grpc 1.9.1 → 1.10.0.pre1

data/third_party/boringssl/include/openssl/digest.h

@@ -64,17 +64,17 @@ extern "C" {
 #endif
 
 
-/* Digest functions.
- *
- * An EVP_MD abstracts the details of a specific hash function allowing code to
- * deal with the concept of a "hash function" without needing to know exactly
- * which hash function it is. */
+// Digest functions.
+//
+// An EVP_MD abstracts the details of a specific hash function allowing code to
+// deal with the concept of a "hash function" without needing to know exactly
+// which hash function it is.
 
 
-/* Hash algorithms.
- *
- * The following functions return |EVP_MD| objects that implement the named hash
- * function. */
+// Hash algorithms.
+//
+// The following functions return |EVP_MD| objects that implement the named hash
+// function.
 
 OPENSSL_EXPORT const EVP_MD *EVP_md4(void);
 OPENSSL_EXPORT const EVP_MD *EVP_md5(void);
@@ -84,192 +84,219 @@ OPENSSL_EXPORT const EVP_MD *EVP_sha256(void);
 OPENSSL_EXPORT const EVP_MD *EVP_sha384(void);
 OPENSSL_EXPORT const EVP_MD *EVP_sha512(void);
 
-/* EVP_md5_sha1 is a TLS-specific |EVP_MD| which computes the concatenation of
- * MD5 and SHA-1, as used in TLS 1.1 and below. */
+// EVP_md5_sha1 is a TLS-specific |EVP_MD| which computes the concatenation of
+// MD5 and SHA-1, as used in TLS 1.1 and below.
 OPENSSL_EXPORT const EVP_MD *EVP_md5_sha1(void);
 
-/* EVP_get_digestbynid returns an |EVP_MD| for the given NID, or NULL if no
- * such digest is known. */
+// EVP_get_digestbynid returns an |EVP_MD| for the given NID, or NULL if no
+// such digest is known.
 OPENSSL_EXPORT const EVP_MD *EVP_get_digestbynid(int nid);
 
-/* EVP_get_digestbyobj returns an |EVP_MD| for the given |ASN1_OBJECT|, or NULL
- * if no such digest is known. */
+// EVP_get_digestbyobj returns an |EVP_MD| for the given |ASN1_OBJECT|, or NULL
+// if no such digest is known.
 OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *obj);
 
 
-/* Digest contexts.
- *
- * An EVP_MD_CTX represents the state of a specific digest operation in
- * progress. */
+// Digest contexts.
+//
+// An EVP_MD_CTX represents the state of a specific digest operation in
+// progress.
 
-/* EVP_MD_CTX_init initialises an, already allocated, |EVP_MD_CTX|. This is the
- * same as setting the structure to zero. */
+// EVP_MD_CTX_init initialises an, already allocated, |EVP_MD_CTX|. This is the
+// same as setting the structure to zero.
 OPENSSL_EXPORT void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
 
-/* EVP_MD_CTX_create allocates and initialises a fresh |EVP_MD_CTX| and returns
- * it, or NULL on allocation failure. */
-OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_create(void);
+// EVP_MD_CTX_new allocates and initialises a fresh |EVP_MD_CTX| and returns
+// it, or NULL on allocation failure. The caller must use |EVP_MD_CTX_free| to
+// release the resulting object.
+OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_new(void);
 
-/* EVP_MD_CTX_cleanup frees any resources owned by |ctx| and resets it to a
- * freshly initialised state. It does not free |ctx| itself. It returns one. */
+// EVP_MD_CTX_cleanup frees any resources owned by |ctx| and resets it to a
+// freshly initialised state. It does not free |ctx| itself. It returns one.
 OPENSSL_EXPORT int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
 
-/* EVP_MD_CTX_destroy calls |EVP_MD_CTX_cleanup| and then frees |ctx| itself. */
-OPENSSL_EXPORT void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+// EVP_MD_CTX_free calls |EVP_MD_CTX_cleanup| and then frees |ctx| itself.
+OPENSSL_EXPORT void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
 
-/* EVP_MD_CTX_copy_ex sets |out|, which must already be initialised, to be a
- * copy of |in|. It returns one on success and zero on error. */
+// EVP_MD_CTX_copy_ex sets |out|, which must already be initialised, to be a
+// copy of |in|. It returns one on success and zero on error.
 OPENSSL_EXPORT int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
 
+// EVP_MD_CTX_reset calls |EVP_MD_CTX_cleanup| followed by |EVP_MD_CTX_init|.
+OPENSSL_EXPORT void EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+
 
-/* Digest operations. */
+// Digest operations.
 
-/* EVP_DigestInit_ex configures |ctx|, which must already have been
- * initialised, for a fresh hashing operation using |type|. It returns one on
- * success and zero otherwise. */
+// EVP_DigestInit_ex configures |ctx|, which must already have been
+// initialised, for a fresh hashing operation using |type|. It returns one on
+// success and zero otherwise.
 OPENSSL_EXPORT int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
                                      ENGINE *engine);
 
-/* EVP_DigestInit acts like |EVP_DigestInit_ex| except that |ctx| is
- * initialised before use. */
+// EVP_DigestInit acts like |EVP_DigestInit_ex| except that |ctx| is
+// initialised before use.
 OPENSSL_EXPORT int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 
-/* EVP_DigestUpdate hashes |len| bytes from |data| into the hashing operation
- * in |ctx|. It returns one. */
+// EVP_DigestUpdate hashes |len| bytes from |data| into the hashing operation
+// in |ctx|. It returns one.
 OPENSSL_EXPORT int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
                                     size_t len);
 
-/* EVP_MAX_MD_SIZE is the largest digest size supported, in bytes.
- * Functions that output a digest generally require the buffer have
- * at least this much space. */
-#define EVP_MAX_MD_SIZE 64 /* SHA-512 is the longest so far. */
-
-/* EVP_MAX_MD_BLOCK_SIZE is the largest digest block size supported, in
- * bytes. */
-#define EVP_MAX_MD_BLOCK_SIZE 128 /* SHA-512 is the longest so far. */
-
-/* EVP_DigestFinal_ex finishes the digest in |ctx| and writes the output to
- * |md_out|. |EVP_MD_CTX_size| bytes are written, which is at most
- * |EVP_MAX_MD_SIZE|. If |out_size| is not NULL then |*out_size| is set to the
- * number of bytes written. It returns one. After this call, the hash cannot be
- * updated or finished again until |EVP_DigestInit_ex| is called to start
- * another hashing operation. */
+// EVP_MAX_MD_SIZE is the largest digest size supported, in bytes.
+// Functions that output a digest generally require the buffer have
+// at least this much space.
+#define EVP_MAX_MD_SIZE 64  // SHA-512 is the longest so far.
+
+// EVP_MAX_MD_BLOCK_SIZE is the largest digest block size supported, in
+// bytes.
+#define EVP_MAX_MD_BLOCK_SIZE 128  // SHA-512 is the longest so far.
+
+// EVP_DigestFinal_ex finishes the digest in |ctx| and writes the output to
+// |md_out|. |EVP_MD_CTX_size| bytes are written, which is at most
+// |EVP_MAX_MD_SIZE|. If |out_size| is not NULL then |*out_size| is set to the
+// number of bytes written. It returns one. After this call, the hash cannot be
+// updated or finished again until |EVP_DigestInit_ex| is called to start
+// another hashing operation.
 OPENSSL_EXPORT int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, uint8_t *md_out,
                                       unsigned int *out_size);
 
-/* EVP_DigestFinal acts like |EVP_DigestFinal_ex| except that
- * |EVP_MD_CTX_cleanup| is called on |ctx| before returning. */
+// EVP_DigestFinal acts like |EVP_DigestFinal_ex| except that
+// |EVP_MD_CTX_cleanup| is called on |ctx| before returning.
 OPENSSL_EXPORT int EVP_DigestFinal(EVP_MD_CTX *ctx, uint8_t *md_out,
                                    unsigned int *out_size);
 
-/* EVP_Digest performs a complete hashing operation in one call. It hashes |len|
- * bytes from |data| and writes the digest to |md_out|. |EVP_MD_CTX_size| bytes
- * are written, which is at most |EVP_MAX_MD_SIZE|. If |out_size| is not NULL
- * then |*out_size| is set to the number of bytes written. It returns one on
- * success and zero otherwise. */
+// EVP_Digest performs a complete hashing operation in one call. It hashes |len|
+// bytes from |data| and writes the digest to |md_out|. |EVP_MD_CTX_size| bytes
+// are written, which is at most |EVP_MAX_MD_SIZE|. If |out_size| is not NULL
+// then |*out_size| is set to the number of bytes written. It returns one on
+// success and zero otherwise.
 OPENSSL_EXPORT int EVP_Digest(const void *data, size_t len, uint8_t *md_out,
                               unsigned int *md_out_size, const EVP_MD *type,
                               ENGINE *impl);
 
 
-/* Digest function accessors.
- *
- * These functions allow code to learn details about an abstract hash
- * function. */
+// Digest function accessors.
+//
+// These functions allow code to learn details about an abstract hash
+// function.
 
-/* EVP_MD_type returns a NID identifying |md|. (For example, |NID_sha256|.) */
+// EVP_MD_type returns a NID identifying |md|. (For example, |NID_sha256|.)
 OPENSSL_EXPORT int EVP_MD_type(const EVP_MD *md);
 
-/* EVP_MD_flags returns the flags for |md|, which is a set of |EVP_MD_FLAG_*|
- * values, ORed together. */
+// EVP_MD_flags returns the flags for |md|, which is a set of |EVP_MD_FLAG_*|
+// values, ORed together.
 OPENSSL_EXPORT uint32_t EVP_MD_flags(const EVP_MD *md);
 
-/* EVP_MD_size returns the digest size of |md|, in bytes. */
+// EVP_MD_size returns the digest size of |md|, in bytes.
 OPENSSL_EXPORT size_t EVP_MD_size(const EVP_MD *md);
 
-/* EVP_MD_block_size returns the native block-size of |md|, in bytes. */
+// EVP_MD_block_size returns the native block-size of |md|, in bytes.
 OPENSSL_EXPORT size_t EVP_MD_block_size(const EVP_MD *md);
 
-/* EVP_MD_FLAG_PKEY_DIGEST indicates the the digest function is used with a
- * specific public key in order to verify signatures. (For example,
- * EVP_dss1.) */
+// EVP_MD_FLAG_PKEY_DIGEST indicates the the digest function is used with a
+// specific public key in order to verify signatures. (For example,
+// EVP_dss1.)
 #define EVP_MD_FLAG_PKEY_DIGEST 1
 
-/* EVP_MD_FLAG_DIGALGID_ABSENT indicates that the parameter type in an X.509
- * DigestAlgorithmIdentifier representing this digest function should be
- * undefined rather than NULL. */
+// EVP_MD_FLAG_DIGALGID_ABSENT indicates that the parameter type in an X.509
+// DigestAlgorithmIdentifier representing this digest function should be
+// undefined rather than NULL.
 #define EVP_MD_FLAG_DIGALGID_ABSENT 2
 
 
-/* Deprecated functions. */
+// Digest operation accessors.
 
-/* EVP_MD_CTX_copy sets |out|, which must /not/ be initialised, to be a copy of
- * |in|. It returns one on success and zero on error. */
-OPENSSL_EXPORT int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+// EVP_MD_CTX_md returns the underlying digest function, or NULL if one has not
+// been set.
+OPENSSL_EXPORT const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
 
-/* EVP_add_digest does nothing and returns one. It exists only for
- * compatibility with OpenSSL. */
-OPENSSL_EXPORT int EVP_add_digest(const EVP_MD *digest);
+// EVP_MD_CTX_size returns the digest size of |ctx|, in bytes. It
+// will crash if a digest hasn't been set on |ctx|.
+OPENSSL_EXPORT size_t EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
 
-/* EVP_get_digestbyname returns an |EVP_MD| given a human readable name in
- * |name|, or NULL if the name is unknown. */
-OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyname(const char *);
+// EVP_MD_CTX_block_size returns the block size of the digest function used by
+// |ctx|, in bytes. It will crash if a digest hasn't been set on |ctx|.
+OPENSSL_EXPORT size_t EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
 
-/* EVP_dss1 returns the value of EVP_sha1(). This was provided by OpenSSL to
- * specifiy the original DSA signatures, which were fixed to use SHA-1. Note,
- * however, that attempting to sign or verify DSA signatures with the EVP
- * interface will always fail. */
-OPENSSL_EXPORT const EVP_MD *EVP_dss1(void);
+// EVP_MD_CTX_type returns a NID describing the digest function used by |ctx|.
+// (For example, |NID_sha256|.) It will crash if a digest hasn't been set on
+// |ctx|.
+OPENSSL_EXPORT int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
 
 
-/* Digest operation accessors. */
+// ASN.1 functions.
+//
+// These functions allow code to parse and serialize AlgorithmIdentifiers for
+// hash functions.
 
-/* EVP_MD_CTX_md returns the underlying digest function, or NULL if one has not
- * been set. */
-OPENSSL_EXPORT const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+// EVP_parse_digest_algorithm parses an AlgorithmIdentifier structure containing
+// a hash function OID (for example, 2.16.840.1.101.3.4.2.1 is SHA-256) and
+// advances |cbs|. The parameters field may either be omitted or a NULL. It
+// returns the digest function or NULL on error.
+OPENSSL_EXPORT const EVP_MD *EVP_parse_digest_algorithm(CBS *cbs);
 
-/* EVP_MD_CTX_size returns the digest size of |ctx|, in bytes. It
- * will crash if a digest hasn't been set on |ctx|. */
-OPENSSL_EXPORT size_t EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
+// EVP_marshal_digest_algorithm marshals |md| as an AlgorithmIdentifier
+// structure and appends the result to |cbb|. It returns one on success and zero
+// on error.
+OPENSSL_EXPORT int EVP_marshal_digest_algorithm(CBB *cbb, const EVP_MD *md);
 
-/* EVP_MD_CTX_block_size returns the block size of the digest function used by
- * |ctx|, in bytes. It will crash if a digest hasn't been set on |ctx|. */
-OPENSSL_EXPORT size_t EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
 
-/* EVP_MD_CTX_type returns a NID describing the digest function used by |ctx|.
- * (For example, |NID_sha256|.) It will crash if a digest hasn't been set on
- * |ctx|. */
-OPENSSL_EXPORT int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
+// Deprecated functions.
+
+// EVP_MD_CTX_copy sets |out|, which must /not/ be initialised, to be a copy of
+// |in|. It returns one on success and zero on error.
+OPENSSL_EXPORT int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+
+// EVP_add_digest does nothing and returns one. It exists only for
+// compatibility with OpenSSL.
+OPENSSL_EXPORT int EVP_add_digest(const EVP_MD *digest);
+
+// EVP_get_digestbyname returns an |EVP_MD| given a human readable name in
+// |name|, or NULL if the name is unknown.
+OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyname(const char *);
+
+// EVP_dss1 returns the value of EVP_sha1(). This was provided by OpenSSL to
+// specifiy the original DSA signatures, which were fixed to use SHA-1. Note,
+// however, that attempting to sign or verify DSA signatures with the EVP
+// interface will always fail.
+OPENSSL_EXPORT const EVP_MD *EVP_dss1(void);
+
+// EVP_MD_CTX_create calls |EVP_MD_CTX_new|.
+OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_create(void);
+
+// EVP_MD_CTX_destroy calls |EVP_MD_CTX_free|.
+OPENSSL_EXPORT void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
 
 
 struct evp_md_pctx_ops;
 
 struct env_md_ctx_st {
-  /* digest is the underlying digest function, or NULL if not set. */
+  // digest is the underlying digest function, or NULL if not set.
   const EVP_MD *digest;
-  /* md_data points to a block of memory that contains the hash-specific
-   * context. */
+  // md_data points to a block of memory that contains the hash-specific
+  // context.
   void *md_data;
 
-  /* pctx is an opaque (at this layer) pointer to additional context that
-   * EVP_PKEY functions may store in this object. */
+  // pctx is an opaque (at this layer) pointer to additional context that
+  // EVP_PKEY functions may store in this object.
   EVP_PKEY_CTX *pctx;
 
-  /* pctx_ops, if not NULL, points to a vtable that contains functions to
-   * manipulate |pctx|. */
+  // pctx_ops, if not NULL, points to a vtable that contains functions to
+  // manipulate |pctx|.
   const struct evp_md_pctx_ops *pctx_ops;
 } /* EVP_MD_CTX */;
 
 
 #if defined(__cplusplus)
-}  /* extern C */
+}  // extern C
 
 #if !defined(BORINGSSL_NO_CXX)
 extern "C++" {
 
 namespace bssl {
 
-BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_destroy)
+BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free)
 
 using ScopedEVP_MD_CTX =
     internal::StackAllocated<EVP_MD_CTX, int, EVP_MD_CTX_init,
@@ -283,5 +310,7 @@ using ScopedEVP_MD_CTX =
 #endif
 
 #define DIGEST_R_INPUT_NOT_INITIALIZED 100
+#define DIGEST_R_DECODE_ERROR 101
+#define DIGEST_R_UNKNOWN_HASH 102
 
-#endif  /* OPENSSL_HEADER_DIGEST_H */
+#endif  // OPENSSL_HEADER_DIGEST_H

data/third_party/boringssl/include/openssl/dsa.h

@@ -71,315 +71,330 @@ extern "C" {
 #endif
 
 
-/* DSA contains functions for signing and verifying with the Digital Signature
- * Algorithm. */
+// DSA contains functions for signing and verifying with the Digital Signature
+// Algorithm.
 
 
-/* Allocation and destruction. */
+// Allocation and destruction.
 
-/* DSA_new returns a new, empty DSA object or NULL on error. */
+// DSA_new returns a new, empty DSA object or NULL on error.
 OPENSSL_EXPORT DSA *DSA_new(void);
 
-/* DSA_free decrements the reference count of |dsa| and frees it if the
- * reference count drops to zero. */
+// DSA_free decrements the reference count of |dsa| and frees it if the
+// reference count drops to zero.
 OPENSSL_EXPORT void DSA_free(DSA *dsa);
 
-/* DSA_up_ref increments the reference count of |dsa| and returns one. */
+// DSA_up_ref increments the reference count of |dsa| and returns one.
 OPENSSL_EXPORT int DSA_up_ref(DSA *dsa);
 
 
-/* Properties. */
+// Properties.
 
-/* DSA_get0_key sets |*out_pub_key| and |*out_priv_key|, if non-NULL, to |dsa|'s
- * public and private key, respectively. If |dsa| is a public key, the private
- * key will be set to NULL. */
+// DSA_get0_key sets |*out_pub_key| and |*out_priv_key|, if non-NULL, to |dsa|'s
+// public and private key, respectively. If |dsa| is a public key, the private
+// key will be set to NULL.
 OPENSSL_EXPORT void DSA_get0_key(const DSA *dsa, const BIGNUM **out_pub_key,
                                  const BIGNUM **out_priv_key);
 
-/* DSA_get0_pqg sets |*out_p|, |*out_q|, and |*out_g|, if non-NULL, to |dsa|'s
- * p, q, and g parameters, respectively. */
+// DSA_get0_pqg sets |*out_p|, |*out_q|, and |*out_g|, if non-NULL, to |dsa|'s
+// p, q, and g parameters, respectively.
 OPENSSL_EXPORT void DSA_get0_pqg(const DSA *dsa, const BIGNUM **out_p,
                                  const BIGNUM **out_q, const BIGNUM **out_g);
 
-
-/* Parameter generation. */
-
-/* DSA_generate_parameters_ex generates a set of DSA parameters by following
- * the procedure given in FIPS 186-4, appendix A.
- * (http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf)
- *
- * The larger prime will have a length of |bits| (e.g. 2048). The |seed| value
- * allows others to generate and verify the same parameters and should be
- * random input which is kept for reference. If |out_counter| or |out_h| are
- * not NULL then the counter and h value used in the generation are written to
- * them.
- *
- * The |cb| argument is passed to |BN_generate_prime_ex| and is thus called
- * during the generation process in order to indicate progress. See the
- * comments for that function for details. In addition to the calls made by
- * |BN_generate_prime_ex|, |DSA_generate_parameters_ex| will call it with
- * |event| equal to 2 and 3 at different stages of the process.
- *
- * It returns one on success and zero otherwise. */
+// DSA_set0_key sets |dsa|'s public and private key to |pub_key| and |priv_key|,
+// respectively, if non-NULL. On success, it takes ownership of each argument
+// and returns one. Otherwise, it returns zero.
+//
+// |priv_key| may be NULL, but |pub_key| must either be non-NULL or already
+// configured on |dsa|.
+OPENSSL_EXPORT int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key);
+
+// DSA_set0_pqg sets |dsa|'s parameters to |p|, |q|, and |g|, if non-NULL, and
+// takes ownership of them. On success, it takes ownership of each argument and
+// returns one. Otherwise, it returns zero.
+//
+// Each argument must either be non-NULL or already configured on |dsa|.
+OPENSSL_EXPORT int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+
+
+// Parameter generation.
+
+// DSA_generate_parameters_ex generates a set of DSA parameters by following
+// the procedure given in FIPS 186-4, appendix A.
+// (http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf)
+//
+// The larger prime will have a length of |bits| (e.g. 2048). The |seed| value
+// allows others to generate and verify the same parameters and should be
+// random input which is kept for reference. If |out_counter| or |out_h| are
+// not NULL then the counter and h value used in the generation are written to
+// them.
+//
+// The |cb| argument is passed to |BN_generate_prime_ex| and is thus called
+// during the generation process in order to indicate progress. See the
+// comments for that function for details. In addition to the calls made by
+// |BN_generate_prime_ex|, |DSA_generate_parameters_ex| will call it with
+// |event| equal to 2 and 3 at different stages of the process.
+//
+// It returns one on success and zero otherwise.
 OPENSSL_EXPORT int DSA_generate_parameters_ex(DSA *dsa, unsigned bits,
                                               const uint8_t *seed,
                                               size_t seed_len, int *out_counter,
                                               unsigned long *out_h,
                                               BN_GENCB *cb);
 
-/* DSAparams_dup returns a freshly allocated |DSA| that contains a copy of the
- * parameters from |dsa|. It returns NULL on error. */
+// DSAparams_dup returns a freshly allocated |DSA| that contains a copy of the
+// parameters from |dsa|. It returns NULL on error.
 OPENSSL_EXPORT DSA *DSAparams_dup(const DSA *dsa);
 
 
-/* Key generation. */
+// Key generation.
 
-/* DSA_generate_key generates a public/private key pair in |dsa|, which must
- * already have parameters setup. It returns one on success and zero on
- * error. */
+// DSA_generate_key generates a public/private key pair in |dsa|, which must
+// already have parameters setup. It returns one on success and zero on
+// error.
 OPENSSL_EXPORT int DSA_generate_key(DSA *dsa);
 
 
-/* Signatures. */
+// Signatures.
 
-/* DSA_SIG_st (aka |DSA_SIG|) contains a DSA signature as a pair of integers. */
+// DSA_SIG_st (aka |DSA_SIG|) contains a DSA signature as a pair of integers.
 struct DSA_SIG_st {
   BIGNUM *r, *s;
 };
 
-/* DSA_SIG_new returns a freshly allocated, DIG_SIG structure or NULL on error.
- * Both |r| and |s| in the signature will be NULL. */
+// DSA_SIG_new returns a freshly allocated, DIG_SIG structure or NULL on error.
+// Both |r| and |s| in the signature will be NULL.
 OPENSSL_EXPORT DSA_SIG *DSA_SIG_new(void);
 
-/* DSA_SIG_free frees the contents of |sig| and then frees |sig| itself. */
+// DSA_SIG_free frees the contents of |sig| and then frees |sig| itself.
 OPENSSL_EXPORT void DSA_SIG_free(DSA_SIG *sig);
 
-/* DSA_do_sign returns a signature of the hash in |digest| by the key in |dsa|
- * and returns an allocated, DSA_SIG structure, or NULL on error. */
+// DSA_do_sign returns a signature of the hash in |digest| by the key in |dsa|
+// and returns an allocated, DSA_SIG structure, or NULL on error.
 OPENSSL_EXPORT DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len,
                                     DSA *dsa);
 
-/* DSA_do_verify verifies that |sig| is a valid signature, by the public key in
- * |dsa|, of the hash in |digest|. It returns one if so, zero if invalid and -1
- * on error.
- *
- * WARNING: do not use. This function returns -1 for error, 0 for invalid and 1
- * for valid. However, this is dangerously different to the usual OpenSSL
- * convention and could be a disaster if a user did |if (DSA_do_verify(...))|.
- * Because of this, |DSA_check_signature| is a safer version of this.
- *
- * TODO(fork): deprecate. */
+// DSA_do_verify verifies that |sig| is a valid signature, by the public key in
+// |dsa|, of the hash in |digest|. It returns one if so, zero if invalid and -1
+// on error.
+//
+// WARNING: do not use. This function returns -1 for error, 0 for invalid and 1
+// for valid. However, this is dangerously different to the usual OpenSSL
+// convention and could be a disaster if a user did |if (DSA_do_verify(...))|.
+// Because of this, |DSA_check_signature| is a safer version of this.
+//
+// TODO(fork): deprecate.
 OPENSSL_EXPORT int DSA_do_verify(const uint8_t *digest, size_t digest_len,
                                  DSA_SIG *sig, const DSA *dsa);
 
-/* DSA_do_check_signature sets |*out_valid| to zero. Then it verifies that |sig|
- * is a valid signature, by the public key in |dsa| of the hash in |digest|
- * and, if so, it sets |*out_valid| to one.
- *
- * It returns one if it was able to verify the signature as valid or invalid,
- * and zero on error. */
+// DSA_do_check_signature sets |*out_valid| to zero. Then it verifies that |sig|
+// is a valid signature, by the public key in |dsa| of the hash in |digest|
+// and, if so, it sets |*out_valid| to one.
+//
+// It returns one if it was able to verify the signature as valid or invalid,
+// and zero on error.
 OPENSSL_EXPORT int DSA_do_check_signature(int *out_valid, const uint8_t *digest,
                                           size_t digest_len, DSA_SIG *sig,
                                           const DSA *dsa);
 
 
-/* ASN.1 signatures.
- *
- * These functions also perform DSA signature operations, but deal with ASN.1
- * encoded signatures as opposed to raw |BIGNUM|s. If you don't know what
- * encoding a DSA signature is in, it's probably ASN.1. */
-
-/* DSA_sign signs |digest| with the key in |dsa| and writes the resulting
- * signature, in ASN.1 form, to |out_sig| and the length of the signature to
- * |*out_siglen|. There must be, at least, |DSA_size(dsa)| bytes of space in
- * |out_sig|. It returns one on success and zero otherwise.
- *
- * (The |type| argument is ignored.) */
+// ASN.1 signatures.
+//
+// These functions also perform DSA signature operations, but deal with ASN.1
+// encoded signatures as opposed to raw |BIGNUM|s. If you don't know what
+// encoding a DSA signature is in, it's probably ASN.1.
+
+// DSA_sign signs |digest| with the key in |dsa| and writes the resulting
+// signature, in ASN.1 form, to |out_sig| and the length of the signature to
+// |*out_siglen|. There must be, at least, |DSA_size(dsa)| bytes of space in
+// |out_sig|. It returns one on success and zero otherwise.
+//
+// (The |type| argument is ignored.)
 OPENSSL_EXPORT int DSA_sign(int type, const uint8_t *digest, size_t digest_len,
                             uint8_t *out_sig, unsigned int *out_siglen,
                             DSA *dsa);
 
-/* DSA_verify verifies that |sig| is a valid, ASN.1 signature, by the public
- * key in |dsa|, of the hash in |digest|. It returns one if so, zero if invalid
- * and -1 on error.
- *
- * (The |type| argument is ignored.)
- *
- * WARNING: do not use. This function returns -1 for error, 0 for invalid and 1
- * for valid. However, this is dangerously different to the usual OpenSSL
- * convention and could be a disaster if a user did |if (DSA_do_verify(...))|.
- * Because of this, |DSA_check_signature| is a safer version of this.
- *
- * TODO(fork): deprecate. */
+// DSA_verify verifies that |sig| is a valid, ASN.1 signature, by the public
+// key in |dsa|, of the hash in |digest|. It returns one if so, zero if invalid
+// and -1 on error.
+//
+// (The |type| argument is ignored.)
+//
+// WARNING: do not use. This function returns -1 for error, 0 for invalid and 1
+// for valid. However, this is dangerously different to the usual OpenSSL
+// convention and could be a disaster if a user did |if (DSA_do_verify(...))|.
+// Because of this, |DSA_check_signature| is a safer version of this.
+//
+// TODO(fork): deprecate.
 OPENSSL_EXPORT int DSA_verify(int type, const uint8_t *digest,
                               size_t digest_len, const uint8_t *sig,
                               size_t sig_len, const DSA *dsa);
 
-/* DSA_check_signature sets |*out_valid| to zero. Then it verifies that |sig|
- * is a valid, ASN.1 signature, by the public key in |dsa|, of the hash in
- * |digest|. If so, it sets |*out_valid| to one.
- *
- * It returns one if it was able to verify the signature as valid or invalid,
- * and zero on error. */
+// DSA_check_signature sets |*out_valid| to zero. Then it verifies that |sig|
+// is a valid, ASN.1 signature, by the public key in |dsa|, of the hash in
+// |digest|. If so, it sets |*out_valid| to one.
+//
+// It returns one if it was able to verify the signature as valid or invalid,
+// and zero on error.
 OPENSSL_EXPORT int DSA_check_signature(int *out_valid, const uint8_t *digest,
                                        size_t digest_len, const uint8_t *sig,
                                        size_t sig_len, const DSA *dsa);
 
-/* DSA_size returns the size, in bytes, of an ASN.1 encoded, DSA signature
- * generated by |dsa|. Parameters must already have been setup in |dsa|. */
+// DSA_size returns the size, in bytes, of an ASN.1 encoded, DSA signature
+// generated by |dsa|. Parameters must already have been setup in |dsa|.
 OPENSSL_EXPORT int DSA_size(const DSA *dsa);
 
 
-/* ASN.1 encoding. */
+// ASN.1 encoding.
 
-/* DSA_SIG_parse parses a DER-encoded DSA-Sig-Value structure from |cbs| and
- * advances |cbs|. It returns a newly-allocated |DSA_SIG| or NULL on error. */
+// DSA_SIG_parse parses a DER-encoded DSA-Sig-Value structure from |cbs| and
+// advances |cbs|. It returns a newly-allocated |DSA_SIG| or NULL on error.
 OPENSSL_EXPORT DSA_SIG *DSA_SIG_parse(CBS *cbs);
 
-/* DSA_SIG_marshal marshals |sig| as a DER-encoded DSA-Sig-Value and appends the
- * result to |cbb|. It returns one on success and zero on error. */
+// DSA_SIG_marshal marshals |sig| as a DER-encoded DSA-Sig-Value and appends the
+// result to |cbb|. It returns one on success and zero on error.
 OPENSSL_EXPORT int DSA_SIG_marshal(CBB *cbb, const DSA_SIG *sig);
 
-/* DSA_parse_public_key parses a DER-encoded DSA public key from |cbs| and
- * advances |cbs|. It returns a newly-allocated |DSA| or NULL on error. */
+// DSA_parse_public_key parses a DER-encoded DSA public key from |cbs| and
+// advances |cbs|. It returns a newly-allocated |DSA| or NULL on error.
 OPENSSL_EXPORT DSA *DSA_parse_public_key(CBS *cbs);
 
-/* DSA_marshal_public_key marshals |dsa| as a DER-encoded DSA public key and
- * appends the result to |cbb|. It returns one on success and zero on
- * failure. */
+// DSA_marshal_public_key marshals |dsa| as a DER-encoded DSA public key and
+// appends the result to |cbb|. It returns one on success and zero on
+// failure.
 OPENSSL_EXPORT int DSA_marshal_public_key(CBB *cbb, const DSA *dsa);
 
-/* DSA_parse_private_key parses a DER-encoded DSA private key from |cbs| and
- * advances |cbs|. It returns a newly-allocated |DSA| or NULL on error. */
+// DSA_parse_private_key parses a DER-encoded DSA private key from |cbs| and
+// advances |cbs|. It returns a newly-allocated |DSA| or NULL on error.
 OPENSSL_EXPORT DSA *DSA_parse_private_key(CBS *cbs);
 
-/* DSA_marshal_private_key marshals |dsa| as a DER-encoded DSA private key and
- * appends the result to |cbb|. It returns one on success and zero on
- * failure. */
+// DSA_marshal_private_key marshals |dsa| as a DER-encoded DSA private key and
+// appends the result to |cbb|. It returns one on success and zero on
+// failure.
 OPENSSL_EXPORT int DSA_marshal_private_key(CBB *cbb, const DSA *dsa);
 
-/* DSA_parse_parameters parses a DER-encoded Dss-Parms structure (RFC 3279)
- * from |cbs| and advances |cbs|. It returns a newly-allocated |DSA| or NULL on
- * error. */
+// DSA_parse_parameters parses a DER-encoded Dss-Parms structure (RFC 3279)
+// from |cbs| and advances |cbs|. It returns a newly-allocated |DSA| or NULL on
+// error.
 OPENSSL_EXPORT DSA *DSA_parse_parameters(CBS *cbs);
 
-/* DSA_marshal_parameters marshals |dsa| as a DER-encoded Dss-Parms structure
- * (RFC 3447) and appends the result to |cbb|. It returns one on success and
- * zero on failure. */
+// DSA_marshal_parameters marshals |dsa| as a DER-encoded Dss-Parms structure
+// (RFC 3447) and appends the result to |cbb|. It returns one on success and
+// zero on failure.
 OPENSSL_EXPORT int DSA_marshal_parameters(CBB *cbb, const DSA *dsa);
 
 
-/* Precomputation. */
+// Precomputation.
 
-/* DSA_sign_setup precomputes the message independent part of the DSA signature
- * and writes them to |*out_kinv| and |*out_r|. Returns one on success, zero on
- * error.
- *
- * TODO(fork): decide what to do with this. Since making DSA* opaque there's no
- * way for the user to install them. Also, it forces the DSA* not to be const
- * when passing to the signing function. */
+// DSA_sign_setup precomputes the message independent part of the DSA signature
+// and writes them to |*out_kinv| and |*out_r|. Returns one on success, zero on
+// error.
+//
+// TODO(fork): decide what to do with this. Since making DSA* opaque there's no
+// way for the user to install them. Also, it forces the DSA* not to be const
+// when passing to the signing function.
 OPENSSL_EXPORT int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx,
                                   BIGNUM **out_kinv, BIGNUM **out_r);
 
 
-/* Conversion. */
+// Conversion.
 
-/* DSA_dup_DH returns a |DH| constructed from the parameters of |dsa|. This is
- * sometimes needed when Diffie-Hellman parameters are stored in the form of
- * DSA parameters. It returns an allocated |DH| on success or NULL on error. */
+// DSA_dup_DH returns a |DH| constructed from the parameters of |dsa|. This is
+// sometimes needed when Diffie-Hellman parameters are stored in the form of
+// DSA parameters. It returns an allocated |DH| on success or NULL on error.
 OPENSSL_EXPORT DH *DSA_dup_DH(const DSA *dsa);
 
 
-/* ex_data functions.
- *
- * See |ex_data.h| for details. */
+// ex_data functions.
+//
+// See |ex_data.h| for details.
 
 OPENSSL_EXPORT int DSA_get_ex_new_index(long argl, void *argp,
                                         CRYPTO_EX_unused *unused,
-                                        CRYPTO_EX_dup *dup_func,
+                                        CRYPTO_EX_dup *dup_unused,
                                         CRYPTO_EX_free *free_func);
-OPENSSL_EXPORT int DSA_set_ex_data(DSA *d, int idx, void *arg);
-OPENSSL_EXPORT void *DSA_get_ex_data(const DSA *d, int idx);
+OPENSSL_EXPORT int DSA_set_ex_data(DSA *dsa, int idx, void *arg);
+OPENSSL_EXPORT void *DSA_get_ex_data(const DSA *dsa, int idx);
 
 
-/* Deprecated functions. */
+// Deprecated functions.
 
-/* d2i_DSA_SIG parses an ASN.1, DER-encoded, DSA signature from |len| bytes at
- * |*inp|. If |out_sig| is not NULL then, on exit, a pointer to the result is
- * in |*out_sig|. Note that, even if |*out_sig| is already non-NULL on entry, it
- * will not be written to. Rather, a fresh |DSA_SIG| is allocated and the
- * previous one is freed. On successful exit, |*inp| is advanced past the DER
- * structure. It returns the result or NULL on error.
- *
- * Use |DSA_SIG_parse| instead. */
+// d2i_DSA_SIG parses an ASN.1, DER-encoded, DSA signature from |len| bytes at
+// |*inp|. If |out_sig| is not NULL then, on exit, a pointer to the result is
+// in |*out_sig|. Note that, even if |*out_sig| is already non-NULL on entry, it
+// will not be written to. Rather, a fresh |DSA_SIG| is allocated and the
+// previous one is freed. On successful exit, |*inp| is advanced past the DER
+// structure. It returns the result or NULL on error.
+//
+// Use |DSA_SIG_parse| instead.
 OPENSSL_EXPORT DSA_SIG *d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp,
                                     long len);
 
-/* i2d_DSA_SIG marshals |in| to an ASN.1, DER structure. If |outp| is not NULL
- * then the result is written to |*outp| and |*outp| is advanced just past the
- * output. It returns the number of bytes in the result, whether written or not,
- * or a negative value on error.
- *
- * Use |DSA_SIG_marshal| instead. */
+// i2d_DSA_SIG marshals |in| to an ASN.1, DER structure. If |outp| is not NULL
+// then the result is written to |*outp| and |*outp| is advanced just past the
+// output. It returns the number of bytes in the result, whether written or not,
+// or a negative value on error.
+//
+// Use |DSA_SIG_marshal| instead.
 OPENSSL_EXPORT int i2d_DSA_SIG(const DSA_SIG *in, uint8_t **outp);
 
-/* d2i_DSAPublicKey parses an ASN.1, DER-encoded, DSA public key from |len|
- * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
- * is in |*out|. Note that, even if |*ou| is already non-NULL on entry, it will
- * not be written to. Rather, a fresh |DSA| is allocated and the previous one is
- * freed. On successful exit, |*inp| is advanced past the DER structure. It
- * returns the result or NULL on error.
- *
- * Use |DSA_parse_public_key| instead. */
+// d2i_DSAPublicKey parses an ASN.1, DER-encoded, DSA public key from |len|
+// bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
+// is in |*out|. Note that, even if |*ou| is already non-NULL on entry, it will
+// not be written to. Rather, a fresh |DSA| is allocated and the previous one is
+// freed. On successful exit, |*inp| is advanced past the DER structure. It
+// returns the result or NULL on error.
+//
+// Use |DSA_parse_public_key| instead.
 OPENSSL_EXPORT DSA *d2i_DSAPublicKey(DSA **out, const uint8_t **inp, long len);
 
-/* i2d_DSAPublicKey marshals a public key from |in| to an ASN.1, DER structure.
- * If |outp| is not NULL then the result is written to |*outp| and |*outp| is
- * advanced just past the output. It returns the number of bytes in the result,
- * whether written or not, or a negative value on error.
- *
- * Use |DSA_marshal_public_key| instead. */
+// i2d_DSAPublicKey marshals a public key from |in| to an ASN.1, DER structure.
+// If |outp| is not NULL then the result is written to |*outp| and |*outp| is
+// advanced just past the output. It returns the number of bytes in the result,
+// whether written or not, or a negative value on error.
+//
+// Use |DSA_marshal_public_key| instead.
 OPENSSL_EXPORT int i2d_DSAPublicKey(const DSA *in, uint8_t **outp);
 
-/* d2i_DSAPrivateKey parses an ASN.1, DER-encoded, DSA private key from |len|
- * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
- * is in |*out|. Note that, even if |*out| is already non-NULL on entry, it will
- * not be written to. Rather, a fresh |DSA| is allocated and the previous one is
- * freed. On successful exit, |*inp| is advanced past the DER structure. It
- * returns the result or NULL on error.
- *
- * Use |DSA_parse_private_key| instead. */
+// d2i_DSAPrivateKey parses an ASN.1, DER-encoded, DSA private key from |len|
+// bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
+// is in |*out|. Note that, even if |*out| is already non-NULL on entry, it will
+// not be written to. Rather, a fresh |DSA| is allocated and the previous one is
+// freed. On successful exit, |*inp| is advanced past the DER structure. It
+// returns the result or NULL on error.
+//
+// Use |DSA_parse_private_key| instead.
 OPENSSL_EXPORT DSA *d2i_DSAPrivateKey(DSA **out, const uint8_t **inp, long len);
 
-/* i2d_DSAPrivateKey marshals a private key from |in| to an ASN.1, DER
- * structure. If |outp| is not NULL then the result is written to |*outp| and
- * |*outp| is advanced just past the output. It returns the number of bytes in
- * the result, whether written or not, or a negative value on error.
- *
- * Use |DSA_marshal_private_key| instead. */
+// i2d_DSAPrivateKey marshals a private key from |in| to an ASN.1, DER
+// structure. If |outp| is not NULL then the result is written to |*outp| and
+// |*outp| is advanced just past the output. It returns the number of bytes in
+// the result, whether written or not, or a negative value on error.
+//
+// Use |DSA_marshal_private_key| instead.
 OPENSSL_EXPORT int i2d_DSAPrivateKey(const DSA *in, uint8_t **outp);
 
-/* d2i_DSAparams parses ASN.1, DER-encoded, DSA parameters from |len| bytes at
- * |*inp|. If |out| is not NULL then, on exit, a pointer to the result is in
- * |*out|. Note that, even if |*out| is already non-NULL on entry, it will not
- * be written to. Rather, a fresh |DSA| is allocated and the previous one is
- * freed. On successful exit, |*inp| is advanced past the DER structure. It
- * returns the result or NULL on error.
- *
- * Use |DSA_parse_parameters| instead. */
+// d2i_DSAparams parses ASN.1, DER-encoded, DSA parameters from |len| bytes at
+// |*inp|. If |out| is not NULL then, on exit, a pointer to the result is in
+// |*out|. Note that, even if |*out| is already non-NULL on entry, it will not
+// be written to. Rather, a fresh |DSA| is allocated and the previous one is
+// freed. On successful exit, |*inp| is advanced past the DER structure. It
+// returns the result or NULL on error.
+//
+// Use |DSA_parse_parameters| instead.
 OPENSSL_EXPORT DSA *d2i_DSAparams(DSA **out, const uint8_t **inp, long len);
 
-/* i2d_DSAparams marshals DSA parameters from |in| to an ASN.1, DER structure.
- * If |outp| is not NULL then the result is written to |*outp| and |*outp| is
- * advanced just past the output. It returns the number of bytes in the result,
- * whether written or not, or a negative value on error.
- *
- * Use |DSA_marshal_parameters| instead. */
+// i2d_DSAparams marshals DSA parameters from |in| to an ASN.1, DER structure.
+// If |outp| is not NULL then the result is written to |*outp| and |*outp| is
+// advanced just past the output. It returns the number of bytes in the result,
+// whether written or not, or a negative value on error.
+//
+// Use |DSA_marshal_parameters| instead.
 OPENSSL_EXPORT int i2d_DSAparams(const DSA *in, uint8_t **outp);
 
-/* DSA_generate_parameters is a deprecated version of
- * |DSA_generate_parameters_ex| that creates and returns a |DSA*|. Don't use
- * it. */
+// DSA_generate_parameters is a deprecated version of
+// |DSA_generate_parameters_ex| that creates and returns a |DSA*|. Don't use
+// it.
 OPENSSL_EXPORT DSA *DSA_generate_parameters(int bits, unsigned char *seed,
                                             int seed_len, int *counter_ret,
                                             unsigned long *h_ret,
@@ -390,17 +405,17 @@ OPENSSL_EXPORT DSA *DSA_generate_parameters(int bits, unsigned char *seed,
 struct dsa_st {
   long version;
   BIGNUM *p;
-  BIGNUM *q; /* == 20 */
+  BIGNUM *q;  // == 20
   BIGNUM *g;
 
-  BIGNUM *pub_key;  /* y public key */
-  BIGNUM *priv_key; /* x private key */
+  BIGNUM *pub_key;   // y public key
+  BIGNUM *priv_key;  // x private key
 
-  BIGNUM *kinv; /* Signing pre-calc */
-  BIGNUM *r;    /* Signing pre-calc */
+  BIGNUM *kinv;  // Signing pre-calc
+  BIGNUM *r;     // Signing pre-calc
 
   int flags;
-  /* Normally used to cache montgomery values */
+  // Normally used to cache montgomery values
   CRYPTO_MUTEX method_mont_lock;
   BN_MONT_CTX *method_mont_p;
   BN_MONT_CTX *method_mont_q;
@@ -410,7 +425,7 @@ struct dsa_st {
 
 
 #if defined(__cplusplus)
-}  /* extern C */
+}  // extern C
 
 extern "C++" {
 
@@ -421,7 +436,7 @@ BORINGSSL_MAKE_DELETER(DSA_SIG, DSA_SIG_free)
 
 }  // namespace bssl
 
-}  /* extern C++ */
+}  // extern C++
 
 #endif
 
@@ -433,4 +448,4 @@ BORINGSSL_MAKE_DELETER(DSA_SIG, DSA_SIG_free)
 #define DSA_R_DECODE_ERROR 105
 #define DSA_R_ENCODE_ERROR 106
 
-#endif  /* OPENSSL_HEADER_DSA_H */
+#endif  // OPENSSL_HEADER_DSA_H