Clean code

INSTALL.md

@@ -252,3 +252,29 @@ cpack -G DEB
 make package
 ```
 
+## 生成二进制包
+
+为了保证兼容性，发布的二进制包不包含针对特定指令集的优化代码，并且不启用编译器的`-O3`优化。
+
+在正式发布之前，需要在测试平台上编译、测试、安装。验证`gmssl`命令行可以正确使用，验证`sm3_demo.c`可以正确和`-lgmssl`编译，并且可以正确输出哈希值。
+
+完成编译和测试后，在`build`目录下执行如下操作
+
+``` bash
+#!/bin/bash -x
+VERSION=3.2.0
+OS=macos
+ARCH=arm64
+mkdir build; cd build; cmake ..; make
+cmake .. -DBUILD_SHARED_LIBS=OFF; make
+mkdir gmssl-$VERSION
+cd gmssl-$VERSION
+mkdir bin; mkdir lib; mkdir include
+cp ../bin/gmssl bin
+cp -P ../bin/libgmssl* lib
+cp -r ../../include/gmssl include
+cd ..
+tar czvf gmssl-$VERSION-$OS-$ARCH.tar.gz gmssl-$VERSION
+```
+
+其中`cmake .. -DBUILD_SHARED_LIBS=OFF; make`重新生成了静态库，以及和静态库连接的`gmssl`二进制程序，因此最终打包的`gmssl`命令行不依赖系统库之外的动态库。

include/gmssl/sm3_x8_avx2.h

@@ -7,7 +7,10 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-#ifndef GMSSL_SM3_X8_AVX2_H
+// TODO: a new header for coarse-grained parallelism SM3, implemented by sm3_avx2/avx512, sm3_sve/sve2, sm3_cl
+// and used by sm3_xmss or other algors
+
+#ifndef GMSSL_SM3_X8_AVX2_H  // GMSSL_SM3_MULTI_H ?
 #define GMSSL_SM3_X8_AVX2_H
 
 #include <stdint.h>

src/asn1.c

@@ -212,7 +212,7 @@ int asn1_length_from_der(size_t *len, const uint8_t **in, size_t *inlen)
 	// check if the left input is enough for reading (d,dlen)
 	if (*inlen < *len) {
 		error_print();
-		return -2; // 特殊错误值用于 test_asn1_length() 的测试 // TODO: 修改 asn1test.c 的测试向量
+		return -2; // Special error for test_asn1_length() // TODO: fix asn1test.c test vector 			
 	}
 	return 1;
 }

src/tls13.c

@@ -29,16 +29,6 @@
 static const int tls13_ciphers[] = { TLS_cipher_sm4_gcm_sm3 };
 static size_t tls13_ciphers_count = sizeof(tls13_ciphers)/sizeof(int);
 
-/*
-int tls13_record_print(FILE *fp, const uint8_t *record,  size_t recordlen, int format, int indent)
-{
-	// 目前只支持TLCP的ECC公钥加密套件，因此不论用哪个套件解析都是一样的
-	// 如果未来支持ECDHE套件，可以将函数改为宏，直接传入 (conn->cipher_suite << 8)
-	format |= tls13_ciphers[0] << 8;
-	return tls_record_print(fp, record, recordlen, format, indent);
-}
-*/
-
 static int tls13_client_hello_exts[] = {
 	TLS_extension_supported_versions,
 	TLS_extension_padding,
@@ -201,13 +191,11 @@ int tls13_gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12],
 	return 1;
 }
 
-// 这个函数是不对的，在我们的一些情况下，加密的时候并不会组成完整的数据
+// TODO: check this func again				
 int tls13_record_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12],
 	const uint8_t seq_num[8], const uint8_t *record, size_t recordlen, size_t padding_len,
 	uint8_t *enced_record, size_t *enced_recordlen)
 {
-	// 被加密的是握手消息或者是应用层数据
-
 	if (tls13_gcm_encrypt(key, iv,
 		seq_num, record[0], record + 5, recordlen - 5, padding_len,
 		enced_record + 5, enced_recordlen) != 1) {
@@ -215,7 +203,7 @@ int tls13_record_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12],
 		return -1;
 	}
 
-	enced_record[0] = TLS_record_application_data; // 显然这个不太对啊
+	enced_record[0] = TLS_record_application_data; // FIXME, maybe other type		
 	enced_record[1] = 0x03; //TLS_protocol_tls12_major;
 	enced_record[2] = 0x03; //TLS_protocol_tls12_minor;
 	enced_record[3] = (uint8_t)((*enced_recordlen) >> 8);
@@ -254,7 +242,7 @@ int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *s
 	uint8_t *seq_num;
 	uint8_t *record = conn->record;
 	size_t recordlen;
-	size_t padding_len = 0; //FIXME: 在conn中设置是否加随机填充，及设置该值
+	size_t padding_len = 0; //FIXME: add random padding to conn			
 
 	tls_trace("send {ApplicationData}\n");
 
@@ -368,7 +356,7 @@ int tls13_do_recv(TLS_CONNECT *conn)
 		return ret;
 	}
 	tls_record_trace(stderr, record, recordlen, 0, 0);
-	// TODO: 是否需要检查record_type?  record[0] != TLS_record_application_data		
+	// TODO: do we need to check record_type?  record[0] != TLS_record_application_data		
 
 	if (tls13_gcm_decrypt(key, iv,
 		seq_num, record + 5, recordlen - 5,
@@ -665,8 +653,8 @@ int tls13_process_client_hello_exts(const uint8_t *exts, size_t extslen,
 
 		switch (ext_type) {
 		/*
-		// tls13_process_client_hello_exts 的接口需要处理，部分输出要输出到server_exts中			
+		// tls13_process_client_hello_exts API should be fixed, output some exts to server_exts中			
-		case TLS_extension_supported_groups: // 这个应该放在EE里面
+		case TLS_extension_supported_groups: // should be in EE
 			if (tls_process_client_supported_groups(ext_data, ext_datalen, NULL, &len) != 1
 				|| len > server_exts_maxlen) {
 				error_print();
@@ -674,7 +662,7 @@ int tls13_process_client_hello_exts(const uint8_t *exts, size_t extslen,
 			}
 			tls_process_client_supported_groups(ext_data, ext_datalen, &server_exts, server_exts_len);
 			break;
-		case TLS_extension_signature_algorithms: // client单方面通知就可以了，服务器不需要响应
+		case TLS_extension_signature_algorithms: // client notify, server no need to response
 			if (tls_process_client_signature_algorithms(ext_data, ext_datalen, NULL, &len) != 1
 				|| len > server_exts_maxlen) {
 				error_print();
@@ -740,7 +728,7 @@ int tls_client_key_shares_from_bytes(SM2_Z256_POINT *sm2_point, const uint8_t **
 	return 1;
 }
 
-// 这个函数不是太正确，应该也是一个process
+// FIXME: should be a process function
 int tls13_server_hello_extensions_get(const uint8_t *exts, size_t extslen, SM2_Z256_POINT *sm2_point)
 {
 	uint16_t version;
@@ -771,7 +759,7 @@ int tls13_server_hello_extensions_get(const uint8_t *exts, size_t extslen, SM2_Z
 			}
 			break;
 		//default:
-			// FIXME: 还有几个扩展没有处理！
+			// FIXME: not all exts handled			
 			//error_print();
 			//return -1;
 		}

tools/tlcp_client.c

@@ -1,4 +1,4 @@
-/*
+/*
  *  Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
@@ -254,9 +254,9 @@ bad:
 		FD_SET(conn.sock, &fds);
 		if (read_stdin)
 #ifdef WIN32
-			FD_SET(_fileno, &fds);
+			FD_SET(_fileno, &fds); // in WIN32, first arg type is SOCKET, maybe typedef of uint 
 #else
-			FD_SET(STDIN_FILENO, &fds);
+			FD_SET(STDIN_FILENO, &fds); // in POSIX, first arg type is int
 #endif
 		if (select(conn.sock + 1, &fds, NULL, NULL, NULL) < 0) {
 			fprintf(stderr, "%s: select error\n", prog);