||||||||||||||||| + +-------+-------+------- + +-------+-------+-------+-------+------- + |||||||||||||| c->data + +-------+-------+-------+-------+------- + | + c->bitoff/8 + */ while (bits) { unsigned int byteoff = bitoff / 8; unsigned char b; diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 90a3784858..9ee8f8d859 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -424,8 +424,8 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, * If we were going to up the reference count, we would need to * do it on a perl 'type' basis */ - /*- CRYPTO_add(&tmp->data.x509->references,1, - CRYPTO_LOCK_X509);*/ + /*- CRYPTO_add(&tmp->data.x509->references,1, + CRYPTO_LOCK_X509);*/ goto finish; } } diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index b42409fc76..a910636f82 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -309,8 +309,8 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, return 0; } -/*- if (ret->data.ptr != NULL) - X509_OBJECT_free_contents(ret); */ +/*- if (ret->data.ptr != NULL) + X509_OBJECT_free_contents(ret); */ ret->type = tmp->type; ret->data.ptr = tmp->data.ptr; diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index 40b23e512a..0ff439c99f 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -84,8 +84,8 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) goto err; if (!ASN1_INTEGER_set(xi->version, 2)) goto err; -/*- xi->extensions=ri->attributes; <- bad, should not ever be done - ri->attributes=NULL; */ +/*- xi->extensions=ri->attributes; <- bad, should not ever be done + ri->attributes=NULL; */ } xn = X509_REQ_get_subject_name(r); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index d02eebfc7a..136bfbda61 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -461,15 +461,15 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) int allow_proxy_certs; cb = ctx->verify_cb; - /*- - * must_be_ca can have 1 of 3 values: - * -1: we accept both CA and non-CA certificates, to allow direct - * use of self-signed certificates (which are marked as CA). - * 0: we only accept non-CA certificates. This is currently not - * used, but the possibility is present for future extensions. - * 1: we only accept CA certificates. This is currently used for - * all certificates in the chain except the leaf certificate. - */ + /*- + * must_be_ca can have 1 of 3 values: + * -1: we accept both CA and non-CA certificates, to allow direct + * use of self-signed certificates (which are marked as CA). + * 0: we only accept non-CA certificates. This is currently not + * used, but the possibility is present for future extensions. + * 1: we only accept CA certificates. This is currently used for + * all certificates in the chain except the leaf certificate. + */ must_be_ca = -1; /* CRL path validation */ diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index fc0475f7c2..6ea601f962 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -162,16 +162,16 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) set_prev = ret->set - 1; set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set; - /*- - * set_prev is the previous set - * set is the current set - * set_next is the following - * prev 1 1 1 1 1 1 1 1 - * set 1 1 2 2 - * next 1 1 2 2 2 2 3 2 - * so basically only if prev and next differ by 2, then - * re-number down by 1 - */ + /*- + * set_prev is the previous set + * set is the current set + * set_next is the following + * prev 1 1 1 1 1 1 1 1 + * set 1 1 2 2 + * next 1 1 2 2 2 2 3 2 + * so basically only if prev and next differ by 2, then + * re-number down by 1 + */ if (set_prev + 1 < set_next) for (i = loc; i < n; i++) sk_X509_NAME_ENTRY_value(sk, i)->set--; diff --git a/demos/engines/zencod/hw_zencod.h b/demos/engines/zencod/hw_zencod.h index e0ca6e64c4..a2510453a5 100644 --- a/demos/engines/zencod/hw_zencod.h +++ b/demos/engines/zencod/hw_zencod.h @@ -106,14 +106,14 @@ extern "C" { /* * Functions for Digest (MD5, SHA1) stuff */ -/* output : output data buffer */ -/* input : input data buffer */ -/* algo : hash algorithm, MD5 or SHA1 */ -/*- - * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ; - * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ; - */ -/* For now separate this stuff that mad it easier to test */ + /* output : output data buffer */ + /* input : input data buffer */ + /* algo : hash algorithm, MD5 or SHA1 */ + /*- + * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ; + * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ; + */ + /* For now separate this stuff that mad it easier to test */ typedef int t_zencod_md5_init(ZEN_MD_DATA *data); typedef int t_zencod_md5_update(ZEN_MD_DATA *data, const KEY * input); typedef int t_zencod_md5_do_final(ZEN_MD_DATA *data, KEY * output); diff --git a/engines/ccgost/gost_ctl.c b/engines/ccgost/gost_ctl.c index 58b5c2b615..6c93c4584d 100644 --- a/engines/ccgost/gost_ctl.c +++ b/engines/ccgost/gost_ctl.c @@ -18,20 +18,20 @@ static char *gost_params[GOST_PARAM_MAX + 1] = { NULL }; static const char *gost_envnames[] = { "CRYPT_PARAMS" }; const ENGINE_CMD_DEFN gost_cmds[] = { -/*- { GOST_CTRL_RNG, - "RNG", - "Type of random number generator to use", - ENGINE_CMD_FLAG_STRING - }, - { GOST_CTRL_RNG_PARAMS, - "RNG_PARAMS", - "Parameter for random number generator", - ENGINE_CMD_FLAG_STRING - }, +/*- { GOST_CTRL_RNG, + "RNG", + "Type of random number generator to use", + ENGINE_CMD_FLAG_STRING + }, + { GOST_CTRL_RNG_PARAMS, + "RNG_PARAMS", + "Parameter for random number generator", + ENGINE_CMD_FLAG_STRING + }, */ {GOST_CTRL_CRYPT_PARAMS, - "CRYPT_PARAMS", - "OID of default GOST 28147-89 parameters", - ENGINE_CMD_FLAG_STRING}, + "CRYPT_PARAMS", + "OID of default GOST 28147-89 parameters", + ENGINE_CMD_FLAG_STRING}, {0, NULL, NULL, 0} }; diff --git a/engines/e_cswift.c b/engines/e_cswift.c index 70c2f226c3..c429802d5f 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -1037,11 +1037,11 @@ static int cswift_rand_bytes(unsigned char *buf, int num) while (num >= (int)sizeof(buf32)) { largenum.value = buf; largenum.nbytes = sizeof(buf32); - /*- - * tell CryptoSwift how many bytes we want and where we want it. - * Note: - CryptoSwift cannot do more than 4096 bytes at a time. - * - CryptoSwift can only do multiple of 32-bits. - */ + /*- + * tell CryptoSwift how many bytes we want and where we want it. + * Note: - CryptoSwift cannot do more than 4096 bytes at a time. + * - CryptoSwift can only do multiple of 32-bits. + */ swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1); if (swrc != SW_OK) { diff --git a/engines/vendor_defns/hwcryptohook.h b/engines/vendor_defns/hwcryptohook.h index db9480d2ac..9fc7b89acb 100644 --- a/engines/vendor_defns/hwcryptohook.h +++ b/engines/vendor_defns/hwcryptohook.h @@ -214,12 +214,12 @@ typedef struct { int (*mutex_acquire) (HWCryptoHook_Mutex *); void (*mutex_release) (HWCryptoHook_Mutex *); void (*mutex_destroy) (HWCryptoHook_Mutex *); - /*- - * For greater efficiency, can use condition vars internally for - * synchronisation. In this case maxsimultaneous is ignored, but - * the other mutex stuff must be available. In singlethreaded - * programs, set everything to 0. - */ + /*- + * For greater efficiency, can use condition vars internally for + * synchronisation. In this case maxsimultaneous is ignored, but + * the other mutex stuff must be available. In singlethreaded + * programs, set everything to 0. + */ size_t condvarsize; int (*condvar_init) (HWCryptoHook_CondVar *, HWCryptoHook_CallerContext * cactx); @@ -227,103 +227,103 @@ typedef struct { void (*condvar_signal) (HWCryptoHook_CondVar *); void (*condvar_broadcast) (HWCryptoHook_CondVar *); void (*condvar_destroy) (HWCryptoHook_CondVar *); - /*- - * The semantics of acquiring and releasing mutexes and broadcasting - * and waiting on condition variables are expected to be those from - * POSIX threads (pthreads). The mutexes may be (in pthread-speak) - * fast mutexes, recursive mutexes, or nonrecursive ones. - * - * The _release/_signal/_broadcast and _destroy functions must - * always succeed when given a valid argument; if they are given an - * invalid argument then the program (crypto plugin + application) - * has an internal error, and they should abort the program. - */ + /*- + * The semantics of acquiring and releasing mutexes and broadcasting + * and waiting on condition variables are expected to be those from + * POSIX threads (pthreads). The mutexes may be (in pthread-speak) + * fast mutexes, recursive mutexes, or nonrecursive ones. + * + * The _release/_signal/_broadcast and _destroy functions must + * always succeed when given a valid argument; if they are given an + * invalid argument then the program (crypto plugin + application) + * has an internal error, and they should abort the program. + */ int (*getpassphrase) (const char *prompt_info, int *len_io, char *buf, HWCryptoHook_PassphraseContext * ppctx, HWCryptoHook_CallerContext * cactx); - /*- - * Passphrases and the prompt_info, if they contain high-bit-set - * characters, are UTF-8. The prompt_info may be a null pointer if - * no prompt information is available (it should not be an empty - * string). It will not contain text like `enter passphrase'; - * instead it might say something like `Operator Card for John - * Smith' or `SmartCard in nFast Module #1, Slot #1'. - * - * buf points to a buffer in which to return the passphrase; on - * entry *len_io is the length of the buffer. It should be updated - * by the callback. The returned passphrase should not be - * null-terminated by the callback. - */ + /*- + * Passphrases and the prompt_info, if they contain high-bit-set + * characters, are UTF-8. The prompt_info may be a null pointer if + * no prompt information is available (it should not be an empty + * string). It will not contain text like `enter passphrase'; + * instead it might say something like `Operator Card for John + * Smith' or `SmartCard in nFast Module #1, Slot #1'. + * + * buf points to a buffer in which to return the passphrase; on + * entry *len_io is the length of the buffer. It should be updated + * by the callback. The returned passphrase should not be + * null-terminated by the callback. + */ int (*getphystoken) (const char *prompt_info, const char *wrong_info, HWCryptoHook_PassphraseContext * ppctx, HWCryptoHook_CallerContext * cactx); - /*- - * Requests that the human user physically insert a different - * smartcard, DataKey, etc. The plugin should check whether the - * currently inserted token(s) are appropriate, and if they are it - * should not make this call. - * - * prompt_info is as before. wrong_info is a description of the - * currently inserted token(s) so that the user is told what - * something is. wrong_info, like prompt_info, may be null, but - * should not be an empty string. Its contents should be - * syntactically similar to that of prompt_info. - */ - /*- - * Note that a single LoadKey operation might cause several calls to - * getpassphrase and/or requestphystoken. If requestphystoken is - * not provided (ie, a null pointer is passed) then the plugin may - * not support loading keys for which authorisation by several cards - * is required. If getpassphrase is not provided then cards with - * passphrases may not be supported. - * - * getpassphrase and getphystoken do not need to check that the - * passphrase has been entered correctly or the correct token - * inserted; the crypto plugin will do that. If this is not the - * case then the crypto plugin is responsible for calling these - * routines again as appropriate until the correct token(s) and - * passphrase(s) are supplied as required, or until any retry limits - * implemented by the crypto plugin are reached. - * - * In either case, the application must allow the user to say `no' - * or `cancel' to indicate that they do not know the passphrase or - * have the appropriate token; this should cause the callback to - * return nonzero indicating error. - */ + /*- + * Requests that the human user physically insert a different + * smartcard, DataKey, etc. The plugin should check whether the + * currently inserted token(s) are appropriate, and if they are it + * should not make this call. + * + * prompt_info is as before. wrong_info is a description of the + * currently inserted token(s) so that the user is told what + * something is. wrong_info, like prompt_info, may be null, but + * should not be an empty string. Its contents should be + * syntactically similar to that of prompt_info. + */ + /*- + * Note that a single LoadKey operation might cause several calls to + * getpassphrase and/or requestphystoken. If requestphystoken is + * not provided (ie, a null pointer is passed) then the plugin may + * not support loading keys for which authorisation by several cards + * is required. If getpassphrase is not provided then cards with + * passphrases may not be supported. + * + * getpassphrase and getphystoken do not need to check that the + * passphrase has been entered correctly or the correct token + * inserted; the crypto plugin will do that. If this is not the + * case then the crypto plugin is responsible for calling these + * routines again as appropriate until the correct token(s) and + * passphrase(s) are supplied as required, or until any retry limits + * implemented by the crypto plugin are reached. + * + * In either case, the application must allow the user to say `no' + * or `cancel' to indicate that they do not know the passphrase or + * have the appropriate token; this should cause the callback to + * return nonzero indicating error. + */ void (*logmessage) (void *logstream, const char *message); - /*- - * A log message will be generated at least every time something goes - * wrong and an ErrMsgBuf is filled in (or would be if one was - * provided). Other diagnostic information may be written there too, - * including more detailed reasons for errors which are reported in an - * ErrMsgBuf. - * - * When a log message is generated, this callback is called. It - * should write a message to the relevant logging arrangements. - * - * The message string passed will be null-terminated and may be of arbitrary - * length. It will not be prefixed by the time and date, nor by the - * name of the library that is generating it - if this is required, - * the logmessage callback must do it. The message will not have a - * trailing newline (though it may contain internal newlines). - * - * If a null pointer is passed for logmessage a default function is - * used. The default function treats logstream as a FILE* which has - * been converted to a void*. If logstream is 0 it does nothing. - * Otherwise it prepends the date and time and library name and - * writes the message to logstream. Each line will be prefixed by a - * descriptive string containing the date, time and identity of the - * crypto plugin. Errors on the logstream are not reported - * anywhere, and the default function doesn't flush the stream, so - * the application must set the buffering how it wants it. - * - * The crypto plugin may also provide a facility to have copies of - * log messages sent elsewhere, and or for adjusting the verbosity - * of the log messages; any such facilities will be configured by - * external means. - */ + /*- + * A log message will be generated at least every time something goes + * wrong and an ErrMsgBuf is filled in (or would be if one was + * provided). Other diagnostic information may be written there too, + * including more detailed reasons for errors which are reported in an + * ErrMsgBuf. + * + * When a log message is generated, this callback is called. It + * should write a message to the relevant logging arrangements. + * + * The message string passed will be null-terminated and may be of arbitrary + * length. It will not be prefixed by the time and date, nor by the + * name of the library that is generating it - if this is required, + * the logmessage callback must do it. The message will not have a + * trailing newline (though it may contain internal newlines). + * + * If a null pointer is passed for logmessage a default function is + * used. The default function treats logstream as a FILE* which has + * been converted to a void*. If logstream is 0 it does nothing. + * Otherwise it prepends the date and time and library name and + * writes the message to logstream. Each line will be prefixed by a + * descriptive string containing the date, time and identity of the + * crypto plugin. Errors on the logstream are not reported + * anywhere, and the default function doesn't flush the stream, so + * the application must set the buffering how it wants it. + * + * The crypto plugin may also provide a facility to have copies of + * log messages sent elsewhere, and or for adjusting the verbosity + * of the log messages; any such facilities will be configured by + * external means. + */ } HWCryptoHook_InitInfo; typedef diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 614530a527..c18ec03bd1 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -569,12 +569,12 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) { - /*- - * (0) check whether the desired fragment is available - * if so: - * (1) copy over the fragment to s->init_buf->data[] - * (2) update s->init_num - */ + /*- + * (0) check whether the desired fragment is available + * if so: + * (1) copy over the fragment to s->init_buf->data[] + * (2) update s->init_num + */ pitem *item; hm_fragment *frag; int al; @@ -1289,10 +1289,10 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, struct dtls1_retransmit_state saved_state; unsigned char save_write_sequence[8]; - /*- - OPENSSL_assert(s->init_num == 0); - OPENSSL_assert(s->init_off == 0); - */ + /*- + OPENSSL_assert(s->init_num == 0); + OPENSSL_assert(s->init_off == 0); + */ /* XDTLS: the requested message ought to be found, otherwise error */ memset(seq64be, 0, sizeof(seq64be)); @@ -1603,16 +1603,16 @@ int dtls1_heartbeat(SSL *s) */ OPENSSL_assert(payload + padding <= 16381); - /*- - * Create HeartBeat message, we just use a sequence number - * as payload to distuingish different messages and add - * some random stuff. - * - Message Type, 1 byte - * - Payload Length, 2 bytes (unsigned int) - * - Payload, the sequence number (2 bytes uint) - * - Payload, random bytes (16 bytes uint) - * - Padding - */ + /*- + * Create HeartBeat message, we just use a sequence number + * as payload to distuingish different messages and add + * some random stuff. + * - Message Type, 1 byte + * - Payload Length, 2 bytes (unsigned int) + * - Payload, the sequence number (2 bytes uint) + * - Payload, random bytes (16 bytes uint) + * - Padding + */ buf = OPENSSL_malloc(1 + 2 + payload + padding); p = buf; /* Message Type */ diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 57c970cff1..1394781c04 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -1094,25 +1094,25 @@ int dtls1_send_client_key_exchange(SSL *s) goto err; } - /*- - * 20010406 VRS - Earlier versions used KRB5 AP_REQ - ** in place of RFC 2712 KerberosWrapper, as in: - ** - ** Send ticket (copy to *p, set n = length) - ** n = krb5_ap_req.length; - ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - ** if (krb5_ap_req.data) - ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - ** - ** Now using real RFC 2712 KerberosWrapper - ** (Thanks to Simon Wilkinson ) - ** Note: 2712 "opaque" types are here replaced - ** with a 2-byte length followed by the value. - ** Example: - ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms - ** Where "xx xx" = length bytes. Shown here with - ** optional authenticator omitted. - */ + /*- + * 20010406 VRS - Earlier versions used KRB5 AP_REQ + ** in place of RFC 2712 KerberosWrapper, as in: + ** + ** Send ticket (copy to *p, set n = length) + ** n = krb5_ap_req.length; + ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); + ** if (krb5_ap_req.data) + ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); + ** + ** Now using real RFC 2712 KerberosWrapper + ** (Thanks to Simon Wilkinson ) + ** Note: 2712 "opaque" types are here replaced + ** with a 2-byte length followed by the value. + ** Example: + ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms + ** Where "xx xx" = length bytes. Shown here with + ** optional authenticator omitted. + */ /* KerberosWrapper.Ticket */ s2n(enc_ticket->length, p); @@ -1138,13 +1138,13 @@ int dtls1_send_client_key_exchange(SSL *s) if (RAND_bytes(tmp_buf, sizeof tmp_buf) <= 0) goto err; - /*- - * 20010420 VRS. Tried it this way; failed. - * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - * kssl_ctx->length); - * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ + /*- + * 20010420 VRS. Tried it this way; failed. + * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); + * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, + * kssl_ctx->length); + * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); + */ memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); @@ -1498,12 +1498,12 @@ int dtls1_send_client_key_exchange(SSL *s) d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n); - /*- - *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; - l2n3(n,d); - l2n(s->d1->handshake_write_seq,d); - s->d1->handshake_write_seq++; - */ + /*- + *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; + l2n3(n,d); + l2n(s->d1->handshake_write_seq,d); + s->d1->handshake_write_seq++; + */ s->state = SSL3_ST_CW_KEY_EXCH_B; /* number of bytes to write */ diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 246af2d7cf..2abb7ef1d7 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -432,12 +432,12 @@ static int dtls1_process_record(SSL *s) rr->data = rr->input; enc_err = s->method->ssl3_enc->enc(s, 0); - /*- - * enc_err is: - * 0: (in non-constant time) if the record is publically invalid. - * 1: if the padding is valid - * -1: if the padding is invalid - */ + /*- + * enc_err is: + * 0: (in non-constant time) if the record is publically invalid. + * 1: if the padding is valid + * -1: if the padding is invalid + */ if (enc_err == 0) { /* For DTLS we simply ignore bad packets. */ rr->length = 0; @@ -540,14 +540,14 @@ static int dtls1_process_record(SSL *s) } rr->off = 0; - /*- - * So at this point the following is true - * ssl->s3->rrec.type is the type of record - * ssl->s3->rrec.length == number of bytes in record - * ssl->s3->rrec.off == offset to first valid byte - * ssl->s3->rrec.data == where to take bytes from, increment - * after use :-). - */ + /*- + * So at this point the following is true + * ssl->s3->rrec.type is the type of record + * ssl->s3->rrec.length == number of bytes in record + * ssl->s3->rrec.off == offset to first valid byte + * ssl->s3->rrec.data == where to take bytes from, increment + * after use :-). + */ /* we have pulled in a full packet so zero things */ s->packet_length = 0; @@ -820,12 +820,12 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) start: s->rwstate = SSL_NOTHING; - /*- - * s->s3->rrec.type - is the type of record - * s->s3->rrec.data, - data - * s->s3->rrec.off, - offset into 'data' for next read - * s->s3->rrec.length, - number of bytes. - */ + /*- + * s->s3->rrec.type - is the type of record + * s->s3->rrec.data, - data + * s->s3->rrec.off, - offset into 'data' for next read + * s->s3->rrec.length, - number of bytes. + */ rr = &(s->s3->rrec); /* @@ -1047,11 +1047,11 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } - /*- - * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; - * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) - */ + /*- + * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; + * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. + * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) + */ /* If we are a client, check for an incoming 'Hello Request': */ if ((!s->server) && diff --git a/ssl/kssl.c b/ssl/kssl.c index c223a5660c..cf585679dc 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1391,20 +1391,20 @@ krb5_error_code kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, } } - /*- Actual Kerberos5 krb5_recvauth() has initial conversation here - * o check KRB5_SENDAUTH_BADAUTHVERS - * unless KRB5_RECVAUTH_SKIP_VERSION - * o check KRB5_SENDAUTH_BADAPPLVERS - * o send "0" msg if all OK - */ + /*- Actual Kerberos5 krb5_recvauth() has initial conversation here + * o check KRB5_SENDAUTH_BADAUTHVERS + * unless KRB5_RECVAUTH_SKIP_VERSION + * o check KRB5_SENDAUTH_BADAPPLVERS + * o send "0" msg if all OK + */ - /*- - * 20010411 was using AP_REQ instead of true KerberosWrapper - * - * if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, - * &krb5in_data, krb5server, krb5keytab, - * &ap_option, &krb5ticket)) != 0) { Error } - */ + /*- + * 20010411 was using AP_REQ instead of true KerberosWrapper + * + * if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, + * &krb5in_data, krb5server, krb5keytab, + * &ap_option, &krb5ticket)) != 0) { Error } + */ p = (unsigned char *)indata->data; if ((asn1ticket = (KRB5_TKTBODY *)d2i_KRB5_TICKET(NULL, &p, diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 3f8ddb8d02..50f98dced4 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -421,19 +421,19 @@ int ssl23_get_client_hello(SSL *s) v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ v[1] = p[4]; - /*- - * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 - * header is sent directly on the wire, not wrapped as a TLS - * record. It's format is: - * Byte Content - * 0-1 msg_length - * 2 msg_type - * 3-4 version - * 5-6 cipher_spec_length - * 7-8 session_id_length - * 9-10 challenge_length - * ... ... - */ + /*- + * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 + * header is sent directly on the wire, not wrapped as a TLS + * record. It's format is: + * Byte Content + * 0-1 msg_length + * 2 msg_type + * 3-4 version + * 5-6 cipher_spec_length + * 7-8 session_id_length + * 9-10 challenge_length + * ... ... + */ n = ((p[0] & 0x7f) << 8) | p[1]; if (n > (1024 * 4)) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE); diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 341b139b16..614b9a35d2 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -535,19 +535,19 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) s->s2->three_byte_header = 0; p = 0; } else if ((bs <= 1) && (!s->s2->escape)) { - /*- - * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus - * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER - */ + /*- + * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus + * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + */ s->s2->three_byte_header = 0; p = 0; } else { /* we may have to use a 3 byte header */ - /*- - * If s->s2->escape is not set, then - * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus - * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. - */ + /*- + * If s->s2->escape is not set, then + * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus + * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. + */ p = (j % bs); p = (p == 0) ? 0 : (bs - p); if (s->s2->escape) { @@ -559,12 +559,12 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) } } - /*- - * Now - * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER - * holds, and if s->s2->three_byte_header is set, then even - * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER. - */ + /*- + * Now + * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + * holds, and if s->s2->three_byte_header is set, then even + * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER. + */ /* * mac_size is the number of MAC bytes len is the number of data bytes we diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 887f43e953..598d27edcc 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -761,25 +761,25 @@ void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) return; block_size = EVP_MD_CTX_block_size(mac_ctx); - /*- - * We are in FIPS mode if we get this far so we know we have only SHA* - * digests and TLS to deal with. - * Minimum digest padding length is 17 for SHA384/SHA512 and 9 - * otherwise. - * Additional header is 13 bytes. To get the number of digest blocks - * processed round up the amount of data plus padding to the nearest - * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. - * So we have: - * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size - * equivalently: - * blocks = (payload_len + digest_pad + 12)/block_size + 1 - * HMAC adds a constant overhead. - * We're ultimately only interested in differences so this becomes - * blocks = (payload_len + 29)/128 - * for SHA384/SHA512 and - * blocks = (payload_len + 21)/64 - * otherwise. - */ + /*- + * We are in FIPS mode if we get this far so we know we have only SHA* + * digests and TLS to deal with. + * Minimum digest padding length is 17 for SHA384/SHA512 and 9 + * otherwise. + * Additional header is 13 bytes. To get the number of digest blocks + * processed round up the amount of data plus padding to the nearest + * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. + * So we have: + * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size + * equivalently: + * blocks = (payload_len + digest_pad + 12)/block_size + 1 + * HMAC adds a constant overhead. + * We're ultimately only interested in differences so this becomes + * blocks = (payload_len + 29)/128 + * for SHA384/SHA512 and + * blocks = (payload_len + 21)/64 + * otherwise. + */ digest_pad = block_size == 64 ? 21 : 29; blocks_orig = (orig_len + digest_pad) / block_size; blocks_data = (data_len + digest_pad) / block_size; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 65400572d1..0e5acecabb 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -674,36 +674,36 @@ int ssl3_client_hello(SSL *s) /* Do the message type and length last */ d = p = &(buf[4]); - /*- - * version indicates the negotiated version: for example from - * an SSLv2/v3 compatible client hello). The client_version - * field is the maximum version we permit and it is also - * used in RSA encrypted premaster secrets. Some servers can - * choke if we initially report a higher version then - * renegotiate to a lower one in the premaster secret. This - * didn't happen with TLS 1.0 as most servers supported it - * but it can with TLS 1.1 or later if the server only supports - * 1.0. - * - * Possible scenario with previous logic: - * 1. Client hello indicates TLS 1.2 - * 2. Server hello says TLS 1.0 - * 3. RSA encrypted premaster secret uses 1.2. - * 4. Handhaked proceeds using TLS 1.0. - * 5. Server sends hello request to renegotiate. - * 6. Client hello indicates TLS v1.0 as we now - * know that is maximum server supports. - * 7. Server chokes on RSA encrypted premaster secret - * containing version 1.0. - * - * For interoperability it should be OK to always use the - * maximum version we support in client hello and then rely - * on the checking of version to ensure the servers isn't - * being inconsistent: for example initially negotiating with - * TLS 1.0 and renegotiating with TLS 1.2. We do this by using - * client_version in client hello and not resetting it to - * the negotiated version. - */ + /*- + * version indicates the negotiated version: for example from + * an SSLv2/v3 compatible client hello). The client_version + * field is the maximum version we permit and it is also + * used in RSA encrypted premaster secrets. Some servers can + * choke if we initially report a higher version then + * renegotiate to a lower one in the premaster secret. This + * didn't happen with TLS 1.0 as most servers supported it + * but it can with TLS 1.1 or later if the server only supports + * 1.0. + * + * Possible scenario with previous logic: + * 1. Client hello indicates TLS 1.2 + * 2. Server hello says TLS 1.0 + * 3. RSA encrypted premaster secret uses 1.2. + * 4. Handhaked proceeds using TLS 1.0. + * 5. Server sends hello request to renegotiate. + * 6. Client hello indicates TLS v1.0 as we now + * know that is maximum server supports. + * 7. Server chokes on RSA encrypted premaster secret + * containing version 1.0. + * + * For interoperability it should be OK to always use the + * maximum version we support in client hello and then rely + * on the checking of version to ensure the servers isn't + * being inconsistent: for example initially negotiating with + * TLS 1.0 and renegotiating with TLS 1.2. We do this by using + * client_version in client hello and not resetting it to + * the negotiated version. + */ #if 0 *(p++) = s->version >> 8; *(p++) = s->version & 0xff; @@ -2361,25 +2361,25 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } - /*- - * 20010406 VRS - Earlier versions used KRB5 AP_REQ - * in place of RFC 2712 KerberosWrapper, as in: - * - * Send ticket (copy to *p, set n = length) - * n = krb5_ap_req.length; - * memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - * if (krb5_ap_req.data) - * kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - * - * Now using real RFC 2712 KerberosWrapper - * (Thanks to Simon Wilkinson ) - * Note: 2712 "opaque" types are here replaced - * with a 2-byte length followed by the value. - * Example: - * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms - * Where "xx xx" = length bytes. Shown here with - * optional authenticator omitted. - */ + /*- + * 20010406 VRS - Earlier versions used KRB5 AP_REQ + * in place of RFC 2712 KerberosWrapper, as in: + * + * Send ticket (copy to *p, set n = length) + * n = krb5_ap_req.length; + * memcpy(p, krb5_ap_req.data, krb5_ap_req.length); + * if (krb5_ap_req.data) + * kssl_krb5_free_data_contents(NULL,&krb5_ap_req); + * + * Now using real RFC 2712 KerberosWrapper + * (Thanks to Simon Wilkinson ) + * Note: 2712 "opaque" types are here replaced + * with a 2-byte length followed by the value. + * Example: + * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms + * Where "xx xx" = length bytes. Shown here with + * optional authenticator omitted. + */ /* KerberosWrapper.Ticket */ s2n(enc_ticket->length, p); @@ -2407,13 +2407,13 @@ int ssl3_send_client_key_exchange(SSL *s) if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) goto err; - /*- - * 20010420 VRS. Tried it this way; failed. - * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - * kssl_ctx->length); - * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ + /*- + * 20010420 VRS. Tried it this way; failed. + * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); + * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, + * kssl_ctx->length); + * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); + */ memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); @@ -2531,26 +2531,26 @@ int ssl3_send_client_key_exchange(SSL *s) * ecdh_clnt_cert to 1. */ if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->cert != NULL)) { - /*- - * XXX: For now, we do not support client - * authentication using ECDH certificates. - * To add such support, one needs to add - * code that checks for appropriate - * conditions and sets ecdh_clnt_cert to 1. - * For example, the cert have an ECC - * key on the same curve as the server's - * and the key should be authorized for - * key agreement. - * - * One also needs to add code in ssl3_connect - * to skip sending the certificate verify - * message. - * - * if ((s->cert->key->privatekey != NULL) && - * (s->cert->key->privatekey->type == - * EVP_PKEY_EC) && ...) - * ecdh_clnt_cert = 1; - */ + /*- + * XXX: For now, we do not support client + * authentication using ECDH certificates. + * To add such support, one needs to add + * code that checks for appropriate + * conditions and sets ecdh_clnt_cert to 1. + * For example, the cert have an ECC + * key on the same curve as the server's + * and the key should be authorized for + * key agreement. + * + * One also needs to add code in ssl3_connect + * to skip sending the certificate verify + * message. + * + * if ((s->cert->key->privatekey != NULL) && + * (s->cert->key->privatekey->type == + * EVP_PKEY_EC) && ...) + * ecdh_clnt_cert = 1; + */ } if (s->session->sess_cert->peer_ecdh_tmp != NULL) { diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 63b9f0b48a..b4a1456781 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -737,13 +737,14 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) * are hashing because that gives an attacker a timing-oracle. */ - /*- - * npad is, at most, 48 bytes and that's with MD5: - * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. - * - * With SHA-1 (the largest hash speced for SSLv3) the hash size - * goes up 4, but npad goes down by 8, resulting in a smaller - * total size. */ + /*- + * npad is, at most, 48 bytes and that's with MD5: + * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. + * + * With SHA-1 (the largest hash speced for SSLv3) the hash size + * goes up 4, but npad goes down by 8, resulting in a smaller + * total size. + */ unsigned char header[75]; unsigned j = 0; memcpy(header + j, mac_sec, md_size); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index bee7a7e670..5644dd8f26 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -415,12 +415,12 @@ static int ssl3_get_record(SSL *s) rr->data = rr->input; enc_err = s->method->ssl3_enc->enc(s, 0); - /*- - * enc_err is: - * 0: (in non-constant time) if the record is publically invalid. - * 1: if the padding is valid - * -1: if the padding is invalid - */ + /*- + * enc_err is: + * 0: (in non-constant time) if the record is publically invalid. + * 1: if the padding is valid + * -1: if the padding is invalid + */ if (enc_err == 0) { al = SSL_AD_DECRYPTION_FAILED; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); @@ -528,14 +528,14 @@ static int ssl3_get_record(SSL *s) } rr->off = 0; - /*- - * So at this point the following is true - * ssl->s3->rrec.type is the type of record - * ssl->s3->rrec.length == number of bytes in record - * ssl->s3->rrec.off == offset to first valid byte - * ssl->s3->rrec.data == where to take bytes from, increment - * after use :-). - */ + /*- + * So at this point the following is true + * ssl->s3->rrec.type is the type of record + * ssl->s3->rrec.length == number of bytes in record + * ssl->s3->rrec.off == offset to first valid byte + * ssl->s3->rrec.data == where to take bytes from, increment + * after use :-). + */ /* we have pulled in a full packet so zero things */ s->packet_length = 0; @@ -1030,12 +1030,12 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) start: s->rwstate = SSL_NOTHING; - /*- - * s->s3->rrec.type - is the type of record - * s->s3->rrec.data, - data - * s->s3->rrec.off, - offset into 'data' for next read - * s->s3->rrec.length, - number of bytes. - */ + /*- + * s->s3->rrec.type - is the type of record + * s->s3->rrec.data, - data + * s->s3->rrec.off, - offset into 'data' for next read + * s->s3->rrec.length, - number of bytes. + */ rr = &(s->s3->rrec); /* get new packet if necessary */ @@ -1153,11 +1153,11 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } - /*- - * s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; - * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) - */ + /*- + * s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; + * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. + * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) + */ /* If we are a client, check for an incoming 'Hello Request': */ if ((!s->server) && diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 486362d221..ef3964aa21 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1425,17 +1425,17 @@ int ssl3_get_client_hello(SSL *s) } } - /*- - * we now have the following setup. - * client_random - * cipher_list - our prefered list of ciphers - * ciphers - the clients prefered list of ciphers - * compression - basically ignored right now - * ssl version is set - sslv3 - * s->session - The ssl session has been setup. - * s->hit - session reuse flag - * s->tmp.new_cipher - the new cipher to use. - */ + /*- + * we now have the following setup. + * client_random + * cipher_list - our prefered list of ciphers + * ciphers - the clients prefered list of ciphers + * compression - basically ignored right now + * ssl version is set - sslv3 + * s->session - The ssl session has been setup. + * s->hit - session reuse flag + * s->tmp.new_cipher - the new cipher to use. + */ /* Handles TLS extensions that we couldn't check earlier */ if (s->version >= SSL3_VERSION) { @@ -1481,22 +1481,22 @@ int ssl3_send_server_hello(SSL *s) memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); p += SSL3_RANDOM_SIZE; - /*- - * There are several cases for the session ID to send - * back in the server hello: - * - For session reuse from the session cache, - * we send back the old session ID. - * - If stateless session reuse (using a session ticket) - * is successful, we send back the client's "session ID" - * (which doesn't actually identify the session). - * - If it is a new session, we send back the new - * session ID. - * - However, if we want the new session to be single-use, - * we send back a 0-length session ID. - * s->hit is non-zero in either case of session reuse, - * so the following won't overwrite an ID that we're supposed - * to send back. - */ + /*- + * There are several cases for the session ID to send + * back in the server hello: + * - For session reuse from the session cache, + * we send back the old session ID. + * - If stateless session reuse (using a session ticket) + * is successful, we send back the client's "session ID" + * (which doesn't actually identify the session). + * - If it is a new session, we send back the new + * session ID. + * - However, if we want the new session to be single-use, + * we send back a 0-length session ID. + * s->hit is non-zero in either case of session reuse, + * so the following won't overwrite an ID that we're supposed + * to send back. + */ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) && !s->hit) s->session->session_id_length = 0; @@ -2524,11 +2524,11 @@ int ssl3_get_client_key_exchange(SSL *s) } } - /*- Was doing kssl_ctx_free() here, - * but it caused problems for apache. - * kssl_ctx = kssl_ctx_free(kssl_ctx); - * if (s->kssl_ctx) s->kssl_ctx = NULL; - */ + /*- Was doing kssl_ctx_free() here, + * but it caused problems for apache. + * kssl_ctx = kssl_ctx_free(kssl_ctx); + * if (s->kssl_ctx) s->kssl_ctx = NULL; + */ } else #endif /* OPENSSL_NO_KRB5 */ @@ -3341,14 +3341,14 @@ int ssl3_send_newsession_ticket(SSL *s) i2d_SSL_SESSION(sess, &p); SSL_SESSION_free(sess); - /*- - * Grow buffer if need be: the length calculation is as - * follows 1 (size of message name) + 3 (message length - * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + - * 16 (key name) + max_iv_len (iv length) + - * session_length + max_enc_block_size (max encrypted session - * length) + max_md_size (HMAC). - */ + /*- + * Grow buffer if need be: the length calculation is as + * follows 1 (size of message name) + 3 (message length + * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + + * 16 (key name) + max_iv_len (iv length) + + * session_length + max_enc_block_size (max encrypted session + * length) + max_md_size (HMAC). + */ if (!BUF_MEM_grow(s->init_buf, 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) @@ -3431,12 +3431,12 @@ int ssl3_send_cert_status(SSL *s) { if (s->state == SSL3_ST_SW_CERT_STATUS_A) { unsigned char *p; - /*- - * Grow buffer if need be: the length calculation is as - * follows 1 (message type) + 3 (message length) + - * 1 (ocsp response type) + 3 (ocsp response length) - * + (ocsp response) - */ + /*- + * Grow buffer if need be: the length calculation is as + * follows 1 (message type) + 3 (message length) + + * 1 (ocsp response type) + 3 (ocsp response length) + * + (ocsp response) + */ if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) return -1; @@ -3508,13 +3508,13 @@ int ssl3_get_next_proto(SSL *s) p = (unsigned char *)s->init_msg; - /*- - * The payload looks like: - * uint8 proto_len; - * uint8 proto[proto_len]; - * uint8 padding_len; - * uint8 padding[padding_len]; - */ + /*- + * The payload looks like: + * uint8 proto_len; + * uint8 proto[proto_len]; + * uint8 padding_len; + * uint8 padding[padding_len]; + */ proto_len = p[0]; if (proto_len + 2 > s->init_num) return 0; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 99cf677961..51a4a04a23 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -250,7 +250,7 @@ static const SSL_CIPHER cipher_aliases[] = { /* no such ciphersuites supported! */ {0, SSL_TXT_kDHd, 0, SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, /* no such ciphersuites supported! */ - {0, SSL_TXT_kDH, 0, SSL_kDHr | SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, / + {0, SSL_TXT_kDH, 0, SSL_kDHr | SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, @@ -1856,14 +1856,14 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) if (cm == NULL || cm->type == NID_undef) return 1; - /*- - * According to draft-ietf-tls-compression-04.txt, the - * compression number ranges should be the following: - * - * 0 to 63: methods defined by the IETF - * 64 to 192: external party methods assigned by IANA - * 193 to 255: reserved for private use - */ + /*- + * According to draft-ietf-tls-compression-04.txt, the + * compression number ranges should be the following: + * + * 0 to 63: methods defined by the IETF + * 64 to 192: external party methods assigned by IANA + * 193 to 255: reserved for private use + */ if (id < 193 || id > 255) { SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index e3ce9ba0c3..18ec248f08 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1749,12 +1749,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->references = 1; ret->quiet_shutdown = 0; -/* ret->cipher=NULL;*/ +/* ret->cipher=NULL;*/ /*- - ret->s2->challenge=NULL; - ret->master_key=NULL; - ret->key_arg=NULL; - ret->s2->conn_id=NULL; */ + ret->s2->challenge=NULL; + ret->master_key=NULL; + ret->key_arg=NULL; + ret->s2->conn_id=NULL; */ ret->info_callback = NULL; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 74c1d1537f..fb4e8c5259 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -326,21 +326,21 @@ int ssl_get_new_session(SSL *s, int session) return (0); } #ifndef OPENSSL_NO_TLSEXT - /*- - * If RFC5077 ticket, use empty session ID (as server). - * Note that: - * (a) ssl_get_prev_session() does lookahead into the - * ClientHello extensions to find the session ticket. - * When ssl_get_prev_session() fails, s3_srvr.c calls - * ssl_get_new_session() in ssl3_get_client_hello(). - * At that point, it has not yet parsed the extensions, - * however, because of the lookahead, it already knows - * whether a ticket is expected or not. - * - * (b) s3_clnt.c calls ssl_get_new_session() before parsing - * ServerHello extensions, and before recording the session - * ID received from the server, so this block is a noop. - */ + /*- + * If RFC5077 ticket, use empty session ID (as server). + * Note that: + * (a) ssl_get_prev_session() does lookahead into the + * ClientHello extensions to find the session ticket. + * When ssl_get_prev_session() fails, s3_srvr.c calls + * ssl_get_new_session() in ssl3_get_client_hello(). + * At that point, it has not yet parsed the extensions, + * however, because of the lookahead, it already knows + * whether a ticket is expected or not. + * + * (b) s3_clnt.c calls ssl_get_new_session() before parsing + * ServerHello extensions, and before recording the session + * ID received from the server, so this block is a noop. + */ if (s->tlsext_ticket_expected) { ss->session_id_length = 0; goto sess_id_done; diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index 521885fc50..fb770753e2 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -292,8 +292,8 @@ int doit(io_channel chan, SSL_CTX *s_ctx) if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; /*- original, DRM 24-SEP-1997 - BIO_set_fd ( c_to_s, "", chan ); - BIO_set_fd ( s_to_c, "", chan ); + BIO_set_fd ( c_to_s, "", chan ); + BIO_set_fd ( s_to_c, "", chan ); */ BIO_set_fd(c_to_s, 0, chan); BIO_set_fd(s_to_c, 0, chan); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 615302ab31..9fa226c626 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1170,40 +1170,40 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); do { - /*- - * c_ssl_bio: SSL filter BIO - * - * client: pseudo-I/O for SSL library - * - * client_io: client's SSL communication; usually to be - * relayed over some I/O facility, but in this - * test program, we're the server, too: - * - * server_io: server's SSL communication - * - * server: pseudo-I/O for SSL library - * - * s_ssl_bio: SSL filter BIO - * - * The client and the server each employ a "BIO pair": - * client + client_io, server + server_io. - * BIO pairs are symmetric. A BIO pair behaves similar - * to a non-blocking socketpair (but both endpoints must - * be handled by the same thread). - * [Here we could connect client and server to the ends - * of a single BIO pair, but then this code would be less - * suitable as an example for BIO pairs in general.] - * - * Useful functions for querying the state of BIO pair endpoints: - * - * BIO_ctrl_pending(bio) number of bytes we can read now - * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil - * other side's read attempt - * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now - * - * ..._read_request is never more than ..._write_guarantee; - * it depends on the application which one you should use. - */ + /*- + * c_ssl_bio: SSL filter BIO + * + * client: pseudo-I/O for SSL library + * + * client_io: client's SSL communication; usually to be + * relayed over some I/O facility, but in this + * test program, we're the server, too: + * + * server_io: server's SSL communication + * + * server: pseudo-I/O for SSL library + * + * s_ssl_bio: SSL filter BIO + * + * The client and the server each employ a "BIO pair": + * client + client_io, server + server_io. + * BIO pairs are symmetric. A BIO pair behaves similar + * to a non-blocking socketpair (but both endpoints must + * be handled by the same thread). + * [Here we could connect client and server to the ends + * of a single BIO pair, but then this code would be less + * suitable as an example for BIO pairs in general.] + * + * Useful functions for querying the state of BIO pair endpoints: + * + * BIO_ctrl_pending(bio) number of bytes we can read now + * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil + * other side's read attempt + * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now + * + * ..._read_request is never more than ..._write_guarantee; + * it depends on the application which one you should use. + */ /* * We have non-blocking behaviour throughout this test program, but @@ -1569,10 +1569,10 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) printf("server waiting in SSL_accept - %s\n", SSL_state_string_long(s_ssl)); /*- - else if (s_write) - printf("server:SSL_write()\n"); - else - printf("server:SSL_read()\n"); */ + else if (s_write) + printf("server:SSL_write()\n"); + else + printf("server:SSL_read()\n"); */ } if (do_client && debug) { @@ -1580,10 +1580,10 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) printf("client waiting in SSL_connect - %s\n", SSL_state_string_long(c_ssl)); /*- - else if (c_write) - printf("client:SSL_write()\n"); - else - printf("client:SSL_read()\n"); */ + else if (c_write) + printf("client:SSL_write()\n"); + else + printf("client:SSL_read()\n"); */ } if (!do_client && !do_server) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 45157fe699..243a70f7a6 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -386,14 +386,14 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned long size_str; long lenmax; - /*- - * check for enough space. - * 4 for the servername type and entension length - * 2 for servernamelist length - * 1 for the hostname type - * 2 for hostname length - * + hostname length - */ + /*- + * check for enough space. + * 4 for the servername type and entension length + * 2 for servernamelist length + * 1 for the hostname type + * 2 for hostname length + * + hostname length + */ if ((lenmax = limit - ret - 9) < 0 || (size_str = @@ -447,12 +447,12 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, return NULL; } - /*- - * check for enough space. - * 4 for the srp type type and entension length - * 1 for the srp user identity - * + srp user identity length - */ + /*- + * check for enough space. + * 4 for the srp type type and entension length + * 1 for the srp user identity + * + srp user identity length + */ if ((limit - ret - 5 - login_len) < 0) return NULL; @@ -622,11 +622,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, return NULL; s2n(TLSEXT_TYPE_heartbeat, ret); s2n(1, ret); - /*- - * Set mode: - * 1: peer may send requests - * 2: peer not allowed to send requests - */ + /*- + * Set mode: + * 1: peer may send requests + * 2: peer not allowed to send requests + */ if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS) *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS; else @@ -855,11 +855,11 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, return NULL; s2n(TLSEXT_TYPE_heartbeat, ret); s2n(1, ret); - /*- - * Set mode: - * 1: peer may send requests - * 2: peer not allowed to send requests - */ + /*- + * Set mode: + * 1: peer may send requests + * 2: peer not allowed to send requests + */ if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS) *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS; else @@ -1399,23 +1399,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, # ifndef OPENSSL_NO_NEXTPROTONEG else if (type == TLSEXT_TYPE_next_proto_neg && s->s3->tmp.finish_md_len == 0) { - /*- - * We shouldn't accept this extension on a - * renegotiation. - * - * s->new_session will be set on renegotiation, but we - * probably shouldn't rely that it couldn't be set on - * the initial renegotation too in certain cases (when - * there's some other reason to disallow resuming an - * earlier session -- the current code won't be doing - * anything like that, but this might change). - * - * A valid sign that there's been a previous handshake - * in this connection is if s->s3->tmp.finish_md_len > - * 0. (We are talking about a check that will happen - * in the Hello protocol round, well before a new - * Finished message could have been computed.) - */ + /*- + * We shouldn't accept this extension on a + * renegotiation. + * + * s->new_session will be set on renegotiation, but we + * probably shouldn't rely that it couldn't be set on + * the initial renegotation too in certain cases (when + * there's some other reason to disallow resuming an + * earlier session -- the current code won't be doing + * anything like that, but this might change). + * + * A valid sign that there's been a previous handshake + * in this connection is if s->s3->tmp.finish_md_len > + * 0. (We are talking about a check that will happen + * in the Hello protocol round, well before a new + * Finished message could have been computed.) + */ s->s3->next_proto_neg_seen = 1; } # endif @@ -2676,16 +2676,16 @@ int tls1_heartbeat(SSL *s) */ OPENSSL_assert(payload + padding <= 16381); - /*- - * Create HeartBeat message, we just use a sequence number - * as payload to distuingish different messages and add - * some random stuff. - * - Message Type, 1 byte - * - Payload Length, 2 bytes (unsigned int) - * - Payload, the sequence number (2 bytes uint) - * - Payload, random bytes (16 bytes uint) - * - Padding - */ + /*- + * Create HeartBeat message, we just use a sequence number + * as payload to distuingish different messages and add + * some random stuff. + * - Message Type, 1 byte + * - Payload Length, 2 bytes (unsigned int) + * - Payload, the sequence number (2 bytes uint) + * - Payload, random bytes (16 bytes uint) + * - Padding + */ buf = OPENSSL_malloc(1 + 2 + payload + padding); p = buf; /* Message Type */ diff --git a/test/methtest.c b/test/methtest.c index eb8cb30454..de66c1063b 100644 --- a/test/methtest.c +++ b/test/methtest.c @@ -86,13 +86,13 @@ char *argv[]; METH_arg(tmp2, METH_TYPE_DIR, "/usr/local/ssl/certs"); METH_push(top, METH_X509_CA_BY_SUBJECT, tmp2); -/*- tmp=METH_new(x509_by_issuer_dir); - METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); - METH_push(top,METH_X509_BY_ISSUER,tmp); +/*- tmp=METH_new(x509_by_issuer_dir); + METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); + METH_push(top,METH_X509_BY_ISSUER,tmp); - tmp=METH_new(x509_by_issuer_primary); - METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); - METH_push(top,METH_X509_BY_ISSUER,tmp); + tmp=METH_new(x509_by_issuer_primary); + METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); + METH_push(top,METH_X509_BY_ISSUER,tmp); */ METH_init(top);