| /freebsd/contrib/bearssl/src/ssl/ |
| H A D | ssl_hs_common.t0 | 23 \ ----------------------------------------------------------------------
37 #define ENG ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_con…
64 \ -- Some handshake data is expected.
66 \ -- The handshake is finished, and application data may flow. There may
70 \ -- Some change-cipher-spec data is expected.
72 \ -- An alert record is expected. Other types of incoming records will be
75 \ -- Waiting for the currently accumulated record to be sent and the
79 : NYI ( -- ! )
80 "NOT YET IMPLEMENTED!" puts cr -1 fail ;
83 cc: DBG ( addr -- ) {
[all …]
|
| H A D | ssl_hs_client.c | 35 neg = ((**p) >> 6) & 1; in t0_parse7E_signed()
36 x = (uint32_t)-neg; in t0_parse7E_signed()
44 return -(int32_t)~x - 1; in t0_parse7E_signed()
78 #define ENG ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_con… macro
87 * first field of the br_ssl_client_context structure ('eng'), then
92 #define CTX ((br_ssl_client_context *)ENG)
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
97 * data length (in bytes), or -x on error, with 'x' being an error code.
112 xc = ctx->eng.x509ctx; in make_pms_rsa()
113 pk = (*xc)->get_pkey(xc, NULL); in make_pms_rsa()
[all …]
|
| H A D | ssl_hs_server.c | 35 neg = ((**p) >> 6) & 1; in t0_parse7E_signed()
36 x = (uint32_t)-neg; in t0_parse7E_signed()
44 return -(int32_t)~x - 1; in t0_parse7E_signed()
78 #define ENG ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_con… macro
87 * first field of the br_ssl_server_context structure ('eng'), then
92 #define CTX ((br_ssl_server_context *)ENG)
95 * Decrypt the pre-master secret (RSA key exchange).
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, &len); in do_rsa_decrypt()
116 br_enc16be(epms, ctx->client_max_version); in do_rsa_decrypt()
120 * decryption failed. Note that we use a constant-time conditional in do_rsa_decrypt()
[all …]
|
| H A D | ssl_hs_client.t0 | 23 \ ----------------------------------------------------------------------
32 * first field of the br_ssl_client_context structure ('eng'), then
37 #define CTX ((br_ssl_client_context *)ENG)
40 * Generate the pre-master secret for RSA key exchange, and encrypt it
42 * data length (in bytes), or -x on error, with 'x' being an error code.
57 xc = ctx->eng.x509ctx;
58 pk = (*xc)->get_pkey(xc, NULL);
63 n = pk->key.rsa.n;
64 nlen = pk->key.rsa.nlen;
67 nlen --;
[all …]
|
| H A D | ssl_hs_server.t0 | 23 \ ----------------------------------------------------------------------
32 * first field of the br_ssl_server_context structure ('eng'), then
37 #define CTX ((br_ssl_server_context *)ENG)
40 * Decrypt the pre-master secret (RSA key exchange).
52 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, &len);
61 br_enc16be(epms, ctx->client_max_version);
65 * decryption failed. Note that we use a constant-time conditional
68 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
69 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
74 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
[all …]
|
| H A D | ssl_client_full.c | 39 * -- Don't use 3DES if AES or ChaCha20 is available. in br_ssl_client_init_full()
40 * -- Try to have Forward Secrecy (ECDHE suite) if possible. in br_ssl_client_init_full()
41 * -- When not using Forward Secrecy, ECDH key exchange is in br_ssl_client_init_full()
45 * -- ChaCha20+Poly1305 is better than AES/GCM (faster, smaller code). in br_ssl_client_init_full()
46 * -- GCM is better than CCM and CBC. CCM is better than CBC. in br_ssl_client_init_full()
47 * -- CCM is preferable over CCM_8 (with CCM_8, forgeries may succeed in br_ssl_client_init_full()
48 * with probability 2^(-64)). in br_ssl_client_init_full()
49 * -- AES-128 is preferred over AES-256 (AES-128 is already in br_ssl_client_init_full()
50 * strong enough, and AES-256 is 40% more expensive). in br_ssl_client_init_full()
117 * Reset client context and set supported versions from TLS-1.0 in br_ssl_client_init_full()
[all …]
|
| H A D | ssl_client.c | 47 br_ssl_engine_set_buffer(&cc->eng, NULL, 0, 0); in br_ssl_client_reset()
48 cc->eng.version_out = cc->eng.version_min; in br_ssl_client_reset()
52 if (!br_ssl_engine_init_rand(&cc->eng)) { in br_ssl_client_reset()
62 cc->eng.reneg = 0; in br_ssl_client_reset()
65 cc->eng.server_name[0] = 0; in br_ssl_client_reset()
67 n = strlen(server_name) + 1; in br_ssl_client_reset()
68 if (n > sizeof cc->eng.server_name) { in br_ssl_client_reset()
69 br_ssl_engine_fail(&cc->eng, BR_ERR_BAD_PARAM); in br_ssl_client_reset()
72 memcpy(cc->eng.server_name, server_name, n); in br_ssl_client_reset()
75 br_ssl_engine_hs_reset(&cc->eng, in br_ssl_client_reset()
[all …]
|
| H A D | ssl_server_full_rsa.c | 39 * -- Don't use 3DES if AES is available. in br_ssl_server_init_full_rsa()
40 * -- Try to have Forward Secrecy (ECDHE suite) if possible. in br_ssl_server_init_full_rsa()
41 * -- ChaCha20+Poly1305 is better than AES/GCM (faster, smaller). in br_ssl_server_init_full_rsa()
42 * -- GCM is better than CBC. in br_ssl_server_init_full_rsa()
43 * -- AES-128 is preferred over AES-256 (AES-128 is already in br_ssl_server_init_full_rsa()
44 * strong enough, and AES-256 is 40% more expensive). in br_ssl_server_init_full_rsa()
85 * Reset server context and set supported versions from TLS-1.0 in br_ssl_server_init_full_rsa()
86 * to TLS-1.2 (inclusive). in br_ssl_server_init_full_rsa()
89 br_ssl_engine_set_versions(&cc->eng, BR_TLS10, BR_TLS12); in br_ssl_server_init_full_rsa()
94 br_ssl_engine_set_suites(&cc->eng, suites, in br_ssl_server_init_full_rsa()
[all …]
|
| H A D | ssl_server_full_ec.c | 39 * -- Don't use 3DES if AES is available. in br_ssl_server_init_full_ec()
40 * -- Try to have Forward Secrecy (ECDHE suite) if possible. in br_ssl_server_init_full_ec()
41 * -- ChaCha20+Poly1305 is better than AES/GCM (faster, smaller). in br_ssl_server_init_full_ec()
42 * -- GCM is better than CCM and CBC. CCM is better than CBC. in br_ssl_server_init_full_ec()
43 * -- CCM is better than CCM_8. in br_ssl_server_init_full_ec()
44 * -- AES-128 is preferred over AES-256 (AES-128 is already in br_ssl_server_init_full_ec()
45 * strong enough, and AES-256 is 40% more expensive). in br_ssl_server_init_full_ec()
96 * Reset server context and set supported versions from TLS-1.0 in br_ssl_server_init_full_ec()
97 * to TLS-1.2 (inclusive). in br_ssl_server_init_full_ec()
100 br_ssl_engine_set_versions(&cc->eng, BR_TLS10, BR_TLS12); in br_ssl_server_init_full_ec()
[all …]
|
| /freebsd/contrib/bearssl/samples/ |
| H A D | custom_profile.c | 41 * respectively. Of course, in a typical size-constrained application,
108 br_ssl_engine_set_versions(&cc->eng, BR_TLS10, BR_TLS12); in example_client_profile()
114 * -- cipher suites with a name ending in "SHA384" need "prf_sha384"; in example_client_profile()
115 * -- all others need "prf_sha256". in example_client_profile()
118 * use SHA-1 for the per-record MAC (that's what the final "SHA" in example_client_profile()
119 * means), but still SHA-256 for the PRF when selected along with in example_client_profile()
120 * the TLS-1.2 protocol version. in example_client_profile()
122 br_ssl_engine_set_prf10(&cc->eng, &br_tls10_prf); in example_client_profile()
123 br_ssl_engine_set_prf_sha256(&cc->eng, &br_tls12_sha256_prf); in example_client_profile()
124 br_ssl_engine_set_prf_sha384(&cc->eng, &br_tls12_sha384_prf); in example_client_profile()
[all …]
|
| /freebsd/contrib/llvm-project/clang/lib/StaticAnalyzer/Core/ |
| H A D | CheckerManager.cpp | 1 //===- CheckerManager.cpp - Static Analyzer Checker Manager ---------------===//
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
7 //===----------------------------------------------------------------------===//
11 //===----------------------------------------------------------------------===//
38 const auto IfAnyAreNonEmpty = [](const auto &... Callbacks) -> bool { in hasPathSensitiveCheckers()
66 << (llvm::Twine() + C->getTagDescription() + ":" + OptionName).str() in reportInvalidCheckerOptionValue()
70 //===----------------------------------------------------------------------===//
72 //===----------------------------------------------------------------------===//
78 unsigned DeclKind = D->getKind(); in runCheckersOnASTDecl()
82 checkers = &(CCI->second); in runCheckersOnASTDecl()
[all …]
|
| H A D | CoreEngine.cpp | 1 //===- CoreEngine.cpp - Path-Sensitive Dataflow Engine --------------------===//
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
7 //===----------------------------------------------------------------------===//
9 // This file defines a generic engine for intraprocedural, path-sensitive,
12 //===----------------------------------------------------------------------===//
53 //===----------------------------------------------------------------------===//
55 //===----------------------------------------------------------------------===//
82 WList->setBlockCounter(C); in setBlockCounter()
84 CTUWList->setBlockCounter(C); in setBlockCounter()
87 /// ExecuteWorkList - Run the worklist algorithm for a maximum number of steps.
[all …]
|
| /freebsd/crypto/openssl/ssl/ |
| H A D | tls_depr.c | 2 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
33 ENGINE *eng; in tls_get_cipher_from_engine() local
39 eng = ENGINE_get_cipher_engine(nid); in tls_get_cipher_from_engine()
40 if (eng != NULL) { in tls_get_cipher_from_engine()
41 ret = ENGINE_get_cipher(eng, nid); in tls_get_cipher_from_engine()
42 ENGINE_finish(eng); in tls_get_cipher_from_engine()
52 ENGINE *eng; in tls_get_digest_from_engine() local
58 eng = ENGINE_get_digest_engine(nid); in tls_get_digest_from_engine()
59 if (eng != NULL) { in tls_get_digest_from_engine()
60 ret = ENGINE_get_digest(eng, nid); in tls_get_digest_from_engine()
[all …]
|
| /freebsd/contrib/bearssl/tools/ |
| H A D | twrch.c | 51 " -trace dump all packets on stderr\n"); in usage_twrch()
53 " -v verbose error messages on stderr\n"); in usage_twrch()
55 " -server act as an SSL server\n"); in usage_twrch()
57 " -client act as an SSL client\n"); in usage_twrch()
59 " -sni name use specified name for SNI\n"); in usage_twrch()
61 " -mono use monodirectional buffering\n"); in usage_twrch()
63 " -buf length set the I/O buffer length (in bytes)\n"); in usage_twrch()
65 " -cache length set the session cache storage length (in bytes)\n"); in usage_twrch()
67 " -cert fname read certificate chain from file 'fname'\n"); in usage_twrch()
69 " -key fname read private key from file 'fname'\n"); in usage_twrch()
[all …]
|
| H A D | client.c | 45 #define INVALID_SOCKET (-1)
67 for (p = si; p != NULL; p = p->ai_next) { in host_connect()
73 sa = (struct sockaddr *)p->ai_addr; in host_connect()
74 if (sa->sa_family == AF_INET) { in host_connect()
76 (void *)sa)->sin_addr; in host_connect()
77 } else if (sa->sa_family == AF_INET6) { in host_connect()
79 (void *)sa)->sin6_addr; in host_connect()
84 if (!inet_ntop(p->ai_family, addr, in host_connect()
91 (int)sa->sa_family); in host_connect()
95 fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol); in host_connect()
[all …]
|
| H A D | server.c | 45 #define INVALID_SOCKET (-1)
68 for (p = si; p != NULL; p = p->ai_next) { in host_bind()
76 sa = (struct sockaddr *)p->ai_addr; in host_bind()
77 if (sa->sa_family == AF_INET) { in host_bind()
85 } else if (sa->sa_family == AF_INET6) { in host_bind()
95 sa_len = p->ai_addrlen; in host_bind()
101 if (!inet_ntop(p->ai_family, addr, in host_bind()
108 (int)sa->sa_family); in host_bind()
112 fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol); in host_bind()
119 opt = 1; in host_bind()
[all …]
|
| /freebsd/crypto/openssl/apps/lib/ |
| H A D | engine.c | 11 * Here is a set of wrappers for the ENGINE API, which are no-ops when the
63 (void *)get_ui_method(), 0, 1) in setup_engine_methods()
87 int rv = 1; in init_engine()
97 int rv = 1; in finish_engine()
117 sizeof(ENGINE_SCHEME_COLON) - 1 in make_engine_uri()
119 + 1 /* : */ in make_engine_uri()
121 + 1 /* \0 */ in make_engine_uri()
145 ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1); in get_legacy_pkey_id()
151 ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1); in get_legacy_pkey_id()
170 ENGINE *eng; in get_digest_from_engine() local
[all …]
|
| /freebsd/secure/lib/libcrypto/man/man3/ |
| H A D | EVP_PKEY_encrypt.3 | 1 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
58 .TH EVP_PKEY_ENCRYPT 3ossl 2025-09-30 3.5.4 OpenSSL
65 EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm
68 .Vb 1
105 return 1 for success and 0 or a negative value for failure. In particular a
106 return value of \-2 indicates the operation is not supported by the public key
112 set 'eng = NULL;' to start with the default OpenSSL RSA implementation:
120 \& ENGINE *eng;
126 \& * NB: assumes eng, key, in, inlen are already set up,
[all …]
|
| H A D | EVP_PKEY_derive.3 | 1 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
58 .TH EVP_PKEY_DERIVE 3ossl 2025-09-30 3.5.4 OpenSSL
66 \&\- derive public key algorithm shared secret
69 .Vb 1
95 \&\fIvalidate_peer\fR set to 1.
113 \&\fBEVP_PKEY_derive_init()\fR and \fBEVP_PKEY_derive()\fR return 1
115 In particular a return value of \-2 indicates the operation is not supported by
126 \& ENGINE *eng;
130 \& /* NB: assumes pkey, eng, peerkey have been already set up */
[all …]
|
| H A D | EVP_PKEY_decrypt.3 | 1 .\" -*- mode: troff; coding: utf-8 -*-
46 . tm Index:\\$1\t\\n%\t"\\$2"
58 .TH EVP_PKEY_DECRYPT 3ossl 2025-09-30 3.5.4 OpenSSL
65 EVP_PKEY_decrypt \- decrypt using a public key algorithm
68 .Vb 1
107 return 1 for success and 0 or a negative value for failure. In particular a
108 return value of \-2 indicates the operation is not supported by the public key
112 In OpenSSL versions before 3.2.0, when used in PKCS#1 v1.5 padding,
115 used private key. They had to be processed in a side-channel free way.
117 Since version 3.2.0, the \fBEVP_PKEY_decrypt()\fR method when used with PKCS#1
[all …]
|
| /freebsd/crypto/openssl/doc/man3/ |
| H A D | EVP_PKEY_encrypt.pod | 6 EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
48 return 1 for success and 0 or a negative value for failure. In particular a
49 return value of -2 indicates the operation is not supported by the public key
56 set 'eng = NULL;' to start with the default OpenSSL RSA implementation:
63 ENGINE *eng;
69 * NB: assumes eng, key, in, inlen are already set up,
72 ctx = EVP_PKEY_CTX_new(key, eng);
111 Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
|
| H A D | EVP_PKEY_derive.pod | 7 - derive public key algorithm shared secret
36 I<validate_peer> set to 1.
56 EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1
58 In particular a return value of -2 indicates the operation is not supported by
69 ENGINE *eng;
73 /* NB: assumes pkey, eng, peerkey have been already set up */
75 ctx = EVP_PKEY_CTX_new(pkey, eng);
117 Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
| H A D | EVP_PKEY_decrypt.pod | 6 EVP_PKEY_decrypt - decrypt using a public key algorithm
50 return 1 for success and 0 or a negative value for failure. In particular a
51 return value of -2 indicates the operation is not supported by the public key
56 In OpenSSL versions before 3.2.0, when used in PKCS#1 v1.5 padding,
59 used private key. They had to be processed in a side-channel free way.
61 Since version 3.2.0, the EVP_PKEY_decrypt() method when used with PKCS#1
64 B<OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION> in L<provider-asym_cipher(7)>).
66 instead it returns a pseudo-randomly generated message, removing the need
67 of side-channel secure code from applications using OpenSSL.
70 using side-channel free code.
[all …]
|
| /freebsd/contrib/llvm-project/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ |
| H A D | CoreEngine.h | 1 //===- CoreEngine.h - Path-Sensitive Dataflow Engine ------------*- C++ -*-===//
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
7 //===----------------------------------------------------------------------===//
9 // This file defines a generic engine for intraprocedural, path-sensitive,
12 //===----------------------------------------------------------------------===//
47 //===----------------------------------------------------------------------===//
48 /// CoreEngine - Implements the core logic of the graph-reachability
54 /// at the statement and block-level. The analyses themselves must implement
55 /// any transfer function logic and the sub-expression level (if any).
75 /// G - The simulation graph. Each node is a (location,state) pair.
[all …]
|
| /freebsd/crypto/openssl/apps/ |
| H A D | genrsa.c | 2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
43 {OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n"},
46 {"help", OPT_HELP, '-', "Display this summary"},
53 {"3", OPT_3, '-', "(deprecated) Use 3 for the E value"},
55 {"F4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"},
56 {"f4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"},
62 {"verbose", OPT_VERBOSE, '-', "Verbose output"},
63 {"quiet", OPT_QUIET, '-', "Terse output"},
64 {"traditional", OPT_TRADITIONAL, '-',
66 {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
[all …]
|