Mention ROTL() is always invoked with a proper shift value, due to the way the

CAST_KEY is constructed. This is expected to reduce blood pressure in
auditors.

2 files changed, 4 insertions, 2 deletions

diff --git a/src/lib/libcrypto/cast/cast_lcl.h b/src/lib/libcrypto/cast/cast_lcl.h
index 6ae6c23d71..ad4e2fede9 100644
--- a/src/lib/libcrypto/cast/cast_lcl.h
+++ b/src/lib/libcrypto/cast/cast_lcl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cast_lcl.h,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: cast_lcl.h,v 1.11 2015/11/05 21:46:51 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -144,6 +144,7 @@
                          *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
                          *((c)++)=(unsigned char)(((l)     )&0xff))
 
+/* only invoked with 0 <= n <= 31 */
 #define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
 
 #define C_M    0x3fc
diff --git a/src/lib/libssl/src/crypto/cast/cast_lcl.h b/src/lib/libssl/src/crypto/cast/cast_lcl.h
index 6ae6c23d71..ad4e2fede9 100644
--- a/src/lib/libssl/src/crypto/cast/cast_lcl.h
+++ b/src/lib/libssl/src/crypto/cast/cast_lcl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cast_lcl.h,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: cast_lcl.h,v 1.11 2015/11/05 21:46:51 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -144,6 +144,7 @@
                          *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
                          *((c)++)=(unsigned char)(((l)     )&0xff))
 
+/* only invoked with 0 <= n <= 31 */
 #define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
 
 #define C_M    0x3fc