grpc 1.9.1 → 1.10.0.pre1

data/third_party/boringssl/crypto/digest_extra/digest_extra.c

@@ -0,0 +1,240 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.] */
+
+#include <openssl/digest.h>
+
+#include <string.h>
+
+#include <openssl/asn1.h>
+#include <openssl/bytestring.h>
+#include <openssl/nid.h>
+
+#include "../internal.h"
+
+
+struct nid_to_digest {
+  int nid;
+  const EVP_MD* (*md_func)(void);
+  const char *short_name;
+  const char *long_name;
+};
+
+static const struct nid_to_digest nid_to_digest_mapping[] = {
+    {NID_md4, EVP_md4, SN_md4, LN_md4},
+    {NID_md5, EVP_md5, SN_md5, LN_md5},
+    {NID_sha1, EVP_sha1, SN_sha1, LN_sha1},
+    {NID_sha224, EVP_sha224, SN_sha224, LN_sha224},
+    {NID_sha256, EVP_sha256, SN_sha256, LN_sha256},
+    {NID_sha384, EVP_sha384, SN_sha384, LN_sha384},
+    {NID_sha512, EVP_sha512, SN_sha512, LN_sha512},
+    {NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1},
+    // As a remnant of signing |EVP_MD|s, OpenSSL returned the corresponding
+    // hash function when given a signature OID. To avoid unintended lax parsing
+    // of hash OIDs, this is no longer supported for lookup by OID or NID.
+    // Node.js, however, exposes |EVP_get_digestbyname|'s full behavior to
+    // consumers so we retain it there.
+    {NID_undef, EVP_sha1, SN_dsaWithSHA, LN_dsaWithSHA},
+    {NID_undef, EVP_sha1, SN_dsaWithSHA1, LN_dsaWithSHA1},
+    {NID_undef, EVP_sha1, SN_ecdsa_with_SHA1, NULL},
+    {NID_undef, EVP_md5, SN_md5WithRSAEncryption, LN_md5WithRSAEncryption},
+    {NID_undef, EVP_sha1, SN_sha1WithRSAEncryption, LN_sha1WithRSAEncryption},
+    {NID_undef, EVP_sha224, SN_sha224WithRSAEncryption,
+     LN_sha224WithRSAEncryption},
+    {NID_undef, EVP_sha256, SN_sha256WithRSAEncryption,
+     LN_sha256WithRSAEncryption},
+    {NID_undef, EVP_sha384, SN_sha384WithRSAEncryption,
+     LN_sha384WithRSAEncryption},
+    {NID_undef, EVP_sha512, SN_sha512WithRSAEncryption,
+     LN_sha512WithRSAEncryption},
+};
+
+const EVP_MD* EVP_get_digestbynid(int nid) {
+  if (nid == NID_undef) {
+    // Skip the |NID_undef| entries in |nid_to_digest_mapping|.
+    return NULL;
+  }
+
+  for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(nid_to_digest_mapping); i++) {
+    if (nid_to_digest_mapping[i].nid == nid) {
+      return nid_to_digest_mapping[i].md_func();
+    }
+  }
+
+  return NULL;
+}
+
+static const struct {
+  uint8_t oid[9];
+  uint8_t oid_len;
+  int nid;
+} kMDOIDs[] = {
+  // 1.2.840.113549.2.4
+  { {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x04}, 8, NID_md4 },
+  // 1.2.840.113549.2.5
+  { {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05}, 8, NID_md5 },
+  // 1.3.14.3.2.26
+  { {0x2b, 0x0e, 0x03, 0x02, 0x1a}, 5, NID_sha1 },
+  // 2.16.840.1.101.3.4.2.1
+  { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01}, 9, NID_sha256 },
+  // 2.16.840.1.101.3.4.2.2
+  { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02}, 9, NID_sha384 },
+  // 2.16.840.1.101.3.4.2.3
+  { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03}, 9, NID_sha512 },
+  // 2.16.840.1.101.3.4.2.4
+  { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04}, 9, NID_sha224 },
+};
+
+static const EVP_MD *cbs_to_md(const CBS *cbs) {
+  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kMDOIDs); i++) {
+    if (CBS_len(cbs) == kMDOIDs[i].oid_len &&
+        OPENSSL_memcmp(CBS_data(cbs), kMDOIDs[i].oid, kMDOIDs[i].oid_len) ==
+            0) {
+      return EVP_get_digestbynid(kMDOIDs[i].nid);
+    }
+  }
+
+  return NULL;
+}
+
+const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *obj) {
+  // Handle objects with no corresponding OID.
+  if (obj->nid != NID_undef) {
+    return EVP_get_digestbynid(obj->nid);
+  }
+
+  CBS cbs;
+  CBS_init(&cbs, obj->data, obj->length);
+  return cbs_to_md(&cbs);
+}
+
+const EVP_MD *EVP_parse_digest_algorithm(CBS *cbs) {
+  CBS algorithm, oid;
+  if (!CBS_get_asn1(cbs, &algorithm, CBS_ASN1_SEQUENCE) ||
+      !CBS_get_asn1(&algorithm, &oid, CBS_ASN1_OBJECT)) {
+    OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_DECODE_ERROR);
+    return NULL;
+  }
+
+  const EVP_MD *ret = cbs_to_md(&oid);
+  if (ret == NULL) {
+    OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_UNKNOWN_HASH);
+    return NULL;
+  }
+
+  // The parameters, if present, must be NULL. Historically, whether the NULL
+  // was included or omitted was not well-specified. When parsing an
+  // AlgorithmIdentifier, we allow both. (Note this code is not used when
+  // verifying RSASSA-PKCS1-v1_5 signatures.)
+  if (CBS_len(&algorithm) > 0) {
+    CBS param;
+    if (!CBS_get_asn1(&algorithm, &param, CBS_ASN1_NULL) ||
+        CBS_len(&param) != 0 ||
+        CBS_len(&algorithm) != 0) {
+      OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_DECODE_ERROR);
+      return NULL;
+    }
+  }
+
+  return ret;
+}
+
+int EVP_marshal_digest_algorithm(CBB *cbb, const EVP_MD *md) {
+  CBB algorithm, oid, null;
+  if (!CBB_add_asn1(cbb, &algorithm, CBS_ASN1_SEQUENCE) ||
+      !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT)) {
+    OPENSSL_PUT_ERROR(DIGEST, ERR_R_MALLOC_FAILURE);
+    return 0;
+  }
+
+  int found = 0;
+  int nid = EVP_MD_type(md);
+  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kMDOIDs); i++) {
+    if (nid == kMDOIDs[i].nid) {
+      if (!CBB_add_bytes(&oid, kMDOIDs[i].oid, kMDOIDs[i].oid_len)) {
+        OPENSSL_PUT_ERROR(DIGEST, ERR_R_MALLOC_FAILURE);
+        return 0;
+      }
+      found = 1;
+      break;
+    }
+  }
+
+  if (!found) {
+    OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_UNKNOWN_HASH);
+    return 0;
+  }
+
+  if (!CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) ||
+      !CBB_flush(cbb)) {
+    OPENSSL_PUT_ERROR(DIGEST, ERR_R_MALLOC_FAILURE);
+    return 0;
+  }
+
+  return 1;
+}
+
+const EVP_MD *EVP_get_digestbyname(const char *name) {
+  for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(nid_to_digest_mapping); i++) {
+    const char *short_name = nid_to_digest_mapping[i].short_name;
+    const char *long_name = nid_to_digest_mapping[i].long_name;
+    if ((short_name && strcmp(short_name, name) == 0) ||
+        (long_name && strcmp(long_name, name) == 0)) {
+      return nid_to_digest_mapping[i].md_func();
+    }
+  }
+
+  return NULL;
+}

data/third_party/boringssl/crypto/dsa/dsa.c

@@ -72,14 +72,14 @@
 #include <openssl/sha.h>
 #include <openssl/thread.h>
 
-#include "../bn/internal.h"
+#include "../fipsmodule/bn/internal.h"
 #include "../internal.h"
 
 
 #define OPENSSL_DSA_MAX_MODULUS_BITS 10000
 
-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
- * Rabin-Miller */
+// Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
+// Rabin-Miller
 #define DSS_prime_checks 50
 
 static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
@@ -153,6 +153,46 @@ void DSA_get0_pqg(const DSA *dsa, const BIGNUM **out_p, const BIGNUM **out_q,
   }
 }
 
+int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key) {
+  if (dsa->pub_key == NULL && pub_key == NULL) {
+    return 0;
+  }
+
+  if (pub_key != NULL) {
+    BN_free(dsa->pub_key);
+    dsa->pub_key = pub_key;
+  }
+  if (priv_key != NULL) {
+    BN_free(dsa->priv_key);
+    dsa->priv_key = priv_key;
+  }
+
+  return 1;
+}
+
+int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
+  if ((dsa->p == NULL && p == NULL) ||
+      (dsa->q == NULL && q == NULL) ||
+      (dsa->g == NULL && g == NULL)) {
+    return 0;
+  }
+
+  if (p != NULL) {
+    BN_free(dsa->p);
+    dsa->p = p;
+  }
+  if (q != NULL) {
+    BN_free(dsa->q);
+    dsa->q = q;
+  }
+  if (g != NULL) {
+    BN_free(dsa->g);
+    dsa->g = g;
+  }
+
+  return 1;
+}
+
 int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
                                size_t seed_len, int *out_counter,
                                unsigned long *out_h, BN_GENCB *cb) {
@@ -186,7 +226,7 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
       return 0;
     }
     if (seed_len > (size_t)qsize) {
-      /* Only consume as much seed as is expected. */
+      // Only consume as much seed as is expected.
       seed_len = qsize;
     }
     OPENSSL_memcpy(seed, seed_in, seed_len);
@@ -217,9 +257,9 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
   }
 
   for (;;) {
-    /* Find q. */
+    // Find q.
     for (;;) {
-      /* step 1 */
+      // step 1
       if (!BN_GENCB_call(cb, 0, m++)) {
         goto err;
       }
@@ -230,12 +270,12 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
           goto err;
         }
       } else {
-        /* If we come back through, use random seed next time. */
+        // If we come back through, use random seed next time.
         seed_in = NULL;
       }
       OPENSSL_memcpy(buf, seed, qsize);
       OPENSSL_memcpy(buf2, seed, qsize);
-      /* precompute "SEED + 1" for step 7: */
+      // precompute "SEED + 1" for step 7:
       for (i = qsize - 1; i < qsize; i--) {
         buf[i]++;
         if (buf[i] != 0) {
@@ -243,7 +283,7 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
         }
       }
 
-      /* step 2 */
+      // step 2
       if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL) ||
           !EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) {
         goto err;
@@ -252,14 +292,14 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
         md[i] ^= buf2[i];
       }
 
-      /* step 3 */
+      // step 3
       md[0] |= 0x80;
       md[qsize - 1] |= 0x01;
       if (!BN_bin2bn(md, qsize, q)) {
         goto err;
       }
 
-      /* step 4 */
+      // step 4
       r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed, cb);
       if (r > 0) {
         break;
@@ -268,17 +308,17 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
         goto err;
       }
 
-      /* do a callback call */
-      /* step 5 */
+      // do a callback call
+      // step 5
     }
 
     if (!BN_GENCB_call(cb, 2, 0) || !BN_GENCB_call(cb, 3, 0)) {
       goto err;
     }
 
-    /* step 6 */
+    // step 6
     counter = 0;
-    /* "offset = 2" */
+    // "offset = 2"
 
     n = (bits - 1) / 160;
 
@@ -287,11 +327,11 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
         goto err;
       }
 
-      /* step 7 */
+      // step 7
       BN_zero(W);
-      /* now 'buf' contains "SEED + offset - 1" */
+      // now 'buf' contains "SEED + offset - 1"
       for (k = 0; k <= n; k++) {
-        /* obtain "SEED + offset + k" by incrementing: */
+        // obtain "SEED + offset + k" by incrementing:
         for (i = qsize - 1; i < qsize; i--) {
           buf[i]++;
           if (buf[i] != 0) {
@@ -303,7 +343,7 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
           goto err;
         }
 
-        /* step 8 */
+        // step 8
         if (!BN_bin2bn(md, qsize, r0) ||
             !BN_lshift(r0, r0, (qsize << 3) * k) ||
             !BN_add(W, W, r0)) {
@@ -311,14 +351,14 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
         }
       }
 
-      /* more of step 8 */
+      // more of step 8
       if (!BN_mask_bits(W, bits - 1) ||
           !BN_copy(X, W) ||
           !BN_add(X, X, test)) {
         goto err;
       }
 
-      /* step 9 */
+      // step 9
       if (!BN_lshift1(r0, q) ||
           !BN_mod(c, X, r0, ctx) ||
           !BN_sub(r0, c, BN_value_one()) ||
@@ -326,23 +366,23 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
         goto err;
       }
 
-      /* step 10 */
+      // step 10
       if (BN_cmp(p, test) >= 0) {
-        /* step 11 */
+        // step 11
         r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
         if (r > 0) {
-          goto end; /* found it */
+          goto end;  // found it
         }
         if (r != 0) {
           goto err;
         }
       }
 
-      /* step 13 */
+      // step 13
       counter++;
-      /* "offset = offset + n + 1" */
+      // "offset = offset + n + 1"
 
-      /* step 14 */
+      // step 14
       if (counter >= 4096) {
         break;
       }
@@ -353,8 +393,8 @@ end:
     goto err;
   }
 
-  /* We now need to generate g */
-  /* Set r0=(p-1)/q */
+  // We now need to generate g
+  // Set r0=(p-1)/q
   if (!BN_sub(test, p, BN_value_one()) ||
       !BN_div(r0, NULL, test, q, ctx)) {
     goto err;
@@ -366,7 +406,7 @@ end:
   }
 
   for (;;) {
-    /* g=test^r0%p */
+    // g=test^r0%p
     if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) {
       goto err;
     }
@@ -544,9 +584,9 @@ redo:
   }
 
   if (digest_len > BN_num_bytes(dsa->q)) {
-    /* if the digest length is greater than the size of q use the
-     * BN_num_bits(dsa->q) leftmost bits of the digest, see
-     * fips 186-3, 4.2 */
+    // if the digest length is greater than the size of q use the
+    // BN_num_bits(dsa->q) leftmost bits of the digest, see
+    // fips 186-3, 4.2
     digest_len = BN_num_bytes(dsa->q);
   }
 
@@ -554,12 +594,12 @@ redo:
     goto err;
   }
 
-  /* Compute  s = inv(k) (m + xr) mod q */
+  // Compute  s = inv(k) (m + xr) mod q
   if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) {
-    goto err; /* s = xr */
+    goto err;  // s = xr
   }
   if (!BN_add(s, &xr, &m)) {
-    goto err; /* s = m + xr */
+    goto err;  // s = m + xr
   }
   if (BN_cmp(s, dsa->q) > 0) {
     if (!BN_sub(s, s, dsa->q)) {
@@ -570,8 +610,8 @@ redo:
     goto err;
   }
 
-  /* Redo if r or s is zero as required by FIPS 186-3: this is
-   * very unlikely. */
+  // Redo if r or s is zero as required by FIPS 186-3: this is
+  // very unlikely.
   if (BN_is_zero(r) || BN_is_zero(s)) {
     if (noredo) {
       reason = DSA_R_NEED_NEW_SETUP_VALUES;
@@ -624,7 +664,7 @@ int DSA_do_check_signature(int *out_valid, const uint8_t *digest,
   }
 
   i = BN_num_bits(dsa->q);
-  /* fips 186-3 allows only different sizes for q */
+  // fips 186-3 allows only different sizes for q
   if (i != 160 && i != 224 && i != 256) {
     OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_Q_VALUE);
     return 0;
@@ -655,17 +695,17 @@ int DSA_do_check_signature(int *out_valid, const uint8_t *digest,
     goto err;
   }
 
-  /* Calculate W = inv(S) mod Q
-   * save W in u2 */
+  // Calculate W = inv(S) mod Q
+  // save W in u2
   if (BN_mod_inverse(&u2, sig->s, dsa->q, ctx) == NULL) {
     goto err;
   }
 
-  /* save M in u1 */
+  // save M in u1
   if (digest_len > (i >> 3)) {
-    /* if the digest length is greater than the size of q use the
-     * BN_num_bits(dsa->q) leftmost bits of the digest, see
-     * fips 186-3, 4.2 */
+    // if the digest length is greater than the size of q use the
+    // BN_num_bits(dsa->q) leftmost bits of the digest, see
+    // fips 186-3, 4.2
     digest_len = (i >> 3);
   }
 
@@ -673,12 +713,12 @@ int DSA_do_check_signature(int *out_valid, const uint8_t *digest,
     goto err;
   }
 
-  /* u1 = M * w mod q */
+  // u1 = M * w mod q
   if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) {
     goto err;
   }
 
-  /* u2 = r * w mod q */
+  // u2 = r * w mod q
   if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) {
     goto err;
   }
@@ -694,14 +734,14 @@ int DSA_do_check_signature(int *out_valid, const uint8_t *digest,
     goto err;
   }
 
-  /* BN_copy(&u1,&t1); */
-  /* let u1 = u1 mod q */
+  // BN_copy(&u1,&t1);
+  // let u1 = u1 mod q
   if (!BN_mod(&u1, &t1, dsa->q, ctx)) {
     goto err;
   }
 
-  /* V is now in u1.  If the signature is correct, it will be
-   * equal to R. */
+  // V is now in u1.  If the signature is correct, it will be
+  // equal to R.
   *out_valid = BN_ucmp(&u1, sig->r) == 0;
   ret = 1;
 
@@ -758,7 +798,7 @@ int DSA_check_signature(int *out_valid, const uint8_t *digest,
     goto err;
   }
 
-  /* Ensure that the signature uses DER and doesn't have trailing garbage. */
+  // Ensure that the signature uses DER and doesn't have trailing garbage.
   int der_len = i2d_DSA_SIG(s, &der);
   if (der_len < 0 || (size_t)der_len != sig_len ||
       OPENSSL_memcmp(sig, der, sig_len)) {
@@ -773,8 +813,8 @@ err:
   return ret;
 }
 
-/* der_len_len returns the number of bytes needed to represent a length of |len|
- * in DER. */
+// der_len_len returns the number of bytes needed to represent a length of |len|
+// in DER.
 static size_t der_len_len(size_t len) {
   if (len < 0x80) {
     return 1;
@@ -789,18 +829,18 @@ static size_t der_len_len(size_t len) {
 
 int DSA_size(const DSA *dsa) {
   size_t order_len = BN_num_bytes(dsa->q);
-  /* Compute the maximum length of an |order_len| byte integer. Defensively
-   * assume that the leading 0x00 is included. */
+  // Compute the maximum length of an |order_len| byte integer. Defensively
+  // assume that the leading 0x00 is included.
   size_t integer_len = 1 /* tag */ + der_len_len(order_len + 1) + 1 + order_len;
   if (integer_len < order_len) {
     return 0;
   }
-  /* A DSA signature is two INTEGERs. */
+  // A DSA signature is two INTEGERs.
   size_t value_len = 2 * integer_len;
   if (value_len < integer_len) {
     return 0;
   }
-  /* Add the header. */
+  // Add the header.
   size_t ret = 1 /* tag */ + der_len_len(value_len) + value_len;
   if (ret < value_len) {
     return 0;
@@ -835,7 +875,7 @@ int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
     goto err;
   }
 
-  /* Get random k */
+  // Get random k
   if (!BN_rand_range_ex(&k, 1, dsa->q)) {
     goto err;
   }
@@ -849,16 +889,16 @@ int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
     goto err;
   }
 
-  /* Compute r = (g^k mod p) mod q */
+  // Compute r = (g^k mod p) mod q
   if (!BN_copy(&kq, &k)) {
     goto err;
   }
 
-  /* We do not want timing information to leak the length of k,
-   * so we compute g^k using an equivalent exponent of fixed length.
-   *
-   * (This is a kludge that we need because the BN_mod_exp_mont()
-   * does not let us specify the desired timing behaviour.) */
+  // We do not want timing information to leak the length of k,
+  // so we compute g^k using an equivalent exponent of fixed length.
+  //
+  // (This is a kludge that we need because the BN_mod_exp_mont()
+  // does not let us specify the desired timing behaviour.)
 
   if (!BN_add(&kq, &kq, dsa->q)) {
     goto err;
@@ -875,8 +915,8 @@ int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
     goto err;
   }
 
-  /* Compute part of 's = inv(k) (m + xr) mod q' using Fermat's Little
-   * Theorem. */
+  // Compute part of 's = inv(k) (m + xr) mod q' using Fermat's Little
+  // Theorem.
   kinv = BN_new();
   if (kinv == NULL ||
       !bn_mod_inverse_prime(kinv, &k, dsa->q, ctx, dsa->method_mont_q)) {
@@ -908,44 +948,44 @@ err:
 }
 
 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) {
+                         CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) {
   int index;
-  if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, dup_func,
+  if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
                                free_func)) {
     return -1;
   }
   return index;
 }
 
-int DSA_set_ex_data(DSA *d, int idx, void *arg) {
-  return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
+int DSA_set_ex_data(DSA *dsa, int idx, void *arg) {
+  return CRYPTO_set_ex_data(&dsa->ex_data, idx, arg);
 }
 
-void *DSA_get_ex_data(const DSA *d, int idx) {
-  return CRYPTO_get_ex_data(&d->ex_data, idx);
+void *DSA_get_ex_data(const DSA *dsa, int idx) {
+  return CRYPTO_get_ex_data(&dsa->ex_data, idx);
 }
 
-DH *DSA_dup_DH(const DSA *r) {
-  DH *ret = NULL;
-
-  if (r == NULL) {
-    goto err;
+DH *DSA_dup_DH(const DSA *dsa) {
+  if (dsa == NULL) {
+    return NULL;
   }
-  ret = DH_new();
+
+  DH *ret = DH_new();
   if (ret == NULL) {
     goto err;
   }
-  if (r->q != NULL) {
-    ret->priv_length = BN_num_bits(r->q);
-    if ((ret->q = BN_dup(r->q)) == NULL) {
+  if (dsa->q != NULL) {
+    ret->priv_length = BN_num_bits(dsa->q);
+    if ((ret->q = BN_dup(dsa->q)) == NULL) {
       goto err;
     }
   }
-  if ((r->p != NULL && (ret->p = BN_dup(r->p)) == NULL) ||
-      (r->g != NULL && (ret->g = BN_dup(r->g)) == NULL) ||
-      (r->pub_key != NULL && (ret->pub_key = BN_dup(r->pub_key)) == NULL) ||
-      (r->priv_key != NULL && (ret->priv_key = BN_dup(r->priv_key)) == NULL)) {
-      goto err;
+  if ((dsa->p != NULL && (ret->p = BN_dup(dsa->p)) == NULL) ||
+      (dsa->g != NULL && (ret->g = BN_dup(dsa->g)) == NULL) ||
+      (dsa->pub_key != NULL && (ret->pub_key = BN_dup(dsa->pub_key)) == NULL) ||
+      (dsa->priv_key != NULL &&
+       (ret->priv_key = BN_dup(dsa->priv_key)) == NULL)) {
+    goto err;
   }
 
   return ret;