From cbeb0b26e4c7caa8d1b47de791a7418dc20a4567 Mon Sep 17 00:00:00 2001 From: rsc Date: Sat, 1 Apr 2006 19:24:03 +0000 Subject: Use gcc -ansi -pedantic in 9c. Fix many non-C89-isms. --- src/libsec/port/aes.c | 8 +- src/libsec/port/blowfish.c | 8 +- src/libsec/port/des3CBC.c | 12 +-- src/libsec/port/des3ECB.c | 8 +- src/libsec/port/desCBC.c | 12 +-- src/libsec/port/desECB.c | 8 +- src/libsec/port/dsagen.c | 8 +- src/libsec/port/dsaprimes.c | 14 +-- src/libsec/port/dsasign.c | 8 +- src/libsec/port/dsaverify.c | 6 +- src/libsec/port/egencrypt.c | 2 +- src/libsec/port/egsign.c | 2 +- src/libsec/port/genprime.c | 6 +- src/libsec/port/gensafeprime.c | 10 +- src/libsec/port/genstrongprime.c | 28 +++--- src/libsec/port/md4.c | 2 +- src/libsec/port/primetest.c | 26 +++--- src/libsec/port/prng.c | 6 +- src/libsec/port/probably_prime.c | 28 +++--- src/libsec/port/rsadecrypt.c | 12 +-- src/libsec/port/rsafill.c | 6 +- src/libsec/port/rsagen.c | 16 ++-- src/libsec/port/smallprimetest.c | 4 +- src/libsec/port/tlshand.c | 196 +++++++++++++++++++-------------------- src/libsec/port/x509.c | 4 +- 25 files changed, 220 insertions(+), 220 deletions(-) (limited to 'src/libsec') diff --git a/src/libsec/port/aes.c b/src/libsec/port/aes.c index 144aaf69..9cbb6bd9 100644 --- a/src/libsec/port/aes.c +++ b/src/libsec/port/aes.c @@ -63,12 +63,12 @@ setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec) memmove(s->ivec, ivec, AESbsize); if(keybytes==16 || keybytes==24 || keybytes==32) s->setup = 0xcafebabe; - // else rijndaelKeySetup was invalid + /* else rijndaelKeySetup was invalid */ } -// Define by analogy with desCBCencrypt; AES modes are not standardized yet. -// Because of the way that non-multiple-of-16 buffers are handled, -// the decryptor must be fed buffers of the same size as the encryptor. +/* Define by analogy with desCBCencrypt; AES modes are not standardized yet. */ +/* Because of the way that non-multiple-of-16 buffers are handled, */ +/* the decryptor must be fed buffers of the same size as the encryptor. */ void aesCBCencrypt(uchar *p, int len, AESstate *s) { diff --git a/src/libsec/port/blowfish.c b/src/libsec/port/blowfish.c index 5dcc677c..0eed2939 100644 --- a/src/libsec/port/blowfish.c +++ b/src/libsec/port/blowfish.c @@ -2,10 +2,10 @@ #include #include -// Blowfish block cipher. See: -// Lecture Notes in Computer Science 809 -// Fast Software Encryption -// Cambridge Security Workshop, Cambridge, England (1993) +/* Blowfish block cipher. See: */ +/* Lecture Notes in Computer Science 809 */ +/* Fast Software Encryption */ +/* Cambridge Security Workshop, Cambridge, England (1993) */ static u32int sbox[1024]; static u32int pbox[BFrounds+2]; diff --git a/src/libsec/port/des3CBC.c b/src/libsec/port/des3CBC.c index 26329300..2d830bac 100644 --- a/src/libsec/port/des3CBC.c +++ b/src/libsec/port/des3CBC.c @@ -2,14 +2,14 @@ #include #include -// Because of the way that non multiple of 8 -// buffers are handled, the decryptor must -// be fed buffers of the same size as the -// encryptor +/* Because of the way that non multiple of 8 */ +/* buffers are handled, the decryptor must */ +/* be fed buffers of the same size as the */ +/* encryptor */ -// If the length is not a multiple of 8, I encrypt -// the overflow to be compatible with lacy's cryptlib +/* If the length is not a multiple of 8, I encrypt */ +/* the overflow to be compatible with lacy's cryptlib */ void des3CBCencrypt(uchar *p, int len, DES3state *s) { diff --git a/src/libsec/port/des3ECB.c b/src/libsec/port/des3ECB.c index 324254b1..a03d7044 100644 --- a/src/libsec/port/des3ECB.c +++ b/src/libsec/port/des3ECB.c @@ -2,10 +2,10 @@ #include #include -// I wasn't sure what to do when the buffer was not -// a multiple of 8. I did what lacy's cryptolib did -// to be compatible, but it looks dangerous to me -// since its encrypting plain text with the key. -- presotto +/* I wasn't sure what to do when the buffer was not */ +/* a multiple of 8. I did what lacy's cryptolib did */ +/* to be compatible, but it looks dangerous to me */ +/* since its encrypting plain text with the key. -- presotto */ void des3ECBencrypt(uchar *p, int len, DES3state *s) diff --git a/src/libsec/port/desCBC.c b/src/libsec/port/desCBC.c index ecee29e8..eaba07ed 100644 --- a/src/libsec/port/desCBC.c +++ b/src/libsec/port/desCBC.c @@ -2,14 +2,14 @@ #include #include -// Because of the way that non multiple of 8 -// buffers are handled, the decryptor must -// be fed buffers of the same size as the -// encryptor +/* Because of the way that non multiple of 8 */ +/* buffers are handled, the decryptor must */ +/* be fed buffers of the same size as the */ +/* encryptor */ -// If the length is not a multiple of 8, I encrypt -// the overflow to be compatible with lacy's cryptlib +/* If the length is not a multiple of 8, I encrypt */ +/* the overflow to be compatible with lacy's cryptlib */ void desCBCencrypt(uchar *p, int len, DESstate *s) { diff --git a/src/libsec/port/desECB.c b/src/libsec/port/desECB.c index a9ad0018..0bc34141 100644 --- a/src/libsec/port/desECB.c +++ b/src/libsec/port/desECB.c @@ -2,10 +2,10 @@ #include #include -// I wasn't sure what to do when the buffer was not -// a multiple of 8. I did what lacy's cryptolib did -// to be compatible, but it looks dangerous to me -// since its encrypting plain text with the key. -- presotto +/* I wasn't sure what to do when the buffer was not */ +/* a multiple of 8. I did what lacy's cryptolib did */ +/* to be compatible, but it looks dangerous to me */ +/* since its encrypting plain text with the key. -- presotto */ void desECBencrypt(uchar *p, int len, DESstate *s) diff --git a/src/libsec/port/dsagen.c b/src/libsec/port/dsagen.c index 46c369e1..cf35f043 100644 --- a/src/libsec/port/dsagen.c +++ b/src/libsec/port/dsagen.c @@ -29,9 +29,9 @@ dsagen(DSApub *opub) pub->key = mpnew(0); priv->secret = mpnew(0); - // find a generator alpha of the multiplicative - // group Z*p, i.e., of order n = p-1. We use the - // fact that q divides p-1 to reduce the exponent. + /* find a generator alpha of the multiplicative */ + /* group Z*p, i.e., of order n = p-1. We use the */ + /* fact that q divides p-1 to reduce the exponent. */ exp = mpnew(0); g = mpnew(0); r = mpnew(0); @@ -49,7 +49,7 @@ dsagen(DSApub *opub) mpfree(g); mpfree(exp); - // create the secret key + /* create the secret key */ mprand(bits, genrandom, priv->secret); mpmod(priv->secret, pub->p, priv->secret); mpexp(pub->alpha, priv->secret, pub->p, pub->key); diff --git a/src/libsec/port/dsaprimes.c b/src/libsec/port/dsaprimes.c index ff1dd5d8..72546f15 100644 --- a/src/libsec/port/dsaprimes.c +++ b/src/libsec/port/dsaprimes.c @@ -2,12 +2,12 @@ #include #include -// NIST algorithm for generating DSA primes -// Menezes et al (1997) Handbook of Applied Cryptography, p.151 -// q is a 160-bit prime; p is a 1024-bit prime; q divides p-1 +/* NIST algorithm for generating DSA primes */ +/* Menezes et al (1997) Handbook of Applied Cryptography, p.151 */ +/* q is a 160-bit prime; p is a 1024-bit prime; q divides p-1 */ -// arithmetic on unsigned ints mod 2**160, represented -// as 20-byte, little-endian uchar array +/* arithmetic on unsigned ints mod 2**160, represented */ +/* as 20-byte, little-endian uchar array */ static void Hrand(uchar *s) @@ -29,7 +29,7 @@ Hincr(uchar *s) break; } -// this can run for quite a while; be patient +/* this can run for quite a while; be patient */ void DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]) { @@ -58,7 +58,7 @@ forever: Hs[19] |= 0x80; letomp(Hs, 20, q); }while(!probably_prime(q, 18)); - if(seed != nil) // allow skeptics to confirm computation + if(seed != nil) /* allow skeptics to confirm computation */ memmove(seed, s, SHA1dlen); i = 0; j = 2; diff --git a/src/libsec/port/dsasign.c b/src/libsec/port/dsasign.c index 137134be..c3302499 100644 --- a/src/libsec/port/dsasign.c +++ b/src/libsec/port/dsasign.c @@ -18,7 +18,7 @@ dsasign(DSApriv *priv, mpint *m) k = mpnew(0); mpsub(pub->q, mpone, qm1); - // find a k that has an inverse mod q + /* find a k that has an inverse mod q */ while(1){ mprand(qlen, genrandom, k); if((mpcmp(mpone, k) > 0) || (mpcmp(k, pub->q) >= 0)) @@ -29,14 +29,14 @@ dsasign(DSApriv *priv, mpint *m) break; } - // make kinv positive + /* make kinv positive */ mpmod(kinv, pub->q, kinv); - // r = ((alpha**k) mod p) mod q + /* r = ((alpha**k) mod p) mod q */ mpexp(alpha, k, p, r); mpmod(r, q, r); - // s = (kinv*(m + ar)) mod q + /* s = (kinv*(m + ar)) mod q */ mpmul(r, priv->secret, s); mpadd(s, m, s); mpmul(s, kinv, s); diff --git a/src/libsec/port/dsaverify.c b/src/libsec/port/dsaverify.c index 70e7f3cb..93310b97 100644 --- a/src/libsec/port/dsaverify.c +++ b/src/libsec/port/dsaverify.c @@ -17,18 +17,18 @@ dsaverify(DSApub *pub, DSAsig *sig, mpint *m) v = mpnew(0); sinv = mpnew(0); - // find (s**-1) mod q, make sure it exists + /* find (s**-1) mod q, make sure it exists */ mpextendedgcd(sig->s, pub->q, u1, sinv, v); if(mpcmp(u1, mpone) != 0) goto out; - // u1 = (sinv * m) mod q, u2 = (r * sinv) mod q + /* u1 = (sinv * m) mod q, u2 = (r * sinv) mod q */ mpmul(sinv, m, u1); mpmod(u1, pub->q, u1); mpmul(sig->r, sinv, u2); mpmod(u2, pub->q, u2); - // v = (((alpha**u1)*(key**u2)) mod p) mod q + /* v = (((alpha**u1)*(key**u2)) mod p) mod q */ mpexp(pub->alpha, u1, pub->p, sinv); mpexp(pub->key, u2, pub->p, v); mpmul(sinv, v, v); diff --git a/src/libsec/port/egencrypt.c b/src/libsec/port/egencrypt.c index 9b6b12c6..646e7e20 100644 --- a/src/libsec/port/egencrypt.c +++ b/src/libsec/port/egencrypt.c @@ -9,7 +9,7 @@ egencrypt(EGpub *pub, mpint *in, mpint *out) mpint *p = pub->p, *alpha = pub->alpha; int plen = mpsignif(p); int shift = ((plen+Dbits)/Dbits)*Dbits; - // in libcrypt version, (int)(LENGTH(pub->p)*sizeof(NumType)*CHARBITS); + /* in libcrypt version, (int)(LENGTH(pub->p)*sizeof(NumType)*CHARBITS); */ if(out == nil) out = mpnew(0); diff --git a/src/libsec/port/egsign.c b/src/libsec/port/egsign.c index 10540041..ce95228b 100644 --- a/src/libsec/port/egsign.c +++ b/src/libsec/port/egsign.c @@ -26,7 +26,7 @@ egsign(EGpriv *priv, mpint *m) continue; break; } - mpmod(kinv, pm1, kinv); // make kinv positive + mpmod(kinv, pm1, kinv); /* make kinv positive */ mpexp(alpha, k, p, r); mpmul(priv->secret, r, s); mpmod(s, pm1, s); diff --git a/src/libsec/port/genprime.c b/src/libsec/port/genprime.c index c0e16d92..25a3f0e2 100644 --- a/src/libsec/port/genprime.c +++ b/src/libsec/port/genprime.c @@ -2,13 +2,13 @@ #include #include -// generate a probable prime. accuracy is the miller-rabin interations +/* generate a probable prime. accuracy is the miller-rabin interations */ void genprime(mpint *p, int n, int accuracy) { mpdigit x; - // generate n random bits with high and low bits set + /* generate n random bits with high and low bits set */ mpbits(p, n); genrandom((uchar*)p->p, (n+7)/8); p->top = (n+Dbits-1)/Dbits; @@ -18,7 +18,7 @@ genprime(mpint *p, int n, int accuracy) p->p[p->top-1] |= x; p->p[0] |= 1; - // keep icrementing till it looks prime + /* keep icrementing till it looks prime */ for(;;){ if(probably_prime(p, accuracy)) break; diff --git a/src/libsec/port/gensafeprime.c b/src/libsec/port/gensafeprime.c index e95c94c9..0a069b45 100644 --- a/src/libsec/port/gensafeprime.c +++ b/src/libsec/port/gensafeprime.c @@ -2,8 +2,8 @@ #include #include -// find a prime p of length n and a generator alpha of Z^*_p -// Alg 4.86 Menezes et al () Handbook, p.164 +/* find a prime p of length n and a generator alpha of Z^*_p */ +/* Alg 4.86 Menezes et al () Handbook, p.164 */ void gensafeprime(mpint *p, mpint *alpha, int n, int accuracy) { @@ -13,12 +13,12 @@ gensafeprime(mpint *p, mpint *alpha, int n, int accuracy) while(1){ genprime(q, n-1, accuracy); mpleft(q, 1, p); - mpadd(p, mpone, p); // p = 2*q+1 + mpadd(p, mpone, p); /* p = 2*q+1 */ if(probably_prime(p, accuracy)) break; } - // now find a generator alpha of the multiplicative - // group Z*_p of order p-1=2q + /* now find a generator alpha of the multiplicative */ + /* group Z*_p of order p-1=2q */ b = mpnew(0); while(1){ mprand(n, genrandom, alpha); diff --git a/src/libsec/port/genstrongprime.c b/src/libsec/port/genstrongprime.c index 27c43a96..6ac4fa33 100644 --- a/src/libsec/port/genstrongprime.c +++ b/src/libsec/port/genstrongprime.c @@ -2,8 +2,8 @@ #include #include -// Gordon's algorithm for generating a strong prime -// Menezes et al () Handbook, p.150 +/* Gordon's algorithm for generating a strong prime */ +/* Menezes et al () Handbook, p.150 */ void genstrongprime(mpint *p, int n, int accuracy) { @@ -17,20 +17,20 @@ genstrongprime(mpint *p, int n, int accuracy) t = mpnew(n/2); genprime(t, n-mpsignif(s)-32, accuracy); - // first r = 2it + 1 that's prime + /* first r = 2it + 1 that's prime */ i = mpnew(16); r = mpnew(0); itomp(0x8000, i); - mpleft(t, 1, t); // 2t - mpmul(i, t, r); // 2it - mpadd(r, mpone, r); // 2it + 1 + mpleft(t, 1, t); /* 2t */ + mpmul(i, t, r); /* 2it */ + mpadd(r, mpone, r); /* 2it + 1 */ for(;;){ if(probably_prime(r, 18)) break; - mpadd(r, t, r); // r += 2t + mpadd(r, t, r); /* r += 2t */ } - // p0 = 2(s**(r-2) mod r)s - 1 + /* p0 = 2(s**(r-2) mod r)s - 1 */ itomp(2, p); mpsub(r, p, p); mpexp(s, p, r, p); @@ -38,16 +38,16 @@ genstrongprime(mpint *p, int n, int accuracy) mpleft(p, 1, p); mpsub(p, mpone, p); - // first p = p0 + 2irs that's prime + /* first p = p0 + 2irs that's prime */ itomp(0x8000, i); - mpleft(r, 1, r); // 2r - mpmul(r, s, r); // 2rs - mpmul(r, i, i); // 2irs - mpadd(p, i, p); // p0 + 2irs + mpleft(r, 1, r); /* 2r */ + mpmul(r, s, r); /* 2rs */ + mpmul(r, i, i); /* 2irs */ + mpadd(p, i, p); /* p0 + 2irs */ for(;;){ if(probably_prime(p, accuracy)) break; - mpadd(p, r, p); // p += 2rs + mpadd(p, r, p); /* p += 2rs */ } mpfree(i); diff --git a/src/libsec/port/md4.c b/src/libsec/port/md4.c index c4a2f32d..dc4a8c2a 100644 --- a/src/libsec/port/md4.c +++ b/src/libsec/port/md4.c @@ -24,7 +24,7 @@ enum S31= 3, S32= 9, S33= 11, - S34= 15, + S34= 15 }; typedef struct MD4Table MD4Table; diff --git a/src/libsec/port/primetest.c b/src/libsec/port/primetest.c index 2d082e64..405b906c 100644 --- a/src/libsec/port/primetest.c +++ b/src/libsec/port/primetest.c @@ -11,9 +11,9 @@ main(void) mpint *nine = mpnew(0); fmtinstall('B', mpconv); - strtomp("2492491", nil, 16, z); // 38347921 = x*y = (2**28-9)/7, - // an example of 3**(n-1)=1 mod n - strtomp("15662C00E811", nil, 16, p);// 23528569104401, a prime + strtomp("2492491", nil, 16, z); /* 38347921 = x*y = (2**28-9)/7, */ + /* an example of 3**(n-1)=1 mod n */ + strtomp("15662C00E811", nil, 16, p);/* 23528569104401, a prime */ uitomp(9, nine); if(probably_prime(z, 5) == 1) @@ -29,13 +29,13 @@ main(void) exits(0); } -// example output, checked with Maple: -// seed EB7B6E35F7CD37B511D96C67D6688CC4DD440E1E -// q=E0F0EF284E10796C5A2A511E94748BA03C795C13 -// = 1284186945063585093695748280224501481698995297299 -// p=C41CFBE4D4846F67A3DF7DE9921A49D3B42DC33728427AB159CEC8CBBDB12B5F0C244F1A734AEB9840804EA3C25036AD1B61AFF3ABBC247CD4B384224567A863A6F020E7EE9795554BCD08ABAD7321AF27E1E92E3DB1C6E7E94FAAE590AE9C48F96D93D178E809401ABE8A534A1EC44359733475A36A70C7B425125062B1142D -// = 137715385439333164327584575331308277462546592976152006175830654712456008630139443747529133857837818585400418619916530061955288983751958831927807888408309879880101870216437711393638413509484569804814373511469405934988856674935304074081350525593807908358867354528898618574659752879015380013845760006721861915693 -// r=DF310F4E54A5FEC5D86D3E14863921E834113E060F90052AD332B3241CEF2497EFA0303D6344F7C819691A0F9C4A773815AF8EAECFB7EC1D98F039F17A32A7E887D97251A927D093F44A55577F4D70444AEBD06B9B45695EC23962B175F266895C67D21C4656848614D888A4 -// = 107239359478548771267308764204625458348785444483302647285245969203446101233421655396874997253111222983406676955642093641709149748793954493558324738441197139556917622937892491175016280660608595599724194374948056515856812347094848443460715881455884639869144172708 -// g=2F1C308DC46B9A44B52DF7DACCE1208CCEF72F69C743ADD4D2327173444ED6E65E074694246E07F9FD4AE26E0FDDD9F54F813C40CB9BCD4338EA6F242AB94CD410E676C290368A16B1A3594877437E516C53A6EEE5493A038A017E955E218E7819734E3E2A6E0BAE08B14258F8C03CC1B30E0DDADFCF7CEDF0727684D3D255F1 -// = 33081848392740465806285326014906437543653045153885419334085917570615301913274531387168723847139029827598735376746057461417880810924280288611116213062512408829164220104555543445909528701551198146080221790002337033997295756585193926863581671466708482411159477816144226847280417522524922667065714073338662508017 +/* example output, checked with Maple: */ +/* seed EB7B6E35F7CD37B511D96C67D6688CC4DD440E1E */ +/* q=E0F0EF284E10796C5A2A511E94748BA03C795C13 */ +/* = 1284186945063585093695748280224501481698995297299 */ +/* p=C41CFBE4D4846F67A3DF7DE9921A49D3B42DC33728427AB159CEC8CBBDB12B5F0C244F1A734AEB9840804EA3C25036AD1B61AFF3ABBC247CD4B384224567A863A6F020E7EE9795554BCD08ABAD7321AF27E1E92E3DB1C6E7E94FAAE590AE9C48F96D93D178E809401ABE8A534A1EC44359733475A36A70C7B425125062B1142D */ +/* = 137715385439333164327584575331308277462546592976152006175830654712456008630139443747529133857837818585400418619916530061955288983751958831927807888408309879880101870216437711393638413509484569804814373511469405934988856674935304074081350525593807908358867354528898618574659752879015380013845760006721861915693 */ +/* r=DF310F4E54A5FEC5D86D3E14863921E834113E060F90052AD332B3241CEF2497EFA0303D6344F7C819691A0F9C4A773815AF8EAECFB7EC1D98F039F17A32A7E887D97251A927D093F44A55577F4D70444AEBD06B9B45695EC23962B175F266895C67D21C4656848614D888A4 */ +/* = 107239359478548771267308764204625458348785444483302647285245969203446101233421655396874997253111222983406676955642093641709149748793954493558324738441197139556917622937892491175016280660608595599724194374948056515856812347094848443460715881455884639869144172708 */ +/* g=2F1C308DC46B9A44B52DF7DACCE1208CCEF72F69C743ADD4D2327173444ED6E65E074694246E07F9FD4AE26E0FDDD9F54F813C40CB9BCD4338EA6F242AB94CD410E676C290368A16B1A3594877437E516C53A6EEE5493A038A017E955E218E7819734E3E2A6E0BAE08B14258F8C03CC1B30E0DDADFCF7CEDF0727684D3D255F1 */ +/* = 33081848392740465806285326014906437543653045153885419334085917570615301913274531387168723847139029827598735376746057461417880810924280288611116213062512408829164220104555543445909528701551198146080221790002337033997295756585193926863581671466708482411159477816144226847280417522524922667065714073338662508017 */ diff --git a/src/libsec/port/prng.c b/src/libsec/port/prng.c index fc2e508a..75b3f6bf 100644 --- a/src/libsec/port/prng.c +++ b/src/libsec/port/prng.c @@ -2,9 +2,9 @@ #include #include -// -// just use the libc prng to fill a buffer -// +/* */ +/* just use the libc prng to fill a buffer */ +/* */ void prng(uchar *p, int n) { diff --git a/src/libsec/port/probably_prime.c b/src/libsec/port/probably_prime.c index 4eaccbad..beb03251 100644 --- a/src/libsec/port/probably_prime.c +++ b/src/libsec/port/probably_prime.c @@ -2,10 +2,10 @@ #include #include -// Miller-Rabin probabilistic primality testing -// Knuth (1981) Seminumerical Algorithms, p.379 -// Menezes et al () Handbook, p.39 -// 0 if composite; 1 if almost surely prime, Pr(err)<1/4**nrep +/* Miller-Rabin probabilistic primality testing */ +/* Knuth (1981) Seminumerical Algorithms, p.379 */ +/* Menezes et al () Handbook, p.39 */ +/* 0 if composite; 1 if almost surely prime, Pr(err)<1/4**nrep */ int probably_prime(mpint *n, int nrep) { @@ -19,18 +19,18 @@ probably_prime(mpint *n, int nrep) nrep = 18; k = mptoi(n); - if(k == 2) // 2 is prime + if(k == 2) /* 2 is prime */ return 1; - if(k < 2) // 1 is not prime + if(k < 2) /* 1 is not prime */ return 0; - if((n->p[0] & 1) == 0) // even is not prime + if((n->p[0] & 1) == 0) /* even is not prime */ return 0; - // test against small prime numbers + /* test against small prime numbers */ if(smallprimetest(n) < 0) return 0; - // fermat test, 2^n mod n == 2 if p is prime + /* fermat test, 2^n mod n == 2 if p is prime */ x = uitomp(2, nil); y = mpnew(0); mpexp(x, n, n, y); @@ -43,21 +43,21 @@ probably_prime(mpint *n, int nrep) nbits = mpsignif(n); nm1 = mpnew(nbits); - mpsub(n, mpone, nm1); // nm1 = n - 1 */ + mpsub(n, mpone, nm1); /* nm1 = n - 1 */ k = mplowbits0(nm1); q = mpnew(0); - mpright(nm1, k, q); // q = (n-1)/2**k + mpright(nm1, k, q); /* q = (n-1)/2**k */ for(rep = 0; rep < nrep; rep++){ - // x = random in [2, n-2] + /* x = random in [2, n-2] */ r = mprand(nbits, prng, nil); mpmod(r, nm1, x); mpfree(r); if(mpcmp(x, mpone) <= 0) continue; - // y = x**q mod n + /* y = x**q mod n */ mpexp(x, q, n, y); if(mpcmp(y, mpone) == 0 || mpcmp(y, nm1) == 0) @@ -65,7 +65,7 @@ probably_prime(mpint *n, int nrep) for(j = 1; j < k; j++){ mpmul(y, y, x); - mpmod(x, n, y); // y = y*y mod n + mpmod(x, n, y); /* y = y*y mod n */ if(mpcmp(y, nm1) == 0) goto done; if(mpcmp(y, mpone) == 0){ diff --git a/src/libsec/port/rsadecrypt.c b/src/libsec/port/rsadecrypt.c index 1e937bec..82e2eeea 100644 --- a/src/libsec/port/rsadecrypt.c +++ b/src/libsec/port/rsadecrypt.c @@ -2,9 +2,9 @@ #include #include -// decrypt rsa using garner's algorithm for the chinese remainder theorem -// seminumerical algorithms, knuth, pp 253-254 -// applied cryptography, menezes et al, pg 612 +/* decrypt rsa using garner's algorithm for the chinese remainder theorem */ +/* seminumerical algorithms, knuth, pp 253-254 */ +/* applied cryptography, menezes et al, pg 612 */ mpint* rsadecrypt(RSApriv *rsa, mpint *in, mpint *out) { @@ -13,17 +13,17 @@ rsadecrypt(RSApriv *rsa, mpint *in, mpint *out) if(out == nil) out = mpnew(0); - // convert in to modular representation + /* convert in to modular representation */ v1 = mpnew(0); mpmod(in, rsa->p, v1); v2 = mpnew(0); mpmod(in, rsa->q, v2); - // exponentiate the modular rep + /* exponentiate the modular rep */ mpexp(v1, rsa->kp, rsa->p, v1); mpexp(v2, rsa->kq, rsa->q, v2); - // out = v1 + p*((v2-v1)*c2 mod q) + /* out = v1 + p*((v2-v1)*c2 mod q) */ mpsub(v2, v1, v2); mpmul(v2, rsa->c2, v2); mpmod(v2, rsa->q, v2); diff --git a/src/libsec/port/rsafill.c b/src/libsec/port/rsafill.c index f514b073..7b715614 100644 --- a/src/libsec/port/rsafill.c +++ b/src/libsec/port/rsafill.c @@ -8,7 +8,7 @@ rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q) mpint *c2, *kq, *kp, *x; RSApriv *rsa; - // make sure we're not being hoodwinked + /* make sure we're not being hoodwinked */ if(!probably_prime(p, 10) || !probably_prime(q, 10)){ werrstr("rsafill: p or q not prime"); return nil; @@ -33,10 +33,10 @@ rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q) return nil; } - // compute chinese remainder coefficient + /* compute chinese remainder coefficient */ mpinvert(p, q, c2); - // for crt a**k mod p == (a**(k mod p-1)) mod p + /* for crt a**k mod p == (a**(k mod p-1)) mod p */ kq = mpnew(0); kp = mpnew(0); mpsub(p, mpone, x); diff --git a/src/libsec/port/rsagen.c b/src/libsec/port/rsagen.c index ebe1079d..f51cddaf 100644 --- a/src/libsec/port/rsagen.c +++ b/src/libsec/port/rsagen.c @@ -15,7 +15,7 @@ rsagen(int nlen, int elen, int rounds) d = mpnew(0); phi = mpnew(nlen); - // create the prime factors and euclid's function + /* create the prime factors and euclid's function */ genprime(p, nlen/2, rounds); genprime(q, nlen - mpsignif(p) + 1, rounds); mpmul(p, q, n); @@ -23,16 +23,16 @@ rsagen(int nlen, int elen, int rounds) mpsub(q, mpone, d); mpmul(e, d, phi); - // find an e relatively prime to phi + /* find an e relatively prime to phi */ t1 = mpnew(0); t2 = mpnew(0); mprand(elen, genrandom, e); if(mpcmp(e,mptwo) <= 0) itomp(3, e); - // See Menezes et al. p.291 "8.8 Note (selecting primes)" for discussion - // of the merits of various choices of primes and exponents. e=3 is a - // common and recommended exponent, but doesn't necessarily work here - // because we chose strong rather than safe primes. + /* See Menezes et al. p.291 "8.8 Note (selecting primes)" for discussion */ + /* of the merits of various choices of primes and exponents. e=3 is a */ + /* common and recommended exponent, but doesn't necessarily work here */ + /* because we chose strong rather than safe primes. */ for(;;){ mpextendedgcd(e, phi, t1, d, t2); if(mpcmp(t1, mpone) == 0) @@ -42,11 +42,11 @@ rsagen(int nlen, int elen, int rounds) mpfree(t1); mpfree(t2); - // compute chinese remainder coefficient + /* compute chinese remainder coefficient */ c2 = mpnew(0); mpinvert(p, q, c2); - // for crt a**k mod p == (a**(k mod p-1)) mod p + /* for crt a**k mod p == (a**(k mod p-1)) mod p */ kq = mpnew(0); kp = mpnew(0); mpsub(p, mpone, phi); diff --git a/src/libsec/port/smallprimetest.c b/src/libsec/port/smallprimetest.c index cf94dac2..c6a1befc 100644 --- a/src/libsec/port/smallprimetest.c +++ b/src/libsec/port/smallprimetest.c @@ -1005,7 +1005,7 @@ static ulong smallprimes[] = { 104677, 104681, 104683, 104693, 104701, 104707, 104711, 104717, 104723, 104729, }; -// return 1 if p is divisable by sp, 0 otherwise +/* return 1 if p is divisable by sp, 0 otherwise */ static int divides(mpint *dividend, ulong divisor) { @@ -1021,7 +1021,7 @@ divides(mpint *dividend, ulong divisor) return d[1] == 0; } -// return -1 if p is divisable by one of the small primes, 0 otherwise +/* return -1 if p is divisable by one of the small primes, 0 otherwise */ int smallprimetest(mpint *p) { diff --git a/src/libsec/port/tlshand.c b/src/libsec/port/tlshand.c index ee4cd43d..8816db3b 100644 --- a/src/libsec/port/tlshand.c +++ b/src/libsec/port/tlshand.c @@ -5,37 +5,37 @@ #include #include -// The main groups of functions are: -// client/server - main handshake protocol definition -// message functions - formating handshake messages -// cipher choices - catalog of digest and encrypt algorithms -// security functions - PKCS#1, sslHMAC, session keygen -// general utility functions - malloc, serialization -// The handshake protocol builds on the TLS/SSL3 record layer protocol, -// which is implemented in kernel device #a. See also /lib/rfc/rfc2246. +/* The main groups of functions are: */ +/* client/server - main handshake protocol definition */ +/* message functions - formating handshake messages */ +/* cipher choices - catalog of digest and encrypt algorithms */ +/* security functions - PKCS#1, sslHMAC, session keygen */ +/* general utility functions - malloc, serialization */ +/* The handshake protocol builds on the TLS/SSL3 record layer protocol, */ +/* which is implemented in kernel device #a. See also /lib/rfc/rfc2246. */ enum { TLSFinishedLen = 12, SSL3FinishedLen = MD5dlen+SHA1dlen, - MaxKeyData = 104, // amount of secret we may need + MaxKeyData = 104, /* amount of secret we may need */ MaxChunk = 1<<14, RandomSize = 32, SidSize = 32, MasterSecretSize = 48, AQueue = 0, - AFlush = 1, + AFlush = 1 }; typedef struct TlsSec TlsSec; typedef struct Bytes{ int len; - uchar data[1]; // [len] + uchar data[1]; /* [len] */ } Bytes; typedef struct Ints{ int len; - int data[1]; // [len] + int data[1]; /* [len] */ } Ints; typedef struct Algs{ @@ -52,34 +52,34 @@ typedef struct Finished{ } Finished; typedef struct TlsConnection{ - TlsSec *sec; // security management goo - int hand, ctl; // record layer file descriptors - int erred; // set when tlsError called - int (*trace)(char*fmt, ...); // for debugging - int version; // protocol we are speaking - int verset; // version has been set - int ver2hi; // server got a version 2 hello - int isClient; // is this the client or server? - Bytes *sid; // SessionID - Bytes *cert; // only last - no chain + TlsSec *sec; /* security management goo */ + int hand, ctl; /* record layer file descriptors */ + int erred; /* set when tlsError called */ + int (*trace)(char*fmt, ...); /* for debugging */ + int version; /* protocol we are speaking */ + int verset; /* version has been set */ + int ver2hi; /* server got a version 2 hello */ + int isClient; /* is this the client or server? */ + Bytes *sid; /* SessionID */ + Bytes *cert; /* only last - no chain */ Lock statelk; - int state; // must be set using setstate + int state; /* must be set using setstate */ - // input buffer for handshake messages + /* input buffer for handshake messages */ uchar buf[MaxChunk+2048]; uchar *rp, *ep; - uchar crandom[RandomSize]; // client random - uchar srandom[RandomSize]; // server random - int clientVersion; // version in ClientHello - char *digest; // name of digest algorithm to use - char *enc; // name of encryption algorithm to use - int nsecret; // amount of secret data to init keys + uchar crandom[RandomSize]; /* client random */ + uchar srandom[RandomSize]; /* server random */ + int clientVersion; /* version in ClientHello */ + char *digest; /* name of digest algorithm to use */ + char *enc; /* name of encryption algorithm to use */ + int nsecret; /* amount of secret data to init keys */ - // for finished messages - MD5state hsmd5; // handshake hash - SHAstate hssha1; // handshake hash + /* for finished messages */ + MD5state hsmd5; /* handshake hash */ + SHAstate hssha1; /* handshake hash */ Finished finished; } TlsConnection; @@ -117,16 +117,16 @@ typedef struct Msg{ } Msg; struct TlsSec{ - char *server; // name of remote; nil for server - int ok; // <0 killed; ==0 in progress; >0 reusable + char *server; /* name of remote; nil for server */ + int ok; /* <0 killed; ==0 in progress; >0 reusable */ RSApub *rsapub; - AuthRpc *rpc; // factotum for rsa private key - uchar sec[MasterSecretSize]; // master secret - uchar crandom[RandomSize]; // client random - uchar srandom[RandomSize]; // server random - int clientVers; // version in ClientHello - int vers; // final version - // byte generation and handshake checksum + AuthRpc *rpc; /* factotum for rsa private key */ + uchar sec[MasterSecretSize]; /* master secret */ + uchar crandom[RandomSize]; /* client random */ + uchar srandom[RandomSize]; /* server random */ + int clientVers; /* version in ClientHello */ + int vers; /* final version */ + /* byte generation and handshake checksum */ void (*prf)(uchar*, int, uchar*, int, char*, uchar*, int, uchar*, int); void (*setFinished)(TlsSec*, MD5state, SHAstate, uchar*, int); int nfin; @@ -136,12 +136,12 @@ struct TlsSec{ enum { TLSVersion = 0x0301, SSL3Version = 0x0300, - ProtocolVersion = 0x0301, // maximum version we speak - MinProtoVersion = 0x0300, // limits on version we accept - MaxProtoVersion = 0x03ff, + ProtocolVersion = 0x0301, /* maximum version we speak */ + MinProtoVersion = 0x0300, /* limits on version we accept */ + MaxProtoVersion = 0x03ff }; -// handshake type +/* handshake type */ enum { HHelloRequest, HClientHello, @@ -157,7 +157,7 @@ enum { HMax }; -// alerts +/* alerts */ enum { ECloseNotify = 0, EUnexpectedMessage = 10, @@ -186,7 +186,7 @@ enum { EMax = 256 }; -// cipher suites +/* cipher suites */ enum { TLS_NULL_WITH_NULL_NULL = 0x0000, TLS_RSA_WITH_NULL_MD5 = 0x0001, @@ -207,7 +207,7 @@ enum { TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0X0010, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0X0011, TLS_DHE_DSS_WITH_DES_CBC_SHA = 0X0012, - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0X0013, // ZZZ must be implemented for tls1.0 compliance + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0X0013, /* ZZZ must be implemented for tls1.0 compliance */ TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0X0014, TLS_DHE_RSA_WITH_DES_CBC_SHA = 0X0015, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0X0016, @@ -217,7 +217,7 @@ enum { TLS_DH_anon_WITH_DES_CBC_SHA = 0X001A, TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0X001B, - TLS_RSA_WITH_AES_128_CBC_SHA = 0X002f, // aes, aka rijndael with 128 bit blocks + TLS_RSA_WITH_AES_128_CBC_SHA = 0X002f, /* aes, aka rijndael with 128 bit blocks */ TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0X0030, TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0X0031, TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0X0032, @@ -232,7 +232,7 @@ enum { CipherMax }; -// compression methods +/* compression methods */ enum { CompressionNull = 0, CompressionMax @@ -306,10 +306,10 @@ static Ints* newints(int len); /* static Ints* makeints(int* buf, int len); */ static void freeints(Ints* b); -//================= client/server ======================== +/*================= client/server ======================== */ -// push TLS onto fd, returning new (application) file descriptor -// or -1 if error. +/* push TLS onto fd, returning new (application) file descriptor */ +/* or -1 if error. */ int tlsServer(int fd, TLSconn *conn) { @@ -352,7 +352,7 @@ tlsServer(int fd, TLSconn *conn) } if(conn->cert) free(conn->cert); - conn->cert = 0; // client certificates are not yet implemented + conn->cert = 0; /* client certificates are not yet implemented */ conn->certlen = 0; conn->sessionIDlen = tls->sid->len; conn->sessionID = emalloc(conn->sessionIDlen); @@ -361,8 +361,8 @@ tlsServer(int fd, TLSconn *conn) return data; } -// push TLS onto fd, returning new (application) file descriptor -// or -1 if error. +/* push TLS onto fd, returning new (application) file descriptor */ +/* or -1 if error. */ int tlsClient(int fd, TLSconn *conn) { @@ -465,7 +465,7 @@ tlsServer2(int ctl, int hand, uchar *cert, int ncert, int (*trace)(char*fmt, ... memmove(c->crandom, m.u.clientHello.random, RandomSize); cipher = okCipher(m.u.clientHello.ciphers); if(cipher < 0) { - // reply with EInsufficientSecurity if we know that's the case + /* reply with EInsufficientSecurity if we know that's the case */ if(cipher == -2) tlsError(c, EInsufficientSecurity, "cipher suites too weak"); else @@ -676,8 +676,8 @@ tlsClient2(int ctl, int hand, uchar *csid, int ncsid, int (*trace)(char*fmt, ... if(m.tag == HServerKeyExchange) { tlsError(c, EUnexpectedMessage, "got an server key exchange"); goto Err; - // If implementing this later, watch out for rollback attack - // described in Wagner Schneier 1996, section 4.4. + /* If implementing this later, watch out for rollback attack */ + /* described in Wagner Schneier 1996, section 4.4. */ } /* certificate request (optional) */ @@ -739,8 +739,8 @@ tlsClient2(int ctl, int hand, uchar *csid, int ncsid, int (*trace)(char*fmt, ... goto Err; } - // Cipherchange must occur immediately before Finished to avoid - // potential hole; see section 4.3 of Wagner Schneier 1996. + /* Cipherchange must occur immediately before Finished to avoid */ + /* potential hole; see section 4.3 of Wagner Schneier 1996. */ if(tlsSecFinished(c->sec, c->hsmd5, c->hssha1, c->finished.verify, c->finished.n, 1) < 0){ tlsError(c, EInternalError, "can't set finished 1: %r"); goto Err; @@ -793,14 +793,14 @@ Err: } -//================= message functions ======================== +/*================= message functions ======================== */ static uchar sendbuf[9000], *sendp; static int msgSend(TlsConnection *c, Msg *m, int act) { - uchar *p; // sendp = start of new message; p = write pointer + uchar *p; /* sendp = start of new message; p = write pointer */ int nn, n, i; if(sendp == nil) @@ -809,7 +809,7 @@ msgSend(TlsConnection *c, Msg *m, int act) if(c->trace) c->trace("send %s", msgPrint((char*)p, (sizeof sendbuf) - (p-sendbuf), m)); - p[0] = m->tag; // header - fill in size later + p[0] = m->tag; /* header - fill in size later */ p += 4; switch(m->tag) { @@ -817,15 +817,15 @@ msgSend(TlsConnection *c, Msg *m, int act) tlsError(c, EInternalError, "can't encode a %d", m->tag); goto Err; case HClientHello: - // version + /* version */ put16(p, m->u.clientHello.version); p += 2; - // random + /* random */ memmove(p, m->u.clientHello.random, RandomSize); p += RandomSize; - // sid + /* sid */ n = m->u.clientHello.sid->len; assert(n < 256); p[0] = n; @@ -851,11 +851,11 @@ msgSend(TlsConnection *c, Msg *m, int act) put16(p, m->u.serverHello.version); p += 2; - // random + /* random */ memmove(p, m->u.serverHello.random, RandomSize); p += RandomSize; - // sid + /* sid */ n = m->u.serverHello.sid->len; assert(n < 256); p[0] = n; @@ -901,12 +901,12 @@ msgSend(TlsConnection *c, Msg *m, int act) break; } - // go back and fill in size + /* go back and fill in size */ n = p-sendp; assert(p <= sendbuf+sizeof(sendbuf)); put24(sendp+1, n-4); - // remember hash of Handshake messages + /* remember hash of Handshake messages */ if(m->tag != HHelloRequest) { md5(sendp, n, 0, &c->hsmd5); sha1(sendp, n, 0, &c->hssha1); @@ -1366,7 +1366,7 @@ tlsError(TlsConnection *c, int err, char *fmt, ...) fprint(c->ctl, "alert %d", err); } -// commit to specific version number +/* commit to specific version number */ static int setVersion(TlsConnection *c, int version) { @@ -1386,15 +1386,15 @@ setVersion(TlsConnection *c, int version) return fprint(c->ctl, "version 0x%x", version); } -// confirm that received Finished message matches the expected value +/* confirm that received Finished message matches the expected value */ static int finishedMatch(TlsConnection *c, Finished *f) { return memcmp(f->verify, c->finished.verify, f->n) == 0; } -// free memory associated with TlsConnection struct -// (but don't close the TLS channel itself) +/* free memory associated with TlsConnection struct */ +/* (but don't close the TLS channel itself) */ static void tlsConnectionFree(TlsConnection *c) { @@ -1406,7 +1406,7 @@ tlsConnectionFree(TlsConnection *c) } -//================= cipher choices ======================== +/*================= cipher choices ======================== */ static int weakCipher[CipherMax] = { @@ -1579,10 +1579,10 @@ makeciphers(void) -//================= security functions ======================== +/*================= security functions ======================== */ -// given X.509 certificate, set up connection to factotum -// for using corresponding private key +/* given X.509 certificate, set up connection to factotum */ +/* for using corresponding private key */ static AuthRpc* factotum_rsa_open(uchar *cert, int certlen) { @@ -1600,7 +1600,7 @@ factotum_rsa_open(uchar *cert, int certlen) return nil; } - // roll factotum keyring around to match certificate + /* roll factotum keyring around to match certificate */ rsapub = X509toRSApub(cert, certlen, nil, 0); while(1){ if(auth_rpc(rpc, "read", nil, 0) != ARok){ @@ -1651,7 +1651,7 @@ tlsPmd5(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, uc int i, n; MD5state *s; - // generate a1 + /* generate a1 */ s = hmac_md5(label, nlabel, key, nkey, nil, nil); s = hmac_md5(seed0, nseed0, key, nkey, nil, s); hmac_md5(seed1, nseed1, key, nkey, ai, s); @@ -1680,7 +1680,7 @@ tlsPsha1(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, u int i, n; SHAstate *s; - // generate a1 + /* generate a1 */ s = hmac_sha1(label, nlabel, key, nkey, nil, nil); s = hmac_sha1(seed0, nseed0, key, nkey, nil, s); hmac_sha1(seed1, nseed1, key, nkey, ai, s); @@ -1702,7 +1702,7 @@ tlsPsha1(uchar *buf, int nbuf, uchar *key, int nkey, uchar *label, int nlabel, u } } -// fill buf with md5(args)^sha1(args) +/* fill buf with md5(args)^sha1(args) */ static void tlsPRF(uchar *buf, int nbuf, uchar *key, int nkey, char *label, uchar *seed0, int nseed0, uchar *seed1, int nseed1) { @@ -1729,7 +1729,7 @@ tlsSecInits(int cvers, uchar *csid, int ncsid, uchar *crandom, uchar *ssid, int { TlsSec *sec = emalloc(sizeof(*sec)); - USED(csid); USED(ncsid); // ignore csid for now + USED(csid); USED(ncsid); /* ignore csid for now */ memmove(sec->crandom, crandom, RandomSize); sec->clientVers = cvers; @@ -1905,9 +1905,9 @@ serverMasterSecret(TlsSec *sec, uchar *epm, int nepm) pm = pkcs1_decrypt(sec, epm, nepm); - // if the client messed up, just continue as if everything is ok, - // to prevent attacks to check for correctly formatted messages. - // Hence the fprint(2,) can't be replaced by tlsError(), which sends an Alert msg to the client. + /* if the client messed up, just continue as if everything is ok, */ + /* to prevent attacks to check for correctly formatted messages. */ + /* Hence the fprint(2,) can't be replaced by tlsError(), which sends an Alert msg to the client. */ if(sec->ok < 0 || pm == nil || get16(pm->data) != sec->clientVers){ fprint(2, "serverMasterSecret failed ok=%d pm=%p pmvers=%x cvers=%x nepm=%d\n", sec->ok, pm, pm ? get16(pm->data) : -1, sec->clientVers, nepm); @@ -1988,14 +1988,14 @@ sslSetFinished(TlsSec *sec, MD5state hsmd5, SHAstate hssha1, uchar *finished, in sha1(h1, SHA1dlen, finished + MD5dlen, s); } -// fill "finished" arg with md5(args)^sha1(args) +/* fill "finished" arg with md5(args)^sha1(args) */ static void tlsSetFinished(TlsSec *sec, MD5state hsmd5, SHAstate hssha1, uchar *finished, int isClient) { uchar h0[MD5dlen], h1[SHA1dlen]; char *label; - // get current hash value, but allow further messages to be hashed in + /* get current hash value, but allow further messages to be hashed in */ md5(nil, 0, h0, &hsmd5); sha1(nil, 0, h1, &hssha1); @@ -2061,8 +2061,8 @@ mptobytes(mpint* big) return ans; } -// Do RSA computation on block according to key, and pad -// result on left with zeros to make it modlen long. +/* Do RSA computation on block according to key, and pad */ +/* result on left with zeros to make it modlen long. */ static Bytes* rsacomp(Bytes* block, RSApub* key, int modlen) { @@ -2084,7 +2084,7 @@ rsacomp(Bytes* block, RSApub* key, int modlen) ybytes = a; } else if(ylen > modlen) { - // assume it has leading zeros (mod should make it so) + /* assume it has leading zeros (mod should make it so) */ a = newbytes(modlen); memmove(a->data, ybytes->data, modlen); freebytes(ybytes); @@ -2094,7 +2094,7 @@ rsacomp(Bytes* block, RSApub* key, int modlen) return ybytes; } -// encrypt data according to PKCS#1, /lib/rfc/rfc2437 9.1.2.1 +/* encrypt data according to PKCS#1, /lib/rfc/rfc2437 9.1.2.1 */ static Bytes* pkcs1_encrypt(Bytes* data, RSApub* key, int blocktype) { @@ -2128,8 +2128,8 @@ pkcs1_encrypt(Bytes* data, RSApub* key, int blocktype) return ans; } -// decrypt data according to PKCS#1, with given key. -// expect a block type of 2. +/* decrypt data according to PKCS#1, with given key. */ +/* expect a block type of 2. */ static Bytes* pkcs1_decrypt(TlsSec *sec, uchar *epm, int nepm) { @@ -2145,7 +2145,7 @@ pkcs1_decrypt(TlsSec *sec, uchar *epm, int nepm) if(y == nil) return nil; eb = mptobytes(y); - if(eb->len < modlen){ // pad on left with zeros + if(eb->len < modlen){ /* pad on left with zeros */ ans = newbytes(modlen); memset(ans->data, 0, modlen-eb->len); memmove(ans->data+modlen-eb->len, eb->data, eb->len); @@ -2164,7 +2164,7 @@ pkcs1_decrypt(TlsSec *sec, uchar *epm, int nepm) } -//================= general utility functions ======================== +/*================= general utility functions ======================== */ static void * emalloc(int n) diff --git a/src/libsec/port/x509.c b/src/libsec/port/x509.c index f204ca6f..60b3d073 100644 --- a/src/libsec/port/x509.c +++ b/src/libsec/port/x509.c @@ -575,7 +575,7 @@ int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint) err = ASN_ETOOBIG; else { if(!unsgned && count > 0 && count < 4 && (*p&0x80)) - num = -1; // set all bits, initially + num = -1; /* set all bits, initially */ while(count--) num = (num << 8)|(*p++); } @@ -2141,7 +2141,7 @@ X509toRSApub(uchar *cert, int ncert, char *name, int nname) if(name != nil && c->subject != nil){ e = strchr(c->subject, ','); if(e != nil) - *e = 0; // take just CN part of Distinguished Name + *e = 0; /* take just CN part of Distinguished Name */ strncpy(name, c->subject, nname); } pk = decode_rsapubkey(c->publickey); -- cgit v1.2.3