diff options
| -rw-r--r-- | aes-decrypt-internal.c | 6 | ||||
| -rw-r--r-- | aes-encrypt-internal.c | 6 | ||||
| -rw-r--r-- | aes-internal.h | 2 | ||||
| -rw-r--r-- | arctwo.h | 2 | ||||
| -rw-r--r-- | base16-decode.c | 1 | ||||
| -rw-r--r-- | base16-encode.c | 1 | ||||
| -rw-r--r-- | base16.h | 4 | ||||
| -rw-r--r-- | base64.h | 4 | ||||
| -rw-r--r-- | bignum-random.c | 4 | ||||
| -rw-r--r-- | bignum.c | 3 | ||||
| -rw-r--r-- | bignum.h | 1 | ||||
| -rw-r--r-- | rsa-sign.c | 2 | ||||
| -rw-r--r-- | rsa-verify.c | 1 | ||||
| -rw-r--r-- | rsa.c | 7 | ||||
| -rw-r--r-- | rsa.h | 4 | ||||
| -rw-r--r-- | sexp-transport-format.c | 3 | ||||
| -rw-r--r-- | sexp.c | 3 | ||||
| -rw-r--r-- | sexp.h | 3 |
18 files changed, 15 insertions, 42 deletions
diff --git a/aes-decrypt-internal.c b/aes-decrypt-internal.c index abb78de0..9dff1660 100644 --- a/aes-decrypt-internal.c +++ b/aes-decrypt-internal.c @@ -59,9 +59,9 @@ _nettle_aes_decrypt(const struct aes_ctx *ctx, t2 = AES_ROUND(T, w2, w1, w0, w3, ctx->keys[4*round + 2]); t3 = AES_ROUND(T, w3, w2, w1, w0, ctx->keys[4*round + 3]); - /* FIXME: We could unrolling the loop twice, to avoid these - assignments. If all eight variables fit in registers, that - should give a speedup. */ + /* We could unroll the loop twice, to avoid these + assignments. If all eight variables fit in registers, + that should give a slight speedup. */ w0 = t0; w1 = t1; w2 = t2; diff --git a/aes-encrypt-internal.c b/aes-encrypt-internal.c index ca1d803d..84ed6cff 100644 --- a/aes-encrypt-internal.c +++ b/aes-encrypt-internal.c @@ -59,9 +59,9 @@ _nettle_aes_encrypt(const struct aes_ctx *ctx, t2 = AES_ROUND(T, w2, w3, w0, w1, ctx->keys[4*round + 2]); t3 = AES_ROUND(T, w3, w0, w1, w2, ctx->keys[4*round + 3]); - /* FIXME: We could unrolling the loop twice, to avoid these - assignments. If all eight variables fit in registers, that - should give a speedup. */ + /* We could unroll the loop twice, to avoid these + assignments. If all eight variables fit in registers, + that should give a slight speedup. */ w0 = t0; w1 = t1; w2 = t2; diff --git a/aes-internal.h b/aes-internal.h index dda43d0e..a1e8d022 100644 --- a/aes-internal.h +++ b/aes-internal.h @@ -33,7 +33,7 @@ #define _aes_decrypt _nettle_aes_decrypt #define _aes_encrypt_table _nettle_aes_encrypt_table -/* Define to use only small tables. FIXME: Currently not working. */ +/* Define to use only small tables. */ #ifndef AES_SMALL # define AES_SMALL 0 #endif @@ -64,8 +64,6 @@ void arctwo_set_key (struct arctwo_ctx *ctx, unsigned length, const uint8_t *key); /* Equvivalent to arctwo_set_key_ekb, with ekb = 1024 */ -/* FIXME: Is this function really needed, and if so, what's the right - name for it? */ void arctwo_set_key_gutmann (struct arctwo_ctx *ctx, unsigned length, const uint8_t *key); diff --git a/base16-decode.c b/base16-decode.c index a76d0fe2..2689411a 100644 --- a/base16-decode.c +++ b/base16-decode.c @@ -65,7 +65,6 @@ base16_decode_single(struct base16_decode_ctx *ctx, if (src >= 0x80) return -1; - /* FIXME: This code could use more clever choices of constants. */ digit = hex_decode_table[src]; switch (digit) { diff --git a/base16-encode.c b/base16-encode.c index bc95bc90..b2267ab0 100644 --- a/base16-encode.c +++ b/base16-encode.c @@ -35,7 +35,6 @@ hex_digits[16] = "0123456789abcdef"; #define DIGIT(x) (hex_digits[(x) & 0xf]) -/* FIXME: Is this really needed? */ /* Encodes a single byte. Always stores two digits in dst[0] and dst[1]. */ void base16_encode_single(uint8_t *dst, @@ -86,8 +86,8 @@ base16_decode_single(struct base16_decode_ctx *ctx, * area before the call. *DST_LENGTH is updated to the amount of * decoded output. */ -/* FIXME: Currently results in an assertion failure if *DST_LENGTH is - * too small. Return some error instead? */ +/* Currently results in an assertion failure if *DST_LENGTH is + * too small. FIXME: Return some error instead? */ int base16_decode_update(struct base16_decode_ctx *ctx, unsigned *dst_length, @@ -133,8 +133,8 @@ base64_decode_single(struct base64_decode_ctx *ctx, * area before the call. *DST_LENGTH is updated to the amount of * decoded output. */ -/* FIXME: Currently results in an assertion failure if *DST_LENGTH is - * too small. Return some error instead? */ +/* Currently results in an assertion failure if *DST_LENGTH is + * too small. FIXME: Return some error instead? */ int base64_decode_update(struct base64_decode_ctx *ctx, unsigned *dst_length, diff --git a/bignum-random.c b/bignum-random.c index 16029216..6653dea3 100644 --- a/bignum-random.c +++ b/bignum-random.c @@ -57,8 +57,8 @@ nettle_mpz_random(mpz_t x, void *ctx, nettle_random_func random, const mpz_t n) { - /* FIXME: This leaves some bias, which may be bad for DSA. A better - * way might to generate a random number of mpz_sizeinbase(n, 2) + /* NOTE: This leaves some bias, which may be bad for DSA. A better + * way might be to generate a random number of mpz_sizeinbase(n, 2) * bits, and loop until one smaller than n is found. */ /* From Daniel Bleichenbacher (via coderpunks): @@ -120,9 +120,6 @@ nettle_mpz_get_str_256(unsigned length, uint8_t *s, const mpz_t x) mpz_init(c); mpz_com(c, x); - /* FIXME: A different trick is to complement all the limbs of c - * now. That way, nettle_mpz_to_octets need not complement each - * digit. */ assert(nettle_mpz_sizeinbase_256_u(c) <= length); nettle_mpz_to_octets(length, s, c, 0xff); @@ -46,7 +46,6 @@ nettle_mpz_sizeinbase_256_u(const mpz_t x); /* Writes an integer as length octets, using big endian byte order, * and two's complement for negative numbers. */ -/* FIXME: Change order of arguments, putting the mpz_t first? */ void nettle_mpz_get_str_256(unsigned length, uint8_t *s, const mpz_t x); @@ -60,8 +60,6 @@ rsa_private_key_clear(struct rsa_private_key *key) int rsa_private_key_prepare(struct rsa_private_key *key) { - /* FIXME: Add further sanity checks. */ - mpz_t n; /* The size of the product is the sum of the sizes of the factors, diff --git a/rsa-verify.c b/rsa-verify.c index 734eb80d..2e3b52f5 100644 --- a/rsa-verify.c +++ b/rsa-verify.c @@ -48,7 +48,6 @@ _rsa_verify(const struct rsa_public_key *key, mpz_powm(m1, s, key->e, key->n); - /* FIXME: Is it cheaper to convert m1 to a string and check that? */ res = !mpz_cmp(m, m1); mpz_clear(m1); @@ -67,13 +67,6 @@ _rsa_check_size(mpz_t n) int rsa_public_key_prepare(struct rsa_public_key *key) { - /* FIXME: Add further sanity checks, like 0 < e < n. */ -#if 0 - if ( (mpz_sgn(key->e) <= 0) - || mpz_cmp(key->e, key->n) >= 0) - return 0; -#endif - key->size = _rsa_check_size(key->n); return (key->size > 0); @@ -227,8 +227,8 @@ rsa_sha256_verify_digest(const struct rsa_public_key *key, /* RSA encryption, using PKCS#1 */ -/* FIXME: These functions uses the v1.5 padding. What should the v2 - * (OAEP) functions be called? */ +/* These functions uses the v1.5 padding. What should the v2 (OAEP) + * functions be called? */ /* Returns 1 on success, 0 on failure, which happens if the * message is too long for the key. */ diff --git a/sexp-transport-format.c b/sexp-transport-format.c index c8ac89cd..db4b1934 100644 --- a/sexp-transport-format.c +++ b/sexp-transport-format.c @@ -57,9 +57,6 @@ sexp_transport_vformat(struct nettle_buffer *buffer, if (buffer) { - /* FIXME: This assumes that data is never removed from the - * buffer. That works for the current buffer, but it would be - * nice to get rid of this restriction. */ if (!nettle_buffer_space(buffer, base64_length - length)) return 0; @@ -50,9 +50,6 @@ sexp_iterator_init(struct sexp_iterator *iterator, iterator->display = NULL; iterator->atom_length = 0; iterator->atom = NULL; - - /* FIXME: For other than canonical syntax, - * skip white space here. */ } #define EMPTY(i) ((i)->pos == (i)->length) @@ -191,9 +191,6 @@ unsigned sexp_vformat(struct nettle_buffer *buffer, const char *format, va_list args); -/* FIXME: Add argument LINE_WIDTH. If non-zero, break lines to at most - * that width. */ - unsigned sexp_transport_format(struct nettle_buffer *buffer, const char *format, ...); |