diff options
| author | Robert Sloan <varomodt@google.com> | 2017-08-28 07:37:06 -0700 |
|---|---|---|
| committer | Robert Sloan <varomodt@google.com> | 2017-08-28 07:37:24 -0700 |
| commit | 8f860b133896bf655e4342ecefe692d52df81d48 (patch) | |
| tree | bfe5f02889bb1873876a95ccedb482ea46cb9a37 /src/crypto/cmac | |
| parent | 05e49fc79f61f4be37c1bb5bee2931524d1939c6 (diff) | |
| download | boringssl-8f860b133896bf655e4342ecefe692d52df81d48.tar.gz | |
external/boringssl: Sync to f21650709a6f76e829ddcc77fe221c9d6a5c12de.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/348f0d8db9c2a0eca0503ba654020209c579d552..f21650709a6f76e829ddcc77fe221c9d6a5c12de
Test: BoringSSL CTS Presubmits.
Change-Id: Ie6e99c3315c552068b5ea57e31b1af7ff94f9b0f
Diffstat (limited to 'src/crypto/cmac')
| -rw-r--r-- | src/crypto/cmac/cmac.c | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/src/crypto/cmac/cmac.c b/src/crypto/cmac/cmac.c index a9a527d5..fb4e69c7 100644 --- a/src/crypto/cmac/cmac.c +++ b/src/crypto/cmac/cmac.c @@ -60,13 +60,13 @@ struct cmac_ctx_st { EVP_CIPHER_CTX cipher_ctx; - /* k1 and k2 are the CMAC subkeys. See - * https://tools.ietf.org/html/rfc4493#section-2.3 */ + // k1 and k2 are the CMAC subkeys. See + // https://tools.ietf.org/html/rfc4493#section-2.3 uint8_t k1[AES_BLOCK_SIZE]; uint8_t k2[AES_BLOCK_SIZE]; - /* Last (possibly partial) scratch */ + // Last (possibly partial) scratch uint8_t block[AES_BLOCK_SIZE]; - /* block_used contains the number of valid bytes in |block|. */ + // block_used contains the number of valid bytes in |block|. unsigned block_used; }; @@ -124,20 +124,20 @@ void CMAC_CTX_free(CMAC_CTX *ctx) { OPENSSL_free(ctx); } -/* binary_field_mul_x treats the 128 bits at |in| as an element of GF(2¹²⁸) - * with a hard-coded reduction polynomial and sets |out| as x times the - * input. - * - * See https://tools.ietf.org/html/rfc4493#section-2.3 */ +// binary_field_mul_x treats the 128 bits at |in| as an element of GF(2¹²⁸) +// with a hard-coded reduction polynomial and sets |out| as x times the +// input. +// +// See https://tools.ietf.org/html/rfc4493#section-2.3 static void binary_field_mul_x(uint8_t out[16], const uint8_t in[16]) { unsigned i; - /* Shift |in| to left, including carry. */ + // Shift |in| to left, including carry. for (i = 0; i < 15; i++) { out[i] = (in[i] << 1) | (in[i+1] >> 7); } - /* If MSB set fixup with R. */ + // If MSB set fixup with R. const uint8_t carry = in[0] >> 7; out[i] = (in[i] << 1) ^ ((0 - carry) & 0x87); } @@ -152,7 +152,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t key_len, EVP_CIPHER_key_length(cipher) != key_len || !EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, NULL, key, kZeroIV) || !EVP_Cipher(&ctx->cipher_ctx, scratch, kZeroIV, AES_BLOCK_SIZE) || - /* Reset context again ready for first data. */ + // Reset context again ready for first data. !EVP_EncryptInit_ex(&ctx->cipher_ctx, NULL, NULL, NULL, kZeroIV)) { return 0; } @@ -183,11 +183,11 @@ int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) { in_len -= todo; ctx->block_used += todo; - /* If |in_len| is zero then either |ctx->block_used| is less than - * |AES_BLOCK_SIZE|, in which case we can stop here, or |ctx->block_used| - * is exactly |AES_BLOCK_SIZE| but there's no more data to process. In the - * latter case we don't want to process this block now because it might be - * the last block and that block is treated specially. */ + // If |in_len| is zero then either |ctx->block_used| is less than + // |AES_BLOCK_SIZE|, in which case we can stop here, or |ctx->block_used| + // is exactly |AES_BLOCK_SIZE| but there's no more data to process. In the + // latter case we don't want to process this block now because it might be + // the last block and that block is treated specially. if (in_len == 0) { return 1; } @@ -199,7 +199,7 @@ int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) { } } - /* Encrypt all but one of the remaining blocks. */ + // Encrypt all but one of the remaining blocks. while (in_len > AES_BLOCK_SIZE) { if (!EVP_Cipher(&ctx->cipher_ctx, scratch, in, AES_BLOCK_SIZE)) { return 0; @@ -223,8 +223,8 @@ int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len) { const uint8_t *mask = ctx->k1; if (ctx->block_used != AES_BLOCK_SIZE) { - /* If the last block is incomplete, terminate it with a single 'one' bit - * followed by zeros. */ + // If the last block is incomplete, terminate it with a single 'one' bit + // followed by zeros. ctx->block[ctx->block_used] = 0x80; OPENSSL_memset(ctx->block + ctx->block_used + 1, 0, AES_BLOCK_SIZE - (ctx->block_used + 1)); |