From 6977c7e2baf291278aee7632f1a68581b7c4d1f9 Mon Sep 17 00:00:00 2001 From: Tim Hudson Date: Sun, 28 Dec 2014 12:48:40 +1000 Subject: mark all block comments that need format preserving so that indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Reviewed-by: Tim Hudson --- apps/asn1pars.c | 3 +- apps/ca.c | 3 +- apps/crl2p7.c | 3 +- apps/dh.c | 3 +- apps/dhparam.c | 3 +- apps/dsa.c | 3 +- apps/dsaparam.c | 3 +- apps/ec.c | 3 +- apps/ecparam.c | 3 +- apps/openssl.c | 3 +- apps/passwd.c | 3 +- apps/rand.c | 3 +- apps/req.c | 3 +- apps/rsa.c | 3 +- apps/s_socket.c | 2 +- apps/spkac.c | 3 +- apps/ts.c | 2 +- apps/vms_decc_init.c | 2 +- crypto/aes/aes_core.c | 2 +- crypto/aes/aes_x86core.c | 4 +- crypto/asn1/a_sign.c | 3 +- crypto/asn1/a_time.c | 3 +- crypto/asn1/a_utf8.c | 3 +- crypto/asn1/asn1.h | 3 +- crypto/asn1/asn1t.h | 6 +- crypto/asn1/x_attrib.c | 3 +- crypto/asn1/x_req.c | 3 +- crypto/bf/blowfish.h | 2 +- crypto/bio/b_print.c | 2 +- crypto/bio/bio.h | 9 +- crypto/bio/bss_acpt.c | 2 +- crypto/bio/bss_bio.c | 6 +- crypto/bn/asm/x86_64-gcc.c | 4 +- crypto/bn/bn.h | 3 +- crypto/bn/bn_add.c | 6 +- crypto/bn/bn_div.c | 3 +- crypto/bn/bn_exp.c | 3 +- crypto/bn/bn_gcd.c | 31 +++-- crypto/bn/bn_lcl.h | 2 +- crypto/bn/bn_lib.c | 3 +- crypto/bn/bn_mul.c | 33 +++-- crypto/bn/bn_recp.c | 3 +- crypto/bn/bn_sqr.c | 9 +- crypto/bn/bn_sqrt.c | 12 +- crypto/conf/conf_def.c | 3 +- crypto/constant_time_locl.h | 6 +- crypto/constant_time_test.c | 2 +- crypto/crypto.h | 3 +- crypto/des/des_locl.h | 3 +- crypto/des/des_old.h | 3 +- crypto/des/destest.c | 2 +- crypto/des/enc_read.c | 2 +- crypto/des/enc_writ.c | 2 +- crypto/des/ncbc_enc.c | 2 +- crypto/des/rpc_des.h | 2 +- crypto/des/set_key.c | 5 +- crypto/dh/dh_check.c | 3 +- crypto/dh/dh_gen.c | 3 +- crypto/dsa/dsa_ameth.c | 3 +- crypto/dsa/dsa_asn1.c | 3 +- crypto/dsa/dsa_ossl.c | 3 +- crypto/dso/dso_vms.c | 3 +- crypto/ec/ec.h | 2 +- crypto/ec/ec2_mult.c | 9 +- crypto/ec/ec2_smpl.c | 6 +- crypto/ec/ec_lcl.h | 3 +- crypto/ec/ec_mult.c | 6 +- crypto/ec/ecp_nistp224.c | 33 +++-- crypto/ec/ecp_nistp256.c | 75 +++++++---- crypto/ec/ecp_nistp521.c | 78 ++++++++---- crypto/ec/ecp_nistputil.c | 2 +- crypto/ec/ecp_smpl.c | 12 +- crypto/ecdsa/ecs_vrf.c | 6 +- crypto/engine/engine.h | 8 +- crypto/evp/bio_enc.c | 2 +- crypto/evp/bio_md.c | 2 +- crypto/evp/bio_ok.c | 2 +- crypto/evp/encode.c | 9 +- crypto/evp/evp.h | 2 +- crypto/evp/evp_locl.h | 2 +- crypto/evp/p_seal.c | 2 +- crypto/idea/ideatest.c | 2 +- crypto/jpake/jpake.c | 8 +- crypto/jpake/jpaketest.c | 4 +- crypto/krb5/krb5_asn.h | 134 ++++++++++---------- crypto/lhash/lhash.c | 3 +- crypto/md32_common.h | 2 +- crypto/md4/md4.h | 2 +- crypto/modes/gcm128.c | 2 +- crypto/o_time.c | 3 +- crypto/objects/objects.h | 5 +- crypto/ocsp/ocsp.h | 38 +++--- crypto/opensslv.h | 6 +- crypto/pkcs7/pkcs7.h | 2 +- crypto/rand/rand_egd.c | 2 +- crypto/rc2/rc2test.c | 2 +- crypto/rc4/rc4_enc.c | 4 +- crypto/rsa/rsa_pss.c | 4 +- crypto/sha/sha.h | 2 +- crypto/sha/sha512.c | 2 +- crypto/stack/safestack.h | 5 +- crypto/ts/ts.h | 20 +-- crypto/ts/ts_rsp_verify.c | 2 +- crypto/ui/ui.h | 6 +- crypto/whrlpool/wp_dgst.c | 2 +- crypto/x509/x509.h | 2 +- crypto/x509/x509_lu.c | 3 +- crypto/x509/x509_vfy.h | 2 +- crypto/x509/x509_vpm.c | 3 +- crypto/x509/x509name.c | 6 +- crypto/x509v3/pcy_tree.c | 3 +- crypto/x509v3/v3_ncons.c | 4 +- crypto/x509v3/v3_purp.c | 6 +- crypto/x509v3/v3_scts.c | 6 +- crypto/x509v3/v3nametest.c | 2 +- demos/asn1/ocsp.c | 3 +- demos/easy_tls/easy-tls.c | 7 +- e_os.h | 3 +- e_os2.h | 58 ++++----- engines/ccgost/gost89.c | 3 +- engines/ccgost/gost_ctl.c | 2 +- engines/ccgost/gost_keywrap.c | 7 +- engines/ccgost/gost_keywrap.h | 7 +- engines/ccgost/gost_sign.c | 4 +- engines/e_chil.c | 3 +- engines/e_gmp.c | 3 +- engines/e_padlock.c | 2 +- engines/vendor_defns/hwcryptohook.h | 62 +++++---- engines/vendor_defns/sureware.h | 67 +++++----- ms/tlhelp32.h | 2 +- ssl/d1_both.c | 11 +- ssl/d1_pkt.c | 15 ++- ssl/heartbeat_test.c | 2 +- ssl/kssl.c | 245 ++++++++++++++++++------------------ ssl/kssl.h | 22 ++-- ssl/s23_srvr.c | 3 +- ssl/s3_both.c | 3 +- ssl/s3_cbc.c | 21 ++-- ssl/s3_clnt.c | 56 +++++---- ssl/s3_pkt.c | 27 ++-- ssl/s3_srvr.c | 25 ++-- ssl/ssl.h | 11 +- ssl/ssl_ciph.c | 14 ++- ssl/ssl_locl.h | 11 +- ssl/ssl_sess.c | 2 +- ssl/ssl_task.c | 4 +- ssl/ssltest.c | 20 +-- ssl/t1_lib.c | 106 +++++++++------- test/methtest.c | 2 +- test/testutil.h | 5 +- 150 files changed, 965 insertions(+), 700 deletions(-) diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 0d6607071f..df29efef7e 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -69,7 +69,8 @@ #include #include -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -in arg - input file - default stdin * -i - indent the details by depth * -offset - where in the file to start diff --git a/apps/ca.c b/apps/ca.c index f667223e56..2c7bf27646 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2829,7 +2829,8 @@ char *make_revocation_str(int rev_type, char *rev_arg) return str; } -/* Convert revocation field to X509_REVOKED entry +/*- + * Convert revocation field to X509_REVOKED entry * return code: * 0 error * 1 OK diff --git a/apps/crl2p7.c b/apps/crl2p7.c index 42c6886b83..ce78e76e80 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -75,7 +75,8 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); #undef PROG #define PROG crl2pkcs7_main -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/dh.c b/apps/dh.c index dee9c01fce..26107b8580 100644 --- a/apps/dh.c +++ b/apps/dh.c @@ -74,7 +74,8 @@ #undef PROG #define PROG dh_main -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/dhparam.c b/apps/dhparam.c index 606365e180..4b071f844c 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -132,7 +132,8 @@ #define DEFBITS 2048 -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/dsa.c b/apps/dsa.c index 5222487ab9..03599be49d 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -74,7 +74,8 @@ #undef PROG #define PROG dsa_main -/* -inform arg - input format - default PEM (one of DER, NET or PEM) +/*- + * -inform arg - input format - default PEM (one of DER, NET or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 683d51391b..bf03470672 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -80,7 +80,8 @@ #undef PROG #define PROG dsaparam_main -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/ec.c b/apps/ec.c index 896eabc13f..ec560aabed 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -70,7 +70,8 @@ #undef PROG #define PROG ec_main -/* -inform arg - input format - default PEM (one of DER, NET or PEM) +/*- + * -inform arg - input format - default PEM (one of DER, NET or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/ecparam.c b/apps/ecparam.c index de4e46f5a8..4f6a654919 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -87,7 +87,8 @@ #undef PROG #define PROG ecparam_main -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/openssl.c b/apps/openssl.c index 5372459456..7453e6528c 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -238,7 +238,8 @@ int main(int Argc, char *ARGV[]) long errline; #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) - /* 2011-03-22 SMS. + /*- + * 2011-03-22 SMS. * If we have 32-bit pointers everywhere, then we're safe, and * we bypass this mess, as on non-VMS systems. (See ARGV, * above.) diff --git a/apps/passwd.c b/apps/passwd.c index 9ca25dd1da..8e65ed7cbb 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -43,7 +43,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, char *passwd, BIO *out, int quiet, int table, int reverse, size_t pw_maxlen, int usecrypt, int use1, int useapr1); -/* -crypt - standard Unix password algorithm (default) +/*- + * -crypt - standard Unix password algorithm (default) * -1 - MD5-based password algorithm * -apr1 - MD5-based password algorithm, Apache variant * -salt string - salt diff --git a/apps/rand.c b/apps/rand.c index 790e79592c..dc931596fd 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -66,7 +66,8 @@ #undef PROG #define PROG rand_main -/* -out file - write to file +/*- + * -out file - write to file * -rand file:file - PRNG seed files * -base64 - base64 encode output * -hex - hex encode output diff --git a/apps/req.c b/apps/req.c index d41385d706..e73f56b5dc 100644 --- a/apps/req.c +++ b/apps/req.c @@ -105,7 +105,8 @@ #undef PROG #define PROG req_main -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/rsa.c b/apps/rsa.c index a17708fe9c..4443d7408a 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -74,7 +74,8 @@ #undef PROG #define PROG rsa_main -/* -inform arg - input format - default PEM (one of DER, NET or PEM) +/*- + * -inform arg - input format - default PEM (one of DER, NET or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/s_socket.c b/apps/s_socket.c index b2e0bc8e5d..3ff46ead62 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -422,7 +422,7 @@ redoit: return(0); } -/* +/*- ling.l_onoff=1; ling.l_linger=0; i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); diff --git a/apps/spkac.c b/apps/spkac.c index 0e01ea9947..149db1784b 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -73,7 +73,8 @@ #undef PROG #define PROG spkac_main -/* -in arg - input file - default stdin +/*- + * -in arg - input file - default stdin * -out arg - output file - default stdout */ diff --git a/apps/ts.c b/apps/ts.c index 5fa9f7fda0..66ba26b4f5 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -1129,7 +1129,7 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file) static int MS_CALLBACK verify_cb(int ok, X509_STORE_CTX *ctx) { - /* + /*- char buf[256]; if (!ok) diff --git a/apps/vms_decc_init.c b/apps/vms_decc_init.c index f512c8f1bc..1130ae4412 100755 --- a/apps/vms_decc_init.c +++ b/apps/vms_decc_init.c @@ -5,7 +5,7 @@ #ifdef USE_DECC_INIT -/* +/*- * 2010-04-26 SMS. * *---------------------------------------------------------------------- diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 8f5210ac70..acd5f55547 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -40,7 +40,7 @@ #include "aes_locl.h" #ifndef AES_ASM -/* +/*- Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; Te2[x] = S [x].[01, 03, 02, 01]; diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c index e438580b22..41d3251f0a 100644 --- a/crypto/aes/aes_x86core.c +++ b/crypto/aes/aes_x86core.c @@ -105,7 +105,7 @@ typedef unsigned long long u64; }) # endif #endif -/* +/*- Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03]; Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; @@ -116,7 +116,7 @@ Te3[x] = S [x].[01, 01, 03, 02]; #define Te1 (u32)((u64*)((u8*)Te+3)) #define Te2 (u32)((u64*)((u8*)Te+2)) #define Te3 (u32)((u64*)((u8*)Te+1)) -/* +/*- Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b]; Td0[x] = Si[x].[0e, 09, 0d, 0b]; Td1[x] = Si[x].[0b, 0e, 09, 0d]; diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 7b4a193d6b..2f7c79025c 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -254,7 +254,8 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, signature); if (rv == 1) outl = signature->length; - /* Return value meanings: + /*- + * Return value meanings: * <=0: error. * 1: method does everything. * 2: carry on as normal. diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index d7925bf80a..b6f1867374 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -54,7 +54,8 @@ */ -/* This is an implementation of the ASN1 Time structure which is: +/*- + * This is an implementation of the ASN1 Time structure which is: * Time ::= CHOICE { * utcTime UTCTime, * generalTime GeneralizedTime } diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c index 508e11e527..2105306fea 100644 --- a/crypto/asn1/a_utf8.c +++ b/crypto/asn1/a_utf8.c @@ -63,7 +63,8 @@ /* UTF8 utilities */ -/* This parses a UTF8 string one character at a time. It is passed a pointer +/*- + * This parses a UTF8 string one character at a time. It is passed a pointer * to the string and the length of the string. It sets 'value' to the value of * the current character. It returns the number of characters read or a * negative error code: diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index df844e0f38..7e459d2215 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -361,7 +361,8 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; TYPEDEF_D2I2D_OF(void); -/* The following macros and typedefs allow an ASN1_ITEM +/*- + * The following macros and typedefs allow an ASN1_ITEM * to be embedded in a structure and referenced. Since * the ASN1_ITEM pointers need to be globally accessible * (possibly from shared libraries) they may exist in diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h index d230e4bf70..47502a6a5e 100644 --- a/crypto/asn1/asn1t.h +++ b/crypto/asn1/asn1t.h @@ -129,7 +129,8 @@ extern "C" { /* This is a ASN1 type which just embeds a template */ -/* This pair helps declare a SEQUENCE. We can do: +/*- + * This pair helps declare a SEQUENCE. We can do: * * ASN1_SEQUENCE(stname) = { * ... SEQUENCE components ... @@ -231,7 +232,8 @@ extern "C" { ASN1_ITEM_end(tname) -/* This pair helps declare a CHOICE type. We can do: +/*- + * This pair helps declare a CHOICE type. We can do: * * ASN1_CHOICE(chname) = { * ... CHOICE options ... diff --git a/crypto/asn1/x_attrib.c b/crypto/asn1/x_attrib.c index 1e3713f18f..04ae991115 100644 --- a/crypto/asn1/x_attrib.c +++ b/crypto/asn1/x_attrib.c @@ -62,7 +62,8 @@ #include #include -/* X509_ATTRIBUTE: this has the following form: +/*- + * X509_ATTRIBUTE: this has the following form: * * typedef struct x509_attributes_st * { diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c index d57555827c..529899ac3b 100644 --- a/crypto/asn1/x_req.c +++ b/crypto/asn1/x_req.c @@ -61,7 +61,8 @@ #include #include -/* X509_REQ_INFO is handled in an unusual way to get round +/*- + * X509_REQ_INFO is handled in an unusual way to get round * invalid encodings. Some broken certificate requests don't * encode the attributes field if it is empty. This is in * violation of PKCS#10 but we need to tolerate it. We do diff --git a/crypto/bf/blowfish.h b/crypto/bf/blowfish.h index 4b6c8920a4..1ca9db8463 100644 --- a/crypto/bf/blowfish.h +++ b/crypto/bf/blowfish.h @@ -72,7 +72,7 @@ extern "C" { #define BF_ENCRYPT 1 #define BF_DECRYPT 0 -/* +/*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! * ! BF_LONG_LOG2 has to be defined along. ! diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 143a7cfefa..bde51d8aca 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -94,7 +94,7 @@ * on all source code distributions. */ -/* +/*- * This code contains numerious changes and enhancements which were * made by lots of contributors over the last years to Patrick Powell's * original code: diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index 122ec04e0b..3ea44ab263 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -218,7 +218,8 @@ extern "C" { #define BIO_GHBN_CTRL_FLUSH 5 /* Mostly used in the SSL BIO */ -/* Not used anymore +/*- + * Not used anymore * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 @@ -336,7 +337,8 @@ DECLARE_STACK_OF(BIO) typedef struct bio_f_buffer_ctx_struct { - /* Buffers are setup like this: + /*- + * Buffers are setup like this: * * <---------------------- size -----------------------> * +---------------------------------------------------+ @@ -715,7 +717,8 @@ int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, int datalen); struct hostent *BIO_gethostbyname(const char *name); -/* We might want a thread-safe interface too: +/*- + * We might want a thread-safe interface too: * struct hostent *BIO_gethostbyname_r(const char *name, * struct hostent *result, void *buffer, size_t buflen); * or something similar (caller allocates a struct hostent, diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 4110ff1a45..0237c0fbc6 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -436,7 +436,7 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ret=(long)data->bind_mode; break; case BIO_CTRL_DUP: -/* dbio=(BIO *)ptr; +/*- dbio=(BIO *)ptr; if (data->param_port) EAY EAY BIO_set_port(dbio,data->param_port); if (data->param_hostname) diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 52ef0ebcb3..6d86587ee3 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -269,7 +269,8 @@ static int bio_read(BIO *bio, char *buf, int size_) return size; } -/* non-copying interface: provide pointer to available data in buffer +/*- + * non-copying interface: provide pointer to available data in buffer * bio_nread0: return number of available bytes * bio_nread: also advance index * (example usage: bio_nread0(), read from buffer, bio_nread() @@ -422,7 +423,8 @@ static int bio_write(BIO *bio, const char *buf, int num_) return num; } -/* non-copying interface: provide pointer to region to write to +/*- + * non-copying interface: provide pointer to region to write to * bio_nwrite0: check how much space is available * bio_nwrite: also increase length * (example usage: bio_nwrite0(), write to buffer, bio_nwrite() diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index a2f3e1b2d6..7f7e5c2f0a 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -2,7 +2,7 @@ #if !(defined(__GNUC__) && __GNUC__>=2) # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ #else -/* +/*- * x86_64 BIGNUM accelerator version 0.1, December 2002. * * Implemented by Andy Polyakov for the OpenSSL @@ -64,7 +64,7 @@ #undef mul #undef mul_add -/* +/*- * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; * "g"(0) let the compiler to decide where does it * want to keep the value of zero; diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 84cad1741e..5a00c874dc 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -686,7 +686,8 @@ BIGNUM *bn_expand2(BIGNUM *a, int words); BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ #endif -/* Bignum consistency macros +/*- + * Bignum consistency macros * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from * bignum data after direct manipulations on the data. There is also an * "internal" macro, bn_check_top(), for verifying that there are no leading diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index 9405163706..042103ccac 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -69,7 +69,8 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) bn_check_top(a); bn_check_top(b); - /* a + b a+b + /*- + * a + b a+b * a + -b a-b * -a + b b-a * -a + -b -(a+b) @@ -269,7 +270,8 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) bn_check_top(a); bn_check_top(b); - /* a - b a-b + /*- + * a - b a-b * a - -b a+b * -a - b -(a+b) * -a - -b b-a diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 0ec90e805c..3c59981163 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -171,7 +171,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, #endif /* OPENSSL_NO_ASM */ -/* BN_div computes dv := num / divisor, rounding towards +/*- + * BN_div computes dv := num / divisor, rounding towards * zero, and sets up rm such that dv*divisor + rm = num holds. * Thus: * dv->neg == num->neg ^ divisor->neg (unless the result is zero) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 070fd31f92..364fafa3ec 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -199,7 +199,8 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, bn_check_top(p); bn_check_top(m); - /* For even modulus m = 2^k*m_odd, it might make sense to compute + /*- + * For even modulus m = 2^k*m_odd, it might make sense to compute * a^p mod m_odd and a^p mod 2^k separately (with Montgomery * exponentiation for the odd part), using appropriate exponent * reductions, and combine the results using the CRT. diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index a808f53178..f434226043 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -247,7 +247,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, if (!BN_nnmod(B, B, A, ctx)) goto err; } sign = -1; - /* From B = a mod |n|, A = |n| it follows that + /*- + * From B = a mod |n|, A = |n| it follows that * * 0 <= B < A, * -sign*X*a == B (mod |n|), @@ -264,7 +265,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, while (!BN_is_zero(B)) { - /* + /*- * 0 < B < |n|, * 0 < A <= |n|, * (1) -sign*X*a == B (mod |n|), @@ -311,7 +312,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, } - /* We still have (1) and (2). + /*- + * We still have (1) and (2). * Both A and B are odd. * The following computations ensure that * @@ -347,7 +349,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, { BIGNUM *tmp; - /* + /*- * 0 < B < A, * (*) -sign*X*a == B (mod |n|), * sign*Y*a == A (mod |n|) @@ -394,7 +396,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, if (!BN_div(D,M,A,B,ctx)) goto err; } - /* Now + /*- + * Now * A = D*B + M; * thus we have * (**) sign*Y*a == D*B + M (mod |n|). @@ -407,7 +410,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, B=M; /* ... so we have 0 <= B < A again */ - /* Since the former M is now B and the former B is now A, + /*- + * Since the former M is now B and the former B is now A, * (**) translates into * sign*Y*a == D*A + B (mod |n|), * i.e. @@ -460,7 +464,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, } } - /* + /*- * The while loop (Euclid's algorithm) ends when * A == gcd(a,n); * we have @@ -548,7 +552,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, if (!BN_nnmod(B, pB, A, ctx)) goto err; } sign = -1; - /* From B = a mod |n|, A = |n| it follows that + /*- + * From B = a mod |n|, A = |n| it follows that * * 0 <= B < A, * -sign*X*a == B (mod |n|), @@ -559,7 +564,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, { BIGNUM *tmp; - /* + /*- * 0 < B < A, * (*) -sign*X*a == B (mod |n|), * sign*Y*a == A (mod |n|) @@ -574,7 +579,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, /* (D, M) := (A/B, A%B) ... */ if (!BN_div(D,M,pA,B,ctx)) goto err; - /* Now + /*- + * Now * A = D*B + M; * thus we have * (**) sign*Y*a == D*B + M (mod |n|). @@ -587,7 +593,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, B=M; /* ... so we have 0 <= B < A again */ - /* Since the former M is now B and the former B is now A, + /*- + * Since the former M is now B and the former B is now A, * (**) translates into * sign*Y*a == D*A + B (mod |n|), * i.e. @@ -615,7 +622,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, sign = -sign; } - /* + /*- * The while loop (Euclid's algorithm) ends when * A == gcd(a,n); * we have diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 83550ba390..9a8a046bec 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -119,7 +119,7 @@ extern "C" { #endif -/* +/*- * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * * diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index d5a211e288..95cc7f8d70 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -71,7 +71,8 @@ const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT; /* This stuff appears to be completely unused, so is deprecated */ #ifndef OPENSSL_NO_DEPRECATED -/* For a 32 bit machine +/*- + * For a 32 bit machine * 2 - 4 == 128 * 3 - 8 == 256 * 4 - 16 == 512 diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 12e5be80eb..f53985d750 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -379,7 +379,8 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, /* Karatsuba recursive multiplication algorithm * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ -/* r is 2*n2 words in size, +/*- + * r is 2*n2 words in size, * a and b are both n2 words in size. * n2 must be a power of 2. * We multiply and return the result. @@ -500,7 +501,8 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p); } - /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) */ @@ -517,7 +519,8 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); } - /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) * c1 holds the carry bits @@ -676,7 +679,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, } } - /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) */ @@ -693,7 +697,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); } - /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) + /*- + * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) * c1 holds the carry bits @@ -720,7 +725,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, } } -/* a and b must be the same size, which is n2. +/*- + * a and b must be the same size, which is n2. * r needs to be n2 words and t needs to be n2*2 */ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, @@ -749,7 +755,8 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, } } -/* a and b must be the same size, which is n2. +/*- + * a and b must be the same size, which is n2. * r needs to be n2 words and t needs to be n2*2 * l is the low words of the output. * t needs to be n2*3 @@ -820,7 +827,8 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2])); } - /* s0 == low(al*bl) + /*- + * s0 == low(al*bl) * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) * We know s0 and s1 so the only unknown is high(al*bl) * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) @@ -857,16 +865,19 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, lp[i]=((~mp[i])+1)&BN_MASK2; } - /* s[0] = low(al*bl) + /*- + * s[0] = low(al*bl) * t[3] = high(al*bl) * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign * r[10] = (a[1]*b[1]) */ - /* R[10] = al*bl + /*- + * R[10] = al*bl * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0]) * R[32] = ah*bh */ - /* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow) + /*- + * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow) * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow) * R[3]=r[1]+(carry/borrow) */ diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index 2e8efb8dae..b5f57e51f2 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -171,7 +171,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, i,ctx); /* BN_reciprocal returns i, or -1 for an error */ if (recp->shift == -1) goto err; - /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| + /*- + * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))| * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)| * = |m/N| diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index 65bbf165d0..b1b6f9b0a2 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -194,7 +194,8 @@ void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) } #ifdef BN_RECURSION -/* r is 2*n words in size, +/*- + * r is 2*n words in size, * a and b are both n words in size. (There's not actually a 'b' here ...) * n must be a power of 2. * We multiply and return the result. @@ -256,7 +257,8 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) bn_sqr_recursive(r,a,n,p); bn_sqr_recursive(&(r[n2]),&(a[n]),n,p); - /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero + /*- + * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) */ @@ -266,7 +268,8 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) /* t[32] is negative */ c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); - /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) + /*- + * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) * r[10] holds (a[0]*a[0]) * r[32] holds (a[1]*a[1]) * c1 holds the carry bits diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 6beaf9e5e5..04cf4a0bf8 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -135,7 +135,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (e == 1) { - /* The easy case: (|p|-1)/2 is odd, so 2 has an inverse + /*- + * The easy case: (|p|-1)/2 is odd, so 2 has an inverse * modulo (|p|-1)/2, and square roots can be computed * directly by modular exponentiation. * We have @@ -152,7 +153,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (e == 2) { - /* |p| == 5 (mod 8) + /*- + * |p| == 5 (mod 8) * * In this case 2 is always a non-square since * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. @@ -262,7 +264,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto end; } - /* Now we know that (if p is indeed prime) there is an integer + /*- + * Now we know that (if p is indeed prime) there is an integer * k, 0 <= k < 2^e, such that * * a^q * y^k == 1 (mod p). @@ -318,7 +321,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) while (1) { - /* Now b is a^q * y^k for some even k (0 <= k < 2^E + /*- + * Now b is a^q * y^k for some even k (0 <= k < 2^E * where E refers to the original value of e, which we * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). * diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index f0b2768739..e70fc41359 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -601,7 +601,8 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) } e++; } - /* So at this point we have + /*- + * So at this point we have * np which is the start of the name string which is * '\0' terminated. * cp which is the start of the section string which is diff --git a/crypto/constant_time_locl.h b/crypto/constant_time_locl.h index 8af98c1683..6410ca789b 100644 --- a/crypto/constant_time_locl.h +++ b/crypto/constant_time_locl.h @@ -1,5 +1,5 @@ /* crypto/constant_time_locl.h */ -/* +/*- * Utilities for constant-time cryptography. * * Author: Emilia Kasper (emilia@openssl.org) @@ -53,7 +53,7 @@ extern "C" { #endif -/* +/*- * The boolean methods return a bitmask of all ones (0xff...f) for true * and 0 for false. This is useful for choosing a value based on the result * of a conditional in constant time. For example, @@ -112,7 +112,7 @@ static inline unsigned int constant_time_eq_int(int a, int b); static inline unsigned char constant_time_eq_int_8(int a, int b); -/* +/*- * Returns (mask & a) | (~mask & b). * * When |mask| is all 1s or all 0s (as returned by the methods above), diff --git a/crypto/constant_time_test.c b/crypto/constant_time_test.c index d9c6a44aed..82c2d96846 100644 --- a/crypto/constant_time_test.c +++ b/crypto/constant_time_test.c @@ -1,5 +1,5 @@ /* crypto/constant_time_test.c */ -/* +/*- * Utilities for constant-time cryptography. * * Author: Emilia Kasper (emilia@openssl.org) diff --git a/crypto/crypto.h b/crypto/crypto.h index f92fc5182d..655993e8d7 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -519,7 +519,8 @@ int CRYPTO_remove_all_info(void); void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p); void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p); void CRYPTO_dbg_free(void *addr,int before_p); -/* Tell the debugging code about options. By default, the following values +/*- + * Tell the debugging code about options. By default, the following values * apply: * * 0: Clear all options. diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h index 5b53da96ef..3075c72140 100644 --- a/crypto/des/des_locl.h +++ b/crypto/des/des_locl.h @@ -362,7 +362,8 @@ #endif #endif - /* IP and FP + /*- + * IP and FP * The problem is more of a geometric problem that random bit fiddling. 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index 2b2c372354..5ac4c1bf65 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -1,6 +1,7 @@ /* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */ -/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING +/*- + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * * The function names in here are deprecated and are only present to * provide an interface compatible with openssl 0.9.6 and older as diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 64b92a34fe..b5bcf8f74b 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -380,7 +380,7 @@ int main(int argc, char *argv[]) DES_ENCRYPT); DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3, &iv3,&iv2,DES_ENCRYPT); - /* if (memcmp(cbc_out,cbc3_ok, + /*- if (memcmp(cbc_out,cbc3_ok, (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) { printf("des_ede3_cbc_encrypt encrypt error\n"); diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c index edb6620d08..e6c4769126 100644 --- a/crypto/des/enc_read.c +++ b/crypto/des/enc_read.c @@ -66,7 +66,7 @@ OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode,DES_PCBC_MODE) -/* +/*- * WARNINGS: * * - The data format used by DES_enc_write() and DES_enc_read() diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c index 2353ac1e89..cd5d6761d3 100644 --- a/crypto/des/enc_writ.c +++ b/crypto/des/enc_writ.c @@ -63,7 +63,7 @@ #include "des_locl.h" #include -/* +/*- * WARNINGS: * * - The data format used by DES_enc_write() and DES_enc_read() diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c index fda23d522f..fdd8655c12 100644 --- a/crypto/des/ncbc_enc.c +++ b/crypto/des/ncbc_enc.c @@ -1,5 +1,5 @@ /* crypto/des/ncbc_enc.c */ -/* +/*- * #included by: * cbc_enc.c (DES_cbc_encrypt) * des_enc.c (DES_ncbc_encrypt) diff --git a/crypto/des/rpc_des.h b/crypto/des/rpc_des.h index 41328d7965..94a1d11aff 100644 --- a/crypto/des/rpc_des.h +++ b/crypto/des/rpc_des.h @@ -57,7 +57,7 @@ */ /* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */ -/* +/*- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for * unrestricted use provided that this legend is included on all tape * media and as a part of the software program in whole or part. Users diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index da4d62e112..9cbde2ace7 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -106,7 +106,8 @@ int DES_check_key_parity(const_DES_cblock *key) return(1); } -/* Weak and semi week keys as take from +/*- + * Weak and semi week keys as take from * %A D.W. Davies * %A W.L. Price * %T Security for Computer Networks @@ -406,7 +407,7 @@ int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule) { return(DES_set_key(key,schedule)); } -/* +/*- #undef des_fixup_key_parity void des_fixup_key_parity(des_cblock *key) { diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 9c4f61329f..0acd7753e9 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -61,7 +61,8 @@ #include #include -/* Check that p is a safe prime and +/*- + * Check that p is a safe prime and * if g is 2, 3 or 5, check that it is a suitable generator * where * for 2, p mod 24 == 11 diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 7b1fe9c9cb..72f24d56da 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -92,7 +92,8 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c return dh_builtin_genparams(ret, prime_len, generator, cb); } -/* We generate DH parameters as follows +/*- + * We generate DH parameters as follows * find a prime q which is prime_len/2 bits long. * p=(2*q)+1 or (p-1)/2 = q * For this case, g is a generator if diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index c46c264030..e5203bafa6 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -213,7 +213,8 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto decerr; if (sk_ASN1_TYPE_num(ndsa) != 2) goto decerr; - /* Handle Two broken types: + /*- + * Handle Two broken types: * SEQUENCE {parameters, priv_key} * SEQUENCE {pub_key, priv_key} */ diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 473af873e0..8c75ec12b9 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -167,7 +167,8 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, } /* data has already been hashed (probably with SHA or SHA-1). */ -/* returns +/*- + * returns * 1: correct signature * 0: incorrect signature * -1: error diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 0c517c3b5d..badbd36c33 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -88,7 +88,8 @@ NULL, NULL }; -/* These macro wrappers replace attempts to use the dsa_mod_exp() and +/*- + * These macro wrappers replace attempts to use the dsa_mod_exp() and * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of * having a the macro work as an expression by bundling an "err_instr". So; * diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 868513c391..d08de5e7d0 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -174,7 +174,8 @@ static int vms_load(DSO *dso) goto err; } - /* A file specification may look like this: + /*- + * A file specification may look like this: * * node::dev:[dir-spec]name.type;ver * diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index bcd5e35792..33e4cdd348 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -118,7 +118,7 @@ typedef enum { typedef struct ec_method_st EC_METHOD; typedef struct ec_group_st - /* + /*- EC_METHOD *meth; -- field definition -- curve coefficients diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index 1c575dc47a..333d11b952 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -140,7 +140,8 @@ static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM return ret; } -/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) +/*- + * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) * using Montgomery point multiplication algorithm Mxy() in appendix of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation" (CHES '99, LNCS 1717). @@ -209,7 +210,8 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG } -/* Computes scalar*point and stores the result in r. +/*- + * Computes scalar*point and stores the result in r. * point can not equal r. * Uses a modified algorithm 2P of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over @@ -315,7 +317,8 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, } -/* Computes the sum +/*- + * Computes the sum * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] * gracefully ignoring NULL scalar values. */ diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 62223cbb01..350b59be91 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -577,7 +577,8 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_ lh = BN_CTX_get(ctx); if (lh == NULL) goto err; - /* We have a curve defined by a Weierstrass equation + /*- + * We have a curve defined by a Weierstrass equation * y^2 + x*y = x^3 + a*x^2 + b. * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 * <=> ((x + a) * x + y ) * x + b + y^2 = 0 @@ -597,7 +598,8 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_ } -/* Indicates whether two points are equal. +/*- + * Indicates whether two points are equal. * Return values: * -1 error * 0 equal (in affine coordinates) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index dca3e732d0..1c9b35e8d9 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -117,7 +117,8 @@ struct ec_method_st { void (*point_clear_finish)(EC_POINT *); int (*point_copy)(EC_POINT *, const EC_POINT *); - /* used by EC_POINT_set_to_infinity, + /*- + * used by EC_POINT_set_to_infinity, * EC_POINT_set_Jprojective_coordinates_GFp, * EC_POINT_get_Jprojective_coordinates_GFp, * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index e81200b255..4e805014a7 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -619,7 +619,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (!(tmp = EC_POINT_new(group))) goto err; - /* prepare precomputed values: + /*- + * prepare precomputed values: * val_sub[i][0] := points[i] * val_sub[i][1] := 3 * points[i] * val_sub[i][2] := 5 * points[i] @@ -744,7 +745,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } -/* ec_wNAF_precompute_mult() +/*- + * ec_wNAF_precompute_mult() * creates an EC_PRE_COMP object with preprecomputed multiples of the generator * for use with wNAF splitting as implemented in ec_wNAF_mul(). * diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index b5ff56c252..e5d95cc4d0 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -51,7 +51,8 @@ typedef int64_t s64; /******************************************************************************/ -/* INTERNAL REPRESENTATION OF FIELD ELEMENTS +/*- + * INTERNAL REPRESENTATION OF FIELD ELEMENTS * * Field elements are represented as a_0 + 2^56*a_1 + 2^112*a_2 + 2^168*a_3 * using 64-bit coefficients called 'limbs', @@ -99,7 +100,8 @@ static const felem_bytearray nistp224_curve_params[5] = { 0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34} }; -/* Precomputed multiples of the standard generator +/*- + * Precomputed multiples of the standard generator * Points are given in coordinates (X, Y, Z) where Z normally is 1 * (0 for the point at infinity). * For each field element, slice a_0 is word 0, etc. @@ -578,9 +580,11 @@ static void felem_reduce(felem out, const widefelem in) /* output[3] <= 2^56 + 2^16 */ out[2] = output[2] & 0x00ffffffffffffff; - /* out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, + /*- + * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, * out[3] <= 2^56 + 2^16 (due to final carry), - * so out < 2*p */ + * so out < 2*p + */ out[3] = output[3]; } @@ -757,13 +761,15 @@ copy_conditional(felem out, const felem in, limb icopy) * */ -/* Double an elliptic curve point: +/*- + * Double an elliptic curve point: * (X', Y', Z') = 2 * (X, Y, Z), where * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2 * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2 * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed, - * while x_out == y_in is not (maybe this works, but it's not tested). */ + * while x_out == y_in is not (maybe this works, but it's not tested). + */ static void point_double(felem x_out, felem y_out, felem z_out, const felem x_in, const felem y_in, const felem z_in) @@ -835,7 +841,8 @@ point_double(felem x_out, felem y_out, felem z_out, felem_reduce(y_out, tmp); } -/* Add two elliptic curve points: +/*- + * Add two elliptic curve points: * (X_1, Y_1, Z_1) + (X_2, Y_2, Z_2) = (X_3, Y_3, Z_3), where * X_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1)^2 - (Z_1^2 * X_2 - Z_2^2 * X_1)^3 - * 2 * Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2 @@ -973,8 +980,10 @@ static void point_add(felem x3, felem y3, felem z3, felem_scalar(ftmp5, 2); /* ftmp5[i] < 2 * 2^57 = 2^58 */ - /* x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 - - 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */ + /*- + * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 - + * 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 + */ felem_diff_128_64(tmp2, ftmp5); /* tmp2[i] < 2^117 + 2^64 + 8 < 2^118 */ felem_reduce(x_out, tmp2); @@ -987,8 +996,10 @@ static void point_add(felem x3, felem y3, felem z3, felem_mul(tmp2, ftmp3, ftmp2); /* tmp2[i] < 4 * 2^57 * 2^59 = 2^118 */ - /* y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) - - z2^3*y1*(z1^2*x2 - z2^2*x1)^3 */ + /*- + * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) - + * z2^3*y1*(z1^2*x2 - z2^2*x1)^3 + */ widefelem_diff(tmp2, tmp); /* tmp2[i] < 2^118 + 2^120 < 2^121 */ felem_reduce(y_out, tmp2); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index b884f73d31..b5883d6a5a 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -84,7 +84,8 @@ static const felem_bytearray nistp256_curve_params[5] = { 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5} }; -/* The representation of field elements. +/*- + * The representation of field elements. * ------------------------------------ * * We represent field elements with either four 128-bit values, eight 128-bit @@ -253,7 +254,8 @@ static void longfelem_scalar(longfelem out, const u64 scalar) /* zero105 is 0 mod p */ static const felem zero105 = { two105m41m9, two105, two105m41p9, two105m41p9 }; -/* smallfelem_neg sets |out| to |-small| +/*- + * smallfelem_neg sets |out| to |-small| * On exit: * out[i] < out[i] + 2^105 */ @@ -266,7 +268,8 @@ static void smallfelem_neg(felem out, const smallfelem small) out[3] = zero105[3] - small[3]; } -/* felem_diff subtracts |in| from |out| +/*- + * felem_diff subtracts |in| from |out| * On entry: * in[i] < 2^104 * On exit: @@ -293,7 +296,8 @@ static void felem_diff(felem out, const felem in) /* zero107 is 0 mod p */ static const felem zero107 = { two107m43m11, two107, two107m43p11, two107m43p11 }; -/* An alternative felem_diff for larger inputs |in| +/*- + * An alternative felem_diff for larger inputs |in| * felem_diff_zero107 subtracts |in| from |out| * On entry: * in[i] < 2^106 @@ -314,7 +318,8 @@ static void felem_diff_zero107(felem out, const felem in) out[3] -= in[3]; } -/* longfelem_diff subtracts |in| from |out| +/*- + * longfelem_diff subtracts |in| from |out| * On entry: * in[i] < 7*2^67 * On exit: @@ -357,7 +362,8 @@ static void longfelem_diff(longfelem out, const longfelem in) /* zero110 is 0 mod p */ static const felem zero110 = { two64m0, two110p32m0, two64m46, two64m32 }; -/* felem_shrink converts an felem into a smallfelem. The result isn't quite +/*- + * felem_shrink converts an felem into a smallfelem. The result isn't quite * minimal as the value may be greater than p. * * On entry: @@ -409,12 +415,14 @@ static void felem_shrink(smallfelem out, const felem in) /* As tmp[3] < 2^65, high is either 1 or 0 */ high <<= 63; high >>= 63; - /* high is: + /*- + * high is: * all ones if the high word of tmp[3] is 1 * all zeros if the high word of tmp[3] if 0 */ low = tmp[3]; mask = low >> 63; - /* mask is: + /*- + * mask is: * all ones if the MSB of low is 1 * all zeros if the MSB of low if 0 */ low &= bottom63bits; @@ -422,7 +430,8 @@ static void felem_shrink(smallfelem out, const felem in) /* if low was greater than kPrime3Test then the MSB is zero */ low = ~low; low >>= 63; - /* low is: + /*- + * low is: * all ones if low was > kPrime3Test * all zeros if low was <= kPrime3Test */ mask = (mask & low) | high; @@ -452,7 +461,8 @@ static void smallfelem_expand(felem out, const smallfelem in) out[3] = in[3]; } -/* smallfelem_square sets |out| = |small|^2 +/*- + * smallfelem_square sets |out| = |small|^2 * On entry: * small[i] < 2^64 * On exit: @@ -530,7 +540,8 @@ static void smallfelem_square(longfelem out, const smallfelem small) out[7] = high; } -/* felem_square sets |out| = |in|^2 +/*- + * felem_square sets |out| = |in|^2 * On entry: * in[i] < 2^109 * On exit: @@ -543,7 +554,8 @@ static void felem_square(longfelem out, const felem in) smallfelem_square(out, small); } -/* smallfelem_mul sets |out| = |small1| * |small2| +/*- + * smallfelem_mul sets |out| = |small1| * |small2| * On entry: * small1[i] < 2^64 * small2[i] < 2^64 @@ -658,7 +670,8 @@ static void smallfelem_mul(longfelem out, const smallfelem small1, const smallfe out[7] = high; } -/* felem_mul sets |out| = |in1| * |in2| +/*- + * felem_mul sets |out| = |in1| * |in2| * On entry: * in1[i] < 2^109 * in2[i] < 2^109 @@ -673,7 +686,8 @@ static void felem_mul(longfelem out, const felem in1, const felem in2) smallfelem_mul(out, small1, small2); } -/* felem_small_mul sets |out| = |small1| * |in2| +/*- + * felem_small_mul sets |out| = |small1| * |in2| * On entry: * small1[i] < 2^64 * in2[i] < 2^109 @@ -693,7 +707,8 @@ static void felem_small_mul(longfelem out, const smallfelem small1, const felem /* zero100 is 0 mod p */ static const felem zero100 = { two100m36m4, two100, two100m36p4, two100m36p4 }; -/* Internal function for the different flavours of felem_reduce. +/*- + * Internal function for the different flavours of felem_reduce. * felem_reduce_ reduces the higher coefficients in[4]-in[7]. * On entry: * out[0] >= in[6] + 2^32*in[6] + in[7] + 2^32*in[7] @@ -740,7 +755,8 @@ static void felem_reduce_(felem out, const longfelem in) out[3] += (in[7] * 3); } -/* felem_reduce converts a longfelem into an felem. +/*- + * felem_reduce converts a longfelem into an felem. * To be called directly after felem_square or felem_mul. * On entry: * in[0] < 2^64, in[1] < 3*2^64, in[2] < 5*2^64, in[3] < 7*2^64 @@ -757,7 +773,8 @@ static void felem_reduce(felem out, const longfelem in) felem_reduce_(out, in); - /* out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 + /*- + * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 * out[1] > 2^100 - 2^64 - 7*2^96 > 0 * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0 * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0 @@ -769,7 +786,8 @@ static void felem_reduce(felem out, const longfelem in) */ } -/* felem_reduce_zero105 converts a larger longfelem into an felem. +/*- + * felem_reduce_zero105 converts a larger longfelem into an felem. * On entry: * in[0] < 2^71 * On exit: @@ -784,7 +802,8 @@ static void felem_reduce_zero105(felem out, const longfelem in) felem_reduce_(out, in); - /* out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 + /*- + * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 * out[1] > 2^105 - 2^71 - 2^103 > 0 * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0 * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0 @@ -886,7 +905,8 @@ static void smallfelem_mul_contract(smallfelem out, const smallfelem in1, const felem_contract(out, tmp); } -/* felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0 +/*- + * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0 * otherwise. * On entry: * small[i] < 2^64 @@ -931,7 +951,8 @@ static int smallfelem_is_zero_int(const smallfelem small) return (int) (smallfelem_is_zero(small) & ((limb)1)); } -/* felem_inv calculates |out| = |in|^{-1} +/*- + * felem_inv calculates |out| = |in|^{-1} * * Based on Fermat's Little Theorem: * a^p = a (mod p) @@ -1010,14 +1031,16 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in) felem_contract(out, tmp); } -/* Group operations +/*- + * Group operations * ---------------- * * Building on top of the field operations we have the operations on the * elliptic curve group itself. Points on the curve are represented in Jacobian * coordinates */ -/* point_double calculates 2*(x_in, y_in, z_in) +/*- + * point_double calculates 2*(x_in, y_in, z_in) * * The method is taken from: * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b @@ -1145,7 +1168,8 @@ copy_small_conditional(felem out, const smallfelem in, limb mask) } } -/* point_add calcuates (x1, y1, z1) + (x2, y2, z2) +/*- + * point_add calcuates (x1, y1, z1) + (x2, y2, z2) * * The method is taken from: * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl, @@ -1334,7 +1358,8 @@ static void point_add_small(smallfelem x3, smallfelem y3, smallfelem z3, felem_shrink(z3, felem_z3); } -/* Base point pre computation +/*- + * Base point pre computation * -------------------------- * * Two different sorts of precomputed tables are used in the following code. diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 178b655f7f..7ff3a0b1be 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -109,7 +109,8 @@ static const felem_bytearray nistp521_curve_params[5] = 0x66, 0x50} }; -/* The representation of field elements. +/*- + * The representation of field elements. * ------------------------------------ * * We represent field elements with nine values. These values are either 64 or @@ -291,7 +292,8 @@ static void felem_scalar128(largefelem out, limb scalar) out[8] *= scalar; } -/* felem_neg sets |out| to |-in| +/*- + * felem_neg sets |out| to |-in| * On entry: * in[i] < 2^59 + 2^14 * On exit: @@ -314,7 +316,8 @@ static void felem_neg(felem out, const felem in) out[8] = two62m2 - in[8]; } -/* felem_diff64 subtracts |in| from |out| +/*- + * felem_diff64 subtracts |in| from |out| * On entry: * in[i] < 2^59 + 2^14 * On exit: @@ -337,7 +340,8 @@ static void felem_diff64(felem out, const felem in) out[8] += two62m2 - in[8]; } -/* felem_diff_128_64 subtracts |in| from |out| +/*- + * felem_diff_128_64 subtracts |in| from |out| * On entry: * in[i] < 2^62 + 2^17 * On exit: @@ -360,7 +364,8 @@ static void felem_diff_128_64(largefelem out, const felem in) out[8] += two63m5 - in[8]; } -/* felem_diff_128_64 subtracts |in| from |out| +/*- + * felem_diff_128_64 subtracts |in| from |out| * On entry: * in[i] < 2^126 * On exit: @@ -383,7 +388,8 @@ static void felem_diff128(largefelem out, const largefelem in) out[8] += (two127m69 - in[8]); } -/* felem_square sets |out| = |in|^2 +/*- + * felem_square sets |out| = |in|^2 * On entry: * in[i] < 2^62 * On exit: @@ -395,7 +401,8 @@ static void felem_square(largefelem out, const felem in) felem_scalar(inx2, in, 2); felem_scalar(inx4, in, 4); - /* We have many cases were we want to do + /*- + * We have many cases were we want to do * in[x] * in[y] + * in[y] * in[x] * This is obviously just @@ -474,7 +481,8 @@ static void felem_square(largefelem out, const felem in) out[7] += ((uint128_t) in[8]) * inx2[8]; } -/* felem_mul sets |out| = |in1| * |in2| +/*- + * felem_mul sets |out| = |in1| * |in2| * On entry: * in1[i] < 2^64 * in2[i] < 2^63 @@ -589,7 +597,8 @@ static void felem_mul(largefelem out, const felem in1, const felem in2) static const limb bottom52bits = 0xfffffffffffff; -/* felem_reduce converts a largefelem to an felem. +/*- + * felem_reduce converts a largefelem to an felem. * On entry: * in[i] < 2^128 * On exit: @@ -677,7 +686,8 @@ static void felem_mul_reduce(felem out, const felem in1, const felem in2) felem_reduce(out, tmp); } -/* felem_inv calculates |out| = |in|^{-1} +/*- + * felem_inv calculates |out| = |in|^{-1} * * Based on Fermat's Little Theorem: * a^p = a (mod p) @@ -769,7 +779,8 @@ static const felem kPrime = 0x03ffffffffffffff, 0x03ffffffffffffff, 0x01ffffffffffffff }; -/* felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0 +/*- + * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0 * otherwise. * On entry: * in[i] < 2^59 + 2^14 @@ -834,7 +845,8 @@ static int felem_is_zero_int(const felem in) return (int) (felem_is_zero(in) & ((limb)1)); } -/* felem_contract converts |in| to its unique, minimal representation. +/*- + * felem_contract converts |in| to its unique, minimal representation. * On entry: * in[i] < 2^59 + 2^14 */ @@ -930,14 +942,16 @@ static void felem_contract(felem out, const felem in) sign = -(out[7] >> 63); out[7] += (two58 & sign); out[8] -= (1 & sign); } -/* Group operations +/*- + * Group operations * ---------------- * * Building on top of the field operations we have the operations on the * elliptic curve group itself. Points on the curve are represented in Jacobian * coordinates */ -/* point_double calcuates 2*(x_in, y_in, z_in) +/*- + * point_double calcuates 2*(x_in, y_in, z_in) * * The method is taken from: * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b @@ -974,11 +988,13 @@ point_double(felem x_out, felem y_out, felem z_out, felem_scalar64(ftmp2, 3); /* ftmp2[i] < 3*2^60 + 3*2^15 */ felem_mul(tmp, ftmp, ftmp2); - /* tmp[i] < 17(3*2^121 + 3*2^76) + /*- + * tmp[i] < 17(3*2^121 + 3*2^76) * = 61*2^121 + 61*2^76 * < 64*2^121 + 64*2^76 * = 2^127 + 2^82 - * < 2^128 */ + * < 2^128 + */ felem_reduce(alpha, tmp); /* x' = alpha^2 - 8*beta */ @@ -1011,22 +1027,30 @@ point_double(felem x_out, felem y_out, felem z_out, felem_diff64(beta, x_out); /* beta[i] < 2^61 + 2^60 + 2^16 */ felem_mul(tmp, alpha, beta); - /* tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16)) + /*- + * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16)) * = 17*(2^120 + 2^75 + 2^119 + 2^74 + 2^75 + 2^30) * = 17*(2^120 + 2^119 + 2^76 + 2^74 + 2^30) - * < 2^128 */ + * < 2^128 + */ felem_square(tmp2, gamma); - /* tmp2[i] < 17*(2^59 + 2^14)^2 - * = 17*(2^