From 35a1cc90bc1795e8893c11e442790ee7f659fffb Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Sat, 17 Jan 2015 00:06:54 +0000 Subject: [PATCH] More comment realignment Reviewed-by: Tim Hudson --- apps/gendh.c | 4 +- apps/s_cb.c | 8 +-- apps/s_client.c | 4 +- crypto/bio/b_sock.c | 14 +++--- crypto/bio/bf_null.c | 10 ++-- crypto/bio/bss_acpt.c | 12 ++--- crypto/bn/bn_kron.c | 14 +++--- crypto/bn/bn_print.c | 12 ++--- crypto/bn/bn_sqrt.c | 52 ++++++++++---------- crypto/cast/casttest.c | 6 +-- crypto/des/destest.c | 2 +- crypto/des/enc_read.c | 12 ++--- crypto/des/ofb64ede.c | 4 +- crypto/ec/ecp_nistp256.c | 77 +++++++++++++++-------------- crypto/ec/ecp_nistp521.c | 45 ++++++++--------- crypto/ec/ecp_oct.c | 10 ++-- crypto/ec/ecp_smpl.c | 50 +++++++++---------- crypto/idea/ideatest.c | 6 +-- crypto/lhash/lhash.c | 6 +-- crypto/pem/pem.h | 10 ++-- crypto/rand/randfile.c | 8 +-- crypto/rc2/rc2test.c | 6 +-- crypto/threads/mttest.c | 30 ++++++------ crypto/x509/by_dir.c | 4 +- crypto/x509/x509_lu.c | 4 +- crypto/x509/x509_r2x.c | 4 +- crypto/x509/x509_vfy.c | 18 +++---- crypto/x509/x509name.c | 20 ++++---- crypto/x509v3/v3_utl.c | 10 ++-- demos/engines/zencod/hw_zencod.h | 16 +++--- engines/ccgost/gost_ctl.c | 26 +++++----- engines/e_cswift.c | 10 ++-- ssl/d1_pkt.c | 22 ++++----- ssl/s3_cbc.c | 38 +++++++-------- ssl/s3_clnt.c | 74 ++++++++++++++-------------- ssl/s3_enc.c | 15 +++--- ssl/ssl_lib.c | 8 +-- ssl/ssl_sess.c | 30 ++++++------ ssl/ssl_task.c | 4 +- ssl/ssltest.c | 84 ++++++++++++++++---------------- test/methtest.c | 12 ++--- 41 files changed, 403 insertions(+), 398 deletions(-) diff --git a/apps/gendh.c b/apps/gendh.c index 3455613b4e..bbeba06714 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -120,8 +120,8 @@ int MAIN(int argc, char **argv) outfile = *(++argv); } else if (strcmp(*argv, "-2") == 0) g = 2; - /*- else if (strcmp(*argv,"-3") == 0) - g=3; */ +/*- else if (strcmp(*argv,"-3") == 0) + g=3; */ else if (strcmp(*argv, "-5") == 0) g = 5; # ifndef OPENSSL_NO_ENGINE diff --git a/apps/s_cb.c b/apps/s_cb.c index d043048bad..7227b19c42 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -200,10 +200,10 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) { if (cert_file != NULL) { - /*- - SSL *ssl; - X509 *x509; - */ + /*- + SSL *ssl; + X509 *x509; + */ if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) { diff --git a/apps/s_client.c b/apps/s_client.c index 0b15a5ec6c..e30857f29a 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1749,8 +1749,8 @@ int MAIN(int argc, char **argv) openssl_fdset(SSL_get_fd(con), &writefds); } #endif -/*- printf("mode tty(%d %d%d) ssl(%d%d)\n", - tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ +/*- printf("mode tty(%d %d%d) ssl(%d%d)\n", + tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ /* * Note: under VMS with SOCKETSHR the second parameter is diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index ad33aa1f42..7f7a68c2a8 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -529,13 +529,13 @@ int BIO_socket_ioctl(int fd, long type, void *arg) i = ioctlsocket(fd, type, (char *)arg); # else # if defined(OPENSSL_SYS_VMS) - /*- - * 2011-02-18 SMS. - * VMS ioctl() can't tolerate a 64-bit "void *arg", but we - * observe that all the consumers pass in an "unsigned long *", - * so we arrange a local copy with a short pointer, and use - * that, instead. - */ + /*- + * 2011-02-18 SMS. + * VMS ioctl() can't tolerate a 64-bit "void *arg", but we + * observe that all the consumers pass in an "unsigned long *", + * so we arrange a local copy with a short pointer, and use + * that, instead. + */ # if __INITIAL_POINTER_SIZE == 64 # define ARG arg_32p # pragma pointer_size save diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c index e129dfe1e7..e0c79e8291 100644 --- a/crypto/bio/bf_null.c +++ b/crypto/bio/bf_null.c @@ -103,11 +103,11 @@ static int nullf_free(BIO *a) { if (a == NULL) return (0); - /*- - a->ptr=NULL; - a->init=0; - a->flags=0; - */ + /*- + a->ptr=NULL; + a->init=0; + a->flags=0; + */ return (1); } diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index b514d9e394..5aa06cf167 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -415,12 +415,12 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ret = (long)data->bind_mode; break; case BIO_CTRL_DUP: -/*- dbio=(BIO *)ptr; - if (data->param_port) EAY EAY - BIO_set_port(dbio,data->param_port); - if (data->param_hostname) - BIO_set_hostname(dbio,data->param_hostname); - BIO_set_nbio(dbio,data->nbio); */ +/*- dbio=(BIO *)ptr; + if (data->param_port) EAY EAY + BIO_set_port(dbio,data->param_port); + if (data->param_hostname) + BIO_set_hostname(dbio,data->param_hostname); + BIO_set_nbio(dbio,data->nbio); */ break; default: diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c index 71808321d5..88d731ac75 100644 --- a/crypto/bn/bn_kron.c +++ b/crypto/bn/bn_kron.c @@ -66,13 +66,13 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) int ret = -2; /* avoid 'uninitialized' warning */ int err = 0; BIGNUM *A, *B, *tmp; - /*- - * In 'tab', only odd-indexed entries are relevant: - * For any odd BIGNUM n, - * tab[BN_lsw(n) & 7] - * is $(-1)^{(n^2-1)/8}$ (using TeX notation). - * Note that the sign of n does not matter. - */ + /*- + * In 'tab', only odd-indexed entries are relevant: + * For any odd BIGNUM n, + * tab[BN_lsw(n) & 7] + * is $(-1)^{(n^2-1)/8}$ (using TeX notation). + * Note that the sign of n does not matter. + */ static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 }; bn_check_top(a); diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index d8e5e588a5..0f356c24be 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -106,12 +106,12 @@ char *BN_bn2dec(const BIGNUM *a) BIGNUM *t = NULL; BN_ULONG *bn_data = NULL, *lp; - /*- - * get an upper bound for the length of the decimal integer - * num <= (BN_num_bits(a) + 1) * log(2) - * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) - * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 - */ + /*- + * get an upper bound for the length of the decimal integer + * num <= (BN_num_bits(a) + 1) * log(2) + * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) + * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 + */ i = BN_num_bits(a) * 3; num = (i / 10 + i / 1000 + 1) + 1; bn_data = diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 1b259f31c6..232af99a21 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -152,32 +152,32 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } if (e == 2) { - /*- - * |p| == 5 (mod 8) - * - * In this case 2 is always a non-square since - * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. - * So if a really is a square, then 2*a is a non-square. - * Thus for - * b := (2*a)^((|p|-5)/8), - * i := (2*a)*b^2 - * we have - * i^2 = (2*a)^((1 + (|p|-5)/4)*2) - * = (2*a)^((p-1)/2) - * = -1; - * so if we set - * x := a*b*(i-1), - * then - * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) - * = a^2 * b^2 * (-2*i) - * = a*(-i)*(2*a*b^2) - * = a*(-i)*i - * = a. - * - * (This is due to A.O.L. Atkin, - * , - * November 1992.) - */ + /*- + * |p| == 5 (mod 8) + * + * In this case 2 is always a non-square since + * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. + * So if a really is a square, then 2*a is a non-square. + * Thus for + * b := (2*a)^((|p|-5)/8), + * i := (2*a)*b^2 + * we have + * i^2 = (2*a)^((1 + (|p|-5)/4)*2) + * = (2*a)^((p-1)/2) + * = -1; + * so if we set + * x := a*b*(i-1), + * then + * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) + * = a^2 * b^2 * (-2*i) + * = a*(-i)*(2*a*b^2) + * = a*(-i)*i + * = a. + * + * (This is due to A.O.L. Atkin, + * , + * November 1992.) + */ /* t := 2*a */ if (!BN_mod_lshift1_quick(t, A, p)) diff --git a/crypto/cast/casttest.c b/crypto/cast/casttest.c index b3bd85c520..dc31bc6604 100644 --- a/crypto/cast/casttest.c +++ b/crypto/cast/casttest.c @@ -134,9 +134,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ }; # endif diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 5b7dbc2f44..62cc7a57d1 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -397,7 +397,7 @@ int main(int argc, char *argv[]) DES_ENCRYPT); DES_ede3_cbcm_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2, &ks3, &iv3, &iv2, DES_ENCRYPT); -/*- if (memcmp(cbc_out,cbc3_ok, +/*- if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c index ed44abcaea..fcb66541bd 100644 --- a/crypto/des/enc_read.c +++ b/crypto/des/enc_read.c @@ -205,12 +205,12 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, */ num = len; } else { - /*- - * >output is a multiple of 8 byes, if len < rnum - * >we must be careful. The user must be aware that this - * >routine will write more bytes than he asked for. - * >The length of the buffer must be correct. - * FIXED - Should be ok now 18-9-90 - eay */ + /*- + * >output is a multiple of 8 byes, if len < rnum + * >we must be careful. The user must be aware that this + * >routine will write more bytes than he asked for. + * >The length of the buffer must be correct. + * FIXED - Should be ok now 18-9-90 - eay */ if (len < rnum) { if (DES_rw_mode & DES_PCBC_MODE) diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c index 03399bc297..45c67505a6 100644 --- a/crypto/des/ofb64ede.c +++ b/crypto/des/ofb64ede.c @@ -102,8 +102,8 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in, n = (n + 1) & 0x07; } if (save) { -/*- v0=ti[0]; - v1=ti[1];*/ +/*- v0=ti[0]; + v1=ti[1];*/ iv = &(*ivec)[0]; l2c(v0, iv); l2c(v1, iv); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 51ac99c85b..d485a97fd8 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -432,25 +432,25 @@ static void felem_shrink(smallfelem out, const felem in) /* As tmp[3] < 2^65, high is either 1 or 0 */ high <<= 63; high >>= 63; - /*- - * high is: - * all ones if the high word of tmp[3] is 1 - * all zeros if the high word of tmp[3] if 0 */ + /*- + * high is: + * all ones if the high word of tmp[3] is 1 + * all zeros if the high word of tmp[3] if 0 */ low = tmp[3]; mask = low >> 63; - /*- - * mask is: - * all ones if the MSB of low is 1 - * all zeros if the MSB of low if 0 */ + /*- + * mask is: + * all ones if the MSB of low is 1 + * all zeros if the MSB of low if 0 */ low &= bottom63bits; low -= kPrime3Test; /* if low was greater than kPrime3Test then the MSB is zero */ low = ~low; low >>= 63; - /*- - * low is: - * all ones if low was > kPrime3Test - * all zeros if low was <= kPrime3Test */ + /*- + * low is: + * all ones if low was > kPrime3Test + * all zeros if low was <= kPrime3Test */ mask = (mask & low) | high; tmp[0] -= mask & kPrime[0]; tmp[1] -= mask & kPrime[1]; @@ -790,17 +790,17 @@ static void felem_reduce(felem out, const longfelem in) felem_reduce_(out, in); - /*- - * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 - * out[1] > 2^100 - 2^64 - 7*2^96 > 0 - * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0 - * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0 - * - * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 - * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101 - * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101 - * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101 - */ + /*- + * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 + * out[1] > 2^100 - 2^64 - 7*2^96 > 0 + * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0 + * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0 + * + * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 + * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101 + * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101 + * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101 + */ } /*- @@ -819,17 +819,17 @@ static void felem_reduce_zero105(felem out, const longfelem in) felem_reduce_(out, in); - /*- - * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 - * out[1] > 2^105 - 2^71 - 2^103 > 0 - * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0 - * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0 - * - * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 - * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 - * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106 - * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 - */ + /*- + * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 + * out[1] > 2^105 - 2^71 - 2^103 > 0 + * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0 + * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0 + * + * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 + * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 + * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106 + * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 + */ } /* @@ -1094,7 +1094,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in) * * Building on top of the field operations we have the operations on the * elliptic curve group itself. Points on the curve are represented in Jacobian - * coordinates */ + * coordinates + */ /*- * point_double calculates 2*(x_in, y_in, z_in) @@ -1103,7 +1104,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in) * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b * * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed. - * while x_out == y_in is not (maybe this works, but it's not tested). */ + * while x_out == y_in is not (maybe this works, but it's not tested). + */ static void point_double(felem x_out, felem y_out, felem z_out, const felem x_in, const felem y_in, const felem z_in) @@ -1234,7 +1236,8 @@ static void copy_small_conditional(felem out, const smallfelem in, limb mask) * This function includes a branch for checking whether the two input points * are equal, (while not equal to the point at infinity). This case never * happens during single point multiplication, so there is no timing leak for - * ECDH or ECDSA signing. */ + * ECDH or ECDSA signing. + */ static void point_add(felem x3, felem y3, felem z3, const felem x1, const felem y1, const felem z1, const int mixed, const smallfelem x2, diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index fa6766ec30..360b9a3516 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -414,15 +414,16 @@ static void felem_square(largefelem out, const felem in) felem_scalar(inx2, in, 2); felem_scalar(inx4, in, 4); - /*- - * We have many cases were we want to do - * in[x] * in[y] + - * in[y] * in[x] - * This is obviously just - * 2 * in[x] * in[y] - * However, rather than do the doubling on the 128 bit result, we - * double one of the inputs to the multiplication by reading from - * |inx2| */ + /*- + * We have many cases were we want to do + * in[x] * in[y] + + * in[y] * in[x] + * This is obviously just + * 2 * in[x] * in[y] + * However, rather than do the doubling on the 128 bit result, we + * double one of the inputs to the multiplication by reading from + * |inx2| + */ out[0] = ((uint128_t) in[0]) * in[0]; out[1] = ((uint128_t) in[0]) * inx2[1]; @@ -610,10 +611,10 @@ static void felem_reduce(felem out, const largefelem in) out[1] += ((limb) in[0]) >> 58; out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6; - /*- - * out[1] < 2^58 + 2^6 + 2^58 - * = 2^59 + 2^6 - */ + /*- + * out[1] < 2^58 + 2^6 + 2^58 + * = 2^59 + 2^6 + */ out[2] += ((limb) (in[0] >> 64)) >> 52; out[2] += ((limb) in[1]) >> 58; @@ -642,10 +643,10 @@ static void felem_reduce(felem out, const largefelem in) out[8] += ((limb) in[7]) >> 58; out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6; - /*- - * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 - * < 2^59 + 2^13 - */ + /*- + * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 + * < 2^59 + 2^13 + */ overflow1 = ((limb) (in[7] >> 64)) >> 52; overflow1 += ((limb) in[8]) >> 58; @@ -660,11 +661,11 @@ static void felem_reduce(felem out, const largefelem in) out[1] += out[0] >> 58; out[0] &= bottom58bits; - /*- - * out[0] < 2^58 - * out[1] < 2^59 + 2^6 + 2^13 + 2^2 - * < 2^59 + 2^14 - */ + /*- + * out[0] < 2^58 + * out[1] < 2^59 + 2^6 + 2^13 + 2^2 + * < 2^59 + 2^14 + */ } static void felem_square_reduce(felem out, const felem in) diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index 5ac8533e73..be309cd80a 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -96,11 +96,11 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, if (y == NULL) goto err; - /*- - * Recover y. We have a Weierstrass equation - * y^2 = x^3 + a*x + b, - * so y is one of the square roots of x^3 + a*x + b. - */ + /*- + * Recover y. We have a Weierstrass equation + * y^2 = x^3 + a*x + b, + * so y is one of the square roots of x^3 + a*x + b. + */ /* tmp1 := x^3 */ if (!BN_nnmod(x, x_, group->field, ctx)) diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 34ae6d5ff5..ee0c46841b 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -909,10 +909,10 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, goto err; if (!BN_mod_add_quick(n1, n0, n1, p)) goto err; - /*- - * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) - * = 3 * X_a^2 - 3 * Z_a^4 - */ + /*- + * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) + * = 3 * X_a^2 - 3 * Z_a^4 + */ } else { if (!field_sqr(group, n0, a->X, ctx)) goto err; @@ -1033,15 +1033,15 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, if (Z6 == NULL) goto err; - /*- - * We have a curve defined by a Weierstrass equation - * y^2 = x^3 + a*x + b. - * The point to consider is given in Jacobian projective coordinates - * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). - * Substituting this and multiplying by Z^6 transforms the above equation into - * Y^2 = X^3 + a*X*Z^4 + b*Z^6. - * To test this, we add up the right-hand side in 'rh'. - */ + /*- + * We have a curve defined by a Weierstrass equation + * y^2 = x^3 + a*x + b. + * The point to consider is given in Jacobian projective coordinates + * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). + * Substituting this and multiplying by Z^6 transforms the above equation into + * Y^2 = X^3 + a*X*Z^4 + b*Z^6. + * To test this, we add up the right-hand side in 'rh'. + */ /* rh := X^2 */ if (!field_sqr(group, rh, point->X, ctx)) @@ -1108,12 +1108,12 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { - /*- - * return values: - * -1 error - * 0 equal (in affine coordinates) - * 1 not equal - */ + /*- + * return values: + * -1 error + * 0 equal (in affine coordinates) + * 1 not equal + */ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); @@ -1151,12 +1151,12 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, if (Zb23 == NULL) goto end; - /*- - * We have to decide whether - * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), - * or equivalently, whether - * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). - */ + /*- + * We have to decide whether + * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), + * or equivalently, whether + * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). + */ if (!b->Z_is_one) { if (!field_sqr(group, Zb23, b->Z, ctx)) diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c index d137a8f03a..a967dd58a7 100644 --- a/crypto/idea/ideatest.c +++ b/crypto/idea/ideatest.c @@ -102,9 +102,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ }; static int cfb64_test(unsigned char *cfb_cipher); diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index e33b6fba48..53c5c138bb 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -434,9 +434,9 @@ unsigned long lh_strhash(const char *c) if ((c == NULL) || (*c == '\0')) return (ret); /*- - unsigned char b[16]; - MD5(c,strlen(c),b); - return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); + unsigned char b[16]; + MD5(c,strlen(c),b); + return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); */ n = 0x100; diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index fa042683e5..9aa99be790 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -174,8 +174,8 @@ typedef struct pem_ctx_st { struct { int cipher; /*- - unused, and wrong size - unsigned char iv[8]; */ + unused, and wrong size + unsigned char iv[8]; */ } DEK_info; PEM_USER *originator; @@ -195,9 +195,9 @@ typedef struct pem_ctx_st { EVP_CIPHER *dec; /* date encryption cipher */ int key_len; /* key length */ unsigned char *key; /* key */ - /*- - unused, and wrong size - unsigned char iv[8]; */ + /*- + unused, and wrong size + unsigned char iv[8]; */ int data_enc; /* is the data encrypted */ int data_len; diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 45f8bb8b3d..bec7058525 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -113,10 +113,10 @@ static FILE *(*const vms_fopen)(const char *, const char *, ...) = int RAND_load_file(const char *file, long bytes) { - /*- - * If bytes >= 0, read up to 'bytes' bytes. - * if bytes == -1, read complete file. - */ + /*- + * If bytes >= 0, read up to 'bytes' bytes. + * if bytes == -1, read complete file. + */ MS_STATIC unsigned char buf[BUFSIZE]; #ifndef OPENSSL_NO_POSIX_IO diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c index 8347356312..e61df342ea 100644 --- a/crypto/rc2/rc2test.c +++ b/crypto/rc2/rc2test.c @@ -134,9 +134,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ }; /* diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index eea89d5994..60b0c06417 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -798,23 +798,23 @@ void solaris_locking_callback(int mode, int type, char *file, int line) (type & CRYPTO_READ) ? "r" : "w", file, line); # endif - /*- - if (CRYPTO_LOCK_SSL_CERT == type) - fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", - CRYPTO_thread_id(), - mode,file,line); - */ + /*- + if (CRYPTO_LOCK_SSL_CERT == type) + fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", + CRYPTO_thread_id(), + mode,file,line); + */ if (mode & CRYPTO_LOCK) { /*- - if (mode & CRYPTO_READ) - rw_rdlock(&(lock_cs[type])); - else - rw_wrlock(&(lock_cs[type])); */ + if (mode & CRYPTO_READ) + rw_rdlock(&(lock_cs[type])); + else + rw_wrlock(&(lock_cs[type])); */ mutex_lock(&(lock_cs[type])); lock_count[type]++; } else { -/* rw_unlock(&(lock_cs[type])); */ +/* rw_unlock(&(lock_cs[type])); */ mutex_unlock(&(lock_cs[type])); } } @@ -984,10 +984,10 @@ void pthreads_locking_callback(int mode, int type, char *file, int line) (type & CRYPTO_READ) ? "r" : "w", file, line); # endif /*- - if (CRYPTO_LOCK_SSL_CERT == type) - fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", - CRYPTO_thread_id(), - mode,file,line); + if (CRYPTO_LOCK_SSL_CERT == type) + fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", + CRYPTO_thread_id(), + mode,file,line); */ if (mode & CRYPTO_LOCK) { pthread_mutex_lock(&(lock_cs[type])); diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 369a347a13..80444ffe8a 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -430,8 +430,8 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, * If we were going to up the reference count, we would need to * do it on a perl 'type' basis */ - /*- CRYPTO_add(&tmp->data.x509->references,1, - CRYPTO_LOCK_X509);*/ + /*- CRYPTO_add(&tmp->data.x509->references,1, + CRYPTO_LOCK_X509);*/ goto finish; } } diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index f555aff6b8..85fb59cb13 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -323,8 +323,8 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, return 0; } -/*- if (ret->data.ptr != NULL) - X509_OBJECT_free_contents(ret); */ +/*- if (ret->data.ptr != NULL) + X509_OBJECT_free_contents(ret); */ ret->type = tmp->type; ret->data.ptr = tmp->data.ptr; diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index 40b23e512a..0ff439c99f 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -84,8 +84,8 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) goto err; if (!ASN1_INTEGER_set(xi->version, 2)) goto err; -/*- xi->extensions=ri->attributes; <- bad, should not ever be done - ri->attributes=NULL; */ +/*- xi->extensions=ri->attributes; <- bad, should not ever be done + ri->attributes=NULL; */ } xn = X509_REQ_get_subject_name(r); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index bfb7c89bd7..f5da926a12 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -549,15 +549,15 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) int allow_proxy_certs; cb = ctx->verify_cb; - /*- - * must_be_ca can have 1 of 3 values: - * -1: we accept both CA and non-CA certificates, to allow direct - * use of self-signed certificates (which are marked as CA). - * 0: we only accept non-CA certificates. This is currently not - * used, but the possibility is present for future extensions. - * 1: we only accept CA certificates. This is currently used for - * all certificates in the chain except the leaf certificate. - */ + /*- + * must_be_ca can have 1 of 3 values: + * -1: we accept both CA and non-CA certificates, to allow direct + * use of self-signed certificates (which are marked as CA). + * 0: we only accept non-CA certificates. This is currently not + * used, but the possibility is present for future extensions. + * 1: we only accept CA certificates. This is currently used for + * all certificates in the chain except the leaf certificate. + */ must_be_ca = -1; /* CRL path validation */ diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index fc0475f7c2..6ea601f962 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -162,16 +162,16 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) set_prev = ret->set - 1; set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set; - /*- - * set_prev is the previous set - * set is the current set - * set_next is the following - * prev 1 1 1 1 1 1 1 1 - * set 1 1 2 2 - * next 1 1 2 2 2 2 3 2 - * so basically only if prev and next differ by 2, then - * re-number down by 1 - */ + /*- + * set_prev is the previous set + * set is the current set + * set_next is the following + * prev 1 1 1 1 1 1 1 1 + * set 1 1 2 2 + * next 1 1 2 2 2 2 3 2 + * so basically only if prev and next differ by 2, then + * re-number down by 1 + */ if (set_prev + 1 < set_next) for (i = loc; i < n; i++) sk_X509_NAME_ENTRY_value(sk, i)->set--; diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 48bddb2e66..f65323be05 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -808,11 +808,11 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, if (p[i] == '*') { int atstart = (state & LABEL_START); int atend = (i == len - 1 || p[i + i] == '.'); - /*- - * At most one wildcard per pattern. - * No wildcards in IDNA labels. - * No wildcards after the first label. - */ + /*- + * At most one wildcard per pattern. + * No wildcards in IDNA labels. + * No wildcards after the first label. + */ if (star != NULL || (state & LABEL_IDNA) != 0 || dots) return NULL; /* Only full-label '*.example.com' wildcards? */ diff --git a/demos/engines/zencod/hw_zencod.h b/demos/engines/zencod/hw_zencod.h index e586d1ae9a..80baa6f96f 100644 --- a/demos/engines/zencod/hw_zencod.h +++ b/demos/engines/zencod/hw_zencod.h @@ -106,14 +106,14 @@ extern "C" { /* * Functions for Digest (MD5, SHA1) stuff */ -/* output : output data buffer */ -/* input : input data buffer */ -/* algo : hash algorithm, MD5 or SHA1 */ -/*- - * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ; - * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ; - */ -/* For now separate this stuff that mad it easier to test */ + /* output : output data buffer */ + /* input : input data buffer */ + /* algo : hash algorithm, MD5 or SHA1 */ + /*- + * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ; + * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ; + */ + /* For now separate this stuff that mad it easier to test */ typedef int t_zencod_md5_init(ZEN_MD_DATA *data); typedef int t_zencod_md5_update(ZEN_MD_DATA *data, const KEY * input); typedef int t_zencod_md5_do_final(ZEN_MD_DATA *data, KEY * output); diff --git a/engines/ccgost/gost_ctl.c b/engines/ccgost/gost_ctl.c index 58b5c2b615..6c93c4584d 100644 --- a/engines/ccgost/gost_ctl.c +++ b/engines/ccgost/gost_ctl.c @@ -18,20 +18,20 @@ static char *gost_params[GOST_PARAM_MAX + 1] = { NULL }; static const char *gost_envnames[] = { "CRYPT_PARAMS" }; const ENGINE_CMD_DEFN gost_cmds[] = { -/*- { GOST_CTRL_RNG, - "RNG", - "Type of random number generator to use", - ENGINE_CMD_FLAG_STRING - }, - { GOST_CTRL_RNG_PARAMS, - "RNG_PARAMS", - "Parameter for random number generator", - ENGINE_CMD_FLAG_STRING - }, +/*- { GOST_CTRL_RNG, + "RNG", + "Type of random number generator to use", + ENGINE_CMD_FLAG_STRING + }, + { GOST_CTRL_RNG_PARAMS, + "RNG_PARAMS", + "Parameter for random number generator", + ENGINE_CMD_FLAG_STRING + }, */ {GOST_CTRL_CRYPT_PARAMS, - "CRYPT_PARAMS", - "OID of default GOST 28147-89 parameters", - ENGINE_CMD_FLAG_STRING}, + "CRYPT_PARAMS", + "OID of default GOST 28147-89 parameters", + ENGINE_CMD_FLAG_STRING}, {0, NULL, NULL, 0} }; diff --git a/engines/e_cswift.c b/engines/e_cswift.c index 70c2f226c3..c429802d5f 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -1037,11 +1037,11 @@ static int cswift_rand_bytes(unsigned char *buf, int num) while (num >= (int)sizeof(buf32)) { largenum.value = buf; largenum.nbytes = sizeof(buf32); - /*- - * tell CryptoSwift how many bytes we want and where we want it. - * Note: - CryptoSwift cannot do more than 4096 bytes at a time. - * - CryptoSwift can only do multiple of 32-bits. - */ + /*- + * tell CryptoSwift how many bytes we want and where we want it. + * Note: - CryptoSwift cannot do more than 4096 bytes at a time. + * - CryptoSwift can only do multiple of 32-bits. + */ swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1); if (swrc != SW_OK) { diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index e4ae19f383..598002b15f 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -433,12 +433,12 @@ static int dtls1_process_record(SSL *s) rr->orig_len = rr->length; enc_err = s->method->ssl3_enc->enc(s, 0); - /*- - * enc_err is: - * 0: (in non-constant time) if the record is publically invalid. - * 1: if the padding is valid - * -1: if the padding is invalid - */ + /*- + * enc_err is: + * 0: (in non-constant time) if the record is publically invalid. + * 1: if the padding is valid + * -1: if the padding is invalid + */ if (enc_err == 0) { /* For DTLS we simply ignore bad packets. */ rr->length = 0; @@ -1046,11 +1046,11 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } - /*- - * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; - * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) - */ + /*- + * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; + * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. + * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) + */ /* If we are a client, check for an incoming 'Hello Request': */ if ((!s->server) && diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index dda425a390..e5a04ace60 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -754,25 +754,25 @@ void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) return; block_size = EVP_MD_CTX_block_size(mac_ctx); - /*- - * We are in FIPS mode if we get this far so we know we have only SHA* - * digests and TLS to deal with. - * Minimum digest padding length is 17 for SHA384/SHA512 and 9 - * otherwise. - * Additional header is 13 bytes. To get the number of digest blocks - * processed round up the amount of data plus padding to the nearest - * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. - * So we have: - * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size - * equivalently: - * blocks = (payload_len + digest_pad + 12)/block_size + 1 - * HMAC adds a constant overhead. - * We're ultimately only interested in differences so this becomes - * blocks = (payload_len + 29)/128 - * for SHA384/SHA512 and - * blocks = (payload_len + 21)/64 - * otherwise. - */ + /*- + * We are in FIPS mode if we get this far so we know we have only SHA* + * digests and TLS to deal with. + * Minimum digest padding length is 17 for SHA384/SHA512 and 9 + * otherwise. + * Additional header is 13 bytes. To get the number of digest blocks + * processed round up the amount of data plus padding to the nearest + * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. + * So we have: + * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size + * equivalently: + * blocks = (payload_len + digest_pad + 12)/block_size + 1 + * HMAC adds a constant overhead. + * We're ultimately only interested in differences so this becomes + * blocks = (payload_len + 29)/128 + * for SHA384/SHA512 and + * blocks = (payload_len + 21)/64 + * otherwise. + */ digest_pad = block_size == 64 ? 21 : 29; blocks_orig = (orig_len + digest_pad) / block_size; blocks_data = (data_len + digest_pad) / block_size; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 900389e9df..93518b89b3 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -725,36 +725,36 @@ int ssl3_client_hello(SSL *s) /* Do the message type and length last */ d = p = ssl_handshake_start(s); - /*- - * version indicates the negotiated version: for example from - * an SSLv2/v3 compatible client hello). The client_version - * field is the maximum version we permit and it is also - * used in RSA encrypted premaster secrets. Some servers can - * choke if we initially report a higher version then - * renegotiate to a lower one in the premaster secret. This - * didn't happen with TLS 1.0 as most servers supported it - * but it can with TLS 1.1 or later if the server only supports - * 1.0. - * - * Possible scenario with previous logic: - * 1. Client hello indicates TLS 1.2 - * 2. Server hello says TLS 1.0 - * 3. RSA encrypted premaster secret uses 1.2. - * 4. Handhaked proceeds using TLS 1.0. - * 5. Server sends hello request to renegotiate. - * 6. Client hello indicates TLS v1.0 as we now - * know that is maximum server supports. - * 7. Server chokes on RSA encrypted premaster secret - * containing version 1.0. - * - * For interoperability it should be OK to always use the - * maximum version we support in client hello and then rely - * on the checking of version to ensure the servers isn't - * being inconsistent: for example initially negotiating with - * TLS 1.0 and renegotiating with TLS 1.2. We do this by using - * client_version in client hello and not resetting it to - * the negotiated version. - */ + /*- + * version indicates the negotiated version: for example from + * an SSLv2/v3 compatible client hello). The client_version + * field is the maximum version we permit and it is also + * used in RSA encrypted premaster secrets. Some servers can + * choke if we initially report a higher version then + * renegotiate to a lower one in the premaster secret. This + * didn't happen with TLS 1.0 as most servers supported it + * but it can with TLS 1.1 or later if the server only supports + * 1.0. + * + * Possible scenario with previous logic: + * 1. Client hello indicates TLS 1.2 + * 2. Server hello says TLS 1.0 + * 3. RSA encrypted premaster secret uses 1.2. + * 4. Handhaked proceeds using TLS 1.0. + * 5. Server sends hello request to renegotiate. + * 6. Client hello indicates TLS v1.0 as we now + * know that is maximum server supports. + * 7. Server chokes on RSA encrypted premaster secret + * containing version 1.0. + * + * For interoperability it should be OK to always use the + * maximum version we support in client hello and then rely + * on the checking of version to ensure the servers isn't + * being inconsistent: for example initially negotiating with + * TLS 1.0 and renegotiating with TLS 1.2. We do this by using + * client_version in client hello and not resetting it to + * the negotiated version. + */ #if 0 *(p++) = s->version >> 8; *(p++) = s->version & 0xff; @@ -2514,13 +2514,13 @@ int ssl3_send_client_key_exchange(SSL *s) if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) goto err; - /*- - * 20010420 VRS. Tried it this way; failed. - * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - * kssl_ctx->length); - * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ + /*- + * 20010420 VRS. Tried it this way; failed. + * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); + * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, + * kssl_ctx->length); + * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); + */ memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 54e48c3e1f..8dda5d0735 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -748,13 +748,14 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) * are hashing because that gives an attacker a timing-oracle. */ - /*- - * npad is, at most, 48 bytes and that's with MD5: - * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. - * - * With SHA-1 (the largest hash speced for SSLv3) the hash size - * goes up 4, but npad goes down by 8, resulting in a smaller - * total size. */ + /*- + * npad is, at most, 48 bytes and that's with MD5: + * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. + * + * With SHA-1 (the largest hash speced for SSLv3) the hash size + * goes up 4, but npad goes down by 8, resulting in a smaller + * total size. + */ unsigned char header[75]; unsigned j = 0; memcpy(header + j, mac_sec, md_size); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c3e497d2b6..d777935b32 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1913,11 +1913,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->references = 1; ret->quiet_shutdown = 0; -/* ret->cipher=NULL;*/ +/* ret->cipher=NULL;*/ /*- - ret->s2->challenge=NULL; - ret->master_key=NULL; - ret->s2->conn_id=NULL; */ + ret->s2->challenge=NULL; + ret->master_key=NULL; + ret->s2->conn_id=NULL; */ ret->info_callback = NULL; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 1061b833c4..0eda59e1e7 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -325,21 +325,21 @@ int ssl_get_new_session(SSL *s, int session) return (0); } #ifndef OPENSSL_NO_TLSEXT - /*- - * If RFC5077 ticket, use empty session ID (as server). - * Note that: - * (a) ssl_get_prev_session() does lookahead into the - * ClientHello extensions to find the session ticket. - * When ssl_get_prev_session() fails, s3_srvr.c calls - * ssl_get_new_session() in ssl3_get_client_hello(). - * At that point, it has not yet parsed the extensions, - * however, because of the lookahead, it already knows - * whether a ticket is expected or not. - * - * (b) s3_clnt.c calls ssl_get_new_session() before parsing - * ServerHello extensions, and before recording the session - * ID received from the server, so this block is a noop. - */ + /*- + * If RFC5077 ticket, use empty session ID (as server). + * Note that: + * (a) ssl_get_prev_session() does lookahead into the + * ClientHello extensions to find the session ticket. + * When ssl_get_prev_session() fails, s3_srvr.c calls + * ssl_get_new_session() in ssl3_get_client_hello(). + * At that point, it has not yet parsed the extensions, + * however, because of the lookahead, it already knows + * whether a ticket is expected or not. + * + * (b) s3_clnt.c calls ssl_get_new_session() before parsing + * ServerHello extensions, and before recording the session + * ID received from the server, so this block is a noop. + */ if (s->tlsext_ticket_expected) { ss->session_id_length = 0; goto sess_id_done; diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index 3c5295daf4..f0ed4e40bf 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -288,8 +288,8 @@ int doit(io_channel chan, SSL_CTX *s_ctx) if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; /*- original, DRM 24-SEP-1997 - BIO_set_fd ( c_to_s, "", chan ); - BIO_set_fd ( s_to_c, "", chan ); + BIO_set_fd ( c_to_s, "", chan ); + BIO_set_fd ( s_to_c, "", chan ); */ BIO_set_fd(c_to_s, 0, chan); BIO_set_fd(s_to_c, 0, chan); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index a6f338cf11..9290ca2173 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1845,40 +1845,40 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); do { - /*- - * c_ssl_bio: SSL filter BIO - * - * client: pseudo-I/O for SSL library - * - * client_io: client's SSL communication; usually to be - * relayed over some I/O facility, but in this - * test program, we're the server, too: - * - * server_io: server's SSL communication - * - * server: pseudo-I/O for SSL library - * - * s_ssl_bio: SSL filter BIO - * - * The client and the server each employ a "BIO pair": - * client + client_io, server + server_io. - * BIO pairs are symmetric. A BIO pair behaves similar - * to a non-blocking socketpair (but both endpoints must - * be handled by the same thread). - * [Here we could connect client and server to the ends - * of a single BIO pair, but then this code would be less - * suitable as an example for BIO pairs in general.] - * - * Useful functions for querying the state of BIO pair endpoints: - * - * BIO_ctrl_pending(bio) number of bytes we can read now - * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil - * other side's read attempt - * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now - * - * ..._read_request is never more than ..._write_guarantee; - * it depends on the application which one you should use. - */ + /*- + * c_ssl_bio: SSL filter BIO + * + * client: pseudo-I/O for SSL library + * + * client_io: client's SSL communication; usually to be + * relayed over some I/O facility, but in this + * test program, we're the server, too: + * + * server_io: server's SSL communication + * + * server: pseudo-I/O for SSL library + * + * s_ssl_bio: SSL filter BIO + * + * The client and the server each employ a "BIO pair": + * client + client_io, server + server_io. + * BIO pairs are symmetric. A BIO pair behaves similar + * to a non-blocking socketpair (but both endpoints must + * be handled by the same thread). + * [Here we could connect client and server to the ends + * of a single BIO pair, but then this code would be less + * suitable as an example for BIO pairs in general.] + * + * Useful functions for querying the state of BIO pair endpoints: + * + * BIO_ctrl_pending(bio) number of bytes we can read now + * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil + * other side's read attempt + * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now + * + * ..._read_request is never more than ..._write_guarantee; + * it depends on the application which one you should use. + */ /* * We have non-blocking behaviour throughout this test program, but @@ -2266,10 +2266,10 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) printf("server waiting in SSL_accept - %s\n", SSL_state_string_long(s_ssl)); /*- - else if (s_write) - printf("server:SSL_write()\n"); - else - printf("server:SSL_read()\n"); */ + else if (s_write) + printf("server:SSL_write()\n"); + else + printf("server:SSL_read()\n"); */ } if (do_client && debug) { @@ -2277,10 +2277,10 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) printf("client waiting in SSL_connect - %s\n", SSL_state_string_long(c_ssl)); /*- - else if (c_write) - printf("client:SSL_write()\n"); - else - printf("client:SSL_read()\n"); */ + else if (c_write) + printf("client:SSL_write()\n"); + else + printf("client:SSL_read()\n"); */ } if (!do_client && !do_server) { diff --git a/test/methtest.c b/test/methtest.c index eb8cb30454..de66c1063b 100644 --- a/test/methtest.c +++ b/test/methtest.c @@ -86,13 +86,13 @@ char *argv[]; METH_arg(tmp2, METH_TYPE_DIR, "/usr/local/ssl/certs"); METH_push(top, METH_X509_CA_BY_SUBJECT, tmp2); -/*- tmp=METH_new(x509_by_issuer_dir); - METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); - METH_push(top,METH_X509_BY_ISSUER,tmp); +/*- tmp=METH_new(x509_by_issuer_dir); + METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); + METH_push(top,METH_X509_BY_ISSUER,tmp); - tmp=METH_new(x509_by_issuer_primary); - METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); - METH_push(top,METH_X509_BY_ISSUER,tmp); + tmp=METH_new(x509_by_issuer_primary); + METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); + METH_push(top,METH_X509_BY_ISSUER,tmp); */ METH_init(top); -- 2.25.1