OPENSSL_EXIT(ret);
}
-/*
+/*-
*----------------------------------------------------------------------
* int add_certs_from_file
*
}
else if (strcmp(*argv,"-2") == 0)
g=2;
- /* else if (strcmp(*argv,"-3") == 0)
+ /*- else if (strcmp(*argv,"-3") == 0)
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
{
if (cert_file != NULL)
{
- /*
+ /*-
SSL *ssl;
X509 *x509;
*/
return ret;
}
-/* This callback is used here for two purposes:
- - extended debugging
- - making some primality tests for unknown groups
- The callback is only called for a non default group.
-
- An application does not need the call back at all if
- only the stanard groups are used. In real life situations,
- client and server already share well known groups,
- thus there is no need to verify them.
- Furthermore, in case that a server actually proposes a group that
- is not one of those defined in RFC 5054, it is more appropriate
- to add the group to a static list and then compare since
- primality tests are rather cpu consuming.
-*/
+/*-
+ * This callback is used here for two purposes:
+ * - extended debugging
+ * - making some primality tests for unknown groups
+ * The callback is only called for a non default group.
+ *
+ * An application does not need the call back at all if
+ * only the stanard groups are used. In real life situations,
+ * client and server already share well known groups,
+ * thus there is no need to verify them.
+ * Furthermore, in case that a server actually proposes a group that
+ * is not one of those defined in RFC 5054, it is more appropriate
+ * to add the group to a static list and then compare since
+ * primality tests are rather cpu consuming.
+ */
static int ssl_srp_verify_param_cb(SSL *s, void *arg)
{
openssl_fdset(SSL_get_fd(con),&writefds);
}
#endif
-/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
+/*- printf("mode tty(%d %d%d) ssl(%d%d)\n",
tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
/* Note: under VMS with SOCKETSHR the second parameter
OPENSSL_EXIT(ret);
}
-/***********************************************************************
+/*-
* doConnection - make a connection
* Args:
* scon = earlier ssl connection for session id, or NULL
*
*/
-/* Usage: winrand [filename]
+/*-
+ * Usage: winrand [filename]
*
* Collects entropy from mouse movements and other events and writes
* random data to filename or .rnd
* Gage <agage@forgetmenot.Mines.EDU>
*/
-/* Compare the output from
+/*-
+ * Compare the output from
* cc sgiccbug.c; ./a.out
* and
* cc -O sgiccbug.c; ./a.out
#include <stdio.h>
-/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
+/*-
+ * This is a cc optimiser bug for ultrix 4.3, mips CPU.
* What happens is that the compiler, due to the (a)&7,
* does
* i=a&7;
}
-/*
+/*-
* This converts an ASN1 INTEGER into its content encoding.
* The internal representation is an ASN1_STRING whose data is a big endian
* representation of the value, ignoring the sign. The sign is determined by
return global_mask;
}
-/* This function sets the default to various "flavours" of configuration.
+/*-
+ * This function sets the default to various "flavours" of configuration.
* based on an ASCII string. Currently this is:
* MASK:XXXX : a numerical mask value.
* nobmp : Don't use BMPStrings (just Printable, T61).
if (((arg)=func()) == NULL) return(NULL)
#define M_ASN1_New_Error(a) \
-/* err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+/*- err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
return(NULL);*/ \
err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
return(NULL)
#endif
};
-/* These are values for the itype field and
+/*-
+ * These are values for the itype field and
* determine how the type is interpreted.
*
* For PRIMITIVE types the underlying type
OPENSSL_free(param);
}
-/* Check for a multipart boundary. Returns:
+/*-
+ * Check for a multipart boundary. Returns:
* 0 : no boundary
* 1 : part boundary
* 2 : final boundary
CONF_module_add("oid_section", oid_module_init, oid_module_finish);
}
-/* Create an OID based on a name value pair. Accept two formats.
+/*-
+ * Create an OID based on a name value pair. Accept two formats.
* shortname = 1.2.3.4
* shortname = some long name, 1.2.3.4
*/
int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_CTX *ctx); /* r^2 + r = a mod p */
#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
+/*-
+ * Some functions allow for representation of the irreducible polynomials
* as an unsigned int[], say p. The irreducible f(t) is then of the form:
* t^p[0] + t^p[1] + ... + t^p[k]
* where m = p[0] > p[1] > ... > p[k] = 0.
#include <openssl/bn.h>
-/* "First Oakley Default Group" from RFC2409, section 6.1.
+/*-
+ * "First Oakley Default Group" from RFC2409, section 6.1.
*
* The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
*
return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
}
-/* "Second Oakley Default Group" from RFC2409, section 6.2.
+/*-
+ * "Second Oakley Default Group" from RFC2409, section 6.2.
*
* The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
*
return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
}
-/* "1536-bit MODP Group" from RFC3526, Section 2.
+/*-
+ * "1536-bit MODP Group" from RFC3526, Section 2.
*
* The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
*
return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
}
-/* "2048-bit MODP Group" from RFC3526, Section 3.
+/*-
+ * "2048-bit MODP Group" from RFC3526, Section 3.
*
* The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
*
return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
}
-/* "3072-bit MODP Group" from RFC3526, Section 4.
+/*-
+ * "3072-bit MODP Group" from RFC3526, Section 4.
*
* The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
*
return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
}
-/* "4096-bit MODP Group" from RFC3526, Section 5.
+/*-
+ * "4096-bit MODP Group" from RFC3526, Section 5.
*
* The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
*
return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
}
-/* "6144-bit MODP Group" from RFC3526, Section 6.
+/*-
+ * "6144-bit MODP Group" from RFC3526, Section 6.
*
* The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
*
return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
}
-/* "8192-bit MODP Group" from RFC3526, Section 7.
+/*-
+ * "8192-bit MODP Group" from RFC3526, Section 7.
*
* The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
*
&& !defined(PEDANTIC) && !defined(BN_DIV3W)
# if defined(__GNUC__) && __GNUC__>=2
# if defined(__i386) || defined (__i386__)
- /*
+ /*-
* There were two reasons for implementing this template:
* - GNU C generates a call to a function (__udivdi3 to be exact)
* in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
}
-/* Some functions allow for representation of the irreducible polynomials
+/*-
+ * Some functions allow for representation of the irreducible polynomials
* as an int[], say p. The irreducible f(t) is then of the form:
* t^p[0] + t^p[1] + ... + t^p[k]
* where m = p[0] > p[1] > ... > p[k] = 0.
int ret = -2; /* avoid 'uninitialized' warning */
int err = 0;
BIGNUM *A, *B, *tmp;
- /* In 'tab', only odd-indexed entries are relevant:
+ /*-
+ * In 'tab', only odd-indexed entries are relevant:
* For any odd BIGNUM n,
* tab[BN_lsw(n) & 7]
* is $(-1)^{(n^2-1)/8}$ (using TeX notation).
BIGNUM *t=NULL;
BN_ULONG *bn_data=NULL,*lp;
- /* get an upper bound for the length of the decimal integer
+ /*-
+ * get an upper bound for the length of the decimal integer
* num <= (BN_num_bits(a) + 1) * log(2)
* <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
* <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
-/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
};
}
else
{
- /* >output is a multiple of 8 byes, if len < rnum
+ /*-
+ * >output is a multiple of 8 byes, if len < rnum
* >we must be careful. The user must be aware that this
* >routine will write more bytes than he asked for.
* >The length of the buffer must be correct.
* [including the GNU Public Licence.]
*/
-/* set_key.c v 1.4 eay 24/9/91
+/*-
+ * set_key.c v 1.4 eay 24/9/91
* 1.4 Speed up by 400% :-)
* 1.3 added register declarations.
* 1.2 unrolled make_key_sched a bit more
#else /*CHARSET_EBCDIC*/
#include "ebcdic.h"
-/* Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De>
+/*-
+ * Initial Port for Apache-1.3 by <Martin.Kraemer@Mch.SNI.De>
* Adapted for OpenSSL-0.9.4 by <Martin.Kraemer@Mch.SNI.De>
*/
}
-
-
-
-
-
/* TODO: table should be optimised for the wNAF-based implementation,
* sometimes smaller windows will give better performance
* (thus the boundaries should be increased)
(b) >= 20 ? 2 : \
1))
-/* Compute
+/*-
+ * Compute
* \sum scalars[i]*points[i],
* also including
* scalar*generator
out[1] += ((limb) in[0]) >> 58;
out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6;
- /* out[1] < 2^58 + 2^6 + 2^58
- * = 2^59 + 2^6 */
+ /*-
+ * out[1] < 2^58 + 2^6 + 2^58
+ * = 2^59 + 2^6
+ */
out[2] += ((limb) (in[0] >> 64)) >> 52;
out[2] += ((limb) in[1]) >> 58;
out[8] += ((limb) in[7]) >> 58;
out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6;
- /* out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
- * < 2^59 + 2^13 */
+ /*-
+ * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
+ * < 2^59 + 2^13
+ */
overflow1 = ((limb) (in[7] >> 64)) >> 52;
overflow1 += ((limb) in[8]) >> 58;
out[1] += overflow2; /* out[1] < 2^59 + 2^6 + 2^13 */
out[1] += out[0] >> 58; out[0] &= bottom58bits;
- /* out[0] < 2^58
+ /*-
+ * out[0] < 2^58
* out[1] < 2^59 + 2^6 + 2^13 + 2^2
- * < 2^59 + 2^14 */
+ * < 2^59 + 2^14
+ */
}
static void felem_square_reduce(felem out, const felem in)
felem_scalar128(tmp2, 2);
/* tmp2[i] < 17*2^121 */
felem_diff128(tmp, tmp2);
- /* tmp[i] < 2^127 - 2^69 + 17*2^122
+ /*-
+ * tmp[i] < 2^127 - 2^69 + 17*2^122
* = 2^126 - 2^122 - 2^6 - 2^2 - 1
- * < 2^127 */
+ * < 2^127
+ */
felem_reduce(y_out, tmp);
copy_conditional(x_out, x2, z1_is_zero);
y = BN_CTX_get(ctx);
if (y == NULL) goto err;
- /* Recover y. We have a Weierstrass equation
+ /*-
+ * Recover y. We have a Weierstrass equation
* y^2 = x^3 + a*x + b,
* so y is one of the square roots of x^3 + a*x + b.
*/
if ((c == NULL) || (*c == '\0'))
return(ret);
-/*
+/*-
unsigned char b[16];
MD5(c,strlen(c),b);
return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
#include "md32_common.h"
-/*
+/*-
#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z))))
*/
typedef struct app_mem_info_st
-/* For application-defined information (static C-string `info')
+/*-
+ * For application-defined information (static C-string `info')
* to be displayed in memory leak list.
* Each thread has its own stack. For applications, there is
* CRYPTO_push_info("...") to push an entry,
int RAND_load_file(const char *file, long bytes)
{
- /* If bytes >= 0, read up to 'bytes' bytes.
- * if bytes == -1, read complete file. */
+ /*-
+ * If bytes >= 0, read up to 'bytes' bytes.
+ * if bytes == -1, read complete file.
+ */
MS_STATIC unsigned char buf[BUFSIZE];
#ifndef OPENSSL_NO_POSIX_IO
#include <openssl/rc4.h>
#include "rc4_locl.h"
-/* RC4 as implemented from a posting from
+/*-
+ * RC4 as implemented from a posting from
* Newsgroups: sci.crypt
* From: sterndark@netcom.com (David Sterndark)
* Subject: RC4 Algorithm revealed.
#endif
}
-/* RC4 as implemented from a posting from
+/*-
+ * RC4 as implemented from a posting from
* Newsgroups: sci.crypt
* From: sterndark@netcom.com (David Sterndark)
* Subject: RC4 Algorithm revealed.
fprintf(stderr,"-----\n");
lh_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n");
- /* lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+ /*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n"); */
lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n");
fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
for (i=0; i<number_of_loops; i++)
{
-/* fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+/*- fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
CRYPTO_thread_id(),i,
ssl_ctx[0]->references,
ssl_ctx[1]->references); */
/* Functions for verifying a signed TS_TST_INFO structure. */
-/*
+/*-
* This function carries out the following tasks:
* - Checks if there is one and only one signer.
* - Search for the signing certificate in 'certs' and in the response.
return 0;
}
-/*
+/*-
* Verifies whether 'response' contains a valid response with regards
* to the settings of the context:
* - Gives an error message if the TS_TST_INFO is not present.
might get confused. */
#define UI_INPUT_FLAG_DEFAULT_PWD 0x02
-/* The user of these routines may want to define flags of their own. The core
- UI won't look at those, but will pass them on to the method routines. They
- must use higher bits so they don't get confused with the UI bits above.
- UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good
- example of use is this:
-
- #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
-
+/*-
+ * The user of these routines may want to define flags of their own. The core
+ * UI won't look at those, but will pass them on to the method routines. They
+ * must use higher bits so they don't get confused with the UI bits above.
+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good
+ * example of use is this:
+ *
+ * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
+ *
*/
#define UI_INPUT_FLAG_USER_BASE 16
-/* The following function helps construct a prompt. object_desc is a
- textual short description of the object, for example "pass phrase",
- and object_name is the name of the object (might be a card name or
- a file name.
- The returned string shall always be allocated on the heap with
- OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
-
- If the ui_method doesn't contain a pointer to a user-defined prompt
- constructor, a default string is built, looking like this:
-
- "Enter {object_desc} for {object_name}:"
-
- So, if object_desc has the value "pass phrase" and object_name has
- the value "foo.key", the resulting string is:
-
- "Enter pass phrase for foo.key:"
+/*-
+ * The following function helps construct a prompt. object_desc is a
+ * textual short description of the object, for example "pass phrase",
+ * and object_name is the name of the object (might be a card name or
+ * a file name.
+ * The returned string shall always be allocated on the heap with
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ *
+ * If the ui_method doesn't contain a pointer to a user-defined prompt
+ * constructor, a default string is built, looking like this:
+ *
+ * "Enter {object_desc} for {object_name}:"
+ *
+ * So, if object_desc has the value "pass phrase" and object_name has
+ * the value "foo.key", the resulting string is:
+ *
+ * "Enter pass phrase for foo.key:"
*/
char *UI_construct_prompt(UI *ui_method,
const char *object_desc, const char *object_name);
/* If we were going to up the reference count,
* we would need to do it on a perl 'type'
* basis */
- /* CRYPTO_add(&tmp->data.x509->references,1,
+ /*- CRYPTO_add(&tmp->data.x509->references,1,
CRYPTO_LOCK_X509);*/
goto finish;
}
return 0;
}
-/* if (ret->data.ptr != NULL)
+/*- if (ret->data.ptr != NULL)
X509_OBJECT_free_contents(ret); */
ret->type=tmp->type;
{
if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
if (!ASN1_INTEGER_set(xi->version,2)) goto err;
-/* xi->extensions=ri->attributes; <- bad, should not ever be done
+/*- xi->extensions=ri->attributes; <- bad, should not ever be done
ri->attributes=NULL; */
}
int allow_proxy_certs;
cb=ctx->verify_cb;
- /* must_be_ca can have 1 of 3 values:
- -1: we accept both CA and non-CA certificates, to allow direct
- use of self-signed certificates (which are marked as CA).
- 0: we only accept non-CA certificates. This is currently not
- used, but the possibility is present for future extensions.
- 1: we only accept CA certificates. This is currently used for
- all certificates in the chain except the leaf certificate.
- */
+ /*-
+ * must_be_ca can have 1 of 3 values:
+ * -1: we accept both CA and non-CA certificates, to allow direct
+ * use of self-signed certificates (which are marked as CA).
+ * 0: we only accept non-CA certificates. This is currently not
+ * used, but the possibility is present for future extensions.
+ * 1: we only accept CA certificates. This is currently used for
+ * all certificates in the chain except the leaf certificate.
+ */
must_be_ca = -1;
/* CRL path validation */
return extlist;
}
-/* Currently two options:
+/*-
+ * Currently two options:
* keyid: use the issuers subject keyid, the value 'always' means its is
* an error if the issuer certificate doesn't have a key id.
* issuer: use the issuers cert issuer and serial number. The default is
# include TLS_APP
#endif
-/* Applications can define:
+/*-
+ * Applications can define:
* TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
* TLS_CUMULATE_ERRORS
* TLS_ERROR_BUFSIZ
| RSA Key Token format |
*------------------------------------------------*/
-/*
+/*-
* NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format
} ICA_KEY_RSA_MODEXPO;
#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
-/*
+/*-
* NOTE: All the fields in the ICA_KEY_RSA_CRT structure
* (lengths, offsets, exponents, modulus, etc.) are
* stored in big-endian format
rr->orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0);
- /* enc_err is:
+ /*-
+ * enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 1: if the padding is valid
- * -1: if the padding is invalid */
+ * -1: if the padding is invalid
+ */
if (enc_err == 0)
{
/* For DTLS we simply ignore bad packets. */
#endif
-/* Uncomment this to debug kssl problems or
+/*-
+ * Uncomment this to debug kssl problems or
* to trace usage of the Kerberos session key
*
* #define KSSL_DEBUG
#endif
/* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
+/*-
+ * Version 0 - initial version
* Version 1 - added the optional peer certificate
*/
#define SSL_SESSION_ASN1_VERSION 0x0001
#define SSL_ST_READ_BODY 0xF1
#define SSL_ST_READ_DONE 0xF2
-/* Obtain latest Finished message
+/*-
+ * Obtain latest Finished message
* -- that we sent (SSL_get_finished)
* -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
projects / openssl.git / commitdiff