コミット: 35a1cc90bc1795e8893c11e442790ee7f659fffb - Openssl (git)

R/O
HTTP
SSH
HTTPS

コミット

コミットメタ情報

リビジョン	35a1cc90bc1795e8893c11e442790ee7f659fffb (tree)
日時	2015-01-22 18:20:10
作者	Matt Caswell <matt@open...>
コミッター	Matt Caswell

ログメッセージ

More comment realignment

Reviewed-by: Tim Hudson <tjh@openssl.org>

変更サマリ

modified: apps/gendh.c (diff)
modified: apps/s_cb.c (diff)
modified: apps/s_client.c (diff)
modified: crypto/bio/b_sock.c (diff)
modified: crypto/bio/bf_null.c (diff)
modified: crypto/bio/bss_acpt.c (diff)
modified: crypto/bn/bn_kron.c (diff)
modified: crypto/bn/bn_print.c (diff)
modified: crypto/bn/bn_sqrt.c (diff)
modified: crypto/cast/casttest.c (diff)
modified: crypto/des/destest.c (diff)
modified: crypto/des/enc_read.c (diff)
modified: crypto/des/ofb64ede.c (diff)
modified: crypto/ec/ecp_nistp256.c (diff)
modified: crypto/ec/ecp_nistp521.c (diff)
modified: crypto/ec/ecp_oct.c (diff)
modified: crypto/ec/ecp_smpl.c (diff)
modified: crypto/idea/ideatest.c (diff)
modified: crypto/lhash/lhash.c (diff)
modified: crypto/pem/pem.h (diff)
modified: crypto/rand/randfile.c (diff)
modified: crypto/rc2/rc2test.c (diff)
modified: crypto/threads/mttest.c (diff)
modified: crypto/x509/by_dir.c (diff)
modified: crypto/x509/x509_lu.c (diff)
modified: crypto/x509/x509_r2x.c (diff)
modified: crypto/x509/x509_vfy.c (diff)
modified: crypto/x509/x509name.c (diff)
modified: crypto/x509v3/v3_utl.c (diff)
modified: demos/engines/zencod/hw_zencod.h (diff)
modified: engines/ccgost/gost_ctl.c (diff)
modified: engines/e_cswift.c (diff)
modified: ssl/d1_pkt.c (diff)
modified: ssl/s3_cbc.c (diff)
modified: ssl/s3_clnt.c (diff)
modified: ssl/s3_enc.c (diff)
modified: ssl/ssl_lib.c (diff)
modified: ssl/ssl_sess.c (diff)
modified: ssl/ssl_task.c (diff)
modified: ssl/ssltest.c (diff)
modified: test/methtest.c (diff)

差分

--- a/apps/gendh.c

+++ b/apps/gendh.c

		@@ -120,8 +120,8 @@ int MAIN(int argc, char **argv)
120	120	outfile = *(++argv);
121	121	} else if (strcmp(*argv, "-2") == 0)
122	122	g = 2;
123		- /- else if (strcmp(argv,"-3") == 0)
124		- g=3; */
	123	+/- else if (strcmp(argv,"-3") == 0)
	124	+ g=3; */
125	125	else if (strcmp(*argv, "-5") == 0)
126	126	g = 5;
127	127	# ifndef OPENSSL_NO_ENGINE

--- a/apps/s_cb.c

+++ b/apps/s_cb.c

		@@ -200,10 +200,10 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
200	200	int set_cert_stuff(SSL_CTX ctx, char cert_file, char *key_file)
201	201	{
202	202	if (cert_file != NULL) {
203		- /*-
204		- SSL *ssl;
205		- X509 *x509;
206		- */
	203	+ /*-
	204	+ SSL *ssl;
	205	+ X509 *x509;
	206	+ */
207	207
208	208	if (SSL_CTX_use_certificate_file(ctx, cert_file,
209	209	SSL_FILETYPE_PEM) <= 0) {

--- a/apps/s_client.c

+++ b/apps/s_client.c

		@@ -1749,8 +1749,8 @@ int MAIN(int argc, char **argv)
1749	1749	openssl_fdset(SSL_get_fd(con), &writefds);
1750	1750	}
1751	1751	#endif
1752		-/*- printf("mode tty(%d %d%d) ssl(%d%d)\n",
1753		- tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
	1752	+/*- printf("mode tty(%d %d%d) ssl(%d%d)\n",
	1753	+ tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
1754	1754
1755	1755	/*
1756	1756	* Note: under VMS with SOCKETSHR the second parameter is

--- a/crypto/bio/b_sock.c

+++ b/crypto/bio/b_sock.c

		@@ -529,13 +529,13 @@ int BIO_socket_ioctl(int fd, long type, void *arg)
529	529	i = ioctlsocket(fd, type, (char *)arg);
530	530	# else
531	531	# if defined(OPENSSL_SYS_VMS)
532		- /*-
533		- * 2011-02-18 SMS.
534		- * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
535		- * observe that all the consumers pass in an "unsigned long *",
536		- * so we arrange a local copy with a short pointer, and use
537		- * that, instead.
538		- */
	532	+ /*-
	533	+ * 2011-02-18 SMS.
	534	+ * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
	535	+ * observe that all the consumers pass in an "unsigned long *",
	536	+ * so we arrange a local copy with a short pointer, and use
	537	+ * that, instead.
	538	+ */
539	539	# if __INITIAL_POINTER_SIZE == 64
540	540	# define ARG arg_32p
541	541	# pragma pointer_size save

--- a/crypto/bio/bf_null.c

+++ b/crypto/bio/bf_null.c

		@@ -103,11 +103,11 @@ static int nullf_free(BIO *a)
103	103	{
104	104	if (a == NULL)
105	105	return (0);
106		- /*-
107		- a->ptr=NULL;
108		- a->init=0;
109		- a->flags=0;
110		- */
	106	+ /*-
	107	+ a->ptr=NULL;
	108	+ a->init=0;
	109	+ a->flags=0;
	110	+ */
111	111	return (1);
112	112	}
113	113

--- a/crypto/bio/bss_acpt.c

+++ b/crypto/bio/bss_acpt.c

		@@ -415,12 +415,12 @@ static long acpt_ctrl(BIO b, int cmd, long num, void ptr)
415	415	ret = (long)data->bind_mode;
416	416	break;
417	417	case BIO_CTRL_DUP:
418		-/- dbio=(BIO )ptr;
419		- if (data->param_port) EAY EAY
420		- BIO_set_port(dbio,data->param_port);
421		- if (data->param_hostname)
422		- BIO_set_hostname(dbio,data->param_hostname);
423		- BIO_set_nbio(dbio,data->nbio); */
	418	+/- dbio=(BIO )ptr;
	419	+ if (data->param_port) EAY EAY
	420	+ BIO_set_port(dbio,data->param_port);
	421	+ if (data->param_hostname)
	422	+ BIO_set_hostname(dbio,data->param_hostname);
	423	+ BIO_set_nbio(dbio,data->nbio); */
424	424	break;
425	425
426	426	default:

--- a/crypto/bn/bn_kron.c

+++ b/crypto/bn/bn_kron.c

		@@ -66,13 +66,13 @@ int BN_kronecker(const BIGNUM a, const BIGNUM b, BN_CTX *ctx)
66	66	int ret = -2; /* avoid 'uninitialized' warning */
67	67	int err = 0;
68	68	BIGNUM A, B, *tmp;
69		- /*-
70		- * In 'tab', only odd-indexed entries are relevant:
71		- * For any odd BIGNUM n,
72		- * tab[BN_lsw(n) & 7]
73		- * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
74		- * Note that the sign of n does not matter.
75		- */
	69	+ /*-
	70	+ * In 'tab', only odd-indexed entries are relevant:
	71	+ * For any odd BIGNUM n,
	72	+ * tab[BN_lsw(n) & 7]
	73	+ * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
	74	+ * Note that the sign of n does not matter.
	75	+ */
76	76	static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 };
77	77
78	78	bn_check_top(a);

--- a/crypto/bn/bn_print.c

+++ b/crypto/bn/bn_print.c

		@@ -106,12 +106,12 @@ char BN_bn2dec(const BIGNUM a)
106	106	BIGNUM *t = NULL;
107	107	BN_ULONG bn_data = NULL, lp;
108	108
109		- /*-
110		- * get an upper bound for the length of the decimal integer
111		- * num <= (BN_num_bits(a) + 1) * log(2)
112		- * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
113		- * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
114		- */
	109	+ /*-
	110	+ * get an upper bound for the length of the decimal integer
	111	+ * num <= (BN_num_bits(a) + 1) * log(2)
	112	+ * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
	113	+ * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
	114	+ */
115	115	i = BN_num_bits(a) * 3;
116	116	num = (i / 10 + i / 1000 + 1) + 1;
117	117	bn_data =

--- a/crypto/bn/bn_sqrt.c

+++ b/crypto/bn/bn_sqrt.c

		@@ -152,32 +152,32 @@ BIGNUM BN_mod_sqrt(BIGNUM in, const BIGNUM a, const BIGNUM p, BN_CTX *ctx)
152	152	}
153	153
154	154	if (e == 2) {
155		- /*-
156		- * \|p\| == 5 (mod 8)
157		- *
158		- * In this case 2 is always a non-square since
159		- * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime.
160		- * So if a really is a square, then 2*a is a non-square.
161		- * Thus for
162		- * b := (2*a)^((\|p\|-5)/8),
163		- * i := (2a)b^2
164		- * we have
165		- * i^2 = (2a)^((1 + (\|p\|-5)/4)2)
166		- * = (2*a)^((p-1)/2)
167		- * = -1;
168		- * so if we set
169		- * x := ab(i-1),
170		- * then
171		- * x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
172		- * = a^2 * b^2 * (-2*i)
173		- * = a(-i)(2ab^2)
174		- * = a(-i)i
175		- * = a.
176		- *
177		- * (This is due to A.O.L. Atkin,
178		- * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
179		- * November 1992.)
180		- */
	155	+ /*-
	156	+ * \|p\| == 5 (mod 8)
	157	+ *
	158	+ * In this case 2 is always a non-square since
	159	+ * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime.
	160	+ * So if a really is a square, then 2*a is a non-square.
	161	+ * Thus for
	162	+ * b := (2*a)^((\|p\|-5)/8),
	163	+ * i := (2a)b^2
	164	+ * we have
	165	+ * i^2 = (2a)^((1 + (\|p\|-5)/4)2)
	166	+ * = (2*a)^((p-1)/2)
	167	+ * = -1;
	168	+ * so if we set
	169	+ * x := ab(i-1),
	170	+ * then
	171	+ * x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
	172	+ * = a^2 * b^2 * (-2*i)
	173	+ * = a(-i)(2ab^2)
	174	+ * = a(-i)i
	175	+ * = a.
	176	+ *
	177	+ * (This is due to A.O.L. Atkin,
	178	+ * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
	179	+ * November 1992.)
	180	+ */
181	181
182	182	/* t := 2a /
183	183	if (!BN_mod_lshift1_quick(t, A, p))

--- a/crypto/cast/casttest.c

+++ b/crypto/cast/casttest.c

		@@ -134,9 +134,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = {
134	134	0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
135	135	0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
136	136	0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
137		-/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
138		- 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
139		- 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
	137	+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
	138	+ 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
	139	+ 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
140	140	};
141	141	# endif
142	142

--- a/crypto/des/destest.c

+++ b/crypto/des/destest.c

		@@ -397,7 +397,7 @@ int main(int argc, char *argv[])
397	397	DES_ENCRYPT);
398	398	DES_ede3_cbcm_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2,
399	399	&ks3, &iv3, &iv2, DES_ENCRYPT);
400		-/*- if (memcmp(cbc_out,cbc3_ok,
	400	+/*- if (memcmp(cbc_out,cbc3_ok,
401	401	(unsigned int)(strlen((char )cbc_data)+1+7)/88) != 0)
402	402	{
403	403	printf("des_ede3_cbc_encrypt encrypt error\n");

--- a/crypto/des/enc_read.c

+++ b/crypto/des/enc_read.c

		@@ -205,12 +205,12 @@ int DES_enc_read(int fd, void buf, int len, DES_key_schedule sched,
205	205	*/
206	206	num = len;
207	207	} else {
208		- /*-
209		- * >output is a multiple of 8 byes, if len < rnum
210		- * >we must be careful. The user must be aware that this
211		- * >routine will write more bytes than he asked for.
212		- * >The length of the buffer must be correct.
213		- * FIXED - Should be ok now 18-9-90 - eay */
	208	+ /*-
	209	+ * >output is a multiple of 8 byes, if len < rnum
	210	+ * >we must be careful. The user must be aware that this
	211	+ * >routine will write more bytes than he asked for.
	212	+ * >The length of the buffer must be correct.
	213	+ * FIXED - Should be ok now 18-9-90 - eay */
214	214	if (len < rnum) {
215	215
216	216	if (DES_rw_mode & DES_PCBC_MODE)

--- a/crypto/des/ofb64ede.c

+++ b/crypto/des/ofb64ede.c

		@@ -102,8 +102,8 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in,
102	102	n = (n + 1) & 0x07;
103	103	}
104	104	if (save) {
105		-/*- v0=ti[0];
106		- v1=ti[1];*/
	105	+/*- v0=ti[0];
	106	+ v1=ti[1];*/
107	107	iv = &(*ivec)[0];
108	108	l2c(v0, iv);
109	109	l2c(v1, iv);

--- a/crypto/ec/ecp_nistp256.c

+++ b/crypto/ec/ecp_nistp256.c

		@@ -432,25 +432,25 @@ static void felem_shrink(smallfelem out, const felem in)
432	432	/* As tmp[3] < 2^65, high is either 1 or 0 */
433	433	high <<= 63;
434	434	high >>= 63;
435		- /*-
436		- * high is:
437		- * all ones if the high word of tmp[3] is 1
438		- * all zeros if the high word of tmp[3] if 0 */
	435	+ /*-
	436	+ * high is:
	437	+ * all ones if the high word of tmp[3] is 1
	438	+ * all zeros if the high word of tmp[3] if 0 */
439	439	low = tmp[3];
440	440	mask = low >> 63;
441		- /*-
442		- * mask is:
443		- * all ones if the MSB of low is 1
444		- * all zeros if the MSB of low if 0 */
	441	+ /*-
	442	+ * mask is:
	443	+ * all ones if the MSB of low is 1
	444	+ * all zeros if the MSB of low if 0 */
445	445	low &= bottom63bits;
446	446	low -= kPrime3Test;
447	447	/* if low was greater than kPrime3Test then the MSB is zero */
448	448	low = ~low;
449	449	low >>= 63;
450		- /*-
451		- * low is:
452		- * all ones if low was > kPrime3Test
453		- * all zeros if low was <= kPrime3Test */
	450	+ /*-
	451	+ * low is:
	452	+ * all ones if low was > kPrime3Test
	453	+ * all zeros if low was <= kPrime3Test */
454	454	mask = (mask & low) \| high;
455	455	tmp[0] -= mask & kPrime[0];
456	456	tmp[1] -= mask & kPrime[1];

		@@ -790,17 +790,17 @@ static void felem_reduce(felem out, const longfelem in)
790	790
791	791	felem_reduce_(out, in);
792	792
793		- /*-
794		- * out[0] > 2^100 - 2^36 - 2^4 - 32^64 - 32^96 - 2^64 - 2^96 > 0
795		- * out[1] > 2^100 - 2^64 - 7*2^96 > 0
796		- * out[2] > 2^100 - 2^36 + 2^4 - 52^64 - 52^96 > 0
797		- * out[3] > 2^100 - 2^36 + 2^4 - 72^64 - 52^96 - 3*2^96 > 0
798		- *
799		- * out[0] < 2^100 + 2^64 + 72^64 + 52^96 < 2^101
800		- * out[1] < 2^100 + 32^64 + 52^64 + 3*2^97 < 2^101
801		- * out[2] < 2^100 + 52^64 + 2^64 + 32^65 + 2^97 < 2^101
802		- * out[3] < 2^100 + 72^64 + 72^96 + 3*2^64 < 2^101
803		- */
	793	+ /*-
	794	+ * out[0] > 2^100 - 2^36 - 2^4 - 32^64 - 32^96 - 2^64 - 2^96 > 0
	795	+ * out[1] > 2^100 - 2^64 - 7*2^96 > 0
	796	+ * out[2] > 2^100 - 2^36 + 2^4 - 52^64 - 52^96 > 0
	797	+ * out[3] > 2^100 - 2^36 + 2^4 - 72^64 - 52^96 - 3*2^96 > 0
	798	+ *
	799	+ * out[0] < 2^100 + 2^64 + 72^64 + 52^96 < 2^101
	800	+ * out[1] < 2^100 + 32^64 + 52^64 + 3*2^97 < 2^101
	801	+ * out[2] < 2^100 + 52^64 + 2^64 + 32^65 + 2^97 < 2^101
	802	+ * out[3] < 2^100 + 72^64 + 72^96 + 3*2^64 < 2^101
	803	+ */
804	804	}
805	805
806	806	/*-

		@@ -819,17 +819,17 @@ static void felem_reduce_zero105(felem out, const longfelem in)
819	819
820	820	felem_reduce_(out, in);
821	821
822		- /*-
823		- * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0
824		- * out[1] > 2^105 - 2^71 - 2^103 > 0
825		- * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0
826		- * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0
827		- *
828		- * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
829		- * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
830		- * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106
831		- * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106
832		- */
	822	+ /*-
	823	+ * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0
	824	+ * out[1] > 2^105 - 2^71 - 2^103 > 0
	825	+ * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0
	826	+ * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0
	827	+ *
	828	+ * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
	829	+ * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
	830	+ * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106
	831	+ * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106
	832	+ */
833	833	}
834	834
835	835	/*

		@@ -1094,7 +1094,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in)
1094	1094	*
1095	1095	* Building on top of the field operations we have the operations on the
1096	1096	* elliptic curve group itself. Points on the curve are represented in Jacobian
1097		- * coordinates */
	1097	+ * coordinates
	1098	+ */
1098	1099
1099	1100	/*-
1100	1101	* point_double calculates 2*(x_in, y_in, z_in)

		@@ -1103,7 +1104,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in)
1103	1104	* http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
1104	1105	*
1105	1106	* Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
1106		- * while x_out == y_in is not (maybe this works, but it's not tested). */
	1107	+ * while x_out == y_in is not (maybe this works, but it's not tested).
	1108	+ */
1107	1109	static void
1108	1110	point_double(felem x_out, felem y_out, felem z_out,
1109	1111	const felem x_in, const felem y_in, const felem z_in)

		@@ -1234,7 +1236,8 @@ static void copy_small_conditional(felem out, const smallfelem in, limb mask)
1234	1236	* This function includes a branch for checking whether the two input points
1235	1237	* are equal, (while not equal to the point at infinity). This case never
1236	1238	* happens during single point multiplication, so there is no timing leak for
1237		- * ECDH or ECDSA signing. */
	1239	+ * ECDH or ECDSA signing.
	1240	+ */
1238	1241	static void point_add(felem x3, felem y3, felem z3,
1239	1242	const felem x1, const felem y1, const felem z1,
1240	1243	const int mixed, const smallfelem x2,

--- a/crypto/ec/ecp_nistp521.c

+++ b/crypto/ec/ecp_nistp521.c

		@@ -414,15 +414,16 @@ static void felem_square(largefelem out, const felem in)
414	414	felem_scalar(inx2, in, 2);
415	415	felem_scalar(inx4, in, 4);
416	416
417		- /*-
418		- * We have many cases were we want to do
419		- * in[x] * in[y] +
420		- * in[y] * in[x]
421		- * This is obviously just
422		- * 2 * in[x] * in[y]
423		- * However, rather than do the doubling on the 128 bit result, we
424		- * double one of the inputs to the multiplication by reading from
425		- * \|inx2\| */
	417	+ /*-
	418	+ * We have many cases were we want to do
	419	+ * in[x] * in[y] +
	420	+ * in[y] * in[x]
	421	+ * This is obviously just
	422	+ * 2 * in[x] * in[y]
	423	+ * However, rather than do the doubling on the 128 bit result, we
	424	+ * double one of the inputs to the multiplication by reading from
	425	+ * \|inx2\|
	426	+ */
426	427
427	428	out[0] = ((uint128_t) in[0]) * in[0];
428	429	out[1] = ((uint128_t) in[0]) * inx2[1];

		@@ -610,10 +611,10 @@ static void felem_reduce(felem out, const largefelem in)
610	611
611	612	out[1] += ((limb) in[0]) >> 58;
612	613	out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6;
613		- /*-
614		- * out[1] < 2^58 + 2^6 + 2^58
615		- * = 2^59 + 2^6
616		- */
	614	+ /*-
	615	+ * out[1] < 2^58 + 2^6 + 2^58
	616	+ * = 2^59 + 2^6
	617	+ */
617	618	out[2] += ((limb) (in[0] >> 64)) >> 52;
618	619
619	620	out[2] += ((limb) in[1]) >> 58;

		@@ -642,10 +643,10 @@ static void felem_reduce(felem out, const largefelem in)
642	643
643	644	out[8] += ((limb) in[7]) >> 58;
644	645	out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6;
645		- /*-
646		- * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
647		- * < 2^59 + 2^13
648		- */
	646	+ /*-
	647	+ * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
	648	+ * < 2^59 + 2^13
	649	+ */
649	650	overflow1 = ((limb) (in[7] >> 64)) >> 52;
650	651
651	652	overflow1 += ((limb) in[8]) >> 58;

		@@ -660,11 +661,11 @@ static void felem_reduce(felem out, const largefelem in)
660	661
661	662	out[1] += out[0] >> 58;
662	663	out[0] &= bottom58bits;
663		- /*-
664		- * out[0] < 2^58
665		- * out[1] < 2^59 + 2^6 + 2^13 + 2^2
666		- * < 2^59 + 2^14
667		- */
	664	+ /*-
	665	+ * out[0] < 2^58
	666	+ * out[1] < 2^59 + 2^6 + 2^13 + 2^2
	667	+ * < 2^59 + 2^14
	668	+ */
668	669	}
669	670
670	671	static void felem_square_reduce(felem out, const felem in)

--- a/crypto/ec/ecp_oct.c

+++ b/crypto/ec/ecp_oct.c

		@@ -96,11 +96,11 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
96	96	if (y == NULL)
97	97	goto err;
98	98
99		- /*-
100		- * Recover y. We have a Weierstrass equation
101		- * y^2 = x^3 + a*x + b,
102		- * so y is one of the square roots of x^3 + a*x + b.
103		- */
	99	+ /*-
	100	+ * Recover y. We have a Weierstrass equation
	101	+ * y^2 = x^3 + a*x + b,
	102	+ * so y is one of the square roots of x^3 + a*x + b.
	103	+ */
104	104
105	105	/* tmp1 := x^3 */
106	106	if (!BN_nnmod(x, x_, group->field, ctx))

--- a/crypto/ec/ecp_smpl.c

+++ b/crypto/ec/ecp_smpl.c

		@@ -909,10 +909,10 @@ int ec_GFp_simple_dbl(const EC_GROUP group, EC_POINT r, const EC_POINT *a,
909	909	goto err;
910	910	if (!BN_mod_add_quick(n1, n0, n1, p))
911	911	goto err;
912		- /*-
913		- * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
914		- * = 3 * X_a^2 - 3 * Z_a^4
915		- */
	912	+ /*-
	913	+ * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
	914	+ * = 3 * X_a^2 - 3 * Z_a^4
	915	+ */
916	916	} else {
917	917	if (!field_sqr(group, n0, a->X, ctx))
918	918	goto err;

		@@ -1033,15 +1033,15 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP group, const EC_POINT point,
1033	1033	if (Z6 == NULL)
1034	1034	goto err;
1035	1035
1036		- /*-
1037		- * We have a curve defined by a Weierstrass equation
1038		- * y^2 = x^3 + a*x + b.
1039		- * The point to consider is given in Jacobian projective coordinates
1040		- * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3).
1041		- * Substituting this and multiplying by Z^6 transforms the above equation into
1042		- * Y^2 = X^3 + aXZ^4 + b*Z^6.
1043		- * To test this, we add up the right-hand side in 'rh'.
1044		- */
	1036	+ /*-
	1037	+ * We have a curve defined by a Weierstrass equation
	1038	+ * y^2 = x^3 + a*x + b.
	1039	+ * The point to consider is given in Jacobian projective coordinates
	1040	+ * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3).
	1041	+ * Substituting this and multiplying by Z^6 transforms the above equation into
	1042	+ * Y^2 = X^3 + aXZ^4 + b*Z^6.
	1043	+ * To test this, we add up the right-hand side in 'rh'.
	1044	+ */
1045	1045
1046	1046	/* rh := X^2 */
1047	1047	if (!field_sqr(group, rh, point->X, ctx))

		@@ -1108,12 +1108,12 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP group, const EC_POINT point,
1108	1108	int ec_GFp_simple_cmp(const EC_GROUP group, const EC_POINT a,
1109	1109	const EC_POINT b, BN_CTX ctx)
1110	1110	{
1111		- /*-
1112		- * return values:
1113		- * -1 error
1114		- * 0 equal (in affine coordinates)
1115		- * 1 not equal
1116		- */
	1111	+ /*-
	1112	+ * return values:
	1113	+ * -1 error
	1114	+ * 0 equal (in affine coordinates)
	1115	+ * 1 not equal
	1116	+ */
1117	1117
1118	1118	int (field_mul) (const EC_GROUP , BIGNUM , const BIGNUM ,
1119	1119	const BIGNUM , BN_CTX );

		@@ -1151,12 +1151,12 @@ int ec_GFp_simple_cmp(const EC_GROUP group, const EC_POINT a,
1151	1151	if (Zb23 == NULL)
1152	1152	goto end;
1153	1153
1154		- /*-
1155		- * We have to decide whether
1156		- * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
1157		- * or equivalently, whether
1158		- * (X_aZ_b^2, Y_aZ_b^3) = (X_bZ_a^2, Y_bZ_a^3).
1159		- */
	1154	+ /*-
	1155	+ * We have to decide whether
	1156	+ * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
	1157	+ * or equivalently, whether
	1158	+ * (X_aZ_b^2, Y_aZ_b^3) = (X_bZ_a^2, Y_bZ_a^3).
	1159	+ */
1160	1160
1161	1161	if (!b->Z_is_one) {
1162	1162	if (!field_sqr(group, Zb23, b->Z, ctx))

--- a/crypto/idea/ideatest.c

+++ b/crypto/idea/ideatest.c

		@@ -102,9 +102,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = {
102	102	0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
103	103	0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
104	104	0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
105		-/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
106		- 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
107		- 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
	105	+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
	106	+ 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
	107	+ 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
108	108	};
109	109
110	110	static int cfb64_test(unsigned char *cfb_cipher);

--- a/crypto/lhash/lhash.c

+++ b/crypto/lhash/lhash.c

		@@ -434,9 +434,9 @@ unsigned long lh_strhash(const char *c)
434	434	if ((c == NULL) \|\| (*c == '\0'))
435	435	return (ret);
436	436	/*-
437		- unsigned char b[16];
438		- MD5(c,strlen(c),b);
439		- return(b[0]\|(b[1]<<8)\|(b[2]<<16)\|(b[3]<<24));
	437	+ unsigned char b[16];
	438	+ MD5(c,strlen(c),b);
	439	+ return(b[0]\|(b[1]<<8)\|(b[2]<<16)\|(b[3]<<24));
440	440	*/
441	441
442	442	n = 0x100;

--- a/crypto/pem/pem.h

+++ b/crypto/pem/pem.h

		@@ -174,8 +174,8 @@ typedef struct pem_ctx_st {
174	174	struct {
175	175	int cipher;
176	176	/*-
177		- unused, and wrong size
178		- unsigned char iv[8]; */
	177	+ unused, and wrong size
	178	+ unsigned char iv[8]; */
179	179	} DEK_info;
180	180
181	181	PEM_USER *originator;

		@@ -195,9 +195,9 @@ typedef struct pem_ctx_st {
195	195	EVP_CIPHER dec; / date encryption cipher */
196	196	int key_len; /* key length */
197	197	unsigned char key; / key */
198		- /*-
199		- unused, and wrong size
200		- unsigned char iv[8]; */
	198	+ /*-
	199	+ unused, and wrong size
	200	+ unsigned char iv[8]; */
201	201
202	202	int data_enc; /* is the data encrypted */
203	203	int data_len;

--- a/crypto/rand/randfile.c

+++ b/crypto/rand/randfile.c

		@@ -113,10 +113,10 @@ static FILE (const vms_fopen)(const char , const char , ...) =
113	113
114	114	int RAND_load_file(const char *file, long bytes)
115	115	{
116		- /*-
117		- * If bytes >= 0, read up to 'bytes' bytes.
118		- * if bytes == -1, read complete file.
119		- */
	116	+ /*-
	117	+ * If bytes >= 0, read up to 'bytes' bytes.
	118	+ * if bytes == -1, read complete file.
	119	+ */
120	120
121	121	MS_STATIC unsigned char buf[BUFSIZE];
122	122	#ifndef OPENSSL_NO_POSIX_IO

--- a/crypto/rc2/rc2test.c

+++ b/crypto/rc2/rc2test.c

		@@ -134,9 +134,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = {
134	134	0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
135	135	0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
136	136	0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
137		-/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
138		- 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
139		- 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
	137	+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
	138	+ 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
	139	+ 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
140	140	};
141	141
142	142	/*

--- a/crypto/threads/mttest.c

+++ b/crypto/threads/mttest.c

		@@ -798,23 +798,23 @@ void solaris_locking_callback(int mode, int type, char *file, int line)
798	798	(type & CRYPTO_READ) ? "r" : "w", file, line);
799	799	# endif
800	800
801		- /*-
802		- if (CRYPTO_LOCK_SSL_CERT == type)
803		- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
804		- CRYPTO_thread_id(),
805		- mode,file,line);
806		- */
	801	+ /*-
	802	+ if (CRYPTO_LOCK_SSL_CERT == type)
	803	+ fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
	804	+ CRYPTO_thread_id(),
	805	+ mode,file,line);
	806	+ */
807	807	if (mode & CRYPTO_LOCK) {
808	808	/*-
809		- if (mode & CRYPTO_READ)
810		- rw_rdlock(&(lock_cs[type]));
811		- else
812		- rw_wrlock(&(lock_cs[type])); */
	809	+ if (mode & CRYPTO_READ)
	810	+ rw_rdlock(&(lock_cs[type]));
	811	+ else
	812	+ rw_wrlock(&(lock_cs[type])); */
813	813
814	814	mutex_lock(&(lock_cs[type]));
815	815	lock_count[type]++;
816	816	} else {
817		-/* rw_unlock(&(lock_cs[type])); */
	817	+/* rw_unlock(&(lock_cs[type])); */
818	818	mutex_unlock(&(lock_cs[type]));
819	819	}
820	820	}

		@@ -984,10 +984,10 @@ void pthreads_locking_callback(int mode, int type, char *file, int line)
984	984	(type & CRYPTO_READ) ? "r" : "w", file, line);
985	985	# endif
986	986	/*-
987		- if (CRYPTO_LOCK_SSL_CERT == type)
988		- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
989		- CRYPTO_thread_id(),
990		- mode,file,line);
	987	+ if (CRYPTO_LOCK_SSL_CERT == type)
	988	+ fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
	989	+ CRYPTO_thread_id(),
	990	+ mode,file,line);
991	991	*/
992	992	if (mode & CRYPTO_LOCK) {
993	993	pthread_mutex_lock(&(lock_cs[type]));

--- a/crypto/x509/by_dir.c

+++ b/crypto/x509/by_dir.c

		@@ -430,8 +430,8 @@ static int get_cert_by_subject(X509_LOOKUP xl, int type, X509_NAME name,
430	430	* If we were going to up the reference count, we would need to
431	431	* do it on a perl 'type' basis
432	432	*/
433		- /*- CRYPTO_add(&tmp->data.x509->references,1,
434		- CRYPTO_LOCK_X509);*/
	433	+ /*- CRYPTO_add(&tmp->data.x509->references,1,
	434	+ CRYPTO_LOCK_X509);*/
435	435	goto finish;
436	436	}
437	437	}

--- a/crypto/x509/x509_lu.c

+++ b/crypto/x509/x509_lu.c

		@@ -323,8 +323,8 @@ int X509_STORE_get_by_subject(X509_STORE_CTX vs, int type, X509_NAME name,
323	323	return 0;
324	324	}
325	325
326		-/*- if (ret->data.ptr != NULL)
327		- X509_OBJECT_free_contents(ret); */
	326	+/*- if (ret->data.ptr != NULL)
	327	+ X509_OBJECT_free_contents(ret); */
328	328
329	329	ret->type = tmp->type;
330	330	ret->data.ptr = tmp->data.ptr;

--- a/crypto/x509/x509_r2x.c

+++ b/crypto/x509/x509_r2x.c

		@@ -84,8 +84,8 @@ X509 X509_REQ_to_X509(X509_REQ r, int days, EVP_PKEY *pkey)
84	84	goto err;
85	85	if (!ASN1_INTEGER_set(xi->version, 2))
86	86	goto err;
87		-/*- xi->extensions=ri->attributes; <- bad, should not ever be done
88		- ri->attributes=NULL; */
	87	+/*- xi->extensions=ri->attributes; <- bad, should not ever be done
	88	+ ri->attributes=NULL; */
89	89	}
90	90
91	91	xn = X509_REQ_get_subject_name(r);

--- a/crypto/x509/x509_vfy.c

+++ b/crypto/x509/x509_vfy.c

		@@ -549,15 +549,15 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
549	549	int allow_proxy_certs;
550	550	cb = ctx->verify_cb;
551	551
552		- /*-
553		- * must_be_ca can have 1 of 3 values:
554		- * -1: we accept both CA and non-CA certificates, to allow direct
555		- * use of self-signed certificates (which are marked as CA).
556		- * 0: we only accept non-CA certificates. This is currently not
557		- * used, but the possibility is present for future extensions.
558		- * 1: we only accept CA certificates. This is currently used for
559		- * all certificates in the chain except the leaf certificate.
560		- */
	552	+ /*-
	553	+ * must_be_ca can have 1 of 3 values:
	554	+ * -1: we accept both CA and non-CA certificates, to allow direct
	555	+ * use of self-signed certificates (which are marked as CA).
	556	+ * 0: we only accept non-CA certificates. This is currently not
	557	+ * used, but the possibility is present for future extensions.
	558	+ * 1: we only accept CA certificates. This is currently used for
	559	+ * all certificates in the chain except the leaf certificate.
	560	+ */
561	561	must_be_ca = -1;
562	562
563	563	/* CRL path validation */

--- a/crypto/x509/x509name.c

+++ b/crypto/x509/x509name.c

		@@ -162,16 +162,16 @@ X509_NAME_ENTRY X509_NAME_delete_entry(X509_NAME name, int loc)
162	162	set_prev = ret->set - 1;
163	163	set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set;
164	164
165		- /*-
166		- * set_prev is the previous set
167		- * set is the current set
168		- * set_next is the following
169		- * prev 1 1 1 1 1 1 1 1
170		- * set 1 1 2 2
171		- * next 1 1 2 2 2 2 3 2
172		- * so basically only if prev and next differ by 2, then
173		- * re-number down by 1
174		- */
	165	+ /*-
	166	+ * set_prev is the previous set
	167	+ * set is the current set
	168	+ * set_next is the following
	169	+ * prev 1 1 1 1 1 1 1 1
	170	+ * set 1 1 2 2
	171	+ * next 1 1 2 2 2 2 3 2
	172	+ * so basically only if prev and next differ by 2, then
	173	+ * re-number down by 1
	174	+ */
175	175	if (set_prev + 1 < set_next)
176	176	for (i = loc; i < n; i++)
177	177	sk_X509_NAME_ENTRY_value(sk, i)->set--;

--- a/crypto/x509v3/v3_utl.c

+++ b/crypto/x509v3/v3_utl.c

		@@ -808,11 +808,11 @@ static const unsigned char valid_star(const unsigned char p, size_t len,
808	808	if (p[i] == '*') {
809	809	int atstart = (state & LABEL_START);
810	810	int atend = (i == len - 1 \|\| p[i + i] == '.');
811		- /*-
812		- * At most one wildcard per pattern.
813		- * No wildcards in IDNA labels.
814		- * No wildcards after the first label.
815		- */
	811	+ /*-
	812	+ * At most one wildcard per pattern.
	813	+ * No wildcards in IDNA labels.
	814	+ * No wildcards after the first label.
	815	+ */
816	816	if (star != NULL \|\| (state & LABEL_IDNA) != 0 \|\| dots)
817	817	return NULL;
818	818	/* Only full-label '.example.com' wildcards? /

--- a/demos/engines/zencod/hw_zencod.h

+++ b/demos/engines/zencod/hw_zencod.h

		@@ -106,14 +106,14 @@ extern "C" {
106	106	/*
107	107	* Functions for Digest (MD5, SHA1) stuff
108	108	*/
109		-/* output : output data buffer */
110		-/* input : input data buffer */
111		-/* algo : hash algorithm, MD5 or SHA1 */
112		-/*-
113		- * typedef int t_zencod_hash ( KEY output, const KEY input, int algo ) ;
114		- * typedef int t_zencod_sha_hash ( KEY output, const KEY input, int algo ) ;
115		- */
116		-/* For now separate this stuff that mad it easier to test */
	109	+ /* output : output data buffer */
	110	+ /* input : input data buffer */
	111	+ /* algo : hash algorithm, MD5 or SHA1 */
	112	+ /*-
	113	+ * typedef int t_zencod_hash ( KEY output, const KEY input, int algo ) ;
	114	+ * typedef int t_zencod_sha_hash ( KEY output, const KEY input, int algo ) ;
	115	+ */
	116	+ /* For now separate this stuff that mad it easier to test */
117	117	typedef int t_zencod_md5_init(ZEN_MD_DATA *data);
118	118	typedef int t_zencod_md5_update(ZEN_MD_DATA data, const KEY input);
119	119	typedef int t_zencod_md5_do_final(ZEN_MD_DATA data, KEY output);

--- a/engines/ccgost/gost_ctl.c

+++ b/engines/ccgost/gost_ctl.c

		@@ -18,20 +18,20 @@ static char *gost_params[GOST_PARAM_MAX + 1] = { NULL };
18	18	static const char *gost_envnames[] = { "CRYPT_PARAMS" };
19	19
20	20	const ENGINE_CMD_DEFN gost_cmds[] = {
21		-/*- { GOST_CTRL_RNG,
22		- "RNG",
23		- "Type of random number generator to use",
24		- ENGINE_CMD_FLAG_STRING
25		- },
26		- { GOST_CTRL_RNG_PARAMS,
27		- "RNG_PARAMS",
28		- "Parameter for random number generator",
29		- ENGINE_CMD_FLAG_STRING
30		- },
	21	+/*- { GOST_CTRL_RNG,
	22	+ "RNG",
	23	+ "Type of random number generator to use",
	24	+ ENGINE_CMD_FLAG_STRING
	25	+ },
	26	+ { GOST_CTRL_RNG_PARAMS,
	27	+ "RNG_PARAMS",
	28	+ "Parameter for random number generator",
	29	+ ENGINE_CMD_FLAG_STRING
	30	+ },
31	31	*/ {GOST_CTRL_CRYPT_PARAMS,
32		- "CRYPT_PARAMS",
33		- "OID of default GOST 28147-89 parameters",
34		- ENGINE_CMD_FLAG_STRING},
	32	+ "CRYPT_PARAMS",
	33	+ "OID of default GOST 28147-89 parameters",
	34	+ ENGINE_CMD_FLAG_STRING},
35	35	{0, NULL, NULL, 0}
36	36	};
37	37

--- a/engines/e_cswift.c

+++ b/engines/e_cswift.c

		@@ -1037,11 +1037,11 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
1037	1037	while (num >= (int)sizeof(buf32)) {
1038	1038	largenum.value = buf;
1039	1039	largenum.nbytes = sizeof(buf32);
1040		- /*-
1041		- * tell CryptoSwift how many bytes we want and where we want it.
1042		- * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
1043		- * - CryptoSwift can only do multiple of 32-bits.
1044		- */
	1040	+ /*-
	1041	+ * tell CryptoSwift how many bytes we want and where we want it.
	1042	+ * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
	1043	+ * - CryptoSwift can only do multiple of 32-bits.
	1044	+ */
1045	1045	swrc =
1046	1046	p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
1047	1047	if (swrc != SW_OK) {

--- a/ssl/d1_pkt.c

+++ b/ssl/d1_pkt.c

		@@ -433,12 +433,12 @@ static int dtls1_process_record(SSL *s)
433	433	rr->orig_len = rr->length;
434	434
435	435	enc_err = s->method->ssl3_enc->enc(s, 0);
436		- /*-
437		- * enc_err is:
438		- * 0: (in non-constant time) if the record is publically invalid.
439		- * 1: if the padding is valid
440		- * -1: if the padding is invalid
441		- */
	436	+ /*-
	437	+ * enc_err is:
	438	+ * 0: (in non-constant time) if the record is publically invalid.
	439	+ * 1: if the padding is valid
	440	+ * -1: if the padding is invalid
	441	+ */
442	442	if (enc_err == 0) {
443	443	/* For DTLS we simply ignore bad packets. */
444	444	rr->length = 0;

		@@ -1046,11 +1046,11 @@ int dtls1_read_bytes(SSL s, int type, unsigned char buf, int len, int peek)
1046	1046	}
1047	1047	}
1048	1048
1049		- /*-
1050		- * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
1051		- * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
1052		- * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
1053		- */
	1049	+ /*-
	1050	+ * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
	1051	+ * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
	1052	+ * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
	1053	+ */
1054	1054
1055	1055	/* If we are a client, check for an incoming 'Hello Request': */
1056	1056	if ((!s->server) &&

--- a/ssl/s3_cbc.c

+++ b/ssl/s3_cbc.c

		@@ -754,25 +754,25 @@ void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
754	754	if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
755	755	return;
756	756	block_size = EVP_MD_CTX_block_size(mac_ctx);
757		- /*-
758		- * We are in FIPS mode if we get this far so we know we have only SHA*
759		- * digests and TLS to deal with.
760		- * Minimum digest padding length is 17 for SHA384/SHA512 and 9
761		- * otherwise.
762		- * Additional header is 13 bytes. To get the number of digest blocks
763		- * processed round up the amount of data plus padding to the nearest
764		- * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
765		- * So we have:
766		- * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
767		- * equivalently:
768		- * blocks = (payload_len + digest_pad + 12)/block_size + 1
769		- * HMAC adds a constant overhead.
770		- * We're ultimately only interested in differences so this becomes
771		- * blocks = (payload_len + 29)/128
772		- * for SHA384/SHA512 and
773		- * blocks = (payload_len + 21)/64
774		- * otherwise.
775		- */
	757	+ /*-
	758	+ * We are in FIPS mode if we get this far so we know we have only SHA*
	759	+ * digests and TLS to deal with.
	760	+ * Minimum digest padding length is 17 for SHA384/SHA512 and 9
	761	+ * otherwise.
	762	+ * Additional header is 13 bytes. To get the number of digest blocks
	763	+ * processed round up the amount of data plus padding to the nearest
	764	+ * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
	765	+ * So we have:
	766	+ * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
	767	+ * equivalently:
	768	+ * blocks = (payload_len + digest_pad + 12)/block_size + 1
	769	+ * HMAC adds a constant overhead.
	770	+ * We're ultimately only interested in differences so this becomes
	771	+ * blocks = (payload_len + 29)/128
	772	+ * for SHA384/SHA512 and
	773	+ * blocks = (payload_len + 21)/64
	774	+ * otherwise.
	775	+ */
776	776	digest_pad = block_size == 64 ? 21 : 29;
777	777	blocks_orig = (orig_len + digest_pad) / block_size;
778	778	blocks_data = (data_len + digest_pad) / block_size;

--- a/ssl/s3_clnt.c

+++ b/ssl/s3_clnt.c

		@@ -725,36 +725,36 @@ int ssl3_client_hello(SSL *s)
725	725	/* Do the message type and length last */
726	726	d = p = ssl_handshake_start(s);
727	727
728		- /*-
729		- * version indicates the negotiated version: for example from
730		- * an SSLv2/v3 compatible client hello). The client_version
731		- * field is the maximum version we permit and it is also
732		- * used in RSA encrypted premaster secrets. Some servers can
733		- * choke if we initially report a higher version then
734		- * renegotiate to a lower one in the premaster secret. This
735		- * didn't happen with TLS 1.0 as most servers supported it
736		- * but it can with TLS 1.1 or later if the server only supports
737		- * 1.0.
738		- *
739		- * Possible scenario with previous logic:
740		- * 1. Client hello indicates TLS 1.2
741		- * 2. Server hello says TLS 1.0
742		- * 3. RSA encrypted premaster secret uses 1.2.
743		- * 4. Handhaked proceeds using TLS 1.0.
744		- * 5. Server sends hello request to renegotiate.
745		- * 6. Client hello indicates TLS v1.0 as we now
746		- * know that is maximum server supports.
747		- * 7. Server chokes on RSA encrypted premaster secret
748		- * containing version 1.0.
749		- *
750		- * For interoperability it should be OK to always use the
751		- * maximum version we support in client hello and then rely
752		- * on the checking of version to ensure the servers isn't
753		- * being inconsistent: for example initially negotiating with
754		- * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
755		- * client_version in client hello and not resetting it to
756		- * the negotiated version.
757		- */
	728	+ /*-
	729	+ * version indicates the negotiated version: for example from
	730	+ * an SSLv2/v3 compatible client hello). The client_version
	731	+ * field is the maximum version we permit and it is also
	732	+ * used in RSA encrypted premaster secrets. Some servers can
	733	+ * choke if we initially report a higher version then
	734	+ * renegotiate to a lower one in the premaster secret. This
	735	+ * didn't happen with TLS 1.0 as most servers supported it
	736	+ * but it can with TLS 1.1 or later if the server only supports
	737	+ * 1.0.
	738	+ *
	739	+ * Possible scenario with previous logic:
	740	+ * 1. Client hello indicates TLS 1.2
	741	+ * 2. Server hello says TLS 1.0
	742	+ * 3. RSA encrypted premaster secret uses 1.2.
	743	+ * 4. Handhaked proceeds using TLS 1.0.
	744	+ * 5. Server sends hello request to renegotiate.
	745	+ * 6. Client hello indicates TLS v1.0 as we now
	746	+ * know that is maximum server supports.
	747	+ * 7. Server chokes on RSA encrypted premaster secret
	748	+ * containing version 1.0.
	749	+ *
	750	+ * For interoperability it should be OK to always use the
	751	+ * maximum version we support in client hello and then rely
	752	+ * on the checking of version to ensure the servers isn't
	753	+ * being inconsistent: for example initially negotiating with
	754	+ * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
	755	+ * client_version in client hello and not resetting it to
	756	+ * the negotiated version.
	757	+ */
758	758	#if 0
759	759	*(p++) = s->version >> 8;
760	760	*(p++) = s->version & 0xff;

		@@ -2514,13 +2514,13 @@ int ssl3_send_client_key_exchange(SSL *s)
2514	2514	if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
2515	2515	goto err;
2516	2516
2517		- /*-
2518		- * 20010420 VRS. Tried it this way; failed.
2519		- * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
2520		- * EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
2521		- * kssl_ctx->length);
2522		- * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
2523		- */
	2517	+ /*-
	2518	+ * 20010420 VRS. Tried it this way; failed.
	2519	+ * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
	2520	+ * EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
	2521	+ * kssl_ctx->length);
	2522	+ * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
	2523	+ */
2524	2524
2525	2525	memset(iv, 0, sizeof iv); /* per RFC 1510 */
2526	2526	EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);

--- a/ssl/s3_enc.c

+++ b/ssl/s3_enc.c

		@@ -748,13 +748,14 @@ int n_ssl3_mac(SSL ssl, unsigned char md, int send)
748	748	* are hashing because that gives an attacker a timing-oracle.
749	749	*/
750	750
751		- /*-
752		- * npad is, at most, 48 bytes and that's with MD5:
753		- * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
754		- *
755		- * With SHA-1 (the largest hash speced for SSLv3) the hash size
756		- * goes up 4, but npad goes down by 8, resulting in a smaller
757		- * total size. */
	751	+ /*-
	752	+ * npad is, at most, 48 bytes and that's with MD5:
	753	+ * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
	754	+ *
	755	+ * With SHA-1 (the largest hash speced for SSLv3) the hash size
	756	+ * goes up 4, but npad goes down by 8, resulting in a smaller
	757	+ * total size.
	758	+ */
758	759	unsigned char header[75];
759	760	unsigned j = 0;
760	761	memcpy(header + j, mac_sec, md_size);

--- a/ssl/ssl_lib.c

+++ b/ssl/ssl_lib.c

		@@ -1913,11 +1913,11 @@ SSL_CTX SSL_CTX_new(const SSL_METHOD meth)
1913	1913	ret->references = 1;
1914	1914	ret->quiet_shutdown = 0;
1915	1915
1916		-/* ret->cipher=NULL;*/
	1916	+/* ret->cipher=NULL;*/
1917	1917	/*-
1918		- ret->s2->challenge=NULL;
1919		- ret->master_key=NULL;
1920		- ret->s2->conn_id=NULL; */
	1918	+ ret->s2->challenge=NULL;
	1919	+ ret->master_key=NULL;
	1920	+ ret->s2->conn_id=NULL; */
1921	1921
1922	1922	ret->info_callback = NULL;
1923	1923

--- a/ssl/ssl_sess.c

+++ b/ssl/ssl_sess.c

		@@ -325,21 +325,21 @@ int ssl_get_new_session(SSL *s, int session)
325	325	return (0);
326	326	}
327	327	#ifndef OPENSSL_NO_TLSEXT
328		- /*-
329		- * If RFC5077 ticket, use empty session ID (as server).
330		- * Note that:
331		- * (a) ssl_get_prev_session() does lookahead into the
332		- * ClientHello extensions to find the session ticket.
333		- * When ssl_get_prev_session() fails, s3_srvr.c calls
334		- * ssl_get_new_session() in ssl3_get_client_hello().
335		- * At that point, it has not yet parsed the extensions,
336		- * however, because of the lookahead, it already knows
337		- * whether a ticket is expected or not.
338		- *
339		- * (b) s3_clnt.c calls ssl_get_new_session() before parsing
340		- * ServerHello extensions, and before recording the session
341		- * ID received from the server, so this block is a noop.
342		- */
	328	+ /*-
	329	+ * If RFC5077 ticket, use empty session ID (as server).
	330	+ * Note that:
	331	+ * (a) ssl_get_prev_session() does lookahead into the
	332	+ * ClientHello extensions to find the session ticket.
	333	+ * When ssl_get_prev_session() fails, s3_srvr.c calls
	334	+ * ssl_get_new_session() in ssl3_get_client_hello().
	335	+ * At that point, it has not yet parsed the extensions,
	336	+ * however, because of the lookahead, it already knows
	337	+ * whether a ticket is expected or not.
	338	+ *
	339	+ * (b) s3_clnt.c calls ssl_get_new_session() before parsing
	340	+ * ServerHello extensions, and before recording the session
	341	+ * ID received from the server, so this block is a noop.
	342	+ */
343	343	if (s->tlsext_ticket_expected) {
344	344	ss->session_id_length = 0;
345	345	goto sess_id_done;

--- a/ssl/ssl_task.c

+++ b/ssl/ssl_task.c

		@@ -288,8 +288,8 @@ int doit(io_channel chan, SSL_CTX *s_ctx)
288	288	if ((s_to_c == NULL) \|\| (c_to_s == NULL))
289	289	goto err;
290	290	/*- original, DRM 24-SEP-1997
291		- BIO_set_fd ( c_to_s, "", chan );
292		- BIO_set_fd ( s_to_c, "", chan );
	291	+ BIO_set_fd ( c_to_s, "", chan );
	292	+ BIO_set_fd ( s_to_c, "", chan );
293	293	*/
294	294	BIO_set_fd(c_to_s, 0, chan);
295	295	BIO_set_fd(s_to_c, 0, chan);

--- a/ssl/ssltest.c

+++ b/ssl/ssltest.c

		@@ -1845,40 +1845,40 @@ int doit_biopair(SSL s_ssl, SSL c_ssl, long count,
1845	1845	(void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1846	1846
1847	1847	do {
1848		- /*-
1849		- * c_ssl_bio: SSL filter BIO
1850		- *
1851		- * client: pseudo-I/O for SSL library
1852		- *
1853		- * client_io: client's SSL communication; usually to be
1854		- * relayed over some I/O facility, but in this
1855		- * test program, we're the server, too:
1856		- *
1857		- * server_io: server's SSL communication
1858		- *
1859		- * server: pseudo-I/O for SSL library
1860		- *
1861		- * s_ssl_bio: SSL filter BIO
1862		- *
1863		- * The client and the server each employ a "BIO pair":
1864		- * client + client_io, server + server_io.
1865		- * BIO pairs are symmetric. A BIO pair behaves similar
1866		- * to a non-blocking socketpair (but both endpoints must
1867		- * be handled by the same thread).
1868		- * [Here we could connect client and server to the ends
1869		- * of a single BIO pair, but then this code would be less
1870		- * suitable as an example for BIO pairs in general.]
1871		- *
1872		- * Useful functions for querying the state of BIO pair endpoints:
1873		- *
1874		- * BIO_ctrl_pending(bio) number of bytes we can read now
1875		- * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
1876		- * other side's read attempt
1877		- * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
1878		- *
1879		- * ..._read_request is never more than ..._write_guarantee;
1880		- * it depends on the application which one you should use.
1881		- */
	1848	+ /*-
	1849	+ * c_ssl_bio: SSL filter BIO
	1850	+ *
	1851	+ * client: pseudo-I/O for SSL library
	1852	+ *
	1853	+ * client_io: client's SSL communication; usually to be
	1854	+ * relayed over some I/O facility, but in this
	1855	+ * test program, we're the server, too:
	1856	+ *
	1857	+ * server_io: server's SSL communication
	1858	+ *
	1859	+ * server: pseudo-I/O for SSL library
	1860	+ *
	1861	+ * s_ssl_bio: SSL filter BIO
	1862	+ *
	1863	+ * The client and the server each employ a "BIO pair":
	1864	+ * client + client_io, server + server_io.
	1865	+ * BIO pairs are symmetric. A BIO pair behaves similar
	1866	+ * to a non-blocking socketpair (but both endpoints must
	1867	+ * be handled by the same thread).
	1868	+ * [Here we could connect client and server to the ends
	1869	+ * of a single BIO pair, but then this code would be less
	1870	+ * suitable as an example for BIO pairs in general.]
	1871	+ *
	1872	+ * Useful functions for querying the state of BIO pair endpoints:
	1873	+ *
	1874	+ * BIO_ctrl_pending(bio) number of bytes we can read now
	1875	+ * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
	1876	+ * other side's read attempt
	1877	+ * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
	1878	+ *
	1879	+ * ..._read_request is never more than ..._write_guarantee;
	1880	+ * it depends on the application which one you should use.
	1881	+ */
1882	1882
1883	1883	/*
1884	1884	* We have non-blocking behaviour throughout this test program, but

		@@ -2266,10 +2266,10 @@ int doit(SSL s_ssl, SSL c_ssl, long count)
2266	2266	printf("server waiting in SSL_accept - %s\n",
2267	2267	SSL_state_string_long(s_ssl));
2268	2268	/*-
2269		- else if (s_write)
2270		- printf("server:SSL_write()\n");
2271		- else
2272		- printf("server:SSL_read()\n"); */
	2269	+ else if (s_write)
	2270	+ printf("server:SSL_write()\n");
	2271	+ else
	2272	+ printf("server:SSL_read()\n"); */
2273	2273	}
2274	2274
2275	2275	if (do_client && debug) {

		@@ -2277,10 +2277,10 @@ int doit(SSL s_ssl, SSL c_ssl, long count)
2277	2277	printf("client waiting in SSL_connect - %s\n",
2278	2278	SSL_state_string_long(c_ssl));
2279	2279	/*-
2280		- else if (c_write)
2281		- printf("client:SSL_write()\n");
2282		- else
2283		- printf("client:SSL_read()\n"); */
	2280	+ else if (c_write)
	2281	+ printf("client:SSL_write()\n");
	2282	+ else
	2283	+ printf("client:SSL_read()\n"); */
2284	2284	}
2285	2285
2286	2286	if (!do_client && !do_server) {

--- a/test/methtest.c

+++ b/test/methtest.c

		@@ -86,13 +86,13 @@ char *argv[];
86	86	METH_arg(tmp2, METH_TYPE_DIR, "/usr/local/ssl/certs");
87	87	METH_push(top, METH_X509_CA_BY_SUBJECT, tmp2);
88	88
89		-/*- tmp=METH_new(x509_by_issuer_dir);
90		- METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
91		- METH_push(top,METH_X509_BY_ISSUER,tmp);
	89	+/*- tmp=METH_new(x509_by_issuer_dir);
	90	+ METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
	91	+ METH_push(top,METH_X509_BY_ISSUER,tmp);
92	92
93		- tmp=METH_new(x509_by_issuer_primary);
94		- METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
95		- METH_push(top,METH_X509_BY_ISSUER,tmp);
	93	+ tmp=METH_new(x509_by_issuer_primary);
	94	+ METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
	95	+ METH_push(top,METH_X509_BY_ISSUER,tmp);
96	96	*/
97	97
98	98	METH_init(top);

Openssl
Fork

コミット

タグ

コミットメタ情報

ログメッセージ

変更サマリ

差分

Openssl Fork

コミット

タグ

よく使われているワード(クリックで追加)

コミットメタ情報

ログメッセージ

変更サマリ

差分

Openssl
Fork