#if !defined(RC4_INT)
/* using int types make the structure larger but make the code faster
* on most boxes I have tested - up to %20 faster. */
-/*
+/*-
* I don't know what does "most" mean, but declaring "int" is a must on:
* - Intel P6 because partial register stalls are very expensive;
* - elder Alpha because it lacks byte load/store instructions;
OPENSSL_EXIT(ret);
}
-/*
+/*-
*----------------------------------------------------------------------
* int add_certs_from_file
*
}
else if (strcmp(*argv,"-2") == 0)
g=2;
- /* else if (strcmp(*argv,"-3") == 0)
+ /*- else if (strcmp(*argv,"-3") == 0)
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
{
if (cert_file != NULL)
{
- /*
+ /*-
SSL *ssl;
X509 *x509;
*/
FD_SET(SSL_get_fd(con),&writefds);
}
#endif
-/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
+/*- printf("mode tty(%d %d%d) ssl(%d%d)\n",
tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
/* Note: under VMS with SOCKETSHR the second parameter
OPENSSL_EXIT(ret);
}
-/***********************************************************************
+/*-
* doConnection - make a connection
* Args:
* scon = earlier ssl connection for session id, or NULL
*
*/
-/* Usage: winrand [filename]
+/*-
+ * Usage: winrand [filename]
*
* Collects entropy from mouse movements and other events and writes
* random data to filename or .rnd
* something to watch out for. This was fine on linux/NT/Solaris but not
* Alpha */
-/* it is basically an example of
+/*-
+ * it is basically an example of
* func(*(a++),*(a++))
* which parameter is evaluated first? It is not defined in ASN1 C.
*/
* copies of the valiable, one in a register and one being an address
* that is passed. */
-/* compare the out put from
+/*-
+ * compare the out put from
* gcc dggccbug.c; ./a.out
* and
* gcc -O dggccbug.c; ./a.out
* Gage <agage@forgetmenot.Mines.EDU>
*/
-/* Compare the output from
+/*-
+ * Compare the output from
* cc sgiccbug.c; ./a.out
* and
* cc -O sgiccbug.c; ./a.out
#include <stdio.h>
-/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
+/*-
+ * This is a cc optimiser bug for ultrix 4.3, mips CPU.
* What happens is that the compiler, due to the (a)&7,
* does
* i=a&7;
}
-/*
+/*-
* This converts an ASN1 INTEGER into its content encoding.
* The internal representation is an ASN1_STRING whose data is a big endian
* representation of the value, ignoring the sign. The sign is determined by
return global_mask;
}
-/* This function sets the default to various "flavours" of configuration.
+/*-
+ * This function sets the default to various "flavours" of configuration.
* based on an ASCII string. Currently this is:
* MASK:XXXX : a numerical mask value.
* nobmp : Don't use BMPStrings (just Printable, T61).
if (((arg)=func()) == NULL) return(NULL)
#define M_ASN1_New_Error(a) \
-/* err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+/*- err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
return(NULL);*/ \
err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
return(NULL)
#endif
};
-/* These are values for the itype field and
+/*-
+ * These are values for the itype field and
* determine how the type is interpreted.
*
* For PRIMITIVE types the underlying type
OPENSSL_free(param);
}
-/* Check for a multipart boundary. Returns:
+/*-
+ * Check for a multipart boundary. Returns:
* 0 : no boundary
* 1 : part boundary
* 2 : final boundary
CONF_module_add("oid_section", oid_module_init, oid_module_finish);
}
-/* Create an OID based on a name value pair. Accept two formats.
+/*-
+ * Create an OID based on a name value pair. Accept two formats.
* shortname = 1.2.3.4
* shortname = some long name, 1.2.3.4
*/
* [including the GNU Public Licence.]
*/
-/*
+/*-
* 03-Dec-1997 rdenny@dc3.com Fix bug preventing use of stdin/stdout
* with binary data (e.g. asn1parse -inform DER < xxx) under
* Windows
int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_CTX *ctx); /* r^2 + r = a mod p */
#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
+/*-
+ * Some functions allow for representation of the irreducible polynomials
* as an unsigned int[], say p. The irreducible f(t) is then of the form:
* t^p[0] + t^p[1] + ... + t^p[k]
* where m = p[0] > p[1] > ... > p[k] = 0.
#include "bn.h"
-/* "First Oakley Default Group" from RFC2409, section 6.1.
+/*-
+ * "First Oakley Default Group" from RFC2409, section 6.1.
*
* The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
*
return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
}
-/* "Second Oakley Default Group" from RFC2409, section 6.2.
+/*-
+ * "Second Oakley Default Group" from RFC2409, section 6.2.
*
* The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
*
return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
}
-/* "1536-bit MODP Group" from RFC3526, Section 2.
+/*-
+ * "1536-bit MODP Group" from RFC3526, Section 2.
*
* The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
*
return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
}
-/* "2048-bit MODP Group" from RFC3526, Section 3.
+/*-
+ * "2048-bit MODP Group" from RFC3526, Section 3.
*
* The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
*
return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
}
-/* "3072-bit MODP Group" from RFC3526, Section 4.
+/*-
+ * "3072-bit MODP Group" from RFC3526, Section 4.
*
* The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
*
return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
}
-/* "4096-bit MODP Group" from RFC3526, Section 5.
+/*-
+ * "4096-bit MODP Group" from RFC3526, Section 5.
*
* The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
*
return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
}
-/* "6144-bit MODP Group" from RFC3526, Section 6.
+/*-
+ * "6144-bit MODP Group" from RFC3526, Section 6.
*
* The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
*
return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
}
-/* "8192-bit MODP Group" from RFC3526, Section 7.
+/*-
+ * "8192-bit MODP Group" from RFC3526, Section 7.
*
* The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
*
&& !defined(PEDANTIC) && !defined(BN_DIV3W)
# if defined(__GNUC__) && __GNUC__>=2
# if defined(__i386) || defined (__i386__)
- /*
+ /*-
* There were two reasons for implementing this template:
* - GNU C generates a call to a function (__udivdi3 to be exact)
* in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
}
-/* Some functions allow for representation of the irreducible polynomials
+/*-
+ * Some functions allow for representation of the irreducible polynomials
* as an int[], say p. The irreducible f(t) is then of the form:
* t^p[0] + t^p[1] + ... + t^p[k]
* where m = p[0] > p[1] > ... > p[k] = 0.
int ret = -2; /* avoid 'uninitialized' warning */
int err = 0;
BIGNUM *A, *B, *tmp;
- /* In 'tab', only odd-indexed entries are relevant:
+ /*-
+ * In 'tab', only odd-indexed entries are relevant:
* For any odd BIGNUM n,
* tab[BN_lsw(n) & 7]
* is $(-1)^{(n^2-1)/8}$ (using TeX notation).
BIGNUM *t=NULL;
BN_ULONG *bn_data=NULL,*lp;
- /* get an upper bound for the length of the decimal integer
+ /*-
+ * get an upper bound for the length of the decimal integer
* num <= (BN_num_bits(a) + 1) * log(2)
* <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
* <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
-/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
};
/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
* used as default in CRYPTO_MDEBUG compilations): */
-/* The last argument has the following significance:
+/*-
+ * The last argument has the following significance:
*
* 0: called before the actual memory allocation has taken place
* 1: called after the actual memory allocation has taken place
}
}
if (error) usage();
- /* We either
+ /*-
+ * We either
* do checksum or
* do encrypt or
* do decrypt or
}
else
{
- /* >output is a multiple of 8 byes, if len < rnum
+ /*-
+ * >output is a multiple of 8 byes, if len < rnum
* >we must be careful. The user must be aware that this
* >routine will write more bytes than he asked for.
* >The length of the buffer must be correct.
}
if (save)
{
-/* v0=ti[0];
+/*- v0=ti[0];
v1=ti[1];*/
iv = &(*ivec)[0];
l2c(v0,iv);
* [including the GNU Public Licence.]
*/
-/* set_key.c v 1.4 eay 24/9/91
+/*-
+ * set_key.c v 1.4 eay 24/9/91
* 1.4 Speed up by 400% :-)
* 1.3 added register declarations.
* 1.2 unrolled make_key_sched a bit more
return(ret);
}
-/* data has already been hashed (probably with SHA or SHA-1). */
+/*-
+ * data has already been hashed (probably with SHA or SHA-1). */
/* returns
* 1: correct signature
* 0: incorrect signature
#else /*CHARSET_EBCDIC*/
#include "ebcdic.h"
-/* Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De>
+/*-
+ * Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De>
* Adapted for OpenSSL-0.9.4 by <Martin.Kraemer@Mch.SNI.De>
*/
}
-/* Determines whether the given EC_POINT is an actual point on the curve defined
+/*-
+ * Determines whether the given EC_POINT is an actual point on the curve defined
* in the EC_GROUP. A point is valid if it satisfies the Weierstrass equation:
* y^2 + x*y = x^3 + a*x^2 + b.
*/
-/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+/*-
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
* This is an array r[] of values that are either zero or odd with an
* absolute value less than 2^w satisfying
* scalar = \sum_j r[j]*2^j
(b) >= 20 ? 2 : \
1))
-/* Compute
+/*-
+ * Compute
* \sum scalars[i]*points[i],
* also including
* scalar*generator
y = BN_CTX_get(ctx);
if (y == NULL) goto err;
- /* Recover y. We have a Weierstrass equation
+ /*-
+ * Recover y. We have a Weierstrass equation
* y^2 = x^3 + a*x + b,
* so y is one of the square roots of x^3 + a*x + b.
*/
if (!field_mul(group, n1, n0, n2, ctx)) goto err;
if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
- /* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
- * = 3 * X_a^2 - 3 * Z_a^4 */
+ /*-
+ * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+ * = 3 * X_a^2 - 3 * Z_a^4
+ */
}
else
{
int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
{
- /* return values:
+ /*-
+ * return values:
* -1 error
* 0 equal (in affine coordinates)
* 1 not equal
static volatile struct padlock_cipher_data *padlock_saved_context;
#endif
-/*
+/*-
* =======================================================
* Inline assembler section(s).
* =======================================================
return 1;
}
-/*
+/*-
* Simplified version of padlock_aes_cipher() used when
* 1) both input and output buffers are at aligned addresses.
* or when
BIGNUM *h = BN_new();
BIGNUM *t = BN_new();
- /*
+ /*-
* r in [0,q)
* XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
*/
if ((c == NULL) || (*c == '\0'))
return(ret);
-/*
+/*-
unsigned char b[16];
MD5(c,strlen(c),b);
return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
#include "md32_common.h"
-/*
+/*-
#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z))))
*/
typedef struct app_mem_info_st
-/* For application-defined information (static C-string `info')
+/*-
+ * For application-defined information (static C-string `info')
* to be displayed in memory leak list.
* Each thread has its own stack. For applications, there is
* CRYPTO_push_info("...") to push an entry,
#endif
-/* The PrivateKey case is not that straightforward.
+/*-
+ * The PrivateKey case is not that straightforward.
* IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
* does not work, RSA and DSA keys have specific strings.
* (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
int RAND_load_file(const char *file, long bytes)
{
- /* If bytes >= 0, read up to 'bytes' bytes.
- * if bytes == -1, read complete file. */
+ /*-
+ * If bytes >= 0, read up to 'bytes' bytes.
+ * if bytes == -1, read complete file.
+ */
MS_STATIC unsigned char buf[BUFSIZE];
struct stat sb;
#include <openssl/rc4.h>
#include "rc4_locl.h"
-/* RC4 as implemented from a posting from
+/*-
+ * RC4 as implemented from a posting from
* Newsgroups: sci.crypt
* From: sterndark@netcom.com (David Sterndark)
* Subject: RC4 Algorithm revealed.
#endif
}
-/* RC4 as implemented from a posting from
+/*-
+ * RC4 as implemented from a posting from
* Newsgroups: sci.crypt
* From: sterndark@netcom.com (David Sterndark)
* Subject: RC4 Algorithm revealed.
fprintf(stderr,"-----\n");
lh_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n");
- /* lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+ /*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n"); */
lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n");
fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
for (i=0; i<number_of_loops; i++)
{
-/* fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+/*- fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
CRYPTO_thread_id(),i,
ssl_ctx[0]->references,
ssl_ctx[1]->references); */
might get confused. */
#define UI_INPUT_FLAG_DEFAULT_PWD 0x02
-/* The user of these routines may want to define flags of their own. The core
- UI won't look at those, but will pass them on to the method routines. They
- must use higher bits so they don't get confused with the UI bits above.
- UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good
- example of use is this:
-
- #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
-
+/*-
+ * The user of these routines may want to define flags of their own. The core
+ * UI won't look at those, but will pass them on to the method routines. They
+ * must use higher bits so they don't get confused with the UI bits above.
+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good
+ * example of use is this:
+ *
+ * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
+ *
*/
#define UI_INPUT_FLAG_USER_BASE 16
-/* The following function helps construct a prompt. object_desc is a
- textual short description of the object, for example "pass phrase",
- and object_name is the name of the object (might be a card name or
- a file name.
- The returned string shall always be allocated on the heap with
- OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
-
- If the ui_method doesn't contain a pointer to a user-defined prompt
- constructor, a default string is built, looking like this:
-
- "Enter {object_desc} for {object_name}:"
-
- So, if object_desc has the value "pass phrase" and object_name has
- the value "foo.key", the resulting string is:
-
- "Enter pass phrase for foo.key:"
+/*-
+ * The following function helps construct a prompt. object_desc is a
+ * textual short description of the object, for example "pass phrase",
+ * and object_name is the name of the object (might be a card name or
+ * a file name.
+ * The returned string shall always be allocated on the heap with
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ *
+ * If the ui_method doesn't contain a pointer to a user-defined prompt
+ * constructor, a default string is built, looking like this:
+ *
+ * "Enter {object_desc} for {object_name}:"
+ *
+ * So, if object_desc has the value "pass phrase" and object_name has
+ * the value "foo.key", the resulting string is:
+ *
+ * "Enter pass phrase for foo.key:"
*/
char *UI_construct_prompt(UI *ui_method,
const char *object_desc, const char *object_name);
/* If we were going to up the reference count,
* we would need to do it on a perl 'type'
* basis */
- /* CRYPTO_add(&tmp->data.x509->references,1,
+ /*- CRYPTO_add(&tmp->data.x509->references,1,
CRYPTO_LOCK_X509);*/
goto finish;
}
return 0;
}
-/* if (ret->data.ptr != NULL)
+/*- if (ret->data.ptr != NULL)
X509_OBJECT_free_contents(ret); */
ret->type=tmp->type;
{
if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
if (!ASN1_INTEGER_set(xi->version,2)) goto err;
-/* xi->extensions=ri->attributes; <- bad, should not ever be done
+/*- xi->extensions=ri->attributes; <- bad, should not ever be done
ri->attributes=NULL; */
}
!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
cb=ctx->verify_cb;
- /* must_be_ca can have 1 of 3 values:
- -1: we accept both CA and non-CA certificates, to allow direct
- use of self-signed certificates (which are marked as CA).
- 0: we only accept non-CA certificates. This is currently not
- used, but the possibility is present for future extensions.
- 1: we only accept CA certificates. This is currently used for
- all certificates in the chain except the leaf certificate.
- */
+ /*-
+ * must_be_ca can have 1 of 3 values:
+ * -1: we accept both CA and non-CA certificates, to allow direct
+ * use of self-signed certificates (which are marked as CA).
+ * 0: we only accept non-CA certificates. This is currently not
+ * used, but the possibility is present for future extensions.
+ * 1: we only accept CA certificates. This is currently used for
+ * all certificates in the chain except the leaf certificate.
+ */
must_be_ca = -1;
/* A hack to keep people who don't want to modify their software
return extlist;
}
-/* Currently two options:
+/*-
+ * Currently two options:
* keyid: use the issuers subject keyid, the value 'always' means its is
* an error if the issuer certificate doesn't have a key id.
* issuer: use the issuers cert issuer and serial number. The default is
/* NOCW */
/* demos/bio/saccept.c */
-/* A minimal program to server an SSL connection.
+/*-
+ * A minimal program to server an SSL connection.
* It uses blocking.
* saccept host:port
* host is the interface IP to use. If any interface, use *:port
/* NOCW */
/* demos/bio/sconnect.c */
-/* A minimal program to do SSL to a passed host and port.
+/*-
+ * A minimal program to do SSL to a passed host and port.
* It is actually using non-blocking IO but in a very simple manner
* sconnect host:port - it does a 'GET / HTTP/1.0'
*
/* -*- Mode: C; c-file-style: "bsd" -*- */
-/*
+/*-
* easy-tls.c -- generic TLS proxy.
* $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
*/
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/*
+/*-
* Attribution for OpenSSL library:
*
* This product includes cryptographic software written by Eric Young
# include TLS_APP
#endif
-/* Applications can define:
+/*-
+ * Applications can define:
* TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
* TLS_CUMULATE_ERRORS
* TLS_ERROR_BUFSIZ
/* -*- Mode: C; c-file-style: "bsd" -*- */
-/*
+/*-
* easy-tls.h -- generic TLS proxy.
* $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
*/
| RSA Key Token format |
*------------------------------------------------*/
-/*
+/*-
* NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format
} ICA_KEY_RSA_MODEXPO;
#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
-/*
+/*-
* NOTE: All the fields in the ICA_KEY_RSA_CRT structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format
/* output : output data buffer */
/* input : input data buffer */
/* algo : hash algorithm, MD5 or SHA1 */
-/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
+/*-
+ * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
* typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
*/
/* For now separate this stuff that mad it easier to test */
/* NOCW */
-/* demos/spkigen.c
+/*-
+ * demos/spkigen.c
* 18-Mar-1997 - eay - A quick hack :-)
* version 1.1, it would probably help to save or load the
* private key :-)
/* For callbacks generating output, here are their file-descriptors. */
static FILE *fp_cb_ssl_info = NULL;
static FILE *fp_cb_ssl_verify = NULL;
-/* Output level:
+/*-
+ * Output level:
* 0 = nothing,
* 1 = minimal, just errors,
* 2 = minimal, all steps,
{
largenum.value = buf;
largenum.nbytes = sizeof(buf32);
- /* tell CryptoSwift how many bytes we want and where we want it.
+ /*-
+ * tell CryptoSwift how many bytes we want and where we want it.
* Note: - CryptoSwift cannot do more than 4096 bytes at a time.
- * - CryptoSwift can only do multiple of 32-bits. */
+ * - CryptoSwift can only do multiple of 32-bits.
+ */
swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
if (swrc != SW_OK)
{
return dh_builtin_genparams(ret, prime_len, generator, cb);
}
-/* We generate DH parameters as follows
+/*-
+ * We generate DH parameters as follows
* find a prime q which is prime_len/2 bits long.
* p=(2*q)+1 or (p-1)/2 = q
* For this case, g is a generator if
#include <openssl/err.h>
#include <openssl/fips.h>
-/* Check that p is a safe prime and
+/*-
+ * Check that p is a safe prime and
* if g is 2, 3 or 5, check that is is a suitable generator
* where
* for 2, p mod 24 == 11
return dh_builtin_genparams(ret, prime_len, generator, cb);
}
-/* We generate DH parameters as follows
+/*-
+ * We generate DH parameters as follows
* find a prime q which is prime_len/2 bits long.
* p=(2*q)+1 or (p-1)/2 = q
* For this case, g is a generator if
goto err;
}
- /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
+ /*-
+ * 20010406 VRS - Earlier versions used KRB5 AP_REQ
** in place of RFC 2712 KerberosWrapper, as in:
**
** Send ticket (copy to *p, set n = length)
if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
goto err;
- /* 20010420 VRS. Tried it this way; failed.
- ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
- ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
- ** kssl_ctx->length);
- ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
- */
+ /*-
+ * 20010420 VRS. Tried it this way; failed.
+ * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+ * EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+ * kssl_ctx->length);
+ * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+ */
memset(iv, 0, sizeof iv); /* per RFC 1510 */
EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
d = dtls1_set_message_header(s, d,
SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
- /*
+ /*-
*(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
l2n3(n,d);
l2n(s->d1->handshake_write_seq,d);
#include <openssl/des.h>
#endif
-/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+/*-
+ * dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* short etc).
* 1: if the record's padding is valid / the encryption was successful.
* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- * an internal error occured. */
+ * an internal error occured.
+ */
int dtls1_enc(SSL *s, int send)
{
SSL3_RECORD *rec;
rr->data=rr->input;
enc_err = s->method->ssl3_enc->enc(s,0);
- /* enc_err is:
+ /*-
+ * enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 1: if the padding is valid
- * -1: if the padding is invalid */
+ * -1: if the padding is invalid
+ */
if (enc_err == 0)
{
/* For DTLS we simply ignore bad packets. */
}
}
- /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
+ /*-
+ * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
* s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
- * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
+ * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+ */
/* If we are a client, check for an incoming 'Hello Request': */
if ((!s->server) &&
}
-/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
+/*-
+ * Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
* and krb5 AP_REQ message & message length,
* Return Kerberos session key and client principle
* to SSL Server in KSSL_CTX *kssl_ctx.
#endif
-/* Uncomment this to debug kssl problems or
+/*-
+ * Uncomment this to debug kssl problems or
* to trace usage of the Kerberos session key
*
* #define KSSL_DEBUG
}
else if ((bs <= 1) && (!s->s2->escape))
{
- /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
- * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
+ /*-
+ * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
+ * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+ */
s->s2->three_byte_header=0;
p=0;
}
else /* we may have to use a 3 byte header */
{
- /* If s->s2->escape is not set, then
+ /*-
+ * If s->s2->escape is not set, then
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
- * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
+ * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER.
+ */
p=(j%bs);
p=(p == 0)?0:(bs-p);
if (s->s2->escape)
}
}
- /* Now
+ /*-
+ * Now
* j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
* holds, and if s->s2->three_byte_header is set, then even
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
s->s3->tmp.key_block_length=0;
}
-/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+/*-
+ * ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* data we are hashing because that gives an attacker a
* timing-oracle. */
- /* npad is, at most, 48 bytes and that's with MD5:
+ /*-
+ * npad is, at most, 48 bytes and that's with MD5:
* 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
*
* With SHA-1 (the largest hash speced for SSLv3) the hash size
#endif
/* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
+/*-
+ * Version 0 - initial version
* Version 1 - added the optional peer certificate
*/
#define SSL_SESSION_ASN1_VERSION 0x0001
#define SSL_ST_READ_BODY 0xF1
#define SSL_ST_READ_DONE 0xF2
-/* Obtain latest Finished message
+/*-
+ * Obtain latest Finished message
* -- that we sent (SSL_get_finished)
* -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
if (!found)
break; /* ignore this entry */
- /* New algorithms:
+ /*-
+ * New algorithms:
* 1 - any old restrictions apply outside new mask
* 2 - any new restrictions apply outside old mask
* 3 - enforce old & new where masks intersect
* SSL_aDSS <- DSA_SIGN
*/
-/*
+/*-
#define CERT_INVALID 0
#define CERT_PUBLIC_KEY 1
#define CERT_PRIVATE_KEY 2