diff options
| author | Matt Caswell <matt@openssl.org> | 2015-01-17 00:06:54 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:20:10 +0000 |
| commit | 35a1cc90bc1795e8893c11e442790ee7f659fffb (patch) | |
| tree | 07b5091171d75ea2bcce8b37f1776e03f1f102d1 /ssl | |
| parent | 50e735f9e5d220cdad7db690188b82a69ddcb39e (diff) | |
| download | openssl-35a1cc90bc1795e8893c11e442790ee7f659fffb.zip openssl-35a1cc90bc1795e8893c11e442790ee7f659fffb.tar.gz openssl-35a1cc90bc1795e8893c11e442790ee7f659fffb.tar.bz2 | |
More comment realignmentmaster-post-reformat
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/d1_pkt.c | 22 | ||||
| -rw-r--r-- | ssl/s3_cbc.c | 38 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 74 | ||||
| -rw-r--r-- | ssl/s3_enc.c | 15 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 8 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 30 | ||||
| -rw-r--r-- | ssl/ssl_task.c | 4 | ||||
| -rw-r--r-- | ssl/ssltest.c | 84 |
8 files changed, 138 insertions, 137 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index e4ae19f..598002b 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -433,12 +433,12 @@ static int dtls1_process_record(SSL *s) rr->orig_len = rr->length; enc_err = s->method->ssl3_enc->enc(s, 0); - /*- - * enc_err is: - * 0: (in non-constant time) if the record is publically invalid. - * 1: if the padding is valid - * -1: if the padding is invalid - */ + /*- + * enc_err is: + * 0: (in non-constant time) if the record is publically invalid. + * 1: if the padding is valid + * -1: if the padding is invalid + */ if (enc_err == 0) { /* For DTLS we simply ignore bad packets. */ rr->length = 0; @@ -1046,11 +1046,11 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } - /*- - * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; - * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) - */ + /*- + * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; + * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. + * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) + */ /* If we are a client, check for an incoming 'Hello Request': */ if ((!s->server) && diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index dda425a..e5a04ac 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -754,25 +754,25 @@ void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) return; block_size = EVP_MD_CTX_block_size(mac_ctx); - /*- - * We are in FIPS mode if we get this far so we know we have only SHA* - * digests and TLS to deal with. - * Minimum digest padding length is 17 for SHA384/SHA512 and 9 - * otherwise. - * Additional header is 13 bytes. To get the number of digest blocks - * processed round up the amount of data plus padding to the nearest - * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. - * So we have: - * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size - * equivalently: - * blocks = (payload_len + digest_pad + 12)/block_size + 1 - * HMAC adds a constant overhead. - * We're ultimately only interested in differences so this becomes - * blocks = (payload_len + 29)/128 - * for SHA384/SHA512 and - * blocks = (payload_len + 21)/64 - * otherwise. - */ + /*- + * We are in FIPS mode if we get this far so we know we have only SHA* + * digests and TLS to deal with. + * Minimum digest padding length is 17 for SHA384/SHA512 and 9 + * otherwise. + * Additional header is 13 bytes. To get the number of digest blocks + * processed round up the amount of data plus padding to the nearest + * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. + * So we have: + * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size + * equivalently: + * blocks = (payload_len + digest_pad + 12)/block_size + 1 + * HMAC adds a constant overhead. + * We're ultimately only interested in differences so this becomes + * blocks = (payload_len + 29)/128 + * for SHA384/SHA512 and + * blocks = (payload_len + 21)/64 + * otherwise. + */ digest_pad = block_size == 64 ? 21 : 29; blocks_orig = (orig_len + digest_pad) / block_size; blocks_data = (data_len + digest_pad) / block_size; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 900389e..93518b8 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -725,36 +725,36 @@ int ssl3_client_hello(SSL *s) /* Do the message type and length last */ d = p = ssl_handshake_start(s); - /*- - * version indicates the negotiated version: for example from - * an SSLv2/v3 compatible client hello). The client_version - * field is the maximum version we permit and it is also - * used in RSA encrypted premaster secrets. Some servers can - * choke if we initially report a higher version then - * renegotiate to a lower one in the premaster secret. This - * didn't happen with TLS 1.0 as most servers supported it - * but it can with TLS 1.1 or later if the server only supports - * 1.0. - * - * Possible scenario with previous logic: - * 1. Client hello indicates TLS 1.2 - * 2. Server hello says TLS 1.0 - * 3. RSA encrypted premaster secret uses 1.2. - * 4. Handhaked proceeds using TLS 1.0. - * 5. Server sends hello request to renegotiate. - * 6. Client hello indicates TLS v1.0 as we now - * know that is maximum server supports. - * 7. Server chokes on RSA encrypted premaster secret - * containing version 1.0. - * - * For interoperability it should be OK to always use the - * maximum version we support in client hello and then rely - * on the checking of version to ensure the servers isn't - * being inconsistent: for example initially negotiating with - * TLS 1.0 and renegotiating with TLS 1.2. We do this by using - * client_version in client hello and not resetting it to - * the negotiated version. - */ + /*- + * version indicates the negotiated version: for example from + * an SSLv2/v3 compatible client hello). The client_version + * field is the maximum version we permit and it is also + * used in RSA encrypted premaster secrets. Some servers can + * choke if we initially report a higher version then + * renegotiate to a lower one in the premaster secret. This + * didn't happen with TLS 1.0 as most servers supported it + * but it can with TLS 1.1 or later if the server only supports + * 1.0. + * + * Possible scenario with previous logic: + * 1. Client hello indicates TLS 1.2 + * 2. Server hello says TLS 1.0 + * 3. RSA encrypted premaster secret uses 1.2. + * 4. Handhaked proceeds using TLS 1.0. + * 5. Server sends hello request to renegotiate. + * 6. Client hello indicates TLS v1.0 as we now + * know that is maximum server supports. + * 7. Server chokes on RSA encrypted premaster secret + * containing version 1.0. + * + * For interoperability it should be OK to always use the + * maximum version we support in client hello and then rely + * on the checking of version to ensure the servers isn't + * being inconsistent: for example initially negotiating with + * TLS 1.0 and renegotiating with TLS 1.2. We do this by using + * client_version in client hello and not resetting it to + * the negotiated version. + */ #if 0 *(p++) = s->version >> 8; *(p++) = s->version & 0xff; @@ -2514,13 +2514,13 @@ int ssl3_send_client_key_exchange(SSL *s) if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) goto err; - /*- - * 20010420 VRS. Tried it this way; failed. - * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - * kssl_ctx->length); - * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ + /*- + * 20010420 VRS. Tried it this way; failed. + * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); + * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, + * kssl_ctx->length); + * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); + */ memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 54e48c3..8dda5d0 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -748,13 +748,14 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) * are hashing because that gives an attacker a timing-oracle. */ - /*- - * npad is, at most, 48 bytes and that's with MD5: - * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. - * - * With SHA-1 (the largest hash speced for SSLv3) the hash size - * goes up 4, but npad goes down by 8, resulting in a smaller - * total size. */ + /*- + * npad is, at most, 48 bytes and that's with MD5: + * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. + * + * With SHA-1 (the largest hash speced for SSLv3) the hash size + * goes up 4, but npad goes down by 8, resulting in a smaller + * total size. + */ unsigned char header[75]; unsigned j = 0; memcpy(header + j, mac_sec, md_size); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c3e497d..d777935 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1913,11 +1913,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->references = 1; ret->quiet_shutdown = 0; -/* ret->cipher=NULL;*/ +/* ret->cipher=NULL;*/ /*- - ret->s2->challenge=NULL; - ret->master_key=NULL; - ret->s2->conn_id=NULL; */ + ret->s2->challenge=NULL; + ret->master_key=NULL; + ret->s2->conn_id=NULL; */ ret->info_callback = NULL; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 1061b83..0eda59e 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -325,21 +325,21 @@ int ssl_get_new_session(SSL *s, int session) return (0); } #ifndef OPENSSL_NO_TLSEXT - /*- - * If RFC5077 ticket, use empty session ID (as server). - * Note that: - * (a) ssl_get_prev_session() does lookahead into the - * ClientHello extensions to find the session ticket. - * When ssl_get_prev_session() fails, s3_srvr.c calls - * ssl_get_new_session() in ssl3_get_client_hello(). - * At that point, it has not yet parsed the extensions, - * however, because of the lookahead, it already knows - * whether a ticket is expected or not. - * - * (b) s3_clnt.c calls ssl_get_new_session() before parsing - * ServerHello extensions, and before recording the session - * ID received from the server, so this block is a noop. - */ + /*- + * If RFC5077 ticket, use empty session ID (as server). + * Note that: + * (a) ssl_get_prev_session() does lookahead into the + * ClientHello extensions to find the session ticket. + * When ssl_get_prev_session() fails, s3_srvr.c calls + * ssl_get_new_session() in ssl3_get_client_hello(). + * At that point, it has not yet parsed the extensions, + * however, because of the lookahead, it already knows + * whether a ticket is expected or not. + * + * (b) s3_clnt.c calls ssl_get_new_session() before parsing + * ServerHello extensions, and before recording the session + * ID received from the server, so this block is a noop. + */ if (s->tlsext_ticket_expected) { ss->session_id_length = 0; goto sess_id_done; diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index 3c5295d..f0ed4e4 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -288,8 +288,8 @@ int doit(io_channel chan, SSL_CTX *s_ctx) if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; /*- original, DRM 24-SEP-1997 - BIO_set_fd ( c_to_s, "", chan ); - BIO_set_fd ( s_to_c, "", chan ); + BIO_set_fd ( c_to_s, "", chan ); + BIO_set_fd ( s_to_c, "", chan ); */ BIO_set_fd(c_to_s, 0, chan); BIO_set_fd(s_to_c, 0, chan); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index a6f338c..9290ca2 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1845,40 +1845,40 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); do { - /*- - * c_ssl_bio: SSL filter BIO - * - * client: pseudo-I/O for SSL library - * - * client_io: client's SSL communication; usually to be - * relayed over some I/O facility, but in this - * test program, we're the server, too: - * - * server_io: server's SSL communication - * - * server: pseudo-I/O for SSL library - * - * s_ssl_bio: SSL filter BIO - * - * The client and the server each employ a "BIO pair": - * client + client_io, server + server_io. - * BIO pairs are symmetric. A BIO pair behaves similar - * to a non-blocking socketpair (but both endpoints must - * be handled by the same thread). - * [Here we could connect client and server to the ends - * of a single BIO pair, but then this code would be less - * suitable as an example for BIO pairs in general.] - * - * Useful functions for querying the state of BIO pair endpoints: - * - * BIO_ctrl_pending(bio) number of bytes we can read now - * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil - * other side's read attempt - * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now - * - * ..._read_request is never more than ..._write_guarantee; - * it depends on the application which one you should use. - */ + /*- + * c_ssl_bio: SSL filter BIO + * + * client: pseudo-I/O for SSL library + * + * client_io: client's SSL communication; usually to be + * relayed over some I/O facility, but in this + * test program, we're the server, too: + * + * server_io: server's SSL communication + * + * server: pseudo-I/O for SSL library + * + * s_ssl_bio: SSL filter BIO + * + * The client and the server each employ a "BIO pair": + * client + client_io, server + server_io. + * BIO pairs are symmetric. A BIO pair behaves similar + * to a non-blocking socketpair (but both endpoints must + * be handled by the same thread). + * [Here we could connect client and server to the ends + * of a single BIO pair, but then this code would be less + * suitable as an example for BIO pairs in general.] + * + * Useful functions for querying the state of BIO pair endpoints: + * + * BIO_ctrl_pending(bio) number of bytes we can read now + * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil + * other side's read attempt + * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now + * + * ..._read_request is never more than ..._write_guarantee; + * it depends on the application which one you should use. + */ /* * We have non-blocking behaviour throughout this test program, but @@ -2266,10 +2266,10 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) printf("server waiting in SSL_accept - %s\n", SSL_state_string_long(s_ssl)); /*- - else if (s_write) - printf("server:SSL_write()\n"); - else - printf("server:SSL_read()\n"); */ + else if (s_write) + printf("server:SSL_write()\n"); + else + printf("server:SSL_read()\n"); */ } if (do_client && debug) { @@ -2277,10 +2277,10 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) printf("client waiting in SSL_connect - %s\n", SSL_state_string_long(c_ssl)); /*- - else if (c_write) - printf("client:SSL_write()\n"); - else - printf("client:SSL_read()\n"); */ + else if (c_write) + printf("client:SSL_write()\n"); + else + printf("client:SSL_read()\n"); */ } if (!do_client && !do_server) { |