diff options
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/d1_both.c | 11 | ||||
| -rw-r--r-- | ssl/d1_pkt.c | 15 | ||||
| -rw-r--r-- | ssl/heartbeat_test.c | 2 | ||||
| -rw-r--r-- | ssl/kssl.c | 245 | ||||
| -rw-r--r-- | ssl/kssl.h | 22 | ||||
| -rw-r--r-- | ssl/s23_srvr.c | 3 | ||||
| -rw-r--r-- | ssl/s3_both.c | 3 | ||||
| -rw-r--r-- | ssl/s3_cbc.c | 21 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 56 | ||||
| -rw-r--r-- | ssl/s3_pkt.c | 27 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 25 | ||||
| -rw-r--r-- | ssl/ssl.h | 11 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 14 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 11 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_task.c | 4 | ||||
| -rw-r--r-- | ssl/ssltest.c | 20 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 106 |
18 files changed, 331 insertions, 267 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 14d45b57a9..26e1da25e9 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -574,7 +574,8 @@ static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) { - /* (0) check whether the desired fragment is available + /*- + * (0) check whether the desired fragment is available * if so: * (1) copy over the fragment to s->init_buf->data[] * (2) update s->init_num @@ -964,7 +965,8 @@ f_err: return(-1); } -/* for these 2 messages, we need to +/*- + * for these 2 messages, we need to * ssl->enc_read_ctx re-init * ssl->s3->read_sequence zero * ssl->s3->read_mac_secret re-init @@ -1165,7 +1167,7 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, struct dtls1_retransmit_state saved_state; unsigned char save_write_sequence[8]; - /* + /*- OPENSSL_assert(s->init_num == 0); OPENSSL_assert(s->init_off == 0); */ @@ -1493,7 +1495,8 @@ dtls1_heartbeat(SSL *s) */ OPENSSL_assert(payload + padding <= 16381); - /* Create HeartBeat message, we just use a sequence number + /*- + * Create HeartBeat message, we just use a sequence number * as payload to distuingish different messages and add * some random stuff. * - Message Type, 1 byte diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 2952bccc5e..208d244fce 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -518,7 +518,8 @@ printf("\n"); } rr->off=0; - /* So at this point the following is true + /*- + * So at this point the following is true * ssl->s3->rrec.type is the type of record * ssl->s3->rrec.length == number of bytes in record * ssl->s3->rrec.off == offset to first valid byte @@ -538,7 +539,8 @@ err: } -/* Call this to get a new input record. +/*- + * Call this to get a new input record. * It will return <= 0 if more data is needed, normally due to an error * or non-blocking IO. * When it finishes, one packet has been decoded and can be found in @@ -720,7 +722,8 @@ again: } -/* Return up to 'len' payload bytes received in 'type' records. +/*- + * Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) @@ -797,10 +800,12 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) start: s->rwstate=SSL_NOTHING; - /* s->s3->rrec.type - is the type of record + /*- + * s->s3->rrec.type - is the type of record * s->s3->rrec.data, - data * s->s3->rrec.off, - offset into 'data' for next read - * s->s3->rrec.length, - number of bytes. */ + * s->s3->rrec.length, - number of bytes. + */ rr = &(s->s3->rrec); /* We are not handshaking and have no data yet, diff --git a/ssl/heartbeat_test.c b/ssl/heartbeat_test.c index fc19259b43..c77e7f7065 100644 --- a/ssl/heartbeat_test.c +++ b/ssl/heartbeat_test.c @@ -1,5 +1,5 @@ /* test/heartbeat_test.c */ -/* +/*- * Unit test for TLS heartbeats. * * Acts as a regression test against the Heartbleed bug (CVE-2014-0160). diff --git a/ssl/kssl.c b/ssl/kssl.c index 10687f03ea..7009a580a4 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -56,15 +56,16 @@ */ -/* ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl -** -** 19990701 VRS Started. -** 200011?? Jeffrey Altman, Richard Levitte -** Generalized for Heimdal, Newer MIT, & Win32. -** Integrated into main OpenSSL 0.9.7 snapshots. -** 20010413 Simon Wilkinson, VRS -** Real RFC2712 KerberosWrapper replaces AP_REQ. -*/ +/*- + * ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl + * + * 19990701 VRS Started. + * 200011?? Jeffrey Altman, Richard Levitte + * Generalized for Heimdal, Newer MIT, & Win32. + * Integrated into main OpenSSL 0.9.7 snapshots. + * 20010413 Simon Wilkinson, VRS + * Real RFC2712 KerberosWrapper replaces AP_REQ. + */ #include <openssl/opensslconf.h> @@ -808,10 +809,10 @@ char } /* Given KRB5 enctype (basically DES or 3DES), -** return closest match openssl EVP_ encryption algorithm. -** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes. -** Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK. -*/ + * return closest match openssl EVP_ encryption algorithm. + * Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes. + * Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK. + */ const EVP_CIPHER * kssl_map_enc(krb5_enctype enctype) { @@ -836,10 +837,10 @@ kssl_map_enc(krb5_enctype enctype) /* Return true:1 if p "looks like" the start of the real authenticator -** described in kssl_skip_confound() below. The ASN.1 pattern is -** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and -** xx and yy are possibly multi-byte length fields. -*/ + * described in kssl_skip_confound() below. The ASN.1 pattern is + * "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and + * xx and yy are possibly multi-byte length fields. + */ static int kssl_test_confound(unsigned char *p) { int len = 2; @@ -866,15 +867,15 @@ static int kssl_test_confound(unsigned char *p) } /* Allocate, fill, and return cksumlens array of checksum lengths. -** This array holds just the unique elements from the krb5_cksumarray[]. -** array[n] == 0 signals end of data. -** -** The krb5_cksumarray[] was an internal variable that has since been -** replaced by a more general method for storing the data. It should -** not be used. Instead we use real API calls and make a guess for -** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 -** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. -*/ + * This array holds just the unique elements from the krb5_cksumarray[]. + * array[n] == 0 signals end of data. + * + * The krb5_cksumarray[] was an internal variable that has since been + * replaced by a more general method for storing the data. It should + * not be used. Instead we use real API calls and make a guess for + * what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 + * it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. + */ static size_t *populate_cksumlens(void) { int i, j, n; @@ -907,12 +908,12 @@ static size_t *populate_cksumlens(void) } /* Return pointer to start of real authenticator within authenticator, or -** return NULL on error. -** Decrypted authenticator looks like this: -** [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r] -** This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the -** krb5_auth_con_getcksumtype() function advertised in its krb5.h. -*/ + * return NULL on error. + * Decrypted authenticator looks like this: + * [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r] + * This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the + * krb5_auth_con_getcksumtype() function advertised in its krb5.h. + */ unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a) { int i, conlen; @@ -934,8 +935,8 @@ unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a) /* Set kssl_err error info when reason text is a simple string -** kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; } -*/ + * kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; } + */ void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text) { @@ -1024,8 +1025,8 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk) /* Display contents of krb5_principal_data struct, for debugging -** (krb5_principal is typedef'd == krb5_principal_data *) -*/ + * (krb5_principal is typedef'd == krb5_principal_data *) + */ static void print_krb5_princ(char *label, krb5_principal_data *princ) { @@ -1047,16 +1048,16 @@ print_krb5_princ(char *label, krb5_principal_data *princ) } -/* Given krb5 service (typically "kssl") and hostname in kssl_ctx, -** Return encrypted Kerberos ticket for service @ hostname. -** If authenp is non-NULL, also return encrypted authenticator, -** whose data should be freed by caller. -** (Originally was: Create Kerberos AP_REQ message for SSL Client.) -** -** 19990628 VRS Started; Returns Kerberos AP_REQ message. -** 20010409 VRS Modified for RFC2712; Returns enc tkt. -** 20010606 VRS May also return optional authenticator. -*/ +/*- Given krb5 service (typically "kssl") and hostname in kssl_ctx, + * Return encrypted Kerberos ticket for service @ hostname. + * If authenp is non-NULL, also return encrypted authenticator, + * whose data should be freed by caller. + * (Originally was: Create Kerberos AP_REQ message for SSL Client.) + * + * 19990628 VRS Started; Returns Kerberos AP_REQ message. + * 20010409 VRS Modified for RFC2712; Returns enc tkt. + * 20010606 VRS May also return optional authenticator. + */ krb5_error_code kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, /* OUT */ krb5_data **enc_ticketp, @@ -1141,8 +1142,8 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, krb5rc = KRB5KRB_ERR_GENERIC; /* caller should free data of krb5_app_req */ /* 20010406 VRS deleted for real KerberosWrapper - ** 20010605 VRS reinstated to offer Authenticator to KerberosWrapper - */ + * 20010605 VRS reinstated to offer Authenticator to KerberosWrapper + */ krb5_app_req.length = 0; if (authenp) { @@ -1214,17 +1215,18 @@ kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, } -/* Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket. -** Return Kerberos error code and kssl_err struct on error. -** Allocates krb5_ticket and krb5_principal; caller should free these. -** -** 20010410 VRS Implemented krb5_decode_ticket() as -** old_krb5_decode_ticket(). Missing from MIT1.0.6. -** 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions. -** Re-used some of the old krb5_decode_ticket() -** code here. This tkt should alloc/free just -** like the real thing. -*/ +/*- + * Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket. + * Return Kerberos error code and kssl_err struct on error. + * Allocates krb5_ticket and krb5_principal; caller should free these. + * + * 20010410 VRS Implemented krb5_decode_ticket() as + * old_krb5_decode_ticket(). Missing from MIT1.0.6. + * 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions. + * Re-used some of the old krb5_decode_ticket() + * code here. This tkt should alloc/free just + * like the real thing. + */ static krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context, /* IN */ KRB5_TKTBODY *asn1ticket, @@ -1299,12 +1301,12 @@ kssl_TKT2tkt( /* IN */ krb5_context krb5context, /* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), -** and krb5 AP_REQ message & message length, -** Return Kerberos session key and client principle -** to SSL Server in KSSL_CTX *kssl_ctx. -** -** 19990702 VRS Started. -*/ + * and krb5 AP_REQ message & message length, + * Return Kerberos session key and client principle + * to SSL Server in KSSL_CTX *kssl_ctx. + * + * 19990702 VRS Started. + */ krb5_error_code kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, /* IN */ krb5_data *indata, @@ -1419,19 +1421,20 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, } } - /* Actual Kerberos5 krb5_recvauth() has initial conversation here - ** o check KRB5_SENDAUTH_BADAUTHVERS - ** unless KRB5_RECVAUTH_SKIP_VERSION - ** o check KRB5_SENDAUTH_BADAPPLVERS - ** o send "0" msg if all OK - */ + /*- Actual Kerberos5 krb5_recvauth() has initial conversation here + * o check KRB5_SENDAUTH_BADAUTHVERS + * unless KRB5_RECVAUTH_SKIP_VERSION + * o check KRB5_SENDAUTH_BADAPPLVERS + * o send "0" msg if all OK + */ - /* 20010411 was using AP_REQ instead of true KerberosWrapper - ** - ** if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, - ** &krb5in_data, krb5server, krb5keytab, - ** &ap_option, &krb5ticket)) != 0) { Error } - */ + /*- + * 20010411 was using AP_REQ instead of true KerberosWrapper + * + * if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, + * &krb5in_data, krb5server, krb5keytab, + * &ap_option, &krb5ticket)) != 0) { Error } + */ p = (unsigned char *)indata->data; if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p, @@ -1568,8 +1571,8 @@ kssl_ctx_new(void) /* Frees a kssl_ctx struct and any allocated memory it holds. -** Returns NULL. -*/ + * Returns NULL. + */ KSSL_CTX * kssl_ctx_free(KSSL_CTX *kssl_ctx) { @@ -1589,9 +1592,9 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx) /* Given an array of (krb5_data *) entity (and optional realm), -** set the plain (char *) client_princ or service_host member -** of the kssl_ctx struct. -*/ + * set the plain (char *) client_princ or service_host member + * of the kssl_ctx struct. + */ krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, krb5_data *realm, krb5_data *entity, int nentities) @@ -1644,11 +1647,11 @@ kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, } -/* Set one of the plain (char *) string members of the kssl_ctx struct. -** Default values should be: -** which == KSSL_SERVICE => "khost" (KRB5SVC) -** which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB) -*/ +/*- Set one of the plain (char *) string members of the kssl_ctx struct. + * Default values should be: + * which == KSSL_SERVICE => "khost" (KRB5SVC) + * which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB) + */ krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) { @@ -1682,8 +1685,8 @@ kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) /* Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx -** struct. Clear kssl_ctx->key if Kerberos session key is NULL. -*/ + * struct. Clear kssl_ctx->key if Kerberos session key is NULL. + */ krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session) { @@ -1897,12 +1900,12 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) /* Given pointers to KerberosTime and struct tm structs, convert the -** KerberosTime string to struct tm. Note that KerberosTime is a -** ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional -** seconds as defined in RFC 1510. -** Return pointer to the (partially) filled in struct tm on success, -** return NULL on failure. -*/ + * KerberosTime string to struct tm. Note that KerberosTime is a + * ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional + * seconds as defined in RFC 1510. + * Return pointer to the (partially) filled in struct tm on success, + * return NULL on failure. + */ static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) { char c, *p; @@ -1925,10 +1928,10 @@ static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) /* Helper function for kssl_validate_times(). -** We need context->clockskew, but krb5_context is an opaque struct. -** So we try to sneek the clockskew out through the replay cache. -** If that fails just return a likely default (300 seconds). -*/ + * We need context->clockskew, but krb5_context is an opaque struct. + * So we try to sneek the clockskew out through the replay cache. + * If that fails just return a likely default (300 seconds). + */ static krb5_deltat get_rc_clockskew(krb5_context context) { krb5_rcache rc; @@ -1945,15 +1948,15 @@ static krb5_deltat get_rc_clockskew(krb5_context context) /* kssl_validate_times() combines (and more importantly exposes) -** the MIT KRB5 internal function krb5_validate_times() and the -** in_clock_skew() macro. The authenticator client time is checked -** to be within clockskew secs of the current time and the current -** time is checked to be within the ticket start and expire times. -** Either check may be omitted by supplying a NULL value. -** Returns 0 for valid times, SSL_R_KRB5* error codes otherwise. -** See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c -** 20010420 VRS -*/ + * the MIT KRB5 internal function krb5_validate_times() and the + * in_clock_skew() macro. The authenticator client time is checked + * to be within clockskew secs of the current time and the current + * time is checked to be within the ticket start and expire times. + * Either check may be omitted by supplying a NULL value. + * Returns 0 for valid times, SSL_R_KRB5* error codes otherwise. + * See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c + * 20010420 VRS + */ krb5_error_code kssl_validate_times( krb5_timestamp atime, krb5_ticket_times *ttimes) { @@ -1985,12 +1988,12 @@ krb5_error_code kssl_validate_times( krb5_timestamp atime, /* Decode and decrypt given DER-encoded authenticator, then pass -** authenticator ctime back in *atimep (or 0 if time unavailable). -** Returns krb5_error_code and kssl_err on error. A NULL -** authenticator (authentp->length == 0) is not considered an error. -** Note that kssl_check_authent() makes use of the KRB5 session key; -** you must call kssl_sget_tkt() to get the key before calling this routine. -*/ + * authenticator ctime back in *atimep (or 0 if time unavailable). + * Returns krb5_error_code and kssl_err on error. A NULL + * authenticator (authentp->length == 0) is not considered an error. + * Note that kssl_check_authent() makes use of the KRB5 session key; + * you must call kssl_sget_tkt() to get the key before calling this routine. + */ krb5_error_code kssl_check_authent( /* IN */ KSSL_CTX *kssl_ctx, /* IN */ krb5_data *authentp, @@ -2069,9 +2072,9 @@ krb5_error_code kssl_check_authent( if (enc == NULL) { /* Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1. - ** This enctype indicates the authenticator was encrypted - ** using key-usage derived keys which openssl cannot decrypt. - */ + * This enctype indicates the authenticator was encrypted + * using key-usage derived keys which openssl cannot decrypt. + */ goto err; } @@ -2148,10 +2151,10 @@ krb5_error_code kssl_check_authent( /* Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host), -** because I don't know how to stub varargs. -** Returns krb5_error_code == ENOMEM on alloc error, otherwise -** passes back newly constructed principal, which should be freed by caller. -*/ + * because I don't know how to stub varargs. + * Returns krb5_error_code == ENOMEM on alloc error, otherwise + * passes back newly constructed principal, which should be freed by caller. + */ krb5_error_code kssl_build_principal_2( /* UPDATE */ krb5_context context, /* OUT */ krb5_principal *princ, diff --git a/ssl/kssl.h b/ssl/kssl.h index e4df843073..c3d5492d44 100644 --- a/ssl/kssl.h +++ b/ssl/kssl.h @@ -85,9 +85,9 @@ extern "C" { #endif /* -** Depending on which KRB5 implementation used, some types from -** the other may be missing. Resolve that here and now -*/ + * Depending on which KRB5 implementation used, some types from + * the other may be missing. Resolve that here and now + */ #ifdef KRB5_HEIMDAL typedef unsigned char krb5_octet; #define FAR @@ -100,10 +100,10 @@ typedef unsigned char krb5_octet; #endif /* Uncomment this to debug kssl problems or -** to trace usage of the Kerberos session key -** -** #define KSSL_DEBUG -*/ + * to trace usage of the Kerberos session key + * + * #define KSSL_DEBUG + */ #ifndef KRB5SVC #define KRB5SVC "host" @@ -132,10 +132,10 @@ typedef struct kssl_err_st { } KSSL_ERR; -/* Context for passing -** (1) Kerberos session key to SSL, and -** (2) Config data between application and SSL lib -*/ +/*- Context for passing + * (1) Kerberos session key to SSL, and + * (2) Config data between application and SSL lib + */ typedef struct kssl_ctx_st { /* used by: disposition: */ diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 6e44e0cd64..9193d7bdc9 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -440,7 +440,8 @@ int ssl23_get_client_hello(SSL *s) v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ v[1] = p[4]; - /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 + /*- + * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 * header is sent directly on the wire, not wrapped as a TLS * record. It's format is: * Byte Content diff --git a/ssl/s3_both.c b/ssl/s3_both.c index b110e3c361..6c0fb37c29 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -294,7 +294,8 @@ f_err: return(0); } -/* for these 2 messages, we need to +/*- + * for these 2 messages, we need to * ssl->enc_read_ctx re-init * ssl->s3->read_sequence zero * ssl->s3->read_mac_secret re-init diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 6087ee3553..99103061c1 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -68,14 +68,16 @@ * supported by TLS.) */ #define MAX_HASH_BLOCK_SIZE 128 -/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC +/*- + * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC * record in |rec| by updating |rec->length| in constant time. * * block_size: the block size of the cipher used to encrypt the record. * returns: * 0: (in non-constant time) if the record is publicly invalid. * 1: if the padding was valid - * -1: otherwise. */ + * -1: otherwise. + */ int ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, @@ -97,7 +99,8 @@ int ssl3_cbc_remove_padding(const SSL* s, return constant_time_select_int(good, 1, -1); } -/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC +/*- + * tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC * record in |rec| in constant time and returns 1 if the padding is valid and * -1 otherwise. It also removes any explicit IV from the start of the record * without leaking any timing about whether there was enough space after the @@ -107,7 +110,8 @@ int ssl3_cbc_remove_padding(const SSL* s, * returns: * 0: (in non-constant time) if the record is publicly invalid. * 1: if the padding was valid - * -1: otherwise. */ + * -1: otherwise. + */ int tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, @@ -193,7 +197,8 @@ int tls1_cbc_remove_padding(const SSL* s, return constant_time_select_int(good, 1, -1); } -/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in +/*- + * ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in * constant time (independent of the concrete value of rec->length, which may * vary within a 256-byte window). * @@ -373,7 +378,8 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) } } -/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS +/*- + * ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS * record. * * ctx: the EVP_MD_CTX from which we take the hash function. @@ -391,7 +397,8 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) * On entry: by virtue of having been through one of the remove_padding * functions, above, we know that data_plus_mac_size is large enough to contain * a padding byte and MAC. (If the padding was invalid, it might contain the - * padding too. ) */ + * padding too. ) + */ void ssl3_cbc_digest_record( const EVP_MD_CTX *ctx, unsigned char* md_out, diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 321afc1bed..4ca2774f23 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -730,7 +730,8 @@ int ssl3_client_hello(SSL *s) /* Do the message type and length last */ d=p= ssl_handshake_start(s); - /* version indicates the negotiated version: for example from + /*- + * version indicates the negotiated version: for example from * an SSLv2/v3 compatible client hello). The client_version * field is the maximum version we permit and it is also * used in RSA encrypted premaster secrets. Some servers can @@ -2593,24 +2594,25 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } - /* 20010406 VRS - Earlier versions used KRB5 AP_REQ - ** in place of RFC 2712 KerberosWrapper, as in: - ** - ** Send ticket (copy to *p, set n = length) - ** n = krb5_ap_req.length; - ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - ** if (krb5_ap_req.data) - ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - ** - ** Now using real RFC 2712 KerberosWrapper - ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) - ** Note: 2712 "opaque" types are here replaced - ** with a 2-byte length followed by the value. - ** Example: - ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms - ** Where "xx xx" = length bytes. Shown here with - ** optional authenticator omitted. - */ + /*- + * 20010406 VRS - Earlier versions used KRB5 AP_REQ + * in place of RFC 2712 KerberosWrapper, as in: + * + * Send ticket (copy to *p, set n = length) + * n = krb5_ap_req.length; + * memcpy(p, krb5_ap_req.data, krb5_ap_req.length); + * if (krb5_ap_req.data) + * kssl_krb5_free_data_contents(NULL,&krb5_ap_req); + * + * Now using real RFC 2712 KerberosWrapper + * (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) + * Note: 2712 "opaque" types are here replaced + * with a 2-byte length followed by the value. + * Example: + * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms + * Where "xx xx" = length bytes. Shown here with + * optional authenticator omitted. + */ /* KerberosWrapper.Ticket */ s2n(enc_ticket->length,p); @@ -2641,12 +2643,13 @@ int ssl3_send_client_key_exchange(SSL *s) if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0) goto err; - /* 20010420 VRS. Tried it this way; failed. - ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - ** kssl_ctx->length); - ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ + /*- + * 20010420 VRS. Tried it this way; failed. + * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); + * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, + * kssl_ctx->length); + * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); + */ memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, @@ -2803,7 +2806,8 @@ int ssl3_send_client_key_exchange(SSL *s) */ if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) { - /* XXX: For now, we do not support client + /*- + * XXX: For now, we do not support client * authentication using ECDH certificates. * To add such support, one needs to add * code that checks for appropriate diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 8fedf5a80d..2de10d644e 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -293,7 +293,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) * ssl3_get_record to loop forever. */ #define MAX_EMPTY_RECORDS 32 -/* Call this to get a new input record. +/*- + * Call this to get a new input record. * It will return <= 0 if more data is needed, normally due to an error * or non-blocking IO. * When it finishes, one packet has been decoded and can be found in @@ -449,10 +450,12 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); } enc_err = s->method->ssl3_enc->enc(s,0); - /* enc_err is: + /*- + * enc_err is: * 0: (in non-constant time) if the record is publically invalid. * 1: if the padding is valid - * -1: if the padding is invalid */ + * -1: if the padding is invalid + */ if (enc_err == 0) { al=SSL_AD_DECRYPTION_FAILED; @@ -556,7 +559,8 @@ printf("\n"); } rr->off=0; - /* So at this point the following is true + /*- + * So at this point the following is true * ssl->s3->rrec.type is the type of record * ssl->s3->rrec.length == number of bytes in record * ssl->s3->rrec.off == offset to first valid byte @@ -1215,7 +1219,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, } } -/* Return up to 'len' payload bytes received in 'type' records. +/*- + * Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) @@ -1297,10 +1302,12 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) start: s->rwstate=SSL_NOTHING; - /* s->s3->rrec.type - is the type of record + /*- + * s->s3->rrec.type - is the type of record * s->s3->rrec.data, - data * s->s3->rrec.off, - offset into 'data' for next read - * s->s3->rrec.length, - number of bytes. */ + * s->s3->rrec.length, - number of bytes. + */ rr = &(s->s3->rrec); /* get new packet if necessary */ @@ -1422,9 +1429,11 @@ start: } } - /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; + /*- + * s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ + * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) + */ /* If we are a client, check for an incoming 'Hello Request': */ if ((!s->server) && diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 02c8c10aa1..a3085771d6 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1501,7 +1501,8 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } - /* we now have the following setup. + /*- + * we now have the following setup. * client_random * cipher_list - our prefered list of ciphers * ciphers - the clients prefered list of ciphers @@ -1559,7 +1560,8 @@ int ssl3_send_server_hello(SSL *s) memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; - /* There are several cases for the session ID to send + /*- + * There are several cases for the session ID to send * back in the server hello: * - For session reuse from the session cache, * we send back the old session ID. @@ -2690,11 +2692,11 @@ int ssl3_get_client_key_exchange(SSL *s) } - /* Was doing kssl_ctx_free() here, - ** but it caused problems for apache. - ** kssl_ctx = kssl_ctx_free(kssl_ctx); - ** if (s->kssl_ctx) s->kssl_ctx = NULL; - */ + /*- Was doing kssl_ctx_free() here, + * but it caused problems for apache. + * kssl_ctx = kssl_ctx_free(kssl_ctx); + * if (s->kssl_ctx) s->kssl_ctx = NULL; + */ } else #endif /* OPENSSL_NO_KRB5 */ @@ -3587,7 +3589,8 @@ int ssl3_send_newsession_ticket(SSL *s) i2d_SSL_SESSION(sess, &p); SSL_SESSION_free(sess); - /* Grow buffer if need be: the length calculation is as + /*- + * Grow buffer if need be: the length calculation is as * follows handshake_header_length + * 4 (ticket lifetime hint) + 2 (ticket length) + * 16 (key name) + max_iv_len (iv length) + @@ -3671,7 +3674,8 @@ int ssl3_send_cert_status(SSL *s) if (s->state == SSL3_ST_SW_CERT_STATUS_A) { unsigned char *p; - /* Grow buffer if need be: the length calculation is as + /*- + * Grow buffer if need be: the length calculation is as * follows 1 (message type) + 3 (message length) + * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) @@ -3743,7 +3747,8 @@ int ssl3_get_next_proto(SSL *s) p=(unsigned char *)s->init_msg; - /* The payload looks like: + /*- + * The payload looks like: * uint8 proto_len; * uint8 proto[proto_len]; * uint8 padding_len; @@ -305,7 +305,7 @@ extern "C" { #define SSL_TXT_ALL "ALL" -/* +/*- * COMPLEMENTOF* definitions. These identifiers are used to (de-select) * ciphers normally not being used. * Example: "RC4" will activate all ciphers using RC4 including ciphers @@ -453,7 +453,8 @@ struct ssl_method_st long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); }; -/* Lets make this into an ASN.1 type structure as follows +/*- + * Lets make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { * version INTEGER, -- structure version number * SSLversion INTEGER, -- SSL version number @@ -1086,14 +1087,16 @@ struct ssl_ctx_st /* ALPN information * (we are in the process of transitioning from NPN to ALPN.) */ - /* For a server, this contains a callback function that allows the + /*- + * For a server, this contains a callback function that allows the * server to select the protocol for the connection. * out: on successful return, this must point to the raw protocol * name (without the length prefix). * outlen: on successful return, this contains the length of |*out|. * in: points to the client's list of supported protocols in * wire-format. - * inlen: the length of |in|. */ + * inlen: the length of |in|. + */ int (*alpn_select_cb)(SSL *s, const unsigned char **out, unsigned char *outlen, diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 4d65a2bc6e..a046c71e2f 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1953,12 +1953,14 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) if (cm == NULL || cm->type == NID_undef) return 1; - /* According to draft-ietf-tls-compression-04.txt, the - compression number ranges should be the following: - - 0 to 63: methods defined by the IETF - 64 to 192: external party methods assigned by IANA - 193 to 255: reserved for private use */ + /*- + * According to draft-ietf-tls-compression-04.txt, the + * compression number ranges should be the following: + * + * 0 to 63: methods defined by the IETF + * 64 to 192: external party methods assigned by IANA + * 193 to 255: reserved for private use + */ if (id < 193 || id > 255) { SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 5212bc9501..facfec5d3b 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -413,7 +413,7 @@ /* we have used 000001ff - 23 bits left to go */ -/* +/*- * Macros to check the export status and cipher strength for export ciphers. * Even though the macros for EXPORT and EXPORT40/56 have similar names, * their meaning is different: @@ -479,7 +479,8 @@ #define SSL_PKEY_GOST01 7 #define SSL_PKEY_NUM 8 -/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | +/*- + * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN @@ -511,11 +512,13 @@ typedef struct cert_pkey_st /* Chain for this certificate */ STACK_OF(X509) *chain; #ifndef OPENSSL_NO_TLSEXT - /* serverinfo data for this certificate. The data is in TLS Extension + /*- + * serverinfo data for this certificate. The data is in TLS Extension * wire format, specifically it's a series of records like: * uint16_t extension_type; // (RFC 5246, 7.4.1.4, Extension) * uint16_t length; - * uint8_t data[length]; */ + * uint8_t data[length]; + */ unsigned char *serverinfo; size_t serverinfo_length; #endif diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index a85f2792ce..493b0fddf6 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -335,7 +335,7 @@ int ssl_get_new_session(SSL *s, int session) return(0); } #ifndef OPENSSL_NO_TLSEXT - /* + /*- * If RFC5077 ticket, use empty session ID (as server). * Note that: * (a) ssl_get_prev_session() does lookahead into the diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index 9c4982cb86..592e8580dc 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -57,7 +57,7 @@ */ /* VMS */ -/* +/*- * DECnet object for servicing SSL. We accept the inbound and speak a * simple protocol for multiplexing the 2 data streams (application and * ssl data) over this logical link. @@ -270,7 +270,7 @@ int doit(io_channel chan, SSL_CTX *s_ctx ) c_to_s=BIO_new(BIO_s_rtcp()); s_to_c=BIO_new(BIO_s_rtcp()); if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; -/* original, DRM 24-SEP-1997 +/*- original, DRM 24-SEP-1997 BIO_set_fd ( c_to_s, "", chan ); BIO_set_fd ( s_to_c, "", chan ); */ diff --git a/ssl/ssltest.c b/ssl/ssltest.c index e5be634b95..c699b61a29 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -545,7 +545,8 @@ static int verify_serverinfo() return 0; } -/* Four test cases for custom extensions: +/*- + * Four test cases for custom extensions: * 0 - no ClientHello extension or ServerHello response * 1 - ClientHello with "abc", no response * 2 - ClientHello with "abc", empty response @@ -1924,7 +1925,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, do { - /* c_ssl_bio: SSL filter BIO + /*- + * c_ssl_bio: SSL filter BIO * * client: pseudo-I/O for SSL library * @@ -2796,11 +2798,12 @@ static void process_proxy_debug(int indent, const char *format, ...) vfprintf(stderr, my_format, args); va_end(args); } -/* Priority levels: - 0 [!]var, () - 1 & ^ - 2 | -*/ +/*- + * Priority levels: + * 0 [!]var, () + * 1 & ^ + * 2 | + */ static int process_proxy_cond_adders(unsigned int letters[26], const char *cond, const char **cond_end, int *pos, int indent); static int process_proxy_cond_val(unsigned int letters[26], @@ -3152,7 +3155,8 @@ static void free_tmp_rsa(void) #endif #ifndef OPENSSL_NO_DH -/* These DH parameters have been generated as follows: +/*- + * These DH parameters have been generated as follows: * $ openssl dhparam -C -noout 512 * $ openssl dhparam -C -noout 1024 * $ openssl dhparam -C -noout -dsaparam 1024 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f0291b115f..31b1c360ab 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -504,7 +504,7 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len) return 0; } -/* +/*- * Return |nmatch|th shared curve or NID_undef if there is no match. * For nmatch == -1, return number of matches * For nmatch == -2, return the NID of the curve to use for @@ -1222,13 +1222,14 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c unsigned long size_str; long lenmax; - /* check for enough space. - 4 for the servername type and entension length - 2 for servernamelist length - 1 for the hostname type - 2 for hostname length - + hostname length - */ + /*- + * check for enough space. + * 4 for the servername type and entension length + * 2 for servernamelist length + * 1 for the hostname type + * 2 for hostname length + * + hostname length + */ if ((lenmax = limit - ret - 9) < 0 || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) @@ -1260,11 +1261,12 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c return NULL; } - /* check for enough space. - 4 for the srp type type and entension length - 1 for the srp user identity - + srp user identity length - */ + /*- + * check for enough space. + * 4 for the srp type type and entension length + * 1 for the srp user identity + * + srp user identity length + */ if ((limit - ret - 5 - login_len) < 0) return NULL; /* fill in the extension */ @@ -1464,7 +1466,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c return NULL; s2n(TLSEXT_TYPE_heartbeat,ret); s2n(1,ret); - /* Set mode: + /*- + * Set mode: * 1: peer may send requests * 2: peer not allowed to send requests */ @@ -1720,7 +1723,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c return NULL; s2n(TLSEXT_TYPE_heartbeat,ret); s2n(1,ret); - /* Set mode: + /*- + * Set mode: * 1: peer may send requests * 2: peer not allowed to send requests */ @@ -1867,7 +1871,8 @@ parse_error: } #ifndef OPENSSL_NO_EC -/* ssl_check_for_safari attempts to fingerprint Safari using OS X +/*- + * ssl_check_for_safari attempts to fingerprint Safari using OS X * SecureTransport using the TLS extension block in |d|, of length |n|. * Safari, since 10.6, sends exactly these extensions, in this order: * SNI, @@ -2019,28 +2024,30 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char } else if (s->version == SSL3_VERSION) {} -/* The servername extension is treated as follows: - - - Only the hostname type is supported with a maximum length of 255. - - The servername is rejected if too long or if it contains zeros, - in which case an fatal alert is generated. - - The servername field is maintained together with the session cache. - - When a session is resumed, the servername call back invoked in order - to allow the application to position itself to the right context. - - The servername is acknowledged if it is new for a session or when - it is identical to a previously used for the same session. - Applications can control the behaviour. They can at any time - set a 'desirable' servername for a new SSL object. This can be the - case for example with HTTPS when a Host: header field is received and - a renegotiation is requested. In this case, a possible servername - presented in the new client hello is only acknowledged if it matches - the value of the Host: field. - - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - if they provide for changing an explicit servername context for the session, - i.e. when the session has been established with a servername extension. - - On session reconnect, the servername extension may be absent. - -*/ +/*- + * The servername extension is treated as follows: + * + * - Only the hostname type is supported with a maximum length of 255. + * - The servername is rejected if too long or if it contains zeros, + * in which case an fatal alert is generated. + * - The servername field is maintained together with the session cache. + * - When a session is resumed, the servername call back invoked in order + * to allow the application to position itself to the right context. + * - The servername is acknowledged if it is new for a session or when + * it is identical to a previously used for the same session. + * Applications can control the behaviour. They can at any time + * set a 'desirable' servername for a new SSL object. This can be the + * case for example with HTTPS when a Host: header field is received and + * a renegotiation is requested. In this case, a possible servername + * presented in the new client hello is only acknowledged if it matches + * the value of the Host: field. + * - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + * if they provide for changing an explicit servername context for the + * session, i.e. when the session has been established with a servername + * extension. + * - On session reconnect, the servername extension may be absent. + * + */ else if (type == TLSEXT_TYPE_server_name) { @@ -2419,7 +2426,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char s->s3->tmp.finish_md_len == 0 && s->s3->alpn_selected == NULL) { - /* We shouldn't accept this extension on a + /*- + * We shouldn't accept this extension on a * renegotiation. * * s->new_session will be set on renegotiation, but we @@ -2428,12 +2436,13 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char * there's some other reason to disallow resuming an * earlier session -- the current code won't be doing * anything like that, but this might change). - + * * A valid sign that there's been a previous handshake * in this connection is if s->s3->tmp.finish_md_len > * 0. (We are talking about a check that will happen * in the Hello protocol round, well before a new - * Finished message could have been computed.) */ + * Finished message could have been computed.) + */ s->s3->next_proto_neg_seen = 1; } #endif @@ -2746,10 +2755,12 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *al = TLS1_AD_DECODE_ERROR; return 0; } - /* The extension data consists of: + /*- + * The extension data consists of: * uint16 list_length * uint8 proto_length; - * uint8 proto[proto_length]; */ + * uint8 proto[proto_length]; + */ len = data[0]; len <<= 8; len |= data[1]; @@ -3248,7 +3259,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in return 1; } -/* Since the server cache lookup is done early on in the processing of the +/*- + * Since the server cache lookup is done early on in the processing of the * ClientHello, and other operations depend on the result, we need to handle * any TLS session ticket extension at the same time. * @@ -3368,7 +3380,8 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, return 0; } -/* tls_decrypt_ticket attempts to decrypt a session ticket. +/*- + * tls_decrypt_ticket attempts to decrypt a session ticket. * * etick: points to the body of the session ticket extension. * eticklen: the length of the session tickets extenion. @@ -4086,7 +4099,8 @@ tls1_heartbeat(SSL *s) */ OPENSSL_assert(payload + padding <= 16381); - /* Create HeartBeat message, we just use a sequence number + /*- + * Create HeartBeat message, we just use a sequence number * as payload to distuingish different messages and add * some random stuff. * - Message Type, 1 byte |