Further comment changes for reformat
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
		| @@ -23,7 +23,7 @@ | ||||
| #if !defined(RC4_INT) | ||||
| /* using int types make the structure larger but make the code faster | ||||
|  * on most boxes I have tested - up to %20 faster. */ | ||||
| /* | ||||
| /*- | ||||
|  * I don't know what does "most" mean, but declaring "int" is a must on: | ||||
|  * - Intel P6 because partial register stalls are very expensive; | ||||
|  * - elder Alpha because it lacks byte load/store instructions; | ||||
|   | ||||
| @@ -289,7 +289,7 @@ end: | ||||
| 	OPENSSL_EXIT(ret); | ||||
| 	} | ||||
|  | ||||
| /* | ||||
| /*- | ||||
|  *---------------------------------------------------------------------- | ||||
|  * int add_certs_from_file | ||||
|  * | ||||
|   | ||||
| @@ -121,7 +121,7 @@ int MAIN(int argc, char **argv) | ||||
| 			} | ||||
| 		else if (strcmp(*argv,"-2") == 0) | ||||
| 			g=2; | ||||
| 	/*	else if (strcmp(*argv,"-3") == 0) | ||||
| 	/*-	else if (strcmp(*argv,"-3") == 0) | ||||
| 			g=3; */ | ||||
| 		else if (strcmp(*argv,"-5") == 0) | ||||
| 			g=5; | ||||
|   | ||||
| @@ -199,7 +199,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) | ||||
| 	{ | ||||
| 	if (cert_file != NULL) | ||||
| 		{ | ||||
| 		/* | ||||
| 		/*- | ||||
| 		SSL *ssl; | ||||
| 		X509 *x509; | ||||
| 		*/ | ||||
|   | ||||
| @@ -438,20 +438,21 @@ static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g) | ||||
| 	return ret; | ||||
| 	} | ||||
|  | ||||
| /* This callback is used here for two purposes: | ||||
|    - extended debugging | ||||
|    - making some primality tests for unknown groups | ||||
|    The callback is only called for a non default group. | ||||
|  | ||||
|    An application does not need the call back at all if | ||||
|    only the stanard groups are used.  In real life situations,  | ||||
|    client and server already share well known groups,  | ||||
|    thus there is no need to verify them.  | ||||
|    Furthermore, in case that a server actually proposes a group that | ||||
|    is not one of those defined in RFC 5054, it is more appropriate  | ||||
|    to add the group to a static list and then compare since  | ||||
|    primality tests are rather cpu consuming. | ||||
| */ | ||||
| /*- | ||||
|  * This callback is used here for two purposes: | ||||
|  * - extended debugging | ||||
|  * - making some primality tests for unknown groups | ||||
|  * The callback is only called for a non default group. | ||||
|  * | ||||
|  * An application does not need the call back at all if | ||||
|  * only the stanard groups are used.  In real life situations,  | ||||
|  * client and server already share well known groups,  | ||||
|  * thus there is no need to verify them.  | ||||
|  * Furthermore, in case that a server actually proposes a group that | ||||
|  * is not one of those defined in RFC 5054, it is more appropriate  | ||||
|  * to add the group to a static list and then compare since  | ||||
|  * primality tests are rather cpu consuming. | ||||
|  */ | ||||
|  | ||||
| static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg) | ||||
| 	{ | ||||
| @@ -1606,7 +1607,7 @@ SSL_set_tlsext_status_ids(con, ids); | ||||
| 					openssl_fdset(SSL_get_fd(con),&writefds); | ||||
| 			} | ||||
| #endif | ||||
| /*			printf("mode tty(%d %d%d) ssl(%d%d)\n", | ||||
| /*-			printf("mode tty(%d %d%d) ssl(%d%d)\n", | ||||
| 				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/ | ||||
|  | ||||
| 			/* Note: under VMS with SOCKETSHR the second parameter | ||||
|   | ||||
| @@ -550,7 +550,7 @@ end: | ||||
| 	OPENSSL_EXIT(ret); | ||||
| 	} | ||||
|  | ||||
| /*********************************************************************** | ||||
| /*- | ||||
|  * doConnection - make a connection | ||||
|  * Args: | ||||
|  *		scon	= earlier ssl connection for session id, or NULL | ||||
|   | ||||
| @@ -53,7 +53,8 @@ | ||||
|  * | ||||
|  */ | ||||
|  | ||||
| /* Usage: winrand [filename] | ||||
| /*- | ||||
|  * Usage: winrand [filename] | ||||
|  * | ||||
|  * Collects entropy from mouse movements and other events and writes | ||||
|  * random data to filename or .rnd | ||||
|   | ||||
| @@ -11,7 +11,8 @@ | ||||
|  * Gage <agage@forgetmenot.Mines.EDU> | ||||
|  */ | ||||
|   | ||||
| /* Compare the output from | ||||
| /*- | ||||
|  * Compare the output from | ||||
|  * cc sgiccbug.c; ./a.out | ||||
|  * and | ||||
|  * cc -O sgiccbug.c; ./a.out | ||||
|   | ||||
| @@ -1,6 +1,7 @@ | ||||
| #include <stdio.h> | ||||
|  | ||||
| /* This is a cc optimiser bug for ultrix 4.3, mips CPU. | ||||
| /*- | ||||
|  * This is a cc optimiser bug for ultrix 4.3, mips CPU. | ||||
|  * What happens is that the compiler, due to the (a)&7, | ||||
|  * does | ||||
|  * i=a&7; | ||||
|   | ||||
| @@ -86,7 +86,7 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) | ||||
| 	} | ||||
| 	 | ||||
|  | ||||
| /*  | ||||
| /*-  | ||||
|  * This converts an ASN1 INTEGER into its content encoding. | ||||
|  * The internal representation is an ASN1_STRING whose data is a big endian | ||||
|  * representation of the value, ignoring the sign. The sign is determined by | ||||
|   | ||||
| @@ -86,7 +86,8 @@ unsigned long ASN1_STRING_get_default_mask(void) | ||||
| 	return global_mask; | ||||
| } | ||||
|  | ||||
| /* This function sets the default to various "flavours" of configuration. | ||||
| /*- | ||||
|  * This function sets the default to various "flavours" of configuration. | ||||
|  * based on an ASCII string. Currently this is: | ||||
|  * MASK:XXXX : a numerical mask value. | ||||
|  * nobmp : Don't use BMPStrings (just Printable, T61). | ||||
|   | ||||
| @@ -361,7 +361,7 @@ err:\ | ||||
| 	if (((arg)=func()) == NULL) return(NULL) | ||||
|  | ||||
| #define M_ASN1_New_Error(a) \ | ||||
| /*	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ | ||||
| /*-	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ | ||||
| 		return(NULL);*/ \ | ||||
| 	err2:	ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ | ||||
| 		return(NULL) | ||||
|   | ||||
| @@ -579,7 +579,8 @@ const char *sname;		/* Structure name */ | ||||
| #endif | ||||
| }; | ||||
|  | ||||
| /* These are values for the itype field and | ||||
| /*- | ||||
|  * These are values for the itype field and | ||||
|  * determine how the type is interpreted. | ||||
|  * | ||||
|  * For PRIMITIVE types the underlying type | ||||
|   | ||||
| @@ -915,7 +915,8 @@ static void mime_param_free(MIME_PARAM *param) | ||||
| 	OPENSSL_free(param); | ||||
| } | ||||
|  | ||||
| /* Check for a multipart boundary. Returns: | ||||
| /*- | ||||
|  * Check for a multipart boundary. Returns: | ||||
|  * 0 : no boundary | ||||
|  * 1 : part boundary | ||||
|  * 2 : final boundary | ||||
|   | ||||
| @@ -102,7 +102,8 @@ void ASN1_add_oid_module(void) | ||||
| 	CONF_module_add("oid_section", oid_module_init, oid_module_finish); | ||||
| 	} | ||||
|  | ||||
| /* Create an OID based on a name value pair. Accept two formats. | ||||
| /*- | ||||
|  * Create an OID based on a name value pair. Accept two formats. | ||||
|  * shortname = 1.2.3.4 | ||||
|  * shortname = some long name, 1.2.3.4 | ||||
|  */ | ||||
|   | ||||
| @@ -654,7 +654,8 @@ int	BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||||
| int	BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||||
| 	BN_CTX *ctx); /* r^2 + r = a mod p */ | ||||
| #define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) | ||||
| /* Some functions allow for representation of the irreducible polynomials | ||||
| /*- | ||||
|  * Some functions allow for representation of the irreducible polynomials | ||||
|  * as an unsigned int[], say p.  The irreducible f(t) is then of the form: | ||||
|  *     t^p[0] + t^p[1] + ... + t^p[k] | ||||
|  * where m = p[0] > p[1] > ... > p[k] = 0. | ||||
|   | ||||
| @@ -3,7 +3,8 @@ | ||||
|  | ||||
| #include "bn.h" | ||||
|  | ||||
| /* "First Oakley Default Group" from RFC2409, section 6.1. | ||||
| /*- | ||||
|  * "First Oakley Default Group" from RFC2409, section 6.1. | ||||
|  * | ||||
|  * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 } | ||||
|  * | ||||
| @@ -26,7 +27,8 @@ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) | ||||
| 	return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn); | ||||
| 	} | ||||
|  | ||||
| /* "Second Oakley Default Group" from RFC2409, section 6.2. | ||||
| /*- | ||||
|  * "Second Oakley Default Group" from RFC2409, section 6.2. | ||||
|  * | ||||
|  * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }. | ||||
|  * | ||||
| @@ -52,7 +54,8 @@ BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) | ||||
| 	return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn); | ||||
| 	} | ||||
|  | ||||
| /* "1536-bit MODP Group" from RFC3526, Section 2. | ||||
| /*- | ||||
|  * "1536-bit MODP Group" from RFC3526, Section 2. | ||||
|  * | ||||
|  * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } | ||||
|  * | ||||
| @@ -83,7 +86,8 @@ BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) | ||||
| 	return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn); | ||||
| 	} | ||||
|  | ||||
| /* "2048-bit MODP Group" from RFC3526, Section 3. | ||||
| /*- | ||||
|  * "2048-bit MODP Group" from RFC3526, Section 3. | ||||
|  * | ||||
|  * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } | ||||
|  * | ||||
| @@ -119,7 +123,8 @@ BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) | ||||
| 	return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn); | ||||
| 	} | ||||
|  | ||||
| /* "3072-bit MODP Group" from RFC3526, Section 4. | ||||
| /*- | ||||
|  * "3072-bit MODP Group" from RFC3526, Section 4. | ||||
|  * | ||||
|  * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } | ||||
|  * | ||||
| @@ -165,7 +170,8 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) | ||||
| 	return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn); | ||||
| 	} | ||||
|  | ||||
| /* "4096-bit MODP Group" from RFC3526, Section 5. | ||||
| /*- | ||||
|  * "4096-bit MODP Group" from RFC3526, Section 5. | ||||
|  * | ||||
|  * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } | ||||
|  * | ||||
| @@ -222,7 +228,8 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) | ||||
| 	return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn); | ||||
| 	} | ||||
|  | ||||
| /* "6144-bit MODP Group" from RFC3526, Section 6. | ||||
| /*- | ||||
|  * "6144-bit MODP Group" from RFC3526, Section 6. | ||||
|  * | ||||
|  * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } | ||||
|  * | ||||
| @@ -300,7 +307,8 @@ BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) | ||||
| 	return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn); | ||||
| 	} | ||||
|  | ||||
| /* "8192-bit MODP Group" from RFC3526, Section 7. | ||||
| /*- | ||||
|  * "8192-bit MODP Group" from RFC3526, Section 7. | ||||
|  * | ||||
|  * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } | ||||
|  * | ||||
|   | ||||
| @@ -131,7 +131,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, | ||||
|     && !defined(PEDANTIC) && !defined(BN_DIV3W) | ||||
| # if defined(__GNUC__) && __GNUC__>=2 | ||||
| #  if defined(__i386) || defined (__i386__) | ||||
|    /* | ||||
|    /*- | ||||
|     * There were two reasons for implementing this template: | ||||
|     * - GNU C generates a call to a function (__udivdi3 to be exact) | ||||
|     *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to | ||||
|   | ||||
| @@ -256,7 +256,8 @@ int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | ||||
| 	} | ||||
|  | ||||
|  | ||||
| /* Some functions allow for representation of the irreducible polynomials | ||||
| /*- | ||||
|  * Some functions allow for representation of the irreducible polynomials | ||||
|  * as an int[], say p.  The irreducible f(t) is then of the form: | ||||
|  *     t^p[0] + t^p[1] + ... + t^p[k] | ||||
|  * where m = p[0] > p[1] > ... > p[k] = 0. | ||||
|   | ||||
| @@ -66,7 +66,8 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | ||||
| 	int ret = -2; /* avoid 'uninitialized' warning */ | ||||
| 	int err = 0; | ||||
| 	BIGNUM *A, *B, *tmp; | ||||
| 	/* In 'tab', only odd-indexed entries are relevant: | ||||
| 	/*- | ||||
| 	 * In 'tab', only odd-indexed entries are relevant: | ||||
| 	 * For any odd BIGNUM n, | ||||
| 	 *     tab[BN_lsw(n) & 7] | ||||
| 	 * is $(-1)^{(n^2-1)/8}$ (using TeX notation). | ||||
|   | ||||
| @@ -108,7 +108,8 @@ char *BN_bn2dec(const BIGNUM *a) | ||||
| 	BIGNUM *t=NULL; | ||||
| 	BN_ULONG *bn_data=NULL,*lp; | ||||
|  | ||||
| 	/* get an upper bound for the length of the decimal integer | ||||
| 	/*- | ||||
| 	 * get an upper bound for the length of the decimal integer | ||||
| 	 * num <= (BN_num_bits(a) + 1) * log(2) | ||||
| 	 *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error) | ||||
| 	 *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1  | ||||
|   | ||||
| @@ -125,7 +125,7 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={ | ||||
| 	0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A, | ||||
| 	0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45 | ||||
|  | ||||
| /*	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, | ||||
| /*-	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, | ||||
| 	0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, | ||||
| 	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ | ||||
| 	};  | ||||
|   | ||||
| @@ -233,7 +233,8 @@ int main(int argc, char **argv) | ||||
| 			} | ||||
| 		} | ||||
| 	if (error) usage(); | ||||
| 	/* We either | ||||
| 	/*- | ||||
| 	 * We either | ||||
| 	 * do checksum or | ||||
| 	 * do encrypt or | ||||
| 	 * do decrypt or | ||||
|   | ||||
| @@ -205,7 +205,8 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, | ||||
| 		} | ||||
| 	else | ||||
| 		{ | ||||
| 		/* >output is a multiple of 8 byes, if len < rnum | ||||
| 		/*- | ||||
| 		 * >output is a multiple of 8 byes, if len < rnum | ||||
| 		 * >we must be careful.  The user must be aware that this | ||||
| 		 * >routine will write more bytes than he asked for. | ||||
| 		 * >The length of the buffer must be correct. | ||||
|   | ||||
| @@ -56,7 +56,8 @@ | ||||
|  * [including the GNU Public Licence.] | ||||
|  */ | ||||
|  | ||||
| /* set_key.c v 1.4 eay 24/9/91 | ||||
| /*- | ||||
|  * set_key.c v 1.4 eay 24/9/91 | ||||
|  * 1.4 Speed up by 400% :-) | ||||
|  * 1.3 added register declarations. | ||||
|  * 1.2 unrolled make_key_sched a bit more | ||||
|   | ||||
| @@ -10,7 +10,8 @@ static void *dummy=&dummy; | ||||
| #else /*CHARSET_EBCDIC*/ | ||||
|  | ||||
| #include "ebcdic.h" | ||||
| /*      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De> | ||||
| /*- | ||||
|  *      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De> | ||||
|  *      Adapted for       OpenSSL-0.9.4  by <Martin.Kraemer@Mch.SNI.De> | ||||
|  */ | ||||
|  | ||||
|   | ||||
| @@ -182,7 +182,8 @@ static void ec_pre_comp_clear_free(void *pre_) | ||||
|  | ||||
|  | ||||
|  | ||||
| /* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. | ||||
| /*- | ||||
|  * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. | ||||
|  * This is an array  r[]  of values that are either zero or odd with an | ||||
|  * absolute value less than  2^w  satisfying | ||||
|  *     scalar = \sum_j r[j]*2^j | ||||
| @@ -337,7 +338,8 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) | ||||
| 		  (b) >=   20 ? 2 : \ | ||||
| 		  1)) | ||||
|  | ||||
| /* Compute | ||||
| /*- | ||||
|  * Compute | ||||
|  *      \sum scalars[i]*points[i], | ||||
|  * also including | ||||
|  *      scalar*generator | ||||
|   | ||||
| @@ -624,8 +624,10 @@ static void felem_reduce(felem out, const largefelem in) | ||||
|  | ||||
| 	out[1] += ((limb) in[0]) >> 58; | ||||
| 	out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6; | ||||
| 	/* out[1] < 2^58 + 2^6 + 2^58 | ||||
| 	 *        = 2^59 + 2^6 */ | ||||
| 	/*- | ||||
| 	 * out[1] < 2^58 + 2^6 + 2^58 | ||||
| 	 *        = 2^59 + 2^6 | ||||
| 	 */ | ||||
| 	out[2] += ((limb) (in[0] >> 64)) >> 52; | ||||
|  | ||||
| 	out[2] += ((limb) in[1]) >> 58; | ||||
| @@ -654,8 +656,10 @@ static void felem_reduce(felem out, const largefelem in) | ||||
|  | ||||
| 	out[8] += ((limb) in[7]) >> 58; | ||||
| 	out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6; | ||||
| 	/* out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 | ||||
| 	 *            < 2^59 + 2^13 */ | ||||
| 	/*- | ||||
| 	 * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 | ||||
| 	 *            < 2^59 + 2^13 | ||||
| 	 */ | ||||
| 	overflow1 = ((limb) (in[7] >> 64)) >> 52; | ||||
|  | ||||
| 	overflow1 += ((limb) in[8]) >> 58; | ||||
| @@ -669,9 +673,11 @@ static void felem_reduce(felem out, const largefelem in) | ||||
| 	out[1] += overflow2;  /* out[1] < 2^59 + 2^6 + 2^13 */ | ||||
|  | ||||
| 	out[1] += out[0] >> 58; out[0] &= bottom58bits; | ||||
| 	/* out[0] < 2^58 | ||||
| 	/*- | ||||
| 	 * out[0] < 2^58 | ||||
| 	 * out[1] < 2^59 + 2^6 + 2^13 + 2^2 | ||||
| 	 *        < 2^59 + 2^14 */ | ||||
| 	 *        < 2^59 + 2^14 | ||||
| 	 */ | ||||
| 	} | ||||
|  | ||||
| static void felem_square_reduce(felem out, const felem in) | ||||
| @@ -1216,9 +1222,11 @@ static void point_add(felem x3, felem y3, felem z3, | ||||
| 	felem_scalar128(tmp2, 2); | ||||
| 	/* tmp2[i] < 17*2^121 */ | ||||
| 	felem_diff128(tmp, tmp2); | ||||
| 	/* tmp[i] < 2^127 - 2^69 + 17*2^122 | ||||
| 	/*- | ||||
| 	 * tmp[i] < 2^127 - 2^69 + 17*2^122 | ||||
| 	 *        = 2^126 - 2^122 - 2^6 - 2^2 - 1 | ||||
| 	 *        < 2^127 */ | ||||
| 	 *        < 2^127 | ||||
| 	 */ | ||||
| 	felem_reduce(y_out, tmp); | ||||
|  | ||||
| 	copy_conditional(x_out, x2, z1_is_zero); | ||||
|   | ||||
| @@ -93,7 +93,8 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *po | ||||
| 	y = BN_CTX_get(ctx); | ||||
| 	if (y == NULL) goto err; | ||||
|  | ||||
| 	/* Recover y.  We have a Weierstrass equation | ||||
| 	/*- | ||||
| 	 * Recover y.  We have a Weierstrass equation | ||||
| 	 *     y^2 = x^3 + a*x + b, | ||||
| 	 * so  y  is one of the square roots of  x^3 + a*x + b. | ||||
| 	 */ | ||||
|   | ||||
| @@ -450,7 +450,7 @@ unsigned long lh_strhash(const char *c) | ||||
|  | ||||
| 	if ((c == NULL) || (*c == '\0')) | ||||
| 		return(ret); | ||||
| /* | ||||
| /*- | ||||
| 	unsigned char b[16]; | ||||
| 	MD5(c,strlen(c),b); | ||||
| 	return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));  | ||||
|   | ||||
| @@ -86,7 +86,7 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num); | ||||
|  | ||||
| #include "md32_common.h" | ||||
|  | ||||
| /* | ||||
| /*- | ||||
| #define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z))) | ||||
| #define	G(x,y,z)	(((x) & (y))  |  ((x) & ((z))) | ((y) & ((z)))) | ||||
| */ | ||||
|   | ||||
| @@ -142,7 +142,8 @@ static LHASH_OF(MEM) *mh=NULL; /* hash-table of memory requests | ||||
|  | ||||
|  | ||||
| typedef struct app_mem_info_st | ||||
| /* For application-defined information (static C-string `info') | ||||
| /*- | ||||
|  * For application-defined information (static C-string `info') | ||||
|  * to be displayed in memory leak list. | ||||
|  * Each thread has its own stack.  For applications, there is | ||||
|  *   CRYPTO_push_info("...")     to push an entry, | ||||
|   | ||||
| @@ -108,8 +108,10 @@ static FILE *(*const vms_fopen)(const char *, const char *, ...) = | ||||
|  | ||||
| int RAND_load_file(const char *file, long bytes) | ||||
| 	{ | ||||
| 	/* If bytes >= 0, read up to 'bytes' bytes. | ||||
| 	 * if bytes == -1, read complete file. */ | ||||
| 	/*- | ||||
| 	 * If bytes >= 0, read up to 'bytes' bytes. | ||||
| 	 * if bytes == -1, read complete file. | ||||
| 	 */ | ||||
|  | ||||
| 	MS_STATIC unsigned char buf[BUFSIZE]; | ||||
| #ifndef OPENSSL_NO_POSIX_IO | ||||
|   | ||||
| @@ -59,7 +59,8 @@ | ||||
| #include <openssl/rc4.h> | ||||
| #include "rc4_locl.h" | ||||
|  | ||||
| /* RC4 as implemented from a posting from | ||||
| /*- | ||||
|  * RC4 as implemented from a posting from | ||||
|  * Newsgroups: sci.crypt | ||||
|  * From: sterndark@netcom.com (David Sterndark) | ||||
|  * Subject: RC4 Algorithm revealed. | ||||
|   | ||||
| @@ -77,7 +77,8 @@ const char *RC4_options(void) | ||||
| #endif | ||||
| 	} | ||||
|  | ||||
| /* RC4 as implemented from a posting from | ||||
| /*- | ||||
|  * RC4 as implemented from a posting from | ||||
|  * Newsgroups: sci.crypt | ||||
|  * From: sterndark@netcom.com (David Sterndark) | ||||
|  * Subject: RC4 Algorithm revealed. | ||||
|   | ||||
| @@ -350,7 +350,7 @@ end: | ||||
| 			fprintf(stderr,"-----\n"); | ||||
| 			lh_stats(SSL_CTX_sessions(s_ctx),stderr); | ||||
| 			fprintf(stderr,"-----\n"); | ||||
| 		/*	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr); | ||||
| 		/*-	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr); | ||||
| 			fprintf(stderr,"-----\n"); */ | ||||
| 			lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr); | ||||
| 			fprintf(stderr,"-----\n"); | ||||
| @@ -390,7 +390,7 @@ int ndoit(SSL_CTX *ssl_ctx[2]) | ||||
| 	fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id()); | ||||
| 	for (i=0; i<number_of_loops; i++) | ||||
| 		{ | ||||
| /*		fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n", | ||||
| /*-		fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n", | ||||
| 			CRYPTO_thread_id(),i, | ||||
| 			ssl_ctx[0]->references, | ||||
| 			ssl_ctx[1]->references); */ | ||||
|   | ||||
| @@ -125,7 +125,7 @@ static struct | ||||
|  | ||||
| /* Functions for verifying a signed TS_TST_INFO structure. */ | ||||
|  | ||||
| /* | ||||
| /*- | ||||
|  * This function carries out the following tasks: | ||||
|  *	- Checks if there is one and only one signer. | ||||
|  *	- Search for the signing certificate in 'certs' and in the response. | ||||
| @@ -353,7 +353,7 @@ static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) | ||||
| 	return 0; | ||||
| 	} | ||||
|  | ||||
| /* | ||||
| /*- | ||||
|  * Verifies whether 'response' contains a valid response with regards  | ||||
|  * to the settings of the context: | ||||
|  *	- Gives an error message if the TS_TST_INFO is not present. | ||||
|   | ||||
| @@ -157,34 +157,36 @@ int UI_dup_error_string(UI *ui, const char *text); | ||||
|    might get confused. */ | ||||
| #define UI_INPUT_FLAG_DEFAULT_PWD	0x02 | ||||
|  | ||||
| /* The user of these routines may want to define flags of their own.  The core | ||||
|    UI won't look at those, but will pass them on to the method routines.  They | ||||
|    must use higher bits so they don't get confused with the UI bits above. | ||||
|    UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good | ||||
|    example of use is this: | ||||
|  | ||||
| 	#define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE) | ||||
|  | ||||
| /*- | ||||
|  * The user of these routines may want to define flags of their own.  The core | ||||
|  * UI won't look at those, but will pass them on to the method routines.  They | ||||
|  * must use higher bits so they don't get confused with the UI bits above. | ||||
|  * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good | ||||
|  * example of use is this: | ||||
|  * | ||||
|  *    #define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE) | ||||
|  * | ||||
| */ | ||||
| #define UI_INPUT_FLAG_USER_BASE	16 | ||||
|  | ||||
|  | ||||
| /* The following function helps construct a prompt.  object_desc is a | ||||
|    textual short description of the object, for example "pass phrase", | ||||
|    and object_name is the name of the object (might be a card name or | ||||
|    a file name. | ||||
|    The returned string shall always be allocated on the heap with | ||||
|    OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). | ||||
|  | ||||
|    If the ui_method doesn't contain a pointer to a user-defined prompt | ||||
|    constructor, a default string is built, looking like this: | ||||
|  | ||||
| 	"Enter {object_desc} for {object_name}:" | ||||
|  | ||||
|    So, if object_desc has the value "pass phrase" and object_name has | ||||
|    the value "foo.key", the resulting string is: | ||||
|  | ||||
| 	"Enter pass phrase for foo.key:" | ||||
| /*- | ||||
|  * The following function helps construct a prompt.  object_desc is a | ||||
|  * textual short description of the object, for example "pass phrase", | ||||
|  * and object_name is the name of the object (might be a card name or | ||||
|  * a file name. | ||||
|  * The returned string shall always be allocated on the heap with | ||||
|  * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). | ||||
|  * | ||||
|  * If the ui_method doesn't contain a pointer to a user-defined prompt | ||||
|  * constructor, a default string is built, looking like this: | ||||
|  * | ||||
|  *       "Enter {object_desc} for {object_name}:" | ||||
|  * | ||||
|  * So, if object_desc has the value "pass phrase" and object_name has | ||||
|  * the value "foo.key", the resulting string is: | ||||
|  * | ||||
|  *       "Enter pass phrase for foo.key:" | ||||
| */ | ||||
| char *UI_construct_prompt(UI *ui_method, | ||||
| 	const char *object_desc, const char *object_name); | ||||
|   | ||||
| @@ -469,7 +469,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, | ||||
| 			/* If we were going to up the reference count, | ||||
| 			 * we would need to do it on a perl 'type' | ||||
| 			 * basis */ | ||||
| 	/*		CRYPTO_add(&tmp->data.x509->references,1, | ||||
| 	/*-		CRYPTO_add(&tmp->data.x509->references,1, | ||||
| 				CRYPTO_LOCK_X509);*/ | ||||
| 			goto finish; | ||||
| 			} | ||||
|   | ||||
| @@ -320,7 +320,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, | ||||
| 			return 0; | ||||
| 		} | ||||
|  | ||||
| /*	if (ret->data.ptr != NULL) | ||||
| /*-	if (ret->data.ptr != NULL) | ||||
| 		X509_OBJECT_free_contents(ret); */ | ||||
|  | ||||
| 	ret->type=tmp->type; | ||||
|   | ||||
| @@ -84,7 +84,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) | ||||
| 		{ | ||||
| 		if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err; | ||||
| 		if (!ASN1_INTEGER_set(xi->version,2)) goto err; | ||||
| /*		xi->extensions=ri->attributes; <- bad, should not ever be done | ||||
| /*-		xi->extensions=ri->attributes; <- bad, should not ever be done | ||||
| 		ri->attributes=NULL; */ | ||||
| 		} | ||||
|  | ||||
|   | ||||
| @@ -459,14 +459,15 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) | ||||
| 	int allow_proxy_certs; | ||||
| 	cb=ctx->verify_cb; | ||||
|  | ||||
| 	/* must_be_ca can have 1 of 3 values: | ||||
| 	   -1: we accept both CA and non-CA certificates, to allow direct | ||||
| 	       use of self-signed certificates (which are marked as CA). | ||||
| 	   0:  we only accept non-CA certificates.  This is currently not | ||||
| 	       used, but the possibility is present for future extensions. | ||||
| 	   1:  we only accept CA certificates.  This is currently used for | ||||
| 	       all certificates in the chain except the leaf certificate. | ||||
| 	*/ | ||||
| 	/*- | ||||
| 	 *  must_be_ca can have 1 of 3 values: | ||||
| 	 * -1: we accept both CA and non-CA certificates, to allow direct | ||||
| 	 *     use of self-signed certificates (which are marked as CA). | ||||
| 	 * 0:  we only accept non-CA certificates.  This is currently not | ||||
| 	 *     used, but the possibility is present for future extensions. | ||||
| 	 * 1:  we only accept CA certificates.  This is currently used for | ||||
| 	 *     all certificates in the chain except the leaf certificate. | ||||
| 	 */ | ||||
| 	must_be_ca = -1; | ||||
|  | ||||
| 	/* CRL path validation */ | ||||
|   | ||||
| @@ -100,7 +100,8 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | ||||
| 	return extlist; | ||||
| } | ||||
|  | ||||
| /* Currently two options: | ||||
| /*- | ||||
|  * Currently two options: | ||||
|  * keyid: use the issuers subject keyid, the value 'always' means its is | ||||
|  * an error if the issuer certificate doesn't have a key id. | ||||
|  * issuer: use the issuers cert issuer and serial number. The default is | ||||
|   | ||||
| @@ -124,7 +124,8 @@ static char const rcsid[] = | ||||
| # include TLS_APP | ||||
| #endif | ||||
|  | ||||
| /* Applications can define: | ||||
| /*- | ||||
|  * Applications can define: | ||||
|  *   TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg) | ||||
|  *   TLS_CUMULATE_ERRORS  | ||||
|  *   TLS_ERROR_BUFSIZ | ||||
|   | ||||
| @@ -62,7 +62,7 @@ typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE]; | ||||
|  | RSA Key Token format                           | | ||||
|  *------------------------------------------------*/ | ||||
|  | ||||
| /* | ||||
| /*- | ||||
|  * NOTE:  All the fields in the ICA_KEY_RSA_MODEXPO structure | ||||
|  *        (lengths, offsets, exponents, modulus, etc.) are | ||||
|  *        stored in big-endian format | ||||
| @@ -86,7 +86,7 @@ typedef struct _ICA_KEY_RSA_MODEXPO | ||||
| } ICA_KEY_RSA_MODEXPO; | ||||
| #define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC)) | ||||
|  | ||||
| /* | ||||
| /*- | ||||
|  * NOTE:  All the fields in the ICA_KEY_RSA_CRT structure | ||||
|  *        (lengths, offsets, exponents, modulus, etc.) are | ||||
|  *        stored in big-endian format | ||||
|   | ||||
| @@ -293,7 +293,7 @@ struct padlock_cipher_data | ||||
| static volatile struct padlock_cipher_data *padlock_saved_context; | ||||
| #endif | ||||
|  | ||||
| /* | ||||
| /*- | ||||
|  * ======================================================= | ||||
|  * Inline assembler section(s). | ||||
|  * ======================================================= | ||||
| @@ -854,7 +854,7 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||||
| 	return 1; | ||||
| } | ||||
|  | ||||
| /*  | ||||
| /*-  | ||||
|  * Simplified version of padlock_aes_cipher() used when | ||||
|  * 1) both input and output buffers are at aligned addresses. | ||||
|  * or when | ||||
|   | ||||
| @@ -126,14 +126,16 @@ | ||||
| #include <openssl/des.h> | ||||
| #endif | ||||
|  | ||||
| /* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. | ||||
| /*- | ||||
|  * dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. | ||||
|  * | ||||
|  * Returns: | ||||
|  *   0: (in non-constant time) if the record is publically invalid (i.e. too | ||||
|  *       short etc). | ||||
|  *   1: if the record's padding is valid / the encryption was successful. | ||||
|  *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending, | ||||
|  *       an internal error occured. */ | ||||
|  *       an internal error occured. | ||||
|  */ | ||||
| int dtls1_enc(SSL *s, int send) | ||||
| 	{ | ||||
| 	SSL3_RECORD *rec; | ||||
|   | ||||
| @@ -418,10 +418,12 @@ dtls1_process_record(SSL *s) | ||||
| 	rr->data=rr->input; | ||||
|  | ||||
| 	enc_err = s->method->ssl3_enc->enc(s,0); | ||||
| 	/* enc_err is: | ||||
| 	/*- | ||||
| 	 * enc_err is: | ||||
| 	 *    0: (in non-constant time) if the record is publically invalid. | ||||
| 	 *    1: if the padding is valid | ||||
| 	 *    -1: if the padding is invalid */ | ||||
| 	 *   -1: if the padding is invalid | ||||
| 	 */ | ||||
| 	if (enc_err == 0) | ||||
| 		{ | ||||
| 		/* For DTLS we simply ignore bad packets. */ | ||||
|   | ||||
| @@ -99,7 +99,8 @@ typedef unsigned char krb5_octet; | ||||
|  | ||||
| #endif | ||||
|  | ||||
| /*	Uncomment this to debug kssl problems or | ||||
| /*- | ||||
|  *	Uncomment this to debug kssl problems or | ||||
|  *	to trace usage of the Kerberos session key | ||||
|  * | ||||
|  *	#define		KSSL_DEBUG | ||||
|   | ||||
| @@ -171,7 +171,8 @@ extern "C" { | ||||
| #endif | ||||
|  | ||||
| /* SSLeay version number for ASN.1 encoding of the session information */ | ||||
| /* Version 0 - initial version | ||||
| /*- | ||||
|  * Version 0 - initial version | ||||
|  * Version 1 - added the optional peer certificate | ||||
|  */ | ||||
| #define SSL_SESSION_ASN1_VERSION 0x0001 | ||||
| @@ -1447,10 +1448,12 @@ extern "C" { | ||||
| #define SSL_ST_READ_BODY			0xF1 | ||||
| #define SSL_ST_READ_DONE			0xF2 | ||||
|  | ||||
| /* Obtain latest Finished message | ||||
| /*- | ||||
|  * Obtain latest Finished message | ||||
|  *   -- that we sent (SSL_get_finished) | ||||
|  *   -- that we expected from peer (SSL_get_peer_finished). | ||||
|  * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ | ||||
|  * Returns length (0 == no Finished so far), copies up to 'count' bytes. | ||||
|  */ | ||||
| size_t SSL_get_finished(const SSL *s, void *buf, size_t count); | ||||
| size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Matt Caswell
					Matt Caswell