Additional comment changes for reformat of 1.0.0

Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell
2015-01-16 09:21:50 +00:00
parent 89f6c5b492
commit a25d0527b7
70 changed files with 210 additions and 138 deletions

View File

@@ -23,7 +23,7 @@
#if !defined(RC4_INT)
/* using int types make the structure larger but make the code faster
* on most boxes I have tested - up to %20 faster. */
/*
/*-
* I don't know what does "most" mean, but declaring "int" is a must on:
* - Intel P6 because partial register stalls are very expensive;
* - elder Alpha because it lacks byte load/store instructions;

View File

@@ -289,7 +289,7 @@ end:
OPENSSL_EXIT(ret);
}
/*
/*-
*----------------------------------------------------------------------
* int add_certs_from_file
*

View File

@@ -121,7 +121,7 @@ int MAIN(int argc, char **argv)
}
else if (strcmp(*argv,"-2") == 0)
g=2;
/* else if (strcmp(*argv,"-3") == 0)
/*- else if (strcmp(*argv,"-3") == 0)
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;

View File

@@ -199,7 +199,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
{
if (cert_file != NULL)
{
/*
/*-
SSL *ssl;
X509 *x509;
*/

View File

@@ -1303,7 +1303,7 @@ SSL_set_tlsext_status_ids(con, ids);
openssl_fdset(SSL_get_fd(con),&writefds);
}
#endif
/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
/*- printf("mode tty(%d %d%d) ssl(%d%d)\n",
tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
/* Note: under VMS with SOCKETSHR the second parameter

View File

@@ -556,7 +556,7 @@ end:
OPENSSL_EXIT(ret);
}
/***********************************************************************
/*-
* doConnection - make a connection
* Args:
* scon = earlier ssl connection for session id, or NULL

View File

@@ -53,7 +53,8 @@
*
*/
/* Usage: winrand [filename]
/*-
* Usage: winrand [filename]
*
* Collects entropy from mouse movements and other events and writes
* random data to filename or .rnd

View File

@@ -60,7 +60,8 @@
* something to watch out for. This was fine on linux/NT/Solaris but not
* Alpha */
/* it is basically an example of
/*-
* it is basically an example of
* func(*(a++),*(a++))
* which parameter is evaluated first? It is not defined in ASN1 C.
*/

View File

@@ -14,7 +14,8 @@
* copies of the valiable, one in a register and one being an address
* that is passed. */
/* compare the out put from
/*-
* compare the out put from
* gcc dggccbug.c; ./a.out
* and
* gcc -O dggccbug.c; ./a.out

View File

@@ -11,7 +11,8 @@
* Gage <agage@forgetmenot.Mines.EDU>
*/
/* Compare the output from
/*-
* Compare the output from
* cc sgiccbug.c; ./a.out
* and
* cc -O sgiccbug.c; ./a.out

View File

@@ -1,6 +1,7 @@
#include <stdio.h>
/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
/*-
* This is a cc optimiser bug for ultrix 4.3, mips CPU.
* What happens is that the compiler, due to the (a)&7,
* does
* i=a&7;

View File

@@ -86,7 +86,7 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
}
/*
/*-
* This converts an ASN1 INTEGER into its content encoding.
* The internal representation is an ASN1_STRING whose data is a big endian
* representation of the value, ignoring the sign. The sign is determined by

View File

@@ -86,7 +86,8 @@ unsigned long ASN1_STRING_get_default_mask(void)
return global_mask;
}
/* This function sets the default to various "flavours" of configuration.
/*-
* This function sets the default to various "flavours" of configuration.
* based on an ASCII string. Currently this is:
* MASK:XXXX : a numerical mask value.
* nobmp : Don't use BMPStrings (just Printable, T61).

View File

@@ -361,7 +361,7 @@ err:\
if (((arg)=func()) == NULL) return(NULL)
#define M_ASN1_New_Error(a) \
/* err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
/*- err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
return(NULL);*/ \
err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
return(NULL)

View File

@@ -579,7 +579,8 @@ const char *sname; /* Structure name */
#endif
};
/* These are values for the itype field and
/*-
* These are values for the itype field and
* determine how the type is interpreted.
*
* For PRIMITIVE types the underlying type

View File

@@ -915,7 +915,8 @@ static void mime_param_free(MIME_PARAM *param)
OPENSSL_free(param);
}
/* Check for a multipart boundary. Returns:
/*-
* Check for a multipart boundary. Returns:
* 0 : no boundary
* 1 : part boundary
* 2 : final boundary

View File

@@ -102,7 +102,8 @@ void ASN1_add_oid_module(void)
CONF_module_add("oid_section", oid_module_init, oid_module_finish);
}
/* Create an OID based on a name value pair. Accept two formats.
/*-
* Create an OID based on a name value pair. Accept two formats.
* shortname = 1.2.3.4
* shortname = some long name, 1.2.3.4
*/

View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/*
/*-
* 03-Dec-1997 rdenny@dc3.com Fix bug preventing use of stdin/stdout
* with binary data (e.g. asn1parse -inform DER < xxx) under
* Windows

View File

@@ -641,7 +641,8 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_CTX *ctx); /* r^2 + r = a mod p */
#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
/* Some functions allow for representation of the irreducible polynomials
/*-
* Some functions allow for representation of the irreducible polynomials
* as an unsigned int[], say p. The irreducible f(t) is then of the form:
* t^p[0] + t^p[1] + ... + t^p[k]
* where m = p[0] > p[1] > ... > p[k] = 0.

View File

@@ -3,7 +3,8 @@
#include "bn.h"
/* "First Oakley Default Group" from RFC2409, section 6.1.
/*-
* "First Oakley Default Group" from RFC2409, section 6.1.
*
* The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
*
@@ -26,7 +27,8 @@ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
}
/* "Second Oakley Default Group" from RFC2409, section 6.2.
/*-
* "Second Oakley Default Group" from RFC2409, section 6.2.
*
* The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
*
@@ -52,7 +54,8 @@ BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
}
/* "1536-bit MODP Group" from RFC3526, Section 2.
/*-
* "1536-bit MODP Group" from RFC3526, Section 2.
*
* The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
*
@@ -83,7 +86,8 @@ BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
}
/* "2048-bit MODP Group" from RFC3526, Section 3.
/*-
* "2048-bit MODP Group" from RFC3526, Section 3.
*
* The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
*
@@ -119,7 +123,8 @@ BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
}
/* "3072-bit MODP Group" from RFC3526, Section 4.
/*-
* "3072-bit MODP Group" from RFC3526, Section 4.
*
* The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
*
@@ -165,7 +170,8 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
}
/* "4096-bit MODP Group" from RFC3526, Section 5.
/*-
* "4096-bit MODP Group" from RFC3526, Section 5.
*
* The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
*
@@ -222,7 +228,8 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
}
/* "6144-bit MODP Group" from RFC3526, Section 6.
/*-
* "6144-bit MODP Group" from RFC3526, Section 6.
*
* The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
*
@@ -300,7 +307,8 @@ BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
}
/* "8192-bit MODP Group" from RFC3526, Section 7.
/*-
* "8192-bit MODP Group" from RFC3526, Section 7.
*
* The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
*

View File

@@ -131,7 +131,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
&& !defined(PEDANTIC) && !defined(BN_DIV3W)
# if defined(__GNUC__) && __GNUC__>=2
# if defined(__i386) || defined (__i386__)
/*
/*-
* There were two reasons for implementing this template:
* - GNU C generates a call to a function (__udivdi3 to be exact)
* in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to

View File

@@ -251,7 +251,8 @@ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
}
/* Some functions allow for representation of the irreducible polynomials
/*-
* Some functions allow for representation of the irreducible polynomials
* as an int[], say p. The irreducible f(t) is then of the form:
* t^p[0] + t^p[1] + ... + t^p[k]
* where m = p[0] > p[1] > ... > p[k] = 0.

View File

@@ -66,7 +66,8 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
int ret = -2; /* avoid 'uninitialized' warning */
int err = 0;
BIGNUM *A, *B, *tmp;
/* In 'tab', only odd-indexed entries are relevant:
/*-
* In 'tab', only odd-indexed entries are relevant:
* For any odd BIGNUM n,
* tab[BN_lsw(n) & 7]
* is $(-1)^{(n^2-1)/8}$ (using TeX notation).

View File

@@ -108,7 +108,8 @@ char *BN_bn2dec(const BIGNUM *a)
BIGNUM *t=NULL;
BN_ULONG *bn_data=NULL,*lp;
/* get an upper bound for the length of the decimal integer
/*-
* get an upper bound for the length of the decimal integer
* num <= (BN_num_bits(a) + 1) * log(2)
* <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
* <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1

View File

@@ -125,7 +125,7 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
};

View File

@@ -511,7 +511,8 @@ int CRYPTO_remove_all_info(void);
/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
* used as default in CRYPTO_MDEBUG compilations): */
/* The last argument has the following significance:
/*-
* The last argument has the following significance:
*
* 0: called before the actual memory allocation has taken place
* 1: called after the actual memory allocation has taken place

View File

@@ -233,7 +233,8 @@ int main(int argc, char **argv)
}
}
if (error) usage();
/* We either
/*-
* We either
* do checksum or
* do encrypt or
* do decrypt or

View File

@@ -205,7 +205,8 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
}
else
{
/* >output is a multiple of 8 byes, if len < rnum
/*-
* >output is a multiple of 8 byes, if len < rnum
* >we must be careful. The user must be aware that this
* >routine will write more bytes than he asked for.
* >The length of the buffer must be correct.

View File

@@ -105,7 +105,7 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in,
}
if (save)
{
/* v0=ti[0];
/*- v0=ti[0];
v1=ti[1];*/
iv = &(*ivec)[0];
l2c(v0,iv);

View File

@@ -56,7 +56,8 @@
* [including the GNU Public Licence.]
*/
/* set_key.c v 1.4 eay 24/9/91
/*-
* set_key.c v 1.4 eay 24/9/91
* 1.4 Speed up by 400% :-)
* 1.3 added register declarations.
* 1.2 unrolled make_key_sched a bit more

View File

@@ -68,7 +68,8 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
}
/* data has already been hashed (probably with SHA or SHA-1). */
/* returns
/*-
* returns
* 1: correct signature
* 0: incorrect signature
* -1: error

View File

@@ -402,7 +402,7 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
}
#ifdef __sgi
/*
/*-
This is a quote from IRIX manual for dladdr(3c):
<dlfcn.h> does not contain a prototype for dladdr or definition of

View File

@@ -10,7 +10,8 @@ static void *dummy=&dummy;
#else /*CHARSET_EBCDIC*/
#include "ebcdic.h"
/* Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De>
/*-
* Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De>
* Adapted for OpenSSL-0.9.4 by <Martin.Kraemer@Mch.SNI.De>
*/

View File

@@ -406,7 +406,8 @@ int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_
}
/* Calculates and sets the affine coordinates of an EC_POINT from the given
/*-
* Calculates and sets the affine coordinates of an EC_POINT from the given
* compressed coordinates. Uses algorithm 2.3.4 of SEC 1.
* Note that the simple implementation only uses affine coordinates.
*
@@ -868,7 +869,8 @@ int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
}
/* Determines whether the given EC_POINT is an actual point on the curve defined
/*-
* Determines whether the given EC_POINT is an actual point on the curve defined
* in the EC_GROUP. A point is valid if it satisfies the Weierstrass equation:
* y^2 + x*y = x^3 + a*x^2 + b.
*/

View File

@@ -182,7 +182,8 @@ static void ec_pre_comp_clear_free(void *pre_)
/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
/*-
* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
* This is an array r[] of values that are either zero or odd with an
* absolute value less than 2^w satisfying
* scalar = \sum_j r[j]*2^j
@@ -337,7 +338,8 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
(b) >= 20 ? 2 : \
1))
/* Compute
/*-
* Compute
* \sum scalars[i]*points[i],
* also including
* scalar*generator

View File

@@ -663,7 +663,8 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *po
y = BN_CTX_get(ctx);
if (y == NULL) goto err;
/* Recover y. We have a Weierstrass equation
/*-
* Recover y. We have a Weierstrass equation
* y^2 = x^3 + a*x + b,
* so y is one of the square roots of x^3 + a*x + b.
*/
@@ -1222,8 +1223,10 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_
if (!field_mul(group, n1, n0, n2, ctx)) goto err;
if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
/* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
* = 3 * X_a^2 - 3 * Z_a^4 */
/*-
* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
* = 3 * X_a^2 - 3 * Z_a^4
*/
}
else
{
@@ -1393,7 +1396,8 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C
int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
{
/* return values:
/*-
* return values:
* -1 error
* 0 equal (in affine coordinates)
* 1 not equal

View File

@@ -190,7 +190,7 @@ static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
BIGNUM *h = BN_new();
BIGNUM *t = BN_new();
/*
/*-
* r in [0,q)
* XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
*/

View File

@@ -450,7 +450,7 @@ unsigned long lh_strhash(const char *c)
if ((c == NULL) || (*c == '\0'))
return(ret);
/*
/*-
unsigned char b[16];
MD5(c,strlen(c),b);
return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));

View File

@@ -86,7 +86,7 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
#include "md32_common.h"
/*
/*-
#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z))))
*/

View File

@@ -142,7 +142,8 @@ static LHASH_OF(MEM) *mh=NULL; /* hash-table of memory requests
typedef struct app_mem_info_st
/* For application-defined information (static C-string `info')
/*-
* For application-defined information (static C-string `info')
* to be displayed in memory leak list.
* Each thread has its own stack. For applications, there is
* CRYPTO_push_info("...") to push an entry,

View File

@@ -106,8 +106,10 @@ static FILE *(*const vms_fopen)(const char *, const char *, ...) =
int RAND_load_file(const char *file, long bytes)
{
/* If bytes >= 0, read up to 'bytes' bytes.
* if bytes == -1, read complete file. */
/*-
* If bytes >= 0, read up to 'bytes' bytes.
* if bytes == -1, read complete file.
*/
MS_STATIC unsigned char buf[BUFSIZE];
#ifndef OPENSSL_NO_POSIX_IO

View File

@@ -59,7 +59,8 @@
#include <openssl/rc4.h>
#include "rc4_locl.h"
/* RC4 as implemented from a posting from
/*-
* RC4 as implemented from a posting from
* Newsgroups: sci.crypt
* From: sterndark@netcom.com (David Sterndark)
* Subject: RC4 Algorithm revealed.

View File

@@ -77,7 +77,8 @@ const char *RC4_options(void)
#endif
}
/* RC4 as implemented from a posting from
/*-
* RC4 as implemented from a posting from
* Newsgroups: sci.crypt
* From: sterndark@netcom.com (David Sterndark)
* Subject: RC4 Algorithm revealed.

View File

@@ -350,7 +350,7 @@ end:
fprintf(stderr,"-----\n");
lh_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n");
/* lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
/*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n"); */
lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n");
@@ -390,7 +390,7 @@ int ndoit(SSL_CTX *ssl_ctx[2])
fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
for (i=0; i<number_of_loops; i++)
{
/* fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
/*- fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
CRYPTO_thread_id(),i,
ssl_ctx[0]->references,
ssl_ctx[1]->references); */

View File

@@ -125,7 +125,7 @@ static struct
/* Functions for verifying a signed TS_TST_INFO structure. */
/*
/*-
* This function carries out the following tasks:
* - Checks if there is one and only one signer.
* - Search for the signing certificate in 'certs' and in the response.
@@ -353,7 +353,7 @@ static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo)
return 0;
}
/*
/*-
* Verifies whether 'response' contains a valid response with regards
* to the settings of the context:
* - Gives an error message if the TS_TST_INFO is not present.

View File

@@ -157,34 +157,36 @@ int UI_dup_error_string(UI *ui, const char *text);
might get confused. */
#define UI_INPUT_FLAG_DEFAULT_PWD 0x02
/* The user of these routines may want to define flags of their own. The core
UI won't look at those, but will pass them on to the method routines. They
must use higher bits so they don't get confused with the UI bits above.
UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good
example of use is this:
#define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
/*-
* The user of these routines may want to define flags of their own. The core
* UI won't look at those, but will pass them on to the method routines. They
* must use higher bits so they don't get confused with the UI bits above.
* UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good
* example of use is this:
*
* #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
*
*/
#define UI_INPUT_FLAG_USER_BASE 16
/* The following function helps construct a prompt. object_desc is a
textual short description of the object, for example "pass phrase",
and object_name is the name of the object (might be a card name or
a file name.
The returned string shall always be allocated on the heap with
OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
If the ui_method doesn't contain a pointer to a user-defined prompt
constructor, a default string is built, looking like this:
"Enter {object_desc} for {object_name}:"
So, if object_desc has the value "pass phrase" and object_name has
the value "foo.key", the resulting string is:
"Enter pass phrase for foo.key:"
/*-
* The following function helps construct a prompt. object_desc is a
* textual short description of the object, for example "pass phrase",
* and object_name is the name of the object (might be a card name or
* a file name.
* The returned string shall always be allocated on the heap with
* OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
*
* If the ui_method doesn't contain a pointer to a user-defined prompt
* constructor, a default string is built, looking like this:
*
* "Enter {object_desc} for {object_name}:"
*
* So, if object_desc has the value "pass phrase" and object_name has
* the value "foo.key", the resulting string is:
*
* "Enter pass phrase for foo.key:"
*/
char *UI_construct_prompt(UI *ui_method,
const char *object_desc, const char *object_name);

View File

@@ -469,7 +469,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
/* If we were going to up the reference count,
* we would need to do it on a perl 'type'
* basis */
/* CRYPTO_add(&tmp->data.x509->references,1,
/*- CRYPTO_add(&tmp->data.x509->references,1,
CRYPTO_LOCK_X509);*/
goto finish;
}

View File

@@ -320,7 +320,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
return 0;
}
/* if (ret->data.ptr != NULL)
/*- if (ret->data.ptr != NULL)
X509_OBJECT_free_contents(ret); */
ret->type=tmp->type;

View File

@@ -84,7 +84,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
{
if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
if (!ASN1_INTEGER_set(xi->version,2)) goto err;
/* xi->extensions=ri->attributes; <- bad, should not ever be done
/*- xi->extensions=ri->attributes; <- bad, should not ever be done
ri->attributes=NULL; */
}

View File

@@ -459,13 +459,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
int allow_proxy_certs;
cb=ctx->verify_cb;
/* must_be_ca can have 1 of 3 values:
-1: we accept both CA and non-CA certificates, to allow direct
use of self-signed certificates (which are marked as CA).
0: we only accept non-CA certificates. This is currently not
used, but the possibility is present for future extensions.
1: we only accept CA certificates. This is currently used for
all certificates in the chain except the leaf certificate.
/*-
* must_be_ca can have 1 of 3 values:
* -1: we accept both CA and non-CA certificates, to allow direct
* use of self-signed certificates (which are marked as CA).
* 0: we only accept non-CA certificates. This is currently not
* used, but the possibility is present for future extensions.
* 1: we only accept CA certificates. This is currently used for
* all certificates in the chain except the leaf certificate.
*/
must_be_ca = -1;

View File

@@ -100,7 +100,8 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
return extlist;
}
/* Currently two options:
/*-
* Currently two options:
* keyid: use the issuers subject keyid, the value 'always' means its is
* an error if the issuer certificate doesn't have a key id.
* issuer: use the issuers cert issuer and serial number. The default is

View File

@@ -1,7 +1,8 @@
/* NOCW */
/* demos/bio/saccept.c */
/* A minimal program to server an SSL connection.
/*-
* A minimal program to server an SSL connection.
* It uses blocking.
* saccept host:port
* host is the interface IP to use. If any interface, use *:port

View File

@@ -1,7 +1,8 @@
/* NOCW */
/* demos/bio/sconnect.c */
/* A minimal program to do SSL to a passed host and port.
/*-
* A minimal program to do SSL to a passed host and port.
* It is actually using non-blocking IO but in a very simple manner
* sconnect host:port - it does a 'GET / HTTP/1.0'
*

View File

@@ -1,5 +1,5 @@
/* -*- Mode: C; c-file-style: "bsd" -*- */
/*
/*-
* easy-tls.c -- generic TLS proxy.
* $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
*/
@@ -62,7 +62,7 @@
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
/*-
* Attribution for OpenSSL library:
*
* This product includes cryptographic software written by Eric Young
@@ -124,7 +124,8 @@ static char const rcsid[] =
# include TLS_APP
#endif
/* Applications can define:
/*-
* Applications can define:
* TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
* TLS_CUMULATE_ERRORS
* TLS_ERROR_BUFSIZ

View File

@@ -1,5 +1,5 @@
/* -*- Mode: C; c-file-style: "bsd" -*- */
/*
/*-
* easy-tls.h -- generic TLS proxy.
* $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
*/

View File

@@ -62,7 +62,7 @@ typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
| RSA Key Token format |
*------------------------------------------------*/
/*
/*-
* NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format
@@ -86,7 +86,7 @@ typedef struct _ICA_KEY_RSA_MODEXPO
} ICA_KEY_RSA_MODEXPO;
#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
/*
/*-
* NOTE: All the fields in the ICA_KEY_RSA_CRT structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format

View File

@@ -114,7 +114,8 @@ typedef struct ZEN_data_st
/* output : output data buffer */
/* input : input data buffer */
/* algo : hash algorithm, MD5 or SHA1 */
/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
/*-
* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
* typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
*/
/* For now separate this stuff that mad it easier to test */

View File

@@ -1,5 +1,6 @@
/* NOCW */
/* demos/spkigen.c
/*-
* demos/spkigen.c
* 18-Mar-1997 - eay - A quick hack :-)
* version 1.1, it would probably help to save or load the
* private key :-)

View File

@@ -5,7 +5,8 @@
/* For callbacks generating output, here are their file-descriptors. */
static FILE *fp_cb_ssl_info = NULL;
static FILE *fp_cb_ssl_verify = NULL;
/* Output level:
/*-
* Output level:
* 0 = nothing,
* 1 = minimal, just errors,
* 2 = minimal, all steps,

View File

@@ -1065,9 +1065,11 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
{
largenum.value = buf;
largenum.nbytes = sizeof(buf32);
/* tell CryptoSwift how many bytes we want and where we want it.
/*-
* tell CryptoSwift how many bytes we want and where we want it.
* Note: - CryptoSwift cannot do more than 4096 bytes at a time.
* - CryptoSwift can only do multiple of 32-bits. */
* - CryptoSwift can only do multiple of 32-bits.
*/
swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
if (swrc != SW_OK)
{

View File

@@ -287,7 +287,7 @@ struct padlock_cipher_data
static volatile struct padlock_cipher_data *padlock_saved_context;
#endif
/*
/*-
* =======================================================
* Inline assembler section(s).
* =======================================================
@@ -846,7 +846,7 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
return 1;
}
/*
/*-
* Simplified version of padlock_aes_cipher() used when
* 1) both input and output buffers are at aligned addresses.
* or when

View File

@@ -924,7 +924,8 @@ int dtls1_send_client_key_exchange(SSL *s)
goto err;
}
/* 20010406 VRS - Earlier versions used KRB5 AP_REQ
/*-
* 20010406 VRS - Earlier versions used KRB5 AP_REQ
** in place of RFC 2712 KerberosWrapper, as in:
**
** Send ticket (copy to *p, set n = length)
@@ -970,11 +971,12 @@ int dtls1_send_client_key_exchange(SSL *s)
if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
goto err;
/* 20010420 VRS. Tried it this way; failed.
** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
** kssl_ctx->length);
** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
/*-
* 20010420 VRS. Tried it this way; failed.
* EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
* EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
* kssl_ctx->length);
* EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
*/
memset(iv, 0, sizeof iv); /* per RFC 1510 */
@@ -1353,7 +1355,7 @@ int dtls1_send_client_key_exchange(SSL *s)
d = dtls1_set_message_header(s, d,
SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
/*
/*-
*(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
l2n3(n,d);
l2n(s->d1->handshake_write_seq,d);

View File

@@ -126,14 +126,16 @@
#include <openssl/des.h>
#endif
/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
/*-
* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* short etc).
* 1: if the record's padding is valid / the encryption was successful.
* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
* an internal error occured. */
* an internal error occured.
*/
int dtls1_enc(SSL *s, int send)
{
SSL3_RECORD *rec;

View File

@@ -410,10 +410,12 @@ dtls1_process_record(SSL *s)
rr->data=rr->input;
enc_err = s->method->ssl3_enc->enc(s,0);
/* enc_err is:
/*-
* enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 1: if the padding is valid
* -1: if the padding is invalid */
* -1: if the padding is invalid
*/
if (enc_err == 0)
{
/* For DTLS we simply ignore bad packets. */
@@ -970,9 +972,11 @@ start:
}
}
/* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
/*-
* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
* s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
* (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
* (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
*/
/* If we are a client, check for an incoming 'Hello Request': */
if ((!s->server) &&

View File

@@ -1301,7 +1301,8 @@ kssl_TKT2tkt( /* IN */ krb5_context krb5context,
}
/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
/*-
* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
* and krb5 AP_REQ message & message length,
* Return Kerberos session key and client principle
* to SSL Server in KSSL_CTX *kssl_ctx.

View File

@@ -99,7 +99,8 @@ typedef unsigned char krb5_octet;
#endif
/* Uncomment this to debug kssl problems or
/*-
* Uncomment this to debug kssl problems or
* to trace usage of the Kerberos session key
*
* #define KSSL_DEBUG

View File

@@ -572,16 +572,20 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
}
else if ((bs <= 1) && (!s->s2->escape))
{
/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
/*-
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
*/
s->s2->three_byte_header=0;
p=0;
}
else /* we may have to use a 3 byte header */
{
/* If s->s2->escape is not set, then
/*-
* If s->s2->escape is not set, then
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER.
*/
p=(j%bs);
p=(p == 0)?0:(bs-p);
if (s->s2->escape)
@@ -595,7 +599,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
}
}
/* Now
/*-
* Now
* j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
* holds, and if s->s2->three_byte_header is set, then even
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.

View File

@@ -465,7 +465,8 @@ void ssl3_cleanup_key_block(SSL *s)
s->s3->tmp.key_block_length=0;
}
/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
/*-
* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
@@ -744,7 +745,8 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
* data we are hashing because that gives an attacker a
* timing-oracle. */
/* npad is, at most, 48 bytes and that's with MD5:
/*-
* npad is, at most, 48 bytes and that's with MD5:
* 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
*
* With SHA-1 (the largest hash speced for SSLv3) the hash size

View File

@@ -171,7 +171,8 @@ extern "C" {
#endif
/* SSLeay version number for ASN.1 encoding of the session information */
/* Version 0 - initial version
/*-
* Version 0 - initial version
* Version 1 - added the optional peer certificate
*/
#define SSL_SESSION_ASN1_VERSION 0x0001
@@ -1264,10 +1265,12 @@ extern "C" {
#define SSL_ST_READ_BODY 0xF1
#define SSL_ST_READ_DONE 0xF2
/* Obtain latest Finished message
/*-
* Obtain latest Finished message
* -- that we sent (SSL_get_finished)
* -- that we expected from peer (SSL_get_peer_finished).
* Returns length (0 == no Finished so far), copies up to 'count' bytes. */
* Returns length (0 == no Finished so far), copies up to 'count' bytes.
*/
size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);

View File

@@ -448,7 +448,7 @@
* SSL_aDSS <- DSA_SIGN
*/
/*
/*-
#define CERT_INVALID 0
#define CERT_PUBLIC_KEY 1
#define CERT_PRIVATE_KEY 2