#include <openssl/x509.h>
#include <openssl/pem.h>
-/* -inform arg - input format - default PEM (DER or PEM)
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
* -in arg - input file - default stdin
* -i - indent the details by depth
* -offset - where in the file to start
return str;
}
-/* Convert revocation field to X509_REVOKED entry
+/*-
+ * Convert revocation field to X509_REVOKED entry
* return code:
* 0 error
* 1 OK
#undef PROG
#define PROG crl2pkcs7_main
-/* -inform arg - input format - default PEM (DER or PEM)
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
#undef PROG
#define PROG dh_main
-/* -inform arg - input format - default PEM (DER or PEM)
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
#define DEFBITS 2048
-/* -inform arg - input format - default PEM (DER or PEM)
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
#undef PROG
#define PROG dsa_main
-/* -inform arg - input format - default PEM (one of DER, NET or PEM)
+/*-
+ * -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
#undef PROG
#define PROG dsaparam_main
-/* -inform arg - input format - default PEM (DER or PEM)
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
#undef PROG
#define PROG ec_main
-/* -inform arg - input format - default PEM (one of DER, NET or PEM)
+/*-
+ * -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
#undef PROG
#define PROG ecparam_main
-/* -inform arg - input format - default PEM (DER or PEM)
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
long errline;
#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
- /* 2011-03-22 SMS.
+ /*-
+ * 2011-03-22 SMS.
* If we have 32-bit pointers everywhere, then we're safe, and
* we bypass this mess, as on non-VMS systems. (See ARGV,
* above.)
char *passwd, BIO *out, int quiet, int table, int reverse,
size_t pw_maxlen, int usecrypt, int use1, int useapr1);
-/* -crypt - standard Unix password algorithm (default)
+/*-
+ * -crypt - standard Unix password algorithm (default)
* -1 - MD5-based password algorithm
* -apr1 - MD5-based password algorithm, Apache variant
* -salt string - salt
#undef PROG
#define PROG rand_main
-/* -out file - write to file
+/*-
+ * -out file - write to file
* -rand file:file - PRNG seed files
* -base64 - base64 encode output
* -hex - hex encode output
#undef PROG
#define PROG req_main
-/* -inform arg - input format - default PEM (DER or PEM)
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
#undef PROG
#define PROG rsa_main
-/* -inform arg - input format - default PEM (one of DER, NET or PEM)
+/*-
+ * -inform arg - input format - default PEM (one of DER, NET or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
return(0);
}
-/*
+/*-
ling.l_onoff=1;
ling.l_linger=0;
i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
#undef PROG
#define PROG spkac_main
-/* -in arg - input file - default stdin
+/*-
+ * -in arg - input file - default stdin
* -out arg - output file - default stdout
*/
static int MS_CALLBACK verify_cb(int ok, X509_STORE_CTX *ctx)
{
- /*
+ /*-
char buf[256];
if (!ok)
#ifdef USE_DECC_INIT
-/*
+/*-
* 2010-04-26 SMS.
*
*----------------------------------------------------------------------
#include "aes_locl.h"
#ifndef AES_ASM
-/*
+/*-
Te0[x] = S [x].[02, 01, 01, 03];
Te1[x] = S [x].[03, 02, 01, 01];
Te2[x] = S [x].[01, 03, 02, 01];
})
# endif
#endif
-/*
+/*-
Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03];
Te0[x] = S [x].[02, 01, 01, 03];
Te1[x] = S [x].[03, 02, 01, 01];
#define Te1 (u32)((u64*)((u8*)Te+3))
#define Te2 (u32)((u64*)((u8*)Te+2))
#define Te3 (u32)((u64*)((u8*)Te+1))
-/*
+/*-
Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b];
Td0[x] = Si[x].[0e, 09, 0d, 0b];
Td1[x] = Si[x].[0b, 0e, 09, 0d];
signature);
if (rv == 1)
outl = signature->length;
- /* Return value meanings:
+ /*-
+ * Return value meanings:
* <=0: error.
* 1: method does everything.
* 2: carry on as normal.
*/
-/* This is an implementation of the ASN1 Time structure which is:
+/*-
+ * This is an implementation of the ASN1 Time structure which is:
* Time ::= CHOICE {
* utcTime UTCTime,
* generalTime GeneralizedTime }
/* UTF8 utilities */
-/* This parses a UTF8 string one character at a time. It is passed a pointer
+/*-
+ * This parses a UTF8 string one character at a time. It is passed a pointer
* to the string and the length of the string. It sets 'value' to the value of
* the current character. It returns the number of characters read or a
* negative error code:
TYPEDEF_D2I2D_OF(void);
-/* The following macros and typedefs allow an ASN1_ITEM
+/*-
+ * The following macros and typedefs allow an ASN1_ITEM
* to be embedded in a structure and referenced. Since
* the ASN1_ITEM pointers need to be globally accessible
* (possibly from shared libraries) they may exist in
/* This is a ASN1 type which just embeds a template */
-/* This pair helps declare a SEQUENCE. We can do:
+/*-
+ * This pair helps declare a SEQUENCE. We can do:
*
* ASN1_SEQUENCE(stname) = {
* ... SEQUENCE components ...
ASN1_ITEM_end(tname)
-/* This pair helps declare a CHOICE type. We can do:
+/*-
+ * This pair helps declare a CHOICE type. We can do:
*
* ASN1_CHOICE(chname) = {
* ... CHOICE options ...
#include <openssl/asn1t.h>
#include <openssl/x509.h>
-/* X509_ATTRIBUTE: this has the following form:
+/*-
+ * X509_ATTRIBUTE: this has the following form:
*
* typedef struct x509_attributes_st
* {
#include <openssl/asn1t.h>
#include <openssl/x509.h>
-/* X509_REQ_INFO is handled in an unusual way to get round
+/*-
+ * X509_REQ_INFO is handled in an unusual way to get round
* invalid encodings. Some broken certificate requests don't
* encode the attributes field if it is empty. This is in
* violation of PKCS#10 but we need to tolerate it. We do
#define BF_ENCRYPT 1
#define BF_DECRYPT 0
-/*
+/*-
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
* ! BF_LONG_LOG2 has to be defined along. !
* on all source code distributions.
*/
-/*
+/*-
* This code contains numerious changes and enhancements which were
* made by lots of contributors over the last years to Patrick Powell's
* original code:
#define BIO_GHBN_CTRL_FLUSH 5
/* Mostly used in the SSL BIO */
-/* Not used anymore
+/*-
+ * Not used anymore
* #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
* #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
* #define BIO_FLAGS_PROTOCOL_STARTUP 0x40
typedef struct bio_f_buffer_ctx_struct
{
- /* Buffers are setup like this:
+ /*-
+ * Buffers are setup like this:
*
* <---------------------- size ----------------------->
* +---------------------------------------------------+
int datalen);
struct hostent *BIO_gethostbyname(const char *name);
-/* We might want a thread-safe interface too:
+/*-
+ * We might want a thread-safe interface too:
* struct hostent *BIO_gethostbyname_r(const char *name,
* struct hostent *result, void *buffer, size_t buflen);
* or something similar (caller allocates a struct hostent,
ret=(long)data->bind_mode;
break;
case BIO_CTRL_DUP:
-/* dbio=(BIO *)ptr;
+/*- dbio=(BIO *)ptr;
if (data->param_port) EAY EAY
BIO_set_port(dbio,data->param_port);
if (data->param_hostname)
return size;
}
-/* non-copying interface: provide pointer to available data in buffer
+/*-
+ * non-copying interface: provide pointer to available data in buffer
* bio_nread0: return number of available bytes
* bio_nread: also advance index
* (example usage: bio_nread0(), read from buffer, bio_nread()
return num;
}
-/* non-copying interface: provide pointer to region to write to
+/*-
+ * non-copying interface: provide pointer to region to write to
* bio_nwrite0: check how much space is available
* bio_nwrite: also increase length
* (example usage: bio_nwrite0(), write to buffer, bio_nwrite()
#if !(defined(__GNUC__) && __GNUC__>=2)
# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
#else
-/*
+/*-
* x86_64 BIGNUM accelerator version 0.1, December 2002.
*
* Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
#undef mul
#undef mul_add
-/*
+/*-
* "m"(a), "+m"(r) is the way to favor DirectPath µ-code;
* "g"(0) let the compiler to decide where does it
* want to keep the value of zero;
bn_check_top(a);
bn_check_top(b);
- /* a + b a+b
+ /*-
+ * a + b a+b
* a + -b a-b
* -a + b b-a
* -a + -b -(a+b)
bn_check_top(a);
bn_check_top(b);
- /* a - b a-b
+ /*-
+ * a - b a-b
* a - -b a+b
* -a - b -(a+b)
* -a - -b b-a
#endif /* OPENSSL_NO_ASM */
-/* BN_div computes dv := num / divisor, rounding towards
+/*-
+ * BN_div computes dv := num / divisor, rounding towards
* zero, and sets up rm such that dv*divisor + rm = num holds.
* Thus:
* dv->neg == num->neg ^ divisor->neg (unless the result is zero)
bn_check_top(p);
bn_check_top(m);
- /* For even modulus m = 2^k*m_odd, it might make sense to compute
+ /*-
+ * For even modulus m = 2^k*m_odd, it might make sense to compute
* a^p mod m_odd and a^p mod 2^k separately (with Montgomery
* exponentiation for the odd part), using appropriate exponent
* reductions, and combine the results using the CRT.
if (!BN_nnmod(B, B, A, ctx)) goto err;
}
sign = -1;
- /* From B = a mod |n|, A = |n| it follows that
+ /*-
+ * From B = a mod |n|, A = |n| it follows that
*
* 0 <= B < A,
* -sign*X*a == B (mod |n|),
while (!BN_is_zero(B))
{
- /*
+ /*-
* 0 < B < |n|,
* 0 < A <= |n|,
* (1) -sign*X*a == B (mod |n|),
}
- /* We still have (1) and (2).
+ /*-
+ * We still have (1) and (2).
* Both A and B are odd.
* The following computations ensure that
*
{
BIGNUM *tmp;
- /*
+ /*-
* 0 < B < A,
* (*) -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|)
if (!BN_div(D,M,A,B,ctx)) goto err;
}
- /* Now
+ /*-
+ * Now
* A = D*B + M;
* thus we have
* (**) sign*Y*a == D*B + M (mod |n|).
B=M;
/* ... so we have 0 <= B < A again */
- /* Since the former M is now B and the former B is now A,
+ /*-
+ * Since the former M is now B and the former B is now A,
* (**) translates into
* sign*Y*a == D*A + B (mod |n|),
* i.e.
}
}
- /*
+ /*-
* The while loop (Euclid's algorithm) ends when
* A == gcd(a,n);
* we have
if (!BN_nnmod(B, pB, A, ctx)) goto err;
}
sign = -1;
- /* From B = a mod |n|, A = |n| it follows that
+ /*-
+ * From B = a mod |n|, A = |n| it follows that
*
* 0 <= B < A,
* -sign*X*a == B (mod |n|),
{
BIGNUM *tmp;
- /*
+ /*-
* 0 < B < A,
* (*) -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|)
/* (D, M) := (A/B, A%B) ... */
if (!BN_div(D,M,pA,B,ctx)) goto err;
- /* Now
+ /*-
+ * Now
* A = D*B + M;
* thus we have
* (**) sign*Y*a == D*B + M (mod |n|).
B=M;
/* ... so we have 0 <= B < A again */
- /* Since the former M is now B and the former B is now A,
+ /*-
+ * Since the former M is now B and the former B is now A,
* (**) translates into
* sign*Y*a == D*A + B (mod |n|),
* i.e.
sign = -sign;
}
- /*
+ /*-
* The while loop (Euclid's algorithm) ends when
* A == gcd(a,n);
* we have
extern "C" {
#endif
-/* Bignum consistency macros
+/*-
+ * Bignum consistency macros
* There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
* bignum data after direct manipulations on the data. There is also an
* "internal" macro, bn_check_top(), for verifying that there are no leading
};
-/*
+/*-
* BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
*
*
/* This stuff appears to be completely unused, so is deprecated */
#ifndef OPENSSL_NO_DEPRECATED
-/* For a 32 bit machine
+/*-
+ * For a 32 bit machine
* 2 - 4 == 128
* 3 - 8 == 256
* 4 - 16 == 512
/* Karatsuba recursive multiplication algorithm
* (cf. Knuth, The Art of Computer Programming, Vol. 2) */
-/* r is 2*n2 words in size,
+/*-
+ * r is 2*n2 words in size,
* a and b are both n2 words in size.
* n2 must be a power of 2.
* We multiply and return the result.
bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p);
}
- /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+ /*-
+ * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
*/
c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
}
- /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+ /*-
+ * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
* c1 holds the carry bits
}
}
- /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+ /*-
+ * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
*/
c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
}
- /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+ /*-
+ * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
* c1 holds the carry bits
}
}
-/* a and b must be the same size, which is n2.
+/*-
+ * a and b must be the same size, which is n2.
* r needs to be n2 words and t needs to be n2*2
*/
void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
}
}
-/* a and b must be the same size, which is n2.
+/*-
+ * a and b must be the same size, which is n2.
* r needs to be n2 words and t needs to be n2*2
* l is the low words of the output.
* t needs to be n2*3
bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2]));
}
- /* s0 == low(al*bl)
+ /*-
+ * s0 == low(al*bl)
* s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
* We know s0 and s1 so the only unknown is high(al*bl)
* high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
lp[i]=((~mp[i])+1)&BN_MASK2;
}
- /* s[0] = low(al*bl)
+ /*-
+ * s[0] = low(al*bl)
* t[3] = high(al*bl)
* t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
* r[10] = (a[1]*b[1])
*/
- /* R[10] = al*bl
+ /*-
+ * R[10] = al*bl
* R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
* R[32] = ah*bh
*/
- /* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
+ /*-
+ * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
* R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
* R[3]=r[1]+(carry/borrow)
*/
{
BN_ULONG rnd_word = BN_get_word(rnd);
- /* In the case that the candidate prime is a single word then
+ /*-
+ * In the case that the candidate prime is a single word then
* we check that:
* 1) It's greater than primes[i] because we shouldn't reject
* 3 as being a prime number because it's a multiple of
* 2) That it's not a multiple of a known prime. We don't
* check that rnd-1 is also coprime to all the known
* primes because there aren't many small primes where
- * that's true. */
+ * that's true.
+ */
for (i=1; i<NUMPRIMES && primes[i]<rnd_word; i++)
{
if ((mods[i]+delta)%primes[i] == 0)
i,ctx); /* BN_reciprocal returns i, or -1 for an error */
if (recp->shift == -1) goto err;
- /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+ /*-
+ * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
* = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
* <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
* = |m/N|
}
#ifdef BN_RECURSION
-/* r is 2*n words in size,
+/*-
+ * r is 2*n words in size,
* a and b are both n words in size. (There's not actually a 'b' here ...)
* n must be a power of 2.
* We multiply and return the result.
bn_sqr_recursive(r,a,n,p);
bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
- /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+ /*-
+ * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
* r[10] holds (a[0]*b[0])
* r[32] holds (b[1]*b[1])
*/
/* t[32] is negative */
c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
- /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+ /*-
+ * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
* r[10] holds (a[0]*a[0])
* r[32] holds (a[1]*a[1])
* c1 holds the carry bits
if (e == 1)
{
- /* The easy case: (|p|-1)/2 is odd, so 2 has an inverse
+ /*-
+ * The easy case: (|p|-1)/2 is odd, so 2 has an inverse
* modulo (|p|-1)/2, and square roots can be computed
* directly by modular exponentiation.
* We have
if (e == 2)
{
- /* |p| == 5 (mod 8)
+ /*-
+ * |p| == 5 (mod 8)
*
* In this case 2 is always a non-square since
* Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime.
goto end;
}
- /* Now we know that (if p is indeed prime) there is an integer
+ /*-
+ * Now we know that (if p is indeed prime) there is an integer
* k, 0 <= k < 2^e, such that
*
* a^q * y^k == 1 (mod p).
while (1)
{
- /* Now b is a^q * y^k for some even k (0 <= k < 2^E
+ /*-
+ * Now b is a^q * y^k for some even k (0 <= k < 2^E
* where E refers to the original value of e, which we
* don't keep in a variable), and x is a^((q+1)/2) * y^(k/2).
*
}
e++;
}
- /* So at this point we have
+ /*-
+ * So at this point we have
* np which is the start of the name string which is
* '\0' terminated.
* cp which is the start of the section string which is
/* crypto/constant_time_locl.h */
-/*
+/*-
* Utilities for constant-time cryptography.
*
* Author: Emilia Kasper (emilia@openssl.org)
extern "C" {
#endif
-/*
+/*-
* The boolean methods return a bitmask of all ones (0xff...f) for true
* and 0 for false. This is useful for choosing a value based on the result
* of a conditional in constant time. For example,
static inline unsigned char constant_time_eq_int_8(int a, int b);
-/*
+/*-
* Returns (mask & a) | (~mask & b).
*
* When |mask| is all 1s or all 0s (as returned by the methods above),
/* crypto/constant_time_test.c */
-/*
+/*-
* Utilities for constant-time cryptography.
*
* Author: Emilia Kasper (emilia@openssl.org)
void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
void CRYPTO_dbg_free(void *addr,int before_p);
-/* Tell the debugging code about options. By default, the following values
+/*-
+ * Tell the debugging code about options. By default, the following values
* apply:
*
* 0: Clear all options.
#endif
#endif
- /* IP and FP
+ /*-
+ * IP and FP
* The problem is more of a geometric problem that random bit fiddling.
0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+/*-
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
* The function names in here are deprecated and are only present to
* provide an interface compatible with openssl 0.9.6 and older as
DES_ENCRYPT);
DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
&iv3,&iv2,DES_ENCRYPT);
- /* if (memcmp(cbc_out,cbc3_ok,
+ /*- if (memcmp(cbc_out,cbc3_ok,
(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
{
printf("des_ede3_cbc_encrypt encrypt error\n");
OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode,DES_PCBC_MODE)
-/*
+/*-
* WARNINGS:
*
* - The data format used by DES_enc_write() and DES_enc_read()
#include "des_locl.h"
#include <openssl/rand.h>
-/*
+/*-
* WARNINGS:
*
* - The data format used by DES_enc_write() and DES_enc_read()
/* crypto/des/ncbc_enc.c */
-/*
+/*-
* #included by:
* cbc_enc.c (DES_cbc_encrypt)
* des_enc.c (DES_ncbc_encrypt)
*/
/* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */
-/*
+/*-
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
* unrestricted use provided that this legend is included on all tape
* media and as a part of the software program in whole or part. Users
return(1);
}
-/* Weak and semi week keys as take from
+/*-
+ * Weak and semi week keys as take from
* %A D.W. Davies
* %A W.L. Price
* %T Security for Computer Networks
{
return(DES_set_key(key,schedule));
}
-/*
+/*-
#undef des_fixup_key_parity
void des_fixup_key_parity(des_cblock *key)
{
#include <openssl/bn.h>
#include <openssl/dh.h>
-/* Check that p is a safe prime and
+/*-
+ * Check that p is a safe prime and
* if g is 2, 3 or 5, check that it is a suitable generator
* where
* for 2, p mod 24 == 11
return dh_builtin_genparams(ret, prime_len, generator, cb);
}
-/* We generate DH parameters as follows
+/*-
+ * We generate DH parameters as follows
* find a prime q which is prime_len/2 bits long.
* p=(2*q)+1 or (p-1)/2 = q
* For this case, g is a generator if
goto decerr;
if (sk_ASN1_TYPE_num(ndsa) != 2)
goto decerr;
- /* Handle Two broken types:
+ /*-
+ * Handle Two broken types:
* SEQUENCE {parameters, priv_key}
* SEQUENCE {pub_key, priv_key}
*/
}
/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
+/*-
+ * returns
* 1: correct signature
* 0: incorrect signature
* -1: error
NULL
};
-/* These macro wrappers replace attempts to use the dsa_mod_exp() and
+/*-
+ * These macro wrappers replace attempts to use the dsa_mod_exp() and
* bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
* having a the macro work as an expression by bundling an "err_instr". So;
*
goto err;
}
- /* A file specification may look like this:
+ /*-
+ * A file specification may look like this:
*
* node::dev:[dir-spec]name.type;ver
*
typedef struct ec_method_st EC_METHOD;
typedef struct ec_group_st
- /*
+ /*-
EC_METHOD *meth;
-- field definition
-- curve coefficients
return ret;
}
-/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
+/*-
+ * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
* using Montgomery point multiplication algorithm Mxy() in appendix of
* Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
* GF(2^m) without precomputation" (CHES '99, LNCS 1717).
}
-/* Computes scalar*point and stores the result in r.
+/*-
+ * Computes scalar*point and stores the result in r.
* point can not equal r.
* Uses a modified algorithm 2P of
* Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
}
-/* Computes the sum
+/*-
+ * Computes the sum
* scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
* gracefully ignoring NULL scalar values.
*/
lh = BN_CTX_get(ctx);
if (lh == NULL) goto err;
- /* We have a curve defined by a Weierstrass equation
+ /*-
+ * We have a curve defined by a Weierstrass equation
* y^2 + x*y = x^3 + a*x^2 + b.
* <=> x^3 + a*x^2 + x*y + b + y^2 = 0
* <=> ((x + a) * x + y ) * x + b + y^2 = 0
}
-/* Indicates whether two points are equal.
+/*-
+ * Indicates whether two points are equal.
* Return values:
* -1 error
* 0 equal (in affine coordinates)
void (*point_clear_finish)(EC_POINT *);
int (*point_copy)(EC_POINT *, const EC_POINT *);
- /* used by EC_POINT_set_to_infinity,
+ /*-
+ * used by EC_POINT_set_to_infinity,
* EC_POINT_set_Jprojective_coordinates_GFp,
* EC_POINT_get_Jprojective_coordinates_GFp,
* EC_POINT_set_affine_coordinates_GFp, ..._GF2m,
if (!(tmp = EC_POINT_new(group)))
goto err;
- /* prepare precomputed values:
+ /*-
+ * prepare precomputed values:
* val_sub[i][0] := points[i]
* val_sub[i][1] := 3 * points[i]
* val_sub[i][2] := 5 * points[i]
}
-/* ec_wNAF_precompute_mult()
+/*-
+ * ec_wNAF_precompute_mult()
* creates an EC_PRE_COMP object with preprecomputed multiples of the generator
* for use with wNAF splitting as implemented in ec_wNAF_mul().
*
/******************************************************************************/
-/* INTERNAL REPRESENTATION OF FIELD ELEMENTS
+/*-
+ * INTERNAL REPRESENTATION OF FIELD ELEMENTS
*
* Field elements are represented as a_0 + 2^56*a_1 + 2^112*a_2 + 2^168*a_3
* using 64-bit coefficients called 'limbs',
0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34}
};
-/* Precomputed multiples of the standard generator
+/*-
+ * Precomputed multiples of the standard generator
* Points are given in coordinates (X, Y, Z) where Z normally is 1
* (0 for the point at infinity).
* For each field element, slice a_0 is word 0, etc.
/* output[3] <= 2^56 + 2^16 */
out[2] = output[2] & 0x00ffffffffffffff;
- /* out[0] < 2^56, out[1] < 2^56, out[2] < 2^56,
+ /*-
+ * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56,
* out[3] <= 2^56 + 2^16 (due to final carry),
- * so out < 2*p */
+ * so out < 2*p
+ */
out[3] = output[3];
}
*
*/
-/* Double an elliptic curve point:
+/*-
+ * Double an elliptic curve point:
* (X', Y', Z') = 2 * (X, Y, Z), where
* X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2
* Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2
* Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z
* Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed,
- * while x_out == y_in is not (maybe this works, but it's not tested). */
+ * while x_out == y_in is not (maybe this works, but it's not tested).
+ */
static void
point_double(felem x_out, felem y_out, felem z_out,
const felem x_in, const felem y_in, const felem z_in)
felem_reduce(y_out, tmp);
}
-/* Add two elliptic curve points:
+/*-
+ * Add two elliptic curve points:
* (X_1, Y_1, Z_1) + (X_2, Y_2, Z_2) = (X_3, Y_3, Z_3), where
* X_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1)^2 - (Z_1^2 * X_2 - Z_2^2 * X_1)^3 -
* 2 * Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2
felem_scalar(ftmp5, 2);
/* ftmp5[i] < 2 * 2^57 = 2^58 */
- /* x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 -
- 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */
+ /*-
+ * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 -
+ * 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2
+ */
felem_diff_128_64(tmp2, ftmp5);
/* tmp2[i] < 2^117 + 2^64 + 8 < 2^118 */
felem_reduce(x_out, tmp2);
felem_mul(tmp2, ftmp3, ftmp2);
/* tmp2[i] < 4 * 2^57 * 2^59 = 2^118 */
- /* y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) -
- z2^3*y1*(z1^2*x2 - z2^2*x1)^3 */
+ /*-
+ * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) -
+ * z2^3*y1*(z1^2*x2 - z2^2*x1)^3
+ */
widefelem_diff(tmp2, tmp);
/* tmp2[i] < 2^118 + 2^120 < 2^121 */
felem_reduce(y_out, tmp2);
0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5}
};
-/* The representation of field elements.
+/*-
+ * The representation of field elements.
* ------------------------------------
*
* We represent field elements with either four 128-bit values, eight 128-bit
/* zero105 is 0 mod p */
static const felem zero105 = { two105m41m9, two105, two105m41p9, two105m41p9 };
-/* smallfelem_neg sets |out| to |-small|
+/*-
+ * smallfelem_neg sets |out| to |-small|
* On exit:
* out[i] < out[i] + 2^105
*/
out[3] = zero105[3] - small[3];
}
-/* felem_diff subtracts |in| from |out|
+/*-
+ * felem_diff subtracts |in| from |out|
* On entry:
* in[i] < 2^104
* On exit:
/* zero107 is 0 mod p */
static const felem zero107 = { two107m43m11, two107, two107m43p11, two107m43p11 };
-/* An alternative felem_diff for larger inputs |in|
+/*-
+ * An alternative felem_diff for larger inputs |in|
* felem_diff_zero107 subtracts |in| from |out|
* On entry:
* in[i] < 2^106
out[3] -= in[3];
}
-/* longfelem_diff subtracts |in| from |out|
+/*-
+ * longfelem_diff subtracts |in| from |out|
* On entry:
* in[i] < 7*2^67
* On exit:
/* zero110 is 0 mod p */
static const felem zero110 = { two64m0, two110p32m0, two64m46, two64m32 };
-/* felem_shrink converts an felem into a smallfelem. The result isn't quite
+/*-
+ * felem_shrink converts an felem into a smallfelem. The result isn't quite
* minimal as the value may be greater than p.
*
* On entry:
/* As tmp[3] < 2^65, high is either 1 or 0 */
high <<= 63;
high >>= 63;
- /* high is:
+ /*-
+ * high is:
* all ones if the high word of tmp[3] is 1
* all zeros if the high word of tmp[3] if 0 */
low = tmp[3];
mask = low >> 63;
- /* mask is:
+ /*-
+ * mask is:
* all ones if the MSB of low is 1
* all zeros if the MSB of low if 0 */
low &= bottom63bits;
/* if low was greater than kPrime3Test then the MSB is zero */
low = ~low;
low >>= 63;
- /* low is:
+ /*-
+ * low is:
* all ones if low was > kPrime3Test
* all zeros if low was <= kPrime3Test */
mask = (mask & low) | high;
out[3] = in[3];
}
-/* smallfelem_square sets |out| = |small|^2
+/*-
+ * smallfelem_square sets |out| = |small|^2
* On entry:
* small[i] < 2^64
* On exit:
out[7] = high;
}
-/* felem_square sets |out| = |in|^2
+/*-
+ * felem_square sets |out| = |in|^2
* On entry:
* in[i] < 2^109
* On exit:
smallfelem_square(out, small);
}
-/* smallfelem_mul sets |out| = |small1| * |small2|
+/*-
+ * smallfelem_mul sets |out| = |small1| * |small2|
* On entry:
* small1[i] < 2^64
* small2[i] < 2^64
out[7] = high;
}
-/* felem_mul sets |out| = |in1| * |in2|
+/*-
+ * felem_mul sets |out| = |in1| * |in2|
* On entry:
* in1[i] < 2^109
* in2[i] < 2^109
smallfelem_mul(out, small1, small2);
}
-/* felem_small_mul sets |out| = |small1| * |in2|
+/*-
+ * felem_small_mul sets |out| = |small1| * |in2|
* On entry:
* small1[i] < 2^64
* in2[i] < 2^109
/* zero100 is 0 mod p */
static const felem zero100 = { two100m36m4, two100, two100m36p4, two100m36p4 };
-/* Internal function for the different flavours of felem_reduce.
+/*-
+ * Internal function for the different flavours of felem_reduce.
* felem_reduce_ reduces the higher coefficients in[4]-in[7].
* On entry:
* out[0] >= in[6] + 2^32*in[6] + in[7] + 2^32*in[7]
out[3] += (in[7] * 3);
}
-/* felem_reduce converts a longfelem into an felem.
+/*-
+ * felem_reduce converts a longfelem into an felem.
* To be called directly after felem_square or felem_mul.
* On entry:
* in[0] < 2^64, in[1] < 3*2^64, in[2] < 5*2^64, in[3] < 7*2^64
felem_reduce_(out, in);
- /* out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0
+ /*-
+ * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0
* out[1] > 2^100 - 2^64 - 7*2^96 > 0
* out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0
* out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0
*/
}
-/* felem_reduce_zero105 converts a larger longfelem into an felem.
+/*-
+ * felem_reduce_zero105 converts a larger longfelem into an felem.
* On entry:
* in[0] < 2^71
* On exit:
felem_reduce_(out, in);
- /* out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0
+ /*-
+ * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0
* out[1] > 2^105 - 2^71 - 2^103 > 0
* out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0
* out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0
felem_contract(out, tmp);
}
-/* felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
+/*-
+ * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
* otherwise.
* On entry:
* small[i] < 2^64
return (int) (smallfelem_is_zero(small) & ((limb)1));
}
-/* felem_inv calculates |out| = |in|^{-1}
+/*-
+ * felem_inv calculates |out| = |in|^{-1}
*
* Based on Fermat's Little Theorem:
* a^p = a (mod p)
felem_contract(out, tmp);
}
-/* Group operations
+/*-
+ * Group operations
* ----------------
*
* Building on top of the field operations we have the operations on the
* elliptic curve group itself. Points on the curve are represented in Jacobian
* coordinates */
-/* point_double calculates 2*(x_in, y_in, z_in)
+/*-
+ * point_double calculates 2*(x_in, y_in, z_in)
*
* The method is taken from:
* http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
}
}
-/* point_add calcuates (x1, y1, z1) + (x2, y2, z2)
+/*-
+ * point_add calcuates (x1, y1, z1) + (x2, y2, z2)
*
* The method is taken from:
* http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
felem_shrink(z3, felem_z3);
}
-/* Base point pre computation
+/*-
+ * Base point pre computation
* --------------------------
*
* Two different sorts of precomputed tables are used in the following code.
0x66, 0x50}
};
-/* The representation of field elements.
+/*-
+ * The representation of field elements.
* ------------------------------------
*
* We represent field elements with nine values. These values are either 64 or
out[8] *= scalar;
}
-/* felem_neg sets |out| to |-in|
+/*-
+ * felem_neg sets |out| to |-in|
* On entry:
* in[i] < 2^59 + 2^14
* On exit:
out[8] = two62m2 - in[8];
}
-/* felem_diff64 subtracts |in| from |out|
+/*-
+ * felem_diff64 subtracts |in| from |out|
* On entry:
* in[i] < 2^59 + 2^14
* On exit:
out[8] += two62m2 - in[8];
}
-/* felem_diff_128_64 subtracts |in| from |out|
+/*-
+ * felem_diff_128_64 subtracts |in| from |out|
* On entry:
* in[i] < 2^62 + 2^17
* On exit:
out[8] += two63m5 - in[8];
}
-/* felem_diff_128_64 subtracts |in| from |out|
+/*-
+ * felem_diff_128_64 subtracts |in| from |out|
* On entry:
* in[i] < 2^126
* On exit:
out[8] += (two127m69 - in[8]);
}
-/* felem_square sets |out| = |in|^2
+/*-
+ * felem_square sets |out| = |in|^2
* On entry:
* in[i] < 2^62
* On exit:
felem_scalar(inx2, in, 2);
felem_scalar(inx4, in, 4);
- /* We have many cases were we want to do
+ /*-
+ * We have many cases were we want to do
* in[x] * in[y] +
* in[y] * in[x]
* This is obviously just
out[7] += ((uint128_t) in[8]) * inx2[8];
}
-/* felem_mul sets |out| = |in1| * |in2|
+/*-
+ * felem_mul sets |out| = |in1| * |in2|
* On entry:
* in1[i] < 2^64
* in2[i] < 2^63
static const limb bottom52bits = 0xfffffffffffff;
-/* felem_reduce converts a largefelem to an felem.
+/*-
+ * felem_reduce converts a largefelem to an felem.
* On entry:
* in[i] < 2^128
* On exit:
felem_reduce(out, tmp);
}
-/* felem_inv calculates |out| = |in|^{-1}
+/*-
+ * felem_inv calculates |out| = |in|^{-1}
*
* Based on Fermat's Little Theorem:
* a^p = a (mod p)
0x03ffffffffffffff, 0x03ffffffffffffff, 0x01ffffffffffffff
};
-/* felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
+/*-
+ * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
* otherwise.
* On entry:
* in[i] < 2^59 + 2^14
return (int) (felem_is_zero(in) & ((limb)1));
}
-/* felem_contract converts |in| to its unique, minimal representation.
+/*-
+ * felem_contract converts |in| to its unique, minimal representation.
* On entry:
* in[i] < 2^59 + 2^14
*/
sign = -(out[7] >> 63); out[7] += (two58 & sign); out[8] -= (1 & sign);
}
-/* Group operations
+/*-
+ * Group operations
* ----------------
*
* Building on top of the field operations we have the operations on the
* elliptic curve group itself. Points on the curve are represented in Jacobian
* coordinates */
-/* point_double calcuates 2*(x_in, y_in, z_in)
+/*-
+ * point_double calcuates 2*(x_in, y_in, z_in)
*
* The method is taken from:
* http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
felem_scalar64(ftmp2, 3);
/* ftmp2[i] < 3*2^60 + 3*2^15 */
felem_mul(tmp, ftmp, ftmp2);
- /* tmp[i] < 17(3*2^121 + 3*2^76)
+ /*-
+ * tmp[i] < 17(3*2^121 + 3*2^76)
* = 61*2^121 + 61*2^76
* < 64*2^121 + 64*2^76
* = 2^127 + 2^82
- * < 2^128 */
+ * < 2^128
+ */
felem_reduce(alpha, tmp);
/* x' = alpha^2 - 8*beta */
felem_diff64(beta, x_out);
/* beta[i] < 2^61 + 2^60 + 2^16 */
felem_mul(tmp, alpha, beta);
- /* tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16))
+ /*-
+ * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16))
* = 17*(2^120 + 2^75 + 2^119 + 2^74 + 2^75 + 2^30)
* = 17*(2^120 + 2^119 + 2^76 + 2^74 + 2^30)
- * < 2^128 */
+ * < 2^128
+ */
felem_square(tmp2, gamma);
- /* tmp2[i] < 17*(2^59 + 2^14)^2
- * = 17*(2^118 + 2^74 + 2^28) */
+ /*-
+ * tmp2[i] < 17*(2^59 + 2^14)^2
+ * = 17*(2^118 + 2^74 + 2^28)
+ */
felem_scalar128(tmp2, 8);
- /* tmp2[i] < 8*17*(2^118 + 2^74 + 2^28)
+ /*-
+ * tmp2[i] < 8*17*(2^118 + 2^74 + 2^28)
* = 2^125 + 2^121 + 2^81 + 2^77 + 2^35 + 2^31
- * < 2^126 */
+ * < 2^126
+ */
felem_diff128(tmp, tmp2);
- /* tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30)
+ /*-
+ * tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30)
* = 2^127 + 2^124 + 2^122 + 2^120 + 2^118 + 2^80 + 2^78 + 2^76 +
* 2^74 + 2^69 + 2^34 + 2^30
- * < 2^128 */
+ * < 2^128
+ */
felem_reduce(y_out, tmp);
}
}
}
-/* point_add calcuates (x1, y1, z1) + (x2, y2, z2)
+/*-
+ * point_add calcuates (x1, y1, z1) + (x2, y2, z2)
*
* The method is taken from
* http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
felem_assign(z3, z_out);
}
-/* Base point pre computation
+/*-
+ * Base point pre computation
* --------------------------
*
* Two different sorts of precomputed tables are used in the following code.
}
}
-/*
+/*-
* This function looks at 5+1 scalar bits (5 current, 1 adjacent less
* significant bit), and recodes them into a signed digit for use in fast point
* multiplication: the use of signed rather than unsigned digits means that
if (!BN_copy(b, group->b)) goto err;
}
- /* check the discriminant:
+ /*-
+ * check the discriminant:
* y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p)
- * 0 =< a, b < p */
+ * 0 =< a, b < p
+ */
if (BN_is_zero(a))
{
if (BN_is_zero(b)) goto err;
Z6 = BN_CTX_get(ctx);
if (Z6 == NULL) goto err;
- /* We have a curve defined by a Weierstrass equation
+ /*-
+ * We have a curve defined by a Weierstrass equation
* y^2 = x^3 + a*x + b.
* The point to consider is given in Jacobian projective coordinates
* where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3).
Zb23 = BN_CTX_get(ctx);
if (Zb23 == NULL) goto end;
- /* We have to decide whether
+ /*-
+ * We have to decide whether
* (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
* or equivalently, whether
* (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
#include <openssl/engine.h>
#endif
-/* returns
+/*-
+ * returns
* 1: correct signature
* 0: incorrect signature
* -1: error
return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
}
-/* returns
+/*-
+ * returns
* 1: correct signature
* 0: incorrect signature
* -1: error
#ifndef OPENSSL_NO_HW_4758_CCA
ENGINE_load_4758cca();
#endif
-/*
+/*-
* These engines have been disabled as they do not currently build
#ifndef OPENSSL_NO_HW_AEP
ENGINE_load_aep();
typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
-/* These callback types are for an ENGINE's handler for cipher and digest logic.
+/*-
+ * These callback types are for an ENGINE's handler for cipher and digest logic.
* These handlers have these prototypes;
* int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
* int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
unsigned int ENGINE_get_table_flags(void);
void ENGINE_set_table_flags(unsigned int flags);
-/* Manage registration of ENGINEs per "table". For each type, there are 3
+/*- Manage registration of ENGINEs per "table". For each type, there are 3
* functions;
* ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
* ENGINE_unregister_***(e) - unregister the implementation from 'e'
* ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
* Cleanup is automatically registered from each table when required, so
- * ENGINE_cleanup() will reverse any "register" operations. */
+ * ENGINE_cleanup() will reverse any "register" operations.
+ */
int ENGINE_register_RSA(ENGINE *e);
void ENGINE_unregister_RSA(ENGINE *e);
return(ret);
}
-/*
+/*-
void BIO_set_cipher_ctx(b,c)
BIO *b;
EVP_CIPHER_ctx *c;
return((int)ret);
}
-/*
+/*-
static int md_puts(bp,str)
BIO *bp;
char *str;
* [including the GNU Public Licence.]
*/
-/*
+/*-
From: Arne Ansper <arne@cyber.ee>
Why BIO_f_reliable?
#define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f])
#endif
-/* 64 char lines
+/*-
+ * 64 char lines
* pad input with 0
* left over chars are set to =
* 1 byte => xx==
static const unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
abcdefghijklmnopqrstuvwxyz0123456789+/";
-/* 0xF0 is a EOLN
+/*-
+ * 0xF0 is a EOLN
* 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
* 0xF2 is EOF
* 0xE0 is ignore at start of line.
ctx->expect_nl=0;
}
-/* -1 for error
+/*-
+ * -1 for error
* 0 for last line
* 1 for full line
*/
#include <openssl/bio.h>
#endif
-/*
+/*-
#define EVP_RC2_KEY_SIZE 16
#define EVP_RC4_KEY_SIZE 16
#define EVP_BLOWFISH_KEY_SIZE 16
init_key, cleanup, set_asn1, get_asn1, ctrl)
-/*
+/*-
#define BLOCK_CIPHER_defs(cname, kstruct, \
nid, block_size, key_len, iv_len, flags,\
init_key, cleanup, set_asn1, get_asn1, ctrl)\
return(npubk);
}
-/* MACRO
+/*- MACRO
void EVP_SealUpdate(ctx,out,outl,in,inl)
EVP_CIPHER_CTX *ctx;
unsigned char *out;
0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
-/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
};
BIGNUM *t1 = BN_new();
BIGNUM *t2 = BN_new();
- /*
+ /*-
* X = g^{(xa + xc + xd) * xb * s}
* t1 = g^xa
*/
/* t2 = xb * s */
BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);
- /*
+ /*-
* ZKP(xb * s)
* XXX: this is kinda funky, because we're using
*
BIGNUM *t2 = BN_new();
BIGNUM *t3 = BN_new();
- /*
+ /*-
* K = (gx/g^{xb * xd * s})^{xb}
* = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
* = (g^{(xa + xc) * xd * s})^{xb}
BIGNUM *t2 = BN_new();
int ret = 0;
- /*
+ /*-
* g' = g^{xc + xa + xb} [from our POV]
* t1 = xa + xb
*/
ERR_load_crypto_strings();
- /*
+ /*-
BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5");
*/
- /*
+ /*-
p = BN_new();
BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL);
*/
/* ASN.1 from Kerberos RFC 1510
-*/
+ */
-/* EncryptedData ::= SEQUENCE {
-** etype[0] INTEGER, -- EncryptionType
-** kvno[1] INTEGER OPTIONAL,
-** cipher[2] OCTET STRING -- ciphertext
-** }
-*/
+/*- EncryptedData ::= SEQUENCE {
+ * etype[0] INTEGER, -- EncryptionType
+ * kvno[1] INTEGER OPTIONAL,
+ * cipher[2] OCTET STRING -- ciphertext
+ * }
+ */
typedef struct krb5_encdata_st
{
ASN1_INTEGER *etype;
DECLARE_STACK_OF(KRB5_ENCDATA)
-/* PrincipalName ::= SEQUENCE {
-** name-type[0] INTEGER,
-** name-string[1] SEQUENCE OF GeneralString
-** }
-*/
+/*- PrincipalName ::= SEQUENCE {
+ * name-type[0] INTEGER,
+ * name-string[1] SEQUENCE OF GeneralString
+ * }
+ */
typedef struct krb5_princname_st
{
ASN1_INTEGER *nametype;
DECLARE_STACK_OF(KRB5_PRINCNAME)
-/* Ticket ::= [APPLICATION 1] SEQUENCE {
-** tkt-vno[0] INTEGER,
-** realm[1] Realm,
-** sname[2] PrincipalName,
-** enc-part[3] EncryptedData
-** }
-*/
+/*- Ticket ::= [APPLICATION 1] SEQUENCE {
+ * tkt-vno[0] INTEGER,
+ * realm[1] Realm,
+ * sname[2] PrincipalName,
+ * enc-part[3] EncryptedData
+ * }
+ */
typedef struct krb5_tktbody_st
{
ASN1_INTEGER *tktvno;
DECLARE_STACK_OF(KRB5_TKTBODY)
-/* AP-REQ ::= [APPLICATION 14] SEQUENCE {
-** pvno[0] INTEGER,
-** msg-type[1] INTEGER,
-** ap-options[2] APOptions,
-** ticket[3] Ticket,
-** authenticator[4] EncryptedData
-** }
-**
-** APOptions ::= BIT STRING {
-** reserved(0), use-session-key(1), mutual-required(2) }
-*/
+/*- AP-REQ ::= [APPLICATION 14] SEQUENCE {
+ * pvno[0] INTEGER,
+ * msg-type[1] INTEGER,
+ * ap-options[2] APOptions,
+ * ticket[3] Ticket,
+ * authenticator[4] EncryptedData
+ * }
+ *
+ * APOptions ::= BIT STRING {
+ * reserved(0), use-session-key(1), mutual-required(2) }
+ */
typedef struct krb5_ap_req_st
{
ASN1_INTEGER *pvno;
/* Authenticator Stuff */
-/* Checksum ::= SEQUENCE {
-** cksumtype[0] INTEGER,
-** checksum[1] OCTET STRING
-** }
-*/
+/*- Checksum ::= SEQUENCE {
+ * cksumtype[0] INTEGER,
+ * checksum[1] OCTET STRING
+ * }
+ */
typedef struct krb5_checksum_st
{
ASN1_INTEGER *ctype;
DECLARE_STACK_OF(KRB5_CHECKSUM)
-/* EncryptionKey ::= SEQUENCE {
-** keytype[0] INTEGER,
-** keyvalue[1] OCTET STRING
-** }
-*/
+/*- EncryptionKey ::= SEQUENCE {
+ * keytype[0] INTEGER,
+ * keyvalue[1] OCTET STRING
+ * }
+ */
typedef struct krb5_encryptionkey_st
{
ASN1_INTEGER *ktype;
DECLARE_STACK_OF(KRB5_ENCKEY)
-/* AuthorizationData ::= SEQUENCE OF SEQUENCE {
-** ad-type[0] INTEGER,
-** ad-data[1] OCTET STRING
-** }
-*/
+/*- AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ * ad-type[0] INTEGER,
+ * ad-data[1] OCTET STRING
+ * }
+ */
typedef struct krb5_authorization_st
{
ASN1_INTEGER *adtype;
DECLARE_STACK_OF(KRB5_AUTHDATA)
-/* -- Unencrypted authenticator
-** Authenticator ::= [APPLICATION 2] SEQUENCE {
-** authenticator-vno[0] INTEGER,
-** crealm[1] Realm,
-** cname[2] PrincipalName,
-** cksum[3] Checksum OPTIONAL,
-** cusec[4] INTEGER,
-** ctime[5] KerberosTime,
-** subkey[6] EncryptionKey OPTIONAL,
-** seq-number[7] INTEGER OPTIONAL,
-** authorization-data[8] AuthorizationData OPTIONAL
-** }
-*/
+/*- -- Unencrypted authenticator
+ * Authenticator ::= [APPLICATION 2] SEQUENCE {
+ * authenticator-vno[0] INTEGER,
+ * crealm[1] Realm,
+ * cname[2] PrincipalName,
+ * cksum[3] Checksum OPTIONAL,
+ * cusec[4] INTEGER,
+ * ctime[5] KerberosTime,
+ * subkey[6] EncryptionKey OPTIONAL,
+ * seq-number[7] INTEGER OPTIONAL,
+ * authorization-data[8] AuthorizationData OPTIONAL
+ * }
+ */
typedef struct krb5_authenticator_st
{
ASN1_INTEGER *avno;
DECLARE_STACK_OF(KRB5_AUTHENTBODY)
-/* DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
-** type *name##_new(void);
-** void name##_free(type *a);
-** DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
-** DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
-** type *d2i_##name(type **a, const unsigned char **in, long len);
-** int i2d_##name(type *a, unsigned char **out);
-** DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
-*/
+/*- DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
+ * type *name##_new(void);
+ * void name##_free(type *a);
+ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
+ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
+ * type *d2i_##name(type **a, const unsigned char **in, long len);
+ * int i2d_##name(type *a, unsigned char **out);
+ * DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
+ */
DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
* [including the GNU Public Licence.]
*/
-/* Code for dynamic hash table routines
+/*-
+ * Code for dynamic hash table routines
* Author - Eric Young v 2.0
*
* 2.2 eay - added #include "crypto.h" so the memory leak checking code is
*
*/
-/*
+/*-
* This is a generic 32 bit "collector" for message digest algorithms.
* Whenever needed it collects input character stream into chunks of
* 32 bit values and invokes a block function that performs actual hash
#error MD4 is disabled.
#endif
-/*
+/*-
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !
* ! MD4_LONG_LOG2 has to be defined along. !
} \
} while(0)
-/*
+/*-
* Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
* never be set to 8. 8 is effectively reserved for testing purposes.
* TABLE_BITS>1 are lookup-table-driven implementations referred to as
/* Since there was no gmtime_r() to do this stuff for us,
we have to do it the hard way. */
{
- /* The VMS epoch is the astronomical Smithsonian date,
+ /*-
+ * The VMS epoch is the astronomical Smithsonian date,
if I remember correctly, which is November 17, 1858.
Furthermore, time is measure in thenths of microseconds
and stored in quadwords (64 bit integers). unix_epoch
#define NID_ripemd160WithRSA 119
#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L
-/* Taken from rfc2040
+/*-
+ * Taken from rfc2040
* RC5_CBC_Parameters ::= SEQUENCE {
* version INTEGER (v1_0(16)),
* rounds INTEGER (8..127),
#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \
type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
-/*
+/*-
* Unsolved problem: if a type is actually a pointer type, like
* nid_triple is, then its impossible to get a const where you need
* it. Consider:
#define OCSP_RESPID_KEY 0x400
#define OCSP_NOTIME 0x800
-/* CertID ::= SEQUENCE {
+/*- CertID ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
* issuerNameHash OCTET STRING, -- Hash of Issuer's DN
* issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
DECLARE_STACK_OF(OCSP_CERTID)
-/* Request ::= SEQUENCE {
+/*- Request ::= SEQUENCE {
* reqCert CertID,
* singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
*/
DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
-/* TBSRequest ::= SEQUENCE {
+/*- TBSRequest ::= SEQUENCE {
* version [0] EXPLICIT Version DEFAULT v1,
* requestorName [1] EXPLICIT GeneralName OPTIONAL,
* requestList SEQUENCE OF Request,
STACK_OF(X509_EXTENSION) *requestExtensions;
} OCSP_REQINFO;
-/* Signature ::= SEQUENCE {
+/*- Signature ::= SEQUENCE {
* signatureAlgorithm AlgorithmIdentifier,
* signature BIT STRING,
* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
STACK_OF(X509) *certs;
} OCSP_SIGNATURE;
-/* OCSPRequest ::= SEQUENCE {
+/*- OCSPRequest ::= SEQUENCE {
* tbsRequest TBSRequest,
* optionalSignature [0] EXPLICIT Signature OPTIONAL }
*/
OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
} OCSP_REQUEST;
-/* OCSPResponseStatus ::= ENUMERATED {
+/*- OCSPResponseStatus ::= ENUMERATED {
* successful (0), --Response has valid confirmations
* malformedRequest (1), --Illegal confirmation request
* internalError (2), --Internal error in issuer
#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
-/* ResponseBytes ::= SEQUENCE {
+/*- ResponseBytes ::= SEQUENCE {
* responseType OBJECT IDENTIFIER,
* response OCTET STRING }
*/
ASN1_OCTET_STRING *response;
} OCSP_RESPBYTES;
-/* OCSPResponse ::= SEQUENCE {
+/*- OCSPResponse ::= SEQUENCE {
* responseStatus OCSPResponseStatus,
* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
*/
OCSP_RESPBYTES *responseBytes;
};
-/* ResponderID ::= CHOICE {
+/*- ResponderID ::= CHOICE {
* byName [1] Name,
* byKey [2] KeyHash }
*/
DECLARE_STACK_OF(OCSP_RESPID)
DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
* --(excluding the tag and length fields)
*/
-/* RevokedInfo ::= SEQUENCE {
+/*- RevokedInfo ::= SEQUENCE {
* revocationTime GeneralizedTime,
* revocationReason [0] EXPLICIT CRLReason OPTIONAL }
*/
ASN1_ENUMERATED *revocationReason;
} OCSP_REVOKEDINFO;
-/* CertStatus ::= CHOICE {
+/*- CertStatus ::= CHOICE {
* good [0] IMPLICIT NULL,
* revoked [1] IMPLICIT RevokedInfo,
* unknown [2] IMPLICIT UnknownInfo }
} value;
} OCSP_CERTSTATUS;
-/* SingleResponse ::= SEQUENCE {
+/*- SingleResponse ::= SEQUENCE {
* certID CertID,
* certStatus CertStatus,
* thisUpdate GeneralizedTime,
DECLARE_STACK_OF(OCSP_SINGLERESP)
DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
-/* ResponseData ::= SEQUENCE {
+/*- ResponseData ::= SEQUENCE {
* version [0] EXPLICIT Version DEFAULT v1,
* responderID ResponderID,
* producedAt GeneralizedTime,
STACK_OF(X509_EXTENSION) *responseExtensions;
} OCSP_RESPDATA;
-/* BasicOCSPResponse ::= SEQUENCE {
+/*- BasicOCSPResponse ::= SEQUENCE {
* tbsResponseData ResponseData,
* signatureAlgorithm AlgorithmIdentifier,
* signature BIT STRING,
STACK_OF(X509) *certs;
} OCSP_BASICRESP;
-/*
+/*-
* CRLReason ::= ENUMERATED {
* unspecified (0),
* keyCompromise (1),
#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
-/* CrlID ::= SEQUENCE {
+/*-
+ * CrlID ::= SEQUENCE {
* crlUrl [0] EXPLICIT IA5String OPTIONAL,
* crlNum [1] EXPLICIT INTEGER OPTIONAL,
* crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
ASN1_GENERALIZEDTIME *crlTime;
} OCSP_CRLID;
-/* ServiceLocator ::= SEQUENCE {
+/*-
+ * ServiceLocator ::= SEQUENCE {
* issuer Name,
* locator AuthorityInfoAccessSyntax OPTIONAL }
*/
extern "C" {
#endif
-/* Numeric release version identifier:
+/*-
+ * Numeric release version identifier:
* MNNFFPPS: major minor fix patch status
* The status nibble has one of the values 0 for development, 1 to e for betas
* 1 to 14, and f for release. The patch level is exactly that.
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
-/* The macros below are to be used for shared library (.so, .dll, ...)
+/*-
+ * The macros below are to be used for shared library (.so, .dll, ...)
* versioning. That kind of versioning works a bit differently between
* operating systems. The most usual scheme is to set a major and a minor
* number, and have the runtime loader check that the major number is equal
#undef PKCS7_SIGNER_INFO
#endif
-/*
+/*-
Encryption_ID DES-CBC
Digest_ID MD5
Digest_Encryption_ID rsaEncryption
#include <openssl/rand.h>
#include <openssl/buffer.h>
-/*
+/*-
* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
*
* This module supplies three routines:
0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
-/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
};
d=key->data;
#if defined(RC4_CHUNK) && !defined(PEDANTIC)
- /*
+ /*-
* The original reason for implementing this(*) was the fact that
* pre-21164a Alpha CPUs don't have byte load/store instructions
* and e.g. a byte store has to be done with 64-bit load, shift,
RC4_CHUNK ichunk,otp;
const union { long one; char little; } is_endian = {1};
- /*
+ /*-
* I reckon we can afford to implement both endian
* cases and to decide which way to take at run-time
* because the machine code appears to be very compact
hLen = M_EVP_MD_size(Hash);
if (hLen < 0)
goto err;
- /*
+ /*-
* Negative sLen has special meanings:
* -1 sLen == hLen
* -2 salt length is autorecovered from signature
hLen = M_EVP_MD_size(Hash);
if (hLen < 0)
goto err;
- /*
+ /*-
* Negative sLen has special meanings:
* -1 sLen == hLen
* -2 salt length is maximized
#error SHA is disabled.
#endif
-/*
+/*-
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
* ! SHA_LONG_LOG2 has to be defined along. !
*/
#include <openssl/opensslconf.h>
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
-/*
+/*-
* IMPLEMENTATION NOTES.
*
* As you might have noticed 32-bit hash algorithms:
#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/
-/* Strings are special: normally an lhash entry will point to a single
+/*-
+ * Strings are special: normally an lhash entry will point to a single
* (somewhat) mutable object. In the case of strings:
*
* a) Instead of a single char, there is an array of chars, NUL-terminated.
* So, they need their own declarations. Especially important for
* type-checking tools, such as Deputy.
*
-o * In practice, however, it appears to be hard to have a const
+ * In practice, however, it appears to be hard to have a const
* string. For now, I'm settling for dealing with the fact it is a
* string at all.
*/
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-/*
+/*-
MessageImprint ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashedMessage OCTET STRING }
ASN1_OCTET_STRING *hashed_msg;
} TS_MSG_IMPRINT;
-/*
+/*-
TimeStampReq ::= SEQUENCE {
version INTEGER { v1(1) },
messageImprint MessageImprint,
STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */
} TS_REQ;
-/*
+/*-
Accuracy ::= SEQUENCE {
seconds INTEGER OPTIONAL,
millis [0] INTEGER (1..999) OPTIONAL,
ASN1_INTEGER *micros;
} TS_ACCURACY;
-/*
+/*-
TSTInfo ::= SEQUENCE {
version INTEGER { v1(1) },
policy TSAPolicyId,
STACK_OF(X509_EXTENSION) *extensions;
} TS_TST_INFO;
-/*
+/*-
PKIStatusInfo ::= SEQUENCE {
status PKIStatus,
statusString PKIFreeText OPTIONAL,
DECLARE_STACK_OF(ASN1_UTF8STRING)
DECLARE_ASN1_SET_OF(ASN1_UTF8STRING)
-/*
+/*-
TimeStampResp ::= SEQUENCE {
status PKIStatusInfo,
timeStampToken TimeStampToken OPTIONAL }
/* The structure below would belong to the ESS component. */
-/*
+/*-
IssuerSerial ::= SEQUENCE {
issuer GeneralNames,
serialNumber CertificateSerialNumber
ASN1_INTEGER *serial;
} ESS_ISSUER_SERIAL;
-/*
+/*-
ESSCertID ::= SEQUENCE {
certHash Hash,
issuerSerial IssuerSerial OPTIONAL
DECLARE_STACK_OF(ESS_CERT_ID)
DECLARE_ASN1_SET_OF(ESS_CERT_ID)
-/*
+/*-
SigningCertificate ::= SEQUENCE {
certs SEQUENCE OF ESSCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL
void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
-/*
+/*-
* If ctx is NULL, it allocates and returns a new object, otherwise
* it returns ctx. It initialises all the members as follows:
* flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE)
return ret;
}
-/*
+/*-
* Verifies whether the 'token' contains a valid time stamp token
* with regards to the settings of the context. Only those checks are
* carried out that are specified in the context:
UI *UI_new_method(const UI_METHOD *method);
void UI_free(UI *ui);
-/* The following functions are used to add strings to be printed and prompt
+/*-
+ The following functions are used to add strings to be printed and prompt
strings to prompt for data. The names are UI_{add,dup}_<function>_string
and UI_{add,dup}_input_boolean.
/* ---------- For method writers ---------- */
-/* A method contains a number of functions that implement the low level
+/*-
+ A method contains a number of functions that implement the low level
of the User Interface. The functions are:
an opener This function starts a session, maybe by opening
else /* bit-oriented loop */
#endif
{
- /*
+ /*-
inp
|
+-------+-------+-------
STACK_OF(X509) *certs;
} NETSCAPE_CERT_SEQUENCE;
-/* Unused (and iv length is wrong)
+/*- Unused (and iv length is wrong)
typedef struct CBCParameter_st
{
unsigned char iv[8];
}
-/* Try to get issuer certificate from store. Due to limitations
+/*-
+ * Try to get issuer certificate from store. Due to limitations
* of the API this can only retrieve a single certificate matching
* a given subject name. However it will fill the cache with all
* matching certificates, so we can examine the cache for all
} X509_CERT_FILE_CTX;
/*******************************/
-/*
+/*-
SSL_CTX -> X509_STORE
-> X509_LOOKUP
->X509_LOOKUP_METHOD
OPENSSL_free(param);
}
-/* This function determines how parameters are "inherited" from one structure
+/*-
+ * This function determines how parameters are "inherited" from one structure
* to another. There are several different ways this can happen.
*
* 1. If a child structure needs to have its values initialized from a parent
set_prev=ret->set-1;
set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
- /* set_prev is the previous set
+ /*-
+ * set_prev is the previous set
* set is the current set
* set_next is the following
* prev 1 1 1 1 1 1 1 1
* set 1 1 2 2
* next 1 1 2 2 2 2 3 2
* so basically only if prev and next differ by 2, then
- * re-number down by 1 */
+ * re-number down by 1
+ */
if (set_prev+1 < set_next)
for (i=loc; i<n; i++)
sk_X509_NAME_ENTRY_value(sk,i)->set--;
}
-/* Application policy checking function.
+/*-
+ * Application policy checking function.
* Return codes:
* 0 Internal Error.
* 1 Successful.
return 1;
}
-/* Check a certificate conforms to a specified set of constraints.
+/*-
+ * Check a certificate conforms to a specified set of constraints.
* Return values:
* X509_V_OK: All constraints obeyed.
* X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation.
* X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Unsupported constraint type.
* X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax.
* X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name
-
*/
int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
x->ex_flags |= EXFLAG_SET;
}
-/* CA checks common to all purposes
+/*-
+ * CA checks common to all purposes
* return codes:
* 0 not a CA
* 1 is a CA
return 1;
}
-/* Various checks to see if one certificate issued the second.
+/*-
+ * Various checks to see if one certificate issued the second.
* This can be used to prune a set of possible issuer certificates
* which have been looked up using some simple method such as by
* subject name.
sct->version = *p2++;
if (sct->version == 0) /* SCT v1 */
{
- /* Fixed-length header:
+ /*-
+ * Fixed-length header:
* struct {
* (1 byte) Version sct_version;
* (32 bytes) LogID id;
p2 += fieldlen;
sctlen -= fieldlen;
- /* digitally-signed struct header:
+ /*-
+ * digitally-signed struct header:
* (1 byte) Hash algorithm
* (1 byte) Signature algorithm
* (2 bytes + ?) Signature
return ret;
}
-/*
+/*-
int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
int nid, int crit, ASN1_OCTET_STRING *data);
-/* Example of new ASN1 code, OCSP request
+/*-
+ Example of new ASN1 code, OCSP request
OCSPRequest ::= SEQUENCE {
tbsRequest TBSRequest,
* easy-tls.c -- generic TLS proxy.
* $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
*/
-/*
+/*-
(c) Copyright 1999 Bodo Moeller. All rights reserved.
This is free software; you can redistributed and/or modify it
or
- the following license:
*/
-/*
+/*-
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that each of the following
* conditions is met:
return ret;
}
-/* Slice in TLS proxy process at fd.
+/*-
+ * Slice in TLS proxy process at fd.
* Return value:
* 0 ok (*pid is set to child's PID if pid != NULL),
* < 0 look at errno
# define NUL_DEV "NLA0:"
/* We don't have any well-defined random devices on VMS, yet... */
# undef DEVRANDOM
- /* We need to do this since VMS has the following coding on status codes:
+ /*-
+ We need to do this since VMS has the following coding on status codes:
Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
The important thing to know is that odd numbers are considered
# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */
#endif
-/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
- certain global symbols that, with some compilers under VMS, have to be
- defined and declared explicitely with globaldef and globalref.
- Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
- DLL exports and imports for compilers under Win32. These are a little
- more complicated to use. Basically, for any library that exports some
- global variables, the following code must be present in the header file
- that declares them, before OPENSSL_EXTERN is used:
-
- #ifdef SOME_BUILD_FLAG_MACRO
- # undef OPENSSL_EXTERN
- # define OPENSSL_EXTERN OPENSSL_EXPORT
- #endif
-
- The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
- have some generally sensible values, and for OPENSSL_EXTERN to have the
- value OPENSSL_IMPORT.
-*/
+/*-
+ * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
+ * certain global symbols that, with some compilers under VMS, have to be
+ * defined and declared explicitely with globaldef and globalref.
+ * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
+ * DLL exports and imports for compilers under Win32. These are a little
+ * more complicated to use. Basically, for any library that exports some
+ * global variables, the following code must be present in the header file
+ * that declares them, before OPENSSL_EXTERN is used:
+ *
+ * #ifdef SOME_BUILD_FLAG_MACRO
+ * # undef OPENSSL_EXTERN
+ * # define OPENSSL_EXTERN OPENSSL_EXPORT
+ * #endif
+ *
+ * The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
+ * have some generally sensible values, and for OPENSSL_EXTERN to have the
+ * value OPENSSL_IMPORT.
+ */
#if defined(OPENSSL_SYS_VMS_NODECC)
# define OPENSSL_EXPORT globalref
#endif
#define OPENSSL_EXTERN OPENSSL_IMPORT
-/* Macros to allow global variables to be reached through function calls when
- required (if a shared library version requires it, for example.
- The way it's done allows definitions like this:
-
- // in foobar.c
- OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
- // in foobar.h
- OPENSSL_DECLARE_GLOBAL(int,foobar);
- #define foobar OPENSSL_GLOBAL_REF(foobar)
-*/
+/*-
+ * Macros to allow global variables to be reached through function calls when
+ * required (if a shared library version requires it, for example.
+ * The way it's done allows definitions like this:
+ *
+ * // in foobar.c
+ * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
+ * // in foobar.h
+ * OPENSSL_DECLARE_GLOBAL(int,foobar);
+ * #define foobar OPENSSL_GLOBAL_REF(foobar)
+ */
#ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \
type *_shadow_##name(void) \
**********************************************************************/
#include <string.h>
#include "gost89.h"
-/* Substitution blocks from RFC 4357
+/*-
+ Substitution blocks from RFC 4357
Note: our implementation of gost 28147-89 algorithm
uses S-box matrix rotated 90 degrees counterclockwise, relative to
static const char *gost_envnames[]={"CRYPT_PARAMS"};
const ENGINE_CMD_DEFN gost_cmds[]=
{
-/* { GOST_CTRL_RNG,
+/*- { GOST_CTRL_RNG,
"RNG",
"Type of random number generator to use",
ENGINE_CMD_FLAG_STRING
#include "gost89.h"
#include "gost_keywrap.h"
-/* Diversifies key using random UserKey Material
+/*-
+ * Diversifies key using random UserKey Material
* Implements RFC 4357 p 6.5 key diversification algorithm
*
* inputKey - 32byte key to be diversified
}
-/*
+/*-
* Wraps key using RFC 4357 6.3
* ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey (KEK) 32-byte (256-bit) shared key
gost_mac_iv(ctx,32,ukm,sessionKey,32,wrappedKey+40);
return 1;
}
-/*
+/*-
* Unwraps key using RFC 4357 6.4
* ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey 32-byte shared key
#define GOST_KEYWRAP_H
#include <string.h>
#include "gost89.h"
-/* Diversifies key using random UserKey Material
+/*-
+ * Diversifies key using random UserKey Material
* Implements RFC 4357 p 6.5 key diversification algorithm
*
* inputKey - 32byte key to be diversified
const unsigned char *inputKey,
const unsigned char *ukm,
unsigned char *outputKey);
-/*
+/*-
* Wraps key using RFC 4357 6.3
* ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey (KEK) 32-byte (256-bit) shared key
const unsigned char *ukm,
const unsigned char *sessionKey,
unsigned char *wrappedKey) ;
-/*
+/*-
* Unwraps key using RFC 4357 6.4
* ctx - gost encryption context, initialized with some S-boxes
* keyExchangeKey 32-byte shared key
* Packs signature according to Cryptocom rules
* and frees up DSA_SIG structure
*/
-/*
+/*-
int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
{
*siglen = 2*order;
}
/* Unpack signature according to cryptocom rules */
-/*
+/*-
DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen)
{
DSA_SIG *s;
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_CHIL
-/* Attribution notice: nCipher have said several times that it's OK for
+/*-
+ * Attribution notice: nCipher have said several times that it's OK for
* us to implement a general interface to their boxes, and recently declared
* their HWCryptoHook to be public, and therefore available for us to use.
* Thanks, nCipher.
* otherwise paths must be specified - eg. try configuring with
* "enable-gmp -I<includepath> -L<libpath> -lgmp". YMMV. */
-/* As for what this does - it's a largely unoptimised implementation of an
+/*-
+ * As for what this does - it's a largely unoptimised implementation of an
* ENGINE that uses the GMP library to perform RSA private key operations. To
* obtain more information about what "unoptimised" means, see my original mail
* on the subject (though ignore the build instructions which have since
-/*
+/*-
* Support for VIA PadLock Advanced Cryptography Engine (ACE)
* Written by Michal Ludvig <michal@logix.cz>
* http://www.logix.cz/michal
-/*
+/*-
* ModExp / RSA (with/without KM) plugin API
*
* The application will load a dynamic library which
#if HWCRYPTOHOOK_DECLARE_APPTYPES
-/* These structs are defined by the application and opaque to the
+/*-
+ * These structs are defined by the application and opaque to the
* crypto plugin. The application may define these as it sees fit.
* Default declarations are provided here, but the application may
* #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
-/* These next two structs are opaque to the application. The crypto
+/*-
+ * These next two structs are opaque to the application. The crypto
* plugin will return pointers to them; the caller simply manipulates
* the pointers.
*/
char *buf;
size_t size;
} HWCryptoHook_ErrMsgBuf;
-/* Used for error reporting. When a HWCryptoHook function fails it
+/*-
+ * Used for error reporting. When a HWCryptoHook function fails it
* will return a sentinel value (0 for pointer-valued functions, or a
* negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
* integer-valued ones). It will, if an ErrMsgBuf is passed, also put
unsigned char *buf;
size_t size;
} HWCryptoHook_MPI;
-/* When one of these is returned, a pointer is passed to the function.
+/*-
+ * When one of these is returned, a pointer is passed to the function.
* At call, size is the space available. Afterwards it is updated to
* be set to the actual length (which may be more than the space available,
* if there was not enough room and the result was truncated).
#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
-/* Enable requesting fallback to software in case of problems with the
+/*-
+ * Enable requesting fallback to software in case of problems with the
* hardware support. This indicates to the crypto provider that the
* application is prepared to fall back to software operation if the
* ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
*/
#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
-/* Without _SimpleForkCheck the library is allowed to assume that the
+/*-
+ * Without _SimpleForkCheck the library is allowed to assume that the
* application will not fork and call the library in the child(ren).
*
* When it is specified, this is allowed. However, after a fork
int mslimbfirst; /* 0 or 1 */
int msbytefirst; /* 0 or 1; -1 = native */
- /* All the callback functions should return 0 on success, or a
+ /*-
+ * All the callback functions should return 0 on success, or a
* nonzero integer (whose value will be visible in the error message
* put in the buffer passed to the call).
*
* The callbacks may not call down again into the crypto plugin.
*/
- /* For thread-safety. Set everything to 0 if you promise only to be
+ /*-
+ * For thread-safety. Set everything to 0 if you promise only to be
* singlethreaded. maxsimultaneous is the number of calls to
* ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
* put there then say 0 and the hook library will use a default.
void (*mutex_release)(HWCryptoHook_Mutex*);
void (*mutex_destroy)(HWCryptoHook_Mutex*);
- /* For greater efficiency, can use condition vars internally for
+ /*-
+ * For greater efficiency, can use condition vars internally for
* synchronisation. In this case maxsimultaneous is ignored, but
* the other mutex stuff must be available. In singlethreaded
* programs, set everything to 0.
void (*condvar_broadcast)(HWCryptoHook_CondVar*);
void (*condvar_destroy)(HWCryptoHook_CondVar*);
- /* The semantics of acquiring and releasing mutexes and broadcasting
+ /*-
+ * The semantics of acquiring and releasing mutexes and broadcasting
* and waiting on condition variables are expected to be those from
* POSIX threads (pthreads). The mutexes may be (in pthread-speak)
* fast mutexes, recursive mutexes, or nonrecursive ones.
int *len_io, char *buf,
HWCryptoHook_PassphraseContext *ppctx,
HWCryptoHook_CallerContext *cactx);
- /* Passphrases and the prompt_info, if they contain high-bit-set
+ /*-
+ * Passphrases and the prompt_info, if they contain high-bit-set
* characters, are UTF-8. The prompt_info may be a null pointer if
* no prompt information is available (it should not be an empty
* string). It will not contain text like `enter passphrase';
const char *wrong_info,
HWCryptoHook_PassphraseContext *ppctx,
HWCryptoHook_CallerContext *cactx);
- /* Requests that the human user physically insert a different
+ /*-
+ * Requests that the human user physically insert a different
* smartcard, DataKey, etc. The plugin should check whether the
* currently inserted token(s) are appropriate, and if they are it
* should not make this call.
* syntactically similar to that of prompt_info.
*/
- /* Note that a single LoadKey operation might cause several calls to
+ /*-
+ * Note that a single LoadKey operation might cause several calls to
* getpassphrase and/or requestphystoken. If requestphystoken is
* not provided (ie, a null pointer is passed) then the plugin may
* not support loading keys for which authorisation by several cards
*/
void (*logmessage)(void *logstream, const char *message);
- /* A log message will be generated at least every time something goes
+ /*-
+ * A log message will be generated at least every time something goes
* wrong and an ErrMsgBuf is filled in (or would be if one was
* provided). Other diagnostic information may be written there too,
* including more detailed reasons for errors which are reported in an
HWCryptoHook_CallerContext *cactx);
extern HWCryptoHook_Init_t HWCryptoHook_Init;
-/* Caller should set initinfosize to the size of the HWCryptoHook struct,
+/*-
+ * Caller should set initinfosize to the size of the HWCryptoHook struct,
* so it can be extended later.
*
* On success, a message for display or logging by the server,
* usual.
*/
-/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
+/*-
+ * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
* on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
* the output MPI buffer(s) was too small; the sizes of all have been
* set to the desired size (and for those where the buffer was large
* _NoStderr at init time then messages may be reported to stderr.
*/
-/* The RSAImmed* functions (and key managed RSA) only work with
+/*-
+ * The RSAImmed* functions (and key managed RSA) only work with
* modules which have an RSA patent licence - currently that means KM
* units; the ModExp* ones work with all modules, so you need a patent
* licence in the software in the US. They are otherwise identical.
const HWCryptoHook_ErrMsgBuf *errors);
extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
-/* The RSAImmed* and ModExp* functions may return E_FAILED or
+/*-
+ * The RSAImmed* and ModExp* functions may return E_FAILED or
* E_FALLBACK for failure.
*
* E_FAILED means the failure is permanent and definite and there
const HWCryptoHook_ErrMsgBuf *errors,
HWCryptoHook_PassphraseContext *ppctx);
extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
-/* The key_ident is a null-terminated string configured by the
+/*-
+ * The key_ident is a null-terminated string configured by the
* user via the application's usual configuration mechanisms.
* It is provided to the user by the crypto provider's key management
* system. The user must be able to enter at least any string of between
HWCryptoHook_MPI *e,
const HWCryptoHook_ErrMsgBuf *errors);
extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
-/* The crypto plugin will not store certificates.
+/*-
+ * The crypto plugin will not store certificates.
*
* Although this function for acquiring the public key value is
* provided, it is not the purpose of this API to deal fully with the
-/*
-* Written by Corinne Dive-Reclus(cdive@baltimore.com)
-*
-* Copyright@2001 Baltimore Technologies Ltd.
-* *
-* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
-* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
-* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
-* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
-* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
-* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
-* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
-* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
-* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
-* SUCH DAMAGE. *
-*
-*
-*/
+/*-
+ * Written by Corinne Dive-Reclus(cdive@baltimore.com)
+ *
+ * Copyright@2001 Baltimore Technologies Ltd.
+ *
+ * THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
#ifdef WIN32
#define SW_EXPORT __declspec ( dllexport )
#else
#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
#define SUREWAREHOOK_ERROR_DATA_SIZE -4
#define SUREWAREHOOK_ERROR_INVALID_PAD -5
-/*
+/*-
* -----------------WARNING-----------------------------------
* In all the following functions:
* msg is a string with at least 24 bytes free.
* A 24 bytes string will be concatenated to the existing content of msg.
*/
-/*
+/*-
* SureWare Initialisation function
* in param threadsafe, if !=0, thread safe enabled
* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
*/
typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
-/*
+/*-
* SureWare Finish function
*/
typedef void SureWareHook_Finish_t(void);
extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
-/*
+/*-
* PRE_CONDITION:
* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
*/
-/*
+/*-
* SureWare RAND Bytes function
* In case of failure, the content of buf is unpredictable.
* return 1 if success
typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
-/*
+/*-
* SureWare RAND Seed function
* Adds some seed to the Hardware Random Number Generator
* return 1 if success
typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
-/*
+/*-
* SureWare Load Private Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
-/*
+/*-
* SureWare Info Public Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
char *keytype);
extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
-/*
+/*-
* SureWare Load Public Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
unsigned long *n, unsigned long *e);
extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
-/*
+/*-
* SureWare Load DSA Public Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
unsigned long *g);
extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
-/*
+/*-
* SureWare Free function
* Destroy the key into the hardware if destroy==1
*/
#define SUREWARE_PKCS1_PAD 1
#define SUREWARE_ISO9796_PAD 2
#define SUREWARE_NO_PAD 0
-/*
+/*-
* SureWare RSA Private Decryption
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
int *tlen,unsigned char *to,
char *prsa,int padding);
extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
-/*
+/*-
* SureWare RSA Signature
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
int *tlen,unsigned char *to,
char *prsa,int padding);
extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
-/*
+/*-
* SureWare DSA Signature
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
-/*
+/*-
* SureWare Mod Exp
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
-/*
+/*-
tlhelp32.h - Include file for Tool help functions.
Written by Mumit Khan <khan@nanotech.wisc.edu>
static int
dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
{
- /* (0) check whether the desired fragment is available
+ /*-
+ * (0) check whether the desired fragment is available
* if so:
* (1) copy over the fragment to s->init_buf->data[]
* (2) update s->init_num
return(-1);
}
-/* for these 2 messages, we need to
+/*-
+ * for these 2 messages, we need to
* ssl->enc_read_ctx re-init
* ssl->s3->read_sequence zero
* ssl->s3->read_mac_secret re-init
struct dtls1_retransmit_state saved_state;
unsigned char save_write_sequence[8];
- /*
+ /*-
OPENSSL_assert(s->init_num == 0);
OPENSSL_assert(s->init_off == 0);
*/
*/
OPENSSL_assert(payload + padding <= 16381);
- /* Create HeartBeat message, we just use a sequence number
+ /*-
+ * Create HeartBeat message, we just use a sequence number
* as payload to distuingish different messages and add
* some random stuff.
* - Message Type, 1 byte
}
rr->off=0;
- /* So at this point the following is true
+ /*-
+ * So at this point the following is true
* ssl->s3->rrec.type is the type of record
* ssl->s3->rrec.length == number of bytes in record
* ssl->s3->rrec.off == offset to first valid byte
}
-/* Call this to get a new input record.
+/*-
+ * Call this to get a new input record.
* It will return <= 0 if more data is needed, normally due to an error
* or non-blocking IO.
* When it finishes, one packet has been decoded and can be found in
}
-/* Return up to 'len' payload bytes received in 'type' records.
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
* 'type' is one of the following:
*
* - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
start:
s->rwstate=SSL_NOTHING;
- /* s->s3->rrec.type - is the type of record
+ /*-
+ * s->s3->rrec.type - is the type of record
* s->s3->rrec.data, - data
* s->s3->rrec.off, - offset into 'data' for next read
- * s->s3->rrec.length, - number of bytes. */
+ * s->s3->rrec.length, - number of bytes.
+ */
rr = &(s->s3->rrec);
/* We are not handshaking and have no data yet,
/* test/heartbeat_test.c */
-/*
+/*-
* Unit test for TLS heartbeats.
*
* Acts as a regression test against the Heartbleed bug (CVE-2014-0160).
*/
-/* ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl
-**
-** 19990701 VRS Started.
-** 200011?? Jeffrey Altman, Richard Levitte
-** Generalized for Heimdal, Newer MIT, & Win32.
-** Integrated into main OpenSSL 0.9.7 snapshots.
-** 20010413 Simon Wilkinson, VRS
-** Real RFC2712 KerberosWrapper replaces AP_REQ.
-*/
+/*-
+ * ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl
+ *
+ * 19990701 VRS Started.
+ * 200011?? Jeffrey Altman, Richard Levitte
+ * Generalized for Heimdal, Newer MIT, & Win32.
+ * Integrated into main OpenSSL 0.9.7 snapshots.
+ * 20010413 Simon Wilkinson, VRS
+ * Real RFC2712 KerberosWrapper replaces AP_REQ.
+ */
#include <openssl/opensslconf.h>
}
/* Given KRB5 enctype (basically DES or 3DES),
-** return closest match openssl EVP_ encryption algorithm.
-** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes.
-** Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK.
-*/
+ * return closest match openssl EVP_ encryption algorithm.
+ * Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes.
+ * Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK.
+ */
const EVP_CIPHER *
kssl_map_enc(krb5_enctype enctype)
{
/* Return true:1 if p "looks like" the start of the real authenticator
-** described in kssl_skip_confound() below. The ASN.1 pattern is
-** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
-** xx and yy are possibly multi-byte length fields.
-*/
+ * described in kssl_skip_confound() below. The ASN.1 pattern is
+ * "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
+ * xx and yy are possibly multi-byte length fields.
+ */
static int kssl_test_confound(unsigned char *p)
{
int len = 2;
}
/* Allocate, fill, and return cksumlens array of checksum lengths.
-** This array holds just the unique elements from the krb5_cksumarray[].
-** array[n] == 0 signals end of data.
-**
-** The krb5_cksumarray[] was an internal variable that has since been
-** replaced by a more general method for storing the data. It should
-** not be used. Instead we use real API calls and make a guess for
-** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2
-** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010.
-*/
+ * This array holds just the unique elements from the krb5_cksumarray[].
+ * array[n] == 0 signals end of data.
+ *
+ * The krb5_cksumarray[] was an internal variable that has since been
+ * replaced by a more general method for storing the data. It should
+ * not be used. Instead we use real API calls and make a guess for
+ * what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2
+ * it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010.
+ */
static size_t *populate_cksumlens(void)
{
int i, j, n;
}
/* Return pointer to start of real authenticator within authenticator, or
-** return NULL on error.
-** Decrypted authenticator looks like this:
-** [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]
-** This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the
-** krb5_auth_con_getcksumtype() function advertised in its krb5.h.
-*/
+ * return NULL on error.
+ * Decrypted authenticator looks like this:
+ * [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]
+ * This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the
+ * krb5_auth_con_getcksumtype() function advertised in its krb5.h.
+ */
unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a)
{
int i, conlen;
/* Set kssl_err error info when reason text is a simple string
-** kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; }
-*/
+ * kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; }
+ */
void
kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)
{
/* Display contents of krb5_principal_data struct, for debugging
-** (krb5_principal is typedef'd == krb5_principal_data *)
-*/
+ * (krb5_principal is typedef'd == krb5_principal_data *)
+ */
static void
print_krb5_princ(char *label, krb5_principal_data *princ)
{
}
-/* Given krb5 service (typically "kssl") and hostname in kssl_ctx,
-** Return encrypted Kerberos ticket for service @ hostname.
-** If authenp is non-NULL, also return encrypted authenticator,
-** whose data should be freed by caller.
-** (Originally was: Create Kerberos AP_REQ message for SSL Client.)
-**
-** 19990628 VRS Started; Returns Kerberos AP_REQ message.
-** 20010409 VRS Modified for RFC2712; Returns enc tkt.
-** 20010606 VRS May also return optional authenticator.
-*/
+/*- Given krb5 service (typically "kssl") and hostname in kssl_ctx,
+ * Return encrypted Kerberos ticket for service @ hostname.
+ * If authenp is non-NULL, also return encrypted authenticator,
+ * whose data should be freed by caller.
+ * (Originally was: Create Kerberos AP_REQ message for SSL Client.)
+ *
+ * 19990628 VRS Started; Returns Kerberos AP_REQ message.
+ * 20010409 VRS Modified for RFC2712; Returns enc tkt.
+ * 20010606 VRS May also return optional authenticator.
+ */
krb5_error_code
kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
/* OUT */ krb5_data **enc_ticketp,
krb5rc = KRB5KRB_ERR_GENERIC;
/* caller should free data of krb5_app_req */
/* 20010406 VRS deleted for real KerberosWrapper
- ** 20010605 VRS reinstated to offer Authenticator to KerberosWrapper
- */
+ * 20010605 VRS reinstated to offer Authenticator to KerberosWrapper
+ */
krb5_app_req.length = 0;
if (authenp)
{
}
-/* Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
-** Return Kerberos error code and kssl_err struct on error.
-** Allocates krb5_ticket and krb5_principal; caller should free these.
-**
-** 20010410 VRS Implemented krb5_decode_ticket() as
-** old_krb5_decode_ticket(). Missing from MIT1.0.6.
-** 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions.
-** Re-used some of the old krb5_decode_ticket()
-** code here. This tkt should alloc/free just
-** like the real thing.
-*/
+/*-
+ * Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
+ * Return Kerberos error code and kssl_err struct on error.
+ * Allocates krb5_ticket and krb5_principal; caller should free these.
+ *
+ * 20010410 VRS Implemented krb5_decode_ticket() as
+ * old_krb5_decode_ticket(). Missing from MIT1.0.6.
+ * 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions.
+ * Re-used some of the old krb5_decode_ticket()
+ * code here. This tkt should alloc/free just
+ * like the real thing.
+ */
static krb5_error_code
kssl_TKT2tkt( /* IN */ krb5_context krb5context,
/* IN */ KRB5_TKTBODY *asn1ticket,
/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
-** and krb5 AP_REQ message & message length,
-** Return Kerberos session key and client principle
-** to SSL Server in KSSL_CTX *kssl_ctx.
-**
-** 19990702 VRS Started.
-*/
+ * and krb5 AP_REQ message & message length,
+ * Return Kerberos session key and client principle
+ * to SSL Server in KSSL_CTX *kssl_ctx.
+ *
+ * 19990702 VRS Started.
+ */
krb5_error_code
kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
/* IN */ krb5_data *indata,
}
}
- /* Actual Kerberos5 krb5_recvauth() has initial conversation here
- ** o check KRB5_SENDAUTH_BADAUTHVERS
- ** unless KRB5_RECVAUTH_SKIP_VERSION
- ** o check KRB5_SENDAUTH_BADAPPLVERS
- ** o send "0" msg if all OK
- */
+ /*- Actual Kerberos5 krb5_recvauth() has initial conversation here
+ * o check KRB5_SENDAUTH_BADAUTHVERS
+ * unless KRB5_RECVAUTH_SKIP_VERSION
+ * o check KRB5_SENDAUTH_BADAPPLVERS
+ * o send "0" msg if all OK
+ */
- /* 20010411 was using AP_REQ instead of true KerberosWrapper
- **
- ** if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,
- ** &krb5in_data, krb5server, krb5keytab,
- ** &ap_option, &krb5ticket)) != 0) { Error }
- */
+ /*-
+ * 20010411 was using AP_REQ instead of true KerberosWrapper
+ *
+ * if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,
+ * &krb5in_data, krb5server, krb5keytab,
+ * &ap_option, &krb5ticket)) != 0) { Error }
+ */
p = (unsigned char *)indata->data;
if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p,
/* Frees a kssl_ctx struct and any allocated memory it holds.
-** Returns NULL.
-*/
+ * Returns NULL.
+ */
KSSL_CTX *
kssl_ctx_free(KSSL_CTX *kssl_ctx)
{
/* Given an array of (krb5_data *) entity (and optional realm),
-** set the plain (char *) client_princ or service_host member
-** of the kssl_ctx struct.
-*/
+ * set the plain (char *) client_princ or service_host member
+ * of the kssl_ctx struct.
+ */
krb5_error_code
kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
krb5_data *realm, krb5_data *entity, int nentities)
}
-/* Set one of the plain (char *) string members of the kssl_ctx struct.
-** Default values should be:
-** which == KSSL_SERVICE => "khost" (KRB5SVC)
-** which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB)
-*/
+/*- Set one of the plain (char *) string members of the kssl_ctx struct.
+ * Default values should be:
+ * which == KSSL_SERVICE => "khost" (KRB5SVC)
+ * which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB)
+ */
krb5_error_code
kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
{
/* Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx
-** struct. Clear kssl_ctx->key if Kerberos session key is NULL.
-*/
+ * struct. Clear kssl_ctx->key if Kerberos session key is NULL.
+ */
krb5_error_code
kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
{
/* Given pointers to KerberosTime and struct tm structs, convert the
-** KerberosTime string to struct tm. Note that KerberosTime is a
-** ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional
-** seconds as defined in RFC 1510.
-** Return pointer to the (partially) filled in struct tm on success,
-** return NULL on failure.
-*/
+ * KerberosTime string to struct tm. Note that KerberosTime is a
+ * ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional
+ * seconds as defined in RFC 1510.
+ * Return pointer to the (partially) filled in struct tm on success,
+ * return NULL on failure.
+ */
static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
{
char c, *p;
/* Helper function for kssl_validate_times().
-** We need context->clockskew, but krb5_context is an opaque struct.
-** So we try to sneek the clockskew out through the replay cache.
-** If that fails just return a likely default (300 seconds).
-*/
+ * We need context->clockskew, but krb5_context is an opaque struct.
+ * So we try to sneek the clockskew out through the replay cache.
+ * If that fails just return a likely default (300 seconds).
+ */
static krb5_deltat get_rc_clockskew(krb5_context context)
{
krb5_rcache rc;
/* kssl_validate_times() combines (and more importantly exposes)
-** the MIT KRB5 internal function krb5_validate_times() and the
-** in_clock_skew() macro. The authenticator client time is checked
-** to be within clockskew secs of the current time and the current
-** time is checked to be within the ticket start and expire times.
-** Either check may be omitted by supplying a NULL value.
-** Returns 0 for valid times, SSL_R_KRB5* error codes otherwise.
-** See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c
-** 20010420 VRS
-*/
+ * the MIT KRB5 internal function krb5_validate_times() and the
+ * in_clock_skew() macro. The authenticator client time is checked
+ * to be within clockskew secs of the current time and the current
+ * time is checked to be within the ticket start and expire times.
+ * Either check may be omitted by supplying a NULL value.
+ * Returns 0 for valid times, SSL_R_KRB5* error codes otherwise.
+ * See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c
+ * 20010420 VRS
+ */
krb5_error_code kssl_validate_times( krb5_timestamp atime,
krb5_ticket_times *ttimes)
{
/* Decode and decrypt given DER-encoded authenticator, then pass
-** authenticator ctime back in *atimep (or 0 if time unavailable).
-** Returns krb5_error_code and kssl_err on error. A NULL
-** authenticator (authentp->length == 0) is not considered an error.
-** Note that kssl_check_authent() makes use of the KRB5 session key;
-** you must call kssl_sget_tkt() to get the key before calling this routine.
-*/
+ * authenticator ctime back in *atimep (or 0 if time unavailable).
+ * Returns krb5_error_code and kssl_err on error. A NULL
+ * authenticator (authentp->length == 0) is not considered an error.
+ * Note that kssl_check_authent() makes use of the KRB5 session key;
+ * you must call kssl_sget_tkt() to get the key before calling this routine.
+ */
krb5_error_code kssl_check_authent(
/* IN */ KSSL_CTX *kssl_ctx,
/* IN */ krb5_data *authentp,
if (enc == NULL)
{
/* Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1.
- ** This enctype indicates the authenticator was encrypted
- ** using key-usage derived keys which openssl cannot decrypt.
- */
+ * This enctype indicates the authenticator was encrypted
+ * using key-usage derived keys which openssl cannot decrypt.
+ */
goto err;
}
/* Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host),
-** because I don't know how to stub varargs.
-** Returns krb5_error_code == ENOMEM on alloc error, otherwise
-** passes back newly constructed principal, which should be freed by caller.
-*/
+ * because I don't know how to stub varargs.
+ * Returns krb5_error_code == ENOMEM on alloc error, otherwise
+ * passes back newly constructed principal, which should be freed by caller.
+ */
krb5_error_code kssl_build_principal_2(
/* UPDATE */ krb5_context context,
/* OUT */ krb5_principal *princ,
#endif
/*
-** Depending on which KRB5 implementation used, some types from
-** the other may be missing. Resolve that here and now
-*/
+ * Depending on which KRB5 implementation used, some types from
+ * the other may be missing. Resolve that here and now
+ */
#ifdef KRB5_HEIMDAL
typedef unsigned char krb5_octet;
#define FAR
#endif
/* Uncomment this to debug kssl problems or
-** to trace usage of the Kerberos session key
-**
-** #define KSSL_DEBUG
-*/
+ * to trace usage of the Kerberos session key
+ *
+ * #define KSSL_DEBUG
+ */
#ifndef KRB5SVC
#define KRB5SVC "host"
} KSSL_ERR;
-/* Context for passing
-** (1) Kerberos session key to SSL, and
-** (2) Config data between application and SSL lib
-*/
+/*- Context for passing
+ * (1) Kerberos session key to SSL, and
+ * (2) Config data between application and SSL lib
+ */
typedef struct kssl_ctx_st
{
/* used by: disposition: */
v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
v[1] = p[4];
- /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
+ /*-
+ * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
* header is sent directly on the wire, not wrapped as a TLS
* record. It's format is:
* Byte Content
return(0);
}
-/* for these 2 messages, we need to
+/*-
+ * for these 2 messages, we need to
* ssl->enc_read_ctx re-init
* ssl->s3->read_sequence zero
* ssl->s3->read_mac_secret re-init
* supported by TLS.) */
#define MAX_HASH_BLOCK_SIZE 128
-/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
+/*-
+ * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
* record in |rec| by updating |rec->length| in constant time.
*
* block_size: the block size of the cipher used to encrypt the record.
* returns:
* 0: (in non-constant time) if the record is publicly invalid.
* 1: if the padding was valid
- * -1: otherwise. */
+ * -1: otherwise.
+ */
int ssl3_cbc_remove_padding(const SSL* s,
SSL3_RECORD *rec,
unsigned block_size,
return constant_time_select_int(good, 1, -1);
}
-/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
+/*-
+ * tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
* record in |rec| in constant time and returns 1 if the padding is valid and
* -1 otherwise. It also removes any explicit IV from the start of the record
* without leaking any timing about whether there was enough space after the
* returns:
* 0: (in non-constant time) if the record is publicly invalid.
* 1: if the padding was valid
- * -1: otherwise. */
+ * -1: otherwise.
+ */
int tls1_cbc_remove_padding(const SSL* s,
SSL3_RECORD *rec,
unsigned block_size,
return constant_time_select_int(good, 1, -1);
}
-/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
+/*-
+ * ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
* constant time (independent of the concrete value of rec->length, which may
* vary within a 256-byte window).
*
}
}
-/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
+/*-
+ * ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
* record.
*
* ctx: the EVP_MD_CTX from which we take the hash function.
* On entry: by virtue of having been through one of the remove_padding
* functions, above, we know that data_plus_mac_size is large enough to contain
* a padding byte and MAC. (If the padding was invalid, it might contain the
- * padding too. ) */
+ * padding too. )
+ */
void ssl3_cbc_digest_record(
const EVP_MD_CTX *ctx,
unsigned char* md_out,
/* Do the message type and length last */
d=p= ssl_handshake_start(s);
- /* version indicates the negotiated version: for example from
+ /*-
+ * version indicates the negotiated version: for example from
* an SSLv2/v3 compatible client hello). The client_version
* field is the maximum version we permit and it is also
* used in RSA encrypted premaster secrets. Some servers can
goto err;
}
- /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
- ** in place of RFC 2712 KerberosWrapper, as in:
- **
- ** Send ticket (copy to *p, set n = length)
- ** n = krb5_ap_req.length;
- ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
- ** if (krb5_ap_req.data)
- ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
- **
- ** Now using real RFC 2712 KerberosWrapper
- ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
- ** Note: 2712 "opaque" types are here replaced
- ** with a 2-byte length followed by the value.
- ** Example:
- ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
- ** Where "xx xx" = length bytes. Shown here with
- ** optional authenticator omitted.
- */
+ /*-
+ * 20010406 VRS - Earlier versions used KRB5 AP_REQ
+ * in place of RFC 2712 KerberosWrapper, as in:
+ *
+ * Send ticket (copy to *p, set n = length)
+ * n = krb5_ap_req.length;
+ * memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+ * if (krb5_ap_req.data)
+ * kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
+ *
+ * Now using real RFC 2712 KerberosWrapper
+ * (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
+ * Note: 2712 "opaque" types are here replaced
+ * with a 2-byte length followed by the value.
+ * Example:
+ * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
+ * Where "xx xx" = length bytes. Shown here with
+ * optional authenticator omitted.
+ */
/* KerberosWrapper.Ticket */
s2n(enc_ticket->length,p);
if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
goto err;
- /* 20010420 VRS. Tried it this way; failed.
- ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
- ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
- ** kssl_ctx->length);
- ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
- */
+ /*-
+ * 20010420 VRS. Tried it this way; failed.
+ * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+ * EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+ * kssl_ctx->length);
+ * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+ */
memset(iv, 0, sizeof iv); /* per RFC 1510 */
EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
*/
if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL))
{
- /* XXX: For now, we do not support client
+ /*-
+ * XXX: For now, we do not support client
* authentication using ECDH certificates.
* To add such support, one needs to add
* code that checks for appropriate
* ssl3_get_record to loop forever. */
#define MAX_EMPTY_RECORDS 32
-/* Call this to get a new input record.
+/*-
+ * Call this to get a new input record.
* It will return <= 0 if more data is needed, normally due to an error
* or non-blocking IO.
* When it finishes, one packet has been decoded and can be found in
}
enc_err = s->method->ssl3_enc->enc(s,0);
- /* enc_err is:
+ /*-
+ * enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 1: if the padding is valid
- * -1: if the padding is invalid */
+ * -1: if the padding is invalid
+ */
if (enc_err == 0)
{
al=SSL_AD_DECRYPTION_FAILED;
}
rr->off=0;
- /* So at this point the following is true
+ /*-
+ * So at this point the following is true
* ssl->s3->rrec.type is the type of record
* ssl->s3->rrec.length == number of bytes in record
* ssl->s3->rrec.off == offset to first valid byte
}
}
-/* Return up to 'len' payload bytes received in 'type' records.
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
* 'type' is one of the following:
*
* - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
start:
s->rwstate=SSL_NOTHING;
- /* s->s3->rrec.type - is the type of record
+ /*-
+ * s->s3->rrec.type - is the type of record
* s->s3->rrec.data, - data
* s->s3->rrec.off, - offset into 'data' for next read
- * s->s3->rrec.length, - number of bytes. */
+ * s->s3->rrec.length, - number of bytes.
+ */
rr = &(s->s3->rrec);
/* get new packet if necessary */
}
}
- /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
+ /*-
+ * s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
* s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
- * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
+ * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+ */
/* If we are a client, check for an incoming 'Hello Request': */
if ((!s->server) &&
goto f_err;
}
- /* we now have the following setup.
+ /*-
+ * we now have the following setup.
* client_random
* cipher_list - our prefered list of ciphers
* ciphers - the clients prefered list of ciphers
memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
- /* There are several cases for the session ID to send
+ /*-
+ * There are several cases for the session ID to send
* back in the server hello:
* - For session reuse from the session cache,
* we send back the old session ID.
}
- /* Was doing kssl_ctx_free() here,
- ** but it caused problems for apache.
- ** kssl_ctx = kssl_ctx_free(kssl_ctx);
- ** if (s->kssl_ctx) s->kssl_ctx = NULL;
- */
+ /*- Was doing kssl_ctx_free() here,
+ * but it caused problems for apache.
+ * kssl_ctx = kssl_ctx_free(kssl_ctx);
+ * if (s->kssl_ctx) s->kssl_ctx = NULL;
+ */
}
else
#endif /* OPENSSL_NO_KRB5 */
i2d_SSL_SESSION(sess, &p);
SSL_SESSION_free(sess);
- /* Grow buffer if need be: the length calculation is as
+ /*-
+ * Grow buffer if need be: the length calculation is as
* follows handshake_header_length +
* 4 (ticket lifetime hint) + 2 (ticket length) +
* 16 (key name) + max_iv_len (iv length) +
if (s->state == SSL3_ST_SW_CERT_STATUS_A)
{
unsigned char *p;
- /* Grow buffer if need be: the length calculation is as
+ /*-
+ * Grow buffer if need be: the length calculation is as
* follows 1 (message type) + 3 (message length) +
* 1 (ocsp response type) + 3 (ocsp response length)
* + (ocsp response)
p=(unsigned char *)s->init_msg;
- /* The payload looks like:
+ /*-
+ * The payload looks like:
* uint8 proto_len;
* uint8 proto[proto_len];
* uint8 padding_len;
#define SSL_TXT_ALL "ALL"
-/*
+/*-
* COMPLEMENTOF* definitions. These identifiers are used to (de-select)
* ciphers normally not being used.
* Example: "RC4" will activate all ciphers using RC4 including ciphers
long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
};
-/* Lets make this into an ASN.1 type structure as follows
+/*-
+ * Lets make this into an ASN.1 type structure as follows
* SSL_SESSION_ID ::= SEQUENCE {
* version INTEGER, -- structure version number
* SSLversion INTEGER, -- SSL version number
/* ALPN information
* (we are in the process of transitioning from NPN to ALPN.) */
- /* For a server, this contains a callback function that allows the
+ /*-
+ * For a server, this contains a callback function that allows the
* server to select the protocol for the connection.
* out: on successful return, this must point to the raw protocol
* name (without the length prefix).
* outlen: on successful return, this contains the length of |*out|.
* in: points to the client's list of supported protocols in
* wire-format.
- * inlen: the length of |in|. */
+ * inlen: the length of |in|.
+ */
int (*alpn_select_cb)(SSL *s,
const unsigned char **out,
unsigned char *outlen,
if (cm == NULL || cm->type == NID_undef)
return 1;
- /* According to draft-ietf-tls-compression-04.txt, the
- compression number ranges should be the following:
-
- 0 to 63: methods defined by the IETF
- 64 to 192: external party methods assigned by IANA
- 193 to 255: reserved for private use */
+ /*-
+ * According to draft-ietf-tls-compression-04.txt, the
+ * compression number ranges should be the following:
+ *
+ * 0 to 63: methods defined by the IETF
+ * 64 to 192: external party methods assigned by IANA
+ * 193 to 255: reserved for private use
+ */
if (id < 193 || id > 255)
{
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
/* we have used 000001ff - 23 bits left to go */
-/*
+/*-
* Macros to check the export status and cipher strength for export ciphers.
* Even though the macros for EXPORT and EXPORT40/56 have similar names,
* their meaning is different:
#define SSL_PKEY_GOST01 7
#define SSL_PKEY_NUM 8
-/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
+/*-
+ * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
* SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
/* Chain for this certificate */
STACK_OF(X509) *chain;
#ifndef OPENSSL_NO_TLSEXT
- /* serverinfo data for this certificate. The data is in TLS Extension
+ /*-
+ * serverinfo data for this certificate. The data is in TLS Extension
* wire format, specifically it's a series of records like:
* uint16_t extension_type; // (RFC 5246, 7.4.1.4, Extension)
* uint16_t length;
- * uint8_t data[length]; */
+ * uint8_t data[length];
+ */
unsigned char *serverinfo;
size_t serverinfo_length;
#endif
return(0);
}
#ifndef OPENSSL_NO_TLSEXT
- /*
+ /*-
* If RFC5077 ticket, use empty session ID (as server).
* Note that:
* (a) ssl_get_prev_session() does lookahead into the
*/
/* VMS */
-/*
+/*-
* DECnet object for servicing SSL. We accept the inbound and speak a
* simple protocol for multiplexing the 2 data streams (application and
* ssl data) over this logical link.
c_to_s=BIO_new(BIO_s_rtcp());
s_to_c=BIO_new(BIO_s_rtcp());
if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
-/* original, DRM 24-SEP-1997
+/*- original, DRM 24-SEP-1997
BIO_set_fd ( c_to_s, "", chan );
BIO_set_fd ( s_to_c, "", chan );
*/
return 0;
}
-/* Four test cases for custom extensions:
+/*-
+ * Four test cases for custom extensions:
* 0 - no ClientHello extension or ServerHello response
* 1 - ClientHello with "abc", no response
* 2 - ClientHello with "abc", empty response
do
{
- /* c_ssl_bio: SSL filter BIO
+ /*-
+ * c_ssl_bio: SSL filter BIO
*
* client: pseudo-I/O for SSL library
*
vfprintf(stderr, my_format, args);
va_end(args);
}
-/* Priority levels:
- 0 [!]var, ()
- 1 & ^
- 2 |
-*/
+/*-
+ * Priority levels:
+ * 0 [!]var, ()
+ * 1 & ^
+ * 2 |
+ */
static int process_proxy_cond_adders(unsigned int letters[26],
const char *cond, const char **cond_end, int *pos, int indent);
static int process_proxy_cond_val(unsigned int letters[26],
#endif
#ifndef OPENSSL_NO_DH
-/* These DH parameters have been generated as follows:
+/*-
+ * These DH parameters have been generated as follows:
* $ openssl dhparam -C -noout 512
* $ openssl dhparam -C -noout 1024
* $ openssl dhparam -C -noout -dsaparam 1024
return 0;
}
-/*
+/*-
* Return |nmatch|th shared curve or NID_undef if there is no match.
* For nmatch == -1, return number of matches
* For nmatch == -2, return the NID of the curve to use for
unsigned long size_str;
long lenmax;
- /* check for enough space.
- 4 for the servername type and entension length
- 2 for servernamelist length
- 1 for the hostname type
- 2 for hostname length
- + hostname length
- */
+ /*-
+ * check for enough space.
+ * 4 for the servername type and entension length
+ * 2 for servernamelist length
+ * 1 for the hostname type
+ * 2 for hostname length
+ * + hostname length
+ */
if ((lenmax = limit - ret - 9) < 0
|| (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
return NULL;
}
- /* check for enough space.
- 4 for the srp type type and entension length
- 1 for the srp user identity
- + srp user identity length
- */
+ /*-
+ * check for enough space.
+ * 4 for the srp type type and entension length
+ * 1 for the srp user identity
+ * + srp user identity length
+ */
if ((limit - ret - 5 - login_len) < 0) return NULL;
/* fill in the extension */
return NULL;
s2n(TLSEXT_TYPE_heartbeat,ret);
s2n(1,ret);
- /* Set mode:
+ /*-
+ * Set mode:
* 1: peer may send requests
* 2: peer not allowed to send requests
*/
return NULL;
s2n(TLSEXT_TYPE_heartbeat,ret);
s2n(1,ret);
- /* Set mode:
+ /*-
+ * Set mode:
* 1: peer may send requests
* 2: peer not allowed to send requests
*/
}
#ifndef OPENSSL_NO_EC
-/* ssl_check_for_safari attempts to fingerprint Safari using OS X
+/*-
+ * ssl_check_for_safari attempts to fingerprint Safari using OS X
* SecureTransport using the TLS extension block in |d|, of length |n|.
* Safari, since 10.6, sends exactly these extensions, in this order:
* SNI,
}
else if (s->version == SSL3_VERSION)
{}
-/* The servername extension is treated as follows:
-
- - Only the hostname type is supported with a maximum length of 255.
- - The servername is rejected if too long or if it contains zeros,
- in which case an fatal alert is generated.
- - The servername field is maintained together with the session cache.
- - When a session is resumed, the servername call back invoked in order
- to allow the application to position itself to the right context.
- - The servername is acknowledged if it is new for a session or when
- it is identical to a previously used for the same session.
- Applications can control the behaviour. They can at any time
- set a 'desirable' servername for a new SSL object. This can be the
- case for example with HTTPS when a Host: header field is received and
- a renegotiation is requested. In this case, a possible servername
- presented in the new client hello is only acknowledged if it matches
- the value of the Host: field.
- - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
- if they provide for changing an explicit servername context for the session,
- i.e. when the session has been established with a servername extension.
- - On session reconnect, the servername extension may be absent.
-
-*/
+/*-
+ * The servername extension is treated as follows:
+ *
+ * - Only the hostname type is supported with a maximum length of 255.
+ * - The servername is rejected if too long or if it contains zeros,
+ * in which case an fatal alert is generated.
+ * - The servername field is maintained together with the session cache.
+ * - When a session is resumed, the servername call back invoked in order
+ * to allow the application to position itself to the right context.
+ * - The servername is acknowledged if it is new for a session or when
+ * it is identical to a previously used for the same session.
+ * Applications can control the behaviour. They can at any time
+ * set a 'desirable' servername for a new SSL object. This can be the
+ * case for example with HTTPS when a Host: header field is received and
+ * a renegotiation is requested. In this case, a possible servername
+ * presented in the new client hello is only acknowledged if it matches
+ * the value of the Host: field.
+ * - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ * if they provide for changing an explicit servername context for the
+ * session, i.e. when the session has been established with a servername
+ * extension.
+ * - On session reconnect, the servername extension may be absent.
+ *
+ */
else if (type == TLSEXT_TYPE_server_name)
{
s->s3->tmp.finish_md_len == 0 &&
s->s3->alpn_selected == NULL)
{
- /* We shouldn't accept this extension on a
+ /*-
+ * We shouldn't accept this extension on a
* renegotiation.
*
* s->new_session will be set on renegotiation, but we
* there's some other reason to disallow resuming an
* earlier session -- the current code won't be doing
* anything like that, but this might change).
-
+ *
* A valid sign that there's been a previous handshake
* in this connection is if s->s3->tmp.finish_md_len >
* 0. (We are talking about a check that will happen
* in the Hello protocol round, well before a new
- * Finished message could have been computed.) */
+ * Finished message could have been computed.)
+ */
s->s3->next_proto_neg_seen = 1;
}
#endif
*al = TLS1_AD_DECODE_ERROR;
return 0;
}
- /* The extension data consists of:
+ /*-
+ * The extension data consists of:
* uint16 list_length
* uint8 proto_length;
- * uint8 proto[proto_length]; */
+ * uint8 proto[proto_length];
+ */
len = data[0];
len <<= 8;
len |= data[1];
return 1;
}
-/* Since the server cache lookup is done early on in the processing of the
+/*-
+ * Since the server cache lookup is done early on in the processing of the
* ClientHello, and other operations depend on the result, we need to handle
* any TLS session ticket extension at the same time.
*
return 0;
}
-/* tls_decrypt_ticket attempts to decrypt a session ticket.
+/*-
+ * tls_decrypt_ticket attempts to decrypt a session ticket.
*
* etick: points to the body of the session ticket extension.
* eticklen: the length of the session tickets extenion.
*/
OPENSSL_assert(payload + padding <= 16381);
- /* Create HeartBeat message, we just use a sequence number
+ /*-
+ * Create HeartBeat message, we just use a sequence number
* as payload to distuingish different messages and add
* some random stuff.
* - Message Type, 1 byte
METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
-/* tmp=METH_new(x509_by_issuer_dir);
+/*- tmp=METH_new(x509_by_issuer_dir);
METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
METH_push(top,METH_X509_BY_ISSUER,tmp);
/* test/testutil.c */
-/*
+/*-
* Utilities for writing OpenSSL unit tests.
*
* More information:
/* test/testutil.h */
-/*
+/*-
* Utilities for writing OpenSSL unit tests.
*
* More information:
#ifndef HEADER_TESTUTIL_H
#define HEADER_TESTUTIL_H
-/* SETUP_TEST_FIXTURE and EXECUTE_TEST macros for test case functions.
+/*-
+ * SETUP_TEST_FIXTURE and EXECUTE_TEST macros for test case functions.
*
* SETUP_TEST_FIXTURE will call set_up() to create a new TEST_FIXTURE_TYPE
* object called "fixture". It will also allocate the "result" variable used