Documentation: Change |...| to `...` for code references in comments 13/N This CL includes the result of running util/update_comment_style.py over all *.cc files in ssl/, and fixing omissions manually if necessary. Bug: 42290410 Change-Id: If4699d37de25398c428f3352eb5d562b6a6a6964 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/96152 Reviewed-by: Rudolf Polzer <rpolzer@google.com> Commit-Queue: Lily Chen <chlily@google.com>
diff --git a/ssl/bio_ssl.cc b/ssl/bio_ssl.cc index 7e9d4d6..5836abd 100644 --- a/ssl/bio_ssl.cc +++ b/ssl/bio_ssl.cc
@@ -111,8 +111,8 @@ } // Note this differs from upstream OpenSSL, which synchronizes - // |BIO_next(bio)| with |ssl|'s rbio here, and on |BIO_CTRL_PUSH|. We call - // into the corresponding |BIO| directly. (We can implement the upstream + // `BIO_next(bio)` with `ssl`'s rbio here, and on `BIO_CTRL_PUSH`. We call + // into the corresponding `BIO` directly. (We can implement the upstream // behavior if it ends up necessary.) BIO_set_shutdown(bio, static_cast<int>(num)); BIO_set_data(bio, ptr);
diff --git a/ssl/d1_both.cc b/ssl/d1_both.cc index 7b7a118..d3ad437 100644 --- a/ssl/d1_both.cc +++ b/ssl/d1_both.cc
@@ -45,14 +45,14 @@ // the underlying BIO supplies one. static const unsigned int kDefaultMTU = 1500 - 28; -// BitRange returns a |uint8_t| with bits |start|, inclusive, to |end|, +// BitRange returns a `uint8_t` with bits `start`, inclusive, to `end`, // exclusive, set. static uint8_t BitRange(size_t start, size_t end) { assert(start <= end && end <= 8); return static_cast<uint8_t>(~((1u << start) - 1) & ((1u << end) - 1)); } -// FirstUnmarkedRangeInByte returns the first unmarked range in bits |b|. +// FirstUnmarkedRangeInByte returns the first unmarked range in bits `b`. static DTLSMessageBitmap::Range FirstUnmarkedRangeInByte(uint8_t b) { size_t start, end; for (start = 0; start < 8; start++) { @@ -106,8 +106,8 @@ } } - // Maintain the |first_unmarked_byte_| invariant. This work is amortized - // across all |MarkRange| calls. + // Maintain the `first_unmarked_byte_` invariant. This work is amortized + // across all `MarkRange` calls. while (first_unmarked_byte_ < bytes_.size() && bytes_[first_unmarked_byte_] == 0xff) { first_unmarked_byte_++; @@ -130,7 +130,7 @@ return Range{0, 0}; } - // Look at the bits from |start| up to a byte boundary. + // Look at the bits from `start` up to a byte boundary. uint8_t byte = bytes_[idx] | BitRange(0, start & 7); if (byte == 0xff) { // Nothing unmarked at this byte. Keep searching for an unmarked bit. @@ -217,8 +217,8 @@ } // dtls1_get_incoming_message returns the incoming message corresponding to -// |msg_hdr|. If none exists, it creates a new one and inserts it in the -// queue. Otherwise, it checks |msg_hdr| is consistent with the existing one. It +// `msg_hdr`. If none exists, it creates a new one and inserts it in the +// queue. Otherwise, it checks `msg_hdr` is consistent with the existing one. It // returns NULL on failure. The caller does not take ownership of the result. static DTLSIncomingMessage *dtls1_get_incoming_message( SSL *ssl, uint8_t *out_alert, const struct hm_header_st *msg_hdr) { @@ -289,9 +289,9 @@ if (record_number.epoch() != ssl->d1->read_epoch.epoch || ssl->d1->next_read_epoch != nullptr) { // New messages can only arrive in the latest epoch. This can fail if the - // record came from |prev_read_epoch|, or if it came from |read_epoch| but - // |next_read_epoch| exists. (It cannot come from |next_read_epoch| - // because |next_read_epoch| becomes |read_epoch| once it receives a + // record came from `prev_read_epoch`, or if it came from `read_epoch` but + // `next_read_epoch` exists. (It cannot come from `next_read_epoch` + // because `next_read_epoch` becomes `read_epoch` once it receives a // record.) OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA); *out_alert = SSL_AD_UNEXPECTED_MESSAGE; @@ -462,7 +462,7 @@ } ssl->s3->has_message = false; // If we previously sent a flight, mark it as having a reply, so - // |on_handshake_complete| can manage post-handshake retransmission. + // `on_handshake_complete` can manage post-handshake retransmission. if (ssl->d1->outgoing_messages_complete) { ssl->d1->flight_has_reply = true; } @@ -548,7 +548,7 @@ } bool dtls1_init_message(const SSL *ssl, CBB *cbb, CBB *body, uint8_t type) { - // Pick a modest size hint to save most of the |realloc| calls. + // Pick a modest size hint to save most of the `realloc` calls. if (!CBB_init(cbb, 64) || // !CBB_add_u8(cbb, type) || // !CBB_add_u24(cbb, 0 /* length (filled in later) */) || // @@ -613,7 +613,7 @@ return false; } - // This should not fail if |SSL_MAX_HANDSHAKE_FLIGHT| was sized correctly. + // This should not fail if `SSL_MAX_HANDSHAKE_FLIGHT` was sized correctly. // // TODO(crbug.com/42290594): This can currently fail in DTLS 1.3. The caller // can configure how many tickets to send, up to kMaxTickets. Additionally, if @@ -644,9 +644,9 @@ // dtls1_update_mtu updates the current MTU from the BIO, ensuring it is above // the minimum. static void dtls1_update_mtu(SSL *ssl) { - // TODO(davidben): No consumer implements |BIO_CTRL_DGRAM_SET_MTU| and the - // only |BIO_CTRL_DGRAM_QUERY_MTU| implementation could use - // |SSL_set_mtu|. Does this need to be so complex? + // TODO(davidben): No consumer implements `BIO_CTRL_DGRAM_SET_MTU` and the + // only `BIO_CTRL_DGRAM_QUERY_MTU` implementation could use + // `SSL_set_mtu`. Does this need to be so complex? if (ssl->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) { long mtu = BIO_ctrl(ssl->wbio.get(), BIO_CTRL_DGRAM_QUERY_MTU, 0, nullptr); @@ -668,14 +668,14 @@ seal_flush, }; -// seal_next_record seals one record's worth of messages to |out| and advances -// |ssl|'s internal state past the data that was sealed. If progress was made, -// it returns |seal_flush| or |seal_continue| and sets -// |*out_len| to the number of bytes written. +// seal_next_record seals one record's worth of messages to `out` and advances +// `ssl`'s internal state past the data that was sealed. If progress was made, +// it returns `seal_flush` or `seal_continue` and sets +// `*out_len` to the number of bytes written. // // If the function stopped because the next message could not be combined into -// this record, it returns |seal_continue| and the caller should loop again. -// Otherwise, it returns |seal_flush| and the packet is complete (either because +// this record, it returns `seal_continue` and the caller should loop again. +// Otherwise, it returns `seal_flush` and the packet is complete (either because // there are no more messages or the packet is full). static seal_result_t seal_next_record(SSL *ssl, Span<uint8_t> out, size_t *out_len) { @@ -741,7 +741,7 @@ break; } - // Decode |msg|'s header. + // Decode `msg`'s header. CBS cbs(msg.data), body_cbs; struct hm_header_st hdr; if (!dtls1_parse_fragment(&cbs, &hdr, &body_cbs) || // @@ -844,8 +844,8 @@ return should_continue ? seal_continue : seal_flush; } -// seal_next_packet writes as much of the next flight as possible to |out| and -// advances |ssl->d1->outgoing_written| and |ssl->d1->outgoing_offset| as +// seal_next_packet writes as much of the next flight as possible to `out` and +// advances `ssl->d1->outgoing_written` and `ssl->d1->outgoing_offset` as // appropriate. static bool seal_next_packet(SSL *ssl, Span<uint8_t> out, size_t *out_len) { size_t total = 0;
diff --git a/ssl/d1_lib.cc b/ssl/d1_lib.cc index 9333a9d..f6f89ca 100644 --- a/ssl/d1_lib.cc +++ b/ssl/d1_lib.cc
@@ -182,7 +182,7 @@ uint64_t remaining_sec = remaining_usec / 1000000; remaining_usec %= 1000000; - // |timeval| uses |time_t|, which may be 32-bit. + // `timeval` uses `time_t`, which may be 32-bit. const auto kTvSecMax = std::numeric_limits<decltype(out->tv_sec)>::max(); if (remaining_sec > static_cast<uint64_t>(kTvSecMax)) { out->tv_sec = kTvSecMax; // Saturate the output.
diff --git a/ssl/d1_pkt.cc b/ssl/d1_pkt.cc index 9dd85c8..e09e479 100644 --- a/ssl/d1_pkt.cc +++ b/ssl/d1_pkt.cc
@@ -186,7 +186,7 @@ // handshake, so renegotiations and retransmissions are ambiguous. // // TODO(crbug.com/383016430): Move this logic into - // |dtls1_process_handshake_fragments| and integrate it into DTLS 1.3 + // `dtls1_process_handshake_fragments` and integrate it into DTLS 1.3 // retransmit conditions. CBS cbs, body; struct hm_header_st msg_hdr; @@ -271,7 +271,7 @@ assert(in.size() <= SSL3_RT_MAX_PLAIN_LENGTH); // There should never be a pending write buffer in DTLS. One can't write half // a datagram, so the write buffer is always dropped in - // |ssl_write_buffer_flush|. + // `ssl_write_buffer_flush`. assert(buf->empty()); if (in.size() > SSL3_RT_MAX_PLAIN_LENGTH) {
diff --git a/ssl/dtls_record.cc b/ssl/dtls_record.cc index 9018b6f..c0fe668 100644 --- a/ssl/dtls_record.cc +++ b/ssl/dtls_record.cc
@@ -78,7 +78,7 @@ } // reconstruct_epoch finds the largest epoch that ends with the epoch bits from -// |wire_epoch| that is less than or equal to |current_epoch|, to match the +// `wire_epoch` that is less than or equal to `current_epoch`, to match the // epoch reconstruction algorithm described in RFC 9147 section 4.2.2. static uint16_t reconstruct_epoch(uint8_t wire_epoch, uint16_t current_epoch) { uint16_t current_epoch_high = current_epoch & 0xfffc; @@ -152,7 +152,7 @@ struct ParsedDTLSRecord { // read_epoch will be null if the record is for an unrecognized epoch. In that - // case, |number| may be unset. + // case, `number` may be unset. DTLSReadEpoch *read_epoch = nullptr; DTLSRecordNumber number; CBS header, body; @@ -190,7 +190,7 @@ } } else { // No length present - the remaining contents are the whole packet. - // CBS_get_bytes is used here to advance |in| to the end so that future + // CBS_get_bytes is used here to advance `in` to the end so that future // code that computes the number of consumed bytes functions correctly. BSSL_CHECK(CBS_get_bytes(in, &out->body, CBS_len(in))); } @@ -565,7 +565,7 @@ // Record number encryption uses bytes from the ciphertext as a sample to // generate the mask used for encryption. For simplicity, pass in the whole // ciphertext as the sample - GenerateRecordNumberMask will read only what - // it needs (and error if |sample| is too short). + // it needs (and error if `sample` is too short). Span<const uint8_t> sample(out + record_header_len, ciphertext_len); uint8_t mask[2]; if (!write_epoch->rn_encrypter->GenerateMask(mask, sample)) {
diff --git a/ssl/encrypted_client_hello.cc b/ssl/encrypted_client_hello.cc index 444de9b..eacc375 100644 --- a/ssl/encrypted_client_hello.cc +++ b/ssl/encrypted_client_hello.cc
@@ -56,10 +56,10 @@ return nullptr; } -// ssl_client_hello_write_without_extensions serializes |client_hello| into -// |out|, omitting the length-prefixed extensions. It serializes individual -// fields, starting with |client_hello->version|, and ignores the -// |client_hello->client_hello| field. It returns true on success and false on +// ssl_client_hello_write_without_extensions serializes `client_hello` into +// `out`, omitting the length-prefixed extensions. It serializes individual +// fields, starting with `client_hello->version`, and ignores the +// `client_hello->client_hello` field. It returns true on success and false on // failure. static bool ssl_client_hello_write_without_extensions( const SSL_CLIENT_HELLO *client_hello, CBB *out) { @@ -164,7 +164,7 @@ client_hello_inner.session_id = client_hello_outer->session_id; client_hello_inner.session_id_len = client_hello_outer->session_id_len; - // Begin serializing a message containing the ClientHelloInner in |cbb|. + // Begin serializing a message containing the ClientHelloInner in `cbb`. ScopedCBB cbb; CBB body, extensions_cbb; if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CLIENT_HELLO) || @@ -220,7 +220,7 @@ OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_OUTER_EXTENSION); return false; } - // Seek to |want| in |outer_extensions|. |ext_list| is required to match + // Seek to `want` in `outer_extensions`. `ext_list` is required to match // ClientHelloOuter in order. uint16_t found; CBS ext_body; @@ -274,8 +274,8 @@ Span<const uint8_t> payload) { *out_is_decrypt_error = false; - // The ClientHelloOuterAAD is |client_hello_outer| with |payload| (which must - // point within |client_hello_outer->extensions|) replaced with zeros. See + // The ClientHelloOuterAAD is `client_hello_outer` with `payload` (which must + // point within `client_hello_outer->extensions`) replaced with zeros. See // RFC 9849, section 5.2. Array<uint8_t> aad; if (!aad.CopyFrom(Span(client_hello_outer->client_hello, @@ -284,23 +284,23 @@ return false; } - // We assert with |uintptr_t| because the comparison would be UB if they + // We assert with `uintptr_t` because the comparison would be UB if they // didn't alias. - // - |payload| must be contained in |extensions|. + // - `payload` must be contained in `extensions`. assert(reinterpret_cast<uintptr_t>(client_hello_outer->extensions) <= reinterpret_cast<uintptr_t>(payload.data())); assert(reinterpret_cast<uintptr_t>(client_hello_outer->extensions + client_hello_outer->extensions_len) >= reinterpret_cast<uintptr_t>(payload.data() + payload.size())); - // - |extensions| must be contained in |client_hello|. + // - `extensions` must be contained in `client_hello`. assert(reinterpret_cast<uintptr_t>(client_hello_outer->client_hello) <= reinterpret_cast<uintptr_t>(client_hello_outer->extensions)); assert(reinterpret_cast<uintptr_t>(client_hello_outer->client_hello + client_hello_outer->client_hello_len) >= reinterpret_cast<uintptr_t>(client_hello_outer->extensions + client_hello_outer->extensions_len)); - // From this then follows that |aad|, being a copy of |client_hello|, contains - // the |payload| byte range as well. + // From this then follows that `aad`, being a copy of `client_hello`, contains + // the `payload` byte range as well. Span<uint8_t> payload_aad = Span(aad).subspan( payload.data() - client_hello_outer->client_hello, payload.size()); OPENSSL_memset(payload_aad.data(), 0, payload_aad.size()); @@ -398,7 +398,7 @@ return false; } } - // |component| must be a valid LDH label. Checking for empty components also + // `component` must be a valid LDH label. Checking for empty components also // rejects leading dots. if (component.empty() || component.size() > 63 || component.front() == '-' || component.back() == '-') { @@ -474,7 +474,7 @@ out->public_key = public_key; out->public_name = public_name; - // This function does not ensure |out->kem_id| and |out->cipher_suites| use + // This function does not ensure `out->kem_id` and `out->cipher_suites` use // supported algorithms. The caller must do this. out->cipher_suites = cipher_suites; @@ -540,7 +540,7 @@ } } - // Check the public key in the ECHConfig matches |key|. + // Check the public key in the ECHConfig matches `key`. uint8_t expected_public_key[EVP_HPKE_MAX_PUBLIC_KEY_LENGTH]; size_t expected_public_key_len; if (!EVP_HPKE_KEY_public_key(key, expected_public_key, @@ -721,7 +721,7 @@ return EVP_AEAD_max_overhead(EVP_HPKE_AEAD_aead(aead)); } -// random_size returns a random value between |min| and |max|, inclusive. +// random_size returns a random value between `min` and `max`, inclusive. static size_t random_size(size_t min, size_t max) { assert(min < max); size_t value; @@ -824,7 +824,7 @@ padding_len = maximum_name_length - hostname_len; } } else { - // No SNI. Pad up to |maximum_name_length|, including server_name extension + // No SNI. Pad up to `maximum_name_length`, including server_name extension // overhead. padding_len = 9 + maximum_name_length; } @@ -836,7 +836,7 @@ return false; } - // Encrypt |encoded|. See RFC 9849, section 6.1.1. First, assemble the + // Encrypt `encoded`. See RFC 9849, section 6.1.1. First, assemble the // extension with a placeholder value for ClientHelloOuterAAD. See RFC 9849, // section 5.2. const EVP_HPKE_KDF *kdf = EVP_HPKE_CTX_kdf(hs->ech_hpke_ctx.get()); @@ -857,7 +857,7 @@ // Construct ClientHelloOuterAAD. // TODO(https://crbug.com/boringssl/275): This ends up constructing the - // ClientHelloOuter twice. Instead, reuse |aad| for the ClientHello, now that + // ClientHelloOuter twice. Instead, reuse `aad` for the ClientHello, now that // draft-12 made the length prefixes match. bssl::ScopedCBB aad; if (!CBB_init(aad.get(), 256) || @@ -870,7 +870,7 @@ return false; } - // Replace the payload in |hs->ech_client_outer| with the encrypted value. + // Replace the payload in `hs->ech_client_outer` with the encrypted value. auto payload_span = Span(hs->ech_client_outer).last(payload_len); if (CRYPTO_fuzzer_mode_enabled()) { // In fuzzer mode, the server expects a cleartext payload. @@ -917,10 +917,10 @@ void SSL_get0_ech_name_override(const SSL *ssl, const char **out_name, size_t *out_name_len) { // When ECH is rejected, we use the public name. Note that, if - // |SSL_CTX_set_reverify_on_resume| is enabled, we reverify the certificate + // `SSL_CTX_set_reverify_on_resume` is enabled, we reverify the certificate // before the 0-RTT point. If also offering ECH, we verify as if // ClientHelloInner was accepted and do not override. This works because, at - // this point, |ech_status| will be |ssl_ech_none|. See the + // this point, `ech_status` will be `ssl_ech_none`. See the // ECH-Client-Reject-EarlyDataReject-OverrideNameOnRetry tests in runner.go. const SSL_HANDSHAKE *hs = ssl->s3->hs.get(); if (!ssl->server && hs && ssl->s3->ech_status == ssl_ech_rejected) { @@ -939,10 +939,10 @@ const SSL_HANDSHAKE *hs = ssl->s3->hs.get(); if (!hs || !hs->ech_authenticated_reject) { // It is an error to call this function except in response to - // |SSL_R_ECH_REJECTED|. Returning an empty string risks the caller + // `SSL_R_ECH_REJECTED`. Returning an empty string risks the caller // mistakenly believing the server has disabled ECH. Instead, return a // non-empty ECHConfigList with a syntax error, so the subsequent - // |SSL_set1_ech_config_list| call will fail. + // `SSL_set1_ech_config_list` call will fail. assert(0); static const uint8_t kPlaceholder[] = { kECHConfigVersion >> 8, kECHConfigVersion & 0xff, 0xff, 0xff, 0xff};
diff --git a/ssl/extensions.cc b/ssl/extensions.cc index 3697e7a..a6c1f7c 100644 --- a/ssl/extensions.cc +++ b/ssl/extensions.cc
@@ -217,7 +217,7 @@ // However, in the interests of compatibility, we will skip ECDH if the // client didn't send an extension because we can't be sure that they'll // support our favoured group. Thus we do not special-case an empty - // |peer_supported_group_list|. + // `peer_supported_group_list`. Span<const uint16_t> groups = hs->config->supported_group_list; Span<const uint16_t> pref, supp; @@ -447,7 +447,7 @@ return false; } - // Check for unsolicited flags that fit in |SSLFlags|. + // Check for unsolicited flags that fit in `SSLFlags`. if ((*out & allowed_flags) != *out) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION); *out_alert = SSL_AD_ILLEGAL_PARAMETER; @@ -459,30 +459,30 @@ // tls_extension represents a TLS extension that is handled internally. // -// The parse callbacks receive a |CBS| that contains the contents of the +// The parse callbacks receive a `CBS` that contains the contents of the // extension (i.e. not including the type and length bytes). If an extension is // not received then the parse callbacks will be called with a NULL CBS so that // they can do any processing needed to handle the absence of an extension. // -// The add callbacks receive a |CBB| to which the extension can be appended but +// The add callbacks receive a `CBB` to which the extension can be appended but // the function is responsible for appending the type and length bytes too. // -// |add_clienthello| may be called multiple times and must not mutate |hs|. It -// is additionally passed two output |CBB|s. If the extension is the same -// independent of the value of |type|, the callback may write to -// |out_compressible| instead of |out|. When serializing the ClientHelloInner, +// `add_clienthello` may be called multiple times and must not mutate `hs`. It +// is additionally passed two output `CBB`s. If the extension is the same +// independent of the value of `type`, the callback may write to +// `out_compressible` instead of `out`. When serializing the ClientHelloInner, // all compressible extensions will be made contiguous and replaced with // ech_outer_extensions when encrypted. When serializing the ClientHelloOuter -// or not offering ECH, |out| will be equal to |out_compressible|, so writing to -// |out_compressible| still works. +// or not offering ECH, `out` will be equal to `out_compressible`, so writing to +// `out_compressible` still works. // -// Note the |parse_serverhello| and |add_serverhello| callbacks refer to the +// Note the `parse_serverhello` and `add_serverhello` callbacks refer to the // TLS 1.2 ServerHello. In TLS 1.3, these callbacks act on EncryptedExtensions, // with ServerHello extensions handled elsewhere in the handshake. // // All callbacks return true for success and false for error. If a parse -// function returns zero then a fatal alert with value |*out_alert| will be -// sent. If |*out_alert| isn't set, then a |decode_error| alert will be sent. +// function returns zero then a fatal alert with value `*out_alert` will be +// sent. If `*out_alert` isn't set, then a `decode_error` alert will be sent. struct tls_extension { uint16_t value; @@ -558,7 +558,7 @@ static bool ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) { - // SNI has already been parsed earlier in the handshake. See |extract_sni|. + // SNI has already been parsed earlier in the handshake. See `extract_sni`. return true; } @@ -672,8 +672,8 @@ return true; } - // Write the list of retry configs to |out|. Note |SSL_CTX_set1_ech_keys| - // ensures |ech_keys| contains at least one retry config. + // Write the list of retry configs to `out`. Note `SSL_CTX_set1_ech_keys` + // ensures `ech_keys` contains at least one retry config. CBB body, retry_configs; if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) || !CBB_add_u16_length_prefixed(out, &body) || @@ -982,7 +982,7 @@ return false; } - // If |SSL_OP_NO_TICKET| is set then no extension will have been sent and + // If `SSL_OP_NO_TICKET` is set then no extension will have been sent and // this function should never be called, even if the server tries to send the // extension. assert((SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0); @@ -1000,7 +1000,7 @@ return true; } - // If |SSL_OP_NO_TICKET| is set, |ticket_expected| should never be true. + // If `SSL_OP_NO_TICKET` is set, `ticket_expected` should never be true. assert((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) == 0); if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) || @@ -1202,7 +1202,7 @@ } } - // |orig_len| fits in |unsigned| because TLS extensions use 16-bit lengths. + // `orig_len` fits in `unsigned` because TLS extensions use 16-bit lengths. uint8_t *selected; uint8_t selected_len; if (ssl->ctx->next_proto_select_cb( @@ -1242,7 +1242,7 @@ static bool ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) { SSL *const ssl = hs->ssl; - // |next_proto_neg_seen| might have been cleared when an ALPN extension was + // `next_proto_neg_seen` might have been cleared when an ALPN extension was // parsed. if (!hs->next_proto_neg_seen) { return true; @@ -1523,7 +1523,7 @@ return false; } - // |protocol_name_list| fits in |unsigned| because TLS extensions use 16-bit + // `protocol_name_list` fits in `unsigned` because TLS extensions use 16-bit // lengths. const uint8_t *selected; uint8_t selected_len; @@ -1599,8 +1599,8 @@ // are not authenticated for the name that can learn the Channel ID. // // We could alternatively offer the extension but sign with a random key. - // For other extensions, we try to align |ssl_client_hello_outer| and - // |ssl_client_hello_unencrypted|, to improve the effectiveness of ECH + // For other extensions, we try to align `ssl_client_hello_outer` and + // `ssl_client_hello_unencrypted`, to improve the effectiveness of ECH // GREASE. However, Channel ID is deprecated and unlikely to be used with // ECH, so do the simplest thing. type == ssl_client_hello_outer) { @@ -1958,11 +1958,11 @@ } // ext_pre_shared_key_add_clienthello writes a pre_shared_key extension to -// |out_extensions| and flushes |out_client_hello|, invalidating -// |out_extensions|. |out_extensions| must be a child of |out_client_hello|. +// `out_extensions` and flushes `out_client_hello`, invalidating +// `out_extensions`. `out_extensions` must be a child of `out_client_hello`. // -// This function differs from other |CBB| functions because it needs to -// accommodate PSK binders. It must write the PSK extension, flush the |CBB| to +// This function differs from other `CBB` functions because it needs to +// accommodate PSK binders. It must write the PSK extension, flush the `CBB` to // write out a length prefix, and then finally sample the whole ClientHello. static bool ext_pre_shared_key_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out_client_hello, @@ -2036,7 +2036,7 @@ } *out_psk_len = CBB_len(out_extensions) - len_before; - // Fill in |out_extensions|'s length prefix. + // Fill in `out_extensions`'s length prefix. if (!CBB_flush(out_client_hello)) { return false; } @@ -2274,7 +2274,7 @@ ssl_client_hello_type_t type) { const SSL *const ssl = hs->ssl; // The second ClientHello never offers early data, and we must have already - // filled in |early_data_reason| by this point. + // filled in `early_data_reason` by this point. if (ssl->s3->used_hello_retry_request) { assert(ssl->s3->early_data_reason != ssl_early_data_unknown); return true; @@ -2307,7 +2307,7 @@ ? ssl_early_data_peer_declined : ssl_early_data_session_not_resumed; } else { - // We already filled in |early_data_reason| when declining to offer 0-RTT + // We already filled in `early_data_reason` when declining to offer 0-RTT // or handling the implicit HelloRetryRequest reject. assert(ssl->s3->early_data_reason != ssl_early_data_unknown); } @@ -3165,7 +3165,7 @@ if (hs->config->quic_transport_params.empty()) { return true; } - // QUIC transport parameters must not be set if |ssl| is not configured + // QUIC transport parameters must not be set if `ssl` is not configured // for QUIC. OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED); *out_alert = SSL_AD_INTERNAL_ERROR; @@ -3506,7 +3506,7 @@ } Span<const uint8_t> pake_msg_span = pake_msg; - // Releasing the result of |ComputeConfirmation| lets the client confirm one + // Releasing the result of `ComputeConfirmation` lets the client confirm one // PAKE guess. If all failures are used up, no more guesses are allowed. if (!hs->credential->HasPAKEAttempts()) { OPENSSL_PUT_ERROR(SSL, SSL_R_PAKE_EXHAUSTED); @@ -3700,7 +3700,7 @@ } // Note extension callbacks may run in any order, so we defer checking - // consistency with ALPN to |ssl_check_serverhello_tlsext|. + // consistency with ALPN to `ssl_check_serverhello_tlsext`. if (!hs->new_session->peer_application_settings.CopyFrom(*contents)) { *out_alert = SSL_AD_INTERNAL_ERROR; return false; @@ -4119,7 +4119,7 @@ TLSEXT_TYPE_application_layer_protocol_negotiation, ext_alpn_add_clienthello, ext_alpn_parse_serverhello, - // ALPN is negotiated late in |ssl_negotiate_alpn|. + // ALPN is negotiated late in `ssl_negotiate_alpn`. ignore_parse_clienthello, ext_alpn_add_serverhello, }, @@ -4232,7 +4232,7 @@ TLSEXT_TYPE_application_settings, ext_alps_add_clienthello, ext_alps_parse_serverhello, - // ALPS is negotiated late in |ssl_negotiate_alpn|. + // ALPS is negotiated late in `ssl_negotiate_alpn`. ignore_parse_clienthello, ext_alps_add_serverhello, }, @@ -4240,7 +4240,7 @@ TLSEXT_TYPE_application_settings_old, ext_alps_add_clienthello_old, ext_alps_parse_serverhello_old, - // ALPS is negotiated late in |ssl_negotiate_alpn|. + // ALPS is negotiated late in `ssl_negotiate_alpn`. ignore_parse_clienthello, ext_alps_add_serverhello_old, }, @@ -4320,7 +4320,7 @@ permutation[i] = i; } for (size_t i = kNumExtensions - 1; i > 0; i--) { - // Set element |i| to a randomly-selected element 0 <= j <= i. + // Set element `i` to a randomly-selected element 0 <= j <= i. std::swap(permutation[i], permutation[seeds[i - 1] % (i + 1)]); } hs->extension_permutation = std::move(permutation); @@ -4355,8 +4355,8 @@ CBB *out_encoded) { // When writing ClientHelloInner, we construct the real and encoded // ClientHellos concurrently, to handle compression. Uncompressed extensions - // are written to |extensions| and copied to |extensions_encoded|. Compressed - // extensions are buffered in |compressed| and written to the end. (ECH can + // are written to `extensions` and copied to `extensions_encoded`. Compressed + // extensions are buffered in `compressed` and written to the end. (ECH can // only compress contiguous extensions.) SSL *const ssl = hs->ssl; bssl::ScopedCBB compressed, outer_extensions; @@ -4373,7 +4373,7 @@ if (ssl->ctx->grease_enabled) { // Add a fake empty extension. See RFC 8701. This always matches - // |ssl_add_clienthello_tlsext|, so compress it. + // `ssl_add_clienthello_tlsext`, so compress it. uint16_t grease_ext = ssl_get_grease_value(hs, ssl_grease_extension1); if (!add_padding_extension(compressed.get(), grease_ext, 0) || !CBB_add_u16(outer_extensions.get(), grease_ext)) { @@ -4411,7 +4411,7 @@ if (ssl->ctx->grease_enabled) { // Add a fake non-empty extension. See RFC 8701. This always matches - // |ssl_add_clienthello_tlsext|, so compress it. + // `ssl_add_clienthello_tlsext`, so compress it. uint16_t grease_ext = ssl_get_grease_value(hs, ssl_grease_extension2); if (!add_padding_extension(compressed.get(), grease_ext, 1) || !CBB_add_u16(outer_extensions.get(), grease_ext)) { @@ -4461,7 +4461,7 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, CBB *out_encoded, ssl_client_hello_type_t type) { - // |out| must contain the start of a ClientHello, which means it must begin + // `out` must contain the start of a ClientHello, which means it must begin // with a TLS or DTLS version. assert(CBB_len(out) != 0 && (CBB_data(out)[0] == SSL3_VERSION_MAJOR || CBB_data(out)[0] == DTLS1_VERSION_MAJOR)); @@ -4902,7 +4902,7 @@ ScopedHMAC_CTX hmac_ctx; auto name = ticket.first<SSL_TICKET_KEY_NAME_LEN>(); // The actual IV is shorter, but the length is determined by the callback's - // chosen cipher. Instead we pass in |EVP_MAX_IV_LENGTH| worth of IV to ensure + // chosen cipher. Instead we pass in `EVP_MAX_IV_LENGTH` worth of IV to ensure // the callback has enough. auto iv = ticket.subspan<SSL_TICKET_KEY_NAME_LEN, EVP_MAX_IV_LENGTH>(); int cb_ret = hs->ssl->session_ctx->ticket_key_cb( @@ -4997,7 +4997,7 @@ } // Tickets in TLS 1.3 are tied into pre-shared keys (PSKs), unlike in TLS 1.2 - // where that concept doesn't exist. The |decrypted_psk| and |ignore_psk| + // where that concept doesn't exist. The `decrypted_psk` and `ignore_psk` // hints only apply to PSKs. We check the version to determine which this is. const bool is_psk = ssl_protocol_version(ssl) >= TLS1_3_VERSION; @@ -5024,7 +5024,7 @@ result = ssl_decrypt_ticket_with_method(hs, &plaintext, out_renew_ticket, ticket); } else { - // Ensure there is room for the key name and the largest IV |ticket_key_cb| + // Ensure there is room for the key name and the largest IV `ticket_key_cb` // may try to consume. The real limit may be lower, but the maximum IV // length should be well under the minimum size for the session material and // HMAC.
diff --git a/ssl/handoff.cc b/ssl/handoff.cc index 9669cfa..a659ae8 100644 --- a/ssl/handoff.cc +++ b/ssl/handoff.cc
@@ -43,7 +43,7 @@ }; // serialize_features adds a description of features supported by this binary to -// |out|. Returns true on success and false on error. +// `out`. Returns true on success and false on error. static bool serialize_features(CBB *out) { CBB ciphers; if (!CBB_add_asn1(out, &ciphers, CBS_ASN1_OCTETSTRING)) { @@ -117,8 +117,8 @@ return true; } -// apply_remote_features reads a list of supported features from |in| and -// (possibly) reconfigures |ssl| to disallow the negotiation of features whose +// apply_remote_features reads a list of supported features from `in` and +// (possibly) reconfigures `ssl` to disallow the negotiation of features whose // support has not been indicated. (This prevents the the handshake from // committing to features that are not supported on the handoff/handback side.) static bool apply_remote_features(SSL *ssl, CBS *in) { @@ -265,7 +265,7 @@ return true; } -// uses_disallowed_feature returns true iff |ssl| enables a feature that +// uses_disallowed_feature returns true iff `ssl` enables a feature that // disqualifies it for split handshakes. static bool uses_disallowed_feature(const SSL *ssl) { return ssl->method->is_dtls || !ssl->config->cert->credentials.empty() || @@ -403,8 +403,8 @@ hostname_len) || !CBB_add_asn1_octet_string(&seq, kUnusedChannelID, sizeof(kUnusedChannelID)) || - // These two fields were historically |token_binding_negotiated| and - // |negotiated_token_binding_param|. + // These two fields were historically `token_binding_negotiated` and + // `negotiated_token_binding_param`. !CBB_add_asn1_bool(&seq, 0) || // !CBB_add_asn1_uint64(&seq, 0) || !CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) || @@ -861,7 +861,7 @@ return 1; } -// |SSL_HANDSHAKE_HINTS| is serialized as the following ASN.1 structure. We use +// `SSL_HANDSHAKE_HINTS` is serialized as the following ASN.1 structure. We use // implicit tagging to make it a little more compact. // // HandshakeHints ::= SEQUENCE {
diff --git a/ssl/handshake.cc b/ssl/handshake.cc index 0148d5c..1e6d35d 100644 --- a/ssl/handshake.cc +++ b/ssl/handshake.cc
@@ -66,7 +66,7 @@ assert(ssl); // Draw entropy for all GREASE values at once. This avoids calling - // |RAND_bytes| repeatedly and makes the values consistent within a + // `RAND_bytes` repeatedly and makes the values consistent within a // connection. The latter is so the second ClientHello matches after // HelloRetryRequest and so supported_groups and key_shares are consistent. RAND_bytes(grease_seed, sizeof(grease_seed)); @@ -300,7 +300,7 @@ hs->new_session->verify_result = X509_V_OK; break; case ssl_verify_invalid: - // If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result. + // If `SSL_VERIFY_NONE`, the error is non-fatal, but we keep the result. if (hs->config->verify_mode == SSL_VERIFY_NONE) { ERR_clear_error(); ret = ssl_verify_ok; @@ -528,7 +528,7 @@ SSL *const ssl = hs->ssl; for (;;) { // If a timeout during the handshake triggered a DTLS ACK or retransmit, we - // resolve that first. E.g., if |ssl_hs_private_key_operation| is slow, the + // resolve that first. E.g., if `ssl_hs_private_key_operation` is slow, the // ACK timer may fire. if (hs->wait != ssl_hs_error && SSL_is_dtls(ssl)) { int ret = ssl->method->flush(ssl); @@ -540,7 +540,7 @@ // Resolve the operation the handshake was waiting on. Each condition may // halt the handshake by returning, or continue executing if the handshake // may immediately proceed. Cases which halt the handshake can clear - // |hs->wait| to re-enter the state machine on the next iteration, or leave + // `hs->wait` to re-enter the state machine on the next iteration, or leave // it set to keep the condition sticky. switch (hs->wait) { case ssl_hs_error: @@ -561,7 +561,7 @@ if (SSL_is_quic(ssl)) { // QUIC has no ChangeCipherSpec messages. assert(hs->wait != ssl_hs_read_change_cipher_spec); - // The caller should call |SSL_provide_quic_data|. Clear |hs->wait| so + // The caller should call `SSL_provide_quic_data`. Clear `hs->wait` so // the handshake can check if there is sufficient data next iteration. ssl->s3->rwstate = SSL_ERROR_WANT_READ; hs->wait = ssl_hs_ok; @@ -635,8 +635,8 @@ } // The following cases are associated with callback APIs which expect to - // be called each time the state machine runs. Thus they set |hs->wait| - // to |ssl_hs_ok| so that, next time, we re-enter the state machine and + // be called each time the state machine runs. Thus they set `hs->wait` + // to `ssl_hs_ok` so that, next time, we re-enter the state machine and // call the callback again. case ssl_hs_x509_lookup: ssl->s3->rwstate = SSL_ERROR_WANT_X509_LOOKUP; @@ -697,7 +697,7 @@ *out_early_return = false; return 1; } - // If the handshake returns |ssl_hs_flush|, implicitly finish the flight. + // If the handshake returns `ssl_hs_flush`, implicitly finish the flight. // This is a convenience so we do not need to manually insert this // throughout the handshake. if (hs->wait == ssl_hs_flush) {
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc index 7ab6d2c..ff9ace8 100644 --- a/ssl/handshake_client.cc +++ b/ssl/handshake_client.cc
@@ -68,7 +68,7 @@ state_done, }; -// ssl_get_client_disabled sets |*out_mask_a| and |*out_mask_k| to masks of +// ssl_get_client_disabled sets `*out_mask_a` and `*out_mask_k` to masks of // disabled algorithms. static void ssl_get_client_disabled(const SSL_HANDSHAKE *hs, uint32_t *out_mask_a, @@ -270,7 +270,7 @@ return true; } -// should_offer_early_data returns |ssl_early_data_accepted| if |hs| should +// should_offer_early_data returns `ssl_early_data_accepted` if `hs` should // offer early data, and some other reason code otherwise. static ssl_early_data_reason_t should_offer_early_data( const SSL_HANDSHAKE *hs) { @@ -299,7 +299,7 @@ if (!ssl->session->early_alpn.empty()) { if (!ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) { - // Avoid reporting a confusing value in |SSL_get0_alpn_selected|. + // Avoid reporting a confusing value in `SSL_get0_alpn_selected`. return ssl_early_data_alpn_mismatch; } @@ -354,7 +354,7 @@ SSL *const ssl = hs->ssl; ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_START, 1); - // |session_reused| must be reset in case this is a renegotiation. + // `session_reused` must be reset in case this is a renegotiation. ssl->s3->session_reused = false; // Freeze the version range. @@ -462,7 +462,7 @@ } // Stash the early data session and activate the early version. This must - // happen before |do_early_reverify_server_certificate|, so early connection + // happen before `do_early_reverify_server_certificate`, so early connection // properties are available to the callback. Note the early version may be // overwritten later by the final version. hs->early_session = UpRef(ssl->session); @@ -641,9 +641,9 @@ // soon as we detect this. The caller may use this error code to implement // the fallback described in RFC 8446 appendix D.3. // - // Disconnect early writes. This ensures subsequent |SSL_write| calls query + // Disconnect early writes. This ensures subsequent `SSL_write` calls query // the handshake which, in turn, will replay the error code rather than fail - // at the |write_shutdown| check. See https://crbug.com/1078515. + // at the `write_shutdown` check. See https://crbug.com/1078515. // TODO(davidben): Should all handshake errors do this? What about record // decryption failures? // @@ -770,7 +770,7 @@ // Save the session ID from the server. This may be empty if the session // isn't resumable, or if we'll receive a session ticket later. The - // ServerHello parser ensures |server_hello.session_id| is within bounds. + // ServerHello parser ensures `server_hello.session_id` is within bounds. hs->new_session->session_id.CopyFrom(server_hello.session_id); hs->new_session->cipher = hs->new_cipher; } @@ -1083,8 +1083,8 @@ return ssl_hs_error; } - // At this point, |server_key_exchange| contains the signature, if any, while - // |msg.body| contains the entire message. From that, derive a CBS containing + // At this point, `server_key_exchange` contains the signature, if any, while + // `msg.body` contains the entire message. From that, derive a CBS containing // just the parameter. CBS parameter; CBS_init(¶meter, CBS_data(&msg.body), @@ -1113,7 +1113,7 @@ return ssl_hs_error; } - // The last field in |server_key_exchange| is the signature. + // The last field in `server_key_exchange` is the signature. CBS signature; if (!CBS_get_u16_length_prefixed(&server_key_exchange, &signature) || CBS_len(&server_key_exchange) != 0) { @@ -1456,7 +1456,7 @@ } } - // Depending on the key exchange method, compute |pms|. + // Depending on the key exchange method, compute `pms`. if (alg_k & SSL_kRSA) { RSA *rsa = EVP_PKEY_get0_RSA(hs->peer_pubkey.get()); if (rsa == nullptr) { @@ -1747,8 +1747,8 @@ if (CBS_len(&ticket) == 0) { // RFC 5077 allows a server to change its mind and send no ticket after - // negotiating the extension. The value of |ticket_expected| is checked in - // |ssl_update_cache| so is cleared here to avoid an unnecessary update. + // negotiating the extension. The value of `ticket_expected` is checked in + // `ssl_update_cache` so is cleared here to avoid an unnecessary update. hs->ticket_expected = false; ssl->method->next_message(ssl); hs->state = state_process_change_cipher_spec; @@ -1767,7 +1767,7 @@ } } - // |ticket_lifetime_hint| is measured from when the ticket was issued. + // `ticket_lifetime_hint` is measured from when the ticket was issued. ssl_session_rebase_time(ssl, hs->new_session.get()); if (!hs->new_session->ticket.CopyFrom(ticket)) { @@ -1823,15 +1823,15 @@ ssl->method->on_handshake_complete(ssl); - // Note TLS 1.2 resumptions with ticket renewal have both |ssl->session| (the - // resumed session) and |hs->new_session| (the session with the new ticket). + // Note TLS 1.2 resumptions with ticket renewal have both `ssl->session` (the + // resumed session) and `hs->new_session` (the session with the new ticket). bool has_new_session = hs->new_session != nullptr; if (has_new_session) { // When False Start is enabled, the handshake reports completion early. The - // caller may then have passed the (then unresuable) |hs->new_session| to - // another thread via |SSL_get0_session| for resumption. To avoid potential + // caller may then have passed the (then unresuable) `hs->new_session` to + // another thread via `SSL_get0_session` for resumption. To avoid potential // race conditions in such callers, we duplicate the session before - // clearing |not_resumable|. + // clearing `not_resumable`. ssl->s3->established_session = SSL_SESSION_dup(hs->new_session.get(), SSL_SESSION_DUP_ALL); if (!ssl->s3->established_session) {
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index 0ffc246..31b7492 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc
@@ -161,12 +161,12 @@ SSL *const ssl = hs->ssl; const STACK_OF(SSL_CIPHER) *prio, *allow; // in_group_flags will either be NULL, or will point to an array of bytes - // which indicate equal-preference groups in the |prio| stack. See the - // comment about |in_group_flags| in the |SSLCipherPreferenceList| + // which indicate equal-preference groups in the `prio` stack. See the + // comment about `in_group_flags` in the `SSLCipherPreferenceList` // struct. const bool *in_group_flags; // best_index contains the index of the best matching cipher suite found so - // far, indexed into |allow|. If |best_index| is |SIZE_MAX|, no matching + // far, indexed into `allow`. If `best_index` is `SIZE_MAX`, no matching // cipher suite has been found yet. size_t best_index = SIZE_MAX; @@ -194,9 +194,9 @@ // Check the cipher is supported for the server configuration. (c->algorithm_mkey & mask_k) && // (c->algorithm_auth & mask_a) && // - // Check the cipher is in the |allow| list. + // Check the cipher is in the `allow` list. sk_SSL_CIPHER_find(allow, &cipher_index, c)) { - // Within a group, |allow|'s preference order applies. + // Within a group, `allow`'s preference order applies. if (best_index == SIZE_MAX || best_index > cipher_index) { best_index = cipher_index; } @@ -299,7 +299,7 @@ return ssl_hs_ok; } -// is_probably_jdk11_with_tls13 returns whether |client_hello| was probably sent +// is_probably_jdk11_with_tls13 returns whether `client_hello` was probably sent // from a JDK 11 client with both TLS 1.3 and a prior version enabled. static bool is_probably_jdk11_with_tls13(const SSL_CLIENT_HELLO *client_hello) { // JDK 11 ClientHellos contain a number of unusual properties which should @@ -459,8 +459,8 @@ if (is_decrypt_error) { // Ignore the error and try another ECHConfig. ERR_clear_error(); - // The |out_alert| calling convention currently relies on a default of - // |SSL_AD_DECODE_ERROR|. https://crbug.com/boringssl/373 tracks + // The `out_alert` calling convention currently relies on a default of + // `SSL_AD_DECODE_ERROR`. https://crbug.com/boringssl/373 tracks // switching to sum types, which avoids this. *out_alert = SSL_AD_DECODE_ERROR; continue; @@ -571,8 +571,8 @@ return ssl_hs_error; } - // ECH may have changed which ClientHello we process. Update |msg| and - // |client_hello| in case. + // ECH may have changed which ClientHello we process. Update `msg` and + // `client_hello` in case. if (!hs->GetClientHello(&msg, &client_hello)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return ssl_hs_error; @@ -676,7 +676,7 @@ static enum ssl_hs_wait_t do_cert_callback(SSL_HANDSHAKE *hs) { SSL *const ssl = hs->ssl; - // Call |cert_cb| to update server certificates if required. + // Call `cert_cb` to update server certificates if required. if (hs->config->cert->cert_cb != nullptr) { int rv = hs->config->cert->cert_cb(ssl, hs->config->cert->cert_cb_arg); if (rv == 0) { @@ -744,7 +744,7 @@ uint16_t group_id = 0; bool has_ecdhe_group = tls1_get_shared_group(hs, &group_id); - // Select the credential and cipher suite. This must be done after |cert_cb| + // Select the credential and cipher suite. This must be done after `cert_cb` // runs, so the final credential list is known. // // TODO(davidben): In the course of picking these, we also pick the ECDHE @@ -792,7 +792,7 @@ hs->new_cipher = params.cipher; hs->signature_algorithm = params.signature_algorithm; - // |SSL_parse_client_hello| checks that |client_hello.session_id| is not too + // `SSL_parse_client_hello` checks that `client_hello.session_id` is not too // large. hs->session_id.CopyFrom( Span(client_hello.session_id, client_hello.session_id_len)); @@ -1125,7 +1125,7 @@ CBB body, child; if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_SERVER_KEY_EXCHANGE) || - // |hs->server_params| contains a prefix for signing. + // `hs->server_params` contains a prefix for signing. hs->server_params.size() < 2 * SSL3_RANDOM_SIZE || !CBB_add_bytes(&body, hs->server_params.data() + 2 * SSL3_RANDOM_SIZE, hs->server_params.size() - 2 * SSL3_RANDOM_SIZE)) { @@ -1358,7 +1358,7 @@ hs->new_session->psk_identity.reset(raw); } - // Depending on the key exchange method, compute |premaster_secret|. + // Depending on the key exchange method, compute `premaster_secret`. Array<uint8_t> premaster_secret; if (alg_k & SSL_kRSA) { CBS encrypted_premaster_secret; @@ -1423,7 +1423,7 @@ } good &= constant_time_is_zero_8(decrypt_buf[padding_len - 1]); - // The premaster secret must begin with |client_version|. This too must be + // The premaster secret must begin with `client_version`. This too must be // checked in constant time (http://eprint.iacr.org/2003/052/). good &= constant_time_eq_8(decrypt_buf[padding_len], (unsigned)(hs->client_version >> 8)); @@ -1431,7 +1431,7 @@ (unsigned)(hs->client_version & 0xff)); // Select, in constant time, either the decrypted premaster or the random - // premaster based on |good|. + // premaster based on `good`. for (size_t i = 0; i < premaster_secret.size(); i++) { premaster_secret[i] = constant_time_select_8( good, decrypt_buf[padding_len + i], premaster_secret[i]); @@ -1705,7 +1705,7 @@ } // If this is a full handshake with ChannelID then record the handshake - // hashes in |hs->new_session| in case we need them to verify a + // hashes in `hs->new_session` in case we need them to verify a // ChannelID signature on a resumption of this session in the future. if (ssl->session == nullptr && ssl->s3->channel_id_valid && !tls1_record_handshake_hashes_for_channel_id(hs)) { @@ -1745,7 +1745,7 @@ !CBB_add_u32(&body, session->timeout) || !CBB_add_u16_length_prefixed(&body, &ticket) || !ssl_encrypt_ticket(hs, &ticket, session) || - // |ticket| may be empty to skip sending a ticket. In TLS 1.2, servers + // `ticket` may be empty to skip sending a ticket. In TLS 1.2, servers // skip sending tickets by sending empty NewSessionTicket, so no special // handling is needed. !ssl_add_message_cbb(ssl, cbb.get())) {
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc index d3036c3..3ed6c7c 100644 --- a/ssl/s3_both.cc +++ b/ssl/s3_both.cc
@@ -41,7 +41,7 @@ static bool add_record_to_flight(SSL *ssl, uint8_t type, Span<const uint8_t> in) { - // The caller should have flushed |pending_hs_data| first. + // The caller should have flushed `pending_hs_data` first. assert(!ssl->s3->pending_hs_data); // We'll never add a flight while in the process of writing it out. assert(ssl->s3->pending_flight_offset == 0); @@ -74,7 +74,7 @@ } bool tls_init_message(const SSL *ssl, CBB *cbb, CBB *body, uint8_t type) { - // Pick a modest size hint to save most of the |realloc| calls. + // Pick a modest size hint to save most of the `realloc` calls. if (!CBB_init(cbb, 64) || // !CBB_add_u8(cbb, type) || // !CBB_add_u24_length_prefixed(cbb, body)) { @@ -111,7 +111,7 @@ } } else { while (!rest.empty()) { - // Flush if |pending_hs_data| is full. + // Flush if `pending_hs_data` is full. if (ssl->s3->pending_hs_data && ssl->s3->pending_hs_data->length >= ssl->max_send_fragment && !tls_flush_pending_hs_data(ssl)) { @@ -267,7 +267,7 @@ } if (msg_length < SSL3_RT_HEADER_LENGTH - 2) { // Reject lengths that are too short early. We have already read - // |SSL3_RT_HEADER_LENGTH| bytes, so we should not attempt to process an + // `SSL3_RT_HEADER_LENGTH` bytes, so we should not attempt to process an // (invalid) V2ClientHello which would be shorter than that. OPENSSL_PUT_ERROR(SSL, SSL_R_RECORD_LENGTH_MISMATCH); return ssl_open_record_error; @@ -545,7 +545,7 @@ ssl->s3->has_message = false; // Post-handshake messages are rare, so release the buffer after every - // message. During the handshake, |on_handshake_complete| will release it. + // message. During the handshake, `on_handshake_complete` will release it. if (!SSL_in_init(ssl) && ssl->s3->hs_buf->length == 0) { ssl->s3->hs_buf.reset(); } @@ -674,7 +674,7 @@ } const CipherScorer::Score candidate_score = scorer->Evaluate(candidate); - // |candidate_score| must be larger to displace the current choice. That way + // `candidate_score` must be larger to displace the current choice. That way // the client's order controls between ciphers with an equal score. if (candidate_score > best_score) { best = candidate;
diff --git a/ssl/s3_pkt.cc b/ssl/s3_pkt.cc index 0f9c93f..6eb797f 100644 --- a/ssl/s3_pkt.cc +++ b/ssl/s3_pkt.cc
@@ -49,10 +49,10 @@ size_t total_bytes_written = ssl->s3->unreported_bytes_written; if (in.size() < total_bytes_written) { - // This can happen if the caller disables |SSL_MODE_ENABLE_PARTIAL_WRITE|, + // This can happen if the caller disables `SSL_MODE_ENABLE_PARTIAL_WRITE`, // asks us to write some input of length N, we successfully encrypt M bytes // and write it, but fail to write the rest. We will report - // |SSL_ERROR_WANT_WRITE|. If the caller then retries with fewer than M + // `SSL_ERROR_WANT_WRITE`. If the caller then retries with fewer than M // bytes, we cannot satisfy that request. The caller is required to always // retry with at least as many bytes as the previous attempt. OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_LENGTH); @@ -87,7 +87,7 @@ return ret; } - // Note |bytes_written| may be less than |to_write| if there was a pending + // Note `bytes_written` may be less than `to_write` if there was a pending // record from a smaller write attempt. assert(bytes_written <= to_write); total_bytes_written += bytes_written; @@ -105,7 +105,7 @@ } // tls_seal_align_prefix_len returns the length of the prefix before the start -// of the bulk of the ciphertext when sealing a record with |ssl|. Callers may +// of the bulk of the ciphertext when sealing a record with `ssl`. Callers may // use this to align buffers. // // Note when TLS 1.0 CBC record-splitting is enabled, this includes the one byte @@ -125,8 +125,8 @@ } // do_tls_write writes an SSL record of the given type. On success, it sets -// |*out_bytes_written| to number of bytes successfully written and returns one. -// On error, it returns a value <= 0 from the underlying |BIO|. +// `*out_bytes_written` to number of bytes successfully written and returns one. +// On error, it returns a value <= 0 from the underlying `BIO`. static int do_tls_write(SSL *ssl, size_t *out_bytes_written, uint8_t type, Span<const uint8_t> in) { // If there is a pending write, the retry must be consistent. @@ -140,7 +140,7 @@ } // Flush any unwritten data to the transport. There may be data to flush even - // if |wpend_tot| is zero. + // if `wpend_tot` is zero. int ret = ssl_write_buffer_flush(ssl); if (ret <= 0) { return ret; @@ -163,7 +163,7 @@ return -1; } - // We may have unflushed handshake data that must be written before |in|. This + // We may have unflushed handshake data that must be written before `in`. This // may be a KeyUpdate acknowledgment, 0-RTT key change messages, or a // NewSessionTicket. Span<const uint8_t> pending_flight; @@ -196,7 +196,7 @@ return -1; } - // Copy |pending_flight| to the output. + // Copy `pending_flight` to the output. if (!pending_flight.empty()) { OPENSSL_memcpy(buf->remaining().data(), pending_flight.data(), pending_flight.size()); @@ -250,8 +250,8 @@ if (type == SSL3_RT_HANDSHAKE) { // Post-handshake data prior to TLS 1.3 is always renegotiation, which we - // never accept as a server. Otherwise |tls_get_message| will send - // |SSL_R_EXCESSIVE_MESSAGE_SIZE|. + // never accept as a server. Otherwise `tls_get_message` will send + // `SSL_R_EXCESSIVE_MESSAGE_SIZE`. if (ssl->server && ssl_protocol_version(ssl) < TLS1_3_VERSION) { OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION); *out_alert = SSL_AD_NO_RENEGOTIATION; @@ -318,7 +318,7 @@ void ssl_send_alert(SSL *ssl, int level, int desc) { // This function is called in response to a fatal error from the peer. Ignore // any failures writing the alert and report only the original error. In - // particular, if the transport uses |SSL_write|, our existing error will be + // particular, if the transport uses `SSL_write`, our existing error will be // clobbered so we must save and restore the error queue. See // https://crbug.com/959305. //
diff --git a/ssl/ssl_aead_ctx.cc b/ssl/ssl_aead_ctx.cc index e44d09a..cca550e 100644 --- a/ssl/ssl_aead_ctx.cc +++ b/ssl/ssl_aead_ctx.cc
@@ -93,8 +93,8 @@ aead_ctx->ad_is_header_ = true; } } else { - // This is a CBC cipher suite that implements the |EVP_AEAD| interface. The - // |EVP_AEAD| takes the MAC key, encryption key, and fixed IV concatenated + // This is a CBC cipher suite that implements the `EVP_AEAD` interface. The + // `EVP_AEAD` takes the MAC key, encryption key, and fixed IV concatenated // as its input key. assert(protocol_version < TLS1_3_VERSION); BSSL_CHECK(mac_key.size() + enc_key.size() + fixed_iv.size() <= @@ -106,7 +106,7 @@ enc_key = Span(merged_key, enc_key.size() + mac_key.size() + fixed_iv.size()); - // The |EVP_AEAD|'s per-encryption nonce, if any, is actually the CBC IV. It + // The `EVP_AEAD`'s per-encryption nonce, if any, is actually the CBC IV. It // must be generated randomly and prepended to the record. aead_ctx->variable_nonce_included_in_record_ = true; aead_ctx->random_variable_nonce_ = true; @@ -176,7 +176,7 @@ if (is_null_cipher() || CRYPTO_fuzzer_mode_enabled()) { return max_out; } - // TODO(crbug.com/42290602): This should be part of |EVP_AEAD_CTX|. + // TODO(crbug.com/42290602): This should be part of `EVP_AEAD_CTX`. size_t overhead = EVP_AEAD_max_overhead(EVP_AEAD_CTX_aead(ctx_.get())); if (SSL_CIPHER_is_block_cipher(cipher())) { size_t block_size;
diff --git a/ssl/ssl_asn1.cc b/ssl/ssl_asn1.cc index 84b00a7..6f0c374 100644 --- a/ssl/ssl_asn1.cc +++ b/ssl/ssl_asn1.cc
@@ -387,7 +387,7 @@ static int SSL_SESSION_to_bytes_if_not_resumable(const SSL_SESSION *in, CBB *out, int for_ticket) { if (in->not_resumable) { - // If the caller has an unresumable session, e.g. if |SSL_get_session| + // If the caller has an unresumable session, e.g. if `SSL_get_session` // were called on a TLS 1.3 or False Started connection, serialize with // a placeholder value so it is not accidentally deserialized into a // resumable one. @@ -399,8 +399,8 @@ } // SSL_SESSION_parse_string gets an optional ASN.1 OCTET STRING explicitly -// tagged with |tag| from |cbs| and saves it in |*out|. If the element was not -// found, it sets |*out| to NULL. It returns one on success, whether or not the +// tagged with `tag` from `cbs` and saves it in `*out`. If the element was not +// found, it sets `*out` to NULL. It returns one on success, whether or not the // element was found, and zero on decode error. static int SSL_SESSION_parse_string(CBS *cbs, UniquePtr<char> *out, CBS_ASN1_TAG tag) { @@ -427,7 +427,7 @@ } // SSL_SESSION_parse_octet_string gets an optional ASN.1 OCTET STRING explicitly -// tagged with |tag| from |cbs| and stows it in |*out|. It returns one on +// tagged with `tag` from `cbs` and stows it in `*out`. It returns one on // success, whether or not the element was found, and zero on decode error. static bool SSL_SESSION_parse_octet_string(CBS *cbs, Array<uint8_t> *out, CBS_ASN1_TAG tag) { @@ -518,7 +518,7 @@ // Require sessions have versions valid in either TLS or DTLS. The session // will not be used by the handshake if not applicable, but, for // simplicity, never parse a session that does not pass - // |ssl_protocol_version_from_wire|. + // `ssl_protocol_version_from_wire`. ssl_version > UINT16_MAX || // !ssl_protocol_version_from_wire(&unused, ssl_version)) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); @@ -564,7 +564,7 @@ OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); return nullptr; } - // |peer| is processed with the certificate chain. + // `peer` is processed with the certificate chain. CBS sid_ctx; if (!CBS_get_optional_asn1_octet_string( @@ -694,7 +694,7 @@ OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); return nullptr; } - /* TODO: in time we can include |is_server| for servers too, then we can + /* TODO: in time we can include `is_server` for servers too, then we can enforce that client and server sessions are never mixed up. */ ret->is_server = is_server;
diff --git a/ssl/ssl_buffer.cc b/ssl/ssl_buffer.cc index 8c5c7bc..c6beb31 100644 --- a/ssl/ssl_buffer.cc +++ b/ssl/ssl_buffer.cc
@@ -64,10 +64,10 @@ new_buf = inline_buf_; new_offset = 0; } else { - // Add up to |SSL3_ALIGN_PAYLOAD| - 1 bytes of slack for alignment. + // Add up to `SSL3_ALIGN_PAYLOAD` - 1 bytes of slack for alignment. // // Since this buffer gets allocated quite frequently and doesn't contain any - // sensitive data, we allocate with malloc rather than |OPENSSL_malloc| and + // sensitive data, we allocate with malloc rather than `OPENSSL_malloc` and // avoid zeroing on free. new_buf = (uint8_t *)malloc(new_cap + SSL3_ALIGN_PAYLOAD - 1); if (new_buf == nullptr) { @@ -120,13 +120,13 @@ SSLBuffer *buf = &ssl->s3->read_buffer; if (!buf->empty()) { - // It is an error to call |dtls_read_buffer_extend| when the read buffer is + // It is an error to call `dtls_read_buffer_extend` when the read buffer is // not empty. OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return -1; } - // Read a single packet from |ssl->rbio|. |buf->cap()| must fit in an int. + // Read a single packet from `ssl->rbio`. `buf->cap()` must fit in an int. int ret = BIO_read(ssl->rbio.get(), buf->data(), static_cast<int>(buf->cap())); if (ret <= 0) { @@ -147,7 +147,7 @@ // Read until the target length is reached. while (buf->size() < len) { - // The amount of data to read is bounded by |buf->cap|, which must fit in an + // The amount of data to read is bounded by `buf->cap`, which must fit in an // int. int ret = BIO_read(ssl->rbio.get(), buf->data() + buf->size(), static_cast<int>(len - buf->size())); @@ -162,7 +162,7 @@ } int ssl_read_buffer_extend_to(SSL *ssl, size_t len) { - // |ssl_read_buffer_extend_to| implicitly discards any consumed data. + // `ssl_read_buffer_extend_to` implicitly discards any consumed data. ssl->s3->read_buffer.DiscardConsumed(); if (SSL_is_dtls(ssl)) { @@ -170,11 +170,11 @@ DTLS1_RT_MAX_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <= 0xffff, "DTLS read buffer is too large"); - // The |len| parameter is ignored in DTLS. + // The `len` parameter is ignored in DTLS. len = DTLS1_RT_MAX_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; } - // The DTLS record header can have a variable length, so the |header_len| + // The DTLS record header can have a variable length, so the `header_len` // value provided for buffer alignment only works if the header is the maximum // length. if (!ssl->s3->read_buffer.EnsureCap(DTLS1_RT_MAX_HEADER_LENGTH, len)) { @@ -188,7 +188,7 @@ int ret; if (SSL_is_dtls(ssl)) { - // |len| is ignored for a datagram transport. + // `len` is ignored for a datagram transport. ret = dtls_read_buffer_next_packet(ssl); } else { ret = tls_read_buffer_extend_to(ssl, len);
diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc index d66cad8..46ed23e 100644 --- a/ssl/ssl_cert.cc +++ b/ssl/ssl_cert.cc
@@ -51,14 +51,14 @@ return nullptr; } - // TODO(crbug.com/boringssl/431): This should just be |CopyFrom|. + // TODO(crbug.com/boringssl/431): This should just be `CopyFrom`. for (const auto &cred : cert->credentials) { if (!ret->credentials.Push(UpRef(cred))) { return nullptr; } } - // |legacy_credential| is mutable, so it must be copied. We cannot simply + // `legacy_credential` is mutable, so it must be copied. We cannot simply // bump the reference count. ret->legacy_credential = cert->legacy_credential->Dup(); if (ret->legacy_credential == nullptr || @@ -220,8 +220,8 @@ return true; } -// ssl_cert_skip_to_spki parses a DER-encoded, X.509 certificate from |in| and -// positions |*out_tbs_cert| to cover the TBSCertificate, starting at the +// ssl_cert_skip_to_spki parses a DER-encoded, X.509 certificate from `in` and +// positions `*out_tbs_cert` to cover the TBSCertificate, starting at the // subjectPublicKeyInfo. static bool ssl_cert_skip_to_spki(const CBS *in, CBS *out_tbs_cert) { /* From RFC 5280, section 4.1 @@ -673,7 +673,7 @@ void SSL_set0_client_CAs(SSL *ssl, STACK_OF(CRYPTO_BUFFER) *name_list) { if (!ssl->config) { - // |SSL_set0_client_CAs| is expected to take ownership of |name_list|. + // `SSL_set0_client_CAs` is expected to take ownership of `name_list`. sk_CRYPTO_BUFFER_pop_free(name_list, CRYPTO_BUFFER_free); return; }
diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc index 1ef231c..7799d79 100644 --- a/ssl/ssl_cipher.cc +++ b/ssl/ssl_cipher.cc
@@ -385,9 +385,9 @@ const char *name = nullptr; // The following fields are bitmasks for the corresponding fields on - // |SSL_CIPHER|. A cipher matches a cipher alias iff, for each bitmask, the + // `SSL_CIPHER`. A cipher matches a cipher alias iff, for each bitmask, the // bit corresponding to the cipher's value is set to 1. If any bitmask is - // all zeroes, the alias matches nothing. Use |~0u| for the default value. + // all zeroes, the alias matches nothing. Use `~0u` for the default value. uint32_t algorithm_mkey = ~0u; uint32_t algorithm_auth = ~0u; uint32_t algorithm_enc = ~0u; @@ -557,10 +557,10 @@ return !is_strict && (c == ' ' || c == ';' || c == ','); } -// rule_equals returns whether the NUL-terminated string |rule| is equal to the -// |buf_len| bytes at |buf|. +// rule_equals returns whether the NUL-terminated string `rule` is equal to the +// `buf_len` bytes at `buf`. static bool rule_equals(const char *rule, const char *buf, size_t buf_len) { - // |strncmp| alone only checks that |buf| is a prefix of |rule|. + // `strncmp` alone only checks that `buf` is a prefix of `rule`. return strncmp(rule, buf, buf_len) == 0 && rule[buf_len] == '\0'; } @@ -657,15 +657,15 @@ cipher->algorithm_enc == SSL_3DES; } -// ssl_cipher_apply_rule applies the rule type |rule| to ciphers matching its -// parameters in the linked list from |*head_p| to |*tail_p|. It writes the new -// head and tail of the list to |*head_p| and |*tail_p|, respectively. +// ssl_cipher_apply_rule applies the rule type `rule` to ciphers matching its +// parameters in the linked list from `*head_p` to `*tail_p`. It writes the new +// head and tail of the list to `*head_p` and `*tail_p`, respectively. // -// - If |cipher_id| is non-zero, only that cipher is selected. -// - Otherwise, if |strength_bits| is non-negative, it selects ciphers +// - If `cipher_id` is non-zero, only that cipher is selected. +// - Otherwise, if `strength_bits` is non-negative, it selects ciphers // of that strength. -// - Otherwise, |alias| must be non-null. It selects ciphers that matches -// |*alias|. +// - Otherwise, `alias` must be non-null. It selects ciphers that matches +// `*alias`. static void ssl_cipher_apply_rule(uint16_t cipher_id, const CIPHER_ALIAS *alias, int rule, int strength_bits, bool in_group, CIPHER_ORDER **head_p, @@ -712,7 +712,7 @@ cp = curr->cipher; // Selection criteria is either a specific cipher, the value of - // |strength_bits|, or the algorithms used. + // `strength_bits`, or the algorithms used. if (cipher_id != 0) { if (cipher_id != cp->protocol_id) { continue;
diff --git a/ssl/ssl_credential.cc b/ssl/ssl_credential.cc index 173b851..cd522d3 100644 --- a/ssl/ssl_credential.cc +++ b/ssl/ssl_credential.cc
@@ -193,8 +193,8 @@ } bool SSLCredential::IsComplete() const { - // APIs like |SSL_use_certificate| and |SSL_set1_chain| configure the leaf and - // other certificates separately. It is possible for |chain| have a null leaf. + // APIs like `SSL_use_certificate` and `SSL_set1_chain` configure the leaf and + // other certificates separately. It is possible for `chain` have a null leaf. if (UsesX509() && (sk_CRYPTO_BUFFER_num(chain.get()) == 0 || sk_CRYPTO_BUFFER_value(chain.get(), 0) == nullptr)) { return false; @@ -408,7 +408,7 @@ } SSL_CREDENTIAL *SSL_CREDENTIAL_dup_ref(const SSL_CREDENTIAL *cred) { - // Safety: we do not mutate the internal state of |cred| other than the + // Safety: we do not mutate the internal state of `cred` other than the // ref-count atomic variable. auto *cred_impl = FromOpaque(const_cast<SSL_CREDENTIAL *>(cred)); cred_impl->UpRefInternal(); @@ -432,7 +432,7 @@ return 0; } - // If the public half has been configured, check |key| matches. |pubkey| will + // If the public half has been configured, check `key` matches. `pubkey` will // have been extracted from the certificate, delegated credential, etc. if (cred_impl->pubkey != nullptr && !ssl_compare_public_and_private_key(cred_impl->pubkey.get(), key)) { @@ -765,9 +765,9 @@ } // Certificate property list has parsed correctly. - // We do not currently retain |cert_property_list|, but if we define another + // We do not currently retain `cert_property_list`, but if we define another // property with larger fields (e.g. stapled SCTs), it may make sense for - // those fields to retain |cert_property_list| and alias into it. + // those fields to retain `cert_property_list` and alias into it. if (trust_anchor.has_value()) { if (!CBS_len(&trust_anchor.value())) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TRUST_ANCHOR_LIST);
diff --git a/ssl/ssl_file.cc b/ssl/ssl_file.cc index 4621290..92143c3 100644 --- a/ssl/ssl_file.cc +++ b/ssl/ssl_file.cc
@@ -35,16 +35,16 @@ static int add_bio_cert_subjects_to_stack(STACK_OF(X509_NAME) *out, BIO *bio, bool allow_empty) { - // This function historically sorted |out| after every addition and skipped + // This function historically sorted `out` after every addition and skipped // duplicates. This implementation preserves that behavior, but only sorts at - // the end, to avoid a quadratic running time. Existing duplicates in |out| + // the end, to avoid a quadratic running time. Existing duplicates in `out` // are preserved, but do not introduce new duplicates. UniquePtr<STACK_OF(X509_NAME)> to_append(sk_X509_NAME_new(xname_cmp)); if (to_append == nullptr) { return 0; } - // Temporarily switch the comparison function for |out|. + // Temporarily switch the comparison function for `out`. struct RestoreCmpFunc { ~RestoreCmpFunc() { sk_X509_NAME_set_cmp_func(stack, old_cmp); } STACK_OF(X509_NAME) *stack; @@ -61,14 +61,14 @@ return 0; } // TODO(davidben): This ignores PEM syntax errors. It should only succeed - // on |PEM_R_NO_START_LINE|. + // on `PEM_R_NO_START_LINE`. ERR_clear_error(); break; } first = false; X509_NAME *subject = X509_get_subject_name(x509.get()); - // Skip if already present in |out|. Duplicates in |to_append| will be + // Skip if already present in `out`. Duplicates in `to_append` will be // handled separately. if (sk_X509_NAME_find(out, /*out_index=*/nullptr, subject)) { continue; @@ -80,7 +80,7 @@ } } - // Append |to_append| to |stack|, skipping any duplicates. + // Append `to_append` to `stack`, skipping any duplicates. sk_X509_NAME_sort(to_append.get()); size_t num = sk_X509_NAME_num(to_append.get()); for (size_t i = 0; i < num; i++) { @@ -96,7 +96,7 @@ } } - // Sort |out| one last time, to preserve the historical behavior of + // Sort `out` one last time, to preserve the historical behavior of // maintaining the sorted list. sk_X509_NAME_sort(out); return 1;
diff --git a/ssl/ssl_internal_test.cc b/ssl/ssl_internal_test.cc index a26c065..7f23839 100644 --- a/ssl/ssl_internal_test.cc +++ b/ssl/ssl_internal_test.cc
@@ -143,9 +143,9 @@ } TEST(DTLSMessageBitmapTest, Basic) { - // expect_bitmap checks that |b|'s unmarked bits are those listed in |ranges|. - // Each element of |ranges| must be non-empty and non-overlapping, and - // |ranges| must be sorted. + // expect_bitmap checks that `b`'s unmarked bits are those listed in `ranges`. + // Each element of `ranges` must be non-empty and non-overlapping, and + // `ranges` must be sorted. auto expect_bitmap = [](const DTLSMessageBitmap &b, const std::vector<DTLSMessageBitmap::Range> &ranges) { EXPECT_EQ(ranges.empty(), b.IsComplete()); @@ -337,8 +337,8 @@ TEST(SSLAEADContextTest, Lengths) { struct LengthTest { - // All plaintext lengths from |min_plaintext_len| to |max_plaintext_len| - // should return in |cipertext_len|. + // All plaintext lengths from `min_plaintext_len` to `max_plaintext_len` + // should return in `cipertext_len`. size_t min_plaintext_len; size_t max_plaintext_len; size_t ciphertext_len; @@ -572,7 +572,7 @@ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("example.01"))); EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("example.0x01"))); EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("example.0X01"))); - // Leading zeros and values that overflow |uint32_t| are still rejected. + // Leading zeros and values that overflow `uint32_t` are still rejected. EXPECT_FALSE(ssl_is_valid_ech_public_name( StringAsBytes("example.123456789000000000000000"))); EXPECT_FALSE(ssl_is_valid_ech_public_name(
diff --git a/ssl/ssl_key_share.cc b/ssl/ssl_key_share.cc index d155b55..5923110 100644 --- a/ssl/ssl_key_share.cc +++ b/ssl/ssl_key_share.cc
@@ -98,7 +98,7 @@ return false; } - // Compute the x-coordinate of |peer_key| * |private_key_|. + // Compute the x-coordinate of `peer_key` * `private_key_`. if (!EC_POINT_mul(group_, result.get(), nullptr, peer_point.get(), private_key_.get(), /*ctx=*/nullptr) || !EC_POINT_get_affine_coordinates_GFp(group_, result.get(), x.get(),
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 491c717..bc319b3 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc
@@ -51,7 +51,7 @@ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD, "max overheads are inconsistent"); -// |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it +// `SSL_R_UNKNOWN_PROTOCOL` is no longer emitted, but continue to define it // to avoid downstream churn. OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_PROTOCOL) @@ -73,7 +73,7 @@ static ExDataClass g_ex_data_class_ssl_ctx(/*with_app_data=*/true); void ssl_reset_error_state(SSL *ssl) { - // Functions which use |SSL_get_error| must reset I/O and error state on + // Functions which use `SSL_get_error` must reset I/O and error state on // entry. ssl->s3->rwstate = SSL_ERROR_NONE; ERR_clear_error(); @@ -181,7 +181,7 @@ !CBB_add_u8(cbb.get(), ' ') || !cbb_add_hex_consttime(cbb.get(), ssl->s3->client_random) || !CBB_add_u8(cbb.get(), ' ') || - // Convert to hex in constant time to avoid leaking |secret|. If the + // Convert to hex in constant time to avoid leaking `secret`. If the // callback discards the data, we should not introduce side channels. !cbb_add_hex_consttime(cbb.get(), secret) || !CBB_add_u8(cbb.get(), 0 /* NUL */) || @@ -212,7 +212,7 @@ return; } - // |version| is zero when calling for |SSL3_RT_HEADER| and |SSL2_VERSION| for + // `version` is zero when calling for `SSL3_RT_HEADER` and `SSL2_VERSION` for // a V2ClientHello. int version; switch (content_type) { @@ -326,7 +326,7 @@ Span<const uint8_t> *out_read_traffic_secret, Span<const uint8_t> *out_write_traffic_secret) { // This API is not well-defined for DTLS, where multiple epochs may be alive - // at once. Callers should use |SSL_get_dtls_*_traffic_secret| instead. In + // at once. Callers should use `SSL_get_dtls_*_traffic_secret` instead. In // QUIC, the application is already handed the traffic secret. if (SSL_is_dtls(ssl) || SSL_is_quic(ssl)) { OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -485,7 +485,7 @@ ssl_st::~ssl_st() { CRYPTO_free_ex_data(&g_ex_data_class_ssl, &ex_data); - // |config| refers to |this|, so we must release it earlier. + // `config` refers to `this`, so we must release it earlier. config.reset(); if (method != nullptr) { method->ssl_free(this); @@ -865,7 +865,7 @@ } // Complete the current handshake, if any. False Start will cause - // |SSL_do_handshake| to return mid-handshake, so this may require multiple + // `SSL_do_handshake` to return mid-handshake, so this may require multiple // iterations. while (!ssl_can_read(ssl)) { int ret = SSL_do_handshake(ssl); @@ -1024,7 +1024,7 @@ } // If we are in the middle of a handshake, silently succeed. Consumers often - // call this function before |SSL_free|, whether the handshake succeeded or + // call this function before `SSL_free`, whether the handshake succeeded or // not. We assume the caller has already handled failed handshakes. if (SSL_in_init(ssl)) { return 1; @@ -1142,7 +1142,7 @@ hs->in_early_data = false; hs->early_session.reset(); - // Discard any unfinished writes from the perspective of |SSL_write|'s + // Discard any unfinished writes from the perspective of `SSL_write`'s // retry. The handshake will transparently flush out the pending record // (discarded by the server) to keep the framing correct. ssl->s3->pending_write = {}; @@ -1386,7 +1386,7 @@ } void SSL_CTX_set0_buffer_pool(SSL_CTX *ctx, CRYPTO_BUFFER_POOL *pool) { - // Historically, |CRYPTO_BUFFER_POOL| was not reference-counted and this + // Historically, `CRYPTO_BUFFER_POOL` was not reference-counted and this // function saved a non-owning pointer, expecting the caller to maintain a // lifetime relationship between the two objects. Now that pools are // reference-counted, the compatible behavior is to treat it as set0 rather @@ -1614,7 +1614,7 @@ } static bool has_cert_and_key(const SSLCredential *cred) { - // TODO(davidben): If |cred->key_method| is set, that should be fine too. + // TODO(davidben): If `cred->key_method` is set, that should be fine too. if (cred->privkey == nullptr) { OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED); return false; @@ -2201,8 +2201,8 @@ return nullptr; } - // Historically, |SSL_get_servername| was also the configuration getter - // corresponding to |SSL_set_tlsext_host_name|. + // Historically, `SSL_get_servername` was also the configuration getter + // corresponding to `SSL_set_tlsext_host_name`. if (ssl->hostname != nullptr) { return ssl->hostname.get(); } @@ -2318,7 +2318,7 @@ *out = nullptr; *out_len = 0; - // Both |peer| and |supported| must be valid protocol lists, but |peer| may be + // Both `peer` and `supported` must be valid protocol lists, but `peer` may be // empty in NPN. auto peer_span = Span(peer, peer_len); auto supported_span = Span(supported, supported_len); @@ -2339,7 +2339,7 @@ // This function is not const-correct for compatibility with existing // callers. *out = const_cast<uint8_t *>(CBS_data(&proto)); - // A u8 length prefix will fit in |uint8_t|. + // A u8 length prefix will fit in `uint8_t`. *out_len = static_cast<uint8_t>(CBS_len(&proto)); return OPENSSL_NPN_NEGOTIATED; } @@ -2362,7 +2362,7 @@ void SSL_get0_next_proto_negotiated(const SSL *ssl, const uint8_t **out_data, unsigned *out_len) { - // NPN protocols have one-byte lengths, so they must fit in |unsigned|. + // NPN protocols have one-byte lengths, so they must fit in `unsigned`. assert(ssl->s3->next_proto_negotiated.size() <= UINT_MAX); *out_data = ssl->s3->next_proto_negotiated.data(); *out_len = static_cast<unsigned>(ssl->s3->next_proto_negotiated.size()); @@ -2430,7 +2430,7 @@ } else { protocol = ssl->s3->alpn_selected; } - // ALPN protocols have one-byte lengths, so they must fit in |unsigned|. + // ALPN protocols have one-byte lengths, so they must fit in `unsigned`. assert(protocol.size() < UINT_MAX); *out_data = protocol.data(); *out_len = static_cast<unsigned>(protocol.size()); @@ -2637,12 +2637,12 @@ int SSL_get_shutdown(const SSL *ssl) { int ret = 0; if (ssl->s3->read_shutdown != ssl_shutdown_none) { - // Historically, OpenSSL set |SSL_RECEIVED_SHUTDOWN| on both close_notify + // Historically, OpenSSL set `SSL_RECEIVED_SHUTDOWN` on both close_notify // and fatal alert. ret |= SSL_RECEIVED_SHUTDOWN; } if (ssl->s3->write_shutdown == ssl_shutdown_close_notify) { - // Historically, OpenSSL set |SSL_SENT_SHUTDOWN| on only close_notify. + // Historically, OpenSSL set `SSL_SENT_SHUTDOWN` on only close_notify. ret |= SSL_SENT_SHUTDOWN; } return ret; @@ -2753,8 +2753,8 @@ } int SSL_want(const SSL *ssl) { - // Historically, OpenSSL did not track |SSL_ERROR_ZERO_RETURN| as an |rwstate| - // value. We do, but map it back to |SSL_ERROR_NONE| to preserve the original + // Historically, OpenSSL did not track `SSL_ERROR_ZERO_RETURN` as an `rwstate` + // value. We do, but map it back to `SSL_ERROR_NONE` to preserve the original // behavior. return ssl->s3->rwstate == SSL_ERROR_ZERO_RETURN ? SSL_ERROR_NONE : ssl->s3->rwstate; @@ -2969,7 +2969,7 @@ void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) { ssl->renegotiate_mode = mode; - // Check if |ssl_can_renegotiate| has changed and the configuration may now be + // Check if `ssl_can_renegotiate` has changed and the configuration may now be // shed. HTTP clients may initially allow renegotiation for HTTP/1.1, and then // disable after the handshake once the ALPN protocol is known to be HTTP/2. ssl_maybe_shed_handshake_config(ssl); @@ -3022,7 +3022,7 @@ return !SSL_in_init(ssl) && // No unacknowledged messages in DTLS 1.3. In DTLS 1.2, there no ACKs - // and we currently never clear |outgoing_messages| on the side that + // and we currently never clear `outgoing_messages` on the side that // speaks last. (ssl_protocol_version(ssl) < TLS1_3_VERSION || ssl->d1->outgoing_messages.empty()) && @@ -3073,7 +3073,7 @@ // Increment to get to an available sequence number. max_seq_num++; } else { - // If |max_seq_num| was available, the bitmap must have been empty. + // If `max_seq_num` was available, the bitmap must have been empty. assert(max_seq_num == 0); } return max_seq_num; @@ -3231,7 +3231,7 @@ return 0; // SSL_clear may not be used after shedding config. } - // In OpenSSL, reusing a client |SSL| with |SSL_clear| causes the previously + // In OpenSSL, reusing a client `SSL` with `SSL_clear` causes the previously // established session to be offered the next time around. wpa_supplicant // depends on this behavior, so emulate it. UniquePtr<SSL_SESSION> session; @@ -3333,7 +3333,7 @@ UniquePtr<SSL_SESSION> session = tls13_create_session_with_ticket(ssl, &body); if (!session) { - // |tls13_create_session_with_ticket| puts the correct error. + // `tls13_create_session_with_ticket` puts the correct error. return nullptr; } return session.release(); @@ -3478,7 +3478,7 @@ static int Configure(SSL *ssl) { ssl->config->compliance_policy = ssl_compliance_policy_fips_202205; - // See |Configure(SSL_CTX)|, above, for reasoning. + // See `Configure(SSL_CTX)`, above, for reasoning. return SSL_set_min_proto_version(ssl, TLS1_2_VERSION) && SSL_set_max_proto_version(ssl, TLS1_3_VERSION) && SSL_set_strict_cipher_list(ssl, kTLS12Ciphers) &&
diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc index c489290..8c52d7c 100644 --- a/ssl/ssl_privkey.cc +++ b/ssl/ssl_privkey.cc
@@ -130,7 +130,7 @@ bssl::UniquePtr<EVP_PKEY> ssl_parse_peer_subject_public_key_info( Span<const uint8_t> spki) { - // Ideally the set of reachable algorithms would flow from |SSL_CTX| for dead + // Ideally the set of reachable algorithms would flow from `SSL_CTX` for dead // code elimination, but for now we just specify every algorithm that might be // reachable from libssl. const EVP_PKEY_ALG *const algs[] = { @@ -167,7 +167,7 @@ sigalg == SSL_SIGN_ECDSA_SHA1; } - // |SSL_SIGN_RSA_PKCS1_MD5_SHA1| is not a real SignatureScheme for TLS 1.2 and + // `SSL_SIGN_RSA_PKCS1_MD5_SHA1` is not a real SignatureScheme for TLS 1.2 and // higher. It is an internal value we use to represent TLS 1.0/1.1's MD5/SHA1 // concatenation. if (sigalg == SSL_SIGN_RSA_PKCS1_MD5_SHA1) { @@ -532,7 +532,7 @@ case SSL_SIGN_ECDSA_SECP521R1_SHA512: return "ecdsa_sha512"; // If adding more here, also update - // |SSL_get_all_signature_algorithm_names|. + // `SSL_get_all_signature_algorithm_names`. } } @@ -597,7 +597,7 @@ return false; } - // Check for invalid algorithms, and filter out |SSL_SIGN_RSA_PKCS1_MD5_SHA1|. + // Check for invalid algorithms, and filter out `SSL_SIGN_RSA_PKCS1_MD5_SHA1`. Array<uint16_t> filtered; if (!filtered.InitForOverwrite(prefs.size())) { return false; @@ -606,8 +606,8 @@ for (uint16_t pref : prefs) { if (pref == SSL_SIGN_RSA_PKCS1_MD5_SHA1) { // Though not intended to be used with this API, we treat - // |SSL_SIGN_RSA_PKCS1_MD5_SHA1| as a real signature algorithm in - // |SSL_PRIVATE_KEY_METHOD|. Not accepting it here makes for a confusing + // `SSL_SIGN_RSA_PKCS1_MD5_SHA1` as a real signature algorithm in + // `SSL_PRIVATE_KEY_METHOD`. Not accepting it here makes for a confusing // abstraction. continue; } @@ -620,7 +620,7 @@ } filtered.Shrink(added); - // This can happen if |prefs| contained only |SSL_SIGN_RSA_PKCS1_MD5_SHA1|. + // This can happen if `prefs` contained only `SSL_SIGN_RSA_PKCS1_MD5_SHA1`. // Leaving it empty would revert to the default, so treat this as an error // condition. if (!prefs.empty() && filtered.empty()) {
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc index 8948d98..960fdcc 100644 --- a/ssl/ssl_session.cc +++ b/ssl/ssl_session.cc
@@ -50,7 +50,7 @@ } uint32_t ssl_hash_session_id(Span<const uint8_t> session_id) { - // Take the first four bytes of |session_id|. Session IDs are generated by the + // Take the first four bytes of `session_id`. Session IDs are generated by the // server randomly, so we can assume even using the first four bytes results // in a good distribution. uint8_t tmp_storage[sizeof(uint32_t)]; @@ -187,7 +187,7 @@ void ssl_session_renew_timeout(SSL *ssl, SSL_SESSION *session, uint32_t timeout) { - // Rebase the timestamp relative to the current time so |timeout| is measured + // Rebase the timestamp relative to the current time so `timeout` is measured // correctly. ssl_session_rebase_time(ssl, session); @@ -204,7 +204,7 @@ uint16_t ssl_session_protocol_version(const SSL_SESSION *session) { uint16_t ret; if (!ssl_protocol_version_from_wire(&ret, session->ssl_version)) { - // An |SSL_SESSION| will never have an invalid version. This is enforced by + // An `SSL_SESSION` will never have an invalid version. This is enforced by // the parser. assert(0); return 0; @@ -234,7 +234,7 @@ session->ssl_version = ssl->s3->version; session->is_quic = SSL_is_quic(ssl); - // Fill in the time from the |SSL_CTX|'s clock. + // Fill in the time from the `SSL_CTX`'s clock. OPENSSL_timeval now = ssl_ctx_get_current_time(ssl->ctx.get()); session->time = now.tv_sec; @@ -339,7 +339,7 @@ return 0; } if (ret == 0) { - // The caller requested to send no ticket, so write nothing to |out|. + // The caller requested to send no ticket, so write nothing to `out`. return 1; } } else { @@ -513,8 +513,8 @@ SSL_is_quic(ssl) == int{session->is_quic}; } -// ssl_lookup_session looks up |session_id| in the session cache and sets -// |*out_session| to an |SSL_SESSION| object if found. +// ssl_lookup_session looks up `session_id` in the session cache and sets +// `*out_session` to an `SSL_SESSION` object if found. static enum ssl_hs_wait_t ssl_lookup_session( SSL_HANDSHAKE *hs, UniquePtr<SSL_SESSION> *out_session, Span<const uint8_t> session_id) { @@ -536,7 +536,7 @@ return key_id == sess->session_id ? 0 : 1; }; MutexReadLock lock(&ssl->session_ctx->lock); - // |lh_SSL_SESSION_retrieve_key| returns a non-owning pointer. + // `lh_SSL_SESSION_retrieve_key` returns a non-owning pointer. session = UpRef(lh_SSL_SESSION_retrieve_key(ssl->session_ctx->sessions, &session_id, hash, cmp)); // TODO(davidben): This should probably move it to the front of the list. @@ -721,28 +721,28 @@ if (!lh_SSL_SESSION_insert(ctx->sessions, &old_session, new_session)) { return false; } - // |ctx->sessions| took ownership of |new_session| and gave us back a - // reference to |old_session|. (|old_session| may be the same as - // |new_session|, in which case we traded identical references with - // |ctx->sessions|.) + // `ctx->sessions` took ownership of `new_session` and gave us back a + // reference to `old_session`. (`old_session` may be the same as + // `new_session`, in which case we traded identical references with + // `ctx->sessions`.) session.release(); session.reset(old_session); if (old_session != nullptr) { if (old_session == new_session) { - // |session| was already in the cache. There are no linked list pointers + // `session` was already in the cache. There are no linked list pointers // to update. return false; } - // There was a session ID collision. |old_session| was replaced with - // |session| in the hash table, so |old_session| must be removed from the + // There was a session ID collision. `old_session` was replaced with + // `session` in the hash table, so `old_session` must be removed from the // linked list to match. SSL_SESSION_list_remove(ctx, old_session); } - // This does not increment the reference count. Although |session| is inserted - // into two structures (a doubly-linked list and the hash table), |ctx| only + // This does not increment the reference count. Although `session` is inserted + // into two structures (a doubly-linked list and the hash table), `ctx` only // takes one reference. SSL_SESSION_list_add(ctx, new_session); @@ -789,9 +789,9 @@ } if (remove_expired_sessions) { - // |SSL_CTX_flush_sessions| takes the lock we just released. We could + // `SSL_CTX_flush_sessions` takes the lock we just released. We could // merge the critical sections, but we'd then call user code under a - // lock, or compute |now| earlier, even when not flushing. + // lock, or compute `now` earlier, even when not flushing. OPENSSL_timeval now = ssl_ctx_get_current_time(ssl->ctx.get()); SSL_CTX_flush_sessions(ctx, now.tv_sec); } @@ -800,7 +800,7 @@ if (ctx->new_session_cb != nullptr) { UniquePtr<SSL_SESSION> ref = UpRef(session); if (ctx->new_session_cb(ssl, ref.get())) { - // |new_session_cb|'s return value signals whether it took ownership. + // `new_session_cb`'s return value signals whether it took ownership. ref.release(); } } @@ -1052,8 +1052,8 @@ // established session. In particular, if there is a pending renegotiation, we // do not return information about it until it completes. // - // Code in the handshake must either use |hs->new_session| (if updating a - // partial session) or |ssl_handshake_session| (if trying to query properties + // Code in the handshake must either use `hs->new_session` (if updating a + // partial session) or `ssl_handshake_session` (if trying to query properties // consistently across TLS 1.2 resumption and other handshakes). if (ssl->s3->established_session != nullptr) { return ssl->s3->established_session.get(); @@ -1126,7 +1126,7 @@ return 0; } - // Historically, zero was treated as |SSL_DEFAULT_SESSION_TIMEOUT|. + // Historically, zero was treated as `SSL_DEFAULT_SESSION_TIMEOUT`. if (timeout == 0) { timeout = SSL_DEFAULT_SESSION_TIMEOUT; } @@ -1158,7 +1158,7 @@ if (param->time == 0 || // session->time + session->timeout < session->time || // param->time > (session->time + session->timeout)) { - // TODO(davidben): This can probably just call |remove_session|. + // TODO(davidben): This can probably just call `remove_session`. (void)lh_SSL_SESSION_delete(param->cache, session); SSL_SESSION_list_remove(param->ctx, session); // TODO(https://crbug.com/boringssl/251): Callbacks should not be called
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 59c89ca..284c5ac 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc
@@ -1049,8 +1049,8 @@ "i4gv7Y5oliyntgMBAQA="; // kCustomSession is a custom serialized SSL_SESSION generated by -// filling in missing fields from |kOpenSSLSession|. This includes -// providing |peer_sha256|, so |peer| is not serialized. +// filling in missing fields from `kOpenSSLSession`. This includes +// providing `peer_sha256`, so `peer` is not serialized. static const char kCustomSession[] = "MIIBZAIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ" "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH" @@ -1160,7 +1160,7 @@ "NusdVm/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ/Eg=="; // kBadSessionExtraField is a custom serialized SSL_SESSION generated by -// replacing the final (optional) element of |kCustomSession| with tag +// replacing the final (optional) element of `kCustomSession` with tag // number 99. static const char kBadSessionExtraField[] = "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ" @@ -1173,7 +1173,7 @@ "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBOMDBAEF"; // kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing -// the version of |kCustomSession| with 2. +// the version of `kCustomSession` with 2. static const char kBadSessionVersion[] = "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ" "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH" @@ -1587,7 +1587,7 @@ } } -// CreateSessionWithTicket returns a sample |SSL_SESSION| with the specified +// CreateSessionWithTicket returns a sample `SSL_SESSION` with the specified // version and ticket length or nullptr on failure. static bssl::UniquePtr<SSL_SESSION> CreateSessionWithTicket(uint16_t version, size_t ticket_len) { @@ -2032,13 +2032,13 @@ } static bool FlushNewSessionTickets(SSL *client, SSL *server) { - // NewSessionTickets are deferred on the server to |SSL_write|, and clients do - // not pick them up until |SSL_read|. + // NewSessionTickets are deferred on the server to `SSL_write`, and clients do + // not pick them up until `SSL_read`. for (;;) { int server_ret = SSL_write(server, nullptr, 0); int server_err = SSL_get_error(server, server_ret); - // The server may either succeed (|server_ret| is zero) or block on write - // (|server_ret| is -1 and |server_err| is |SSL_ERROR_WANT_WRITE|). + // The server may either succeed (`server_ret` is zero) or block on write + // (`server_ret` is -1 and `server_err` is `SSL_ERROR_WANT_WRITE`). if (server_ret > 0 || (server_ret < 0 && server_err != SSL_ERROR_WANT_WRITE)) { fprintf(stderr, "Unexpected server result: %d %d\n", server_ret, @@ -2062,7 +2062,7 @@ } } -// CreateClientAndServer creates a client and server |SSL| objects whose |BIO|s +// CreateClientAndServer creates a client and server `SSL` objects whose `BIO`s // are paired with each other. It does not run the handshake. The caller is // expected to configure the objects and drive the handshake as needed. static bool CreateClientAndServer(bssl::UniquePtr<SSL> *out_client, @@ -2202,7 +2202,7 @@ }); } -// Test that |SSL_get_client_CA_list| echoes back the configured parameter even +// Test that `SSL_get_client_CA_list` echoes back the configured parameter even // before configuring as a server. TEST(SSLTest, ClientCAList) { bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); @@ -2220,7 +2220,7 @@ ASSERT_TRUE(stack); ASSERT_TRUE(PushToStack(stack.get(), std::move(name_dup))); - // |SSL_set_client_CA_list| takes ownership. + // `SSL_set_client_CA_list` takes ownership. SSL_set_client_CA_list(ssl.get(), stack.release()); STACK_OF(X509_NAME) *result = SSL_get_client_CA_list(ssl.get()); @@ -2362,9 +2362,9 @@ uint16_t config_id = 1; std::string public_name = "example.com"; const EVP_HPKE_KEY *key = nullptr; - // kem_id, if zero, takes its value from |key|. + // kem_id, if zero, takes its value from `key`. uint16_t kem_id = 0; - // public_key, if empty takes its value from |key|. + // public_key, if empty takes its value from `key`. std::vector<uint8_t> public_key; size_t max_name_len = 16; // cipher_suites is a list of code points which should contain pairs of KDF @@ -2374,8 +2374,8 @@ std::vector<uint8_t> extensions; }; -// MakeECHConfig serializes an ECHConfig from |params| and writes it to -// |*out|. +// MakeECHConfig serializes an ECHConfig from `params` and writes it to +// `*out`. bool MakeECHConfig(std::vector<uint8_t> *out, const ECHConfigParams ¶ms) { uint16_t kem_id = params.kem_id == 0 ? EVP_HPKE_KEM_id(EVP_HPKE_KEY_kem(params.key)) @@ -2455,7 +2455,7 @@ return SSL_set1_ech_config_list(client, ech_config_list, ech_config_list_len); } -// Test that |SSL_marshal_ech_config| and |SSL_ECH_KEYS_marshal_retry_configs| +// Test that `SSL_marshal_ech_config` and `SSL_ECH_KEYS_marshal_retry_configs` // output values as expected. TEST(SSLTest, MarshalECHConfig) { static const uint8_t kPrivateKey[X25519_PRIVATE_KEY_LEN] = { @@ -2506,7 +2506,7 @@ "public.example", 16)); bssl::UniquePtr<uint8_t> free_ech_config2(ech_config2); - // Install both ECHConfigs in an |SSL_ECH_KEYS|. + // Install both ECHConfigs in an `SSL_ECH_KEYS`. bssl::UniquePtr<SSL_ECH_KEYS> keys(SSL_ECH_KEYS_new()); ASSERT_TRUE(keys); ASSERT_TRUE(SSL_ECH_KEYS_add(keys.get(), /*is_retry_config=*/1, ech_config, @@ -2560,7 +2560,7 @@ } } -// Test that |SSL_ECH_KEYS_add| checks consistency between the public and +// Test that `SSL_ECH_KEYS_add` checks consistency between the public and // private key. TEST(SSLTest, ECHKeyConsistency) { bssl::UniquePtr<SSL_ECH_KEYS> keys(SSL_ECH_KEYS_new()); @@ -2609,7 +2609,7 @@ key.get())); } -// Test that |SSL_CTX_set1_ech_keys| fails when the config list +// Test that `SSL_CTX_set1_ech_keys` fails when the config list // has no retry configs. TEST(SSLTest, ECHServerConfigsWithoutRetryConfigs) { bssl::ScopedEVP_HPKE_KEY key; @@ -2627,7 +2627,7 @@ ASSERT_TRUE(SSL_ECH_KEYS_add(keys.get(), /*is_retry_config=*/0, ech_config, ech_config_len, key.get())); - // |keys| has no retry configs. + // `keys` has no retry configs. bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); ASSERT_TRUE(ctx); EXPECT_FALSE(SSL_CTX_set1_ech_keys(ctx.get(), keys.get())); @@ -2693,7 +2693,7 @@ key.get())); } -// Test that |SSL_get_client_random| reports the correct value on both client +// Test that `SSL_get_client_random` reports the correct value on both client // and server in ECH. The client sends two different random values. When ECH is // accepted, we should report the inner one. TEST(SSLTest, ECHClientRandomsMatch) { @@ -2731,10 +2731,10 @@ EXPECT_EQ(Bytes(client_random1), Bytes(client_random2)); } -// GetECHLength sets |*out_client_hello_len| and |*out_ech_len| to the lengths +// GetECHLength sets `*out_client_hello_len` and `*out_ech_len` to the lengths // of the ClientHello and ECH extension, respectively, when a client created -// from |ctx| constructs a ClientHello with name |name| and an ECHConfig with -// maximum name length |max_name_len|. +// from `ctx` constructs a ClientHello with name `name` and an ECHConfig with +// maximum name length `max_name_len`. static bool GetECHLength(SSL_CTX *ctx, size_t *out_client_hello_len, size_t *out_ech_len, size_t max_name_len, const char *name) { @@ -2830,7 +2830,7 @@ } } -// When using the built-in verifier, test that |SSL_get0_ech_name_override| is +// When using the built-in verifier, test that `SSL_get0_ech_name_override` is // applied automatically. TEST(SSLTest, ECHBuiltinVerifier) { // These test certificates generated with the following Go program. @@ -2941,7 +2941,7 @@ kSecretName, strlen(kSecretName))); // For simplicity, we only run through a pair of representative scenarios here - // and rely on runner.go to verify that |SSL_get0_ech_name_override| behaves + // and rely on runner.go to verify that `SSL_get0_ech_name_override` behaves // correctly. for (bool accept_ech : {false, true}) { SCOPED_TRACE(accept_ech); @@ -2964,7 +2964,7 @@ ASSERT_TRUE(SSL_use_PrivateKey(server.get(), leaf_key.get())); // The handshake may fail due to name mismatch or ECH reject. We check - // |SSL_get_verify_result| to confirm the handshake got far enough. + // `SSL_get_verify_result` to confirm the handshake got far enough. CompleteHandshakes(client.get(), server.get()); EXPECT_EQ(accept_ech == use_leaf_secret ? X509_V_OK : X509_V_ERR_HOSTNAME_MISMATCH, @@ -2974,7 +2974,7 @@ } #if defined(OPENSSL_THREADS) -// Test that the server ECH config can be swapped out while the |SSL_CTX| is +// Test that the server ECH config can be swapped out while the `SSL_CTX` is // in use on other threads. This test is intended to be run with TSan. TEST(SSLTest, ECHThreads) { // Generate a pair of ECHConfigs. @@ -2995,7 +2995,7 @@ "public.example", 16)); bssl::UniquePtr<uint8_t> free_ech_config2(ech_config2); - // |keys1| contains the first config. |keys12| contains both. + // `keys1` contains the first config. `keys12` contains both. bssl::UniquePtr<SSL_ECH_KEYS> keys1(SSL_ECH_KEYS_new()); ASSERT_TRUE(keys1); ASSERT_TRUE(SSL_ECH_KEYS_add(keys1.get(), /*is_retry_config=*/1, ech_config1, @@ -3022,7 +3022,7 @@ ASSERT_TRUE(InstallECHConfigList(client.get(), keys1.get())); // In parallel, complete the connection and reconfigure the ECHConfig. Note - // |keys12| supports all the keys in |keys1|, so the handshake should complete + // `keys12` supports all the keys in `keys1`, so the handshake should complete // the same whichever the server uses. std::vector<std::thread> threads; threads.emplace_back([&] { @@ -3122,7 +3122,7 @@ out->push_back(session); } -// CacheEquals returns true if |ctx|'s session cache consists of |expected|, in +// CacheEquals returns true if `ctx`'s session cache consists of `expected`, in // order. static bool CacheEquals(SSL_CTX *ctx, const std::vector<SSL_SESSION *> &expected) { @@ -3243,7 +3243,7 @@ }; // SSLVersionTest executes its test cases under all available protocol versions. -// Test cases call |Connect| to create a connection using context objects with +// Test cases call `Connect` to create a connection using context objects with // the protocol version fixed to the current version under test. class SSLVersionTest : public ::testing::TestWithParam<VersionParam> { protected: @@ -3309,8 +3309,8 @@ }); TEST_P(SSLVersionTest, SequenceNumber) { - // TODO(crbug.com/42290608): Once |SSL_get_read_sequence| and - // |SSL_get_write_sequence| are no longer implemented in DTLS 1.3, make this + // TODO(crbug.com/42290608): Once `SSL_get_read_sequence` and + // `SSL_get_write_sequence` are no longer implemented in DTLS 1.3, make this // test TLS-only and remove the DTLS cases. For now, since we still care about // their behavior in DTLS 1.2, continue testing this behavior. if (is_dtls() && is_tls13()) { @@ -3616,7 +3616,7 @@ } ASSERT_TRUE(Connect()); - // Shut down half the connection. |SSL_shutdown| will return 0 to signal only + // Shut down half the connection. `SSL_shutdown` will return 0 to signal only // one side has shut down. ASSERT_EQ(SSL_shutdown(client_.get()), 0); @@ -3637,7 +3637,7 @@ EXPECT_EQ(SSL_shutdown(client_.get()), 1); } -// Test that, after calling |SSL_shutdown|, |SSL_write| fails. +// Test that, after calling `SSL_shutdown`, `SSL_write` fails. TEST_P(SSLVersionTest, WriteAfterShutdown) { ASSERT_TRUE(Connect()); @@ -3648,11 +3648,11 @@ ASSERT_TRUE(mem); SSL_set0_wbio(ssl, bssl::UpRef(mem).release()); - // Shut down half the connection. |SSL_shutdown| will return 0 to signal + // Shut down half the connection. `SSL_shutdown` will return 0 to signal // only one side has shut down. ASSERT_EQ(SSL_shutdown(ssl), 0); - // |ssl| should have written an alert to the transport. + // `ssl` should have written an alert to the transport. const uint8_t *unused; size_t len; ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len)); @@ -3668,7 +3668,7 @@ } } -// Test that, after sending a fatal alert in a failed |SSL_read|, |SSL_write| +// Test that, after sending a fatal alert in a failed `SSL_read`, `SSL_write` // fails. TEST_P(SSLVersionTest, WriteAfterReadSentFatalAlert) { // Decryption failures are not fatal in DTLS. @@ -3678,7 +3678,7 @@ ASSERT_TRUE(Connect()); - // Save the write |BIO|s as the test will overwrite them. + // Save the write `BIO`s as the test will overwrite them. bssl::UniquePtr<BIO> client_wbio = bssl::UpRef(SSL_get_wbio(client_.get())); bssl::UniquePtr<BIO> server_wbio = bssl::UpRef(SSL_get_wbio(server_.get())); @@ -3698,7 +3698,7 @@ char buf[256]; EXPECT_EQ(-1, SSL_read(ssl, buf, sizeof(buf))); - // |ssl| should have written an alert to the transport. + // `ssl` should have written an alert to the transport. const uint8_t *unused; size_t len; ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len)); @@ -3714,7 +3714,7 @@ } } -// Test that, after sending a fatal alert from the handshake, |SSL_write| fails. +// Test that, after sending a fatal alert from the handshake, `SSL_write` fails. TEST_P(SSLVersionTest, WriteAfterHandshakeSentFatalAlert) { for (bool test_server : {false, true}) { SCOPED_TRACE(test_server ? "server" : "client"); @@ -3760,7 +3760,7 @@ EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(ssl.get(), -1)); uint32_t err = ERR_get_error(); - // |ssl| should have written an alert (and, in the client's case, a + // `ssl` should have written an alert (and, in the client's case, a // ClientHello) to the transport. const uint8_t *unused; size_t len; @@ -3779,8 +3779,8 @@ } } -// Test that, after seeing TLS 1.2 in response to early data, |SSL_write| -// continues to report |SSL_R_WRONG_VERSION_ON_EARLY_DATA|. See +// Test that, after seeing TLS 1.2 in response to early data, `SSL_write` +// continues to report `SSL_R_WRONG_VERSION_ON_EARLY_DATA`. See // https://crbug.com/1078515. TEST(SSLTest, WriteAfterWrongVersionOnEarlyData) { // Set up some 0-RTT-enabled contexts. @@ -3950,7 +3950,7 @@ EXPECT_TRUE(SSL_set_wfd(ssl.get(), 1)); ExpectFDs(ssl.get(), 1, 1); - // ASan builds will implicitly test that the internal |BIO| reference-counting + // ASan builds will implicitly test that the internal `BIO` reference-counting // is correct. } @@ -4005,7 +4005,7 @@ BIO_up_ref(bio2.get()); SSL_set_bio(ssl.get(), bio2.get(), bio1.get()); - // ASAN builds will implicitly test that the internal |BIO| reference-counting + // ASAN builds will implicitly test that the internal `BIO` reference-counting // is correct. } @@ -4590,7 +4590,7 @@ bssl::UniquePtr<EVP_PKEY> key2 = GetECDSATestKey(); ASSERT_TRUE(key2); - // Test that switching the |SSL_CTX| at the SNI callback behaves correctly. + // Test that switching the `SSL_CTX` at the SNI callback behaves correctly. static const uint16_t kECDSAWithSHA256 = SSL_SIGN_ECDSA_SECP256R1_SHA256; static const uint8_t kSCTList[] = {0, 6, 0, 4, 5, 6, 7, 8}; @@ -4606,7 +4606,7 @@ sizeof(kOCSPResponse))); // Historically signing preferences would be lost in some cases with the // SNI callback, which triggers the TLS 1.2 SHA-1 default. To ensure - // this doesn't happen when |version| is TLS 1.2, configure the private + // this doesn't happen when `version` is TLS 1.2, configure the private // key to only sign SHA-256. ASSERT_TRUE(SSL_CTX_set_signing_algorithm_prefs(server_ctx2.get(), &kECDSAWithSHA256, 1)); @@ -4619,18 +4619,18 @@ ASSERT_TRUE(Connect()); - // The client should have received |cert2|. + // The client should have received `cert2`. bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(client_.get())); ASSERT_TRUE(peer); EXPECT_EQ(X509_cmp(peer.get(), cert2.get()), 0); - // The client should have received |server_ctx2|'s SCT list. + // The client should have received `server_ctx2`'s SCT list. const uint8_t *data; size_t len; SSL_get0_signed_cert_timestamp_list(client_.get(), &data, &len); EXPECT_EQ(Bytes(kSCTList), Bytes(data, len)); - // The client should have received |server_ctx2|'s OCSP response. + // The client should have received `server_ctx2`'s OCSP response. SSL_get0_ocsp_response(client_.get(), &data, &len); EXPECT_EQ(Bytes(kOCSPResponse), Bytes(data, len)); } @@ -4750,12 +4750,12 @@ TEST_P(SSLVersionTest, Version) { ASSERT_TRUE(CreateClientAndServer(&client_, &server_, client_ctx_.get(), server_ctx_.get())); - // Before the handshake, |SSL_version| reports some placeholder value. + // Before the handshake, `SSL_version` reports some placeholder value. const uint16_t placeholder = is_dtls() ? DTLS1_2_VERSION : TLS1_2_VERSION; EXPECT_EQ(SSL_version(client_.get()), placeholder); EXPECT_EQ(SSL_version(server_.get()), placeholder); - // After the handshake, |SSL_version| reports the version. + // After the handshake, `SSL_version` reports the version. ASSERT_TRUE(CompleteHandshakes(client_.get(), server_.get())); EXPECT_EQ(SSL_version(client_.get()), version()); EXPECT_EQ(SSL_version(server_.get()), version()); @@ -4773,14 +4773,14 @@ EXPECT_EQ(strcmp(version_name, client_name), 0); EXPECT_EQ(strcmp(version_name, server_name), 0); - // |SSL_clear| should reset the |SSL|s to the original state. + // `SSL_clear` should reset the `SSL`s to the original state. ASSERT_TRUE(SSL_clear(client_.get())); ASSERT_TRUE(SSL_clear(server_.get())); EXPECT_EQ(SSL_version(client_.get()), placeholder); EXPECT_EQ(SSL_version(server_.get()), placeholder); } -// Tests that that |SSL_get_pending_cipher| is available during the ALPN +// Tests that that `SSL_get_pending_cipher` is available during the ALPN // selection callback. TEST_P(SSLVersionTest, ALPNCipherAvailable) { ASSERT_TRUE(UseCertAndKey(client_ctx_.get())); @@ -4831,7 +4831,7 @@ // Attempt to connect a second time. ASSERT_TRUE(CompleteHandshakes(client_.get(), server_.get())); - // |SSL_clear| should implicitly offer the previous session to the server. + // `SSL_clear` should implicitly offer the previous session to the server. EXPECT_TRUE(SSL_session_reused(client_.get())); EXPECT_TRUE(SSL_session_reused(server_.get())); } @@ -4850,7 +4850,7 @@ ASSERT_TRUE(Connect()); ASSERT_TRUE(CompleteHandshakes(client_.get(), server_.get())); - // |SSL_clear| should now fail. + // `SSL_clear` should now fail. ASSERT_FALSE(SSL_clear(client_.get())); ASSERT_FALSE(SSL_clear(server_.get())); } @@ -4900,7 +4900,7 @@ ASSERT_TRUE(UseCertAndKey(server_ctx_.get())); // Configure both client and server to accept any certificate. Add - // |intermediate| to the cert store. + // `intermediate` to the cert store. ASSERT_TRUE(X509_STORE_add_cert(SSL_CTX_get_cert_store(client_ctx_.get()), intermediate.get())); ASSERT_TRUE(X509_STORE_add_cert(SSL_CTX_get_cert_store(server_ctx_.get()), @@ -5027,13 +5027,13 @@ SSL_ERROR_SSL); ASSERT_TRUE(ExpectSingleError(ERR_LIB_SSL, SSL_R_BAD_WRITE_RETRY)); - // With |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, the buffer may move. + // With `SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER`, the buffer may move. SSL_set_mode(client_.get(), SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); ASSERT_EQ(SSL_get_error(client_.get(), SSL_write(client_.get(), data2, kChunkLen)), SSL_ERROR_WANT_WRITE); - // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| does not disable length checks. + // `SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER` does not disable length checks. ASSERT_EQ(SSL_get_error(client_.get(), SSL_write(client_.get(), data2, kChunkLen - 1)), SSL_ERROR_SSL); @@ -5090,7 +5090,7 @@ count--; // Retry the last write, with a longer input. The first half is the most - // recently failed write, from filling the buffer. |SSL_write| should write + // recently failed write, from filling the buffer. `SSL_write` should write // that to the transport, and then attempt to write the second half. int ret = SSL_write(client_.get(), data_longer, 2 * kChunkLen); if (enable_partial_write) { @@ -5216,7 +5216,7 @@ SSL_CTX_set_tlsext_servername_callback( server_ctx_.get(), [](SSL *ssl, int *out_alert, void *arg) -> int { - // During the handshake, |SSL_get_servername| must match |config|. + // During the handshake, `SSL_get_servername` must match `config`. ClientConfig *config_p = reinterpret_cast<ClientConfig *>(arg); EXPECT_STREQ(config_p->servername.c_str(), SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)); @@ -5235,7 +5235,7 @@ bssl::UniquePtr<SSL_SESSION> session = CreateClientSession(client_ctx_.get(), server_ctx_.get(), config); - // If the client resumes a session with a different name, |SSL_get_servername| + // If the client resumes a session with a different name, `SSL_get_servername` // must return the new name. ASSERT_TRUE(session); config.session = session.get(); @@ -5259,7 +5259,7 @@ // Test that all versions survive tiny write buffers. In particular, TLS 1.3 // NewSessionTickets are written post-handshake. Servers that block -// |SSL_do_handshake| on writing them will deadlock if clients are not draining +// `SSL_do_handshake` on writing them will deadlock if clients are not draining // the buffer. Test that we do not do this. TEST_P(SSLVersionTest, SmallBuffer) { // DTLS is a datagram protocol and requires packet-sized buffers. @@ -5302,7 +5302,7 @@ EXPECT_TRUE(g_last_session); } - // Send some data from server to client. If |use_zero_write| is false, this + // Send some data from server to client. If `use_zero_write` is false, this // will also flush the NewSessionTickets. static const char kMessage[] = "hello world"; char buf[sizeof(kMessage)]; @@ -5313,7 +5313,7 @@ int client_err = SSL_get_error(client.get(), client_ret); // The server will write a single record, so every iteration should see - // |SSL_ERROR_WANT_WRITE| and |SSL_ERROR_WANT_READ|, until the final + // `SSL_ERROR_WANT_WRITE` and `SSL_ERROR_WANT_READ`, until the final // iteration, where both will complete. if (server_ret > 0) { EXPECT_EQ(server_ret, static_cast<int>(sizeof(kMessage))); @@ -5335,7 +5335,7 @@ TEST(SSLTest, AddChainCertHack) { // Ensure that we don't accidentally break the hack that we have in place to - // keep curl and serf happy when they use an |X509| even after transferring + // keep curl and serf happy when they use an `X509` even after transferring // ownership. bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); @@ -5398,7 +5398,7 @@ leaf.get(), }; - // Should fail because |GetTestKey| doesn't match the chain-test certificate. + // Should fail because `GetTestKey` doesn't match the chain-test certificate. ASSERT_FALSE(SSL_CTX_set_chain_and_key(ctx.get(), chain.data(), chain.size(), key.get(), nullptr)); ERR_clear_error(); @@ -5413,10 +5413,10 @@ bssl::UniquePtr<X509> leaf = GetChainTestCertificate(); ASSERT_TRUE(leaf); - // There is no key or certificate, so |SSL_CTX_check_private_key| fails. + // There is no key or certificate, so `SSL_CTX_check_private_key` fails. EXPECT_FALSE(SSL_CTX_check_private_key(ctx.get())); - // With only a certificate, |SSL_CTX_check_private_key| still fails. + // With only a certificate, `SSL_CTX_check_private_key` still fails. ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), leaf.get())); EXPECT_FALSE(SSL_CTX_check_private_key(ctx.get())); @@ -5438,10 +5438,10 @@ bssl::UniquePtr<X509> leaf = GetChainTestCertificate(); ASSERT_TRUE(leaf); - // There is no key or certificate, so |SSL_CTX_check_private_key| fails. + // There is no key or certificate, so `SSL_CTX_check_private_key` fails. EXPECT_FALSE(SSL_CTX_check_private_key(ctx.get())); - // With only a key, |SSL_CTX_check_private_key| still fails. + // With only a key, `SSL_CTX_check_private_key` still fails. ASSERT_TRUE(SSL_CTX_use_PrivateKey(ctx.get(), key.get())); EXPECT_FALSE(SSL_CTX_check_private_key(ctx.get())); @@ -5451,15 +5451,15 @@ EXPECT_EQ(nullptr, SSL_CTX_get0_privatekey(ctx.get())); // Some callers configure the private key, then the certificate, and then - // expect |SSL_CTX_check_private_key| to check consistency. It does, but only + // expect `SSL_CTX_check_private_key` to check consistency. It does, but only // by way of noticing there is no private key. The actual consistency check - // happened in |SSL_CTX_use_certificate|. + // happened in `SSL_CTX_use_certificate`. EXPECT_FALSE(SSL_CTX_check_private_key(ctx.get())); } TEST(SSLTest, OverrideCertAndKey) { // It is possible to override an existing certificate by configuring - // certificate, then key, due to |SSL_CTX_use_certificate|'s above silent + // certificate, then key, due to `SSL_CTX_use_certificate`'s above silent // dropping behavior. bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); ASSERT_TRUE(ctx); @@ -5503,8 +5503,8 @@ ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), leaf.get())); SSL_CTX_set_custom_verify(ctx.get(), SSL_VERIFY_PEER, AcceptAnyCertificate); - // Configuring an |SSL_PRIVATE_KEY_METHOD| and then overwriting it with an - // |EVP_PKEY| should clear the |SSL_PRIVATE_KEY_METHOD|. + // Configuring an `SSL_PRIVATE_KEY_METHOD` and then overwriting it with an + // `EVP_PKEY` should clear the `SSL_PRIVATE_KEY_METHOD`. SSL_CTX_set_private_key_method(ctx.get(), &kErrorMethod); ASSERT_TRUE(SSL_CTX_use_PrivateKey(ctx.get(), key.get())); @@ -6149,7 +6149,7 @@ } // ssl_test_ticket_aead_failure_mode enumerates the possible ways in which the -// test |SSL_TICKET_AEAD_METHOD| can fail. +// test `SSL_TICKET_AEAD_METHOD` can fail. enum ssl_test_ticket_aead_failure_mode { ssl_test_ticket_aead_ok = 0, ssl_test_ticket_aead_seal_fail, @@ -6222,7 +6222,7 @@ case ssl_test_ticket_aead_ok: break; case ssl_test_ticket_aead_seal_fail: - // If |seal| failed then there shouldn't be any ticket to try and + // If `seal` failed then there shouldn't be any ticket to try and // decrypt. abort(); break; @@ -6488,7 +6488,7 @@ bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); ASSERT_TRUE(ctx); - // Configure |client_ctx| with a cipher list that does not intersect with its + // Configure `client_ctx` with a cipher list that does not intersect with its // version configuration. ASSERT_TRUE(SSL_CTX_set_strict_cipher_list( ctx.get(), "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256")); @@ -6558,16 +6558,16 @@ EXPECT_EQ(0, SSL_pending(client_.get())); if (is_dtls()) { // In DTLS, the two records would have been read as a single datagram and - // buffered inside |client_|. Thus, |SSL_has_pending| should return true. + // buffered inside `client_`. Thus, `SSL_has_pending` should return true. // - // This test is slightly unrealistic. It relies on |ConnectClientAndServer| - // using a |BIO| pair, which does not preserve datagram boundaries. Reading + // This test is slightly unrealistic. It relies on `ConnectClientAndServer` + // using a `BIO` pair, which does not preserve datagram boundaries. Reading // 1 byte, then 4 bytes, from the first record also relies on // https://crbug.com/boringssl/65. But it does test the codepaths. When // fixing either of these bugs, this test may need to be redone. EXPECT_EQ(1, SSL_has_pending(client_.get())); } else { - // In TLS, we do not overread, so |SSL_has_pending| should report no data is + // In TLS, we do not overread, so `SSL_has_pending` should report no data is // buffered. EXPECT_EQ(0, SSL_has_pending(client_.get())); } @@ -6577,7 +6577,7 @@ EXPECT_EQ(1, SSL_has_pending(client_.get())); } -// Test that post-handshake tickets consumed by |SSL_shutdown| are ignored. +// Test that post-handshake tickets consumed by `SSL_shutdown` are ignored. TEST(SSLTest, ShutdownIgnoresTickets) { bssl::UniquePtr<SSL_CTX> ctx(CreateContextWithTestCertificate(TLS_method())); ASSERT_TRUE(ctx); @@ -6780,8 +6780,8 @@ bssl::UniquePtr<SSL> handshaker(SSL_new(handshaker_ctx.get())); ASSERT_TRUE(handshaker); // Note split handshakes determines 0-RTT support, for both the current - // handshake and newly-issued tickets, entirely by |handshaker|. There is - // no need to call |SSL_set_early_data_enabled| on |server|. + // handshake and newly-issued tickets, entirely by `handshaker`. There is + // no need to call `SSL_set_early_data_enabled` on `server`. SSL_set_early_data_enabled(handshaker.get(), 1); // Set up handshaker ALPS settings. @@ -6808,8 +6808,8 @@ int handshake_err = SSL_get_error(handshaker.get(), handshake_ret); ASSERT_EQ(handshake_err, SSL_ERROR_HANDBACK); - // Double-check that additional calls to |SSL_do_handshake| continue - // to get |SSL_ERROR_HANDBACK|. + // Double-check that additional calls to `SSL_do_handshake` continue + // to get `SSL_ERROR_HANDBACK`. handshake_ret = SSL_do_handshake(handshaker.get()); handshake_err = SSL_get_error(handshaker.get(), handshake_ret); ASSERT_EQ(handshake_err, SSL_ERROR_HANDBACK); @@ -7057,9 +7057,9 @@ // handoff is a handoff message that has been artificially modified to pretend // that only TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) is supported. When - // it is applied to |server|, all ciphers but that one should be removed. + // it is applied to `server`, all ciphers but that one should be removed. // - // To make a new one of these, try sticking this in the |Handoff| test above: + // To make a new one of these, try sticking this in the `Handoff` test above: // // hexdump(stderr, "", handoff.data(), handoff.size()); // sed -e 's/\(..\)/0x\1, /g' @@ -7095,10 +7095,10 @@ ASSERT_TRUE(server); // handoff is a handoff message that has been artificially modified to pretend - // that only one ECDH group is supported. When it is applied to |server|, all + // that only one ECDH group is supported. When it is applied to `server`, all // groups but that one should be removed. // - // See |ApplyHandoffRemovesUnsupportedCiphers| for how to make a new one of + // See `ApplyHandoffRemovesUnsupportedCiphers` for how to make a new one of // these. uint8_t handoff[] = { 0x30, 0x81, 0xc0, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x81, 0x82, 0x01, @@ -7130,7 +7130,7 @@ } TEST(SSLTest, ZeroSizedWiteFlushesHandshakeMessages) { - // If there are pending handshake messages, an |SSL_write| of zero bytes + // If there are pending handshake messages, an `SSL_write` of zero bytes // should flush them. bssl::UniquePtr<SSL_CTX> server_ctx( CreateContextWithTestCertificate(TLS_method())); @@ -7295,8 +7295,8 @@ } }); threads.emplace_back([&] { - // Never connect with |expired_session2|. The session cache eagerly - // removes expired sessions when it sees them. Leaving |expired_session2| + // Never connect with `expired_session2`. The session cache eagerly + // removes expired sessions when it sees them. Leaving `expired_session2` // untouched ensures it is instead cleared by periodic flushing. for (int i = 0; i < kNumConnections; i++) { connect_with_session(expired_session1.get()); @@ -7363,7 +7363,7 @@ ASSERT_TRUE(cert); ASSERT_TRUE(SSL_CTX_use_certificate(ctx.get(), cert.get())); - // Existing code expects |SSL_CTX_get0_certificate| to be callable from two + // Existing code expects `SSL_CTX_get0_certificate` to be callable from two // threads concurrently. It originally was an immutable operation. Now we // implement it with a thread-safe cache, so it is worth testing. X509 *cert2_thread; @@ -7751,8 +7751,8 @@ MockQUICTransport *server() { return &server_; } bool SecretsMatch(ssl_encryption_level_t level) const { - // We only need to check |HasReadSecret| and |HasWriteSecret| on |client_|. - // |PeerSecretsMatch| checks that |server_| is analogously configured. + // We only need to check `HasReadSecret` and `HasWriteSecret` on `client_`. + // `PeerSecretsMatch` checks that `server_` is analogously configured. return client_.PeerSecretsMatch(level) && client_.HasWriteSecret(level) && (level == ssl_encryption_early_data || client_.HasReadSecret(level)); } @@ -7848,15 +7848,15 @@ kServerError, }; - // CompleteHandshakesForQUIC runs |SSL_do_handshake| on |client_| and - // |server_| until each completes once. It returns true on success and false + // CompleteHandshakesForQUIC runs `SSL_do_handshake` on `client_` and + // `server_` until each completes once. It returns true on success and false // on failure. bool CompleteHandshakesForQUIC() { return RunQUICHandshakesAndExpectError(ExpectedError::kNoError); } - // Runs |SSL_do_handshake| on |client_| and |server_| until each completes - // once. If |expect_client_error| is true, it will return true only if the + // Runs `SSL_do_handshake` on `client_` and `server_` until each completes + // once. If `expect_client_error` is true, it will return true only if the // client handshake failed. Otherwise, it returns true if both handshakes // succeed and false otherwise. bool RunQUICHandshakesAndExpectError(ExpectedError expected_error) { @@ -8479,7 +8479,7 @@ } // Test that excess data at one level is rejected. That is, if a single -// |SSL_provide_quic_data| call included both ServerHello and +// `SSL_provide_quic_data` call included both ServerHello and // EncryptedExtensions in a single chunk, BoringSSL notices and rejects this on // key change. TEST_F(QUICMethodTest, ExcessProvidedData) { @@ -8510,7 +8510,7 @@ // encryption. ASSERT_EQ(ssl_encryption_initial, SSL_quic_read_level(client_.get())); - // |add_handshake_data| incorrectly wrote everything at the initial level, so + // `add_handshake_data` incorrectly wrote everything at the initial level, so // this queues up ServerHello through Finished in one chunk. ASSERT_TRUE(ProvideHandshakeData(client_.get())); @@ -8535,7 +8535,7 @@ EXPECT_FALSE(transport_->client()->HasReadSecret(ssl_encryption_handshake)); } -// Test that |SSL_provide_quic_data| will reject data at the wrong level. +// Test that `SSL_provide_quic_data` will reject data at the wrong level. TEST_F(QUICMethodTest, ProvideWrongLevel) { const SSL_QUIC_METHOD quic_method = DefaultQUICMethod(); @@ -8863,7 +8863,7 @@ } // Test that the default QUIC code point is consistent with -// |TLSEXT_TYPE_quic_transport_parameters|. This test ensures we remember to +// `TLSEXT_TYPE_quic_transport_parameters`. This test ensures we remember to // update the two values together. TEST_F(QUICMethodTest, QuicCodePointDefault) { const SSL_QUIC_METHOD quic_method = DefaultQUICMethod(); @@ -8902,7 +8902,7 @@ // Connect the inner SSL connections. ASSERT_TRUE(Connect()); - // Make a pair of |BIO|s which wrap |client_| and |server_|. + // Make a pair of `BIO`s which wrap `client_` and `server_`. UniquePtr<BIO_METHOD> bio_method(BIO_meth_new(0, nullptr)); ASSERT_TRUE(bio_method); ASSERT_TRUE(BIO_meth_set_read( @@ -8927,7 +8927,7 @@ })); ASSERT_TRUE(BIO_meth_set_ctrl( bio_method.get(), [](BIO *bio, int cmd, long larg, void *parg) -> long { - // |SSL| objects require |BIO_flush| support. + // `SSL` objects require `BIO_flush` support. if (cmd == BIO_CTRL_FLUSH) { return 1; } @@ -8949,15 +8949,15 @@ ASSERT_TRUE(client_outer); SSL_set_connect_state(client_outer.get()); SSL_set_bio(client_outer.get(), client_bio.get(), client_bio.get()); - client_bio.release(); // |SSL_set_bio| takes ownership. + client_bio.release(); // `SSL_set_bio` takes ownership. UniquePtr<SSL> server_outer(SSL_new(server_ctx_.get())); ASSERT_TRUE(server_outer); SSL_set_accept_state(server_outer.get()); SSL_set_bio(server_outer.get(), server_bio.get(), server_bio.get()); - server_bio.release(); // |SSL_set_bio| takes ownership. + server_bio.release(); // `SSL_set_bio` takes ownership. - // Configure |client_outer| to reject the server certificate. + // Configure `client_outer` to reject the server certificate. SSL_set_custom_verify( client_outer.get(), SSL_VERIFY_PEER, [](SSL *ssl, uint8_t *out_alert) -> ssl_verify_result_t { @@ -9002,21 +9002,21 @@ SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); SSL_CTX_set_session_cache_mode(server_ctx2.get(), SSL_SESS_CACHE_BOTH); - // Establish a session for |server_ctx_|. + // Establish a session for `server_ctx_`. bssl::UniquePtr<SSL_SESSION> session = CreateClientSession(client_ctx_.get(), server_ctx_.get()); ASSERT_TRUE(session); ClientConfig config; config.session = session.get(); - // Resuming with |server_ctx_| again works. + // Resuming with `server_ctx_` again works. bssl::UniquePtr<SSL> client, server; ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), server_ctx_.get(), config)); EXPECT_TRUE(SSL_session_reused(client.get())); EXPECT_TRUE(SSL_session_reused(server.get())); - // Resuming with |server_ctx2| also works. + // Resuming with `server_ctx2` also works. ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), server_ctx2.get(), config)); EXPECT_TRUE(SSL_session_reused(client.get())); @@ -9040,21 +9040,21 @@ SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); SSL_CTX_set_session_cache_mode(server_ctx2.get(), SSL_SESS_CACHE_BOTH); - // Establish a session for |server_ctx_|. + // Establish a session for `server_ctx_`. bssl::UniquePtr<SSL_SESSION> session = CreateClientSession(client_ctx_.get(), server_ctx_.get()); ASSERT_TRUE(session); ClientConfig config; config.session = session.get(); - // Resuming with |server_ctx_| again works. + // Resuming with `server_ctx_` again works. bssl::UniquePtr<SSL> client, server; ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), server_ctx_.get(), config)); EXPECT_TRUE(SSL_session_reused(client.get())); EXPECT_TRUE(SSL_session_reused(server.get())); - // Resuming with |server_ctx2| does not work. + // Resuming with `server_ctx2` does not work. ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), server_ctx2.get(), config)); EXPECT_FALSE(SSL_session_reused(client.get())); @@ -9070,21 +9070,21 @@ SSL_CTX_set_session_cache_mode(server_ctx_.get(), SSL_SESS_CACHE_BOTH); SSL_CTX_set_session_cache_mode(server_ctx2.get(), SSL_SESS_CACHE_BOTH); - // Establish a session for |server_ctx_|. + // Establish a session for `server_ctx_`. bssl::UniquePtr<SSL_SESSION> session = CreateClientSession(client_ctx_.get(), server_ctx_.get()); ASSERT_TRUE(session); ClientConfig config; config.session = session.get(); - // Resuming with |server_ctx_| again works. + // Resuming with `server_ctx_` again works. bssl::UniquePtr<SSL> client, server; ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), server_ctx_.get(), config)); EXPECT_TRUE(SSL_session_reused(client.get())); EXPECT_TRUE(SSL_session_reused(server.get())); - // Resuming with |server_ctx2| does not work. + // Resuming with `server_ctx2` does not work. ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx_.get(), server_ctx2.get(), config)); EXPECT_FALSE(SSL_session_reused(client.get())); @@ -9127,7 +9127,7 @@ // Encrypt a HelloRequest. uint8_t in[] = {SSL3_MT_HELLO_REQUEST, 0, 0, 0}; - // Extract key material from |server|. + // Extract key material from `server`. static const size_t kKeyLen = 32; static const size_t kNonceLen = 12; ASSERT_EQ(2u * (kKeyLen + kNonceLen), SSL_get_key_block_len(server)); @@ -9190,7 +9190,7 @@ static const uint8_t kInput[] = {'h', 'e', 'l', 'l', 'o'}; - // Write "hello" until the buffer is full, so |client| has a pending write. + // Write "hello" until the buffer is full, so `client` has a pending write. size_t num_writes = 0; for (;;) { int ret = SSL_write(client.get(), kInput, sizeof(kInput)); @@ -9204,19 +9204,19 @@ ASSERT_NO_FATAL_FAILURE(WriteHelloRequest(server.get())); - // |SSL_read| should pick up the HelloRequest. + // `SSL_read` should pick up the HelloRequest. uint8_t byte; ASSERT_EQ(-1, SSL_read(client.get(), &byte, 1)); ASSERT_EQ(SSL_ERROR_WANT_RENEGOTIATE, SSL_get_error(client.get(), -1)); - // Drain the data from the |client|. + // Drain the data from the `client`. uint8_t buf[sizeof(kInput)]; for (size_t i = 0; i < num_writes; i++) { ASSERT_EQ(int(sizeof(buf)), SSL_read(server.get(), buf, sizeof(buf))); EXPECT_EQ(Bytes(buf), Bytes(kInput)); } - // |client| should be able to finish the pending write and continue to write, + // `client` should be able to finish the pending write and continue to write, // despite the paused HelloRequest. ASSERT_EQ(int(sizeof(kInput)), SSL_write(client.get(), kInput, sizeof(kInput))); @@ -9228,7 +9228,7 @@ ASSERT_EQ(int(sizeof(buf)), SSL_read(server.get(), buf, sizeof(buf))); EXPECT_EQ(Bytes(buf), Bytes(kInput)); - // |SSL_read| is stuck until we acknowledge the HelloRequest. + // `SSL_read` is stuck until we acknowledge the HelloRequest. ASSERT_EQ(-1, SSL_read(client.get(), &byte, 1)); ASSERT_EQ(SSL_ERROR_WANT_RENEGOTIATE, SSL_get_error(client.get(), -1)); @@ -9317,7 +9317,7 @@ CreateClientSession(client_ctx.get(), server_ctx.get()); ASSERT_TRUE(session); - // The client should attempt early data with |session|. + // The client should attempt early data with `session`. bssl::UniquePtr<SSL> client, server; ASSERT_TRUE(CreateClientAndServer(&client, &server, client_ctx.get(), server_ctx.get())); @@ -9326,7 +9326,7 @@ ASSERT_EQ(1, SSL_do_handshake(client.get())); EXPECT_TRUE(SSL_in_early_data(client.get())); - // |SSL_SESSION_copy_without_early_data| should disable early data but + // `SSL_SESSION_copy_without_early_data` should disable early data but // still resume the session. bssl::UniquePtr<SSL_SESSION> session2( SSL_SESSION_copy_without_early_data(session.get())); @@ -9341,7 +9341,7 @@ EXPECT_EQ(ssl_early_data_unsupported_for_session, SSL_get_early_data_reason(client.get())); - // |SSL_SESSION_copy_without_early_data| should be a reference count increase + // `SSL_SESSION_copy_without_early_data` should be a reference count increase // when passed an early-data-incapable session. bssl::UniquePtr<SSL_SESSION> session3( SSL_SESSION_copy_without_early_data(session2.get())); @@ -9399,11 +9399,11 @@ ASSERT_TRUE(session_buf); ASSERT_GT(session_length, 0u); - // Servers cannot call |SSL_process_tls13_new_session_ticket|. + // Servers cannot call `SSL_process_tls13_new_session_ticket`. ASSERT_FALSE(SSL_process_tls13_new_session_ticket(server.get(), kTicket, sizeof(kTicket))); - // Clients cannot call |SSL_process_tls13_new_session_ticket| before the + // Clients cannot call `SSL_process_tls13_new_session_ticket` before the // handshake completes. bssl::UniquePtr<SSL> client2(SSL_new(client_ctx.get())); ASSERT_TRUE(client2); @@ -9427,7 +9427,7 @@ ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(), server_ctx.get())); - // Wrap |client| in an SSL BIO. + // Wrap `client` in an SSL BIO. bssl::UniquePtr<BIO> client_bio(BIO_new(BIO_f_ssl())); ASSERT_TRUE(client_bio); ASSERT_EQ(1, BIO_set_ssl(client_bio.get(), client.get(), take_ownership)); @@ -9448,12 +9448,12 @@ ASSERT_EQ(5, BIO_read(client_bio.get(), buf, sizeof(buf))); EXPECT_EQ(Bytes("world"), Bytes(buf)); - // |BIO_should_read| should work. + // `BIO_should_read` should work. EXPECT_EQ(-1, BIO_read(client_bio.get(), buf, sizeof(buf))); EXPECT_TRUE(BIO_should_read(client_bio.get())); // Writing data should eventually exceed the buffer size and fail, reporting - // |BIO_should_write|. + // `BIO_should_write`. int ret; for (int i = 0; i < 1024; i++) { const uint8_t kZeros[1024] = {0}; @@ -9499,7 +9499,7 @@ EXPECT_EQ(Bytes(expected), Bytes(observed_alpn)); }; - // Note that |SSL_CTX_set_alpn_protos|'s return value is reversed. + // Note that `SSL_CTX_set_alpn_protos`'s return value is reversed. static const uint8_t kValidList[] = {0x03, 'f', 'o', 'o', 0x03, 'b', 'a', 'r'}; EXPECT_EQ(0, @@ -9765,7 +9765,7 @@ EXPECT_FALSE(SSL_CTX_use_certificate(ctx.get(), bad.get())); } -// Test that |SSL_can_release_private_key| reports true as early as expected. +// Test that `SSL_can_release_private_key` reports true as early as expected. // The internal asserts in the library check we do not report true too early. TEST(SSLTest, CanReleasePrivateKey) { bssl::UniquePtr<SSL_CTX> client_ctx = @@ -9776,8 +9776,8 @@ AcceptAnyCertificate); // Note this assumes the transport buffer is large enough to fit the client - // and server first flights. We check this with |SSL_ERROR_WANT_READ|. If the - // transport buffer was too small it would return |SSL_ERROR_WANT_WRITE|. + // and server first flights. We check this with `SSL_ERROR_WANT_READ`. If the + // transport buffer was too small it would return `SSL_ERROR_WANT_WRITE`. auto check_first_server_round_trip = [&](SSL *client, SSL *server) { // Write the ClientHello. ASSERT_EQ(-1, SSL_do_handshake(client)); @@ -9874,9 +9874,9 @@ } } -// GetExtensionOrder sets |*out| to the list of extensions a client attached to -// |ctx| will send in the ClientHello. If |ech_keys| is non-null, the client -// will offer ECH with the public component. If |decrypt_ech| is true, |*out| +// GetExtensionOrder sets `*out` to the list of extensions a client attached to +// `ctx` will send in the ClientHello. If `ech_keys` is non-null, the client +// will offer ECH with the public component. If `decrypt_ech` is true, `*out` // will be set to the ClientHelloInner's extensions, rather than // ClientHelloOuter. static bool GetExtensionOrder(SSL_CTX *client_ctx, std::vector<uint16_t> *out, @@ -9899,7 +9899,7 @@ } // Configure the server to record the ClientHello extension order. We use a - // server rather than |GetClientHello| so it can decrypt ClientHelloInner. + // server rather than `GetClientHello` so it can decrypt ClientHelloInner. SSL_CTX_set_select_certificate_cb( server_ctx.get(), [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t { @@ -10230,7 +10230,7 @@ ASSERT_TRUE(bio); ASSERT_TRUE(SSL_add_bio_cert_subjects_to_stack(stack.get(), bio.get())); - // The function should have left |stack|'s comparison function alone. + // The function should have left `stack`'s comparison function alone. EXPECT_EQ(nullptr, sk_X509_NAME_set_cmp_func(stack.get(), nullptr)); std::vector<std::vector<uint8_t>> expected = t.expected, result; @@ -10242,7 +10242,7 @@ OPENSSL_free(der); } - // |SSL_add_bio_cert_subjects_to_stack| does not return the output in a + // `SSL_add_bio_cert_subjects_to_stack` does not return the output in a // well-defined order. std::sort(expected.begin(), expected.end()); std::sort(result.begin(), result.end()); @@ -10333,7 +10333,7 @@ EXPECT_EQ(sk_X509_num(chain), 0u); } - // If there is already a chain, |SSL_CTX_use_certificate_chain_file| should + // If there is already a chain, `SSL_CTX_use_certificate_chain_file` should // clear it, not append to it. (Run the function twice.) { TemporaryFile file; @@ -10548,12 +10548,12 @@ // We defer NewSessionTicket to the first write, so the server has a pending // NewSessionTicket. See https://boringssl-review.googlesource.com/34948. This // means an empty write will flush the ticket. However, the transport only - // allows one byte through, so this will fail with |SSL_ERROR_WANT_WRITE|. + // allows one byte through, so this will fail with `SSL_ERROR_WANT_WRITE`. int ret = SSL_write(server.get(), nullptr, 0); ASSERT_EQ(ret, -1); ASSERT_EQ(SSL_get_error(server.get(), ret), SSL_ERROR_WANT_WRITE); - // Attempting to write non-zero data should not trip |SSL_R_BAD_WRITE_RETRY|. + // Attempting to write non-zero data should not trip `SSL_R_BAD_WRITE_RETRY`. const uint8_t kData[] = {'h', 'e', 'l', 'l', 'o'}; ret = SSL_write(server.get(), kData, sizeof(kData)); ASSERT_EQ(ret, -1); @@ -10580,9 +10580,9 @@ ASSERT_EQ(Bytes(buf, ret), Bytes(kData)); } -// Test that |SSL_ERROR_SYSCALL| continues to work after a close_notify. +// Test that `SSL_ERROR_SYSCALL` continues to work after a close_notify. TEST(SSLTest, ErrorSyscallAfterCloseNotify) { - // Make a custom |BIO| where writes fail, but without pushing to the error + // Make a custom `BIO` where writes fail, but without pushing to the error // queue. bssl::UniquePtr<BIO_METHOD> method(BIO_meth_new(0, nullptr)); ASSERT_TRUE(method); @@ -10610,11 +10610,11 @@ ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(), server_ctx.get())); - // Replace the write |BIO| with |wbio_silent_error|. + // Replace the write `BIO` with `wbio_silent_error`. SSL_set0_wbio(client.get(), wbio_silent_error.release()); // Writes should fail. There is nothing in the error queue, so - // |SSL_ERROR_SYSCALL| indicates the caller needs to check out-of-band. + // `SSL_ERROR_SYSCALL` indicates the caller needs to check out-of-band. const uint8_t data[1] = {0}; int ret = SSL_write(client.get(), data, sizeof(data)); EXPECT_EQ(ret, -1); @@ -10624,7 +10624,7 @@ // Send a close_notify from the server. It should return 0 because // close_notify was sent, but not received. Confusingly, this is a success - // output for |SSL_shutdown|'s API. + // output for `SSL_shutdown`'s API. EXPECT_EQ(SSL_shutdown(server.get()), 0); // Read the close_notify on the client. @@ -10633,13 +10633,13 @@ EXPECT_EQ(ret, 0); EXPECT_EQ(SSL_get_error(client.get(), ret), SSL_ERROR_ZERO_RETURN); - // Further calls to |SSL_read| continue to report |SSL_ERROR_ZERO_RETURN|. + // Further calls to `SSL_read` continue to report `SSL_ERROR_ZERO_RETURN`. ret = SSL_read(client.get(), buf, sizeof(buf)); EXPECT_EQ(ret, 0); EXPECT_EQ(SSL_get_error(client.get(), ret), SSL_ERROR_ZERO_RETURN); // Although the client has seen close_notify, it should continue to report - // |SSL_ERROR_SYSCALL| when its writes fail. + // `SSL_ERROR_SYSCALL` when its writes fail. ret = SSL_write(client.get(), data, sizeof(data)); EXPECT_EQ(ret, -1); EXPECT_EQ(SSL_get_error(client.get(), ret), SSL_ERROR_SYSCALL); @@ -10647,8 +10647,8 @@ write_failed = false; } -// Test that |SSL_shutdown|, when quiet shutdown is enabled, simulates receiving -// a close_notify, down to |SSL_read| reporting |SSL_ERROR_ZERO_RETURN|. +// Test that `SSL_shutdown`, when quiet shutdown is enabled, simulates receiving +// a close_notify, down to `SSL_read` reporting `SSL_ERROR_ZERO_RETURN`. TEST(SSLTest, QuietShutdown) { bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())); bssl::UniquePtr<SSL_CTX> server_ctx = @@ -10662,7 +10662,7 @@ ASSERT_TRUE(ConnectClientAndServer(&client, &server, client_ctx.get(), server_ctx.get())); - // Quiet shutdown is enabled, so |SSL_shutdown| on the server should + // Quiet shutdown is enabled, so `SSL_shutdown` on the server should // immediately return that bidirectional shutdown "completed". EXPECT_EQ(SSL_shutdown(server.get()), 1); @@ -10671,7 +10671,7 @@ // Confirm no close notify was actually sent. Client reads should report a // transport EOF, not a close_notify. (Both have zero return, but - // |SSL_get_error| is different.) + // `SSL_get_error` is different.) char buf[1]; int ret = SSL_read(client.get(), buf, sizeof(buf)); EXPECT_EQ(ret, 0); @@ -10797,7 +10797,7 @@ EXPECT_FALSE(SSL_get_privatekey(ssl1.get())); EXPECT_FALSE(SSL_get_privatekey(ssl2.get())); - // Configuring the private key on |ssl1| works. + // Configuring the private key on `ssl1` works. ASSERT_TRUE(SSL_use_PrivateKey(ssl1.get(), key.get())); EXPECT_TRUE(SSL_get_privatekey(ssl1.get())); @@ -10871,7 +10871,7 @@ ASSERT_TRUE(SSL_CTX_set1_chain(ctx, chain.get())); } - // In each of these cases, |SSL_CTX_check_private_key| should report the + // In each of these cases, `SSL_CTX_check_private_key` should report the // certificate was not configured. EXPECT_FALSE(SSL_CTX_check_private_key(ctx)); ERR_clear_error(); @@ -11028,7 +11028,7 @@ bool server_ivs_ok = SSL_get_ivs(server_.get(), &server_read_iv, &server_write_iv, &server_iv_len); - // Only TLS 1.0 should support |SSL_get_ivs|. Other cases should cleanly + // Only TLS 1.0 should support `SSL_get_ivs`. Other cases should cleanly // fail this operation. if (version() == TLS1_VERSION) { ASSERT_TRUE(client_ivs_ok); @@ -11092,8 +11092,8 @@ EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_SSL, SSL_R_WRONG_VERSION_ON_EARLY_DATA)); - // |SSL_version| should continue reporting self-consistent state until the - // caller calls |SSL_reset_early_data_reject|. + // `SSL_version` should continue reporting self-consistent state until the + // caller calls `SSL_reset_early_data_reject`. // // TLS 1.3 to TLS 1.2 is not the most interesting version-related 0-RTT // rejection because it is fatal to the connection anyway. Once there are two @@ -11196,19 +11196,19 @@ ASSERT_EQ(ret, 1); } - // The retransmit should have failed with |SSL_R_READ_TIMEOUT_EXPIRED|. + // The retransmit should have failed with `SSL_R_READ_TIMEOUT_EXPIRED`. EXPECT_EQ(SSL_get_error(client.get(), -1), SSL_ERROR_SSL); EXPECT_TRUE( ErrorEquals(ERR_get_error(), ERR_LIB_SSL, SSL_R_READ_TIMEOUT_EXPIRED)); // There should not continue to be a timeout. Otherwise, a caller that forgets - // to check |DTLSv1_handle_timeout|'s error will infinite loop. See + // to check `DTLSv1_handle_timeout`'s error will infinite loop. See // https://crbug.com/42224241. timeval timeout; EXPECT_FALSE(DTLSv1_get_timeout(client.get(), &timeout)); - // The error should also be returned from |SSL_do_handshake|. This ensures - // that, if the caller missed the return from |DTLSv1_handle_timeout|, it will + // The error should also be returned from `SSL_do_handshake`. This ensures + // that, if the caller missed the return from `DTLSv1_handle_timeout`, it will // be picked up from a more normal codepath. EXPECT_EQ(SSL_do_handshake(client.get()), -1); EXPECT_EQ(SSL_get_error(client.get(), -1), SSL_ERROR_SSL);
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc index 565f030..b5d8f6b 100644 --- a/ssl/ssl_versions.cc +++ b/ssl/ssl_versions.cc
@@ -114,7 +114,7 @@ static uint16_t wire_version_to_api(uint16_t version) { return version; } -// api_version_to_wire maps |version| to some representative wire version. +// api_version_to_wire maps `version` to some representative wire version. static bool api_version_to_wire(uint16_t *out, uint16_t version) { // Check it is a real protocol version. uint16_t unused; @@ -172,7 +172,7 @@ bool ssl_get_version_range(const SSL_HANDSHAKE *hs, uint16_t *out_min_version, uint16_t *out_max_version) { - // For historical reasons, |SSL_OP_NO_DTLSv1| aliases |SSL_OP_NO_TLSv1|, but + // For historical reasons, `SSL_OP_NO_DTLSv1` aliases `SSL_OP_NO_TLSv1`, but // DTLS 1.0 should be mapped to TLS 1.1. uint32_t options = hs->ssl->options; if (SSL_is_dtls(hs->ssl)) { @@ -196,7 +196,7 @@ min_version = TLS1_3_VERSION; } - // The |SSL_OP_NO_*| flags disable individual protocols. This has two + // The `SSL_OP_NO_*` flags disable individual protocols. This has two // problems. First, prior to TLS 1.3, the protocol can only express a // contiguous range of versions. Second, a library consumer trying to set a // maximum version cannot disable protocol versions that get added in a future @@ -247,7 +247,7 @@ // In early data, we report the predicted version. Note it is possible that we // have a predicted version and a *different* true version. This means 0-RTT // has been rejected, but until the reject has reported to the application and - // applied with |SSL_reset_early_data_reject|, we continue reporting a + // applied with `SSL_reset_early_data_reject`, we continue reporting a // self-consistent connection. if (SSL_in_early_data(ssl) && !ssl->server) { return ssl->s3->hs->early_session->ssl_version; @@ -269,7 +269,7 @@ assert(ssl->s3->version != 0); uint16_t version; if (!ssl_protocol_version_from_wire(&version, ssl->s3->version)) { - // |ssl->s3->version| will always be set to a valid version. + // `ssl->s3->version` will always be set to a valid version. assert(0); return 0; } @@ -313,7 +313,7 @@ // JDK 11, prior to 11.0.2, has a buggy TLS 1.3 implementation which fails // to send SNI when offering 1.3 sessions. Disable TLS 1.3 for such - // clients. We apply this logic here rather than |ssl_supports_version| so + // clients. We apply this logic here rather than `ssl_supports_version` so // the downgrade signal continues to query the true capabilities. (The // workaround is a limitation of the peer's capabilities rather than our // own.)
diff --git a/ssl/ssl_x509.cc b/ssl/ssl_x509.cc index 4ac2460..9e616a5 100644 --- a/ssl/ssl_x509.cc +++ b/ssl/ssl_x509.cc
@@ -32,21 +32,21 @@ BSSL_NAMESPACE_BEGIN -// check_ssl_x509_method asserts that |ssl| has the X509-based method -// installed. Calling an X509-based method on an |ssl| with a different method +// check_ssl_x509_method asserts that `ssl` has the X509-based method +// installed. Calling an X509-based method on an `ssl` with a different method // will likely misbehave and possibly crash or leak memory. static void check_ssl_x509_method(const SSL *ssl) { assert(ssl == nullptr || ssl->ctx->x509_method == &ssl_crypto_x509_method); } -// check_ssl_ctx_x509_method acts like |check_ssl_x509_method|, but for an -// |SSL_CTX|. +// check_ssl_ctx_x509_method acts like `check_ssl_x509_method`, but for an +// `SSL_CTX`. static void check_ssl_ctx_x509_method(const SSLContext *ctx) { assert(ctx == nullptr || ctx->x509_method == &ssl_crypto_x509_method); } -// x509_to_buffer returns a |CRYPTO_BUFFER| that contains the serialised -// contents of |x509|. +// x509_to_buffer returns a `CRYPTO_BUFFER` that contains the serialised +// contents of `x509`. static UniquePtr<CRYPTO_BUFFER> x509_to_buffer(X509 *x509) { uint8_t *buf = nullptr; int cert_len = i2d_X509(x509, &buf); @@ -70,10 +70,10 @@ cert->x509_chain = nullptr; } -// ssl_cert_set1_chain sets elements 1.. of |cert->chain| to the serialised -// forms of elements of |chain|. It returns one on success or zero on error, in -// which case no change to |cert->chain| is made. It preserves the existing -// leaf from |cert->chain|, if any. +// ssl_cert_set1_chain sets elements 1.. of `cert->chain` to the serialised +// forms of elements of `chain`. It returns one on success or zero on error, in +// which case no change to `cert->chain` is made. It preserves the existing +// leaf from `cert->chain`, if any. static bool ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain) { cert->legacy_credential->ClearIntermediateCerts(); for (X509 *x509 : chain) { @@ -132,7 +132,7 @@ } if (sess->is_server) { // chain_without_leaf is only needed for server sessions. See - // |SSL_get_peer_cert_chain|. + // `SSL_get_peer_cert_chain`. chain_without_leaf.reset(sk_X509_new_null()); if (!chain_without_leaf) { return false; @@ -257,7 +257,7 @@ session->verify_result = X509_STORE_CTX_get_error(ctx.get()); - // If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result. + // If `SSL_VERIFY_NONE`, the error is non-fatal, but we keep the result. if (verify_ret <= 0 && hs->config->verify_mode != SSL_VERIFY_NONE) { *out_alert = SSL_alert_from_verify_result(session->verify_result); return false; @@ -609,8 +609,8 @@ return ssl_use_certificate(ctx_impl->cert.get(), x); } -// ssl_cert_cache_leaf_cert sets |cert->x509_leaf|, if currently NULL, from the -// first element of |cert->chain|. +// ssl_cert_cache_leaf_cert sets `cert->x509_leaf`, if currently NULL, from the +// first element of `cert->chain`. static int ssl_cert_cache_leaf_cert(CERT *cert) { assert(cert->x509_method); @@ -763,8 +763,8 @@ return SSL_set0_chain(ssl, nullptr); } -// ssl_cert_cache_chain_certs fills in |cert->x509_chain| from elements 1.. of -// |cert->chain|. +// ssl_cert_cache_chain_certs fills in `cert->x509_chain` from elements 1.. of +// `cert->chain`. static int ssl_cert_cache_chain_certs(CERT *cert) { assert(cert->x509_method); @@ -940,9 +940,9 @@ } // For historical reasons, this function is used both to query configuration // state on a server as well as handshake state on a client. However, whether - // |ssl| is a client or server is not known until explicitly configured with - // |SSL_set_connect_state|. If |do_handshake| is NULL, |ssl| is in an - // indeterminate mode and |ssl->server| is unset. + // `ssl` is a client or server is not known until explicitly configured with + // `SSL_set_connect_state`. If `do_handshake` is NULL, `ssl` is in an + // indeterminate mode and `ssl->server` is unset. if (ssl->do_handshake != nullptr && !ssl->server) { if (ssl->s3->hs != nullptr) { return buffer_names_to_x509(ssl->s3->hs->ca_names.get(), @@ -964,7 +964,7 @@ auto *ctx_impl = FromOpaque(ctx); check_ssl_ctx_x509_method(ctx_impl); // This is a logically const operation that may be called on multiple threads, - // so it needs to lock around updating |cached_x509_client_CA|. + // so it needs to lock around updating `cached_x509_client_CA`. MutexWriteLock lock(&ctx_impl->lock); return buffer_names_to_x509( ctx_impl->client_CA.get(), @@ -1084,9 +1084,9 @@ } int SSL_get_ex_data_X509_STORE_CTX_idx() { - // The ex_data index to go from |X509_STORE_CTX| to |SSL| always uses the + // The ex_data index to go from `X509_STORE_CTX` to `SSL` always uses the // reserved app_data slot. Before ex_data was introduced, app_data was used. - // Avoid breaking any software which assumes |X509_STORE_CTX_get_app_data| + // Avoid breaking any software which assumes `X509_STORE_CTX_get_app_data` // works. return 0; }
diff --git a/ssl/t1_enc.cc b/ssl/t1_enc.cc index f0c25d0..7c691dc 100644 --- a/ssl/t1_enc.cc +++ b/ssl/t1_enc.cc
@@ -60,7 +60,7 @@ *out_key_len = EVP_AEAD_key_length(aead); if (*out_mac_secret_len > 0) { // For "stateful" AEADs (i.e. compatibility with pre-AEAD cipher suites) the - // key length reported by |EVP_AEAD_key_length| will include the MAC key + // key length reported by `EVP_AEAD_key_length` will include the MAC key // bytes and initial implicit IV. if (*out_key_len < *out_mac_secret_len + *out_iv_len) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); @@ -75,8 +75,8 @@ static bool generate_key_block(const SSL *ssl, Span<uint8_t> out, const SSL_SESSION *session) { const EVP_MD *digest = ssl_session_get_digest(session); - // Note this function assumes that |session|'s key material corresponds to - // |ssl->s3->client_random| and |ssl->s3->server_random|. + // Note this function assumes that `session`'s key material corresponds to + // `ssl->s3->client_random` and `ssl->s3->server_random`. return tls1_prf(digest, out, session->secret, "key expansion", ssl->s3->server_random, ssl->s3->client_random); } @@ -91,7 +91,7 @@ return false; } - // Ensure that |key_block_cache| is set up. + // Ensure that `key_block_cache` is set up. const size_t key_block_size = 2 * (mac_secret_len + key_len + iv_len); if (key_block_cache->empty()) { if (!key_block_cache->InitForOverwrite(key_block_size) || @@ -173,7 +173,7 @@ using namespace bssl; size_t SSL_get_key_block_len(const SSL *ssl) { - // See |SSL_generate_key_block|. + // See `SSL_generate_key_block`. if (SSL_in_init(ssl) || ssl_protocol_version(ssl) > TLS1_2_VERSION) { return 0; }
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 9f3baa9..daf166b 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc
@@ -205,8 +205,8 @@ return sock; } -// DoRead reads from |ssl|, resolving any asynchronous operations. It returns -// the result value of the final |SSL_read| call. +// DoRead reads from `ssl`, resolving any asynchronous operations. It returns +// the result value of the final `SSL_read` call. static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) { const TestConfig *config = GetTestConfig(ssl); TestState *test_state = GetTestState(ssl); @@ -253,8 +253,8 @@ return ret; } -// WriteAll writes |in_len| bytes from |in| to |ssl|, resolving any asynchronous -// operations. It returns the result of the final |SSL_write| call. +// WriteAll writes `in_len` bytes from `in` to `ssl`, resolving any asynchronous +// operations. It returns the result of the final `SSL_write` call. static int WriteAll(SSL *ssl, const void *in_, size_t in_len) { TestState *test_state = GetTestState(ssl); const uint8_t *in = reinterpret_cast<const uint8_t *>(in_); @@ -275,8 +275,8 @@ return ret; } -// DoShutdown calls |SSL_shutdown|, resolving any asynchronous operations. It -// returns the result of the final |SSL_shutdown| call. +// DoShutdown calls `SSL_shutdown`, resolving any asynchronous operations. It +// returns the result of the final `SSL_shutdown` call. static int DoShutdown(SSL *ssl) { int ret; do { @@ -285,8 +285,8 @@ return ret; } -// DoSendFatalAlert calls |SSL_send_fatal_alert|, resolving any asynchronous -// operations. It returns the result of the final |SSL_send_fatal_alert| call. +// DoSendFatalAlert calls `SSL_send_fatal_alert`, resolving any asynchronous +// operations. It returns the result of the final `SSL_send_fatal_alert` call. static int DoSendFatalAlert(SSL *ssl, uint8_t alert) { int ret; do { @@ -318,7 +318,7 @@ } // CheckAuthProperties checks, after the initial handshake is completed or -// after a renegotiation, that authentication-related properties match |config|. +// after a renegotiation, that authentication-related properties match `config`. static bool CheckAuthProperties(SSL *ssl, bool is_resume, const TestConfig *config) { if (!config->expect_ocsp_response.empty()) { @@ -439,7 +439,7 @@ CredentialConfigType::kPreSharedKey; } -// CheckHandshakeProperties checks, immediately after |ssl| completes its +// CheckHandshakeProperties checks, immediately after `ssl` completes its // initial handshake (or False Starts), whether all the properties are // consistent with the test configuration and invariants. static bool CheckHandshakeProperties(SSL *ssl, bool is_resume, @@ -531,7 +531,7 @@ } // On the server, the protocol selected in the ALPN callback must be echoed - // out of |SSL_get0_alpn_selected|. On the client, it should report what the + // out of `SSL_get0_alpn_selected`. On the client, it should report what the // test expected. const std::string &expect_alpn = config->is_server ? config->select_alpn : config->expect_alpn; @@ -793,8 +793,8 @@ SettingsWriter *writer); // DoConnection tests an SSL connection against the peer. On success, it returns -// true and sets |*out_session| to the negotiated SSL session. If the test is a -// resumption attempt, |is_resume| is true and |session| is the session from the +// true and sets `*out_session` to the negotiated SSL session. If the test is a +// resumption attempt, `is_resume` is true and `session` is the session from the // previous exchange. static bool DoConnection(bssl::UniquePtr<SSL_SESSION> *out_session, SSL_CTX *ssl_ctx, const TestConfig *config, @@ -832,8 +832,8 @@ // failures in the test runner. sock.set_drain_on_close(true); - // Windows uses |SOCKET| for socket types, but OpenSSL's API requires casting - // them to |int|. + // Windows uses `SOCKET` for socket types, but OpenSSL's API requires casting + // them to `int`. bssl::UniquePtr<BIO> bio( BIO_new_socket(static_cast<int>(sock.get()), BIO_NOCLOSE)); if (!bio) { @@ -925,7 +925,7 @@ ret = DoExchange(out_session, &ssl, retry_config, is_resume, true, writer); } - // An ECH rejection appears as a failed connection. Note |ssl| may use a + // An ECH rejection appears as a failed connection. Note `ssl` may use a // different config on ECH rejection. if (config->expect_no_ech_retry_configs || !config->expect_ech_retry_configs.empty()) { @@ -947,7 +947,7 @@ SSL_get0_ech_retry_configs(ssl.get(), &retry_configs, &retry_configs_len); if (bssl::Span(retry_configs, retry_configs_len) != expected) { fprintf(stderr, "ECH retry configs did not match expectations.\n"); - // Clear the error queue. Otherwise |SSL_R_ECH_REJECTED| will be printed + // Clear the error queue. Otherwise `SSL_R_ECH_REJECTED` will be printed // to stderr and the test framework will think the test had the expected // expectations. ERR_clear_error(); @@ -956,7 +956,7 @@ } if (!ret) { - // Print the |SSL_get_error| code. Otherwise, some failures are silent and + // Print the `SSL_get_error` code. Otherwise, some failures are silent and // hard to debug. int ssl_err = SSL_get_error(ssl.get(), -1); if (ssl_err != SSL_ERROR_NONE) { @@ -1038,7 +1038,7 @@ } } - // Skip the |config->async| logic as this should be a no-op. + // Skip the `config->async` logic as this should be a no-op. if (config->no_op_extra_handshake && SSL_do_handshake(ssl) != 1) { fprintf(stderr, "Extra SSL_do_handshake was not a no-op.\n"); return false; @@ -1058,9 +1058,9 @@ return false; } // Run the handshake until the specified message. Note that, if a - // handshake record contains multiple messages, |SSL_do_handshake| usually + // handshake record contains multiple messages, `SSL_do_handshake` usually // processes both atomically. The test must ensure there is a record - // boundary after the desired message. Checking |last_message_received| + // boundary after the desired message. Checking `last_message_received` // confirms this. do { ret = SSL_do_handshake(ssl); @@ -1323,7 +1323,7 @@ ret = DoShutdown(ssl); if (config->shim_shuts_down && config->check_close_notify) { - // We initiate shutdown, so |SSL_shutdown| will return in two stages. First + // We initiate shutdown, so `SSL_shutdown` will return in two stages. First // it returns zero when our close_notify is sent, then one when the peer's // is received. if (ret != 0) {
diff --git a/ssl/test/handshake_util.cc b/ssl/test/handshake_util.cc index 22a2071..6a5502e 100644 --- a/ssl/test/handshake_util.cc +++ b/ssl/test/handshake_util.cc
@@ -138,7 +138,7 @@ #if defined(HANDSHAKER_SUPPORTED) -// MoveBIOs moves the |BIO|s of |src| to |dst|. It is used for handoff. +// MoveBIOs moves the `BIO`s of `src` to `dst`. It is used for handoff. static void MoveBIOs(SSL *dest, SSL *src) { BIO *rbio = SSL_get_rbio(src); BIO_up_ref(rbio); @@ -180,7 +180,7 @@ return ret; } -// Proxy relays data between |socket|, which is connected to the client, and the +// Proxy relays data between `socket`, which is connected to the client, and the // handshaker, which is connected to the numerically specified file descriptors, // until the handshaker returns control. static bool Proxy(BIO *socket, bool async, int control, int rfd, int wfd) { @@ -381,10 +381,10 @@ }; // StartHandshaker starts the handshaker process and, on success, returns a -// handle to the process in |*out|. It sets |*out_control| to a control pipe to -// the process. |map_fds| maps from desired fd number in the child process to -// the source fd in the calling process. |close_fds| is the list of additional -// fds to close, which may overlap with |map_fds|. Other than stdin, stdout, and +// handle to the process in `*out`. It sets `*out_control` to a control pipe to +// the process. `map_fds` maps from desired fd number in the child process to +// the source fd in the calling process. `close_fds` is the list of additional +// fds to close, which may overlap with `map_fds`. Other than stdin, stdout, and // stderr, the status of fds not listed in either set is undefined. static bool StartHandshaker(ScopedProcess *out, ScopedFD *out_control, const TestConfig *config, bool is_resume, @@ -438,9 +438,9 @@ max_fd = std::max(max_fd, pair.first); max_fd = std::max(max_fd, pair.second); } - // |map_fds| may contain cycles, so make a copy of all the source fds. - // |posix_spawn| can only use |dup2|, not |dup|, so we assume |max_fd| is - // the last fd we care about inheriting. |temp_fds| maps from fd number in + // `map_fds` may contain cycles, so make a copy of all the source fds. + // `posix_spawn` can only use `dup2`, not `dup`, so we assume `max_fd` is + // the last fd we care about inheriting. `temp_fds` maps from fd number in // the parent process to a temporary fd number in the child process. std::map<int, int> temp_fds; int next_fd = max_fd + 1; @@ -473,7 +473,7 @@ fflush(stdout); fflush(stderr); - // MSan doesn't know that |posix_spawn| initializes its output, so initialize + // MSan doesn't know that `posix_spawn` initializes its output, so initialize // it to -1. pid_t pid = -1; if (posix_spawn(&pid, args[0], &actions, nullptr, @@ -486,8 +486,8 @@ return true; } -// RunHandshaker forks and execs the handshaker binary, handing off |input|, -// and, after proxying some amount of handshake traffic, handing back |out|. +// RunHandshaker forks and execs the handshaker binary, handing off `input`, +// and, after proxying some amount of handshake traffic, handing back `out`. static bool RunHandshaker(BIO *bio, const TestConfig *config, bool is_resume, Span<const uint8_t> input, std::vector<uint8_t> *out) { @@ -500,8 +500,8 @@ // // To avoid this, this process never proxies data to the handshaker that the // handshaker has not explicitly requested as a result of hitting - // |SSL_ERROR_WANT_READ|. Pipes allow the data to sit in a buffer while the - // two processes synchronize over the |control| channel. + // `SSL_ERROR_WANT_READ`. Pipes allow the data to sit in a buffer while the + // two processes synchronize over the `control` channel. if (pipe(rfd) != 0) { perror("pipe"); return false; @@ -613,7 +613,7 @@ return true; } -// PrepareHandoff accepts the |ClientHello| from |ssl| and serializes state to +// PrepareHandoff accepts the `ClientHello` from `ssl` and serializes state to // be passed to the handshaker. The serialized state includes both the SSL // handoff, as well test-related state. static bool PrepareHandoff(SSL *ssl, SettingsWriter *writer, @@ -651,8 +651,8 @@ // DoSplitHandshake delegates the SSL handshake to a separate process, called // the handshaker. This process proxies I/O between the handshaker and the -// client, using the |BIO| from |ssl|. After a successful handshake, |ssl| is -// replaced with a new |SSL| object, in a way that is intended to be invisible +// client, using the `BIO` from `ssl`. After a successful handshake, `ssl` is +// replaced with a new `SSL` object, in a way that is intended to be invisible // to the caller. bool DoSplitHandshake(UniquePtr<SSL> *ssl, SettingsWriter *writer, bool is_resume) { @@ -660,7 +660,7 @@ std::vector<uint8_t> handshaker_input; const TestConfig *config = GetTestConfig(ssl->get()); // out is the response from the handshaker, which includes a serialized - // handback message, but also serialized updates to the |TestState|. + // handback message, but also serialized updates to the `TestState`. std::vector<uint8_t> out; if (!PrepareHandoff(ssl->get(), writer, &handshaker_input) || !RunHandshaker(SSL_get_rbio(ssl->get()), config, is_resume,
diff --git a/ssl/test/handshaker.cc b/ssl/test/handshaker.cc index 6121fc1..0104de6 100644 --- a/ssl/test/handshaker.cc +++ b/ssl/test/handshaker.cc
@@ -66,8 +66,8 @@ return false; } - // Set |O_NONBLOCK| in order to break out of the loop when we hit - // |SSL_ERROR_WANT_READ|, so that we can send |kControlMsgWantRead| to the + // Set `O_NONBLOCK` in order to break out of the loop when we hit + // `SSL_ERROR_WANT_READ`, so that we can send `kControlMsgWantRead` to the // proxy. if (fcntl(rfd, F_SETFL, O_NONBLOCK) != 0) { perror("fcntl"); @@ -161,7 +161,7 @@ return false; } - // TODO(davidben): When split handshakes is replaced, move this into |NewSSL|. + // TODO(davidben): When split handshakes is replaced, move this into `NewSSL`. assert(config->is_server); SSL_set_accept_state(ssl.get());
diff --git a/ssl/test/packeted_bio.cc b/ssl/test/packeted_bio.cc index b30e384..ee407ef 100644 --- a/ssl/test/packeted_bio.cc +++ b/ssl/test/packeted_bio.cc
@@ -69,7 +69,7 @@ return static_cast<PacketedBio *>(BIO_get_data(bio)); } -// ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and +// ReadAll reads `len` bytes from `bio` into `out`. It returns 1 on success and // 0 or -1 on error. static int ReadAll(BIO *bio, bssl::Span<uint8_t> out) { while (!out.empty()) { @@ -231,7 +231,7 @@ data->interrupt = [=] { DTLSv1_set_initial_timeout_duration(data->ssl, duration_ms); // A real caller is expected to immediately check the new timeout and - // call |DTLSv1_handle_timeout| if the timeout is now expired. We do not + // call `DTLSv1_handle_timeout` if the timeout is now expired. We do not // this automatically, so that the test can send ExpectNextTimeout(0) // first. return true;
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc index 4078b28..f89a250 100644 --- a/ssl/test/test_config.cc +++ b/ssl/test/test_config.cc
@@ -93,7 +93,7 @@ bool StringToInt(T *out, const char *str) { static_assert(std::is_integral_v<T>, "not an integral type"); - // |strtoull| allows leading '-' with wraparound. Additionally, both + // `strtoull` allows leading '-' with wraparound. Additionally, both // functions accept empty strings and leading whitespace. if (!OPENSSL_isdigit(static_cast<unsigned char>(*str)) && (!std::is_signed_v<T> || *str != '-')) { @@ -667,9 +667,9 @@ return &*iter; } -// RemovePrefix checks if |*str| begins with |prefix| + "-". If so, it advances -// |*str| past |prefix| (but not past the "-") and returns true. Otherwise, it -// returns false and leaves |*str| unmodified. +// RemovePrefix checks if `*str` begins with `prefix` + "-". If so, it advances +// `*str` past `prefix` (but not past the "-") and returns true. Otherwise, it +// returns false and leaves `*str` unmodified. bool RemovePrefix(const char **str, const char *prefix) { size_t prefix_len = strlen(prefix); if (strncmp(*str, prefix, strlen(prefix)) == 0 && (*str)[prefix_len] == '-') { @@ -828,7 +828,7 @@ info.get())) { return false; } - info.release(); // |cred| takes ownership on success. + info.release(); // `cred` takes ownership on success. return true; } @@ -1035,8 +1035,8 @@ } static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { - // This callback is called as the handshake completes. |SSL_get_session| - // must continue to work and, historically, |SSL_in_init| returned false at + // This callback is called as the handshake completes. `SSL_get_session` + // must continue to work and, historically, `SSL_in_init` returned false at // this point. if (SSL_in_init(ssl) || SSL_get_session(ssl) == nullptr) { fprintf(stderr, "Invalid state for NewSessionCallback.\n"); @@ -1057,8 +1057,8 @@ abort(); } - // This callback is called when the handshake completes. |SSL_get_session| - // must continue to work and |SSL_in_init| must return false. + // This callback is called when the handshake completes. `SSL_get_session` + // must continue to work and `SSL_in_init` must return false. if (SSL_in_init(ssl) || SSL_get_session(ssl) == nullptr) { fprintf(stderr, "Invalid state for SSL_CB_HANDSHAKE_DONE.\n"); abort(); @@ -1314,7 +1314,7 @@ } } - // Write the signature into |test_state|. + // Write the signature into `test_state`. size_t len = 0; if (!EVP_DigestSign(ctx.get(), nullptr, &len, in, in_len)) { return ssl_private_key_failure; @@ -1370,7 +1370,7 @@ if (GetTestConfig(ssl)->async && test_state->private_key_retries < 2) { // Only return the decryption on the second attempt, to test both incomplete - // |sign|/|decrypt| and |complete|. + // `sign`/`decrypt` and `complete`. return ssl_private_key_retry; } @@ -2174,7 +2174,7 @@ } // These mock compression algorithms match the corresponding ones in - // |addCertCompressionTests|. + // `addCertCompressionTests`. if (!MaybeInstallCertCompressionAlg( this, ssl_ctx.get(), 0xff02, [](SSL *ssl, CBB *out, const uint8_t *in, size_t in_len) -> int { @@ -2571,7 +2571,7 @@ SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_once); } if (renegotiate_freely || forbid_renegotiation_after_handshake) { - // |forbid_renegotiation_after_handshake| will disable renegotiation later. + // `forbid_renegotiation_after_handshake` will disable renegotiation later. SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_freely); } if (renegotiate_ignore) {
diff --git a/ssl/test/test_state.cc b/ssl/test/test_state.cc index 37ce3da..fc33d58 100644 --- a/ssl/test/test_state.cc +++ b/ssl/test/test_state.cc
@@ -52,7 +52,7 @@ if (!InitGlobals()) { return false; } - // |SSL_set_ex_data| takes ownership of |state| only on success. + // `SSL_set_ex_data` takes ownership of `state` only on success. if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) { state.release(); return true;
diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc index fc7a11f..fb9d05e 100644 --- a/ssl/tls13_both.cc +++ b/ssl/tls13_both.cc
@@ -84,7 +84,7 @@ return false; } - // Note |context| includes the NUL byte separator. + // Note `context` includes the NUL byte separator. if (!CBB_add_bytes(cbb.get(), reinterpret_cast<const uint8_t *>(context.data()), context.size())) {
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc index c92bb27..f6272c9 100644 --- a/ssl/tls13_client.cc +++ b/ssl/tls13_client.cc
@@ -54,13 +54,13 @@ static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0}; -// end_of_early_data closes the early data stream for |hs| and switches the -// encryption level to |level|. It returns true on success and false on error. +// end_of_early_data closes the early data stream for `hs` and switches the +// encryption level to `level`. It returns true on success and false on error. static bool close_early_data(SSL_HANDSHAKE *hs, ssl_encryption_level_t level) { SSL *const ssl = hs->ssl; assert(hs->in_early_data); - // Note |can_early_write| may already be false if |SSL_write| exceeded the + // Note `can_early_write` may already be false if `SSL_write` exceeded the // early data write limit. hs->can_early_write = false; @@ -234,7 +234,7 @@ } // Determine which ClientHello the server is responding to. Run - // |check_ech_confirmation| unconditionally, so we validate the extension + // `check_ech_confirmation` unconditionally, so we validate the extension // contents. bool ech_accepted; if (!check_ech_confirmation(hs, &ech_accepted, &alert, server_hello)) { @@ -251,7 +251,7 @@ } // The ECH extension, if present, was already parsed by - // |check_ech_confirmation|. + // `check_ech_confirmation`. SSLExtension cookie(TLSEXT_TYPE_cookie), // If offering PAKE, we won't send key_share extensions and we should // reject key_share from the peer. Otherwise, it is valid to have sent an @@ -325,7 +325,7 @@ // Although we now know whether ClientHelloInner was used, we currently // maintain both transcripts up to ServerHello. We could swap transcripts - // early, but then ClientHello construction and |check_ech_confirmation| + // early, but then ClientHello construction and `check_ech_confirmation` // become more complex. if (!ssl_hash_message(hs, msg)) { return ssl_hs_error; @@ -366,7 +366,7 @@ static enum ssl_hs_wait_t do_send_second_client_hello(SSL_HANDSHAKE *hs) { // Build the second ClientHelloInner, if applicable. The second ClientHello - // uses an empty string for |enc|. + // uses an empty string for `enc`. if (hs->ssl->s3->ech_status == ssl_ech_accepted && !ssl_encrypt_client_hello(hs, {})) { return ssl_hs_error; @@ -475,7 +475,7 @@ hs->transcript = std::move(hs->inner_transcript); hs->extensions.sent = hs->inner_extensions_sent; - // Report the inner random value through |SSL_get_client_random|. + // Report the inner random value through `SSL_get_client_random`. OPENSSL_memcpy(ssl->s3->client_random, hs->inner_client_random, SSL3_RANDOM_SIZE); } @@ -641,8 +641,8 @@ // If currently sending early data over TCP, we defer installing client // traffic keys to when the early data stream is closed. See - // |close_early_data|. Note if the server has already rejected 0-RTT via - // HelloRetryRequest, |in_early_data| is already false. + // `close_early_data`. Note if the server has already rejected 0-RTT via + // HelloRetryRequest, `in_early_data` is already false. if (!hs->in_early_data || SSL_is_quic(ssl)) { if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_seal, hs->new_session.get(), @@ -690,7 +690,7 @@ assert(ssl->s3->session_reused); // If offering ECH, the server may not accept early data with // ClientHelloOuter. We do not offer sessions with ClientHelloOuter, so this - // this should be implied by checking |session_reused|. + // this should be implied by checking `session_reused`. assert(ssl->s3->ech_status != ssl_ech_rejected); if (hs->early_session->cipher != hs->new_session->cipher) { @@ -1218,7 +1218,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) { if (ssl->s3->write_shutdown != ssl_shutdown_none) { // Ignore tickets on shutdown. Callers tend to indiscriminately call - // |SSL_shutdown| before destroying an |SSL|, at which point calling the new + // `SSL_shutdown` before destroying an `SSL`, at which point calling the new // session callback may be confusing. return true; } @@ -1232,7 +1232,7 @@ if ((ssl->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) && ssl->session_ctx->new_session_cb != nullptr && ssl->session_ctx->new_session_cb(ssl, session.get())) { - // |new_session_cb|'s return value signals that it took ownership. + // `new_session_cb`'s return value signals that it took ownership. session.release(); }
diff --git a/ssl/tls13_enc.cc b/ssl/tls13_enc.cc index d03a76f..e0ae282 100644 --- a/ssl/tls13_enc.cc +++ b/ssl/tls13_enc.cc
@@ -153,8 +153,8 @@ } // derive_secret_with_transcript derives a secret of length -// |transcript.DigestLen()| and writes the result in |out| with the given label, -// the current base secret, and the state of |transcript|. It returns true on +// `transcript.DigestLen()` and writes the result in `out` with the given label, +// the current base secret, and the state of `transcript`. It returns true on // success and false on error. static bool derive_secret_with_transcript( const SSL_HANDSHAKE *hs, InplaceVector<uint8_t, SSL_MAX_MD_SIZE> *out, @@ -279,7 +279,7 @@ bool GenerateMask(Span<uint8_t> out, Span<const uint8_t> sample) override { // RFC 9147 section 4.2.3 uses the first 4 bytes of the sample as the // counter and the next 12 bytes as the nonce. If we have less than 4+12=16 - // bytes in the sample, then we'll read past the end of the |sample| buffer. + // bytes in the sample, then we'll read past the end of the `sample` buffer. // The counter is interpreted as little-endian per RFC 8439. if (sample.size() < 16) { return false; @@ -420,9 +420,9 @@ static const char kTLS13LabelFinished[] = "finished"; -// tls13_verify_data sets |out| to be the HMAC of |context| using a derived -// Finished key for both Finished messages and the PSK binder. |out| must have -// space available for |EVP_MAX_MD_SIZE| bytes. +// tls13_verify_data sets `out` to be the HMAC of `context` using a derived +// Finished key for both Finished messages and the PSK binder. `out` must have +// space available for `EVP_MAX_MD_SIZE` bytes. static bool tls13_verify_data(uint8_t *out, size_t *out_len, const EVP_MD *digest, Span<const uint8_t> secret, Span<const uint8_t> context, bool is_dtls) { @@ -704,7 +704,7 @@ // See RFC 9849, sections 7.2 and 7.2.1. static const uint8_t kZeros[EVP_MAX_MD_SIZE] = {0}; - // We hash |msg|, with bytes from |offset| zeroed. + // We hash `msg`, with bytes from `offset` zeroed. if (msg.size() < offset + ECH_CONFIRMATION_SIGNAL_LEN) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return false;
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index 4dabd57..730e5a4 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc
@@ -288,9 +288,9 @@ return false; } - // If we reach here then the credential requires a signature. If |cred| is a + // If we reach here then the credential requires a signature. If `cred` is a // delegated credential, this also checks that the peer supports delegated - // credentials and matched |dc_cert_verify_algorithm|. + // credentials and matched `dc_cert_verify_algorithm`. return tls1_choose_signature_algorithm(hs, cred, out_sigalg); } @@ -308,7 +308,7 @@ static bool check_pake_credential(SSL_HANDSHAKE *hs, const SSLCredential *cred) { assert(cred->type == SSLCredentialType::kSPAKE2PlusV1Server); - // Look for a client PAKE share that matches |cred|. + // Look for a client PAKE share that matches `cred`. if (hs->pake_share == nullptr || hs->pake_share->named_pake != SSL_PAKE_SPAKE2PLUSV1 || hs->pake_share->client_identity != Span(cred->client_identity) || @@ -559,7 +559,7 @@ assert(now.tv_sec >= session->time); uint64_t server_ticket_age = now.tv_sec - session->time; - // To avoid overflowing |hs->ticket_age_skew|, we will not resume + // To avoid overflowing `hs->ticket_age_skew`, we will not resume // 68-year-old sessions. if (server_ticket_age > INT32_MAX) { return ssl_ticket_aead_ignore_ticket; @@ -645,7 +645,7 @@ hs->can_release_private_key = !using_certificate(hs); - // Negotiate ALPS now, after ALPN is negotiated and |hs->new_session| is + // Negotiate ALPS now, after ALPN is negotiated and `hs->new_session` is // initialized. if (!ssl_negotiate_alps(hs, &alert, &client_hello)) { ssl_send_alert(ssl, SSL3_AL_FATAL, alert); @@ -719,7 +719,7 @@ } else if (need_hrr) { ssl->s3->early_data_reason = ssl_early_data_hello_retry_request; } else { - // |ssl_session_is_resumable| forbids cross-cipher resumptions even if the + // `ssl_session_is_resumable` forbids cross-cipher resumptions even if the // PRF hashes match. assert(hs->new_cipher == session->cipher); @@ -737,7 +737,7 @@ // The peer applications settings are usually received later, in // EncryptedExtensions. But, in 0-RTT handshakes, we carry over the - // values from |session|. Do this now, before |session| is discarded. + // values from `session`. Do this now, before `session` is discarded. if (ssl->s3->early_data_accepted && hs->new_session->has_application_settings && !hs->new_session->peer_application_settings.CopyFrom( @@ -947,7 +947,7 @@ return ssl_hs_error; } - // Reparse |client_hello| from the buffer owned by |hs|. + // Reparse `client_hello` from the buffer owned by `hs`. if (!hs->GetClientHello(&msg, &client_hello)) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return ssl_hs_error; @@ -955,7 +955,7 @@ } // We perform all our negotiation based on the first ClientHello (for - // consistency with what |select_certificate_cb| observed), which is in the + // consistency with what `select_certificate_cb` observed), which is in the // transcript, so we can ignore most of this second one. // // We do, however, check the second PSK binder. This covers the client key @@ -1046,7 +1046,7 @@ return ssl_hs_error; } - // Update |server_hello|. + // Update `server_hello`. auto server_hello_out = Span(server_hello).subspan(offset).first<ECH_CONFIRMATION_SIGNAL_LEN>(); OPENSSL_memcpy(server_hello_out.data(), random_suffix.data(), @@ -1171,7 +1171,7 @@ if (ssl->s3->early_data_accepted) { // If accepting 0-RTT, we send tickets half-RTT. This gets the tickets on - // the wire sooner and also avoids triggering a write on |SSL_read| when + // the wire sooner and also avoids triggering a write on `SSL_read` when // processing the client Finished. This requires computing the client // Finished early. See RFC 8446, section 4.6.1. static const uint8_t kEndOfEarlyData[4] = {SSL3_MT_END_OF_EARLY_DATA, 0, 0, @@ -1348,7 +1348,7 @@ // OpenSSL returns X509_V_OK when no certificates are requested. This is // classed by them as a bug, but it's assumed by at least NGINX. (Only do // this in full handshakes as resumptions should carry over the previous - // |verify_result|, though this is a no-op because servers do not + // `verify_result`, though this is a no-op because servers do not // implement the client's odd soft-fail mode.) hs->new_session->verify_result = X509_V_OK; }
diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc index 46e7a6c..b458f84 100644 --- a/ssl/tls_method.cc +++ b/ssl/tls_method.cc
@@ -29,7 +29,7 @@ // The handshake should have released its final message. assert(!ssl->s3->has_message); - // During the handshake, |hs_buf| is retained. Release if it there is no + // During the handshake, `hs_buf` is retained. Release if it there is no // excess in it. There should not be any excess because the handshake logic // rejects unprocessed data after each Finished message. Note this means we do // not allow a TLS 1.2 HelloRequest to be packed into the same record as @@ -58,7 +58,7 @@ return false; } - // QUIC only uses |ssl| for handshake messages, which never use early data + // QUIC only uses `ssl` for handshake messages, which never use early data // keys, so we return without installing anything. This avoids needing to // have two secrets active at once in 0-RTT. if (level == ssl_encryption_early_data) { @@ -87,7 +87,7 @@ return false; } - // QUIC only uses |ssl| for handshake messages, which never use early data + // QUIC only uses `ssl` for handshake messages, which never use early data // keys, so we return without installing anything. This avoids needing to // have two secrets active at once in 0-RTT. if (level == ssl_encryption_early_data) { @@ -103,7 +103,7 @@ static void tls_finish_flight(SSL *ssl) { // We don't track whether a flight is complete in TLS and instead always flush - // every queued message in |tls_flush|, whether the flight is complete or not. + // every queued message in `tls_flush`, whether the flight is complete or not. } static void tls_schedule_ack(SSL *ssl) {
diff --git a/ssl/tls_record.cc b/ssl/tls_record.cc index 83f5260..90c79f7 100644 --- a/ssl/tls_record.cc +++ b/ssl/tls_record.cc
@@ -44,7 +44,7 @@ // processed. static const uint8_t kMaxWarningAlerts = 4; -// ssl_needs_record_splitting returns one if |ssl|'s current outgoing cipher +// ssl_needs_record_splitting returns one if `ssl`'s current outgoing cipher // state needs record-splitting and zero otherwise. bool ssl_needs_record_splitting(const SSL *ssl) { return !CRYPTO_fuzzer_mode_enabled() && @@ -354,12 +354,12 @@ extra_in_len); } -// tls_seal_scatter_record seals a new record of type |type| and body |in| and -// splits it between |out_prefix|, |out|, and |out_suffix|. Exactly -// |tls_seal_scatter_prefix_len| bytes are written to |out_prefix|, |in_len| -// bytes to |out|, and |tls_seal_scatter_suffix_len| bytes to |out_suffix|. It +// tls_seal_scatter_record seals a new record of type `type` and body `in` and +// splits it between `out_prefix`, `out`, and `out_suffix`. Exactly +// `tls_seal_scatter_prefix_len` bytes are written to `out_prefix`, `in_len` +// bytes to `out`, and `tls_seal_scatter_suffix_len` bytes to `out_suffix`. It // returns one on success and zero on error. If enabled, -// |tls_seal_scatter_record| implements TLS 1.0 CBC 1/n-1 record splitting and +// `tls_seal_scatter_record` implements TLS 1.0 CBC 1/n-1 record splitting and // may write two records concatenated. static bool tls_seal_scatter_record(SSL *ssl, uint8_t *out_prefix, uint8_t *out, uint8_t *out_suffix, uint8_t type, @@ -369,7 +369,7 @@ assert(ssl->s3->aead_write_ctx->ExplicitNonceLen() == 0); const size_t prefix_len = SSL3_RT_HEADER_LENGTH; - // Write the 1-byte fragment into |out_prefix|. + // Write the 1-byte fragment into `out_prefix`. uint8_t *split_body = out_prefix + prefix_len; uint8_t *split_suffix = split_body + 1; @@ -388,8 +388,8 @@ ssl->s3->aead_write_ctx->cipher()) == split_record_len); - // Write the n-1-byte fragment. The header gets split between |out_prefix| - // (header[:-1]) and |out| (header[-1:]). + // Write the n-1-byte fragment. The header gets split between `out_prefix` + // (header[:-1]) and `out` (header[-1:]). uint8_t tmp_prefix[SSL3_RT_HEADER_LENGTH]; if (!do_seal_record(ssl, tmp_prefix, out + 1, out_suffix, type, in + 1, in_len - 1)) {