Convert comments in ssl.
That's the last of it!
Change-Id: I93d1f5ab7e95b2ad105c34b24297a0bf77625263
Reviewed-on: https://boringssl-review.googlesource.com/19784
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 7527a98..0ff5a09 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -142,17 +142,17 @@
}
}
-/* Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be
- * more than one extension of the same type in a ClientHello or ServerHello.
- * This function does an initial scan over the extensions block to filter those
- * out. */
+// Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be
+// more than one extension of the same type in a ClientHello or ServerHello.
+// This function does an initial scan over the extensions block to filter those
+// out.
static int tls1_check_duplicate_extensions(const CBS *cbs) {
CBS extensions = *cbs;
size_t num_extensions = 0, i = 0;
uint16_t *extension_types = NULL;
int ret = 0;
- /* First pass: count the extensions. */
+ // First pass: count the extensions.
while (CBS_len(&extensions) > 0) {
uint16_t type;
CBS extension;
@@ -176,20 +176,20 @@
goto done;
}
- /* Second pass: gather the extension types. */
+ // Second pass: gather the extension types.
extensions = *cbs;
for (i = 0; i < num_extensions; i++) {
CBS extension;
if (!CBS_get_u16(&extensions, &extension_types[i]) ||
!CBS_get_u16_length_prefixed(&extensions, &extension)) {
- /* This should not happen. */
+ // This should not happen.
goto done;
}
}
assert(CBS_len(&extensions) == 0);
- /* Sort the extensions and make sure there are no duplicates. */
+ // Sort the extensions and make sure there are no duplicates.
qsort(extension_types, num_extensions, sizeof(uint16_t), compare_uint16_t);
for (i = 1; i < num_extensions; i++) {
if (extension_types[i - 1] == extension_types[i]) {
@@ -225,7 +225,7 @@
out->session_id = CBS_data(&session_id);
out->session_id_len = CBS_len(&session_id);
- /* Skip past DTLS cookie */
+ // Skip past DTLS cookie
if (SSL_is_dtls(out->ssl)) {
CBS cookie;
if (!CBS_get_u8_length_prefixed(&client_hello, &cookie) ||
@@ -247,15 +247,15 @@
out->compression_methods = CBS_data(&compression_methods);
out->compression_methods_len = CBS_len(&compression_methods);
- /* If the ClientHello ends here then it's valid, but doesn't have any
- * extensions. (E.g. SSLv3.) */
+ // If the ClientHello ends here then it's valid, but doesn't have any
+ // extensions. (E.g. SSLv3.)
if (CBS_len(&client_hello) == 0) {
out->extensions = NULL;
out->extensions_len = 0;
return 1;
}
- /* Extract extensions and check it is valid. */
+ // Extract extensions and check it is valid.
CBS extensions;
if (!CBS_get_u16_length_prefixed(&client_hello, &extensions) ||
!tls1_check_duplicate_extensions(&extensions) ||
@@ -274,7 +274,7 @@
CBS extensions;
CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
while (CBS_len(&extensions) != 0) {
- /* Decode the next extension. */
+ // Decode the next extension.
uint16_t type;
CBS extension;
if (!CBS_get_u16(&extensions, &type) ||
@@ -315,14 +315,14 @@
size_t groups_len, pref_len, supp_len;
tls1_get_grouplist(ssl, &groups, &groups_len);
- /* Clients are not required to send a supported_groups extension. In this
- * case, the server is free to pick any group it likes. See RFC 4492,
- * section 4, paragraph 3.
- *
- * However, in the interests of compatibility, we will skip ECDH if the
- * client didn't send an extension because we can't be sure that they'll
- * support our favoured group. Thus we do not special-case an emtpy
- * |peer_supported_group_list|. */
+ // Clients are not required to send a supported_groups extension. In this
+ // case, the server is free to pick any group it likes. See RFC 4492,
+ // section 4, paragraph 3.
+ //
+ // However, in the interests of compatibility, we will skip ECDH if the
+ // client didn't send an extension because we can't be sure that they'll
+ // support our favoured group. Thus we do not special-case an emtpy
+ // |peer_supported_group_list|.
if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
pref = groups;
@@ -425,14 +425,14 @@
return 0;
}
-/* kVerifySignatureAlgorithms is the default list of accepted signature
- * algorithms for verifying.
- *
- * For now, RSA-PSS signature algorithms are not enabled on Android's system
- * BoringSSL. Once the change in Chrome has stuck and the values are finalized,
- * restore them. */
+// kVerifySignatureAlgorithms is the default list of accepted signature
+// algorithms for verifying.
+//
+// For now, RSA-PSS signature algorithms are not enabled on Android's system
+// BoringSSL. Once the change in Chrome has stuck and the values are finalized,
+// restore them.
static const uint16_t kVerifySignatureAlgorithms[] = {
- /* List our preferred algorithms first. */
+ // List our preferred algorithms first.
SSL_SIGN_ED25519,
SSL_SIGN_ECDSA_SECP256R1_SHA256,
#if !defined(BORINGSSL_ANDROID_SYSTEM)
@@ -440,14 +440,14 @@
#endif
SSL_SIGN_RSA_PKCS1_SHA256,
- /* Larger hashes are acceptable. */
+ // Larger hashes are acceptable.
SSL_SIGN_ECDSA_SECP384R1_SHA384,
#if !defined(BORINGSSL_ANDROID_SYSTEM)
SSL_SIGN_RSA_PSS_SHA384,
#endif
SSL_SIGN_RSA_PKCS1_SHA384,
- /* TODO(davidben): Remove this. */
+ // TODO(davidben): Remove this.
#if defined(BORINGSSL_ANDROID_SYSTEM)
SSL_SIGN_ECDSA_SECP521R1_SHA512,
#endif
@@ -456,19 +456,19 @@
#endif
SSL_SIGN_RSA_PKCS1_SHA512,
- /* For now, SHA-1 is still accepted but least preferable. */
+ // For now, SHA-1 is still accepted but least preferable.
SSL_SIGN_RSA_PKCS1_SHA1,
};
-/* kSignSignatureAlgorithms is the default list of supported signature
- * algorithms for signing.
- *
- * For now, RSA-PSS signature algorithms are not enabled on Android's system
- * BoringSSL. Once the change in Chrome has stuck and the values are finalized,
- * restore them. */
+// kSignSignatureAlgorithms is the default list of supported signature
+// algorithms for signing.
+//
+// For now, RSA-PSS signature algorithms are not enabled on Android's system
+// BoringSSL. Once the change in Chrome has stuck and the values are finalized,
+// restore them.
static const uint16_t kSignSignatureAlgorithms[] = {
- /* List our preferred algorithms first. */
+ // List our preferred algorithms first.
SSL_SIGN_ED25519,
SSL_SIGN_ECDSA_SECP256R1_SHA256,
#if !defined(BORINGSSL_ANDROID_SYSTEM)
@@ -476,9 +476,9 @@
#endif
SSL_SIGN_RSA_PKCS1_SHA256,
- /* If needed, sign larger hashes.
- *
- * TODO(davidben): Determine which of these may be pruned. */
+ // If needed, sign larger hashes.
+ //
+ // TODO(davidben): Determine which of these may be pruned.
SSL_SIGN_ECDSA_SECP384R1_SHA384,
#if !defined(BORINGSSL_ANDROID_SYSTEM)
SSL_SIGN_RSA_PSS_SHA384,
@@ -491,7 +491,7 @@
#endif
SSL_SIGN_RSA_PKCS1_SHA512,
- /* If the peer supports nothing else, sign with SHA-1. */
+ // If the peer supports nothing else, sign with SHA-1.
SSL_SIGN_ECDSA_SHA1,
SSL_SIGN_RSA_PKCS1_SHA1,
};
@@ -542,21 +542,21 @@
return 0;
}
-/* tls_extension represents a TLS extension that is handled internally. The
- * |init| function is called for each handshake, before any other functions of
- * the extension. Then the add and parse callbacks are called as needed.
- *
- * The parse callbacks receive a |CBS| that contains the contents of the
- * extension (i.e. not including the type and length bytes). If an extension is
- * not received then the parse callbacks will be called with a NULL CBS so that
- * they can do any processing needed to handle the absence of an extension.
- *
- * The add callbacks receive a |CBB| to which the extension can be appended but
- * the function is responsible for appending the type and length bytes too.
- *
- * All callbacks return one for success and zero for error. If a parse function
- * returns zero then a fatal alert with value |*out_alert| will be sent. If
- * |*out_alert| isn't set, then a |decode_error| alert will be sent. */
+// tls_extension represents a TLS extension that is handled internally. The
+// |init| function is called for each handshake, before any other functions of
+// the extension. Then the add and parse callbacks are called as needed.
+//
+// The parse callbacks receive a |CBS| that contains the contents of the
+// extension (i.e. not including the type and length bytes). If an extension is
+// not received then the parse callbacks will be called with a NULL CBS so that
+// they can do any processing needed to handle the absence of an extension.
+//
+// The add callbacks receive a |CBB| to which the extension can be appended but
+// the function is responsible for appending the type and length bytes too.
+//
+// All callbacks return one for success and zero for error. If a parse function
+// returns zero then a fatal alert with value |*out_alert| will be sent. If
+// |*out_alert| isn't set, then a |decode_error| alert will be sent.
struct tls_extension {
uint16_t value;
void (*init)(SSL_HANDSHAKE *hs);
@@ -573,7 +573,7 @@
static int forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
CBS *contents) {
if (contents != NULL) {
- /* Servers MUST NOT send this extension. */
+ // Servers MUST NOT send this extension.
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
return 0;
@@ -584,7 +584,7 @@
static int ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
CBS *contents) {
- /* This extension from the client is handled elsewhere. */
+ // This extension from the client is handled elsewhere.
return 1;
}
@@ -592,9 +592,9 @@
return 1;
}
-/* Server name indication (SNI).
- *
- * https://tools.ietf.org/html/rfc6066#section-3. */
+// Server name indication (SNI).
+//
+// https://tools.ietf.org/html/rfc6066#section-3.
static int ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
@@ -652,13 +652,13 @@
uint8_t name_type;
if (!CBS_get_u16_length_prefixed(contents, &server_name_list) ||
!CBS_get_u8(&server_name_list, &name_type) ||
- /* Although the server_name extension was intended to be extensible to
- * new name types and multiple names, OpenSSL 1.0.x had a bug which meant
- * different name types will cause an error. Further, RFC 4366 originally
- * defined syntax inextensibly. RFC 6066 corrected this mistake, but
- * adding new name types is no longer feasible.
- *
- * Act as if the extensibility does not exist to simplify parsing. */
+ // Although the server_name extension was intended to be extensible to
+ // new name types and multiple names, OpenSSL 1.0.x had a bug which meant
+ // different name types will cause an error. Further, RFC 4366 originally
+ // defined syntax inextensibly. RFC 6066 corrected this mistake, but
+ // adding new name types is no longer feasible.
+ //
+ // Act as if the extensibility does not exist to simplify parsing.
!CBS_get_u16_length_prefixed(&server_name_list, &host_name) ||
CBS_len(&server_name_list) != 0 ||
CBS_len(contents) != 0) {
@@ -673,7 +673,7 @@
return 0;
}
- /* Copy the hostname as a string. */
+ // Copy the hostname as a string.
char *hostname_raw = nullptr;
if (!CBS_strdup(&host_name, &hostname_raw)) {
*out_alert = SSL_AD_INTERNAL_ERROR;
@@ -700,13 +700,13 @@
}
-/* Renegotiation indication.
- *
- * https://tools.ietf.org/html/rfc5746 */
+// Renegotiation indication.
+//
+// https://tools.ietf.org/html/rfc5746
static int ext_ri_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
- /* Renegotiation indication is not necessary in TLS 1.3. */
+ // Renegotiation indication is not necessary in TLS 1.3.
if (hs->min_version >= TLS1_3_VERSION) {
return 1;
}
@@ -735,8 +735,8 @@
return 0;
}
- /* Servers may not switch between omitting the extension and supporting it.
- * See RFC 5746, sections 3.5 and 4.2. */
+ // Servers may not switch between omitting the extension and supporting it.
+ // See RFC 5746, sections 3.5 and 4.2.
if (ssl->s3->initial_handshake_complete &&
(contents != NULL) != ssl->s3->send_connection_binding) {
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
@@ -745,20 +745,20 @@
}
if (contents == NULL) {
- /* Strictly speaking, if we want to avoid an attack we should *always* see
- * RI even on initial ServerHello because the client doesn't see any
- * renegotiation during an attack. However this would mean we could not
- * connect to any server which doesn't support RI.
- *
- * OpenSSL has |SSL_OP_LEGACY_SERVER_CONNECT| to control this, but in
- * practical terms every client sets it so it's just assumed here. */
+ // Strictly speaking, if we want to avoid an attack we should *always* see
+ // RI even on initial ServerHello because the client doesn't see any
+ // renegotiation during an attack. However this would mean we could not
+ // connect to any server which doesn't support RI.
+ //
+ // OpenSSL has |SSL_OP_LEGACY_SERVER_CONNECT| to control this, but in
+ // practical terms every client sets it so it's just assumed here.
return 1;
}
const size_t expected_len = ssl->s3->previous_client_finished_len +
ssl->s3->previous_server_finished_len;
- /* Check for logic errors */
+ // Check for logic errors
assert(!expected_len || ssl->s3->previous_client_finished_len);
assert(!expected_len || ssl->s3->previous_server_finished_len);
assert(ssl->s3->initial_handshake_complete ==
@@ -766,7 +766,7 @@
assert(ssl->s3->initial_handshake_complete ==
(ssl->s3->previous_server_finished_len != 0));
- /* Parse out the extension contents. */
+ // Parse out the extension contents.
CBS renegotiated_connection;
if (!CBS_get_u8_length_prefixed(contents, &renegotiated_connection) ||
CBS_len(contents) != 0) {
@@ -775,7 +775,7 @@
return 0;
}
- /* Check that the extension matches. */
+ // Check that the extension matches.
if (CBS_len(&renegotiated_connection) != expected_len) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
@@ -813,8 +813,8 @@
static int ext_ri_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
CBS *contents) {
SSL *const ssl = hs->ssl;
- /* Renegotiation isn't supported as a server so this function should never be
- * called after the initial handshake. */
+ // Renegotiation isn't supported as a server so this function should never be
+ // called after the initial handshake.
assert(!ssl->s3->initial_handshake_complete);
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
@@ -832,8 +832,8 @@
return 0;
}
- /* Check that the extension matches. We do not support renegotiation as a
- * server, so this must be empty. */
+ // Check that the extension matches. We do not support renegotiation as a
+ // server, so this must be empty.
if (CBS_len(&renegotiated_connection) != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
*out_alert = SSL_AD_HANDSHAKE_FAILURE;
@@ -847,8 +847,8 @@
static int ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
- /* Renegotiation isn't supported as a server so this function should never be
- * called after the initial handshake. */
+ // Renegotiation isn't supported as a server so this function should never be
+ // called after the initial handshake.
assert(!ssl->s3->initial_handshake_complete);
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
@@ -865,12 +865,12 @@
}
-/* Extended Master Secret.
- *
- * https://tools.ietf.org/html/rfc7627 */
+// Extended Master Secret.
+//
+// https://tools.ietf.org/html/rfc7627
static int ext_ems_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
- /* Extended master secret is not necessary in TLS 1.3. */
+ // Extended master secret is not necessary in TLS 1.3.
if (hs->min_version >= TLS1_3_VERSION || hs->max_version <= SSL3_VERSION) {
return 1;
}
@@ -897,7 +897,7 @@
hs->extended_master_secret = 1;
}
- /* Whether EMS is negotiated may not change on renegotiation. */
+ // Whether EMS is negotiated may not change on renegotiation.
if (ssl->s3->established_session != NULL &&
hs->extended_master_secret !=
ssl->s3->established_session->extended_master_secret) {
@@ -943,13 +943,13 @@
}
-/* Session tickets.
- *
- * https://tools.ietf.org/html/rfc5077 */
+// Session tickets.
+//
+// https://tools.ietf.org/html/rfc5077
static int ext_ticket_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
- /* TLS 1.3 uses a different ticket extension. */
+ // TLS 1.3 uses a different ticket extension.
if (hs->min_version >= TLS1_3_VERSION ||
SSL_get_options(ssl) & SSL_OP_NO_TICKET) {
return 1;
@@ -958,14 +958,14 @@
const uint8_t *ticket_data = NULL;
int ticket_len = 0;
- /* Renegotiation does not participate in session resumption. However, still
- * advertise the extension to avoid potentially breaking servers which carry
- * over the state from the previous handshake, such as OpenSSL servers
- * without upstream's 3c3f0259238594d77264a78944d409f2127642c4. */
+ // Renegotiation does not participate in session resumption. However, still
+ // advertise the extension to avoid potentially breaking servers which carry
+ // over the state from the previous handshake, such as OpenSSL servers
+ // without upstream's 3c3f0259238594d77264a78944d409f2127642c4.
if (!ssl->s3->initial_handshake_complete &&
ssl->session != NULL &&
ssl->session->tlsext_tick != NULL &&
- /* Don't send TLS 1.3 session tickets in the ticket extension. */
+ // Don't send TLS 1.3 session tickets in the ticket extension.
SSL_SESSION_protocol_version(ssl->session) < TLS1_3_VERSION) {
ticket_data = ssl->session->tlsext_tick;
ticket_len = ssl->session->tlsext_ticklen;
@@ -993,9 +993,9 @@
return 0;
}
- /* If |SSL_OP_NO_TICKET| is set then no extension will have been sent and
- * this function should never be called, even if the server tries to send the
- * extension. */
+ // If |SSL_OP_NO_TICKET| is set then no extension will have been sent and
+ // this function should never be called, even if the server tries to send the
+ // extension.
assert((SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0);
if (CBS_len(contents) != 0) {
@@ -1011,7 +1011,7 @@
return 1;
}
- /* If |SSL_OP_NO_TICKET| is set, |ticket_expected| should never be true. */
+ // If |SSL_OP_NO_TICKET| is set, |ticket_expected| should never be true.
assert((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) == 0);
if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) ||
@@ -1023,9 +1023,9 @@
}
-/* Signature Algorithms.
- *
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+// Signature Algorithms.
+//
+// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
static int ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
@@ -1067,9 +1067,9 @@
}
-/* OCSP Stapling.
- *
- * https://tools.ietf.org/html/rfc6066#section-8 */
+// OCSP Stapling.
+//
+// https://tools.ietf.org/html/rfc6066#section-8
static int ext_ocsp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
@@ -1097,20 +1097,20 @@
return 1;
}
- /* TLS 1.3 OCSP responses are included in the Certificate extensions. */
+ // TLS 1.3 OCSP responses are included in the Certificate extensions.
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
return 0;
}
- /* OCSP stapling is forbidden on non-certificate ciphers. */
+ // OCSP stapling is forbidden on non-certificate ciphers.
if (CBS_len(contents) != 0 ||
!ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
return 0;
}
- /* Note this does not check for resumption in TLS 1.2. Sending
- * status_request here does not make sense, but OpenSSL does so and the
- * specification does not say anything. Tolerate it but ignore it. */
+ // Note this does not check for resumption in TLS 1.2. Sending
+ // status_request here does not make sense, but OpenSSL does so and the
+ // specification does not say anything. Tolerate it but ignore it.
hs->certificate_status_expected = 1;
return 1;
@@ -1127,8 +1127,8 @@
return 0;
}
- /* We cannot decide whether OCSP stapling will occur yet because the correct
- * SSL_CTX might not have been selected. */
+ // We cannot decide whether OCSP stapling will occur yet because the correct
+ // SSL_CTX might not have been selected.
hs->ocsp_stapling_requested = status_type == TLSEXT_STATUSTYPE_ocsp;
return 1;
@@ -1151,9 +1151,9 @@
}
-/* Next protocol negotiation.
- *
- * https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html */
+// Next protocol negotiation.
+//
+// https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html
static int ext_npn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
@@ -1182,15 +1182,15 @@
return 0;
}
- /* If any of these are false then we should never have sent the NPN
- * extension in the ClientHello and thus this function should never have been
- * called. */
+ // If any of these are false then we should never have sent the NPN
+ // extension in the ClientHello and thus this function should never have been
+ // called.
assert(!ssl->s3->initial_handshake_complete);
assert(!SSL_is_dtls(ssl));
assert(ssl->ctx->next_proto_select_cb != NULL);
if (ssl->s3->alpn_selected != NULL) {
- /* NPN and ALPN may not be negotiated in the same connection. */
+ // NPN and ALPN may not be negotiated in the same connection.
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
return 0;
@@ -1254,8 +1254,8 @@
static int ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
- /* |next_proto_neg_seen| might have been cleared when an ALPN extension was
- * parsed. */
+ // |next_proto_neg_seen| might have been cleared when an ALPN extension was
+ // parsed.
if (!hs->next_proto_neg_seen) {
return 1;
}
@@ -1282,9 +1282,9 @@
}
-/* Signed certificate timestamps.
- *
- * https://tools.ietf.org/html/rfc6962#section-3.3.1 */
+// Signed certificate timestamps.
+//
+// https://tools.ietf.org/html/rfc6962#section-3.3.1
static int ext_sct_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
@@ -1307,14 +1307,14 @@
return 1;
}
- /* TLS 1.3 SCTs are included in the Certificate extensions. */
+ // TLS 1.3 SCTs are included in the Certificate extensions.
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
*out_alert = SSL_AD_DECODE_ERROR;
return 0;
}
- /* If this is false then we should never have sent the SCT extension in the
- * ClientHello and thus this function should never have been called. */
+ // If this is false then we should never have sent the SCT extension in the
+ // ClientHello and thus this function should never have been called.
assert(ssl->signed_cert_timestamps_enabled);
if (!ssl_is_sct_list_valid(contents)) {
@@ -1322,11 +1322,11 @@
return 0;
}
- /* Session resumption uses the original session information. The extension
- * should not be sent on resumption, but RFC 6962 did not make it a
- * requirement, so tolerate this.
- *
- * TODO(davidben): Enforce this anyway. */
+ // Session resumption uses the original session information. The extension
+ // should not be sent on resumption, but RFC 6962 did not make it a
+ // requirement, so tolerate this.
+ //
+ // TODO(davidben): Enforce this anyway.
if (!ssl->s3->session_reused) {
CRYPTO_BUFFER_free(hs->new_session->signed_cert_timestamp_list);
hs->new_session->signed_cert_timestamp_list =
@@ -1356,7 +1356,7 @@
static int ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
- /* The extension shouldn't be sent when resuming sessions. */
+ // The extension shouldn't be sent when resuming sessions.
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION ||
ssl->s3->session_reused ||
ssl->cert->signed_cert_timestamp_list == NULL) {
@@ -1374,9 +1374,9 @@
}
-/* Application-level Protocol Negotiation.
- *
- * https://tools.ietf.org/html/rfc7301 */
+// Application-level Protocol Negotiation.
+//
+// https://tools.ietf.org/html/rfc7301
static int ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
@@ -1409,26 +1409,26 @@
assert(ssl->alpn_client_proto_list != NULL);
if (hs->next_proto_neg_seen) {
- /* NPN and ALPN may not be negotiated in the same connection. */
+ // NPN and ALPN may not be negotiated in the same connection.
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
return 0;
}
- /* The extension data consists of a ProtocolNameList which must have
- * exactly one ProtocolName. Each of these is length-prefixed. */
+ // The extension data consists of a ProtocolNameList which must have
+ // exactly one ProtocolName. Each of these is length-prefixed.
CBS protocol_name_list, protocol_name;
if (!CBS_get_u16_length_prefixed(contents, &protocol_name_list) ||
CBS_len(contents) != 0 ||
!CBS_get_u8_length_prefixed(&protocol_name_list, &protocol_name) ||
- /* Empty protocol names are forbidden. */
+ // Empty protocol names are forbidden.
CBS_len(&protocol_name) == 0 ||
CBS_len(&protocol_name_list) != 0) {
return 0;
}
if (!ssl->ctx->allow_unknown_alpn_protos) {
- /* Check that the protocol name is one of the ones we advertised. */
+ // Check that the protocol name is one of the ones we advertised.
int protocol_ok = 0;
CBS client_protocol_name_list, client_protocol_name;
CBS_init(&client_protocol_name_list, ssl->alpn_client_proto_list,
@@ -1473,11 +1473,11 @@
!ssl_client_hello_get_extension(
client_hello, &contents,
TLSEXT_TYPE_application_layer_protocol_negotiation)) {
- /* Ignore ALPN if not configured or no extension was supplied. */
+ // Ignore ALPN if not configured or no extension was supplied.
return 1;
}
- /* ALPN takes precedence over NPN. */
+ // ALPN takes precedence over NPN.
hs->next_proto_neg_seen = 0;
CBS protocol_name_list;
@@ -1489,13 +1489,13 @@
return 0;
}
- /* Validate the protocol list. */
+ // Validate the protocol list.
CBS protocol_name_list_copy = protocol_name_list;
while (CBS_len(&protocol_name_list_copy) > 0) {
CBS protocol_name;
if (!CBS_get_u8_length_prefixed(&protocol_name_list_copy, &protocol_name) ||
- /* Empty protocol names are forbidden. */
+ // Empty protocol names are forbidden.
CBS_len(&protocol_name) == 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
*out_alert = SSL_AD_DECODE_ERROR;
@@ -1542,9 +1542,9 @@
}
-/* Channel ID.
- *
- * https://tools.ietf.org/html/draft-balfanz-tls-channelid-01 */
+// Channel ID.
+//
+// https://tools.ietf.org/html/draft-balfanz-tls-channelid-01
static void ext_channel_id_init(SSL_HANDSHAKE *hs) {
hs->ssl->s3->tlsext_channel_id_valid = 0;
@@ -1615,9 +1615,9 @@
}
-/* Secure Real-time Transport Protocol (SRTP) extension.
- *
- * https://tools.ietf.org/html/rfc5764 */
+// Secure Real-time Transport Protocol (SRTP) extension.
+//
+// https://tools.ietf.org/html/rfc5764
static void ext_srtp_init(SSL_HANDSHAKE *hs) {
@@ -1660,10 +1660,10 @@
return 1;
}
- /* The extension consists of a u16-prefixed profile ID list containing a
- * single uint16_t profile ID, then followed by a u8-prefixed srtp_mki field.
- *
- * See https://tools.ietf.org/html/rfc5764#section-4.1.1 */
+ // The extension consists of a u16-prefixed profile ID list containing a
+ // single uint16_t profile ID, then followed by a u8-prefixed srtp_mki field.
+ //
+ // See https://tools.ietf.org/html/rfc5764#section-4.1.1
CBS profile_ids, srtp_mki;
uint16_t profile_id;
if (!CBS_get_u16_length_prefixed(contents, &profile_ids) ||
@@ -1676,7 +1676,7 @@
}
if (CBS_len(&srtp_mki) != 0) {
- /* Must be no MKI, since we never offer one. */
+ // Must be no MKI, since we never offer one.
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_MKI_VALUE);
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
@@ -1684,8 +1684,8 @@
STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl);
- /* Check to see if the server gave us something we support (and presumably
- * offered). */
+ // Check to see if the server gave us something we support (and presumably
+ // offered).
for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
if (profile->id == profile_id) {
ssl->srtp_profile = profile;
@@ -1713,12 +1713,12 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
return 0;
}
- /* Discard the MKI value for now. */
+ // Discard the MKI value for now.
const STACK_OF(SRTP_PROTECTION_PROFILE) *server_profiles =
SSL_get_srtp_profiles(ssl);
- /* Pick the server's most preferred profile. */
+ // Pick the server's most preferred profile.
for (const SRTP_PROTECTION_PROFILE *server_profile : server_profiles) {
CBS profile_ids_tmp;
CBS_init(&profile_ids_tmp, CBS_data(&profile_ids), CBS_len(&profile_ids));
@@ -1759,9 +1759,9 @@
}
-/* EC point formats.
- *
- * https://tools.ietf.org/html/rfc4492#section-5.1.2 */
+// EC point formats.
+//
+// https://tools.ietf.org/html/rfc4492#section-5.1.2
static int ext_ec_point_add_extension(SSL_HANDSHAKE *hs, CBB *out) {
CBB contents, formats;
@@ -1777,7 +1777,7 @@
}
static int ext_ec_point_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
- /* The point format extension is unneccessary in TLS 1.3. */
+ // The point format extension is unneccessary in TLS 1.3.
if (hs->min_version >= TLS1_3_VERSION) {
return 1;
}
@@ -1801,8 +1801,8 @@
return 0;
}
- /* Per RFC 4492, section 5.1.2, implementations MUST support the uncompressed
- * point format. */
+ // Per RFC 4492, section 5.1.2, implementations MUST support the uncompressed
+ // point format.
if (OPENSSL_memchr(CBS_data(&ec_point_format_list),
TLSEXT_ECPOINTFORMAT_uncompressed,
CBS_len(&ec_point_format_list)) == NULL) {
@@ -1840,9 +1840,9 @@
}
-/* Pre Shared Key
- *
- * https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.6 */
+// Pre Shared Key
+//
+// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.6
static size_t ext_pre_shared_key_clienthello_length(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
@@ -1867,8 +1867,8 @@
uint32_t ticket_age = 1000 * (now.tv_sec - ssl->session->time);
uint32_t obfuscated_ticket_age = ticket_age + ssl->session->ticket_age_add;
- /* Fill in a placeholder zero binder of the appropriate length. It will be
- * computed and filled in later after length prefixes are computed. */
+ // Fill in a placeholder zero binder of the appropriate length. It will be
+ // computed and filled in later after length prefixes are computed.
uint8_t zero_binder[EVP_MAX_MD_SIZE] = {0};
size_t binder_len = EVP_MD_size(SSL_SESSION_get_digest(ssl->session));
@@ -1901,7 +1901,7 @@
return 0;
}
- /* We only advertise one PSK identity, so the only legal index is zero. */
+ // We only advertise one PSK identity, so the only legal index is zero.
if (psk_id != 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
*out_alert = SSL_AD_UNKNOWN_PSK_IDENTITY;
@@ -1914,7 +1914,7 @@
int ssl_ext_pre_shared_key_parse_clienthello(
SSL_HANDSHAKE *hs, CBS *out_ticket, CBS *out_binders,
uint32_t *out_obfuscated_ticket_age, uint8_t *out_alert, CBS *contents) {
- /* We only process the first PSK identity since we don't support pure PSK. */
+ // We only process the first PSK identity since we don't support pure PSK.
CBS identities, binders;
if (!CBS_get_u16_length_prefixed(contents, &identities) ||
!CBS_get_u16_length_prefixed(&identities, out_ticket) ||
@@ -1929,7 +1929,7 @@
*out_binders = binders;
- /* Check the syntax of the remaining identities, but do not process them. */
+ // Check the syntax of the remaining identities, but do not process them.
size_t num_identities = 1;
while (CBS_len(&identities) != 0) {
CBS unused_ticket;
@@ -1944,8 +1944,8 @@
num_identities++;
}
- /* Check the syntax of the binders. The value will be checked later if
- * resuming. */
+ // Check the syntax of the binders. The value will be checked later if
+ // resuming.
size_t num_binders = 0;
while (CBS_len(&binders) != 0) {
CBS binder;
@@ -1975,7 +1975,7 @@
CBB contents;
if (!CBB_add_u16(out, TLSEXT_TYPE_pre_shared_key) ||
!CBB_add_u16_length_prefixed(out, &contents) ||
- /* We only consider the first identity for resumption */
+ // We only consider the first identity for resumption
!CBB_add_u16(&contents, 0) ||
!CBB_flush(out)) {
return 0;
@@ -1985,9 +1985,9 @@
}
-/* Pre-Shared Key Exchange Modes
- *
- * https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.7 */
+// Pre-Shared Key Exchange Modes
+//
+// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.7
static int ext_psk_key_exchange_modes_add_clienthello(SSL_HANDSHAKE *hs,
CBB *out) {
@@ -2021,7 +2021,7 @@
return 0;
}
- /* We only support tickets with PSK_DHE_KE. */
+ // We only support tickets with PSK_DHE_KE.
hs->accept_psk_mode = OPENSSL_memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE,
CBS_len(&ke_modes)) != NULL;
@@ -2029,9 +2029,9 @@
}
-/* Early Data Indication
- *
- * https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.8 */
+// Early Data Indication
+//
+// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.8
static int ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
@@ -2108,9 +2108,9 @@
}
-/* Key Share
- *
- * https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.5 */
+// Key Share
+//
+// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.5
static int ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
@@ -2127,8 +2127,8 @@
uint16_t group_id = hs->retry_group;
if (hs->received_hello_retry_request) {
- /* We received a HelloRetryRequest without a new curve, so there is no new
- * share to append. Leave |hs->key_share| as-is. */
+ // We received a HelloRetryRequest without a new curve, so there is no new
+ // share to append. Leave |hs->key_share| as-is.
if (group_id == 0 &&
!CBB_add_bytes(&kse_bytes, hs->key_share_bytes,
hs->key_share_bytes_len)) {
@@ -2141,7 +2141,7 @@
return CBB_flush(out);
}
} else {
- /* Add a fake group. See draft-davidben-tls-grease-01. */
+ // Add a fake group. See draft-davidben-tls-grease-01.
if (ssl->ctx->grease_enabled &&
(!CBB_add_u16(&kse_bytes,
ssl_get_grease_value(ssl, ssl_grease_group)) ||
@@ -2150,7 +2150,7 @@
return 0;
}
- /* Predict the most preferred group. */
+ // Predict the most preferred group.
const uint16_t *groups;
size_t groups_len;
tls1_get_grouplist(ssl, &groups, &groups_len);
@@ -2173,8 +2173,8 @@
}
if (!hs->received_hello_retry_request) {
- /* Save the contents of the extension to repeat it in the second
- * ClientHello. */
+ // Save the contents of the extension to repeat it in the second
+ // ClientHello.
hs->key_share_bytes_len = CBB_len(&kse_bytes);
hs->key_share_bytes =
(uint8_t *)BUF_memdup(CBB_data(&kse_bytes), CBB_len(&kse_bytes));
@@ -2233,7 +2233,7 @@
return 0;
}
- /* Find the corresponding key share. */
+ // Find the corresponding key share.
int found = 0;
CBS peer_key;
while (CBS_len(&key_shares) > 0) {
@@ -2254,7 +2254,7 @@
found = 1;
peer_key = peer_key_tmp;
- /* Continue parsing the structure to keep peers honest. */
+ // Continue parsing the structure to keep peers honest.
}
}
@@ -2265,7 +2265,7 @@
return 1;
}
- /* Compute the DH secret. */
+ // Compute the DH secret.
uint8_t *secret = NULL;
size_t secret_len;
ScopedCBB public_key;
@@ -2310,9 +2310,9 @@
}
-/* Supported Versions
- *
- * https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.1 */
+// Supported Versions
+//
+// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.1
static int ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
@@ -2327,7 +2327,7 @@
return 0;
}
- /* Add a fake version. See draft-davidben-tls-grease-01. */
+ // Add a fake version. See draft-davidben-tls-grease-01.
if (ssl->ctx->grease_enabled &&
!CBB_add_u16(&versions, ssl_get_grease_value(ssl, ssl_grease_version))) {
return 0;
@@ -2342,9 +2342,9 @@
}
-/* Cookie
- *
- * https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.2 */
+// Cookie
+//
+// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.2
static int ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
if (hs->cookie == NULL) {
@@ -2360,7 +2360,7 @@
return 0;
}
- /* The cookie is no longer needed in memory. */
+ // The cookie is no longer needed in memory.
OPENSSL_free(hs->cookie);
hs->cookie = NULL;
hs->cookie_len = 0;
@@ -2368,10 +2368,10 @@
}
-/* Negotiated Groups
- *
- * https://tools.ietf.org/html/rfc4492#section-5.1.2
- * https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.4 */
+// Negotiated Groups
+//
+// https://tools.ietf.org/html/rfc4492#section-5.1.2
+// https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.4
static int ext_supported_groups_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
@@ -2382,7 +2382,7 @@
return 0;
}
- /* Add a fake group. See draft-davidben-tls-grease-01. */
+ // Add a fake group. See draft-davidben-tls-grease-01.
if (ssl->ctx->grease_enabled &&
!CBB_add_u16(&groups_bytes,
ssl_get_grease_value(ssl, ssl_grease_group))) {
@@ -2405,8 +2405,8 @@
static int ext_supported_groups_parse_serverhello(SSL_HANDSHAKE *hs,
uint8_t *out_alert,
CBS *contents) {
- /* This extension is not expected to be echoed by servers in TLS 1.2, but some
- * BigIP servers send it nonetheless, so do not enforce this. */
+ // This extension is not expected to be echoed by servers in TLS 1.2, but some
+ // BigIP servers send it nonetheless, so do not enforce this.
return 1;
}
@@ -2453,12 +2453,12 @@
}
static int ext_supported_groups_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
- /* Servers don't echo this extension. */
+ // Servers don't echo this extension.
return 1;
}
-/* kExtensions contains all the supported extensions. */
+// kExtensions contains all the supported extensions.
static const struct tls_extension kExtensions[] = {
{
TLSEXT_TYPE_renegotiate,
@@ -2489,7 +2489,7 @@
NULL,
ext_ticket_add_clienthello,
ext_ticket_parse_serverhello,
- /* Ticket extension client parsing is handled in ssl_session.c */
+ // Ticket extension client parsing is handled in ssl_session.c
ignore_parse_clienthello,
ext_ticket_add_serverhello,
},
@@ -2530,7 +2530,7 @@
NULL,
ext_alpn_add_clienthello,
ext_alpn_parse_serverhello,
- /* ALPN is negotiated late in |ssl_negotiate_alpn|. */
+ // ALPN is negotiated late in |ssl_negotiate_alpn|.
ignore_parse_clienthello,
ext_alpn_add_serverhello,
},
@@ -2598,9 +2598,9 @@
ignore_parse_clienthello,
dont_add_serverhello,
},
- /* The final extension must be non-empty. WebSphere Application Server 7.0 is
- * intolerant to the last extension being zero-length. See
- * https://crbug.com/363583. */
+ // The final extension must be non-empty. WebSphere Application Server 7.0 is
+ // intolerant to the last extension being zero-length. See
+ // https://crbug.com/363583.
{
TLSEXT_TYPE_supported_groups,
NULL,
@@ -2635,7 +2635,7 @@
int ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len) {
SSL *const ssl = hs->ssl;
- /* Don't add extensions for SSLv3 unless doing secure renegotiation. */
+ // Don't add extensions for SSLv3 unless doing secure renegotiation.
if (hs->client_version == SSL3_VERSION &&
!ssl->s3->send_connection_binding) {
return 1;
@@ -2658,7 +2658,7 @@
uint16_t grease_ext1 = 0;
if (ssl->ctx->grease_enabled) {
- /* Add a fake empty extension. See draft-davidben-tls-grease-01. */
+ // Add a fake empty extension. See draft-davidben-tls-grease-01.
grease_ext1 = ssl_get_grease_value(ssl, ssl_grease_extension1);
if (!CBB_add_u16(&extensions, grease_ext1) ||
!CBB_add_u16(&extensions, 0 /* zero length */)) {
@@ -2686,12 +2686,12 @@
}
if (ssl->ctx->grease_enabled) {
- /* Add a fake non-empty extension. See draft-davidben-tls-grease-01. */
+ // Add a fake non-empty extension. See draft-davidben-tls-grease-01.
uint16_t grease_ext2 = ssl_get_grease_value(ssl, ssl_grease_extension2);
- /* The two fake extensions must not have the same value. GREASE values are
- * of the form 0x1a1a, 0x2a2a, 0x3a3a, etc., so XOR to generate a different
- * one. */
+ // The two fake extensions must not have the same value. GREASE values are
+ // of the form 0x1a1a, 0x2a2a, 0x3a3a, etc., so XOR to generate a different
+ // one.
if (grease_ext1 == grease_ext2) {
grease_ext2 ^= 0x1010;
}
@@ -2708,15 +2708,15 @@
size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs);
header_len += 2 + CBB_len(&extensions) + psk_extension_len;
if (header_len > 0xff && header_len < 0x200) {
- /* Add padding to workaround bugs in F5 terminators. See RFC 7685.
- *
- * NB: because this code works out the length of all existing extensions
- * it MUST always appear last. */
+ // Add padding to workaround bugs in F5 terminators. See RFC 7685.
+ //
+ // NB: because this code works out the length of all existing extensions
+ // it MUST always appear last.
size_t padding_len = 0x200 - header_len;
- /* Extensions take at least four bytes to encode. Always include at least
- * one byte of data if including the extension. WebSphere Application
- * Server 7.0 is intolerant to the last extension being zero-length. See
- * https://crbug.com/363583. */
+ // Extensions take at least four bytes to encode. Always include at least
+ // one byte of data if including the extension. WebSphere Application
+ // Server 7.0 is intolerant to the last extension being zero-length. See
+ // https://crbug.com/363583.
if (padding_len >= 4 + 1) {
padding_len -= 4;
} else {
@@ -2735,13 +2735,13 @@
}
}
- /* The PSK extension must be last, including after the padding. */
+ // The PSK extension must be last, including after the padding.
if (!ext_pre_shared_key_add_clienthello(hs, &extensions)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
- /* Discard empty extensions blocks. */
+ // Discard empty extensions blocks.
if (CBB_len(&extensions) == 0) {
CBB_discard_child(out);
}
@@ -2758,7 +2758,7 @@
for (unsigned i = 0; i < kNumExtensions; i++) {
if (!(hs->extensions.received & (1u << i))) {
- /* Don't send extensions that were not received. */
+ // Don't send extensions that were not received.
continue;
}
@@ -2773,7 +2773,7 @@
goto err;
}
- /* Discard empty extensions blocks before TLS 1.3. */
+ // Discard empty extensions blocks before TLS 1.3.
if (ssl3_protocol_version(ssl) < TLS1_3_VERSION &&
CBB_len(&extensions) == 0) {
CBB_discard_child(out);
@@ -2804,15 +2804,15 @@
uint16_t type;
CBS extension;
- /* Decode the next extension. */
+ // Decode the next extension.
if (!CBS_get_u16(&extensions, &type) ||
!CBS_get_u16_length_prefixed(&extensions, &extension)) {
*out_alert = SSL_AD_DECODE_ERROR;
return 0;
}
- /* RFC 5746 made the existence of extensions in SSL 3.0 somewhat
- * ambiguous. Ignore all but the renegotiation_info extension. */
+ // RFC 5746 made the existence of extensions in SSL 3.0 somewhat
+ // ambiguous. Ignore all but the renegotiation_info extension.
if (ssl->version == SSL3_VERSION && type != TLSEXT_TYPE_renegotiate) {
continue;
}
@@ -2849,16 +2849,16 @@
if (kExtensions[i].value == TLSEXT_TYPE_renegotiate &&
ssl_client_cipher_list_contains_cipher(client_hello,
SSL3_CK_SCSV & 0xffff)) {
- /* The renegotiation SCSV was received so pretend that we received a
- * renegotiation extension. */
+ // The renegotiation SCSV was received so pretend that we received a
+ // renegotiation extension.
CBS_init(&fake_contents, kFakeRenegotiateExtension,
sizeof(kFakeRenegotiateExtension));
contents = &fake_contents;
hs->extensions.received |= (1u << i);
}
- /* Extension wasn't observed so call the callback with a NULL
- * parameter. */
+ // Extension wasn't observed so call the callback with a NULL
+ // parameter.
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!kExtensions[i].parse_clienthello(hs, &alert, contents)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
@@ -2891,12 +2891,12 @@
static int ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs,
int *out_alert) {
SSL *const ssl = hs->ssl;
- /* Before TLS 1.3, ServerHello extensions blocks may be omitted if empty. */
+ // Before TLS 1.3, ServerHello extensions blocks may be omitted if empty.
if (CBS_len(cbs) == 0 && ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
return 1;
}
- /* Decode the extensions block and check it is valid. */
+ // Decode the extensions block and check it is valid.
CBS extensions;
if (!CBS_get_u16_length_prefixed(cbs, &extensions) ||
!tls1_check_duplicate_extensions(&extensions)) {
@@ -2909,7 +2909,7 @@
uint16_t type;
CBS extension;
- /* Decode the next extension. */
+ // Decode the next extension.
if (!CBS_get_u16(&extensions, &type) ||
!CBS_get_u16_length_prefixed(&extensions, &extension)) {
*out_alert = SSL_AD_DECODE_ERROR;
@@ -2933,8 +2933,8 @@
if (!(hs->extensions.sent & (1u << ext_index)) &&
type != TLSEXT_TYPE_renegotiate) {
- /* If the extension was never sent then it is illegal, except for the
- * renegotiation extension which, in SSL 3.0, is signaled via SCSV. */
+ // If the extension was never sent then it is illegal, except for the
+ // renegotiation extension which, in SSL 3.0, is signaled via SCSV.
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
ERR_add_error_dataf("extension :%u", (unsigned)type);
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
@@ -2954,8 +2954,8 @@
for (size_t i = 0; i < kNumExtensions; i++) {
if (!(received & (1u << i))) {
- /* Extension wasn't observed so call the callback with a NULL
- * parameter. */
+ // Extension wasn't observed so call the callback with a NULL
+ // parameter.
uint8_t alert = SSL_AD_DECODE_ERROR;
if (!kExtensions[i].parse_serverhello(hs, &alert, NULL)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
@@ -3012,11 +3012,11 @@
HMAC_CTX *hmac_ctx, const uint8_t *ticket, size_t ticket_len) {
size_t iv_len = EVP_CIPHER_CTX_iv_length(cipher_ctx);
- /* Check the MAC at the end of the ticket. */
+ // Check the MAC at the end of the ticket.
uint8_t mac[EVP_MAX_MD_SIZE];
size_t mac_len = HMAC_size(hmac_ctx);
if (ticket_len < SSL_TICKET_KEY_NAME_LEN + iv_len + 1 + mac_len) {
- /* The ticket must be large enough for key name, IV, data, and MAC. */
+ // The ticket must be large enough for key name, IV, data, and MAC.
return ssl_ticket_aead_ignore_ticket;
}
HMAC_Update(hmac_ctx, ticket, ticket_len - mac_len);
@@ -3030,7 +3030,7 @@
return ssl_ticket_aead_ignore_ticket;
}
- /* Decrypt the session data. */
+ // Decrypt the session data.
const uint8_t *ciphertext = ticket + SSL_TICKET_KEY_NAME_LEN + iv_len;
size_t ciphertext_len = ticket_len - SSL_TICKET_KEY_NAME_LEN - iv_len -
mac_len;
@@ -3090,12 +3090,12 @@
assert(ticket_len >= SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH);
SSL_CTX *ctx = ssl->session_ctx;
- /* Rotate the ticket key if necessary. */
+ // Rotate the ticket key if necessary.
if (!ssl_ctx_rotate_ticket_encryption_key(ctx)) {
return ssl_ticket_aead_error;
}
- /* Pick the matching ticket key and decrypt. */
+ // Pick the matching ticket key and decrypt.
ScopedEVP_CIPHER_CTX cipher_ctx;
ScopedHMAC_CTX hmac_ctx;
{
@@ -3167,10 +3167,10 @@
result = ssl_decrypt_ticket_with_method(
ssl, &plaintext, &plaintext_len, out_renew_ticket, ticket, ticket_len);
} else {
- /* Ensure there is room for the key name and the largest IV
- * |tlsext_ticket_key_cb| may try to consume. The real limit may be lower,
- * but the maximum IV length should be well under the minimum size for the
- * session material and HMAC. */
+ // Ensure there is room for the key name and the largest IV
+ // |tlsext_ticket_key_cb| may try to consume. The real limit may be lower,
+ // but the maximum IV length should be well under the minimum size for the
+ // session material and HMAC.
if (ticket_len < SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH) {
return ssl_ticket_aead_ignore_ticket;
}
@@ -3187,18 +3187,18 @@
return result;
}
- /* Decode the session. */
+ // Decode the session.
UniquePtr<SSL_SESSION> session(
SSL_SESSION_from_bytes(plaintext, plaintext_len, ssl->ctx));
OPENSSL_free(plaintext);
if (!session) {
- ERR_clear_error(); /* Don't leave an error on the queue. */
+ ERR_clear_error(); // Don't leave an error on the queue.
return ssl_ticket_aead_ignore_ticket;
}
- /* Copy the client's session ID into the new session, to denote the ticket has
- * been accepted. */
+ // Copy the client's session ID into the new session, to denote the ticket has
+ // been accepted.
OPENSSL_memcpy(session->session_id, session_id, session_id_len);
session->session_id_length = session_id_len;
@@ -3207,7 +3207,7 @@
}
int tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) {
- /* Extension ignored for inappropriate versions */
+ // Extension ignored for inappropriate versions
if (ssl3_protocol_version(hs->ssl) < TLS1_2_VERSION) {
return 1;
}
@@ -3222,14 +3222,14 @@
}
num_sigalgs /= 2;
- /* supported_signature_algorithms in the certificate request is
- * allowed to be empty. */
+ // supported_signature_algorithms in the certificate request is
+ // allowed to be empty.
if (num_sigalgs == 0) {
return 1;
}
- /* This multiplication doesn't overflow because sizeof(uint16_t) is two
- * and we just divided |num_sigalgs| by two. */
+ // This multiplication doesn't overflow because sizeof(uint16_t) is two
+ // and we just divided |num_sigalgs| by two.
hs->peer_sigalgs = (uint16_t *)OPENSSL_malloc(num_sigalgs * sizeof(uint16_t));
if (hs->peer_sigalgs == NULL) {
return 0;
@@ -3264,8 +3264,8 @@
SSL *const ssl = hs->ssl;
CERT *cert = ssl->cert;
- /* Before TLS 1.2, the signature algorithm isn't negotiated as part of the
- * handshake. */
+ // Before TLS 1.2, the signature algorithm isn't negotiated as part of the
+ // handshake.
if (ssl3_protocol_version(ssl) < TLS1_2_VERSION) {
if (!tls1_get_legacy_signature_algorithm(out, hs->local_pubkey.get())) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
@@ -3284,9 +3284,9 @@
const uint16_t *peer_sigalgs = hs->peer_sigalgs;
size_t num_peer_sigalgs = hs->num_peer_sigalgs;
if (num_peer_sigalgs == 0 && ssl3_protocol_version(ssl) < TLS1_3_VERSION) {
- /* If the client didn't specify any signature_algorithms extension then
- * we can assume that it supports SHA1. See
- * http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+ // If the client didn't specify any signature_algorithms extension then
+ // we can assume that it supports SHA1. See
+ // http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
static const uint16_t kDefaultPeerAlgorithms[] = {SSL_SIGN_RSA_PKCS1_SHA1,
SSL_SIGN_ECDSA_SHA1};
peer_sigalgs = kDefaultPeerAlgorithms;
@@ -3295,8 +3295,8 @@
for (size_t i = 0; i < num_sigalgs; i++) {
uint16_t sigalg = sigalgs[i];
- /* SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal value and should never be
- * negotiated. */
+ // SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal value and should never be
+ // negotiated.
if (sigalg == SSL_SIGN_RSA_PKCS1_MD5_SHA1 ||
!ssl_private_key_supports_signature_algorithm(hs, sigalgs[i])) {
continue;
@@ -3316,8 +3316,8 @@
int tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
SSL *const ssl = hs->ssl;
- /* A Channel ID handshake message is structured to contain multiple
- * extensions, but the only one that can be present is Channel ID. */
+ // A Channel ID handshake message is structured to contain multiple
+ // extensions, but the only one that can be present is Channel ID.
uint16_t extension_type;
CBS channel_id = msg.body, extension;
if (!CBS_get_u16(&channel_id, &extension_type) ||
@@ -3474,14 +3474,14 @@
return 1;
}
-/* tls1_record_handshake_hashes_for_channel_id records the current handshake
- * hashes in |hs->new_session| so that Channel ID resumptions can sign that
- * data. */
+// tls1_record_handshake_hashes_for_channel_id records the current handshake
+// hashes in |hs->new_session| so that Channel ID resumptions can sign that
+// data.
int tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- /* This function should never be called for a resumed session because the
- * handshake hashes that we wish to record are for the original, full
- * handshake. */
+ // This function should never be called for a resumed session because the
+ // handshake hashes that we wish to record are for the original, full
+ // handshake.
if (ssl->session != NULL) {
return 0;
}
@@ -3512,7 +3512,7 @@
EVP_PKEY *key = NULL;
ssl->ctx->channel_id_cb(ssl, &key);
if (key == NULL) {
- /* The caller should try again later. */
+ // The caller should try again later.
return 1;
}
@@ -3522,9 +3522,9 @@
}
int ssl_is_sct_list_valid(const CBS *contents) {
- /* Shallow parse the SCT list for sanity. By the RFC
- * (https://tools.ietf.org/html/rfc6962#section-3.3) neither the list nor any
- * of the SCTs may be empty. */
+ // Shallow parse the SCT list for sanity. By the RFC
+ // (https://tools.ietf.org/html/rfc6962#section-3.3) neither the list nor any
+ // of the SCTs may be empty.
CBS copy = *contents;
CBS sct_list;
if (!CBS_get_u16_length_prefixed(©, &sct_list) ||
