#if !defined(RC4_INT)
/* using int types make the structure larger but make the code faster
* on most boxes I have tested - up to %20 faster. */
-/*
+/*-
* I don't know what does "most" mean, but declaring "int" is a must on:
* - Intel P6 because partial register stalls are very expensive;
* - elder Alpha because it lacks byte load/store instructions;
OPENSSL_EXIT(ret);
}
-/*
+/*-
*----------------------------------------------------------------------
* int add_certs_from_file
*
}
else if (strcmp(*argv,"-2") == 0)
g=2;
- /* else if (strcmp(*argv,"-3") == 0)
+ /*- else if (strcmp(*argv,"-3") == 0)
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
{
if (cert_file != NULL)
{
- /*
+ /*-
SSL *ssl;
X509 *x509;
*/
return ret;
}
-/* This callback is used here for two purposes:
- - extended debugging
- - making some primality tests for unknown groups
- The callback is only called for a non default group.
-
- An application does not need the call back at all if
- only the stanard groups are used. In real life situations,
- client and server already share well known groups,
- thus there is no need to verify them.
- Furthermore, in case that a server actually proposes a group that
- is not one of those defined in RFC 5054, it is more appropriate
- to add the group to a static list and then compare since
- primality tests are rather cpu consuming.
-*/
+/*-
+ * This callback is used here for two purposes:
+ * - extended debugging
+ * - making some primality tests for unknown groups
+ * The callback is only called for a non default group.
+ *
+ * An application does not need the call back at all if
+ * only the stanard groups are used. In real life situations,
+ * client and server already share well known groups,
+ * thus there is no need to verify them.
+ * Furthermore, in case that a server actually proposes a group that
+ * is not one of those defined in RFC 5054, it is more appropriate
+ * to add the group to a static list and then compare since
+ * primality tests are rather cpu consuming.
+ */
static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg)
{
openssl_fdset(SSL_get_fd(con),&writefds);
}
#endif
-/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
+/*- printf("mode tty(%d %d%d) ssl(%d%d)\n",
tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
/* Note: under VMS with SOCKETSHR the second parameter
OPENSSL_EXIT(ret);
}
-/***********************************************************************
+/*-
* doConnection - make a connection
* Args:
* scon = earlier ssl connection for session id, or NULL
*
*/
-/* Usage: winrand [filename]
+/*-
+ * Usage: winrand [filename]
*
* Collects entropy from mouse movements and other events and writes
* random data to filename or .rnd
* something to watch out for. This was fine on linux/NT/Solaris but not
* Alpha */
-/* it is basically an example of
+/*-
+ * it is basically an example of
* func(*(a++),*(a++))
* which parameter is evaluated first? It is not defined in ASN1 C.
*/
* copies of the valiable, one in a register and one being an address
* that is passed. */
-/* compare the out put from
+/*-
+ * compare the out put from
* gcc dggccbug.c; ./a.out
* and
* gcc -O dggccbug.c; ./a.out
* Gage <agage@forgetmenot.Mines.EDU>
*/
-/* Compare the output from
+/*-
+ * Compare the output from
* cc sgiccbug.c; ./a.out
* and
* cc -O sgiccbug.c; ./a.out
#include <stdio.h>
-/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
+/*-
+ * This is a cc optimiser bug for ultrix 4.3, mips CPU.
* What happens is that the compiler, due to the (a)&7,
* does
* i=a&7;
}
-/*
+/*-
* This converts an ASN1 INTEGER into its content encoding.
* The internal representation is an ASN1_STRING whose data is a big endian
* representation of the value, ignoring the sign. The sign is determined by
return global_mask;
}
-/* This function sets the default to various "flavours" of configuration.
+/*-
+ * This function sets the default to various "flavours" of configuration.
* based on an ASCII string. Currently this is:
* MASK:XXXX : a numerical mask value.
* nobmp : Don't use BMPStrings (just Printable, T61).
if (((arg)=func()) == NULL) return(NULL)
#define M_ASN1_New_Error(a) \
-/* err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+/*- err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
return(NULL);*/ \
err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
return(NULL)
#endif
};
-/* These are values for the itype field and
+/*-
+ * These are values for the itype field and
* determine how the type is interpreted.
*
* For PRIMITIVE types the underlying type
OPENSSL_free(param);
}
-/* Check for a multipart boundary. Returns:
+/*-
+ * Check for a multipart boundary. Returns:
* 0 : no boundary
* 1 : part boundary
* 2 : final boundary
CONF_module_add("oid_section", oid_module_init, oid_module_finish);
}
-/* Create an OID based on a name value pair. Accept two formats.
+/*-
+ * Create an OID based on a name value pair. Accept two formats.
* shortname = 1.2.3.4
* shortname = some long name, 1.2.3.4
*/
* [including the GNU Public Licence.]
*/
-/*
+/*-
* 03-Dec-1997 rdenny@dc3.com Fix bug preventing use of stdin/stdout
* with binary data (e.g. asn1parse -inform DER < xxx) under
* Windows
int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_CTX *ctx); /* r^2 + r = a mod p */
#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
+/*-
+ * Some functions allow for representation of the irreducible polynomials
* as an unsigned int[], say p. The irreducible f(t) is then of the form:
* t^p[0] + t^p[1] + ... + t^p[k]
* where m = p[0] > p[1] > ... > p[k] = 0.
#include "bn.h"
-/* "First Oakley Default Group" from RFC2409, section 6.1.
+/*-
+ * "First Oakley Default Group" from RFC2409, section 6.1.
*
* The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
*
return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
}
-/* "Second Oakley Default Group" from RFC2409, section 6.2.
+/*-
+ * "Second Oakley Default Group" from RFC2409, section 6.2.
*
* The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
*
return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
}
-/* "1536-bit MODP Group" from RFC3526, Section 2.
+/*-
+ * "1536-bit MODP Group" from RFC3526, Section 2.
*
* The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
*
return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
}
-/* "2048-bit MODP Group" from RFC3526, Section 3.
+/*-
+ * "2048-bit MODP Group" from RFC3526, Section 3.
*
* The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
*
return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
}
-/* "3072-bit MODP Group" from RFC3526, Section 4.
+/*-
+ * "3072-bit MODP Group" from RFC3526, Section 4.
*
* The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
*
return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
}
-/* "4096-bit MODP Group" from RFC3526, Section 5.
+/*-
+ * "4096-bit MODP Group" from RFC3526, Section 5.
*
* The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
*
return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
}
-/* "6144-bit MODP Group" from RFC3526, Section 6.
+/*-
+ * "6144-bit MODP Group" from RFC3526, Section 6.
*
* The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
*
return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
}
-/* "8192-bit MODP Group" from RFC3526, Section 7.
+/*-
+ * "8192-bit MODP Group" from RFC3526, Section 7.
*
* The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
*
&& !defined(PEDANTIC) && !defined(BN_DIV3W)
# if defined(__GNUC__) && __GNUC__>=2
# if defined(__i386) || defined (__i386__)
- /*
+ /*-
* There were two reasons for implementing this template:
* - GNU C generates a call to a function (__udivdi3 to be exact)
* in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
}
-/* Some functions allow for representation of the irreducible polynomials
+/*-
+ * Some functions allow for representation of the irreducible polynomials
* as an int[], say p. The irreducible f(t) is then of the form:
* t^p[0] + t^p[1] + ... + t^p[k]
* where m = p[0] > p[1] > ... > p[k] = 0.
int ret = -2; /* avoid 'uninitialized' warning */
int err = 0;
BIGNUM *A, *B, *tmp;
- /* In 'tab', only odd-indexed entries are relevant:
+ /*-
+ * In 'tab', only odd-indexed entries are relevant:
* For any odd BIGNUM n,
* tab[BN_lsw(n) & 7]
* is $(-1)^{(n^2-1)/8}$ (using TeX notation).
BIGNUM *t=NULL;
BN_ULONG *bn_data=NULL,*lp;
- /* get an upper bound for the length of the decimal integer
+ /*-
+ * get an upper bound for the length of the decimal integer
* num <= (BN_num_bits(a) + 1) * log(2)
* <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
* <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
-/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
};
/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
* used as default in CRYPTO_MDEBUG compilations): */
-/* The last argument has the following significance:
+/*-
+ * The last argument has the following significance:
*
* 0: called before the actual memory allocation has taken place
* 1: called after the actual memory allocation has taken place
}
}
if (error) usage();
- /* We either
+ /*-
+ * We either
* do checksum or
* do encrypt or
* do decrypt or
}
else
{
- /* >output is a multiple of 8 byes, if len < rnum
+ /*-
+ * >output is a multiple of 8 byes, if len < rnum
* >we must be careful. The user must be aware that this
* >routine will write more bytes than he asked for.
* >The length of the buffer must be correct.
}
if (save)
{
-/* v0=ti[0];
+/*- v0=ti[0];
v1=ti[1];*/
iv = &(*ivec)[0];
l2c(v0,iv);
* [including the GNU Public Licence.]
*/
-/* set_key.c v 1.4 eay 24/9/91
+/*-
+ * set_key.c v 1.4 eay 24/9/91
* 1.4 Speed up by 400% :-)
* 1.3 added register declarations.
* 1.2 unrolled make_key_sched a bit more
}
#ifdef __sgi
-/*
+/*-
This is a quote from IRIX manual for dladdr(3c):
<dlfcn.h> does not contain a prototype for dladdr or definition of
#else /*CHARSET_EBCDIC*/
#include "ebcdic.h"
-/* Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De>
+/*-
+ * Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De>
* Adapted for OpenSSL-0.9.4 by <Martin.Kraemer@Mch.SNI.De>
*/
}
-/* Determines whether the given EC_POINT is an actual point on the curve defined
+/*-
+ * Determines whether the given EC_POINT is an actual point on the curve defined
* in the EC_GROUP. A point is valid if it satisfies the Weierstrass equation:
* y^2 + x*y = x^3 + a*x^2 + b.
*/
-/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+/*-
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
* This is an array r[] of values that are either zero or odd with an
* absolute value less than 2^w satisfying
* scalar = \sum_j r[j]*2^j
(b) >= 20 ? 2 : \
1))
-/* Compute
+/*-
+ * Compute
* \sum scalars[i]*points[i],
* also including
* scalar*generator
out[1] += ((limb) in[0]) >> 58;
out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6;
- /* out[1] < 2^58 + 2^6 + 2^58
- * = 2^59 + 2^6 */
+ /*-
+ * out[1] < 2^58 + 2^6 + 2^58
+ * = 2^59 + 2^6
+ */
out[2] += ((limb) (in[0] >> 64)) >> 52;
out[2] += ((limb) in[1]) >> 58;
out[8] += ((limb) in[7]) >> 58;
out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6;
- /* out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
- * < 2^59 + 2^13 */
+ /*-
+ * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
+ * < 2^59 + 2^13
+ */
overflow1 = ((limb) (in[7] >> 64)) >> 52;
overflow1 += ((limb) in[8]) >> 58;
out[1] += overflow2; /* out[1] < 2^59 + 2^6 + 2^13 */
out[1] += out[0] >> 58; out[0] &= bottom58bits;
- /* out[0] < 2^58
+ /*-
+ * out[0] < 2^58
* out[1] < 2^59 + 2^6 + 2^13 + 2^2
- * < 2^59 + 2^14 */
+ * < 2^59 + 2^14
+ */
}
static void felem_square_reduce(felem out, const felem in)
felem_scalar128(tmp2, 2);
/* tmp2[i] < 17*2^121 */
felem_diff128(tmp, tmp2);
- /* tmp[i] < 2^127 - 2^69 + 17*2^122
+ /*-
+ * tmp[i] < 2^127 - 2^69 + 17*2^122
* = 2^126 - 2^122 - 2^6 - 2^2 - 1
- * < 2^127 */
+ * < 2^127
+ */
felem_reduce(y_out, tmp);
copy_conditional(x_out, x2, z1_is_zero);
y = BN_CTX_get(ctx);
if (y == NULL) goto err;
- /* Recover y. We have a Weierstrass equation
+ /*-
+ * Recover y. We have a Weierstrass equation
* y^2 = x^3 + a*x + b,
* so y is one of the square roots of x^3 + a*x + b.
*/
if (!field_mul(group, n1, n0, n2, ctx)) goto err;
if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
- /* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
- * = 3 * X_a^2 - 3 * Z_a^4 */
+ /*-
+ * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+ * = 3 * X_a^2 - 3 * Z_a^4
+ */
}
else
{
int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
{
- /* return values:
+ /*-
+ * return values:
* -1 error
* 0 equal (in affine coordinates)
* 1 not equal
BIGNUM *h = BN_new();
BIGNUM *t = BN_new();
- /*
+ /*-
* r in [0,q)
* XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
*/
if ((c == NULL) || (*c == '\0'))
return(ret);
-/*
+/*-
unsigned char b[16];
MD5(c,strlen(c),b);
return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
#include "md32_common.h"
-/*
+/*-
#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z))))
*/
typedef struct app_mem_info_st
-/* For application-defined information (static C-string `info')
+/*-
+ * For application-defined information (static C-string `info')
* to be displayed in memory leak list.
* Each thread has its own stack. For applications, there is
* CRYPTO_push_info("...") to push an entry,
int RAND_load_file(const char *file, long bytes)
{
- /* If bytes >= 0, read up to 'bytes' bytes.
- * if bytes == -1, read complete file. */
+ /*-
+ * If bytes >= 0, read up to 'bytes' bytes.
+ * if bytes == -1, read complete file.
+ */
MS_STATIC unsigned char buf[BUFSIZE];
#ifndef OPENSSL_NO_POSIX_IO
#include <openssl/rc4.h>
#include "rc4_locl.h"
-/* RC4 as implemented from a posting from
+/*-
+ * RC4 as implemented from a posting from
* Newsgroups: sci.crypt
* From: sterndark@netcom.com (David Sterndark)
* Subject: RC4 Algorithm revealed.
#endif
}
-/* RC4 as implemented from a posting from
+/*-
+ * RC4 as implemented from a posting from
* Newsgroups: sci.crypt
* From: sterndark@netcom.com (David Sterndark)
* Subject: RC4 Algorithm revealed.
fprintf(stderr,"-----\n");
lh_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n");
- /* lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+ /*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n"); */
lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n");
fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
for (i=0; i<number_of_loops; i++)
{
-/* fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+/*- fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
CRYPTO_thread_id(),i,
ssl_ctx[0]->references,
ssl_ctx[1]->references); */
/* Functions for verifying a signed TS_TST_INFO structure. */
-/*
+/*-
* This function carries out the following tasks:
* - Checks if there is one and only one signer.
* - Search for the signing certificate in 'certs' and in the response.
return 0;
}
-/*
+/*-
* Verifies whether 'response' contains a valid response with regards
* to the settings of the context:
* - Gives an error message if the TS_TST_INFO is not present.
might get confused. */
#define UI_INPUT_FLAG_DEFAULT_PWD 0x02
-/* The user of these routines may want to define flags of their own. The core
- UI won't look at those, but will pass them on to the method routines. They
- must use higher bits so they don't get confused with the UI bits above.
- UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good
- example of use is this:
-
- #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
-
+/*-
+ * The user of these routines may want to define flags of their own. The core
+ * UI won't look at those, but will pass them on to the method routines. They
+ * must use higher bits so they don't get confused with the UI bits above.
+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good
+ * example of use is this:
+ *
+ * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
+ *
*/
#define UI_INPUT_FLAG_USER_BASE 16
-/* The following function helps construct a prompt. object_desc is a
- textual short description of the object, for example "pass phrase",
- and object_name is the name of the object (might be a card name or
- a file name.
- The returned string shall always be allocated on the heap with
- OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
-
- If the ui_method doesn't contain a pointer to a user-defined prompt
- constructor, a default string is built, looking like this:
-
- "Enter {object_desc} for {object_name}:"
-
- So, if object_desc has the value "pass phrase" and object_name has
- the value "foo.key", the resulting string is:
-
- "Enter pass phrase for foo.key:"
+/*-
+ * The following function helps construct a prompt. object_desc is a
+ * textual short description of the object, for example "pass phrase",
+ * and object_name is the name of the object (might be a card name or
+ * a file name.
+ * The returned string shall always be allocated on the heap with
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ *
+ * If the ui_method doesn't contain a pointer to a user-defined prompt
+ * constructor, a default string is built, looking like this:
+ *
+ * "Enter {object_desc} for {object_name}:"
+ *
+ * So, if object_desc has the value "pass phrase" and object_name has
+ * the value "foo.key", the resulting string is:
+ *
+ * "Enter pass phrase for foo.key:"
*/
char *UI_construct_prompt(UI *ui_method,
const char *object_desc, const char *object_name);
/* If we were going to up the reference count,
* we would need to do it on a perl 'type'
* basis */
- /* CRYPTO_add(&tmp->data.x509->references,1,
+ /*- CRYPTO_add(&tmp->data.x509->references,1,
CRYPTO_LOCK_X509);*/
goto finish;
}
return 0;
}
-/* if (ret->data.ptr != NULL)
+/*- if (ret->data.ptr != NULL)
X509_OBJECT_free_contents(ret); */
ret->type=tmp->type;
{
if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
if (!ASN1_INTEGER_set(xi->version,2)) goto err;
-/* xi->extensions=ri->attributes; <- bad, should not ever be done
+/*- xi->extensions=ri->attributes; <- bad, should not ever be done
ri->attributes=NULL; */
}
int allow_proxy_certs;
cb=ctx->verify_cb;
- /* must_be_ca can have 1 of 3 values:
- -1: we accept both CA and non-CA certificates, to allow direct
- use of self-signed certificates (which are marked as CA).
- 0: we only accept non-CA certificates. This is currently not
- used, but the possibility is present for future extensions.
- 1: we only accept CA certificates. This is currently used for
- all certificates in the chain except the leaf certificate.
- */
+ /*-
+ * must_be_ca can have 1 of 3 values:
+ * -1: we accept both CA and non-CA certificates, to allow direct
+ * use of self-signed certificates (which are marked as CA).
+ * 0: we only accept non-CA certificates. This is currently not
+ * used, but the possibility is present for future extensions.
+ * 1: we only accept CA certificates. This is currently used for
+ * all certificates in the chain except the leaf certificate.
+ */
must_be_ca = -1;
/* CRL path validation */
return extlist;
}
-/* Currently two options:
+/*-
+ * Currently two options:
* keyid: use the issuers subject keyid, the value 'always' means its is
* an error if the issuer certificate doesn't have a key id.
* issuer: use the issuers cert issuer and serial number. The default is
/* NOCW */
/* demos/bio/saccept.c */
-/* A minimal program to serve an SSL connection.
+/*-
+ * A minimal program to serve an SSL connection.
* It uses blocking.
* saccept host:port
* host is the interface IP to use. If any interface, use *:port
/* NOCW */
/* demos/bio/sconnect.c */
-/* A minimal program to do SSL to a passed host and port.
+/*-
+ * A minimal program to do SSL to a passed host and port.
* It is actually using non-blocking IO but in a very simple manner
* sconnect host:port - it does a 'GET / HTTP/1.0'
*
/* -*- Mode: C; c-file-style: "bsd" -*- */
-/*
+/*-
* easy-tls.c -- generic TLS proxy.
* $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
*/
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/*
+/*-
* Attribution for OpenSSL library:
*
* This product includes cryptographic software written by Eric Young
# include TLS_APP
#endif
-/* Applications can define:
+/*-
+ * Applications can define:
* TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
* TLS_CUMULATE_ERRORS
* TLS_ERROR_BUFSIZ
/* -*- Mode: C; c-file-style: "bsd" -*- */
-/*
+/*-
* easy-tls.h -- generic TLS proxy.
* $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
*/
| RSA Key Token format |
*------------------------------------------------*/
-/*
+/*-
* NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format
} ICA_KEY_RSA_MODEXPO;
#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
-/*
+/*-
* NOTE: All the fields in the ICA_KEY_RSA_CRT structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format
/* output : output data buffer */
/* input : input data buffer */
/* algo : hash algorithm, MD5 or SHA1 */
-/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
+/*-
+ * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
* typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
*/
/* For now separate this stuff that mad it easier to test */
/* NOCW */
-/* demos/spkigen.c
+/*-
+ * demos/spkigen.c
* 18-Mar-1997 - eay - A quick hack :-)
* version 1.1, it would probably help to save or load the
* private key :-)
/* For callbacks generating output, here are their file-descriptors. */
static FILE *fp_cb_ssl_info = NULL;
static FILE *fp_cb_ssl_verify = NULL;
-/* Output level:
+/*-
+ * Output level:
* 0 = nothing,
* 1 = minimal, just errors,
* 2 = minimal, all steps,
{
largenum.value = buf;
largenum.nbytes = sizeof(buf32);
- /* tell CryptoSwift how many bytes we want and where we want it.
+ /*-
+ * tell CryptoSwift how many bytes we want and where we want it.
* Note: - CryptoSwift cannot do more than 4096 bytes at a time.
- * - CryptoSwift can only do multiple of 32-bits. */
+ * - CryptoSwift can only do multiple of 32-bits.
+ */
swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
if (swrc != SW_OK)
{
static volatile struct padlock_cipher_data *padlock_saved_context;
#endif
-/*
+/*-
* =======================================================
* Inline assembler section(s).
* =======================================================
return 1;
}
-/*
+/*-
* Simplified version of padlock_aes_cipher() used when
* 1) both input and output buffers are at aligned addresses.
* or when
rr->data=rr->input;
enc_err = s->method->ssl3_enc->enc(s,0);
- /* enc_err is:
+ /*-
+ * enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 1: if the padding is valid
- * -1: if the padding is invalid */
+ * -1: if the padding is invalid
+ */
if (enc_err == 0)
{
/* For DTLS we simply ignore bad packets. */
}
}
- /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
+ /*-
+ * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
* s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
- * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
+ * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+ */
/* If we are a client, check for an incoming 'Hello Request': */
if ((!s->server) &&
}
-/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
+/*-
+ * Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
* and krb5 AP_REQ message & message length,
* Return Kerberos session key and client principle
* to SSL Server in KSSL_CTX *kssl_ctx.
#endif
-/* Uncomment this to debug kssl problems or
+/*-
+ * Uncomment this to debug kssl problems or
* to trace usage of the Kerberos session key
*
* #define KSSL_DEBUG
}
else if ((bs <= 1) && (!s->s2->escape))
{
- /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
- * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
+ /*-
+ * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
+ * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+ */
s->s2->three_byte_header=0;
p=0;
}
else /* we may have to use a 3 byte header */
{
- /* If s->s2->escape is not set, then
+ /*-
+ * If s->s2->escape is not set, then
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
- * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
+ * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER.
+ */
p=(j%bs);
p=(p == 0)?0:(bs-p);
if (s->s2->escape)
}
}
- /* Now
+ /*-
+ * Now
* j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
* holds, and if s->s2->three_byte_header is set, then even
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
s->s3->tmp.key_block_length=0;
}
-/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+/*-
+ * ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* data we are hashing because that gives an attacker a
* timing-oracle. */
- /* npad is, at most, 48 bytes and that's with MD5:
+ /*-
+ * npad is, at most, 48 bytes and that's with MD5:
* 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
*
* With SHA-1 (the largest hash speced for SSLv3) the hash size
#endif
/* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
+/*-
+ * Version 0 - initial version
* Version 1 - added the optional peer certificate
*/
#define SSL_SESSION_ASN1_VERSION 0x0001
#define SSL_ST_READ_BODY 0xF1
#define SSL_ST_READ_DONE 0xF2
-/* Obtain latest Finished message
+/*-
+ * Obtain latest Finished message
* -- that we sent (SSL_get_finished)
* -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
* SSL_aDSS <- DSA_SIGN
*/
-/*
+/*-
#define CERT_INVALID 0
#define CERT_PUBLIC_KEY 1
#define CERT_PRIVATE_KEY 2