diff options
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/d1_clnt.c | 18 | ||||
| -rw-r--r-- | ssl/d1_enc.c | 6 | ||||
| -rw-r--r-- | ssl/d1_pkt.c | 12 | ||||
| -rw-r--r-- | ssl/kssl.c | 3 | ||||
| -rw-r--r-- | ssl/kssl.h | 3 | ||||
| -rw-r--r-- | ssl/s2_pkt.c | 15 | ||||
| -rw-r--r-- | ssl/s3_enc.c | 6 | ||||
| -rw-r--r-- | ssl/ssl.h | 9 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 3 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 2 |
10 files changed, 49 insertions, 28 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 58a3b46994..b709c3b9e9 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -906,7 +906,8 @@ int dtls1_send_client_key_exchange(SSL *s) goto err; } - /* 20010406 VRS - Earlier versions used KRB5 AP_REQ + /*- + * 20010406 VRS - Earlier versions used KRB5 AP_REQ ** in place of RFC 2712 KerberosWrapper, as in: ** ** Send ticket (copy to *p, set n = length) @@ -952,12 +953,13 @@ int dtls1_send_client_key_exchange(SSL *s) if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0) goto err; - /* 20010420 VRS. Tried it this way; failed. - ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - ** kssl_ctx->length); - ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ + /*- + * 20010420 VRS. Tried it this way; failed. + * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); + * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, + * kssl_ctx->length); + * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); + */ memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, @@ -1060,7 +1062,7 @@ int dtls1_send_client_key_exchange(SSL *s) d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n); - /* + /*- *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; l2n3(n,d); l2n(s->d1->handshake_write_seq,d); diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index f0c446dedd..f637830913 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -126,14 +126,16 @@ #include <openssl/des.h> #endif -/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. +/*- + * dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. * * Returns: * 0: (in non-constant time) if the record is publically invalid (i.e. too * short etc). * 1: if the record's padding is valid / the encryption was successful. * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, - * an internal error occured. */ + * an internal error occured. + */ int dtls1_enc(SSL *s, int send) { SSL3_RECORD *rec; diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index ae888d966c..02d062a2e5 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -364,10 +364,12 @@ dtls1_process_record(SSL *s) rr->data=rr->input; enc_err = s->method->ssl3_enc->enc(s,0); - /* enc_err is: + /*- + * enc_err is: * 0: (in non-constant time) if the record is publically invalid. * 1: if the padding is valid - * -1: if the padding is invalid */ + * -1: if the padding is invalid + */ if (enc_err == 0) { /* For DTLS we simply ignore bad packets. */ @@ -919,9 +921,11 @@ start: } } - /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; + /*- + * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ + * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) + */ /* If we are a client, check for an incoming 'Hello Request': */ if ((!s->server) && diff --git a/ssl/kssl.c b/ssl/kssl.c index cdd0ae09bb..d57f000825 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1300,7 +1300,8 @@ kssl_TKT2tkt( /* IN */ krb5_context krb5context, } -/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), +/*- + * Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), * and krb5 AP_REQ message & message length, * Return Kerberos session key and client principle * to SSL Server in KSSL_CTX *kssl_ctx. diff --git a/ssl/kssl.h b/ssl/kssl.h index c7e16a5a95..4cab3146e9 100644 --- a/ssl/kssl.h +++ b/ssl/kssl.h @@ -90,7 +90,8 @@ typedef unsigned char krb5_octet; #endif -/* Uncomment this to debug kssl problems or +/*- + * Uncomment this to debug kssl problems or * to trace usage of the Kerberos session key * * #define KSSL_DEBUG diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 7387d8b7c5..9527504939 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -561,16 +561,20 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) } else if ((bs <= 1) && (!s->s2->escape)) { - /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus - * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */ + /*- + * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus + * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + */ s->s2->three_byte_header=0; p=0; } else /* we may have to use a 3 byte header */ { - /* If s->s2->escape is not set, then + /*- + * If s->s2->escape is not set, then * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus - * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */ + * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. + */ p=(j%bs); p=(p == 0)?0:(bs-p); if (s->s2->escape) @@ -584,7 +588,8 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) } } - /* Now + /*- + * Now * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER * holds, and if s->s2->three_byte_header is set, then even * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER. diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index f4391ec394..03951a655b 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -433,7 +433,8 @@ void ssl3_cleanup_key_block(SSL *s) s->s3->tmp.key_block_length=0; } -/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. +/*- + * ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. * * Returns: * 0: (in non-constant time) if the record is publically invalid (i.e. too @@ -619,7 +620,8 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send) * data we are hashing because that gives an attacker a * timing-oracle. */ - /* npad is, at most, 48 bytes and that's with MD5: + /*- + * npad is, at most, 48 bytes and that's with MD5: * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. * * With SHA-1 (the largest hash speced for SSLv3) the hash size @@ -198,7 +198,8 @@ extern "C" { #endif /* SSLeay version number for ASN.1 encoding of the session information */ -/* Version 0 - initial version +/*- + * Version 0 - initial version * Version 1 - added the optional peer certificate */ #define SSL_SESSION_ASN1_VERSION 0x0001 @@ -1134,10 +1135,12 @@ extern "C" { #define SSL_ST_READ_BODY 0xF1 #define SSL_ST_READ_DONE 0xF2 -/* Obtain latest Finished message +/*- + * Obtain latest Finished message * -- that we sent (SSL_get_finished) * -- that we expected from peer (SSL_get_peer_finished). - * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ + * Returns length (0 == no Finished so far), copies up to 'count' bytes. + */ size_t SSL_get_finished(const SSL *s, void *buf, size_t count); size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index c364c142c7..bef847b92b 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -885,7 +885,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str, if (!found) break; /* ignore this entry */ - /* New algorithms: + /*- + * New algorithms: * 1 - any old restrictions apply outside new mask * 2 - any new restrictions apply outside old mask * 3 - enforce old & new where masks intersect diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a06e81c5c2..dd5c4ac012 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -396,7 +396,7 @@ * SSL_aDSS <- DSA_SIGN */ -/* +/*- #define CERT_INVALID 0 #define CERT_PUBLIC_KEY 1 #define CERT_PRIVATE_KEY 2 |