Additional comment changes for reformat of 0.9.8
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell
@@ -906,7 +906,8 @@ int dtls1_send_client_key_exchange(SSL *s)
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* 20010406 VRS - Earlier versions used KRB5 AP_REQ
|
||||
/*-
|
||||
* 20010406 VRS - Earlier versions used KRB5 AP_REQ
|
||||
** in place of RFC 2712 KerberosWrapper, as in:
|
||||
**
|
||||
** Send ticket (copy to *p, set n = length)
|
||||
@@ -952,12 +953,13 @@ int dtls1_send_client_key_exchange(SSL *s)
|
||||
if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
|
||||
goto err;
|
||||
|
||||
/* 20010420 VRS. Tried it this way; failed.
|
||||
** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
|
||||
** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
|
||||
** kssl_ctx->length);
|
||||
** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
|
||||
*/
|
||||
/*-
|
||||
* 20010420 VRS. Tried it this way; failed.
|
||||
* EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
|
||||
* EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
|
||||
* kssl_ctx->length);
|
||||
* EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
|
||||
*/
|
||||
|
||||
memset(iv, 0, sizeof iv); /* per RFC 1510 */
|
||||
EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
|
||||
@@ -1060,7 +1062,7 @@ int dtls1_send_client_key_exchange(SSL *s)
|
||||
|
||||
d = dtls1_set_message_header(s, d,
|
||||
SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
|
||||
/*
|
||||
/*-
|
||||
*(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
|
||||
l2n3(n,d);
|
||||
l2n(s->d1->handshake_write_seq,d);
|
||||
|
||||
@@ -126,14 +126,16 @@
|
||||
#include <openssl/des.h>
|
||||
#endif
|
||||
|
||||
/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
|
||||
/*-
|
||||
* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
|
||||
*
|
||||
* Returns:
|
||||
* 0: (in non-constant time) if the record is publically invalid (i.e. too
|
||||
* short etc).
|
||||
* 1: if the record's padding is valid / the encryption was successful.
|
||||
* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
|
||||
* an internal error occured. */
|
||||
* an internal error occured.
|
||||
*/
|
||||
int dtls1_enc(SSL *s, int send)
|
||||
{
|
||||
SSL3_RECORD *rec;
|
||||
|
||||
12
ssl/d1_pkt.c
12
ssl/d1_pkt.c
@@ -364,10 +364,12 @@ dtls1_process_record(SSL *s)
|
||||
rr->data=rr->input;
|
||||
|
||||
enc_err = s->method->ssl3_enc->enc(s,0);
|
||||
/* enc_err is:
|
||||
/*-
|
||||
* enc_err is:
|
||||
* 0: (in non-constant time) if the record is publically invalid.
|
||||
* 1: if the padding is valid
|
||||
* -1: if the padding is invalid */
|
||||
* -1: if the padding is invalid
|
||||
*/
|
||||
if (enc_err == 0)
|
||||
{
|
||||
/* For DTLS we simply ignore bad packets. */
|
||||
@@ -919,9 +921,11 @@ start:
|
||||
}
|
||||
}
|
||||
|
||||
/* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
|
||||
/*-
|
||||
* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
|
||||
* s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
|
||||
* (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
|
||||
* (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
|
||||
*/
|
||||
|
||||
/* If we are a client, check for an incoming 'Hello Request': */
|
||||
if ((!s->server) &&
|
||||
|
||||
@@ -1300,7 +1300,8 @@ kssl_TKT2tkt( /* IN */ krb5_context krb5context,
|
||||
}
|
||||
|
||||
|
||||
/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
|
||||
/*-
|
||||
* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
|
||||
* and krb5 AP_REQ message & message length,
|
||||
* Return Kerberos session key and client principle
|
||||
* to SSL Server in KSSL_CTX *kssl_ctx.
|
||||
|
||||
@@ -90,7 +90,8 @@ typedef unsigned char krb5_octet;
|
||||
|
||||
#endif
|
||||
|
||||
/* Uncomment this to debug kssl problems or
|
||||
/*-
|
||||
* Uncomment this to debug kssl problems or
|
||||
* to trace usage of the Kerberos session key
|
||||
*
|
||||
* #define KSSL_DEBUG
|
||||
|
||||
15
ssl/s2_pkt.c
15
ssl/s2_pkt.c
@@ -561,16 +561,20 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
|
||||
}
|
||||
else if ((bs <= 1) && (!s->s2->escape))
|
||||
{
|
||||
/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
|
||||
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
|
||||
/*-
|
||||
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
|
||||
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
|
||||
*/
|
||||
s->s2->three_byte_header=0;
|
||||
p=0;
|
||||
}
|
||||
else /* we may have to use a 3 byte header */
|
||||
{
|
||||
/* If s->s2->escape is not set, then
|
||||
/*-
|
||||
* If s->s2->escape is not set, then
|
||||
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
|
||||
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
|
||||
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER.
|
||||
*/
|
||||
p=(j%bs);
|
||||
p=(p == 0)?0:(bs-p);
|
||||
if (s->s2->escape)
|
||||
@@ -584,7 +588,8 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
|
||||
}
|
||||
}
|
||||
|
||||
/* Now
|
||||
/*-
|
||||
* Now
|
||||
* j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
|
||||
* holds, and if s->s2->three_byte_header is set, then even
|
||||
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
|
||||
|
||||
@@ -433,7 +433,8 @@ void ssl3_cleanup_key_block(SSL *s)
|
||||
s->s3->tmp.key_block_length=0;
|
||||
}
|
||||
|
||||
/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
|
||||
/*-
|
||||
* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
|
||||
*
|
||||
* Returns:
|
||||
* 0: (in non-constant time) if the record is publically invalid (i.e. too
|
||||
@@ -619,7 +620,8 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
|
||||
* data we are hashing because that gives an attacker a
|
||||
* timing-oracle. */
|
||||
|
||||
/* npad is, at most, 48 bytes and that's with MD5:
|
||||
/*-
|
||||
* npad is, at most, 48 bytes and that's with MD5:
|
||||
* 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
|
||||
*
|
||||
* With SHA-1 (the largest hash speced for SSLv3) the hash size
|
||||
|
||||
@@ -198,7 +198,8 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
/* SSLeay version number for ASN.1 encoding of the session information */
|
||||
/* Version 0 - initial version
|
||||
/*-
|
||||
* Version 0 - initial version
|
||||
* Version 1 - added the optional peer certificate
|
||||
*/
|
||||
#define SSL_SESSION_ASN1_VERSION 0x0001
|
||||
@@ -1134,10 +1135,12 @@ extern "C" {
|
||||
#define SSL_ST_READ_BODY 0xF1
|
||||
#define SSL_ST_READ_DONE 0xF2
|
||||
|
||||
/* Obtain latest Finished message
|
||||
/*-
|
||||
* Obtain latest Finished message
|
||||
* -- that we sent (SSL_get_finished)
|
||||
* -- that we expected from peer (SSL_get_peer_finished).
|
||||
* Returns length (0 == no Finished so far), copies up to 'count' bytes. */
|
||||
* Returns length (0 == no Finished so far), copies up to 'count' bytes.
|
||||
*/
|
||||
size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
|
||||
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
|
||||
|
||||
|
||||
@@ -885,7 +885,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
if (!found)
|
||||
break; /* ignore this entry */
|
||||
|
||||
/* New algorithms:
|
||||
/*-
|
||||
* New algorithms:
|
||||
* 1 - any old restrictions apply outside new mask
|
||||
* 2 - any new restrictions apply outside old mask
|
||||
* 3 - enforce old & new where masks intersect
|
||||
|
||||
@@ -396,7 +396,7 @@
|
||||
* SSL_aDSS <- DSA_SIGN
|
||||
*/
|
||||
|
||||
/*
|
||||
/*-
|
||||
#define CERT_INVALID 0
|
||||
#define CERT_PUBLIC_KEY 1
|
||||
#define CERT_PRIVATE_KEY 2
|
||||
|
||||
Reference in New Issue
Block a user