outfile = *(++argv);
} else if (strcmp(*argv, "-2") == 0)
g = 2;
- /*- else if (strcmp(*argv,"-3") == 0)
- g=3; */
+/*- else if (strcmp(*argv,"-3") == 0)
+ g=3; */
else if (strcmp(*argv, "-5") == 0)
g = 5;
# ifndef OPENSSL_NO_ENGINE
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
{
if (cert_file != NULL) {
- /*-
- SSL *ssl;
- X509 *x509;
- */
+ /*-
+ SSL *ssl;
+ X509 *x509;
+ */
if (SSL_CTX_use_certificate_file(ctx, cert_file,
SSL_FILETYPE_PEM) <= 0) {
openssl_fdset(SSL_get_fd(con), &writefds);
}
#endif
-/*- printf("mode tty(%d %d%d) ssl(%d%d)\n",
- tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+/*- printf("mode tty(%d %d%d) ssl(%d%d)\n",
+ tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
/*
* Note: under VMS with SOCKETSHR the second parameter is
i = ioctlsocket(fd, type, (char *)arg);
# else
# if defined(OPENSSL_SYS_VMS)
- /*-
- * 2011-02-18 SMS.
- * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
- * observe that all the consumers pass in an "unsigned long *",
- * so we arrange a local copy with a short pointer, and use
- * that, instead.
- */
+ /*-
+ * 2011-02-18 SMS.
+ * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
+ * observe that all the consumers pass in an "unsigned long *",
+ * so we arrange a local copy with a short pointer, and use
+ * that, instead.
+ */
# if __INITIAL_POINTER_SIZE == 64
# define ARG arg_32p
# pragma pointer_size save
{
if (a == NULL)
return (0);
- /*-
- a->ptr=NULL;
- a->init=0;
- a->flags=0;
- */
+ /*-
+ a->ptr=NULL;
+ a->init=0;
+ a->flags=0;
+ */
return (1);
}
ret = (long)data->bind_mode;
break;
case BIO_CTRL_DUP:
-/*- dbio=(BIO *)ptr;
- if (data->param_port) EAY EAY
- BIO_set_port(dbio,data->param_port);
- if (data->param_hostname)
- BIO_set_hostname(dbio,data->param_hostname);
- BIO_set_nbio(dbio,data->nbio); */
+/*- dbio=(BIO *)ptr;
+ if (data->param_port) EAY EAY
+ BIO_set_port(dbio,data->param_port);
+ if (data->param_hostname)
+ BIO_set_hostname(dbio,data->param_hostname);
+ BIO_set_nbio(dbio,data->nbio); */
break;
default:
int ret = -2; /* avoid 'uninitialized' warning */
int err = 0;
BIGNUM *A, *B, *tmp;
- /*-
- * In 'tab', only odd-indexed entries are relevant:
- * For any odd BIGNUM n,
- * tab[BN_lsw(n) & 7]
- * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
- * Note that the sign of n does not matter.
- */
+ /*-
+ * In 'tab', only odd-indexed entries are relevant:
+ * For any odd BIGNUM n,
+ * tab[BN_lsw(n) & 7]
+ * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
+ * Note that the sign of n does not matter.
+ */
static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 };
bn_check_top(a);
BIGNUM *t = NULL;
BN_ULONG *bn_data = NULL, *lp;
- /*-
- * get an upper bound for the length of the decimal integer
- * num <= (BN_num_bits(a) + 1) * log(2)
- * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
- * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
- */
+ /*-
+ * get an upper bound for the length of the decimal integer
+ * num <= (BN_num_bits(a) + 1) * log(2)
+ * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
+ * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
+ */
i = BN_num_bits(a) * 3;
num = (i / 10 + i / 1000 + 1) + 1;
bn_data =
}
if (e == 2) {
- /*-
- * |p| == 5 (mod 8)
- *
- * In this case 2 is always a non-square since
- * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime.
- * So if a really is a square, then 2*a is a non-square.
- * Thus for
- * b := (2*a)^((|p|-5)/8),
- * i := (2*a)*b^2
- * we have
- * i^2 = (2*a)^((1 + (|p|-5)/4)*2)
- * = (2*a)^((p-1)/2)
- * = -1;
- * so if we set
- * x := a*b*(i-1),
- * then
- * x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
- * = a^2 * b^2 * (-2*i)
- * = a*(-i)*(2*a*b^2)
- * = a*(-i)*i
- * = a.
- *
- * (This is due to A.O.L. Atkin,
- * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
- * November 1992.)
- */
+ /*-
+ * |p| == 5 (mod 8)
+ *
+ * In this case 2 is always a non-square since
+ * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime.
+ * So if a really is a square, then 2*a is a non-square.
+ * Thus for
+ * b := (2*a)^((|p|-5)/8),
+ * i := (2*a)*b^2
+ * we have
+ * i^2 = (2*a)^((1 + (|p|-5)/4)*2)
+ * = (2*a)^((p-1)/2)
+ * = -1;
+ * so if we set
+ * x := a*b*(i-1),
+ * then
+ * x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
+ * = a^2 * b^2 * (-2*i)
+ * = a*(-i)*(2*a*b^2)
+ * = a*(-i)*i
+ * = a.
+ *
+ * (This is due to A.O.L. Atkin,
+ * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
+ * November 1992.)
+ */
/* t := 2*a */
if (!BN_mod_lshift1_quick(t, A, p))
0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
-/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
- 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
- 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+ 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+ 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
};
# endif
DES_ENCRYPT);
DES_ede3_cbcm_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2,
&ks3, &iv3, &iv2, DES_ENCRYPT);
-/*- if (memcmp(cbc_out,cbc3_ok,
+/*- if (memcmp(cbc_out,cbc3_ok,
(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
{
printf("des_ede3_cbc_encrypt encrypt error\n");
*/
num = len;
} else {
- /*-
- * >output is a multiple of 8 byes, if len < rnum
- * >we must be careful. The user must be aware that this
- * >routine will write more bytes than he asked for.
- * >The length of the buffer must be correct.
- * FIXED - Should be ok now 18-9-90 - eay */
+ /*-
+ * >output is a multiple of 8 byes, if len < rnum
+ * >we must be careful. The user must be aware that this
+ * >routine will write more bytes than he asked for.
+ * >The length of the buffer must be correct.
+ * FIXED - Should be ok now 18-9-90 - eay */
if (len < rnum) {
if (DES_rw_mode & DES_PCBC_MODE)
n = (n + 1) & 0x07;
}
if (save) {
-/*- v0=ti[0];
- v1=ti[1];*/
+/*- v0=ti[0];
+ v1=ti[1];*/
iv = &(*ivec)[0];
l2c(v0, iv);
l2c(v1, iv);
/* As tmp[3] < 2^65, high is either 1 or 0 */
high <<= 63;
high >>= 63;
- /*-
- * high is:
- * all ones if the high word of tmp[3] is 1
- * all zeros if the high word of tmp[3] if 0 */
+ /*-
+ * high is:
+ * all ones if the high word of tmp[3] is 1
+ * all zeros if the high word of tmp[3] if 0 */
low = tmp[3];
mask = low >> 63;
- /*-
- * mask is:
- * all ones if the MSB of low is 1
- * all zeros if the MSB of low if 0 */
+ /*-
+ * mask is:
+ * all ones if the MSB of low is 1
+ * all zeros if the MSB of low if 0 */
low &= bottom63bits;
low -= kPrime3Test;
/* if low was greater than kPrime3Test then the MSB is zero */
low = ~low;
low >>= 63;
- /*-
- * low is:
- * all ones if low was > kPrime3Test
- * all zeros if low was <= kPrime3Test */
+ /*-
+ * low is:
+ * all ones if low was > kPrime3Test
+ * all zeros if low was <= kPrime3Test */
mask = (mask & low) | high;
tmp[0] -= mask & kPrime[0];
tmp[1] -= mask & kPrime[1];
felem_reduce_(out, in);
- /*-
- * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0
- * out[1] > 2^100 - 2^64 - 7*2^96 > 0
- * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0
- * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0
- *
- * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101
- * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101
- * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101
- * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101
- */
+ /*-
+ * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0
+ * out[1] > 2^100 - 2^64 - 7*2^96 > 0
+ * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0
+ * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0
+ *
+ * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101
+ * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101
+ * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101
+ * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101
+ */
}
/*-
felem_reduce_(out, in);
- /*-
- * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0
- * out[1] > 2^105 - 2^71 - 2^103 > 0
- * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0
- * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0
- *
- * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
- * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
- * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106
- * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106
- */
+ /*-
+ * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0
+ * out[1] > 2^105 - 2^71 - 2^103 > 0
+ * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0
+ * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0
+ *
+ * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
+ * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
+ * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106
+ * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106
+ */
}
/*
*
* Building on top of the field operations we have the operations on the
* elliptic curve group itself. Points on the curve are represented in Jacobian
- * coordinates */
+ * coordinates
+ */
/*-
* point_double calculates 2*(x_in, y_in, z_in)
* http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
*
* Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
- * while x_out == y_in is not (maybe this works, but it's not tested). */
+ * while x_out == y_in is not (maybe this works, but it's not tested).
+ */
static void
point_double(felem x_out, felem y_out, felem z_out,
const felem x_in, const felem y_in, const felem z_in)
* This function includes a branch for checking whether the two input points
* are equal, (while not equal to the point at infinity). This case never
* happens during single point multiplication, so there is no timing leak for
- * ECDH or ECDSA signing. */
+ * ECDH or ECDSA signing.
+ */
static void point_add(felem x3, felem y3, felem z3,
const felem x1, const felem y1, const felem z1,
const int mixed, const smallfelem x2,
felem_scalar(inx2, in, 2);
felem_scalar(inx4, in, 4);
- /*-
- * We have many cases were we want to do
- * in[x] * in[y] +
- * in[y] * in[x]
- * This is obviously just
- * 2 * in[x] * in[y]
- * However, rather than do the doubling on the 128 bit result, we
- * double one of the inputs to the multiplication by reading from
- * |inx2| */
+ /*-
+ * We have many cases were we want to do
+ * in[x] * in[y] +
+ * in[y] * in[x]
+ * This is obviously just
+ * 2 * in[x] * in[y]
+ * However, rather than do the doubling on the 128 bit result, we
+ * double one of the inputs to the multiplication by reading from
+ * |inx2|
+ */
out[0] = ((uint128_t) in[0]) * in[0];
out[1] = ((uint128_t) in[0]) * inx2[1];
out[1] += ((limb) in[0]) >> 58;
out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6;
- /*-
- * out[1] < 2^58 + 2^6 + 2^58
- * = 2^59 + 2^6
- */
+ /*-
+ * out[1] < 2^58 + 2^6 + 2^58
+ * = 2^59 + 2^6
+ */
out[2] += ((limb) (in[0] >> 64)) >> 52;
out[2] += ((limb) in[1]) >> 58;
out[8] += ((limb) in[7]) >> 58;
out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6;
- /*-
- * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
- * < 2^59 + 2^13
- */
+ /*-
+ * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
+ * < 2^59 + 2^13
+ */
overflow1 = ((limb) (in[7] >> 64)) >> 52;
overflow1 += ((limb) in[8]) >> 58;
out[1] += out[0] >> 58;
out[0] &= bottom58bits;
- /*-
- * out[0] < 2^58
- * out[1] < 2^59 + 2^6 + 2^13 + 2^2
- * < 2^59 + 2^14
- */
+ /*-
+ * out[0] < 2^58
+ * out[1] < 2^59 + 2^6 + 2^13 + 2^2
+ * < 2^59 + 2^14
+ */
}
static void felem_square_reduce(felem out, const felem in)
if (y == NULL)
goto err;
- /*-
- * Recover y. We have a Weierstrass equation
- * y^2 = x^3 + a*x + b,
- * so y is one of the square roots of x^3 + a*x + b.
- */
+ /*-
+ * Recover y. We have a Weierstrass equation
+ * y^2 = x^3 + a*x + b,
+ * so y is one of the square roots of x^3 + a*x + b.
+ */
/* tmp1 := x^3 */
if (!BN_nnmod(x, x_, group->field, ctx))
goto err;
if (!BN_mod_add_quick(n1, n0, n1, p))
goto err;
- /*-
- * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
- * = 3 * X_a^2 - 3 * Z_a^4
- */
+ /*-
+ * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+ * = 3 * X_a^2 - 3 * Z_a^4
+ */
} else {
if (!field_sqr(group, n0, a->X, ctx))
goto err;
if (Z6 == NULL)
goto err;
- /*-
- * We have a curve defined by a Weierstrass equation
- * y^2 = x^3 + a*x + b.
- * The point to consider is given in Jacobian projective coordinates
- * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3).
- * Substituting this and multiplying by Z^6 transforms the above equation into
- * Y^2 = X^3 + a*X*Z^4 + b*Z^6.
- * To test this, we add up the right-hand side in 'rh'.
- */
+ /*-
+ * We have a curve defined by a Weierstrass equation
+ * y^2 = x^3 + a*x + b.
+ * The point to consider is given in Jacobian projective coordinates
+ * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3).
+ * Substituting this and multiplying by Z^6 transforms the above equation into
+ * Y^2 = X^3 + a*X*Z^4 + b*Z^6.
+ * To test this, we add up the right-hand side in 'rh'.
+ */
/* rh := X^2 */
if (!field_sqr(group, rh, point->X, ctx))
int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
const EC_POINT *b, BN_CTX *ctx)
{
- /*-
- * return values:
- * -1 error
- * 0 equal (in affine coordinates)
- * 1 not equal
- */
+ /*-
+ * return values:
+ * -1 error
+ * 0 equal (in affine coordinates)
+ * 1 not equal
+ */
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *);
if (Zb23 == NULL)
goto end;
- /*-
- * We have to decide whether
- * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
- * or equivalently, whether
- * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
- */
+ /*-
+ * We have to decide whether
+ * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
+ * or equivalently, whether
+ * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
+ */
if (!b->Z_is_one) {
if (!field_sqr(group, Zb23, b->Z, ctx))
0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
-/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
- 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
- 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+ 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+ 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
};
static int cfb64_test(unsigned char *cfb_cipher);
if ((c == NULL) || (*c == '\0'))
return (ret);
/*-
- unsigned char b[16];
- MD5(c,strlen(c),b);
- return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
+ unsigned char b[16];
+ MD5(c,strlen(c),b);
+ return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
*/
n = 0x100;
struct {
int cipher;
/*-
- unused, and wrong size
- unsigned char iv[8]; */
+ unused, and wrong size
+ unsigned char iv[8]; */
} DEK_info;
PEM_USER *originator;
EVP_CIPHER *dec; /* date encryption cipher */
int key_len; /* key length */
unsigned char *key; /* key */
- /*-
- unused, and wrong size
- unsigned char iv[8]; */
+ /*-
+ unused, and wrong size
+ unsigned char iv[8]; */
int data_enc; /* is the data encrypted */
int data_len;
int RAND_load_file(const char *file, long bytes)
{
- /*-
- * If bytes >= 0, read up to 'bytes' bytes.
- * if bytes == -1, read complete file.
- */
+ /*-
+ * If bytes >= 0, read up to 'bytes' bytes.
+ * if bytes == -1, read complete file.
+ */
MS_STATIC unsigned char buf[BUFSIZE];
#ifndef OPENSSL_NO_POSIX_IO
0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
-/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
- 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
- 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+ 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+ 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
};
/*
(type & CRYPTO_READ) ? "r" : "w", file, line);
# endif
- /*-
- if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
- */
+ /*-
+ if (CRYPTO_LOCK_SSL_CERT == type)
+ fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
+ */
if (mode & CRYPTO_LOCK) {
/*-
- if (mode & CRYPTO_READ)
- rw_rdlock(&(lock_cs[type]));
- else
- rw_wrlock(&(lock_cs[type])); */
+ if (mode & CRYPTO_READ)
+ rw_rdlock(&(lock_cs[type]));
+ else
+ rw_wrlock(&(lock_cs[type])); */
mutex_lock(&(lock_cs[type]));
lock_count[type]++;
} else {
-/* rw_unlock(&(lock_cs[type])); */
+/* rw_unlock(&(lock_cs[type])); */
mutex_unlock(&(lock_cs[type]));
}
}
(type & CRYPTO_READ) ? "r" : "w", file, line);
# endif
/*-
- if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
+ if (CRYPTO_LOCK_SSL_CERT == type)
+ fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
*/
if (mode & CRYPTO_LOCK) {
pthread_mutex_lock(&(lock_cs[type]));
* If we were going to up the reference count, we would need to
* do it on a perl 'type' basis
*/
- /*- CRYPTO_add(&tmp->data.x509->references,1,
- CRYPTO_LOCK_X509);*/
+ /*- CRYPTO_add(&tmp->data.x509->references,1,
+ CRYPTO_LOCK_X509);*/
goto finish;
}
}
return 0;
}
-/*- if (ret->data.ptr != NULL)
- X509_OBJECT_free_contents(ret); */
+/*- if (ret->data.ptr != NULL)
+ X509_OBJECT_free_contents(ret); */
ret->type = tmp->type;
ret->data.ptr = tmp->data.ptr;
goto err;
if (!ASN1_INTEGER_set(xi->version, 2))
goto err;
-/*- xi->extensions=ri->attributes; <- bad, should not ever be done
- ri->attributes=NULL; */
+/*- xi->extensions=ri->attributes; <- bad, should not ever be done
+ ri->attributes=NULL; */
}
xn = X509_REQ_get_subject_name(r);
int allow_proxy_certs;
cb = ctx->verify_cb;
- /*-
- * must_be_ca can have 1 of 3 values:
- * -1: we accept both CA and non-CA certificates, to allow direct
- * use of self-signed certificates (which are marked as CA).
- * 0: we only accept non-CA certificates. This is currently not
- * used, but the possibility is present for future extensions.
- * 1: we only accept CA certificates. This is currently used for
- * all certificates in the chain except the leaf certificate.
- */
+ /*-
+ * must_be_ca can have 1 of 3 values:
+ * -1: we accept both CA and non-CA certificates, to allow direct
+ * use of self-signed certificates (which are marked as CA).
+ * 0: we only accept non-CA certificates. This is currently not
+ * used, but the possibility is present for future extensions.
+ * 1: we only accept CA certificates. This is currently used for
+ * all certificates in the chain except the leaf certificate.
+ */
must_be_ca = -1;
/* CRL path validation */
set_prev = ret->set - 1;
set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set;
- /*-
- * set_prev is the previous set
- * set is the current set
- * set_next is the following
- * prev 1 1 1 1 1 1 1 1
- * set 1 1 2 2
- * next 1 1 2 2 2 2 3 2
- * so basically only if prev and next differ by 2, then
- * re-number down by 1
- */
+ /*-
+ * set_prev is the previous set
+ * set is the current set
+ * set_next is the following
+ * prev 1 1 1 1 1 1 1 1
+ * set 1 1 2 2
+ * next 1 1 2 2 2 2 3 2
+ * so basically only if prev and next differ by 2, then
+ * re-number down by 1
+ */
if (set_prev + 1 < set_next)
for (i = loc; i < n; i++)
sk_X509_NAME_ENTRY_value(sk, i)->set--;
if (p[i] == '*') {
int atstart = (state & LABEL_START);
int atend = (i == len - 1 || p[i + i] == '.');
- /*-
- * At most one wildcard per pattern.
- * No wildcards in IDNA labels.
- * No wildcards after the first label.
- */
+ /*-
+ * At most one wildcard per pattern.
+ * No wildcards in IDNA labels.
+ * No wildcards after the first label.
+ */
if (star != NULL || (state & LABEL_IDNA) != 0 || dots)
return NULL;
/* Only full-label '*.example.com' wildcards? */
/*
* Functions for Digest (MD5, SHA1) stuff
*/
-/* output : output data buffer */
-/* input : input data buffer */
-/* algo : hash algorithm, MD5 or SHA1 */
-/*-
- * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
- * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
- */
-/* For now separate this stuff that mad it easier to test */
+ /* output : output data buffer */
+ /* input : input data buffer */
+ /* algo : hash algorithm, MD5 or SHA1 */
+ /*-
+ * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
+ * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
+ */
+ /* For now separate this stuff that mad it easier to test */
typedef int t_zencod_md5_init(ZEN_MD_DATA *data);
typedef int t_zencod_md5_update(ZEN_MD_DATA *data, const KEY * input);
typedef int t_zencod_md5_do_final(ZEN_MD_DATA *data, KEY * output);
static const char *gost_envnames[] = { "CRYPT_PARAMS" };
const ENGINE_CMD_DEFN gost_cmds[] = {
-/*- { GOST_CTRL_RNG,
- "RNG",
- "Type of random number generator to use",
- ENGINE_CMD_FLAG_STRING
- },
- { GOST_CTRL_RNG_PARAMS,
- "RNG_PARAMS",
- "Parameter for random number generator",
- ENGINE_CMD_FLAG_STRING
- },
+/*- { GOST_CTRL_RNG,
+ "RNG",
+ "Type of random number generator to use",
+ ENGINE_CMD_FLAG_STRING
+ },
+ { GOST_CTRL_RNG_PARAMS,
+ "RNG_PARAMS",
+ "Parameter for random number generator",
+ ENGINE_CMD_FLAG_STRING
+ },
*/ {GOST_CTRL_CRYPT_PARAMS,
- "CRYPT_PARAMS",
- "OID of default GOST 28147-89 parameters",
- ENGINE_CMD_FLAG_STRING},
+ "CRYPT_PARAMS",
+ "OID of default GOST 28147-89 parameters",
+ ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
while (num >= (int)sizeof(buf32)) {
largenum.value = buf;
largenum.nbytes = sizeof(buf32);
- /*-
- * tell CryptoSwift how many bytes we want and where we want it.
- * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
- * - CryptoSwift can only do multiple of 32-bits.
- */
+ /*-
+ * tell CryptoSwift how many bytes we want and where we want it.
+ * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
+ * - CryptoSwift can only do multiple of 32-bits.
+ */
swrc =
p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
if (swrc != SW_OK) {
rr->orig_len = rr->length;
enc_err = s->method->ssl3_enc->enc(s, 0);
- /*-
- * enc_err is:
- * 0: (in non-constant time) if the record is publically invalid.
- * 1: if the padding is valid
- * -1: if the padding is invalid
- */
+ /*-
+ * enc_err is:
+ * 0: (in non-constant time) if the record is publically invalid.
+ * 1: if the padding is valid
+ * -1: if the padding is invalid
+ */
if (enc_err == 0) {
/* For DTLS we simply ignore bad packets. */
rr->length = 0;
}
}
- /*-
- * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
- * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
- * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
- */
+ /*-
+ * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
+ * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
+ * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+ */
/* If we are a client, check for an incoming 'Hello Request': */
if ((!s->server) &&
if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
return;
block_size = EVP_MD_CTX_block_size(mac_ctx);
- /*-
- * We are in FIPS mode if we get this far so we know we have only SHA*
- * digests and TLS to deal with.
- * Minimum digest padding length is 17 for SHA384/SHA512 and 9
- * otherwise.
- * Additional header is 13 bytes. To get the number of digest blocks
- * processed round up the amount of data plus padding to the nearest
- * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
- * So we have:
- * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
- * equivalently:
- * blocks = (payload_len + digest_pad + 12)/block_size + 1
- * HMAC adds a constant overhead.
- * We're ultimately only interested in differences so this becomes
- * blocks = (payload_len + 29)/128
- * for SHA384/SHA512 and
- * blocks = (payload_len + 21)/64
- * otherwise.
- */
+ /*-
+ * We are in FIPS mode if we get this far so we know we have only SHA*
+ * digests and TLS to deal with.
+ * Minimum digest padding length is 17 for SHA384/SHA512 and 9
+ * otherwise.
+ * Additional header is 13 bytes. To get the number of digest blocks
+ * processed round up the amount of data plus padding to the nearest
+ * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
+ * So we have:
+ * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
+ * equivalently:
+ * blocks = (payload_len + digest_pad + 12)/block_size + 1
+ * HMAC adds a constant overhead.
+ * We're ultimately only interested in differences so this becomes
+ * blocks = (payload_len + 29)/128
+ * for SHA384/SHA512 and
+ * blocks = (payload_len + 21)/64
+ * otherwise.
+ */
digest_pad = block_size == 64 ? 21 : 29;
blocks_orig = (orig_len + digest_pad) / block_size;
blocks_data = (data_len + digest_pad) / block_size;
/* Do the message type and length last */
d = p = ssl_handshake_start(s);
- /*-
- * version indicates the negotiated version: for example from
- * an SSLv2/v3 compatible client hello). The client_version
- * field is the maximum version we permit and it is also
- * used in RSA encrypted premaster secrets. Some servers can
- * choke if we initially report a higher version then
- * renegotiate to a lower one in the premaster secret. This
- * didn't happen with TLS 1.0 as most servers supported it
- * but it can with TLS 1.1 or later if the server only supports
- * 1.0.
- *
- * Possible scenario with previous logic:
- * 1. Client hello indicates TLS 1.2
- * 2. Server hello says TLS 1.0
- * 3. RSA encrypted premaster secret uses 1.2.
- * 4. Handhaked proceeds using TLS 1.0.
- * 5. Server sends hello request to renegotiate.
- * 6. Client hello indicates TLS v1.0 as we now
- * know that is maximum server supports.
- * 7. Server chokes on RSA encrypted premaster secret
- * containing version 1.0.
- *
- * For interoperability it should be OK to always use the
- * maximum version we support in client hello and then rely
- * on the checking of version to ensure the servers isn't
- * being inconsistent: for example initially negotiating with
- * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
- * client_version in client hello and not resetting it to
- * the negotiated version.
- */
+ /*-
+ * version indicates the negotiated version: for example from
+ * an SSLv2/v3 compatible client hello). The client_version
+ * field is the maximum version we permit and it is also
+ * used in RSA encrypted premaster secrets. Some servers can
+ * choke if we initially report a higher version then
+ * renegotiate to a lower one in the premaster secret. This
+ * didn't happen with TLS 1.0 as most servers supported it
+ * but it can with TLS 1.1 or later if the server only supports
+ * 1.0.
+ *
+ * Possible scenario with previous logic:
+ * 1. Client hello indicates TLS 1.2
+ * 2. Server hello says TLS 1.0
+ * 3. RSA encrypted premaster secret uses 1.2.
+ * 4. Handhaked proceeds using TLS 1.0.
+ * 5. Server sends hello request to renegotiate.
+ * 6. Client hello indicates TLS v1.0 as we now
+ * know that is maximum server supports.
+ * 7. Server chokes on RSA encrypted premaster secret
+ * containing version 1.0.
+ *
+ * For interoperability it should be OK to always use the
+ * maximum version we support in client hello and then rely
+ * on the checking of version to ensure the servers isn't
+ * being inconsistent: for example initially negotiating with
+ * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
+ * client_version in client hello and not resetting it to
+ * the negotiated version.
+ */
#if 0
*(p++) = s->version >> 8;
*(p++) = s->version & 0xff;
if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
goto err;
- /*-
- * 20010420 VRS. Tried it this way; failed.
- * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
- * EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
- * kssl_ctx->length);
- * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
- */
+ /*-
+ * 20010420 VRS. Tried it this way; failed.
+ * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+ * EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+ * kssl_ctx->length);
+ * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+ */
memset(iv, 0, sizeof iv); /* per RFC 1510 */
EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
* are hashing because that gives an attacker a timing-oracle.
*/
- /*-
- * npad is, at most, 48 bytes and that's with MD5:
- * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
- *
- * With SHA-1 (the largest hash speced for SSLv3) the hash size
- * goes up 4, but npad goes down by 8, resulting in a smaller
- * total size. */
+ /*-
+ * npad is, at most, 48 bytes and that's with MD5:
+ * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
+ *
+ * With SHA-1 (the largest hash speced for SSLv3) the hash size
+ * goes up 4, but npad goes down by 8, resulting in a smaller
+ * total size.
+ */
unsigned char header[75];
unsigned j = 0;
memcpy(header + j, mac_sec, md_size);
ret->references = 1;
ret->quiet_shutdown = 0;
-/* ret->cipher=NULL;*/
+/* ret->cipher=NULL;*/
/*-
- ret->s2->challenge=NULL;
- ret->master_key=NULL;
- ret->s2->conn_id=NULL; */
+ ret->s2->challenge=NULL;
+ ret->master_key=NULL;
+ ret->s2->conn_id=NULL; */
ret->info_callback = NULL;
return (0);
}
#ifndef OPENSSL_NO_TLSEXT
- /*-
- * If RFC5077 ticket, use empty session ID (as server).
- * Note that:
- * (a) ssl_get_prev_session() does lookahead into the
- * ClientHello extensions to find the session ticket.
- * When ssl_get_prev_session() fails, s3_srvr.c calls
- * ssl_get_new_session() in ssl3_get_client_hello().
- * At that point, it has not yet parsed the extensions,
- * however, because of the lookahead, it already knows
- * whether a ticket is expected or not.
- *
- * (b) s3_clnt.c calls ssl_get_new_session() before parsing
- * ServerHello extensions, and before recording the session
- * ID received from the server, so this block is a noop.
- */
+ /*-
+ * If RFC5077 ticket, use empty session ID (as server).
+ * Note that:
+ * (a) ssl_get_prev_session() does lookahead into the
+ * ClientHello extensions to find the session ticket.
+ * When ssl_get_prev_session() fails, s3_srvr.c calls
+ * ssl_get_new_session() in ssl3_get_client_hello().
+ * At that point, it has not yet parsed the extensions,
+ * however, because of the lookahead, it already knows
+ * whether a ticket is expected or not.
+ *
+ * (b) s3_clnt.c calls ssl_get_new_session() before parsing
+ * ServerHello extensions, and before recording the session
+ * ID received from the server, so this block is a noop.
+ */
if (s->tlsext_ticket_expected) {
ss->session_id_length = 0;
goto sess_id_done;
if ((s_to_c == NULL) || (c_to_s == NULL))
goto err;
/*- original, DRM 24-SEP-1997
- BIO_set_fd ( c_to_s, "", chan );
- BIO_set_fd ( s_to_c, "", chan );
+ BIO_set_fd ( c_to_s, "", chan );
+ BIO_set_fd ( s_to_c, "", chan );
*/
BIO_set_fd(c_to_s, 0, chan);
BIO_set_fd(s_to_c, 0, chan);
(void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
do {
- /*-
- * c_ssl_bio: SSL filter BIO
- *
- * client: pseudo-I/O for SSL library
- *
- * client_io: client's SSL communication; usually to be
- * relayed over some I/O facility, but in this
- * test program, we're the server, too:
- *
- * server_io: server's SSL communication
- *
- * server: pseudo-I/O for SSL library
- *
- * s_ssl_bio: SSL filter BIO
- *
- * The client and the server each employ a "BIO pair":
- * client + client_io, server + server_io.
- * BIO pairs are symmetric. A BIO pair behaves similar
- * to a non-blocking socketpair (but both endpoints must
- * be handled by the same thread).
- * [Here we could connect client and server to the ends
- * of a single BIO pair, but then this code would be less
- * suitable as an example for BIO pairs in general.]
- *
- * Useful functions for querying the state of BIO pair endpoints:
- *
- * BIO_ctrl_pending(bio) number of bytes we can read now
- * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
- * other side's read attempt
- * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
- *
- * ..._read_request is never more than ..._write_guarantee;
- * it depends on the application which one you should use.
- */
+ /*-
+ * c_ssl_bio: SSL filter BIO
+ *
+ * client: pseudo-I/O for SSL library
+ *
+ * client_io: client's SSL communication; usually to be
+ * relayed over some I/O facility, but in this
+ * test program, we're the server, too:
+ *
+ * server_io: server's SSL communication
+ *
+ * server: pseudo-I/O for SSL library
+ *
+ * s_ssl_bio: SSL filter BIO
+ *
+ * The client and the server each employ a "BIO pair":
+ * client + client_io, server + server_io.
+ * BIO pairs are symmetric. A BIO pair behaves similar
+ * to a non-blocking socketpair (but both endpoints must
+ * be handled by the same thread).
+ * [Here we could connect client and server to the ends
+ * of a single BIO pair, but then this code would be less
+ * suitable as an example for BIO pairs in general.]
+ *
+ * Useful functions for querying the state of BIO pair endpoints:
+ *
+ * BIO_ctrl_pending(bio) number of bytes we can read now
+ * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
+ * other side's read attempt
+ * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
+ *
+ * ..._read_request is never more than ..._write_guarantee;
+ * it depends on the application which one you should use.
+ */
/*
* We have non-blocking behaviour throughout this test program, but
printf("server waiting in SSL_accept - %s\n",
SSL_state_string_long(s_ssl));
/*-
- else if (s_write)
- printf("server:SSL_write()\n");
- else
- printf("server:SSL_read()\n"); */
+ else if (s_write)
+ printf("server:SSL_write()\n");
+ else
+ printf("server:SSL_read()\n"); */
}
if (do_client && debug) {
printf("client waiting in SSL_connect - %s\n",
SSL_state_string_long(c_ssl));
/*-
- else if (c_write)
- printf("client:SSL_write()\n");
- else
- printf("client:SSL_read()\n"); */
+ else if (c_write)
+ printf("client:SSL_write()\n");
+ else
+ printf("client:SSL_read()\n"); */
}
if (!do_client && !do_server) {
METH_arg(tmp2, METH_TYPE_DIR, "/usr/local/ssl/certs");
METH_push(top, METH_X509_CA_BY_SUBJECT, tmp2);
-/*- tmp=METH_new(x509_by_issuer_dir);
- METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
- METH_push(top,METH_X509_BY_ISSUER,tmp);
+/*- tmp=METH_new(x509_by_issuer_dir);
+ METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
+ METH_push(top,METH_X509_BY_ISSUER,tmp);
- tmp=METH_new(x509_by_issuer_primary);
- METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
- METH_push(top,METH_X509_BY_ISSUER,tmp);
+ tmp=METH_new(x509_by_issuer_primary);
+ METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
+ METH_push(top,METH_X509_BY_ISSUER,tmp);
*/
METH_init(top);