diff options
author | Matt Caswell <matt@openssl.org> | 2015-01-16 09:21:50 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:41:42 +0000 |
commit | a25d0527b706d126eefde4c774600ae5ecc84b96 (patch) | |
tree | 2aa05e963a23384ec93521f33655f8b38d4b724d /ssl | |
parent | 89f6c5b4926c8ef8bc1a544a031ed3e01e092cbe (diff) |
Additional comment changes for reformat of 1.0.0
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_clnt.c | 18 | ||||
-rw-r--r-- | ssl/d1_enc.c | 6 | ||||
-rw-r--r-- | ssl/d1_pkt.c | 12 | ||||
-rw-r--r-- | ssl/kssl.c | 3 | ||||
-rw-r--r-- | ssl/kssl.h | 3 | ||||
-rw-r--r-- | ssl/s2_pkt.c | 15 | ||||
-rw-r--r-- | ssl/s3_enc.c | 6 | ||||
-rw-r--r-- | ssl/ssl.h | 9 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 2 |
9 files changed, 47 insertions, 27 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 0fea8659ac..c3985bffe8 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -924,7 +924,8 @@ int dtls1_send_client_key_exchange(SSL *s) goto err; } - /* 20010406 VRS - Earlier versions used KRB5 AP_REQ + /*- + * 20010406 VRS - Earlier versions used KRB5 AP_REQ ** in place of RFC 2712 KerberosWrapper, as in: ** ** Send ticket (copy to *p, set n = length) @@ -970,12 +971,13 @@ int dtls1_send_client_key_exchange(SSL *s) if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0) goto err; - /* 20010420 VRS. Tried it this way; failed. - ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - ** kssl_ctx->length); - ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ + /*- + * 20010420 VRS. Tried it this way; failed. + * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); + * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, + * kssl_ctx->length); + * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); + */ memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, @@ -1353,7 +1355,7 @@ int dtls1_send_client_key_exchange(SSL *s) d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n); - /* + /*- *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; l2n3(n,d); l2n(s->d1->handshake_write_seq,d); diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index 3da2b4c8c2..23c7f12a42 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -126,14 +126,16 @@ #include <openssl/des.h> #endif -/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. +/*- + * dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. * * Returns: * 0: (in non-constant time) if the record is publically invalid (i.e. too * short etc). * 1: if the record's padding is valid / the encryption was successful. * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, - * an internal error occured. */ + * an internal error occured. + */ int dtls1_enc(SSL *s, int send) { SSL3_RECORD *rec; diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index c3bbb9808e..bf4e44704f 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -410,10 +410,12 @@ dtls1_process_record(SSL *s) rr->data=rr->input; enc_err = s->method->ssl3_enc->enc(s,0); - /* enc_err is: + /*- + * enc_err is: * 0: (in non-constant time) if the record is publically invalid. * 1: if the padding is valid - * -1: if the padding is invalid */ + * -1: if the padding is invalid + */ if (enc_err == 0) { /* For DTLS we simply ignore bad packets. */ @@ -970,9 +972,11 @@ start: } } - /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; + /*- + * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ + * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) + */ /* If we are a client, check for an incoming 'Hello Request': */ if ((!s->server) && diff --git a/ssl/kssl.c b/ssl/kssl.c index 6ada0a4a53..a8ab203627 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1301,7 +1301,8 @@ kssl_TKT2tkt( /* IN */ krb5_context krb5context, } -/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), +/*- + * Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), * and krb5 AP_REQ message & message length, * Return Kerberos session key and client principle * to SSL Server in KSSL_CTX *kssl_ctx. diff --git a/ssl/kssl.h b/ssl/kssl.h index 434645de40..579ba64577 100644 --- a/ssl/kssl.h +++ b/ssl/kssl.h @@ -99,7 +99,8 @@ typedef unsigned char krb5_octet; #endif -/* Uncomment this to debug kssl problems or +/*- + * Uncomment this to debug kssl problems or * to trace usage of the Kerberos session key * * #define KSSL_DEBUG diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index acd61dc546..d05b908f6c 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -572,16 +572,20 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) } else if ((bs <= 1) && (!s->s2->escape)) { - /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus - * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */ + /*- + * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus + * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + */ s->s2->three_byte_header=0; p=0; } else /* we may have to use a 3 byte header */ { - /* If s->s2->escape is not set, then + /*- + * If s->s2->escape is not set, then * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus - * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */ + * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. + */ p=(j%bs); p=(p == 0)?0:(bs-p); if (s->s2->escape) @@ -595,7 +599,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) } } - /* Now + /*- + * Now * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER * holds, and if s->s2->three_byte_header is set, then even * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER. diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 2ba52c45a1..f352645e0d 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -465,7 +465,8 @@ void ssl3_cleanup_key_block(SSL *s) s->s3->tmp.key_block_length=0; } -/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. +/*- + * ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. * * Returns: * 0: (in non-constant time) if the record is publically invalid (i.e. too @@ -744,7 +745,8 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) * data we are hashing because that gives an attacker a * timing-oracle. */ - /* npad is, at most, 48 bytes and that's with MD5: + /*- + * npad is, at most, 48 bytes and that's with MD5: * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. * * With SHA-1 (the largest hash speced for SSLv3) the hash size @@ -171,7 +171,8 @@ extern "C" { #endif /* SSLeay version number for ASN.1 encoding of the session information */ -/* Version 0 - initial version +/*- + * Version 0 - initial version * Version 1 - added the optional peer certificate */ #define SSL_SESSION_ASN1_VERSION 0x0001 @@ -1264,10 +1265,12 @@ extern "C" { #define SSL_ST_READ_BODY 0xF1 #define SSL_ST_READ_DONE 0xF2 -/* Obtain latest Finished message +/*- + * Obtain latest Finished message * -- that we sent (SSL_get_finished) * -- that we expected from peer (SSL_get_peer_finished). - * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ + * Returns length (0 == no Finished so far), copies up to 'count' bytes. + */ size_t SSL_get_finished(const SSL *s, void *buf, size_t count); size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index ea9daced40..bb553aaefd 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -448,7 +448,7 @@ * SSL_aDSS <- DSA_SIGN */ -/* +/*- #define CERT_INVALID 0 #define CERT_PUBLIC_KEY 1 #define CERT_PRIVATE_KEY 2 |