TLS/SSL and crypto library
リビジョン | 35a1cc90bc1795e8893c11e442790ee7f659fffb (tree) |
---|---|
日時 | 2015-01-22 18:20:10 |
作者 | Matt Caswell <matt@open...> |
コミッター | Matt Caswell |
More comment realignment
Reviewed-by: Tim Hudson <tjh@openssl.org>
@@ -120,8 +120,8 @@ int MAIN(int argc, char **argv) | ||
120 | 120 | outfile = *(++argv); |
121 | 121 | } else if (strcmp(*argv, "-2") == 0) |
122 | 122 | g = 2; |
123 | - /*- else if (strcmp(*argv,"-3") == 0) | |
124 | - g=3; */ | |
123 | +/*- else if (strcmp(*argv,"-3") == 0) | |
124 | + g=3; */ | |
125 | 125 | else if (strcmp(*argv, "-5") == 0) |
126 | 126 | g = 5; |
127 | 127 | # ifndef OPENSSL_NO_ENGINE |
@@ -200,10 +200,10 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) | ||
200 | 200 | int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) |
201 | 201 | { |
202 | 202 | if (cert_file != NULL) { |
203 | - /*- | |
204 | - SSL *ssl; | |
205 | - X509 *x509; | |
206 | - */ | |
203 | + /*- | |
204 | + SSL *ssl; | |
205 | + X509 *x509; | |
206 | + */ | |
207 | 207 | |
208 | 208 | if (SSL_CTX_use_certificate_file(ctx, cert_file, |
209 | 209 | SSL_FILETYPE_PEM) <= 0) { |
@@ -1749,8 +1749,8 @@ int MAIN(int argc, char **argv) | ||
1749 | 1749 | openssl_fdset(SSL_get_fd(con), &writefds); |
1750 | 1750 | } |
1751 | 1751 | #endif |
1752 | -/*- printf("mode tty(%d %d%d) ssl(%d%d)\n", | |
1753 | - tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ | |
1752 | +/*- printf("mode tty(%d %d%d) ssl(%d%d)\n", | |
1753 | + tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ | |
1754 | 1754 | |
1755 | 1755 | /* |
1756 | 1756 | * Note: under VMS with SOCKETSHR the second parameter is |
@@ -529,13 +529,13 @@ int BIO_socket_ioctl(int fd, long type, void *arg) | ||
529 | 529 | i = ioctlsocket(fd, type, (char *)arg); |
530 | 530 | # else |
531 | 531 | # if defined(OPENSSL_SYS_VMS) |
532 | - /*- | |
533 | - * 2011-02-18 SMS. | |
534 | - * VMS ioctl() can't tolerate a 64-bit "void *arg", but we | |
535 | - * observe that all the consumers pass in an "unsigned long *", | |
536 | - * so we arrange a local copy with a short pointer, and use | |
537 | - * that, instead. | |
538 | - */ | |
532 | + /*- | |
533 | + * 2011-02-18 SMS. | |
534 | + * VMS ioctl() can't tolerate a 64-bit "void *arg", but we | |
535 | + * observe that all the consumers pass in an "unsigned long *", | |
536 | + * so we arrange a local copy with a short pointer, and use | |
537 | + * that, instead. | |
538 | + */ | |
539 | 539 | # if __INITIAL_POINTER_SIZE == 64 |
540 | 540 | # define ARG arg_32p |
541 | 541 | # pragma pointer_size save |
@@ -103,11 +103,11 @@ static int nullf_free(BIO *a) | ||
103 | 103 | { |
104 | 104 | if (a == NULL) |
105 | 105 | return (0); |
106 | - /*- | |
107 | - a->ptr=NULL; | |
108 | - a->init=0; | |
109 | - a->flags=0; | |
110 | - */ | |
106 | + /*- | |
107 | + a->ptr=NULL; | |
108 | + a->init=0; | |
109 | + a->flags=0; | |
110 | + */ | |
111 | 111 | return (1); |
112 | 112 | } |
113 | 113 |
@@ -415,12 +415,12 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) | ||
415 | 415 | ret = (long)data->bind_mode; |
416 | 416 | break; |
417 | 417 | case BIO_CTRL_DUP: |
418 | -/*- dbio=(BIO *)ptr; | |
419 | - if (data->param_port) EAY EAY | |
420 | - BIO_set_port(dbio,data->param_port); | |
421 | - if (data->param_hostname) | |
422 | - BIO_set_hostname(dbio,data->param_hostname); | |
423 | - BIO_set_nbio(dbio,data->nbio); */ | |
418 | +/*- dbio=(BIO *)ptr; | |
419 | + if (data->param_port) EAY EAY | |
420 | + BIO_set_port(dbio,data->param_port); | |
421 | + if (data->param_hostname) | |
422 | + BIO_set_hostname(dbio,data->param_hostname); | |
423 | + BIO_set_nbio(dbio,data->nbio); */ | |
424 | 424 | break; |
425 | 425 | |
426 | 426 | default: |
@@ -66,13 +66,13 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | ||
66 | 66 | int ret = -2; /* avoid 'uninitialized' warning */ |
67 | 67 | int err = 0; |
68 | 68 | BIGNUM *A, *B, *tmp; |
69 | - /*- | |
70 | - * In 'tab', only odd-indexed entries are relevant: | |
71 | - * For any odd BIGNUM n, | |
72 | - * tab[BN_lsw(n) & 7] | |
73 | - * is $(-1)^{(n^2-1)/8}$ (using TeX notation). | |
74 | - * Note that the sign of n does not matter. | |
75 | - */ | |
69 | + /*- | |
70 | + * In 'tab', only odd-indexed entries are relevant: | |
71 | + * For any odd BIGNUM n, | |
72 | + * tab[BN_lsw(n) & 7] | |
73 | + * is $(-1)^{(n^2-1)/8}$ (using TeX notation). | |
74 | + * Note that the sign of n does not matter. | |
75 | + */ | |
76 | 76 | static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 }; |
77 | 77 | |
78 | 78 | bn_check_top(a); |
@@ -106,12 +106,12 @@ char *BN_bn2dec(const BIGNUM *a) | ||
106 | 106 | BIGNUM *t = NULL; |
107 | 107 | BN_ULONG *bn_data = NULL, *lp; |
108 | 108 | |
109 | - /*- | |
110 | - * get an upper bound for the length of the decimal integer | |
111 | - * num <= (BN_num_bits(a) + 1) * log(2) | |
112 | - * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) | |
113 | - * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 | |
114 | - */ | |
109 | + /*- | |
110 | + * get an upper bound for the length of the decimal integer | |
111 | + * num <= (BN_num_bits(a) + 1) * log(2) | |
112 | + * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) | |
113 | + * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 | |
114 | + */ | |
115 | 115 | i = BN_num_bits(a) * 3; |
116 | 116 | num = (i / 10 + i / 1000 + 1) + 1; |
117 | 117 | bn_data = |
@@ -152,32 +152,32 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | ||
152 | 152 | } |
153 | 153 | |
154 | 154 | if (e == 2) { |
155 | - /*- | |
156 | - * |p| == 5 (mod 8) | |
157 | - * | |
158 | - * In this case 2 is always a non-square since | |
159 | - * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. | |
160 | - * So if a really is a square, then 2*a is a non-square. | |
161 | - * Thus for | |
162 | - * b := (2*a)^((|p|-5)/8), | |
163 | - * i := (2*a)*b^2 | |
164 | - * we have | |
165 | - * i^2 = (2*a)^((1 + (|p|-5)/4)*2) | |
166 | - * = (2*a)^((p-1)/2) | |
167 | - * = -1; | |
168 | - * so if we set | |
169 | - * x := a*b*(i-1), | |
170 | - * then | |
171 | - * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) | |
172 | - * = a^2 * b^2 * (-2*i) | |
173 | - * = a*(-i)*(2*a*b^2) | |
174 | - * = a*(-i)*i | |
175 | - * = a. | |
176 | - * | |
177 | - * (This is due to A.O.L. Atkin, | |
178 | - * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>, | |
179 | - * November 1992.) | |
180 | - */ | |
155 | + /*- | |
156 | + * |p| == 5 (mod 8) | |
157 | + * | |
158 | + * In this case 2 is always a non-square since | |
159 | + * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. | |
160 | + * So if a really is a square, then 2*a is a non-square. | |
161 | + * Thus for | |
162 | + * b := (2*a)^((|p|-5)/8), | |
163 | + * i := (2*a)*b^2 | |
164 | + * we have | |
165 | + * i^2 = (2*a)^((1 + (|p|-5)/4)*2) | |
166 | + * = (2*a)^((p-1)/2) | |
167 | + * = -1; | |
168 | + * so if we set | |
169 | + * x := a*b*(i-1), | |
170 | + * then | |
171 | + * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) | |
172 | + * = a^2 * b^2 * (-2*i) | |
173 | + * = a*(-i)*(2*a*b^2) | |
174 | + * = a*(-i)*i | |
175 | + * = a. | |
176 | + * | |
177 | + * (This is due to A.O.L. Atkin, | |
178 | + * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>, | |
179 | + * November 1992.) | |
180 | + */ | |
181 | 181 | |
182 | 182 | /* t := 2*a */ |
183 | 183 | if (!BN_mod_lshift1_quick(t, A, p)) |
@@ -134,9 +134,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { | ||
134 | 134 | 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, |
135 | 135 | 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, |
136 | 136 | 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 |
137 | -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, | |
138 | - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, | |
139 | - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ | |
137 | +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, | |
138 | + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, | |
139 | + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ | |
140 | 140 | }; |
141 | 141 | # endif |
142 | 142 |
@@ -397,7 +397,7 @@ int main(int argc, char *argv[]) | ||
397 | 397 | DES_ENCRYPT); |
398 | 398 | DES_ede3_cbcm_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2, |
399 | 399 | &ks3, &iv3, &iv2, DES_ENCRYPT); |
400 | -/*- if (memcmp(cbc_out,cbc3_ok, | |
400 | +/*- if (memcmp(cbc_out,cbc3_ok, | |
401 | 401 | (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) |
402 | 402 | { |
403 | 403 | printf("des_ede3_cbc_encrypt encrypt error\n"); |
@@ -205,12 +205,12 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, | ||
205 | 205 | */ |
206 | 206 | num = len; |
207 | 207 | } else { |
208 | - /*- | |
209 | - * >output is a multiple of 8 byes, if len < rnum | |
210 | - * >we must be careful. The user must be aware that this | |
211 | - * >routine will write more bytes than he asked for. | |
212 | - * >The length of the buffer must be correct. | |
213 | - * FIXED - Should be ok now 18-9-90 - eay */ | |
208 | + /*- | |
209 | + * >output is a multiple of 8 byes, if len < rnum | |
210 | + * >we must be careful. The user must be aware that this | |
211 | + * >routine will write more bytes than he asked for. | |
212 | + * >The length of the buffer must be correct. | |
213 | + * FIXED - Should be ok now 18-9-90 - eay */ | |
214 | 214 | if (len < rnum) { |
215 | 215 | |
216 | 216 | if (DES_rw_mode & DES_PCBC_MODE) |
@@ -102,8 +102,8 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in, | ||
102 | 102 | n = (n + 1) & 0x07; |
103 | 103 | } |
104 | 104 | if (save) { |
105 | -/*- v0=ti[0]; | |
106 | - v1=ti[1];*/ | |
105 | +/*- v0=ti[0]; | |
106 | + v1=ti[1];*/ | |
107 | 107 | iv = &(*ivec)[0]; |
108 | 108 | l2c(v0, iv); |
109 | 109 | l2c(v1, iv); |
@@ -432,25 +432,25 @@ static void felem_shrink(smallfelem out, const felem in) | ||
432 | 432 | /* As tmp[3] < 2^65, high is either 1 or 0 */ |
433 | 433 | high <<= 63; |
434 | 434 | high >>= 63; |
435 | - /*- | |
436 | - * high is: | |
437 | - * all ones if the high word of tmp[3] is 1 | |
438 | - * all zeros if the high word of tmp[3] if 0 */ | |
435 | + /*- | |
436 | + * high is: | |
437 | + * all ones if the high word of tmp[3] is 1 | |
438 | + * all zeros if the high word of tmp[3] if 0 */ | |
439 | 439 | low = tmp[3]; |
440 | 440 | mask = low >> 63; |
441 | - /*- | |
442 | - * mask is: | |
443 | - * all ones if the MSB of low is 1 | |
444 | - * all zeros if the MSB of low if 0 */ | |
441 | + /*- | |
442 | + * mask is: | |
443 | + * all ones if the MSB of low is 1 | |
444 | + * all zeros if the MSB of low if 0 */ | |
445 | 445 | low &= bottom63bits; |
446 | 446 | low -= kPrime3Test; |
447 | 447 | /* if low was greater than kPrime3Test then the MSB is zero */ |
448 | 448 | low = ~low; |
449 | 449 | low >>= 63; |
450 | - /*- | |
451 | - * low is: | |
452 | - * all ones if low was > kPrime3Test | |
453 | - * all zeros if low was <= kPrime3Test */ | |
450 | + /*- | |
451 | + * low is: | |
452 | + * all ones if low was > kPrime3Test | |
453 | + * all zeros if low was <= kPrime3Test */ | |
454 | 454 | mask = (mask & low) | high; |
455 | 455 | tmp[0] -= mask & kPrime[0]; |
456 | 456 | tmp[1] -= mask & kPrime[1]; |
@@ -790,17 +790,17 @@ static void felem_reduce(felem out, const longfelem in) | ||
790 | 790 | |
791 | 791 | felem_reduce_(out, in); |
792 | 792 | |
793 | - /*- | |
794 | - * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 | |
795 | - * out[1] > 2^100 - 2^64 - 7*2^96 > 0 | |
796 | - * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0 | |
797 | - * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0 | |
798 | - * | |
799 | - * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 | |
800 | - * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101 | |
801 | - * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101 | |
802 | - * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101 | |
803 | - */ | |
793 | + /*- | |
794 | + * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 | |
795 | + * out[1] > 2^100 - 2^64 - 7*2^96 > 0 | |
796 | + * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0 | |
797 | + * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0 | |
798 | + * | |
799 | + * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 | |
800 | + * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101 | |
801 | + * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101 | |
802 | + * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101 | |
803 | + */ | |
804 | 804 | } |
805 | 805 | |
806 | 806 | /*- |
@@ -819,17 +819,17 @@ static void felem_reduce_zero105(felem out, const longfelem in) | ||
819 | 819 | |
820 | 820 | felem_reduce_(out, in); |
821 | 821 | |
822 | - /*- | |
823 | - * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 | |
824 | - * out[1] > 2^105 - 2^71 - 2^103 > 0 | |
825 | - * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0 | |
826 | - * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0 | |
827 | - * | |
828 | - * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 | |
829 | - * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 | |
830 | - * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106 | |
831 | - * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 | |
832 | - */ | |
822 | + /*- | |
823 | + * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 | |
824 | + * out[1] > 2^105 - 2^71 - 2^103 > 0 | |
825 | + * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0 | |
826 | + * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0 | |
827 | + * | |
828 | + * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 | |
829 | + * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 | |
830 | + * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106 | |
831 | + * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 | |
832 | + */ | |
833 | 833 | } |
834 | 834 | |
835 | 835 | /* |
@@ -1094,7 +1094,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in) | ||
1094 | 1094 | * |
1095 | 1095 | * Building on top of the field operations we have the operations on the |
1096 | 1096 | * elliptic curve group itself. Points on the curve are represented in Jacobian |
1097 | - * coordinates */ | |
1097 | + * coordinates | |
1098 | + */ | |
1098 | 1099 | |
1099 | 1100 | /*- |
1100 | 1101 | * point_double calculates 2*(x_in, y_in, z_in) |
@@ -1103,7 +1104,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in) | ||
1103 | 1104 | * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b |
1104 | 1105 | * |
1105 | 1106 | * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed. |
1106 | - * while x_out == y_in is not (maybe this works, but it's not tested). */ | |
1107 | + * while x_out == y_in is not (maybe this works, but it's not tested). | |
1108 | + */ | |
1107 | 1109 | static void |
1108 | 1110 | point_double(felem x_out, felem y_out, felem z_out, |
1109 | 1111 | const felem x_in, const felem y_in, const felem z_in) |
@@ -1234,7 +1236,8 @@ static void copy_small_conditional(felem out, const smallfelem in, limb mask) | ||
1234 | 1236 | * This function includes a branch for checking whether the two input points |
1235 | 1237 | * are equal, (while not equal to the point at infinity). This case never |
1236 | 1238 | * happens during single point multiplication, so there is no timing leak for |
1237 | - * ECDH or ECDSA signing. */ | |
1239 | + * ECDH or ECDSA signing. | |
1240 | + */ | |
1238 | 1241 | static void point_add(felem x3, felem y3, felem z3, |
1239 | 1242 | const felem x1, const felem y1, const felem z1, |
1240 | 1243 | const int mixed, const smallfelem x2, |
@@ -414,15 +414,16 @@ static void felem_square(largefelem out, const felem in) | ||
414 | 414 | felem_scalar(inx2, in, 2); |
415 | 415 | felem_scalar(inx4, in, 4); |
416 | 416 | |
417 | - /*- | |
418 | - * We have many cases were we want to do | |
419 | - * in[x] * in[y] + | |
420 | - * in[y] * in[x] | |
421 | - * This is obviously just | |
422 | - * 2 * in[x] * in[y] | |
423 | - * However, rather than do the doubling on the 128 bit result, we | |
424 | - * double one of the inputs to the multiplication by reading from | |
425 | - * |inx2| */ | |
417 | + /*- | |
418 | + * We have many cases were we want to do | |
419 | + * in[x] * in[y] + | |
420 | + * in[y] * in[x] | |
421 | + * This is obviously just | |
422 | + * 2 * in[x] * in[y] | |
423 | + * However, rather than do the doubling on the 128 bit result, we | |
424 | + * double one of the inputs to the multiplication by reading from | |
425 | + * |inx2| | |
426 | + */ | |
426 | 427 | |
427 | 428 | out[0] = ((uint128_t) in[0]) * in[0]; |
428 | 429 | out[1] = ((uint128_t) in[0]) * inx2[1]; |
@@ -610,10 +611,10 @@ static void felem_reduce(felem out, const largefelem in) | ||
610 | 611 | |
611 | 612 | out[1] += ((limb) in[0]) >> 58; |
612 | 613 | out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6; |
613 | - /*- | |
614 | - * out[1] < 2^58 + 2^6 + 2^58 | |
615 | - * = 2^59 + 2^6 | |
616 | - */ | |
614 | + /*- | |
615 | + * out[1] < 2^58 + 2^6 + 2^58 | |
616 | + * = 2^59 + 2^6 | |
617 | + */ | |
617 | 618 | out[2] += ((limb) (in[0] >> 64)) >> 52; |
618 | 619 | |
619 | 620 | out[2] += ((limb) in[1]) >> 58; |
@@ -642,10 +643,10 @@ static void felem_reduce(felem out, const largefelem in) | ||
642 | 643 | |
643 | 644 | out[8] += ((limb) in[7]) >> 58; |
644 | 645 | out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6; |
645 | - /*- | |
646 | - * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 | |
647 | - * < 2^59 + 2^13 | |
648 | - */ | |
646 | + /*- | |
647 | + * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 | |
648 | + * < 2^59 + 2^13 | |
649 | + */ | |
649 | 650 | overflow1 = ((limb) (in[7] >> 64)) >> 52; |
650 | 651 | |
651 | 652 | overflow1 += ((limb) in[8]) >> 58; |
@@ -660,11 +661,11 @@ static void felem_reduce(felem out, const largefelem in) | ||
660 | 661 | |
661 | 662 | out[1] += out[0] >> 58; |
662 | 663 | out[0] &= bottom58bits; |
663 | - /*- | |
664 | - * out[0] < 2^58 | |
665 | - * out[1] < 2^59 + 2^6 + 2^13 + 2^2 | |
666 | - * < 2^59 + 2^14 | |
667 | - */ | |
664 | + /*- | |
665 | + * out[0] < 2^58 | |
666 | + * out[1] < 2^59 + 2^6 + 2^13 + 2^2 | |
667 | + * < 2^59 + 2^14 | |
668 | + */ | |
668 | 669 | } |
669 | 670 | |
670 | 671 | static void felem_square_reduce(felem out, const felem in) |
@@ -96,11 +96,11 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, | ||
96 | 96 | if (y == NULL) |
97 | 97 | goto err; |
98 | 98 | |
99 | - /*- | |
100 | - * Recover y. We have a Weierstrass equation | |
101 | - * y^2 = x^3 + a*x + b, | |
102 | - * so y is one of the square roots of x^3 + a*x + b. | |
103 | - */ | |
99 | + /*- | |
100 | + * Recover y. We have a Weierstrass equation | |
101 | + * y^2 = x^3 + a*x + b, | |
102 | + * so y is one of the square roots of x^3 + a*x + b. | |
103 | + */ | |
104 | 104 | |
105 | 105 | /* tmp1 := x^3 */ |
106 | 106 | if (!BN_nnmod(x, x_, group->field, ctx)) |
@@ -909,10 +909,10 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, | ||
909 | 909 | goto err; |
910 | 910 | if (!BN_mod_add_quick(n1, n0, n1, p)) |
911 | 911 | goto err; |
912 | - /*- | |
913 | - * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) | |
914 | - * = 3 * X_a^2 - 3 * Z_a^4 | |
915 | - */ | |
912 | + /*- | |
913 | + * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) | |
914 | + * = 3 * X_a^2 - 3 * Z_a^4 | |
915 | + */ | |
916 | 916 | } else { |
917 | 917 | if (!field_sqr(group, n0, a->X, ctx)) |
918 | 918 | goto err; |
@@ -1033,15 +1033,15 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, | ||
1033 | 1033 | if (Z6 == NULL) |
1034 | 1034 | goto err; |
1035 | 1035 | |
1036 | - /*- | |
1037 | - * We have a curve defined by a Weierstrass equation | |
1038 | - * y^2 = x^3 + a*x + b. | |
1039 | - * The point to consider is given in Jacobian projective coordinates | |
1040 | - * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). | |
1041 | - * Substituting this and multiplying by Z^6 transforms the above equation into | |
1042 | - * Y^2 = X^3 + a*X*Z^4 + b*Z^6. | |
1043 | - * To test this, we add up the right-hand side in 'rh'. | |
1044 | - */ | |
1036 | + /*- | |
1037 | + * We have a curve defined by a Weierstrass equation | |
1038 | + * y^2 = x^3 + a*x + b. | |
1039 | + * The point to consider is given in Jacobian projective coordinates | |
1040 | + * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). | |
1041 | + * Substituting this and multiplying by Z^6 transforms the above equation into | |
1042 | + * Y^2 = X^3 + a*X*Z^4 + b*Z^6. | |
1043 | + * To test this, we add up the right-hand side in 'rh'. | |
1044 | + */ | |
1045 | 1045 | |
1046 | 1046 | /* rh := X^2 */ |
1047 | 1047 | if (!field_sqr(group, rh, point->X, ctx)) |
@@ -1108,12 +1108,12 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, | ||
1108 | 1108 | int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, |
1109 | 1109 | const EC_POINT *b, BN_CTX *ctx) |
1110 | 1110 | { |
1111 | - /*- | |
1112 | - * return values: | |
1113 | - * -1 error | |
1114 | - * 0 equal (in affine coordinates) | |
1115 | - * 1 not equal | |
1116 | - */ | |
1111 | + /*- | |
1112 | + * return values: | |
1113 | + * -1 error | |
1114 | + * 0 equal (in affine coordinates) | |
1115 | + * 1 not equal | |
1116 | + */ | |
1117 | 1117 | |
1118 | 1118 | int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, |
1119 | 1119 | const BIGNUM *, BN_CTX *); |
@@ -1151,12 +1151,12 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, | ||
1151 | 1151 | if (Zb23 == NULL) |
1152 | 1152 | goto end; |
1153 | 1153 | |
1154 | - /*- | |
1155 | - * We have to decide whether | |
1156 | - * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), | |
1157 | - * or equivalently, whether | |
1158 | - * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). | |
1159 | - */ | |
1154 | + /*- | |
1155 | + * We have to decide whether | |
1156 | + * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), | |
1157 | + * or equivalently, whether | |
1158 | + * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). | |
1159 | + */ | |
1160 | 1160 | |
1161 | 1161 | if (!b->Z_is_one) { |
1162 | 1162 | if (!field_sqr(group, Zb23, b->Z, ctx)) |
@@ -102,9 +102,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { | ||
102 | 102 | 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, |
103 | 103 | 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, |
104 | 104 | 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 |
105 | -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, | |
106 | - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, | |
107 | - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ | |
105 | +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, | |
106 | + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, | |
107 | + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ | |
108 | 108 | }; |
109 | 109 | |
110 | 110 | static int cfb64_test(unsigned char *cfb_cipher); |
@@ -434,9 +434,9 @@ unsigned long lh_strhash(const char *c) | ||
434 | 434 | if ((c == NULL) || (*c == '\0')) |
435 | 435 | return (ret); |
436 | 436 | /*- |
437 | - unsigned char b[16]; | |
438 | - MD5(c,strlen(c),b); | |
439 | - return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); | |
437 | + unsigned char b[16]; | |
438 | + MD5(c,strlen(c),b); | |
439 | + return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); | |
440 | 440 | */ |
441 | 441 | |
442 | 442 | n = 0x100; |
@@ -174,8 +174,8 @@ typedef struct pem_ctx_st { | ||
174 | 174 | struct { |
175 | 175 | int cipher; |
176 | 176 | /*- |
177 | - unused, and wrong size | |
178 | - unsigned char iv[8]; */ | |
177 | + unused, and wrong size | |
178 | + unsigned char iv[8]; */ | |
179 | 179 | } DEK_info; |
180 | 180 | |
181 | 181 | PEM_USER *originator; |
@@ -195,9 +195,9 @@ typedef struct pem_ctx_st { | ||
195 | 195 | EVP_CIPHER *dec; /* date encryption cipher */ |
196 | 196 | int key_len; /* key length */ |
197 | 197 | unsigned char *key; /* key */ |
198 | - /*- | |
199 | - unused, and wrong size | |
200 | - unsigned char iv[8]; */ | |
198 | + /*- | |
199 | + unused, and wrong size | |
200 | + unsigned char iv[8]; */ | |
201 | 201 | |
202 | 202 | int data_enc; /* is the data encrypted */ |
203 | 203 | int data_len; |
@@ -113,10 +113,10 @@ static FILE *(*const vms_fopen)(const char *, const char *, ...) = | ||
113 | 113 | |
114 | 114 | int RAND_load_file(const char *file, long bytes) |
115 | 115 | { |
116 | - /*- | |
117 | - * If bytes >= 0, read up to 'bytes' bytes. | |
118 | - * if bytes == -1, read complete file. | |
119 | - */ | |
116 | + /*- | |
117 | + * If bytes >= 0, read up to 'bytes' bytes. | |
118 | + * if bytes == -1, read complete file. | |
119 | + */ | |
120 | 120 | |
121 | 121 | MS_STATIC unsigned char buf[BUFSIZE]; |
122 | 122 | #ifndef OPENSSL_NO_POSIX_IO |
@@ -134,9 +134,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { | ||
134 | 134 | 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, |
135 | 135 | 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, |
136 | 136 | 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 |
137 | -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, | |
138 | - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, | |
139 | - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ | |
137 | +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, | |
138 | + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, | |
139 | + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ | |
140 | 140 | }; |
141 | 141 | |
142 | 142 | /* |
@@ -798,23 +798,23 @@ void solaris_locking_callback(int mode, int type, char *file, int line) | ||
798 | 798 | (type & CRYPTO_READ) ? "r" : "w", file, line); |
799 | 799 | # endif |
800 | 800 | |
801 | - /*- | |
802 | - if (CRYPTO_LOCK_SSL_CERT == type) | |
803 | - fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", | |
804 | - CRYPTO_thread_id(), | |
805 | - mode,file,line); | |
806 | - */ | |
801 | + /*- | |
802 | + if (CRYPTO_LOCK_SSL_CERT == type) | |
803 | + fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", | |
804 | + CRYPTO_thread_id(), | |
805 | + mode,file,line); | |
806 | + */ | |
807 | 807 | if (mode & CRYPTO_LOCK) { |
808 | 808 | /*- |
809 | - if (mode & CRYPTO_READ) | |
810 | - rw_rdlock(&(lock_cs[type])); | |
811 | - else | |
812 | - rw_wrlock(&(lock_cs[type])); */ | |
809 | + if (mode & CRYPTO_READ) | |
810 | + rw_rdlock(&(lock_cs[type])); | |
811 | + else | |
812 | + rw_wrlock(&(lock_cs[type])); */ | |
813 | 813 | |
814 | 814 | mutex_lock(&(lock_cs[type])); |
815 | 815 | lock_count[type]++; |
816 | 816 | } else { |
817 | -/* rw_unlock(&(lock_cs[type])); */ | |
817 | +/* rw_unlock(&(lock_cs[type])); */ | |
818 | 818 | mutex_unlock(&(lock_cs[type])); |
819 | 819 | } |
820 | 820 | } |
@@ -984,10 +984,10 @@ void pthreads_locking_callback(int mode, int type, char *file, int line) | ||
984 | 984 | (type & CRYPTO_READ) ? "r" : "w", file, line); |
985 | 985 | # endif |
986 | 986 | /*- |
987 | - if (CRYPTO_LOCK_SSL_CERT == type) | |
988 | - fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", | |
989 | - CRYPTO_thread_id(), | |
990 | - mode,file,line); | |
987 | + if (CRYPTO_LOCK_SSL_CERT == type) | |
988 | + fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", | |
989 | + CRYPTO_thread_id(), | |
990 | + mode,file,line); | |
991 | 991 | */ |
992 | 992 | if (mode & CRYPTO_LOCK) { |
993 | 993 | pthread_mutex_lock(&(lock_cs[type])); |
@@ -430,8 +430,8 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, | ||
430 | 430 | * If we were going to up the reference count, we would need to |
431 | 431 | * do it on a perl 'type' basis |
432 | 432 | */ |
433 | - /*- CRYPTO_add(&tmp->data.x509->references,1, | |
434 | - CRYPTO_LOCK_X509);*/ | |
433 | + /*- CRYPTO_add(&tmp->data.x509->references,1, | |
434 | + CRYPTO_LOCK_X509);*/ | |
435 | 435 | goto finish; |
436 | 436 | } |
437 | 437 | } |
@@ -323,8 +323,8 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, | ||
323 | 323 | return 0; |
324 | 324 | } |
325 | 325 | |
326 | -/*- if (ret->data.ptr != NULL) | |
327 | - X509_OBJECT_free_contents(ret); */ | |
326 | +/*- if (ret->data.ptr != NULL) | |
327 | + X509_OBJECT_free_contents(ret); */ | |
328 | 328 | |
329 | 329 | ret->type = tmp->type; |
330 | 330 | ret->data.ptr = tmp->data.ptr; |
@@ -84,8 +84,8 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) | ||
84 | 84 | goto err; |
85 | 85 | if (!ASN1_INTEGER_set(xi->version, 2)) |
86 | 86 | goto err; |
87 | -/*- xi->extensions=ri->attributes; <- bad, should not ever be done | |
88 | - ri->attributes=NULL; */ | |
87 | +/*- xi->extensions=ri->attributes; <- bad, should not ever be done | |
88 | + ri->attributes=NULL; */ | |
89 | 89 | } |
90 | 90 | |
91 | 91 | xn = X509_REQ_get_subject_name(r); |
@@ -549,15 +549,15 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) | ||
549 | 549 | int allow_proxy_certs; |
550 | 550 | cb = ctx->verify_cb; |
551 | 551 | |
552 | - /*- | |
553 | - * must_be_ca can have 1 of 3 values: | |
554 | - * -1: we accept both CA and non-CA certificates, to allow direct | |
555 | - * use of self-signed certificates (which are marked as CA). | |
556 | - * 0: we only accept non-CA certificates. This is currently not | |
557 | - * used, but the possibility is present for future extensions. | |
558 | - * 1: we only accept CA certificates. This is currently used for | |
559 | - * all certificates in the chain except the leaf certificate. | |
560 | - */ | |
552 | + /*- | |
553 | + * must_be_ca can have 1 of 3 values: | |
554 | + * -1: we accept both CA and non-CA certificates, to allow direct | |
555 | + * use of self-signed certificates (which are marked as CA). | |
556 | + * 0: we only accept non-CA certificates. This is currently not | |
557 | + * used, but the possibility is present for future extensions. | |
558 | + * 1: we only accept CA certificates. This is currently used for | |
559 | + * all certificates in the chain except the leaf certificate. | |
560 | + */ | |
561 | 561 | must_be_ca = -1; |
562 | 562 | |
563 | 563 | /* CRL path validation */ |
@@ -162,16 +162,16 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) | ||
162 | 162 | set_prev = ret->set - 1; |
163 | 163 | set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set; |
164 | 164 | |
165 | - /*- | |
166 | - * set_prev is the previous set | |
167 | - * set is the current set | |
168 | - * set_next is the following | |
169 | - * prev 1 1 1 1 1 1 1 1 | |
170 | - * set 1 1 2 2 | |
171 | - * next 1 1 2 2 2 2 3 2 | |
172 | - * so basically only if prev and next differ by 2, then | |
173 | - * re-number down by 1 | |
174 | - */ | |
165 | + /*- | |
166 | + * set_prev is the previous set | |
167 | + * set is the current set | |
168 | + * set_next is the following | |
169 | + * prev 1 1 1 1 1 1 1 1 | |
170 | + * set 1 1 2 2 | |
171 | + * next 1 1 2 2 2 2 3 2 | |
172 | + * so basically only if prev and next differ by 2, then | |
173 | + * re-number down by 1 | |
174 | + */ | |
175 | 175 | if (set_prev + 1 < set_next) |
176 | 176 | for (i = loc; i < n; i++) |
177 | 177 | sk_X509_NAME_ENTRY_value(sk, i)->set--; |
@@ -808,11 +808,11 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, | ||
808 | 808 | if (p[i] == '*') { |
809 | 809 | int atstart = (state & LABEL_START); |
810 | 810 | int atend = (i == len - 1 || p[i + i] == '.'); |
811 | - /*- | |
812 | - * At most one wildcard per pattern. | |
813 | - * No wildcards in IDNA labels. | |
814 | - * No wildcards after the first label. | |
815 | - */ | |
811 | + /*- | |
812 | + * At most one wildcard per pattern. | |
813 | + * No wildcards in IDNA labels. | |
814 | + * No wildcards after the first label. | |
815 | + */ | |
816 | 816 | if (star != NULL || (state & LABEL_IDNA) != 0 || dots) |
817 | 817 | return NULL; |
818 | 818 | /* Only full-label '*.example.com' wildcards? */ |
@@ -106,14 +106,14 @@ extern "C" { | ||
106 | 106 | /* |
107 | 107 | * Functions for Digest (MD5, SHA1) stuff |
108 | 108 | */ |
109 | -/* output : output data buffer */ | |
110 | -/* input : input data buffer */ | |
111 | -/* algo : hash algorithm, MD5 or SHA1 */ | |
112 | -/*- | |
113 | - * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ; | |
114 | - * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ; | |
115 | - */ | |
116 | -/* For now separate this stuff that mad it easier to test */ | |
109 | + /* output : output data buffer */ | |
110 | + /* input : input data buffer */ | |
111 | + /* algo : hash algorithm, MD5 or SHA1 */ | |
112 | + /*- | |
113 | + * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ; | |
114 | + * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ; | |
115 | + */ | |
116 | + /* For now separate this stuff that mad it easier to test */ | |
117 | 117 | typedef int t_zencod_md5_init(ZEN_MD_DATA *data); |
118 | 118 | typedef int t_zencod_md5_update(ZEN_MD_DATA *data, const KEY * input); |
119 | 119 | typedef int t_zencod_md5_do_final(ZEN_MD_DATA *data, KEY * output); |
@@ -18,20 +18,20 @@ static char *gost_params[GOST_PARAM_MAX + 1] = { NULL }; | ||
18 | 18 | static const char *gost_envnames[] = { "CRYPT_PARAMS" }; |
19 | 19 | |
20 | 20 | const ENGINE_CMD_DEFN gost_cmds[] = { |
21 | -/*- { GOST_CTRL_RNG, | |
22 | - "RNG", | |
23 | - "Type of random number generator to use", | |
24 | - ENGINE_CMD_FLAG_STRING | |
25 | - }, | |
26 | - { GOST_CTRL_RNG_PARAMS, | |
27 | - "RNG_PARAMS", | |
28 | - "Parameter for random number generator", | |
29 | - ENGINE_CMD_FLAG_STRING | |
30 | - }, | |
21 | +/*- { GOST_CTRL_RNG, | |
22 | + "RNG", | |
23 | + "Type of random number generator to use", | |
24 | + ENGINE_CMD_FLAG_STRING | |
25 | + }, | |
26 | + { GOST_CTRL_RNG_PARAMS, | |
27 | + "RNG_PARAMS", | |
28 | + "Parameter for random number generator", | |
29 | + ENGINE_CMD_FLAG_STRING | |
30 | + }, | |
31 | 31 | */ {GOST_CTRL_CRYPT_PARAMS, |
32 | - "CRYPT_PARAMS", | |
33 | - "OID of default GOST 28147-89 parameters", | |
34 | - ENGINE_CMD_FLAG_STRING}, | |
32 | + "CRYPT_PARAMS", | |
33 | + "OID of default GOST 28147-89 parameters", | |
34 | + ENGINE_CMD_FLAG_STRING}, | |
35 | 35 | {0, NULL, NULL, 0} |
36 | 36 | }; |
37 | 37 |
@@ -1037,11 +1037,11 @@ static int cswift_rand_bytes(unsigned char *buf, int num) | ||
1037 | 1037 | while (num >= (int)sizeof(buf32)) { |
1038 | 1038 | largenum.value = buf; |
1039 | 1039 | largenum.nbytes = sizeof(buf32); |
1040 | - /*- | |
1041 | - * tell CryptoSwift how many bytes we want and where we want it. | |
1042 | - * Note: - CryptoSwift cannot do more than 4096 bytes at a time. | |
1043 | - * - CryptoSwift can only do multiple of 32-bits. | |
1044 | - */ | |
1040 | + /*- | |
1041 | + * tell CryptoSwift how many bytes we want and where we want it. | |
1042 | + * Note: - CryptoSwift cannot do more than 4096 bytes at a time. | |
1043 | + * - CryptoSwift can only do multiple of 32-bits. | |
1044 | + */ | |
1045 | 1045 | swrc = |
1046 | 1046 | p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1); |
1047 | 1047 | if (swrc != SW_OK) { |
@@ -433,12 +433,12 @@ static int dtls1_process_record(SSL *s) | ||
433 | 433 | rr->orig_len = rr->length; |
434 | 434 | |
435 | 435 | enc_err = s->method->ssl3_enc->enc(s, 0); |
436 | - /*- | |
437 | - * enc_err is: | |
438 | - * 0: (in non-constant time) if the record is publically invalid. | |
439 | - * 1: if the padding is valid | |
440 | - * -1: if the padding is invalid | |
441 | - */ | |
436 | + /*- | |
437 | + * enc_err is: | |
438 | + * 0: (in non-constant time) if the record is publically invalid. | |
439 | + * 1: if the padding is valid | |
440 | + * -1: if the padding is invalid | |
441 | + */ | |
442 | 442 | if (enc_err == 0) { |
443 | 443 | /* For DTLS we simply ignore bad packets. */ |
444 | 444 | rr->length = 0; |
@@ -1046,11 +1046,11 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | ||
1046 | 1046 | } |
1047 | 1047 | } |
1048 | 1048 | |
1049 | - /*- | |
1050 | - * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; | |
1051 | - * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. | |
1052 | - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) | |
1053 | - */ | |
1049 | + /*- | |
1050 | + * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; | |
1051 | + * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. | |
1052 | + * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) | |
1053 | + */ | |
1054 | 1054 | |
1055 | 1055 | /* If we are a client, check for an incoming 'Hello Request': */ |
1056 | 1056 | if ((!s->server) && |
@@ -754,25 +754,25 @@ void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, | ||
754 | 754 | if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) |
755 | 755 | return; |
756 | 756 | block_size = EVP_MD_CTX_block_size(mac_ctx); |
757 | - /*- | |
758 | - * We are in FIPS mode if we get this far so we know we have only SHA* | |
759 | - * digests and TLS to deal with. | |
760 | - * Minimum digest padding length is 17 for SHA384/SHA512 and 9 | |
761 | - * otherwise. | |
762 | - * Additional header is 13 bytes. To get the number of digest blocks | |
763 | - * processed round up the amount of data plus padding to the nearest | |
764 | - * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. | |
765 | - * So we have: | |
766 | - * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size | |
767 | - * equivalently: | |
768 | - * blocks = (payload_len + digest_pad + 12)/block_size + 1 | |
769 | - * HMAC adds a constant overhead. | |
770 | - * We're ultimately only interested in differences so this becomes | |
771 | - * blocks = (payload_len + 29)/128 | |
772 | - * for SHA384/SHA512 and | |
773 | - * blocks = (payload_len + 21)/64 | |
774 | - * otherwise. | |
775 | - */ | |
757 | + /*- | |
758 | + * We are in FIPS mode if we get this far so we know we have only SHA* | |
759 | + * digests and TLS to deal with. | |
760 | + * Minimum digest padding length is 17 for SHA384/SHA512 and 9 | |
761 | + * otherwise. | |
762 | + * Additional header is 13 bytes. To get the number of digest blocks | |
763 | + * processed round up the amount of data plus padding to the nearest | |
764 | + * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. | |
765 | + * So we have: | |
766 | + * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size | |
767 | + * equivalently: | |
768 | + * blocks = (payload_len + digest_pad + 12)/block_size + 1 | |
769 | + * HMAC adds a constant overhead. | |
770 | + * We're ultimately only interested in differences so this becomes | |
771 | + * blocks = (payload_len + 29)/128 | |
772 | + * for SHA384/SHA512 and | |
773 | + * blocks = (payload_len + 21)/64 | |
774 | + * otherwise. | |
775 | + */ | |
776 | 776 | digest_pad = block_size == 64 ? 21 : 29; |
777 | 777 | blocks_orig = (orig_len + digest_pad) / block_size; |
778 | 778 | blocks_data = (data_len + digest_pad) / block_size; |
@@ -725,36 +725,36 @@ int ssl3_client_hello(SSL *s) | ||
725 | 725 | /* Do the message type and length last */ |
726 | 726 | d = p = ssl_handshake_start(s); |
727 | 727 | |
728 | - /*- | |
729 | - * version indicates the negotiated version: for example from | |
730 | - * an SSLv2/v3 compatible client hello). The client_version | |
731 | - * field is the maximum version we permit and it is also | |
732 | - * used in RSA encrypted premaster secrets. Some servers can | |
733 | - * choke if we initially report a higher version then | |
734 | - * renegotiate to a lower one in the premaster secret. This | |
735 | - * didn't happen with TLS 1.0 as most servers supported it | |
736 | - * but it can with TLS 1.1 or later if the server only supports | |
737 | - * 1.0. | |
738 | - * | |
739 | - * Possible scenario with previous logic: | |
740 | - * 1. Client hello indicates TLS 1.2 | |
741 | - * 2. Server hello says TLS 1.0 | |
742 | - * 3. RSA encrypted premaster secret uses 1.2. | |
743 | - * 4. Handhaked proceeds using TLS 1.0. | |
744 | - * 5. Server sends hello request to renegotiate. | |
745 | - * 6. Client hello indicates TLS v1.0 as we now | |
746 | - * know that is maximum server supports. | |
747 | - * 7. Server chokes on RSA encrypted premaster secret | |
748 | - * containing version 1.0. | |
749 | - * | |
750 | - * For interoperability it should be OK to always use the | |
751 | - * maximum version we support in client hello and then rely | |
752 | - * on the checking of version to ensure the servers isn't | |
753 | - * being inconsistent: for example initially negotiating with | |
754 | - * TLS 1.0 and renegotiating with TLS 1.2. We do this by using | |
755 | - * client_version in client hello and not resetting it to | |
756 | - * the negotiated version. | |
757 | - */ | |
728 | + /*- | |
729 | + * version indicates the negotiated version: for example from | |
730 | + * an SSLv2/v3 compatible client hello). The client_version | |
731 | + * field is the maximum version we permit and it is also | |
732 | + * used in RSA encrypted premaster secrets. Some servers can | |
733 | + * choke if we initially report a higher version then | |
734 | + * renegotiate to a lower one in the premaster secret. This | |
735 | + * didn't happen with TLS 1.0 as most servers supported it | |
736 | + * but it can with TLS 1.1 or later if the server only supports | |
737 | + * 1.0. | |
738 | + * | |
739 | + * Possible scenario with previous logic: | |
740 | + * 1. Client hello indicates TLS 1.2 | |
741 | + * 2. Server hello says TLS 1.0 | |
742 | + * 3. RSA encrypted premaster secret uses 1.2. | |
743 | + * 4. Handhaked proceeds using TLS 1.0. | |
744 | + * 5. Server sends hello request to renegotiate. | |
745 | + * 6. Client hello indicates TLS v1.0 as we now | |
746 | + * know that is maximum server supports. | |
747 | + * 7. Server chokes on RSA encrypted premaster secret | |
748 | + * containing version 1.0. | |
749 | + * | |
750 | + * For interoperability it should be OK to always use the | |
751 | + * maximum version we support in client hello and then rely | |
752 | + * on the checking of version to ensure the servers isn't | |
753 | + * being inconsistent: for example initially negotiating with | |
754 | + * TLS 1.0 and renegotiating with TLS 1.2. We do this by using | |
755 | + * client_version in client hello and not resetting it to | |
756 | + * the negotiated version. | |
757 | + */ | |
758 | 758 | #if 0 |
759 | 759 | *(p++) = s->version >> 8; |
760 | 760 | *(p++) = s->version & 0xff; |
@@ -2514,13 +2514,13 @@ int ssl3_send_client_key_exchange(SSL *s) | ||
2514 | 2514 | if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) |
2515 | 2515 | goto err; |
2516 | 2516 | |
2517 | - /*- | |
2518 | - * 20010420 VRS. Tried it this way; failed. | |
2519 | - * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); | |
2520 | - * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, | |
2521 | - * kssl_ctx->length); | |
2522 | - * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); | |
2523 | - */ | |
2517 | + /*- | |
2518 | + * 20010420 VRS. Tried it this way; failed. | |
2519 | + * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); | |
2520 | + * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, | |
2521 | + * kssl_ctx->length); | |
2522 | + * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); | |
2523 | + */ | |
2524 | 2524 | |
2525 | 2525 | memset(iv, 0, sizeof iv); /* per RFC 1510 */ |
2526 | 2526 | EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); |
@@ -748,13 +748,14 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) | ||
748 | 748 | * are hashing because that gives an attacker a timing-oracle. |
749 | 749 | */ |
750 | 750 | |
751 | - /*- | |
752 | - * npad is, at most, 48 bytes and that's with MD5: | |
753 | - * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. | |
754 | - * | |
755 | - * With SHA-1 (the largest hash speced for SSLv3) the hash size | |
756 | - * goes up 4, but npad goes down by 8, resulting in a smaller | |
757 | - * total size. */ | |
751 | + /*- | |
752 | + * npad is, at most, 48 bytes and that's with MD5: | |
753 | + * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. | |
754 | + * | |
755 | + * With SHA-1 (the largest hash speced for SSLv3) the hash size | |
756 | + * goes up 4, but npad goes down by 8, resulting in a smaller | |
757 | + * total size. | |
758 | + */ | |
758 | 759 | unsigned char header[75]; |
759 | 760 | unsigned j = 0; |
760 | 761 | memcpy(header + j, mac_sec, md_size); |
@@ -1913,11 +1913,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | ||
1913 | 1913 | ret->references = 1; |
1914 | 1914 | ret->quiet_shutdown = 0; |
1915 | 1915 | |
1916 | -/* ret->cipher=NULL;*/ | |
1916 | +/* ret->cipher=NULL;*/ | |
1917 | 1917 | /*- |
1918 | - ret->s2->challenge=NULL; | |
1919 | - ret->master_key=NULL; | |
1920 | - ret->s2->conn_id=NULL; */ | |
1918 | + ret->s2->challenge=NULL; | |
1919 | + ret->master_key=NULL; | |
1920 | + ret->s2->conn_id=NULL; */ | |
1921 | 1921 | |
1922 | 1922 | ret->info_callback = NULL; |
1923 | 1923 |
@@ -325,21 +325,21 @@ int ssl_get_new_session(SSL *s, int session) | ||
325 | 325 | return (0); |
326 | 326 | } |
327 | 327 | #ifndef OPENSSL_NO_TLSEXT |
328 | - /*- | |
329 | - * If RFC5077 ticket, use empty session ID (as server). | |
330 | - * Note that: | |
331 | - * (a) ssl_get_prev_session() does lookahead into the | |
332 | - * ClientHello extensions to find the session ticket. | |
333 | - * When ssl_get_prev_session() fails, s3_srvr.c calls | |
334 | - * ssl_get_new_session() in ssl3_get_client_hello(). | |
335 | - * At that point, it has not yet parsed the extensions, | |
336 | - * however, because of the lookahead, it already knows | |
337 | - * whether a ticket is expected or not. | |
338 | - * | |
339 | - * (b) s3_clnt.c calls ssl_get_new_session() before parsing | |
340 | - * ServerHello extensions, and before recording the session | |
341 | - * ID received from the server, so this block is a noop. | |
342 | - */ | |
328 | + /*- | |
329 | + * If RFC5077 ticket, use empty session ID (as server). | |
330 | + * Note that: | |
331 | + * (a) ssl_get_prev_session() does lookahead into the | |
332 | + * ClientHello extensions to find the session ticket. | |
333 | + * When ssl_get_prev_session() fails, s3_srvr.c calls | |
334 | + * ssl_get_new_session() in ssl3_get_client_hello(). | |
335 | + * At that point, it has not yet parsed the extensions, | |
336 | + * however, because of the lookahead, it already knows | |
337 | + * whether a ticket is expected or not. | |
338 | + * | |
339 | + * (b) s3_clnt.c calls ssl_get_new_session() before parsing | |
340 | + * ServerHello extensions, and before recording the session | |
341 | + * ID received from the server, so this block is a noop. | |
342 | + */ | |
343 | 343 | if (s->tlsext_ticket_expected) { |
344 | 344 | ss->session_id_length = 0; |
345 | 345 | goto sess_id_done; |
@@ -288,8 +288,8 @@ int doit(io_channel chan, SSL_CTX *s_ctx) | ||
288 | 288 | if ((s_to_c == NULL) || (c_to_s == NULL)) |
289 | 289 | goto err; |
290 | 290 | /*- original, DRM 24-SEP-1997 |
291 | - BIO_set_fd ( c_to_s, "", chan ); | |
292 | - BIO_set_fd ( s_to_c, "", chan ); | |
291 | + BIO_set_fd ( c_to_s, "", chan ); | |
292 | + BIO_set_fd ( s_to_c, "", chan ); | |
293 | 293 | */ |
294 | 294 | BIO_set_fd(c_to_s, 0, chan); |
295 | 295 | BIO_set_fd(s_to_c, 0, chan); |
@@ -1845,40 +1845,40 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, | ||
1845 | 1845 | (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); |
1846 | 1846 | |
1847 | 1847 | do { |
1848 | - /*- | |
1849 | - * c_ssl_bio: SSL filter BIO | |
1850 | - * | |
1851 | - * client: pseudo-I/O for SSL library | |
1852 | - * | |
1853 | - * client_io: client's SSL communication; usually to be | |
1854 | - * relayed over some I/O facility, but in this | |
1855 | - * test program, we're the server, too: | |
1856 | - * | |
1857 | - * server_io: server's SSL communication | |
1858 | - * | |
1859 | - * server: pseudo-I/O for SSL library | |
1860 | - * | |
1861 | - * s_ssl_bio: SSL filter BIO | |
1862 | - * | |
1863 | - * The client and the server each employ a "BIO pair": | |
1864 | - * client + client_io, server + server_io. | |
1865 | - * BIO pairs are symmetric. A BIO pair behaves similar | |
1866 | - * to a non-blocking socketpair (but both endpoints must | |
1867 | - * be handled by the same thread). | |
1868 | - * [Here we could connect client and server to the ends | |
1869 | - * of a single BIO pair, but then this code would be less | |
1870 | - * suitable as an example for BIO pairs in general.] | |
1871 | - * | |
1872 | - * Useful functions for querying the state of BIO pair endpoints: | |
1873 | - * | |
1874 | - * BIO_ctrl_pending(bio) number of bytes we can read now | |
1875 | - * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil | |
1876 | - * other side's read attempt | |
1877 | - * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now | |
1878 | - * | |
1879 | - * ..._read_request is never more than ..._write_guarantee; | |
1880 | - * it depends on the application which one you should use. | |
1881 | - */ | |
1848 | + /*- | |
1849 | + * c_ssl_bio: SSL filter BIO | |
1850 | + * | |
1851 | + * client: pseudo-I/O for SSL library | |
1852 | + * | |
1853 | + * client_io: client's SSL communication; usually to be | |
1854 | + * relayed over some I/O facility, but in this | |
1855 | + * test program, we're the server, too: | |
1856 | + * | |
1857 | + * server_io: server's SSL communication | |
1858 | + * | |
1859 | + * server: pseudo-I/O for SSL library | |
1860 | + * | |
1861 | + * s_ssl_bio: SSL filter BIO | |
1862 | + * | |
1863 | + * The client and the server each employ a "BIO pair": | |
1864 | + * client + client_io, server + server_io. | |
1865 | + * BIO pairs are symmetric. A BIO pair behaves similar | |
1866 | + * to a non-blocking socketpair (but both endpoints must | |
1867 | + * be handled by the same thread). | |
1868 | + * [Here we could connect client and server to the ends | |
1869 | + * of a single BIO pair, but then this code would be less | |
1870 | + * suitable as an example for BIO pairs in general.] | |
1871 | + * | |
1872 | + * Useful functions for querying the state of BIO pair endpoints: | |
1873 | + * | |
1874 | + * BIO_ctrl_pending(bio) number of bytes we can read now | |
1875 | + * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil | |
1876 | + * other side's read attempt | |
1877 | + * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now | |
1878 | + * | |
1879 | + * ..._read_request is never more than ..._write_guarantee; | |
1880 | + * it depends on the application which one you should use. | |
1881 | + */ | |
1882 | 1882 | |
1883 | 1883 | /* |
1884 | 1884 | * We have non-blocking behaviour throughout this test program, but |
@@ -2266,10 +2266,10 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) | ||
2266 | 2266 | printf("server waiting in SSL_accept - %s\n", |
2267 | 2267 | SSL_state_string_long(s_ssl)); |
2268 | 2268 | /*- |
2269 | - else if (s_write) | |
2270 | - printf("server:SSL_write()\n"); | |
2271 | - else | |
2272 | - printf("server:SSL_read()\n"); */ | |
2269 | + else if (s_write) | |
2270 | + printf("server:SSL_write()\n"); | |
2271 | + else | |
2272 | + printf("server:SSL_read()\n"); */ | |
2273 | 2273 | } |
2274 | 2274 | |
2275 | 2275 | if (do_client && debug) { |
@@ -2277,10 +2277,10 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) | ||
2277 | 2277 | printf("client waiting in SSL_connect - %s\n", |
2278 | 2278 | SSL_state_string_long(c_ssl)); |
2279 | 2279 | /*- |
2280 | - else if (c_write) | |
2281 | - printf("client:SSL_write()\n"); | |
2282 | - else | |
2283 | - printf("client:SSL_read()\n"); */ | |
2280 | + else if (c_write) | |
2281 | + printf("client:SSL_write()\n"); | |
2282 | + else | |
2283 | + printf("client:SSL_read()\n"); */ | |
2284 | 2284 | } |
2285 | 2285 | |
2286 | 2286 | if (!do_client && !do_server) { |
@@ -86,13 +86,13 @@ char *argv[]; | ||
86 | 86 | METH_arg(tmp2, METH_TYPE_DIR, "/usr/local/ssl/certs"); |
87 | 87 | METH_push(top, METH_X509_CA_BY_SUBJECT, tmp2); |
88 | 88 | |
89 | -/*- tmp=METH_new(x509_by_issuer_dir); | |
90 | - METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); | |
91 | - METH_push(top,METH_X509_BY_ISSUER,tmp); | |
89 | +/*- tmp=METH_new(x509_by_issuer_dir); | |
90 | + METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); | |
91 | + METH_push(top,METH_X509_BY_ISSUER,tmp); | |
92 | 92 | |
93 | - tmp=METH_new(x509_by_issuer_primary); | |
94 | - METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); | |
95 | - METH_push(top,METH_X509_BY_ISSUER,tmp); | |
93 | + tmp=METH_new(x509_by_issuer_primary); | |
94 | + METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); | |
95 | + METH_push(top,METH_X509_BY_ISSUER,tmp); | |
96 | 96 | */ |
97 | 97 | |
98 | 98 | METH_init(top); |