status-im/BearSSL
2
0
Fork 0
mirror of https://github.com/status-im/BearSSL.git synced 2025-02-24 08:28:15 +00:00
Code Issues Projects Releases Wiki Activity

Cosmetic fixes in comments.

Browse Source
This commit is contained in:
Thomas Pornin 2017-01-30 00:32:21 +01:00
parent 5f045c7599
commit f0c0046601
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
samples/custom_profile.c
View File

@ -166,7 +166,7 @@ example_client_profile(br_ssl_client_context *cc
(sizeof suites) / (sizeof suites[0])); (sizeof suites) / (sizeof suites[0]));
/* /*
* Public-key algorithm imeplementations. * Public-key algorithm implementations.
* *
* -- RSA public core ("rsapub") is needed for "RSA" key exchange * -- RSA public core ("rsapub") is needed for "RSA" key exchange
* (cipher suites whose name starts with TLS_RSA). * (cipher suites whose name starts with TLS_RSA).
@ -181,6 +181,17 @@ example_client_profile(br_ssl_client_context *cc
* -- ECDSA signature verification is needed for "ECDHE_ECDSA" * -- ECDSA signature verification is needed for "ECDHE_ECDSA"
* cipher suites (but not for ECDHE_RSA, ECDH_ECDSA or ECDH_RSA). * cipher suites (but not for ECDHE_RSA, ECDH_ECDSA or ECDH_RSA).
* *
* Normaly, you use the "default" implementations, obtained
* through relevant function calls. These functions return
* implementations that are deemed "best" for the current
* platform, where "best" means "fastest within constant-time
* implementations". Selecting the default implementation is a
* mixture of compile-time and runtime checks.
*
* Nevertheless, specific implementations may be selected
* explicitly, e.g. to use code which is slower but with a
* smaller footprint.
*
* The RSA code comes in three variants, called "i15", "i31" and * The RSA code comes in three variants, called "i15", "i31" and
* "i32". The "i31" code is somewhat faster than the "i32" code. * "i32". The "i31" code is somewhat faster than the "i32" code.
* Usually, "i31" is faster than "i15", except on some specific * Usually, "i31" is faster than "i15", except on some specific
@ -216,10 +227,15 @@ example_client_profile(br_ssl_client_context *cc
* implementations directly will result in smaller code, but * implementations directly will result in smaller code, but
* support for fewer curves and possibly lower performance. * support for fewer curves and possibly lower performance.
*/ */
br_ssl_client_set_default_rsapub(cc);
br_ssl_engine_set_default_rsavrfy(&cc->eng);
br_ssl_engine_set_default_ecdsa(&cc->eng);
/* Alternate: set implementations explicitly.
br_ssl_client_set_rsapub(cc, &br_rsa_i31_public); br_ssl_client_set_rsapub(cc, &br_rsa_i31_public);
br_ssl_client_set_rsavrfy(cc, &br_rsa_i31_pkcs1_vrfy); br_ssl_client_set_rsavrfy(cc, &br_rsa_i31_pkcs1_vrfy);
br_ssl_engine_set_ec(&cc->eng, &br_ec_all_m31); br_ssl_engine_set_ec(&cc->eng, &br_ec_all_m31);
br_ssl_client_set_ecdsa(cc, &br_ecdsa_i31_vrfy_asn1); br_ssl_engine_set_ecdsa(&cc->eng, &br_ecdsa_i31_vrfy_asn1);
*/
/* /*
* Record handler: * Record handler:
@ -279,7 +295,12 @@ example_client_profile(br_ssl_client_context *cc
* but it is not constant-time. * but it is not constant-time.
* *
* aes_x86ni Very fast implementation that uses the AES-NI * aes_x86ni Very fast implementation that uses the AES-NI
* opcodes on recent x86 CPU. * opcodes on recent x86 CPU. But it may not be
* compiled in the library if the compiler or
* architecture is not supported; and the CPU
* may also not support the opcodes. Selection
* functions are provided to test for availability
* of the code and the opcodes.
* *
* Whether having constant-time implementations is absolutely * Whether having constant-time implementations is absolutely
* required for security depends on the context (in particular * required for security depends on the context (in particular

2
src/int/i32_div32.c
View File

@ -28,7 +28,7 @@
uint32_t uint32_t
br_divrem(uint32_t hi, uint32_t lo, uint32_t d, uint32_t *r) br_divrem(uint32_t hi, uint32_t lo, uint32_t d, uint32_t *r)
{ {
// TODO: optimize this /* TODO: optimize this */
uint32_t q; uint32_t q;
uint32_t ch, cf; uint32_t ch, cf;
int k; int k;