openpilot v0.5.8 release
parent
f364a3ee8f
commit
b967da5fc1
|
@ -1,7 +1,26 @@
|
|||
FROM ubuntu:16.04
|
||||
ENV PYTHONUNBUFFERED 1
|
||||
|
||||
RUN apt-get update && apt-get install -y build-essential clang vim screen wget bzip2 git libglib2.0-0 python-pip capnproto libcapnp-dev libzmq5-dev libffi-dev libusb-1.0-0
|
||||
RUN apt-get update && apt-get install -y \
|
||||
build-essential \
|
||||
clang \
|
||||
vim \
|
||||
screen \
|
||||
wget \
|
||||
bzip2 \
|
||||
git \
|
||||
libglib2.0-0 \
|
||||
python-pip \
|
||||
capnproto \
|
||||
libcapnp-dev \
|
||||
libzmq5-dev \
|
||||
libffi-dev \
|
||||
libusb-1.0-0 \
|
||||
libssl-dev \
|
||||
ocl-icd-libopencl1 \
|
||||
ocl-icd-opencl-dev \
|
||||
opencl-headers
|
||||
|
||||
RUN pip install numpy==1.11.2 scipy==0.18.1 matplotlib==2.1.2
|
||||
|
||||
COPY requirements_openpilot.txt /tmp/
|
||||
|
|
42
README.md
42
README.md
|
@ -65,6 +65,7 @@ Supported Cars
|
|||
| Chevrolet<sup>3</sup>| Malibu 2017 | Adaptive Cruise | Yes | Yes | 0mph | 7mph | Custom<sup>7</sup>|
|
||||
| Chevrolet<sup>3</sup>| Volt 2017-18 | Adaptive Cruise | Yes | Yes | 0mph | 7mph | Custom<sup>7</sup>|
|
||||
| Cadillac<sup>3</sup> | ATS 2018 | Adaptive Cruise | Yes | Yes | 0mph | 7mph | Custom<sup>7</sup>|
|
||||
| Chrysler | Pacifica Hybrid 2017 | Adaptive Cruise | Yes | Stock | 0mph | 9mph | Custom<sup>8</sup>|
|
||||
| GMC<sup>3</sup> | Acadia Denali 2018 | Adaptive Cruise | Yes | Yes | 0mph | 7mph | Custom<sup>7</sup>|
|
||||
| Holden<sup>3</sup> | Astra 2017 | Adaptive Cruise | Yes | Yes | 0mph | 7mph | Custom<sup>7</sup>|
|
||||
| Honda | Accord 2018 | All | Yes | Stock | 0mph | 3mph | Bosch |
|
||||
|
@ -100,35 +101,32 @@ Supported Cars
|
|||
<sup>3</sup>[GM installation guide](https://zoneos.com/volt/).
|
||||
<sup>4</sup>It needs an extra 120Ohm resistor ([pic1](https://i.imgur.com/CmdKtTP.jpg), [pic2](https://i.imgur.com/s2etUo6.jpg)) on bus 3 and giraffe switches set to 01X1 (11X1 for stock LKAS), where X depends on if you have the [comma power](https://comma.ai/shop/products/power/).
|
||||
<sup>5</sup>28mph for Camry 4CYL L, 4CYL LE and 4CYL SE which don't have Full-Speed Range Dynamic Radar Cruise Control.
|
||||
<sup>6</sup>Open sourced [Hyundai Giraffe](https://github.com/commaai/neo/tree/master/giraffe/hyundai) is designed ofor the 2019 Sante Fe; pinout may differ for other Hyundais.
|
||||
<sup>7</sup>Community built Giraffe, find more information here, [GM Giraffe](https://zoneos.com/shop/).
|
||||
<sup>6</sup>Open sourced [Hyundai Giraffe](https://github.com/commaai/neo/tree/master/giraffe/hyundai) is designed for the 2019 Sante Fe; pinout may differ for other Hyundais.
|
||||
<sup>7</sup>Community built Giraffe, find more information [here](https://zoneos.com/shop/).
|
||||
<sup>8</sup>Community built Giraffe, find more information [here](https://github.com/adhintz/openpilot/wiki). Comma official Giraffe coming soon.
|
||||
|
||||
Community Maintained Cars
|
||||
------
|
||||
|
||||
| Make | Model | Supported Package | Lateral | Longitudinal | No Accel Below | No Steer Below | Giraffe |
|
||||
| ------- | ---------------------- | -------------------- | ------- | ------------ | -------------- | -------------- | ------------------|
|
||||
| Honda | Fit 2018 | Honda Sensing | Yes | Yes | 25mph<sup>1</sup>| 12mph | Inverted Nidec |
|
||||
| Tesla | Model S 2012 | All | Yes | Not yet | Not applicable | 0mph | Custom<sup>8</sup>|
|
||||
| Tesla | Model S 2013 | All | Yes | Not yet | Not applicable | 0mph | Custom<sup>8</sup>|
|
||||
| Make | Model | Supported Package | Lateral | Longitudinal | No Accel Below | No Steer Below | Giraffe |
|
||||
| ---------------------| -------------------------| ---------------------| --------| ---------------| -----------------| ---------------|-------------------|
|
||||
| Honda | Fit 2018 | Honda Sensing | Yes | Yes | 25mph<sup>1</sup>| 12mph | Inverted Nidec |
|
||||
| Tesla | Model S 2012 | All | Yes | Not yet | Not applicable | 0mph | Custom<sup>9</sup>|
|
||||
| Tesla | Model S 2013 | All | Yes | Not yet | Not applicable | 0mph | Custom<sup>9</sup>|
|
||||
|
||||
[[Honda Fit Pull Request]](https://github.com/commaai/openpilot/pull/266). <br />
|
||||
[[Tesla Model S Pull Request]](https://github.com/commaai/openpilot/pull/246) <br />
|
||||
<sup>8</sup>Community built Giraffe, find more information here [Community Tesla Giraffe](https://github.com/jeankalud/neo/tree/tesla_giraffe/giraffe/tesla) <br />
|
||||
<sup>9</sup>Community built Giraffe, find more information here [Community Tesla Giraffe](https://github.com/jeankalud/neo/tree/tesla_giraffe/giraffe/tesla) <br />
|
||||
|
||||
Community Maintained Cars are not confirmed by comma.ai to meet our [safety model](https://github.com/commaai/openpilot/blob/devel/SAFETY.md). Be extra cautious using them.
|
||||
|
||||
In Progress Cars
|
||||
------
|
||||
- All TSS-P Toyota with Steering Assist.
|
||||
- 'Full Speed Range Dynamic Radar Cruise Control' is required to enable stop-and-go. Only the Prius, Camry and C-HR have this option.
|
||||
- Even though the Tundra, Sequoia and the Land Cruiser have TSS-P, they don't have Steering Assist and are not supported.
|
||||
- All TSS-P Toyota with Steering Assist and LSS-P Lexus with Steering Assist or Lane Keep Assist.
|
||||
- Only remaining Toyota cars with no port yet are the Avalon and the Sienna.
|
||||
- All LSS-P Lexus with Steering Assist or Lane Keep Assist.
|
||||
- 'All-Speed Range Dynamic Radar Cruise Control' is required to enable stop-and-go. Only the GS, GSH, F, RX, RXH, LX, NX, NXH, LC, LCH, LS, LSH have this option.
|
||||
- Even though the LX have TSS-P, it does not have Steering Assist and is not supported.
|
||||
- All Hyundai with SmartSense.
|
||||
- All Kia with SCC and LKAS.
|
||||
- All Chrysler, Jeep, Fiat with Adaprive Cruise Control and LaneSense.
|
||||
|
||||
How can I add support for my car?
|
||||
------
|
||||
|
@ -137,7 +135,7 @@ If your car has adaptive cruise control and lane keep assist, you are in luck. U
|
|||
|
||||
We've written guides for [Brand](https://medium.com/@comma_ai/how-to-write-a-car-port-for-openpilot-7ce0785eda84) and [Model](https://medium.com/@comma_ai/openpilot-port-guide-for-toyota-models-e5467f4b5fe6) ports. These guides might help you after you have the basics figured out.
|
||||
|
||||
- BMW, Audi, Volvo, and Mercedes all use [FlexRay](https://en.wikipedia.org/wiki/FlexRay) and are unlikely to be supported any time soon.
|
||||
- BMW, Audi, Volvo, and Mercedes all use [FlexRay](https://en.wikipedia.org/wiki/FlexRay) and can be supported after [FlexRay support](https://github.com/commaai/openpilot/pull/463) is merged.
|
||||
- We put time into a Ford port, but the steering has a 10 second cutout limitation that makes it unusable.
|
||||
- The 2016-2017 Honda Accord uses a custom signaling protocol for steering that's unlikely to ever be upstreamed.
|
||||
|
||||
|
@ -187,23 +185,21 @@ By using it, you agree to [our privacy policy](https://community.comma.ai/privac
|
|||
Testing on PC
|
||||
------
|
||||
|
||||
There is rudimentary infrastructure to run a basic simulation and generate a report of openpilot's behavior in different scenarios.
|
||||
Check out [openpilot-tools](https://github.com/commaai/openpilot-tools): lots of tools you can use to replay driving data, test and develop openpilot from your pc.
|
||||
|
||||
Also, within openpilot there is a rudimentary infrastructure to run a basic simulation and generate a report of openpilot's behavior in different longitudinal control scenarios.
|
||||
|
||||
```bash
|
||||
# Requires working docker
|
||||
./run_docker_tests.sh
|
||||
```
|
||||
|
||||
The resulting plots are displayed in `selfdrive/test/tests/plant/out/longitudinal/index.html`
|
||||
|
||||
More extensive testing infrastructure and simulation environments are coming soon.
|
||||
|
||||
|
||||
Contributing
|
||||
------
|
||||
|
||||
We welcome both pull requests and issues on
|
||||
[github](http://github.com/commaai/openpilot). Bug fixes and new car ports encouraged.
|
||||
We welcome both pull requests and issues on [github](http://github.com/commaai/openpilot). Bug fixes and new car ports encouraged.
|
||||
|
||||
We also have a [bounty program](https://comma.ai/bounties.html).
|
||||
|
||||
Want to get paid to work on openpilot? [comma.ai is hiring](https://comma.ai/jobs/)
|
||||
|
||||
|
|
10
RELEASES.md
10
RELEASES.md
|
@ -1,3 +1,13 @@
|
|||
Version 0.5.8 (2019-01-17)
|
||||
========================
|
||||
* Open sourced visiond
|
||||
* Auto-slowdown for upcoming turns
|
||||
* Chrysler/Jeep/Fiat support thanks to adhintz!
|
||||
* Honda Civic 2019 support thanks to csouers!
|
||||
* Improved use of car display in Toyota thanks to arne182!
|
||||
* No data upload when connected to Android or iOS hotspots and "Enable Upload Over Cellular" setting is off
|
||||
* EON stops charging when 12V battery drops below 11.8V
|
||||
|
||||
Version 0.5.7 (2018-12-06)
|
||||
========================
|
||||
* Speed limit from OpenStreetMap added to UI
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -244,6 +244,8 @@ struct CarControl {
|
|||
leadVisible @3: Bool;
|
||||
visualAlert @4: VisualAlert;
|
||||
audibleAlert @5: AudibleAlert;
|
||||
rightLaneVisible @6: Bool;
|
||||
leftLaneVisible @7: Bool;
|
||||
|
||||
enum VisualAlert {
|
||||
# these are the choices from the Honda
|
||||
|
|
|
@ -187,10 +187,10 @@ struct SensorEventData {
|
|||
iOS @1;
|
||||
fiber @2;
|
||||
velodyne @3; # Velodyne IMU
|
||||
# c3 sensors below
|
||||
bno055 @4;
|
||||
lsm6ds3 @5;
|
||||
bmp280 @6;
|
||||
bno055 @4; # Bosch accelerometer
|
||||
lsm6ds3 @5; # accelerometer (c2)
|
||||
bmp280 @6; # barometer (c2)
|
||||
mmc3416x @7; # magnetometer (c2)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -399,6 +399,8 @@ struct Live100Data {
|
|||
curvature @37 :Float32; # path curvature from vehicle model
|
||||
hudLeadDEPRECATED @14 :Int32;
|
||||
cumLagMs @15 :Float32;
|
||||
startMonoTime @48 :UInt64;
|
||||
mapValid @49 :Bool;
|
||||
|
||||
enabled @19 :Bool;
|
||||
active @36 :Bool;
|
||||
|
@ -420,6 +422,10 @@ struct Live100Data {
|
|||
engageable @41 :Bool; # can OP be engaged?
|
||||
driverMonitoringOn @43 :Bool;
|
||||
|
||||
# maps
|
||||
vCurvature @46 :Float32;
|
||||
decelForTurn @47 :Bool;
|
||||
|
||||
enum ControlState {
|
||||
disabled @0;
|
||||
preEnabled @1;
|
||||
|
@ -556,6 +562,8 @@ struct Plan {
|
|||
aTarget @18 :Float32;
|
||||
jerkFactor @6 :Float32;
|
||||
hasLead @7 :Bool;
|
||||
hasLeftLane @23 :Bool;
|
||||
hasRightLane @24 :Bool;
|
||||
fcw @8 :Bool;
|
||||
longitudinalPlanSource @15 :LongitudinalPlanSource;
|
||||
|
||||
|
@ -567,6 +575,7 @@ struct Plan {
|
|||
# maps
|
||||
vCurvature @21 :Float32;
|
||||
decelForTurn @22 :Bool;
|
||||
mapValid @25 :Bool;
|
||||
|
||||
struct GpsTrajectory {
|
||||
x @0 :List(Float32);
|
||||
|
@ -1584,8 +1593,15 @@ struct LiveMapData {
|
|||
roadCurvatureX @8 :List(Float32);
|
||||
roadCurvature @9 :List(Float32);
|
||||
distToTurn @10 :Float32;
|
||||
mapValid @11 :Bool;
|
||||
}
|
||||
|
||||
struct CameraOdometry {
|
||||
trans @0 :List(Float32); # m/s in device frame
|
||||
rot @1 :List(Float32); # rad/s in device frame
|
||||
transStd @2 :List(Float32); # std m/s in device frame
|
||||
rotStd @3 :List(Float32); # std rad/s in device frame
|
||||
}
|
||||
|
||||
struct Event {
|
||||
# in nanoseconds?
|
||||
|
@ -1654,5 +1670,6 @@ struct Event {
|
|||
boot @60 :Boot;
|
||||
liveParameters @61 :LiveParametersData;
|
||||
liveMapData @62 :LiveMapData;
|
||||
cameraOdometry @63 :CameraOdometry;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import numpy as np
|
||||
import common.transformations.orientation as orient
|
||||
import cv2
|
||||
|
||||
FULL_FRAME_SIZE = (1164, 874)
|
||||
W, H = FULL_FRAME_SIZE[0], FULL_FRAME_SIZE[1]
|
||||
|
@ -62,31 +63,35 @@ def roll_from_ke(m):
|
|||
return np.arctan2(-(m[1, 0] - m[1, 1] * m[2, 0] / m[2, 1]),
|
||||
-(m[0, 0] - m[0, 1] * m[2, 0] / m[2, 1]))
|
||||
|
||||
def normalize(img_pts):
|
||||
|
||||
def normalize(img_pts, intrinsics=eon_intrinsics):
|
||||
# normalizes image coordinates
|
||||
# accepts single pt or array of pts
|
||||
intrinsics_inv = np.linalg.inv(intrinsics)
|
||||
img_pts = np.array(img_pts)
|
||||
input_shape = img_pts.shape
|
||||
img_pts = np.atleast_2d(img_pts)
|
||||
img_pts = np.hstack((img_pts, np.ones((img_pts.shape[0],1))))
|
||||
img_pts_normalized = eon_intrinsics_inv.dot(img_pts.T).T
|
||||
img_pts_normalized = intrinsics_inv.dot(img_pts.T).T
|
||||
img_pts_normalized[(img_pts < 0).any(axis=1)] = np.nan
|
||||
return img_pts_normalized[:,:2].reshape(input_shape)
|
||||
|
||||
def denormalize(img_pts):
|
||||
|
||||
def denormalize(img_pts, intrinsics=eon_intrinsics):
|
||||
# denormalizes image coordinates
|
||||
# accepts single pt or array of pts
|
||||
img_pts = np.array(img_pts)
|
||||
input_shape = img_pts.shape
|
||||
img_pts = np.atleast_2d(img_pts)
|
||||
img_pts = np.hstack((img_pts, np.ones((img_pts.shape[0],1))))
|
||||
img_pts_denormalized = eon_intrinsics.dot(img_pts.T).T
|
||||
img_pts_denormalized = intrinsics.dot(img_pts.T).T
|
||||
img_pts_denormalized[img_pts_denormalized[:,0] > W] = np.nan
|
||||
img_pts_denormalized[img_pts_denormalized[:,0] < 0] = np.nan
|
||||
img_pts_denormalized[img_pts_denormalized[:,1] > H] = np.nan
|
||||
img_pts_denormalized[img_pts_denormalized[:,1] < 0] = np.nan
|
||||
return img_pts_denormalized[:,:2].reshape(input_shape)
|
||||
|
||||
|
||||
def device_from_ecef(pos_ecef, orientation_ecef, pt_ecef):
|
||||
# device from ecef frame
|
||||
# device frame is x -> forward, y-> right, z -> down
|
||||
|
@ -99,6 +104,7 @@ def device_from_ecef(pos_ecef, orientation_ecef, pt_ecef):
|
|||
pt_device = np.einsum('jk,ik->ij', device_from_ecef_rot, pt_ecef_rel)
|
||||
return pt_device.reshape(input_shape)
|
||||
|
||||
|
||||
def img_from_device(pt_device):
|
||||
# img coordinates from pts in device frame
|
||||
# first transforms to view frame, then to img coords
|
||||
|
@ -113,3 +119,30 @@ def img_from_device(pt_device):
|
|||
pt_img = pt_view/pt_view[:,2:3]
|
||||
return pt_img.reshape(input_shape)[:,:2]
|
||||
|
||||
|
||||
def rotate_img(img, eulers, crop=None, intrinsics=eon_intrinsics):
|
||||
size = img.shape[:2]
|
||||
rot = orient.rot_from_euler(eulers)
|
||||
quadrangle = np.array([[0, 0],
|
||||
[size[1]-1, 0],
|
||||
[0, size[0]-1],
|
||||
[size[1]-1, size[0]-1]], dtype=np.float32)
|
||||
quadrangle_norm = np.hstack((normalize(quadrangle, intrinsics=intrinsics), np.ones((4,1))))
|
||||
warped_quadrangle_full = np.einsum('ij, kj->ki', intrinsics.dot(rot), quadrangle_norm)
|
||||
warped_quadrangle = np.column_stack((warped_quadrangle_full[:,0]/warped_quadrangle_full[:,2],
|
||||
warped_quadrangle_full[:,1]/warped_quadrangle_full[:,2])).astype(np.float32)
|
||||
if crop:
|
||||
W_border = (size[1] - crop[0])/2
|
||||
H_border = (size[0] - crop[1])/2
|
||||
outside_crop = (((warped_quadrangle[:,0] < W_border) |
|
||||
(warped_quadrangle[:,0] >= size[1] - W_border)) &
|
||||
((warped_quadrangle[:,1] < H_border) |
|
||||
(warped_quadrangle[:,1] >= size[0] - H_border)))
|
||||
if not outside_crop.all():
|
||||
raise ValueError("warped image not contained inside crop")
|
||||
else:
|
||||
H_border, W_border = 0, 0
|
||||
M = cv2.getPerspectiveTransform(quadrangle, warped_quadrangle)
|
||||
img_warped = cv2.warpPerspective(img, M, size[::-1])
|
||||
return img_warped[H_border: size[0] - H_border,
|
||||
W_border: size[1] - W_border]
|
||||
|
|
|
@ -221,6 +221,8 @@ def ned_euler_from_ecef(ned_ecef_init, ecef_poses):
|
|||
ecef_poses = array(ecef_poses)
|
||||
output_shape = ecef_poses.shape
|
||||
ned_ecef_init = np.atleast_2d(ned_ecef_init)
|
||||
if ned_ecef_init.shape[0] == 1:
|
||||
ned_ecef_init = np.tile(ned_ecef_init[0], (output_shape[0], 1))
|
||||
ecef_poses = np.atleast_2d(ecef_poses)
|
||||
|
||||
ned_poses = np.zeros(ecef_poses.shape)
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,7 @@
|
|||
# with neos tree
|
||||
cd ~/android/system
|
||||
mka libcrypt_static libssl_static
|
||||
|
||||
cp ~/android/system/out/target/product/oneplus3/obj/STATIC_LIBRARIES/libcrypto_static_intermediates/libcrypto_static.a lib/
|
||||
cp ~/android/system/out/target/product/oneplus3/obj/STATIC_LIBRARIES/libssl_static_intermediates/libssl_static.a lib/
|
||||
|
|
@ -0,0 +1,315 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_AEAD_H
|
||||
#define OPENSSL_HEADER_AEAD_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Authenticated Encryption with Additional Data.
|
||||
*
|
||||
* AEAD couples confidentiality and integrity in a single primtive. AEAD
|
||||
* algorithms take a key and then can seal and open individual messages. Each
|
||||
* message has a unique, per-message nonce and, optionally, additional data
|
||||
* which is authenticated but not included in the ciphertext.
|
||||
*
|
||||
* The |EVP_AEAD_CTX_init| function initialises an |EVP_AEAD_CTX| structure and
|
||||
* performs any precomputation needed to use |aead| with |key|. The length of
|
||||
* the key, |key_len|, is given in bytes.
|
||||
*
|
||||
* The |tag_len| argument contains the length of the tags, in bytes, and allows
|
||||
* for the processing of truncated authenticators. A zero value indicates that
|
||||
* the default tag length should be used and this is defined as
|
||||
* |EVP_AEAD_DEFAULT_TAG_LENGTH| in order to make the code clear. Using
|
||||
* truncated tags increases an attacker's chance of creating a valid forgery.
|
||||
* Be aware that the attacker's chance may increase more than exponentially as
|
||||
* would naively be expected.
|
||||
*
|
||||
* When no longer needed, the initialised |EVP_AEAD_CTX| structure must be
|
||||
* passed to |EVP_AEAD_CTX_cleanup|, which will deallocate any memory used.
|
||||
*
|
||||
* With an |EVP_AEAD_CTX| in hand, one can seal and open messages. These
|
||||
* operations are intended to meet the standard notions of privacy and
|
||||
* authenticity for authenticated encryption. For formal definitions see
|
||||
* Bellare and Namprempre, "Authenticated encryption: relations among notions
|
||||
* and analysis of the generic composition paradigm," Lecture Notes in Computer
|
||||
* Science B<1976> (2000), 531–545,
|
||||
* http://www-cse.ucsd.edu/~mihir/papers/oem.html.
|
||||
*
|
||||
* When sealing messages, a nonce must be given. The length of the nonce is
|
||||
* fixed by the AEAD in use and is returned by |EVP_AEAD_nonce_length|. *The
|
||||
* nonce must be unique for all messages with the same key*. This is critically
|
||||
* important - nonce reuse may completely undermine the security of the AEAD.
|
||||
* Nonces may be predictable and public, so long as they are unique. Uniqueness
|
||||
* may be achieved with a simple counter or, if large enough, may be generated
|
||||
* randomly. The nonce must be passed into the "open" operation by the receiver
|
||||
* so must either be implicit (e.g. a counter), or must be transmitted along
|
||||
* with the sealed message.
|
||||
*
|
||||
* The "seal" and "open" operations are atomic - an entire message must be
|
||||
* encrypted or decrypted in a single call. Large messages may have to be split
|
||||
* up in order to accomodate this. When doing so, be mindful of the need not to
|
||||
* repeat nonces and the possibility that an attacker could duplicate, reorder
|
||||
* or drop message chunks. For example, using a single key for a given (large)
|
||||
* message and sealing chunks with nonces counting from zero would be secure as
|
||||
* long as the number of chunks was securely transmitted. (Otherwise an
|
||||
* attacker could truncate the message by dropping chunks from the end.)
|
||||
*
|
||||
* The number of chunks could be transmitted by prefixing it to the plaintext,
|
||||
* for example. This also assumes that no other message would ever use the same
|
||||
* key otherwise the rule that nonces must be unique for a given key would be
|
||||
* violated.
|
||||
*
|
||||
* The "seal" and "open" operations also permit additional data to be
|
||||
* authenticated via the |ad| parameter. This data is not included in the
|
||||
* ciphertext and must be identical for both the "seal" and "open" call. This
|
||||
* permits implicit context to be authenticated but may be empty if not needed.
|
||||
*
|
||||
* The "seal" and "open" operations may work in-place if the |out| and |in|
|
||||
* arguments are equal. They may also be used to shift the data left inside the
|
||||
* same buffer if |out| is less than |in|. However, |out| may not point inside
|
||||
* the input data otherwise the input may be overwritten before it has been
|
||||
* read. This situation will cause an error.
|
||||
*
|
||||
* The "seal" and "open" operations return one on success and zero on error. */
|
||||
|
||||
|
||||
/* AEAD algorithms. */
|
||||
|
||||
/* EVP_aead_aes_128_gcm is AES-128 in Galois Counter Mode. */
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm(void);
|
||||
|
||||
/* EVP_aead_aes_256_gcm is AES-256 in Galois Counter Mode. */
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm(void);
|
||||
|
||||
/* EVP_aead_chacha20_poly1305 is an AEAD built from ChaCha20 and Poly1305. */
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
|
||||
|
||||
/* EVP_aead_aes_128_key_wrap is AES-128 Key Wrap mode. This should never be
|
||||
* used except to interoperate with existing systems that use this mode.
|
||||
*
|
||||
* If the nonce is empty then the default nonce will be used, otherwise it must
|
||||
* be eight bytes long. The input must be a multiple of eight bytes long. No
|
||||
* additional data can be given to this mode. */
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_key_wrap(void);
|
||||
|
||||
/* EVP_aead_aes_256_key_wrap is AES-256 in Key Wrap mode. This should never be
|
||||
* used except to interoperate with existing systems that use this mode.
|
||||
*
|
||||
* See |EVP_aead_aes_128_key_wrap| for details. */
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_key_wrap(void);
|
||||
|
||||
/* EVP_aead_aes_128_ctr_hmac_sha256 is AES-128 in CTR mode with HMAC-SHA256 for
|
||||
* authentication. The nonce is 12 bytes; the bottom 32-bits are used as the
|
||||
* block counter, thus the maximum plaintext size is 64GB. */
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void);
|
||||
|
||||
/* EVP_aead_aes_128_ctr_hmac_sha256 is AES-256 in CTR mode with HMAC-SHA256 for
|
||||
* authentication. See |EVP_aead_aes_128_ctr_hmac_sha256| for details. */
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_ctr_hmac_sha256(void);
|
||||
|
||||
/* EVP_has_aes_hardware returns one if we enable hardware support for fast and
|
||||
* constant-time AES-GCM. */
|
||||
OPENSSL_EXPORT int EVP_has_aes_hardware(void);
|
||||
|
||||
|
||||
/* TLS-specific AEAD algorithms.
|
||||
*
|
||||
* These AEAD primitives do not meet the definition of generic AEADs. They are
|
||||
* all specific to TLS and should not be used outside of that context. They must
|
||||
* be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful, and may
|
||||
* not be used concurrently. Any nonces are used as IVs, so they must be
|
||||
* unpredictable. They only accept an |ad| parameter of length 11 (the standard
|
||||
* TLS one with length omitted). */
|
||||
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_md5_tls(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_sha1_tls(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls_implicit_iv(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha256_tls(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls_implicit_iv(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha256_tls(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha384_tls(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void);
|
||||
|
||||
|
||||
/* SSLv3-specific AEAD algorithms.
|
||||
*
|
||||
* These AEAD primitives do not meet the definition of generic AEADs. They are
|
||||
* all specific to SSLv3 and should not be used outside of that context. They
|
||||
* must be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful,
|
||||
* and may not be used concurrently. They only accept an |ad| parameter of
|
||||
* length 9 (the standard TLS one with length and version omitted). */
|
||||
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_sha1_ssl3(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_ssl3(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_ssl3(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_ssl3(void);
|
||||
|
||||
|
||||
/* Utility functions. */
|
||||
|
||||
/* EVP_AEAD_key_length returns the length, in bytes, of the keys used by
|
||||
* |aead|. */
|
||||
OPENSSL_EXPORT size_t EVP_AEAD_key_length(const EVP_AEAD *aead);
|
||||
|
||||
/* EVP_AEAD_nonce_length returns the length, in bytes, of the per-message nonce
|
||||
* for |aead|. */
|
||||
OPENSSL_EXPORT size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead);
|
||||
|
||||
/* EVP_AEAD_max_overhead returns the maximum number of additional bytes added
|
||||
* by the act of sealing data with |aead|. */
|
||||
OPENSSL_EXPORT size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead);
|
||||
|
||||
/* EVP_AEAD_max_tag_len returns the maximum tag length when using |aead|. This
|
||||
* is the largest value that can be passed as |tag_len| to
|
||||
* |EVP_AEAD_CTX_init|. */
|
||||
OPENSSL_EXPORT size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead);
|
||||
|
||||
|
||||
/* AEAD operations. */
|
||||
|
||||
/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key
|
||||
* and message-independent IV. */
|
||||
typedef struct evp_aead_ctx_st {
|
||||
const EVP_AEAD *aead;
|
||||
/* aead_state is an opaque pointer to whatever state the AEAD needs to
|
||||
* maintain. */
|
||||
void *aead_state;
|
||||
} EVP_AEAD_CTX;
|
||||
|
||||
/* EVP_AEAD_MAX_KEY_LENGTH contains the maximum key length used by
|
||||
* any AEAD defined in this header. */
|
||||
#define EVP_AEAD_MAX_KEY_LENGTH 80
|
||||
|
||||
/* EVP_AEAD_MAX_NONCE_LENGTH contains the maximum nonce length used by
|
||||
* any AEAD defined in this header. */
|
||||
#define EVP_AEAD_MAX_NONCE_LENGTH 16
|
||||
|
||||
/* EVP_AEAD_MAX_OVERHEAD contains the maximum overhead used by any AEAD
|
||||
* defined in this header. */
|
||||
#define EVP_AEAD_MAX_OVERHEAD 64
|
||||
|
||||
/* EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to
|
||||
* EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD should
|
||||
* be used. */
|
||||
#define EVP_AEAD_DEFAULT_TAG_LENGTH 0
|
||||
|
||||
/* evp_aead_direction_t denotes the direction of an AEAD operation. */
|
||||
enum evp_aead_direction_t {
|
||||
evp_aead_open,
|
||||
evp_aead_seal,
|
||||
};
|
||||
|
||||
/* EVP_AEAD_CTX_init initializes |ctx| for the given AEAD algorithm from |impl|.
|
||||
* The |impl| argument may be NULL to choose the default implementation.
|
||||
* Authentication tags may be truncated by passing a size as |tag_len|. A
|
||||
* |tag_len| of zero indicates the default tag length and this is defined as
|
||||
* EVP_AEAD_DEFAULT_TAG_LENGTH for readability.
|
||||
*
|
||||
* Returns 1 on success. Otherwise returns 0 and pushes to the error stack. In
|
||||
* the error case, you do not need to call |EVP_AEAD_CTX_cleanup|, but it's
|
||||
* harmless to do so. */
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
|
||||
const uint8_t *key, size_t key_len,
|
||||
size_t tag_len, ENGINE *impl);
|
||||
|
||||
/* EVP_AEAD_CTX_init_with_direction calls |EVP_AEAD_CTX_init| for normal
|
||||
* AEADs. For TLS-specific and SSL3-specific AEADs, it initializes |ctx| for a
|
||||
* given direction. */
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_init_with_direction(
|
||||
EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len,
|
||||
size_t tag_len, enum evp_aead_direction_t dir);
|
||||
|
||||
/* EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. It is a no-op to
|
||||
* call |EVP_AEAD_CTX_cleanup| on a |EVP_AEAD_CTX| that has been |memset| to
|
||||
* all zeros. */
|
||||
OPENSSL_EXPORT void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx);
|
||||
|
||||
/* EVP_AEAD_CTX_seal encrypts and authenticates |in_len| bytes from |in| and
|
||||
* authenticates |ad_len| bytes from |ad| and writes the result to |out|. It
|
||||
* returns one on success and zero otherwise.
|
||||
*
|
||||
* This function may be called (with the same |EVP_AEAD_CTX|) concurrently with
|
||||
* itself or |EVP_AEAD_CTX_open|.
|
||||
*
|
||||
* At most |max_out_len| bytes are written to |out| and, in order to ensure
|
||||
* success, |max_out_len| should be |in_len| plus the result of
|
||||
* |EVP_AEAD_max_overhead|. On successful return, |*out_len| is set to the
|
||||
* actual number of bytes written.
|
||||
*
|
||||
* The length of |nonce|, |nonce_len|, must be equal to the result of
|
||||
* |EVP_AEAD_nonce_length| for this AEAD.
|
||||
*
|
||||
* |EVP_AEAD_CTX_seal| never results in a partial output. If |max_out_len| is
|
||||
* insufficient, zero will be returned. (In this case, |*out_len| is set to
|
||||
* zero.)
|
||||
*
|
||||
* If |in| and |out| alias then |out| must be <= |in|. */
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, size_t max_out_len,
|
||||
const uint8_t *nonce, size_t nonce_len,
|
||||
const uint8_t *in, size_t in_len,
|
||||
const uint8_t *ad, size_t ad_len);
|
||||
|
||||
/* EVP_AEAD_CTX_open authenticates |in_len| bytes from |in| and |ad_len| bytes
|
||||
* from |ad| and decrypts at most |in_len| bytes into |out|. It returns one on
|
||||
* success and zero otherwise.
|
||||
*
|
||||
* This function may be called (with the same |EVP_AEAD_CTX|) concurrently with
|
||||
* itself or |EVP_AEAD_CTX_seal|.
|
||||
*
|
||||
* At most |in_len| bytes are written to |out|. In order to ensure success,
|
||||
* |max_out_len| should be at least |in_len|. On successful return, |*out_len|
|
||||
* is set to the the actual number of bytes written.
|
||||
*
|
||||
* The length of |nonce|, |nonce_len|, must be equal to the result of
|
||||
* |EVP_AEAD_nonce_length| for this AEAD.
|
||||
*
|
||||
* |EVP_AEAD_CTX_open| never results in a partial output. If |max_out_len| is
|
||||
* insufficient, zero will be returned. (In this case, |*out_len| is set to
|
||||
* zero.)
|
||||
*
|
||||
* If |in| and |out| alias then |out| must be <= |in|. */
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, size_t max_out_len,
|
||||
const uint8_t *nonce, size_t nonce_len,
|
||||
const uint8_t *in, size_t in_len,
|
||||
const uint8_t *ad, size_t ad_len);
|
||||
|
||||
|
||||
/* Obscure functions. */
|
||||
|
||||
/* EVP_AEAD_CTX_get_rc4_state sets |*out_key| to point to an RC4 key structure.
|
||||
* It returns one on success or zero if |ctx| doesn't have an RC4 key. */
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx,
|
||||
const RC4_KEY **out_key);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_AEAD_H */
|
|
@ -0,0 +1,158 @@
|
|||
/* ====================================================================
|
||||
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ==================================================================== */
|
||||
|
||||
#ifndef OPENSSL_HEADER_AES_H
|
||||
#define OPENSSL_HEADER_AES_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Raw AES functions. */
|
||||
|
||||
|
||||
#define AES_ENCRYPT 1
|
||||
#define AES_DECRYPT 0
|
||||
|
||||
/* AES_MAXNR is the maximum number of AES rounds. */
|
||||
#define AES_MAXNR 14
|
||||
|
||||
#define AES_BLOCK_SIZE 16
|
||||
|
||||
/* aes_key_st should be an opaque type, but EVP requires that the size be
|
||||
* known. */
|
||||
struct aes_key_st {
|
||||
uint32_t rd_key[4 * (AES_MAXNR + 1)];
|
||||
unsigned rounds;
|
||||
};
|
||||
typedef struct aes_key_st AES_KEY;
|
||||
|
||||
/* AES_set_encrypt_key configures |aeskey| to encrypt with the |bits|-bit key,
|
||||
* |key|.
|
||||
*
|
||||
* WARNING: unlike other OpenSSL functions, this returns zero on success and a
|
||||
* negative number on error. */
|
||||
OPENSSL_EXPORT int AES_set_encrypt_key(const uint8_t *key, unsigned bits,
|
||||
AES_KEY *aeskey);
|
||||
|
||||
/* AES_set_decrypt_key configures |aeskey| to decrypt with the |bits|-bit key,
|
||||
* |key|.
|
||||
*
|
||||
* WARNING: unlike other OpenSSL functions, this returns zero on success and a
|
||||
* negative number on error. */
|
||||
OPENSSL_EXPORT int AES_set_decrypt_key(const uint8_t *key, unsigned bits,
|
||||
AES_KEY *aeskey);
|
||||
|
||||
/* AES_encrypt encrypts a single block from |in| to |out| with |key|. The |in|
|
||||
* and |out| pointers may overlap. */
|
||||
OPENSSL_EXPORT void AES_encrypt(const uint8_t *in, uint8_t *out,
|
||||
const AES_KEY *key);
|
||||
|
||||
/* AES_decrypt decrypts a single block from |in| to |out| with |key|. The |in|
|
||||
* and |out| pointers may overlap. */
|
||||
OPENSSL_EXPORT void AES_decrypt(const uint8_t *in, uint8_t *out,
|
||||
const AES_KEY *key);
|
||||
|
||||
|
||||
/* Block cipher modes. */
|
||||
|
||||
/* AES_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode) |len|
|
||||
* bytes from |in| to |out|. The |num| parameter must be set to zero on the
|
||||
* first call and |ivec| will be incremented. */
|
||||
OPENSSL_EXPORT void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len, const AES_KEY *key,
|
||||
uint8_t ivec[AES_BLOCK_SIZE],
|
||||
uint8_t ecount_buf[AES_BLOCK_SIZE],
|
||||
unsigned int *num);
|
||||
|
||||
/* AES_ecb_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) a single,
|
||||
* 16 byte block from |in| to |out|. */
|
||||
OPENSSL_EXPORT void AES_ecb_encrypt(const uint8_t *in, uint8_t *out,
|
||||
const AES_KEY *key, const int enc);
|
||||
|
||||
/* AES_cbc_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
|
||||
* bytes from |in| to |out|. The length must be a multiple of the block size. */
|
||||
OPENSSL_EXPORT void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
||||
const AES_KEY *key, uint8_t *ivec,
|
||||
const int enc);
|
||||
|
||||
/* AES_ofb128_encrypt encrypts (or decrypts, it's the same in CTR mode) |len|
|
||||
* bytes from |in| to |out|. The |num| parameter must be set to zero on the
|
||||
* first call. */
|
||||
OPENSSL_EXPORT void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len, const AES_KEY *key,
|
||||
uint8_t *ivec, int *num);
|
||||
|
||||
/* AES_cfb128_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
|
||||
* bytes from |in| to |out|. The |num| parameter must be set to zero on the
|
||||
* first call. */
|
||||
OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len, const AES_KEY *key,
|
||||
uint8_t *ivec, int *num, int enc);
|
||||
|
||||
|
||||
/* Android compatibility section.
|
||||
*
|
||||
* These functions are declared, temporarily, for Android because
|
||||
* wpa_supplicant will take a little time to sync with upstream. Outside of
|
||||
* Android they'll have no definition. */
|
||||
|
||||
OPENSSL_EXPORT int AES_wrap_key(AES_KEY *key, const uint8_t *iv, uint8_t *out,
|
||||
const uint8_t *in, unsigned in_len);
|
||||
OPENSSL_EXPORT int AES_unwrap_key(AES_KEY *key, const uint8_t *iv, uint8_t *out,
|
||||
const uint8_t *in, unsigned in_len);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_AES_H */
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,76 @@
|
|||
/* crypto/asn1/asn1_mac.h */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef HEADER_ASN1_MAC_H
|
||||
#define HEADER_ASN1_MAC_H
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
OPENSSL_EXPORT int asn1_GetSequence(ASN1_const_CTX *c, long *length);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -0,0 +1,907 @@
|
|||
/* asn1t.h */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 2000.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* licensing@OpenSSL.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
#ifndef HEADER_ASN1T_H
|
||||
#define HEADER_ASN1T_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#ifdef OPENSSL_BUILD_SHLIBCRYPTO
|
||||
# undef OPENSSL_EXTERN
|
||||
# define OPENSSL_EXTERN OPENSSL_EXPORT
|
||||
#endif
|
||||
|
||||
/* ASN1 template defines, structures and functions */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
|
||||
#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
|
||||
|
||||
|
||||
/* Macros for start and end of ASN1_ITEM definition */
|
||||
|
||||
#define ASN1_ITEM_start(itname) \
|
||||
const ASN1_ITEM itname##_it = {
|
||||
|
||||
#define ASN1_ITEM_end(itname) \
|
||||
};
|
||||
|
||||
/* Macros to aid ASN1 template writing */
|
||||
|
||||
#define ASN1_ITEM_TEMPLATE(tname) \
|
||||
static const ASN1_TEMPLATE tname##_item_tt
|
||||
|
||||
#define ASN1_ITEM_TEMPLATE_END(tname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_PRIMITIVE,\
|
||||
-1,\
|
||||
&tname##_item_tt,\
|
||||
0,\
|
||||
NULL,\
|
||||
0,\
|
||||
#tname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
|
||||
/* This is a ASN1 type which just embeds a template */
|
||||
|
||||
/* This pair helps declare a SEQUENCE. We can do:
|
||||
*
|
||||
* ASN1_SEQUENCE(stname) = {
|
||||
* ... SEQUENCE components ...
|
||||
* } ASN1_SEQUENCE_END(stname)
|
||||
*
|
||||
* This will produce an ASN1_ITEM called stname_it
|
||||
* for a structure called stname.
|
||||
*
|
||||
* If you want the same structure but a different
|
||||
* name then use:
|
||||
*
|
||||
* ASN1_SEQUENCE(itname) = {
|
||||
* ... SEQUENCE components ...
|
||||
* } ASN1_SEQUENCE_END_name(stname, itname)
|
||||
*
|
||||
* This will create an item called itname_it using
|
||||
* a structure called stname.
|
||||
*/
|
||||
|
||||
#define ASN1_SEQUENCE(tname) \
|
||||
static const ASN1_TEMPLATE tname##_seq_tt[]
|
||||
|
||||
#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
|
||||
|
||||
#define ASN1_SEQUENCE_END_name(stname, tname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_SEQUENCE,\
|
||||
V_ASN1_SEQUENCE,\
|
||||
tname##_seq_tt,\
|
||||
sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
|
||||
NULL,\
|
||||
sizeof(stname),\
|
||||
#stname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
#define ASN1_NDEF_SEQUENCE(tname) \
|
||||
ASN1_SEQUENCE(tname)
|
||||
|
||||
#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
|
||||
ASN1_SEQUENCE_cb(tname, cb)
|
||||
|
||||
#define ASN1_SEQUENCE_cb(tname, cb) \
|
||||
static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \
|
||||
ASN1_SEQUENCE(tname)
|
||||
|
||||
#define ASN1_BROKEN_SEQUENCE(tname) \
|
||||
static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0}; \
|
||||
ASN1_SEQUENCE(tname)
|
||||
|
||||
#define ASN1_SEQUENCE_ref(tname, cb) \
|
||||
static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), cb, 0}; \
|
||||
ASN1_SEQUENCE(tname)
|
||||
|
||||
#define ASN1_SEQUENCE_enc(tname, enc, cb) \
|
||||
static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, offsetof(tname, enc)}; \
|
||||
ASN1_SEQUENCE(tname)
|
||||
|
||||
#define ASN1_NDEF_SEQUENCE_END(tname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_NDEF_SEQUENCE,\
|
||||
V_ASN1_SEQUENCE,\
|
||||
tname##_seq_tt,\
|
||||
sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
|
||||
NULL,\
|
||||
sizeof(tname),\
|
||||
#tname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
|
||||
|
||||
#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
|
||||
|
||||
#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
|
||||
|
||||
#define ASN1_SEQUENCE_END_ref(stname, tname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_SEQUENCE,\
|
||||
V_ASN1_SEQUENCE,\
|
||||
tname##_seq_tt,\
|
||||
sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
|
||||
&tname##_aux,\
|
||||
sizeof(stname),\
|
||||
#stname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_NDEF_SEQUENCE,\
|
||||
V_ASN1_SEQUENCE,\
|
||||
tname##_seq_tt,\
|
||||
sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
|
||||
&tname##_aux,\
|
||||
sizeof(stname),\
|
||||
#stname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
|
||||
/* This pair helps declare a CHOICE type. We can do:
|
||||
*
|
||||
* ASN1_CHOICE(chname) = {
|
||||
* ... CHOICE options ...
|
||||
* ASN1_CHOICE_END(chname)
|
||||
*
|
||||
* This will produce an ASN1_ITEM called chname_it
|
||||
* for a structure called chname. The structure
|
||||
* definition must look like this:
|
||||
* typedef struct {
|
||||
* int type;
|
||||
* union {
|
||||
* ASN1_SOMETHING *opt1;
|
||||
* ASN1_SOMEOTHER *opt2;
|
||||
* } value;
|
||||
* } chname;
|
||||
*
|
||||
* the name of the selector must be 'type'.
|
||||
* to use an alternative selector name use the
|
||||
* ASN1_CHOICE_END_selector() version.
|
||||
*/
|
||||
|
||||
#define ASN1_CHOICE(tname) \
|
||||
static const ASN1_TEMPLATE tname##_ch_tt[]
|
||||
|
||||
#define ASN1_CHOICE_cb(tname, cb) \
|
||||
static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \
|
||||
ASN1_CHOICE(tname)
|
||||
|
||||
#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
|
||||
|
||||
#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
|
||||
|
||||
#define ASN1_CHOICE_END_selector(stname, tname, selname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_CHOICE,\
|
||||
offsetof(stname,selname) ,\
|
||||
tname##_ch_tt,\
|
||||
sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
|
||||
NULL,\
|
||||
sizeof(stname),\
|
||||
#stname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
#define ASN1_CHOICE_END_cb(stname, tname, selname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_CHOICE,\
|
||||
offsetof(stname,selname) ,\
|
||||
tname##_ch_tt,\
|
||||
sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
|
||||
&tname##_aux,\
|
||||
sizeof(stname),\
|
||||
#stname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
/* This helps with the template wrapper form of ASN1_ITEM */
|
||||
|
||||
#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
|
||||
(flags), (tag), 0,\
|
||||
#name, ASN1_ITEM_ref(type) }
|
||||
|
||||
/* These help with SEQUENCE or CHOICE components */
|
||||
|
||||
/* used to declare other types */
|
||||
|
||||
#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
|
||||
(flags), (tag), offsetof(stname, field),\
|
||||
#field, ASN1_ITEM_ref(type) }
|
||||
|
||||
/* used when the structure is combined with the parent */
|
||||
|
||||
#define ASN1_EX_COMBINE(flags, tag, type) { \
|
||||
(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
|
||||
|
||||
/* implicit and explicit helper macros */
|
||||
|
||||
#define ASN1_IMP_EX(stname, field, type, tag, ex) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
|
||||
|
||||
#define ASN1_EXP_EX(stname, field, type, tag, ex) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
|
||||
|
||||
/* Any defined by macros: the field used is in the table itself */
|
||||
|
||||
#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
|
||||
#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
|
||||
/* Plain simple type */
|
||||
#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
|
||||
|
||||
/* OPTIONAL simple type */
|
||||
#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
|
||||
|
||||
/* IMPLICIT tagged simple type */
|
||||
#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
|
||||
|
||||
/* IMPLICIT tagged OPTIONAL simple type */
|
||||
#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
|
||||
|
||||
/* Same as above but EXPLICIT */
|
||||
|
||||
#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
|
||||
#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
|
||||
|
||||
/* SEQUENCE OF type */
|
||||
#define ASN1_SEQUENCE_OF(stname, field, type) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
|
||||
|
||||
/* OPTIONAL SEQUENCE OF */
|
||||
#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
|
||||
|
||||
/* Same as above but for SET OF */
|
||||
|
||||
#define ASN1_SET_OF(stname, field, type) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
|
||||
|
||||
#define ASN1_SET_OF_OPT(stname, field, type) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
|
||||
|
||||
/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
|
||||
|
||||
#define ASN1_IMP_SET_OF(stname, field, type, tag) \
|
||||
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
|
||||
|
||||
#define ASN1_EXP_SET_OF(stname, field, type, tag) \
|
||||
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
|
||||
|
||||
#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
|
||||
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
|
||||
|
||||
#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
|
||||
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
|
||||
|
||||
#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
|
||||
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
|
||||
|
||||
#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
|
||||
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
|
||||
|
||||
#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
|
||||
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
|
||||
|
||||
#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
|
||||
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
|
||||
|
||||
/* EXPLICIT using indefinite length constructed form */
|
||||
#define ASN1_NDEF_EXP(stname, field, type, tag) \
|
||||
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
|
||||
|
||||
/* EXPLICIT OPTIONAL using indefinite length constructed form */
|
||||
#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
|
||||
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
|
||||
|
||||
/* Macros for the ASN1_ADB structure */
|
||||
|
||||
#define ASN1_ADB(name) \
|
||||
static const ASN1_ADB_TABLE name##_adbtbl[]
|
||||
|
||||
#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
|
||||
;\
|
||||
static const ASN1_ADB name##_adb = {\
|
||||
flags,\
|
||||
offsetof(name, field),\
|
||||
app_table,\
|
||||
name##_adbtbl,\
|
||||
sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
|
||||
def,\
|
||||
none\
|
||||
}
|
||||
|
||||
#define ADB_ENTRY(val, template) {val, template}
|
||||
|
||||
#define ASN1_ADB_TEMPLATE(name) \
|
||||
static const ASN1_TEMPLATE name##_tt
|
||||
|
||||
/* This is the ASN1 template structure that defines
|
||||
* a wrapper round the actual type. It determines the
|
||||
* actual position of the field in the value structure,
|
||||
* various flags such as OPTIONAL and the field name.
|
||||
*/
|
||||
|
||||
struct ASN1_TEMPLATE_st {
|
||||
unsigned long flags; /* Various flags */
|
||||
long tag; /* tag, not used if no tagging */
|
||||
unsigned long offset; /* Offset of this field in structure */
|
||||
#ifndef NO_ASN1_FIELD_NAMES
|
||||
const char *field_name; /* Field name */
|
||||
#endif
|
||||
ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
|
||||
};
|
||||
|
||||
/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
|
||||
|
||||
#define ASN1_TEMPLATE_item(t) (t->item_ptr)
|
||||
#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
|
||||
|
||||
typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
|
||||
typedef struct ASN1_ADB_st ASN1_ADB;
|
||||
|
||||
struct ASN1_ADB_st {
|
||||
unsigned long flags; /* Various flags */
|
||||
unsigned long offset; /* Offset of selector field */
|
||||
STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
|
||||
const ASN1_ADB_TABLE *tbl; /* Table of possible types */
|
||||
long tblcount; /* Number of entries in tbl */
|
||||
const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
|
||||
const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
|
||||
};
|
||||
|
||||
struct ASN1_ADB_TABLE_st {
|
||||
long value; /* NID for an object or value for an int */
|
||||
const ASN1_TEMPLATE tt; /* item for this value */
|
||||
};
|
||||
|
||||
/* template flags */
|
||||
|
||||
/* Field is optional */
|
||||
#define ASN1_TFLG_OPTIONAL (0x1)
|
||||
|
||||
/* Field is a SET OF */
|
||||
#define ASN1_TFLG_SET_OF (0x1 << 1)
|
||||
|
||||
/* Field is a SEQUENCE OF */
|
||||
#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1)
|
||||
|
||||
/* Special case: this refers to a SET OF that
|
||||
* will be sorted into DER order when encoded *and*
|
||||
* the corresponding STACK will be modified to match
|
||||
* the new order.
|
||||
*/
|
||||
#define ASN1_TFLG_SET_ORDER (0x3 << 1)
|
||||
|
||||
/* Mask for SET OF or SEQUENCE OF */
|
||||
#define ASN1_TFLG_SK_MASK (0x3 << 1)
|
||||
|
||||
/* These flags mean the tag should be taken from the
|
||||
* tag field. If EXPLICIT then the underlying type
|
||||
* is used for the inner tag.
|
||||
*/
|
||||
|
||||
/* IMPLICIT tagging */
|
||||
#define ASN1_TFLG_IMPTAG (0x1 << 3)
|
||||
|
||||
|
||||
/* EXPLICIT tagging, inner tag from underlying type */
|
||||
#define ASN1_TFLG_EXPTAG (0x2 << 3)
|
||||
|
||||
#define ASN1_TFLG_TAG_MASK (0x3 << 3)
|
||||
|
||||
/* context specific IMPLICIT */
|
||||
#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
|
||||
|
||||
/* context specific EXPLICIT */
|
||||
#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
|
||||
|
||||
/* If tagging is in force these determine the
|
||||
* type of tag to use. Otherwise the tag is
|
||||
* determined by the underlying type. These
|
||||
* values reflect the actual octet format.
|
||||
*/
|
||||
|
||||
/* Universal tag */
|
||||
#define ASN1_TFLG_UNIVERSAL (0x0<<6)
|
||||
/* Application tag */
|
||||
#define ASN1_TFLG_APPLICATION (0x1<<6)
|
||||
/* Context specific tag */
|
||||
#define ASN1_TFLG_CONTEXT (0x2<<6)
|
||||
/* Private tag */
|
||||
#define ASN1_TFLG_PRIVATE (0x3<<6)
|
||||
|
||||
#define ASN1_TFLG_TAG_CLASS (0x3<<6)
|
||||
|
||||
/* These are for ANY DEFINED BY type. In this case
|
||||
* the 'item' field points to an ASN1_ADB structure
|
||||
* which contains a table of values to decode the
|
||||
* relevant type
|
||||
*/
|
||||
|
||||
#define ASN1_TFLG_ADB_MASK (0x3<<8)
|
||||
|
||||
#define ASN1_TFLG_ADB_OID (0x1<<8)
|
||||
|
||||
#define ASN1_TFLG_ADB_INT (0x1<<9)
|
||||
|
||||
/* This flag means a parent structure is passed
|
||||
* instead of the field: this is useful is a
|
||||
* SEQUENCE is being combined with a CHOICE for
|
||||
* example. Since this means the structure and
|
||||
* item name will differ we need to use the
|
||||
* ASN1_CHOICE_END_name() macro for example.
|
||||
*/
|
||||
|
||||
#define ASN1_TFLG_COMBINE (0x1<<10)
|
||||
|
||||
/* This flag when present in a SEQUENCE OF, SET OF
|
||||
* or EXPLICIT causes indefinite length constructed
|
||||
* encoding to be used if required.
|
||||
*/
|
||||
|
||||
#define ASN1_TFLG_NDEF (0x1<<11)
|
||||
|
||||
/* This is the actual ASN1 item itself */
|
||||
|
||||
struct ASN1_ITEM_st {
|
||||
char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */
|
||||
long utype; /* underlying type */
|
||||
const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
|
||||
long tcount; /* Number of templates if SEQUENCE or CHOICE */
|
||||
const void *funcs; /* functions that handle this type */
|
||||
long size; /* Structure size (usually)*/
|
||||
#ifndef NO_ASN1_FIELD_NAMES
|
||||
const char *sname; /* Structure name */
|
||||
#endif
|
||||
};
|
||||
|
||||
/* These are values for the itype field and
|
||||
* determine how the type is interpreted.
|
||||
*
|
||||
* For PRIMITIVE types the underlying type
|
||||
* determines the behaviour if items is NULL.
|
||||
*
|
||||
* Otherwise templates must contain a single
|
||||
* template and the type is treated in the
|
||||
* same way as the type specified in the template.
|
||||
*
|
||||
* For SEQUENCE types the templates field points
|
||||
* to the members, the size field is the
|
||||
* structure size.
|
||||
*
|
||||
* For CHOICE types the templates field points
|
||||
* to each possible member (typically a union)
|
||||
* and the 'size' field is the offset of the
|
||||
* selector.
|
||||
*
|
||||
* The 'funcs' field is used for application
|
||||
* specific functions.
|
||||
*
|
||||
* For COMPAT types the funcs field gives a
|
||||
* set of functions that handle this type, this
|
||||
* supports the old d2i, i2d convention.
|
||||
*
|
||||
* The EXTERN type uses a new style d2i/i2d.
|
||||
* The new style should be used where possible
|
||||
* because it avoids things like the d2i IMPLICIT
|
||||
* hack.
|
||||
*
|
||||
* MSTRING is a multiple string type, it is used
|
||||
* for a CHOICE of character strings where the
|
||||
* actual strings all occupy an ASN1_STRING
|
||||
* structure. In this case the 'utype' field
|
||||
* has a special meaning, it is used as a mask
|
||||
* of acceptable types using the B_ASN1 constants.
|
||||
*
|
||||
* NDEF_SEQUENCE is the same as SEQUENCE except
|
||||
* that it will use indefinite length constructed
|
||||
* encoding if requested.
|
||||
*
|
||||
*/
|
||||
|
||||
#define ASN1_ITYPE_PRIMITIVE 0x0
|
||||
|
||||
#define ASN1_ITYPE_SEQUENCE 0x1
|
||||
|
||||
#define ASN1_ITYPE_CHOICE 0x2
|
||||
|
||||
#define ASN1_ITYPE_COMPAT 0x3
|
||||
|
||||
#define ASN1_ITYPE_EXTERN 0x4
|
||||
|
||||
#define ASN1_ITYPE_MSTRING 0x5
|
||||
|
||||
#define ASN1_ITYPE_NDEF_SEQUENCE 0x6
|
||||
|
||||
/* Cache for ASN1 tag and length, so we
|
||||
* don't keep re-reading it for things
|
||||
* like CHOICE
|
||||
*/
|
||||
|
||||
struct ASN1_TLC_st{
|
||||
char valid; /* Values below are valid */
|
||||
int ret; /* return value */
|
||||
long plen; /* length */
|
||||
int ptag; /* class value */
|
||||
int pclass; /* class value */
|
||||
int hdrlen; /* header length */
|
||||
};
|
||||
|
||||
/* Typedefs for ASN1 function pointers */
|
||||
|
||||
typedef ASN1_VALUE * ASN1_new_func(void);
|
||||
typedef void ASN1_free_func(ASN1_VALUE *a);
|
||||
typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
|
||||
typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
|
||||
|
||||
typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
|
||||
int tag, int aclass, char opt, ASN1_TLC *ctx);
|
||||
|
||||
typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
|
||||
typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
|
||||
typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
|
||||
int indent, const char *fname,
|
||||
const ASN1_PCTX *pctx);
|
||||
|
||||
typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
|
||||
typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
|
||||
typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
|
||||
|
||||
typedef struct ASN1_COMPAT_FUNCS_st {
|
||||
ASN1_new_func *asn1_new;
|
||||
ASN1_free_func *asn1_free;
|
||||
ASN1_d2i_func *asn1_d2i;
|
||||
ASN1_i2d_func *asn1_i2d;
|
||||
} ASN1_COMPAT_FUNCS;
|
||||
|
||||
typedef struct ASN1_EXTERN_FUNCS_st {
|
||||
void *app_data;
|
||||
ASN1_ex_new_func *asn1_ex_new;
|
||||
ASN1_ex_free_func *asn1_ex_free;
|
||||
ASN1_ex_free_func *asn1_ex_clear;
|
||||
ASN1_ex_d2i *asn1_ex_d2i;
|
||||
ASN1_ex_i2d *asn1_ex_i2d;
|
||||
ASN1_ex_print_func *asn1_ex_print;
|
||||
} ASN1_EXTERN_FUNCS;
|
||||
|
||||
typedef struct ASN1_PRIMITIVE_FUNCS_st {
|
||||
void *app_data;
|
||||
unsigned long flags;
|
||||
ASN1_ex_new_func *prim_new;
|
||||
ASN1_ex_free_func *prim_free;
|
||||
ASN1_ex_free_func *prim_clear;
|
||||
ASN1_primitive_c2i *prim_c2i;
|
||||
ASN1_primitive_i2c *prim_i2c;
|
||||
ASN1_primitive_print *prim_print;
|
||||
} ASN1_PRIMITIVE_FUNCS;
|
||||
|
||||
/* This is the ASN1_AUX structure: it handles various
|
||||
* miscellaneous requirements. For example the use of
|
||||
* reference counts and an informational callback.
|
||||
*
|
||||
* The "informational callback" is called at various
|
||||
* points during the ASN1 encoding and decoding. It can
|
||||
* be used to provide minor customisation of the structures
|
||||
* used. This is most useful where the supplied routines
|
||||
* *almost* do the right thing but need some extra help
|
||||
* at a few points. If the callback returns zero then
|
||||
* it is assumed a fatal error has occurred and the
|
||||
* main operation should be abandoned.
|
||||
*
|
||||
* If major changes in the default behaviour are required
|
||||
* then an external type is more appropriate.
|
||||
*/
|
||||
|
||||
typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
|
||||
void *exarg);
|
||||
|
||||
typedef struct ASN1_AUX_st {
|
||||
void *app_data;
|
||||
int flags;
|
||||
int ref_offset; /* Offset of reference value */
|
||||
ASN1_aux_cb *asn1_cb;
|
||||
int enc_offset; /* Offset of ASN1_ENCODING structure */
|
||||
} ASN1_AUX;
|
||||
|
||||
/* For print related callbacks exarg points to this structure */
|
||||
typedef struct ASN1_PRINT_ARG_st {
|
||||
BIO *out;
|
||||
int indent;
|
||||
const ASN1_PCTX *pctx;
|
||||
} ASN1_PRINT_ARG;
|
||||
|
||||
/* For streaming related callbacks exarg points to this structure */
|
||||
typedef struct ASN1_STREAM_ARG_st {
|
||||
/* BIO to stream through */
|
||||
BIO *out;
|
||||
/* BIO with filters appended */
|
||||
BIO *ndef_bio;
|
||||
/* Streaming I/O boundary */
|
||||
unsigned char **boundary;
|
||||
} ASN1_STREAM_ARG;
|
||||
|
||||
/* Flags in ASN1_AUX */
|
||||
|
||||
/* Use a reference count */
|
||||
#define ASN1_AFLG_REFCOUNT 1
|
||||
/* Save the encoding of structure (useful for signatures) */
|
||||
#define ASN1_AFLG_ENCODING 2
|
||||
/* The Sequence length is invalid */
|
||||
#define ASN1_AFLG_BROKEN 4
|
||||
|
||||
/* operation values for asn1_cb */
|
||||
|
||||
#define ASN1_OP_NEW_PRE 0
|
||||
#define ASN1_OP_NEW_POST 1
|
||||
#define ASN1_OP_FREE_PRE 2
|
||||
#define ASN1_OP_FREE_POST 3
|
||||
#define ASN1_OP_D2I_PRE 4
|
||||
#define ASN1_OP_D2I_POST 5
|
||||
#define ASN1_OP_I2D_PRE 6
|
||||
#define ASN1_OP_I2D_POST 7
|
||||
#define ASN1_OP_PRINT_PRE 8
|
||||
#define ASN1_OP_PRINT_POST 9
|
||||
#define ASN1_OP_STREAM_PRE 10
|
||||
#define ASN1_OP_STREAM_POST 11
|
||||
#define ASN1_OP_DETACHED_PRE 12
|
||||
#define ASN1_OP_DETACHED_POST 13
|
||||
|
||||
/* Macro to implement a primitive type */
|
||||
#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
|
||||
#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
|
||||
ASN1_ITEM_start(itname) \
|
||||
ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
|
||||
ASN1_ITEM_end(itname)
|
||||
|
||||
/* Macro to implement a multi string type */
|
||||
#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
|
||||
ASN1_ITEM_start(itname) \
|
||||
ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
|
||||
ASN1_ITEM_end(itname)
|
||||
|
||||
/* Macro to implement an ASN1_ITEM in terms of old style funcs */
|
||||
|
||||
#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
|
||||
|
||||
#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
|
||||
static const ASN1_COMPAT_FUNCS sname##_ff = { \
|
||||
(ASN1_new_func *)sname##_new, \
|
||||
(ASN1_free_func *)sname##_free, \
|
||||
(ASN1_d2i_func *)d2i_##sname, \
|
||||
(ASN1_i2d_func *)i2d_##sname, \
|
||||
}; \
|
||||
ASN1_ITEM_start(sname) \
|
||||
ASN1_ITYPE_COMPAT, \
|
||||
tag, \
|
||||
NULL, \
|
||||
0, \
|
||||
&sname##_ff, \
|
||||
0, \
|
||||
#sname \
|
||||
ASN1_ITEM_end(sname)
|
||||
|
||||
#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
|
||||
ASN1_ITEM_start(sname) \
|
||||
ASN1_ITYPE_EXTERN, \
|
||||
tag, \
|
||||
NULL, \
|
||||
0, \
|
||||
&fptrs, \
|
||||
0, \
|
||||
#sname \
|
||||
ASN1_ITEM_end(sname)
|
||||
|
||||
/* Macro to implement standard functions in terms of ASN1_ITEM structures */
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
|
||||
IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
|
||||
|
||||
#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
|
||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
|
||||
|
||||
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
|
||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
|
||||
|
||||
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
|
||||
pre stname *fname##_new(void) \
|
||||
{ \
|
||||
return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
|
||||
} \
|
||||
pre void fname##_free(stname *a) \
|
||||
{ \
|
||||
ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
|
||||
stname *fname##_new(void) \
|
||||
{ \
|
||||
return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
|
||||
} \
|
||||
void fname##_free(stname *a) \
|
||||
{ \
|
||||
ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
|
||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
|
||||
|
||||
#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
|
||||
stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
|
||||
{ \
|
||||
return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
|
||||
} \
|
||||
int i2d_##fname(stname *a, unsigned char **out) \
|
||||
{ \
|
||||
return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
|
||||
}
|
||||
|
||||
#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
|
||||
int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
|
||||
{ \
|
||||
return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
|
||||
}
|
||||
|
||||
/* This includes evil casts to remove const: they will go away when full
|
||||
* ASN1 constification is done.
|
||||
*/
|
||||
#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
|
||||
stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
|
||||
{ \
|
||||
return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
|
||||
} \
|
||||
int i2d_##fname(const stname *a, unsigned char **out) \
|
||||
{ \
|
||||
return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
|
||||
}
|
||||
|
||||
#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
|
||||
stname * stname##_dup(stname *x) \
|
||||
{ \
|
||||
return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
|
||||
IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
|
||||
|
||||
#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
|
||||
int fname##_print_ctx(BIO *out, stname *x, int indent, \
|
||||
const ASN1_PCTX *pctx) \
|
||||
{ \
|
||||
return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
|
||||
ASN1_ITEM_rptr(itname), pctx); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
|
||||
IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
|
||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
|
||||
|
||||
/* external definitions for primitive types */
|
||||
|
||||
DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
|
||||
DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
|
||||
DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
|
||||
DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
|
||||
DECLARE_ASN1_ITEM(CBIGNUM)
|
||||
DECLARE_ASN1_ITEM(BIGNUM)
|
||||
DECLARE_ASN1_ITEM(LONG)
|
||||
DECLARE_ASN1_ITEM(ZLONG)
|
||||
|
||||
DECLARE_STACK_OF(ASN1_VALUE)
|
||||
|
||||
/* Functions used internally by the ASN1 code */
|
||||
|
||||
int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
|
||||
int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
|
||||
void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
|
||||
int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt);
|
||||
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
|
||||
int tag, int aclass, char opt, ASN1_TLC *ctx);
|
||||
|
||||
int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
|
||||
int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
|
||||
void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
|
||||
int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
|
||||
int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
|
||||
|
||||
int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
|
||||
|
||||
ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
|
||||
|
||||
const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
|
||||
|
||||
void asn1_refcount_set_one(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
int asn1_refcount_dec_and_test_zero(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
|
||||
void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
#endif
|
|
@ -0,0 +1,233 @@
|
|||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com). */
|
||||
|
||||
#ifndef OPENSSL_HEADER_BASE_H
|
||||
#define OPENSSL_HEADER_BASE_H
|
||||
|
||||
|
||||
/* This file should be the first included by all BoringSSL headers. */
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/opensslfeatures.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64)
|
||||
#define OPENSSL_64_BIT
|
||||
#define OPENSSL_X86_64
|
||||
#elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86)
|
||||
#define OPENSSL_32_BIT
|
||||
#define OPENSSL_X86
|
||||
#elif defined(__aarch64__)
|
||||
#define OPENSSL_64_BIT
|
||||
#define OPENSSL_AARCH64
|
||||
#elif defined(__arm) || defined(__arm__) || defined(_M_ARM)
|
||||
#define OPENSSL_32_BIT
|
||||
#define OPENSSL_ARM
|
||||
#elif defined(__aarch64__)
|
||||
#define OPENSSL_64_BIT
|
||||
#define OPENSSL_AARCH64
|
||||
#elif defined(__mips__) && !defined(__LP64__)
|
||||
#define OPENSSL_32_BIT
|
||||
#define OPENSSL_MIPS
|
||||
#elif defined(__mips__) && defined(__LP64__)
|
||||
#define OPENSSL_64_BIT
|
||||
#define OPENSSL_MIPS64
|
||||
#elif defined(__pnacl__)
|
||||
#define OPENSSL_32_BIT
|
||||
#define OPENSSL_PNACL
|
||||
#else
|
||||
#error "Unknown target CPU"
|
||||
#endif
|
||||
|
||||
#if defined(__APPLE__)
|
||||
#define OPENSSL_APPLE
|
||||
#endif
|
||||
|
||||
#if defined(WIN32) || defined(_WIN32)
|
||||
#define OPENSSL_WINDOWS
|
||||
#endif
|
||||
|
||||
#if defined(TRUSTY)
|
||||
#define OPENSSL_TRUSTY
|
||||
#define OPENSSL_NO_THREADS
|
||||
#endif
|
||||
|
||||
#define OPENSSL_IS_BORINGSSL
|
||||
#define OPENSSL_VERSION_NUMBER 0x10002000
|
||||
|
||||
#if defined(BORINGSSL_SHARED_LIBRARY)
|
||||
|
||||
#if defined(OPENSSL_WINDOWS)
|
||||
|
||||
#if defined(BORINGSSL_IMPLEMENTATION)
|
||||
#define OPENSSL_EXPORT __declspec(dllexport)
|
||||
#else
|
||||
#define OPENSSL_EXPORT __declspec(dllimport)
|
||||
#endif
|
||||
|
||||
#else /* defined(OPENSSL_WINDOWS) */
|
||||
|
||||
#if defined(BORINGSSL_IMPLEMENTATION)
|
||||
#define OPENSSL_EXPORT __attribute__((visibility("default")))
|
||||
#else
|
||||
#define OPENSSL_EXPORT
|
||||
#endif
|
||||
|
||||
#endif /* defined(OPENSSL_WINDOWS) */
|
||||
|
||||
#else /* defined(BORINGSSL_SHARED_LIBRARY) */
|
||||
|
||||
#define OPENSSL_EXPORT
|
||||
|
||||
#endif /* defined(BORINGSSL_SHARED_LIBRARY) */
|
||||
|
||||
/* CRYPTO_THREADID is a dummy value. */
|
||||
typedef int CRYPTO_THREADID;
|
||||
|
||||
typedef int ASN1_BOOLEAN;
|
||||
typedef int ASN1_NULL;
|
||||
typedef struct ASN1_ITEM_st ASN1_ITEM;
|
||||
typedef struct asn1_object_st ASN1_OBJECT;
|
||||
typedef struct asn1_pctx_st ASN1_PCTX;
|
||||
typedef struct asn1_string_st ASN1_BIT_STRING;
|
||||
typedef struct asn1_string_st ASN1_BMPSTRING;
|
||||
typedef struct asn1_string_st ASN1_ENUMERATED;
|
||||
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
|
||||
typedef struct asn1_string_st ASN1_GENERALSTRING;
|
||||
typedef struct asn1_string_st ASN1_IA5STRING;
|
||||
typedef struct asn1_string_st ASN1_INTEGER;
|
||||
typedef struct asn1_string_st ASN1_OCTET_STRING;
|
||||
typedef struct asn1_string_st ASN1_PRINTABLESTRING;
|
||||
typedef struct asn1_string_st ASN1_STRING;
|
||||
typedef struct asn1_string_st ASN1_T61STRING;
|
||||
typedef struct asn1_string_st ASN1_TIME;
|
||||
typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
|
||||
typedef struct asn1_string_st ASN1_UTCTIME;
|
||||
typedef struct asn1_string_st ASN1_UTF8STRING;
|
||||
typedef struct asn1_string_st ASN1_VISIBLESTRING;
|
||||
|
||||
typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
|
||||
typedef struct DIST_POINT_st DIST_POINT;
|
||||
typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
|
||||
typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
|
||||
typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
|
||||
typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
|
||||
typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
|
||||
typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
|
||||
typedef struct X509_algor_st X509_ALGOR;
|
||||
typedef struct X509_crl_st X509_CRL;
|
||||
typedef struct X509_pubkey_st X509_PUBKEY;
|
||||
typedef struct bignum_ctx BN_CTX;
|
||||
typedef struct bignum_st BIGNUM;
|
||||
typedef struct bio_method_st BIO_METHOD;
|
||||
typedef struct bio_st BIO;
|
||||
typedef struct bn_gencb_st BN_GENCB;
|
||||
typedef struct bn_mont_ctx_st BN_MONT_CTX;
|
||||
typedef struct buf_mem_st BUF_MEM;
|
||||
typedef struct cbb_st CBB;
|
||||
typedef struct cbs_st CBS;
|
||||
typedef struct cmac_ctx_st CMAC_CTX;
|
||||
typedef struct conf_st CONF;
|
||||
typedef struct conf_value_st CONF_VALUE;
|
||||
typedef struct dh_method DH_METHOD;
|
||||
typedef struct dh_st DH;
|
||||
typedef struct dsa_method DSA_METHOD;
|
||||
typedef struct dsa_st DSA;
|
||||
typedef struct ec_key_st EC_KEY;
|
||||
typedef struct ecdsa_method_st ECDSA_METHOD;
|
||||
typedef struct ecdsa_sig_st ECDSA_SIG;
|
||||
typedef struct engine_st ENGINE;
|
||||
typedef struct env_md_ctx_st EVP_MD_CTX;
|
||||
typedef struct env_md_st EVP_MD;
|
||||
typedef struct evp_aead_st EVP_AEAD;
|
||||
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
|
||||
typedef struct evp_cipher_st EVP_CIPHER;
|
||||
typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
|
||||
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
|
||||
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
|
||||
typedef struct evp_pkey_st EVP_PKEY;
|
||||
typedef struct hmac_ctx_st HMAC_CTX;
|
||||
typedef struct md4_state_st MD4_CTX;
|
||||
typedef struct md5_state_st MD5_CTX;
|
||||
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
|
||||
typedef struct pkcs12_st PKCS12;
|
||||
typedef struct rand_meth_st RAND_METHOD;
|
||||
typedef struct rc4_key_st RC4_KEY;
|
||||
typedef struct rsa_meth_st RSA_METHOD;
|
||||
typedef struct rsa_st RSA;
|
||||
typedef struct sha256_state_st SHA256_CTX;
|
||||
typedef struct sha512_state_st SHA512_CTX;
|
||||
typedef struct sha_state_st SHA_CTX;
|
||||
typedef struct ssl_ctx_st SSL_CTX;
|
||||
typedef struct ssl_st SSL;
|
||||
typedef struct st_ERR_FNS ERR_FNS;
|
||||
typedef struct v3_ext_ctx X509V3_CTX;
|
||||
typedef struct x509_crl_method_st X509_CRL_METHOD;
|
||||
typedef struct x509_revoked_st X509_REVOKED;
|
||||
typedef struct x509_st X509;
|
||||
typedef struct x509_store_ctx_st X509_STORE_CTX;
|
||||
typedef struct x509_store_st X509_STORE;
|
||||
typedef void *OPENSSL_BLOCK;
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_BASE_H */
|
|
@ -0,0 +1,179 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_BASE64_H
|
||||
#define OPENSSL_HEADER_BASE64_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* base64 functions.
|
||||
*
|
||||
* For historical reasons, these functions have the EVP_ prefix but just do
|
||||
* base64 encoding and decoding. */
|
||||
|
||||
|
||||
typedef struct evp_encode_ctx_st EVP_ENCODE_CTX;
|
||||
|
||||
|
||||
/* Encoding */
|
||||
|
||||
/* EVP_EncodeInit initialises |*ctx|, which is typically stack
|
||||
* allocated, for an encoding operation.
|
||||
*
|
||||
* NOTE: The encoding operation breaks its output with newlines every
|
||||
* 64 characters of output (48 characters of input). Use
|
||||
* EVP_EncodeBlock to encode raw base64. */
|
||||
OPENSSL_EXPORT void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
|
||||
|
||||
/* EVP_EncodeUpdate encodes |in_len| bytes from |in| and writes an encoded
|
||||
* version of them to |out| and sets |*out_len| to the number of bytes written.
|
||||
* Some state may be contained in |ctx| so |EVP_EncodeFinal| must be used to
|
||||
* flush it before using the encoded data. */
|
||||
OPENSSL_EXPORT void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out,
|
||||
int *out_len, const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
/* EVP_EncodeFinal flushes any remaining output bytes from |ctx| to |out| and
|
||||
* sets |*out_len| to the number of bytes written. */
|
||||
OPENSSL_EXPORT void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
/* EVP_EncodeBlock encodes |src_len| bytes from |src| and writes the
|
||||
* result to |dst| with a trailing NUL. It returns the number of bytes
|
||||
* written, not including this trailing NUL. */
|
||||
OPENSSL_EXPORT size_t EVP_EncodeBlock(uint8_t *dst, const uint8_t *src,
|
||||
size_t src_len);
|
||||
|
||||
/* EVP_EncodedLength sets |*out_len| to the number of bytes that will be needed
|
||||
* to call |EVP_EncodeBlock| on an input of length |len|. This includes the
|
||||
* final NUL that |EVP_EncodeBlock| writes. It returns one on success or zero
|
||||
* on error. */
|
||||
OPENSSL_EXPORT int EVP_EncodedLength(size_t *out_len, size_t len);
|
||||
|
||||
|
||||
/* Decoding */
|
||||
|
||||
/* EVP_DecodedLength sets |*out_len| to the maximum number of bytes
|
||||
* that will be needed to call |EVP_DecodeBase64| on an input of
|
||||
* length |len|. */
|
||||
OPENSSL_EXPORT int EVP_DecodedLength(size_t *out_len, size_t len);
|
||||
|
||||
/* EVP_DecodeBase64 decodes |in_len| bytes from base64 and writes
|
||||
* |*out_len| bytes to |out|. |max_out| is the size of the output
|
||||
* buffer. If it is not enough for the maximum output size, the
|
||||
* operation fails. */
|
||||
OPENSSL_EXPORT int EVP_DecodeBase64(uint8_t *out, size_t *out_len,
|
||||
size_t max_out, const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
/* EVP_DecodeInit initialises |*ctx|, which is typically stack allocated, for
|
||||
* a decoding operation.
|
||||
*
|
||||
* TODO(davidben): This isn't a straight-up base64 decode either. Document
|
||||
* and/or fix exactly what's going on here; maximum line length and such. */
|
||||
OPENSSL_EXPORT void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
|
||||
|
||||
/* EVP_DecodeUpdate decodes |in_len| bytes from |in| and writes the decoded
|
||||
* data to |out| and sets |*out_len| to the number of bytes written. Some state
|
||||
* may be contained in |ctx| so |EVP_DecodeFinal| must be used to flush it
|
||||
* before using the encoded data.
|
||||
*
|
||||
* It returns -1 on error, one if a full line of input was processed and zero
|
||||
* if the line was short (i.e. it was the last line). */
|
||||
OPENSSL_EXPORT int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out,
|
||||
int *out_len, const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
/* EVP_DecodeFinal flushes any remaining output bytes from |ctx| to |out| and
|
||||
* sets |*out_len| to the number of bytes written. It returns one on success
|
||||
* and minus one on error. */
|
||||
OPENSSL_EXPORT int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
/* Deprecated: EVP_DecodeBlock encodes |src_len| bytes from |src| and
|
||||
* writes the result to |dst|. It returns the number of bytes written
|
||||
* or -1 on error.
|
||||
*
|
||||
* WARNING: EVP_DecodeBlock's return value does not take padding into
|
||||
* account. It also strips leading whitespace and trailing
|
||||
* whitespace. */
|
||||
OPENSSL_EXPORT int EVP_DecodeBlock(uint8_t *dst, const uint8_t *src,
|
||||
size_t src_len);
|
||||
|
||||
|
||||
struct evp_encode_ctx_st {
|
||||
unsigned num; /* number saved in a partial encode/decode */
|
||||
unsigned length; /* The length is either the output line length
|
||||
* (in input bytes) or the shortest input line
|
||||
* length that is ok. Once decoding begins,
|
||||
* the length is adjusted up each time a longer
|
||||
* line is decoded */
|
||||
uint8_t enc_data[80]; /* data to encode */
|
||||
unsigned line_num; /* number read on current line */
|
||||
int expect_nl;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_BASE64_H */
|
|
@ -0,0 +1,910 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_BIO_H
|
||||
#define OPENSSL_HEADER_BIO_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <stdio.h> /* For FILE */
|
||||
|
||||
#include <openssl/err.h> /* for ERR_print_errors_fp */
|
||||
#include <openssl/ex_data.h>
|
||||
#include <openssl/stack.h>
|
||||
#include <openssl/thread.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* BIO abstracts over a file-descriptor like interface. */
|
||||
|
||||
|
||||
/* Allocation and freeing. */
|
||||
|
||||
DEFINE_STACK_OF(BIO);
|
||||
|
||||
/* BIO_new creates a new BIO with the given type and a reference count of one.
|
||||
* It returns the fresh |BIO|, or NULL on error. */
|
||||
OPENSSL_EXPORT BIO *BIO_new(const BIO_METHOD *type);
|
||||
|
||||
/* BIO_free decrements the reference count of |bio|. If the reference count
|
||||
* drops to zero, it (optionally) calls the BIO's callback with |BIO_CB_FREE|,
|
||||
* frees the ex_data and then, if the BIO has a destroy callback for the
|
||||
* method, calls it. Finally it frees |bio| itself. It then repeats that for
|
||||
* the next BIO in the chain, if any.
|
||||
*
|
||||
* It returns one on success or zero otherwise. */
|
||||
OPENSSL_EXPORT int BIO_free(BIO *bio);
|
||||
|
||||
/* BIO_vfree performs the same actions as |BIO_free|, but has a void return
|
||||
* value. This is provided for API-compat.
|
||||
*
|
||||
* TODO(fork): remove. */
|
||||
OPENSSL_EXPORT void BIO_vfree(BIO *bio);
|
||||
|
||||
/* BIO_up_ref increments the reference count of |bio| and returns it. */
|
||||
OPENSSL_EXPORT BIO *BIO_up_ref(BIO *bio);
|
||||
|
||||
|
||||
/* Basic I/O. */
|
||||
|
||||
/* BIO_read attempts to read |len| bytes into |data|. It returns the number of
|
||||
* bytes read, zero on EOF, or a negative number on error. */
|
||||
OPENSSL_EXPORT int BIO_read(BIO *bio, void *data, int len);
|
||||
|
||||
/* BIO_gets "reads a line" from |bio| and puts at most |size| bytes into |buf|.
|
||||
* It returns the number of bytes read or a negative number on error. The
|
||||
* phrase "reads a line" is in quotes in the previous sentence because the
|
||||
* exact operation depends on the BIO's method. For example, a digest BIO will
|
||||
* return the digest in response to a |BIO_gets| call.
|
||||
*
|
||||
* TODO(fork): audit the set of BIOs that we end up needing. If all actually
|
||||
* return a line for this call, remove the warning above. */
|
||||
OPENSSL_EXPORT int BIO_gets(BIO *bio, char *buf, int size);
|
||||
|
||||
/* BIO_write writes |len| bytes from |data| to BIO. It returns the number of
|
||||
* bytes written or a negative number on error. */
|
||||
OPENSSL_EXPORT int BIO_write(BIO *bio, const void *data, int len);
|
||||
|
||||
/* BIO_puts writes a NUL terminated string from |buf| to |bio|. It returns the
|
||||
* number of bytes written or a negative number on error. */
|
||||
OPENSSL_EXPORT int BIO_puts(BIO *bio, const char *buf);
|
||||
|
||||
/* BIO_flush flushes any buffered output. It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int BIO_flush(BIO *bio);
|
||||
|
||||
|
||||
/* Low-level control functions.
|
||||
*
|
||||
* These are generic functions for sending control requests to a BIO. In
|
||||
* general one should use the wrapper functions like |BIO_get_close|. */
|
||||
|
||||
/* BIO_ctrl sends the control request |cmd| to |bio|. The |cmd| argument should
|
||||
* be one of the |BIO_C_*| values. */
|
||||
OPENSSL_EXPORT long BIO_ctrl(BIO *bio, int cmd, long larg, void *parg);
|
||||
|
||||
/* BIO_ptr_ctrl acts like |BIO_ctrl| but passes the address of a |void*|
|
||||
* pointer as |parg| and returns the value that is written to it, or NULL if
|
||||
* the control request returns <= 0. */
|
||||
OPENSSL_EXPORT char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
|
||||
|
||||
/* BIO_int_ctrl acts like |BIO_ctrl| but passes the address of a copy of |iarg|
|
||||
* as |parg|. */
|
||||
OPENSSL_EXPORT long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
|
||||
|
||||
/* BIO_reset resets |bio| to its initial state, the precise meaning of which
|
||||
* depends on the concrete type of |bio|. It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int BIO_reset(BIO *bio);
|
||||
|
||||
/* BIO_set_flags ORs |flags| with |bio->flags|. */
|
||||
OPENSSL_EXPORT void BIO_set_flags(BIO *bio, int flags);
|
||||
|
||||
/* BIO_test_flags returns |bio->flags| AND |flags|. */
|
||||
OPENSSL_EXPORT int BIO_test_flags(const BIO *bio, int flags);
|
||||
|
||||
/* BIO_should_read returns non-zero if |bio| encountered a temporary error
|
||||
* while reading (i.e. EAGAIN), indicating that the caller should retry the
|
||||
* read. */
|
||||
OPENSSL_EXPORT int BIO_should_read(const BIO *bio);
|
||||
|
||||
/* BIO_should_write returns non-zero if |bio| encountered a temporary error
|
||||
* while writing (i.e. EAGAIN), indicating that the caller should retry the
|
||||
* write. */
|
||||
OPENSSL_EXPORT int BIO_should_write(const BIO *bio);
|
||||
|
||||
/* BIO_should_retry returns non-zero if the reason that caused a failed I/O
|
||||
* operation is temporary and thus the operation should be retried. Otherwise,
|
||||
* it was a permanent error and it returns zero. */
|
||||
OPENSSL_EXPORT int BIO_should_retry(const BIO *bio);
|
||||
|
||||
/* BIO_should_io_special returns non-zero if |bio| encountered a temporary
|
||||
* error while performing a special I/O operation, indicating that the caller
|
||||
* should retry. The operation that caused the error is returned by
|
||||
* |BIO_get_retry_reason|. */
|
||||
OPENSSL_EXPORT int BIO_should_io_special(const BIO *bio);
|
||||
|
||||
/* BIO_RR_SSL_X509_LOOKUP indicates that an SSL BIO blocked because the SSL
|
||||
* library returned with SSL_ERROR_WANT_X509_LOOKUP.
|
||||
*
|
||||
* TODO(fork): remove. */
|
||||
#define BIO_RR_SSL_X509_LOOKUP 0x01
|
||||
|
||||
/* BIO_RR_CONNECT indicates that a connect would have blocked */
|
||||
#define BIO_RR_CONNECT 0x02
|
||||
|
||||
/* BIO_RR_ACCEPT indicates that an accept would have blocked */
|
||||
#define BIO_RR_ACCEPT 0x03
|
||||
|
||||
/* BIO_RR_SSL_CHANNEL_ID_LOOKUP indicates that the ChannelID code cannot find
|
||||
* a private key for a TLS connection. */
|
||||
#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04
|
||||
|
||||
/* BIO_get_retry_reason returns the special I/O operation that needs to be
|
||||
* retried. The return value is one of the |BIO_RR_*| values. */
|
||||
OPENSSL_EXPORT int BIO_get_retry_reason(const BIO *bio);
|
||||
|
||||
/* BIO_clear_flags ANDs |bio->flags| with the bitwise-complement of |flags|. */
|
||||
OPENSSL_EXPORT void BIO_clear_flags(BIO *bio, int flags);
|
||||
|
||||
/* BIO_set_retry_read sets the |BIO_FLAGS_READ| and |BIO_FLAGS_SHOULD_RETRY|
|
||||
* flags on |bio|. */
|
||||
OPENSSL_EXPORT void BIO_set_retry_read(BIO *bio);
|
||||
|
||||
/* BIO_set_retry_read sets the |BIO_FLAGS_WRITE| and |BIO_FLAGS_SHOULD_RETRY|
|
||||
* flags on |bio|. */
|
||||
OPENSSL_EXPORT void BIO_set_retry_write(BIO *bio);
|
||||
|
||||
/* BIO_get_retry_flags gets the |BIO_FLAGS_READ|, |BIO_FLAGS_WRITE|,
|
||||
* |BIO_FLAGS_IO_SPECIAL| and |BIO_FLAGS_SHOULD_RETRY| flags from |bio|. */
|
||||
OPENSSL_EXPORT int BIO_get_retry_flags(BIO *bio);
|
||||
|
||||
/* BIO_clear_retry_flags clears the |BIO_FLAGS_READ|, |BIO_FLAGS_WRITE|,
|
||||
* |BIO_FLAGS_IO_SPECIAL| and |BIO_FLAGS_SHOULD_RETRY| flags from |bio|. */
|
||||
OPENSSL_EXPORT void BIO_clear_retry_flags(BIO *bio);
|
||||
|
||||
/* BIO_method_type returns the type of |bio|, which is one of the |BIO_TYPE_*|
|
||||
* values. */
|
||||
OPENSSL_EXPORT int BIO_method_type(const BIO *bio);
|
||||
|
||||
/* bio_info_cb is the type of a callback function that can be called for most
|
||||
* BIO operations. The |event| argument is one of |BIO_CB_*| and can be ORed
|
||||
* with |BIO_CB_RETURN| if the callback is being made after the operation in
|
||||
* question. In that case, |return_value| will contain the return value from
|
||||
* the operation. */
|
||||
typedef long (*bio_info_cb)(BIO *bio, int event, const char *parg, int cmd,
|
||||
long larg, long return_value);
|
||||
|
||||
/* BIO_callback_ctrl allows the callback function to be manipulated. The |cmd|
|
||||
* arg will generally be |BIO_CTRL_SET_CALLBACK| but arbitary command values
|
||||
* can be interpreted by the |BIO|. */
|
||||
OPENSSL_EXPORT long BIO_callback_ctrl(BIO *bio, int cmd, bio_info_cb fp);
|
||||
|
||||
/* BIO_pending returns the number of bytes pending to be read. */
|
||||
OPENSSL_EXPORT size_t BIO_pending(const BIO *bio);
|
||||
|
||||
/* BIO_ctrl_pending calls |BIO_pending| and exists only for compatibility with
|
||||
* OpenSSL. */
|
||||
OPENSSL_EXPORT size_t BIO_ctrl_pending(const BIO *bio);
|
||||
|
||||
/* BIO_wpending returns the number of bytes pending to be written. */
|
||||
OPENSSL_EXPORT size_t BIO_wpending(const BIO *bio);
|
||||
|
||||
/* BIO_set_close sets the close flag for |bio|. The meaning of which depends on
|
||||
* the type of |bio| but, for example, a memory BIO interprets the close flag
|
||||
* as meaning that it owns its buffer. It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int BIO_set_close(BIO *bio, int close_flag);
|
||||
|
||||
/* BIO_set_callback sets a callback function that will be called before and
|
||||
* after most operations. See the comment above |bio_info_cb|. */
|
||||
OPENSSL_EXPORT void BIO_set_callback(BIO *bio, bio_info_cb callback_func);
|
||||
|
||||
/* BIO_set_callback_arg sets the opaque pointer value that can be read within a
|
||||
* callback with |BIO_get_callback_arg|. */
|
||||
OPENSSL_EXPORT void BIO_set_callback_arg(BIO *bio, char *arg);
|
||||
|
||||
/* BIO_get_callback_arg returns the last value of the opaque callback pointer
|
||||
* set by |BIO_set_callback_arg|. */
|
||||
OPENSSL_EXPORT char *BIO_get_callback_arg(const BIO *bio);
|
||||
|
||||
/* BIO_number_read returns the number of bytes that have been read from
|
||||
* |bio|. */
|
||||
OPENSSL_EXPORT size_t BIO_number_read(const BIO *bio);
|
||||
|
||||
/* BIO_number_written returns the number of bytes that have been written to
|
||||
* |bio|. */
|
||||
OPENSSL_EXPORT size_t BIO_number_written(const BIO *bio);
|
||||
|
||||
|
||||
/* Managing chains of BIOs.
|
||||
*
|
||||
* BIOs can be put into chains where the output of one is used as the input of
|
||||
* the next etc. The most common case is a buffering BIO, which accepts and
|
||||
* buffers writes until flushed into the next BIO in the chain. */
|
||||
|
||||
/* BIO_push adds |appended_bio| to the end of the chain with |bio| at the head.
|
||||
* It returns |bio|. Note that |appended_bio| may be the head of a chain itself
|
||||
* and thus this function can be used to join two chains.
|
||||
*
|
||||
* BIO_push takes ownership of the caller's reference to |appended_bio|. */
|
||||
OPENSSL_EXPORT BIO *BIO_push(BIO *bio, BIO *appended_bio);
|
||||
|
||||
/* BIO_pop removes |bio| from the head of a chain and returns the next BIO in
|
||||
* the chain, or NULL if there is no next BIO.
|
||||
*
|
||||
* The caller takes ownership of the chain's reference to |bio|. */
|
||||
OPENSSL_EXPORT BIO *BIO_pop(BIO *bio);
|
||||
|
||||
/* BIO_next returns the next BIO in the chain after |bio|, or NULL if there is
|
||||
* no such BIO. */
|
||||
OPENSSL_EXPORT BIO *BIO_next(BIO *bio);
|
||||
|
||||
/* BIO_free_all calls |BIO_free|.
|
||||
*
|
||||
* TODO(fork): update callers and remove. */
|
||||
OPENSSL_EXPORT void BIO_free_all(BIO *bio);
|
||||
|
||||
/* BIO_find_type walks a chain of BIOs and returns the first that matches
|
||||
* |type|, which is one of the |BIO_TYPE_*| values. */
|
||||
OPENSSL_EXPORT BIO *BIO_find_type(BIO *bio, int type);
|
||||
|
||||
/* BIO_copy_next_retry sets the retry flags and |retry_reason| of |bio| from
|
||||
* the next BIO in the chain. */
|
||||
OPENSSL_EXPORT void BIO_copy_next_retry(BIO *bio);
|
||||
|
||||
|
||||
/* Printf functions.
|
||||
*
|
||||
* These functions are versions of printf functions that output to a BIO rather
|
||||
* than a FILE. */
|
||||
#ifdef __GNUC__
|
||||
#define __bio_h__attr__ __attribute__
|
||||
#else
|
||||
#define __bio_h__attr__(x)
|
||||
#endif
|
||||
OPENSSL_EXPORT int BIO_printf(BIO *bio, const char *format, ...)
|
||||
__bio_h__attr__((__format__(__printf__, 2, 3)));
|
||||
#undef __bio_h__attr__
|
||||
|
||||
|
||||
/* Utility functions. */
|
||||
|
||||
/* BIO_indent prints min(|indent|, |max_indent|) spaces. It returns one on
|
||||
* success and zero otherwise. */
|
||||
OPENSSL_EXPORT int BIO_indent(BIO *bio, unsigned indent, unsigned max_indent);
|
||||
|
||||
/* BIO_hexdump writes a hex dump of |data| to |bio|. Each line will be indented
|
||||
* by |indent| spaces. */
|
||||
OPENSSL_EXPORT int BIO_hexdump(BIO *bio, const uint8_t *data, size_t len,
|
||||
unsigned indent);
|
||||
|
||||
/* BIO_print_errors prints the current contents of the error stack to |bio|
|
||||
* using human readable strings where possible. */
|
||||
OPENSSL_EXPORT void BIO_print_errors(BIO *bio);
|
||||
|
||||
/* BIO_read_asn1 reads a single ASN.1 object from |bio|. If successful it sets
|
||||
* |*out| to be an allocated buffer (that should be freed with |OPENSSL_free|),
|
||||
* |*out_size| to the length, in bytes, of that buffer and returns one.
|
||||
* Otherwise it returns zero.
|
||||
*
|
||||
* If the length of the object is greater than |max_len| or 2^32 then the
|
||||
* function will fail. Long-form tags are not supported. If the length of the
|
||||
* object is indefinite the full contents of |bio| are read, unless it would be
|
||||
* greater than |max_len|, in which case the function fails.
|
||||
*
|
||||
* If the function fails then some unknown amount of data may have been read
|
||||
* from |bio|. */
|
||||
OPENSSL_EXPORT int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len,
|
||||
size_t max_len);
|
||||
|
||||
|
||||
/* Memory BIOs.
|
||||
*
|
||||
* Memory BIOs can be used as a read-only source (with |BIO_new_mem_buf|) or a
|
||||
* writable sink (with |BIO_new|, |BIO_s_mem| and |BIO_get_mem_buf|). Data
|
||||
* written to a writable, memory BIO can be recalled by reading from it.
|
||||
*
|
||||
* Calling |BIO_reset| on a read-only BIO resets it to the original contents.
|
||||
* On a writable BIO, it clears any data.
|
||||
*
|
||||
* If the close flag is set to |BIO_NOCLOSE| (not the default) then the
|
||||
* underlying |BUF_MEM| will not be freed when the |BIO| is freed.
|
||||
*
|
||||
* Memory BIOs support |BIO_gets| and |BIO_puts|.
|
||||
*
|
||||
* |BIO_eof| is true if no data is in the BIO.
|
||||
*
|
||||
* |BIO_ctrl_pending| returns the number of bytes currently stored. */
|
||||
|
||||
/* BIO_s_mem returns a |BIO_METHOD| that uses a in-memory buffer. */
|
||||
OPENSSL_EXPORT const BIO_METHOD *BIO_s_mem(void);
|
||||
|
||||
/* BIO_new_mem_buf creates BIO that reads and writes from |len| bytes at |buf|.
|
||||
* It does not take ownership of |buf|. It returns the BIO or NULL on error.
|
||||
*
|
||||
* If |len| is negative, then |buf| is treated as a NUL-terminated string, but
|
||||
* don't depend on this in new code. */
|
||||
OPENSSL_EXPORT BIO *BIO_new_mem_buf(void *buf, int len);
|
||||
|
||||
/* BIO_mem_contents sets |*out_contents| to point to the current contents of
|
||||
* |bio| and |*out_len| to contain the length of that data. It returns one on
|
||||
* success and zero otherwise. */
|
||||
OPENSSL_EXPORT int BIO_mem_contents(const BIO *bio,
|
||||
const uint8_t **out_contents,
|
||||
size_t *out_len);
|
||||
|
||||
/* BIO_get_mem_data sets |*contents| to point to the current contents of |bio|
|
||||
* and returns the length of the data.
|
||||
*
|
||||
* WARNING: don't use this, use |BIO_mem_contents|. A return value of zero from
|
||||
* this function can mean either that it failed or that the memory buffer is
|
||||
* empty. */
|
||||
OPENSSL_EXPORT long BIO_get_mem_data(BIO *bio, char **contents);
|
||||
|
||||
/* BIO_get_mem_ptr sets |*out| to a BUF_MEM containing the current contents of
|
||||
* |bio|. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int BIO_get_mem_ptr(BIO *bio, BUF_MEM **out);
|
||||
|
||||
/* BIO_set_mem_buf sets |b| as the contents of |bio|. If |take_ownership| is
|
||||
* non-zero, then |b| will be freed when |bio| is closed. Returns one on
|
||||
* success or zero otherwise. */
|
||||
OPENSSL_EXPORT int BIO_set_mem_buf(BIO *bio, BUF_MEM *b, int take_ownership);
|
||||
|
||||
/* BIO_set_mem_eof_return sets the value that will be returned from reading
|
||||
* |bio| when empty. If |eof_value| is zero then an empty memory BIO will
|
||||
* return EOF (that is it will return zero and |BIO_should_retry| will be
|
||||
* false). If |eof_value| is non zero then it will return |eof_value| when it
|
||||
* is empty and it will set the read retry flag (that is |BIO_read_retry| is
|
||||
* true). To avoid ambiguity with a normal positive return value, |eof_value|
|
||||
* should be set to a negative value, typically -1.
|
||||
*
|
||||
* For a read-only BIO, the default is zero (EOF). For a writable BIO, the
|
||||
* default is -1 so that additional data can be written once exhausted. */
|
||||
OPENSSL_EXPORT int BIO_set_mem_eof_return(BIO *bio, int eof_value);
|
||||
|
||||
|
||||
/* File descriptor BIOs.
|
||||
*
|
||||
* File descriptor BIOs are wrappers around the system's |read| and |write|
|
||||
* functions. If the close flag is set then then |close| is called on the
|
||||
* underlying file descriptor when the BIO is freed.
|
||||
*
|
||||
* |BIO_reset| attempts to seek the file pointer to the start of file using
|
||||
* |lseek|.
|
||||
*
|
||||
* |BIO_seek| sets the file pointer to position |off| from start of file using
|
||||
* |lseek|.
|
||||
*
|
||||
* |BIO_tell| returns the current file position. */
|
||||
|
||||
/* BIO_s_fd returns a |BIO_METHOD| for file descriptor fds. */
|
||||
OPENSSL_EXPORT const BIO_METHOD *BIO_s_fd(void);
|
||||
|
||||
/* BIO_new_fd creates a new file descriptor BIO wrapping |fd|. If |close_flag|
|
||||
* is non-zero, then |fd| will be closed when the BIO is. */
|
||||
OPENSSL_EXPORT BIO *BIO_new_fd(int fd, int close_flag);
|
||||
|
||||
/* BIO_set_fd sets the file descriptor of |bio| to |fd|. If |close_flag| is
|
||||
* non-zero then |fd| will be closed when |bio| is. It returns one on success
|
||||
* or zero on error. */
|
||||
OPENSSL_EXPORT int BIO_set_fd(BIO *bio, int fd, int close_flag);
|
||||
|
||||
/* BIO_get_fd sets |*out_fd| to the file descriptor currently in use by |bio|.
|
||||
* It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int BIO_get_fd(BIO *bio, int *out_fd);
|
||||
|
||||
|
||||
/* File BIOs.
|
||||
*
|
||||
* File BIOs are wrappers around a C |FILE| object.
|
||||
*
|
||||
* |BIO_flush| on a file BIO calls |fflush| on the wrapped stream.
|
||||
*
|
||||
* |BIO_reset| attempts to seek the file pointer to the start of file using
|
||||
* |fseek|.
|
||||
*
|
||||
* |BIO_seek| sets the file pointer to the given position from the start of
|
||||
* file using |fseek|.
|
||||
*
|
||||
* |BIO_eof| calls |feof|.
|
||||
*
|
||||
* Setting the close flag causes |fclose| to be called on the stream when the
|
||||
* BIO is freed. */
|
||||
|
||||
/* BIO_s_file returns a BIO_METHOD that wraps a |FILE|. */
|
||||
OPENSSL_EXPORT const BIO_METHOD *BIO_s_file(void);
|
||||
|
||||
/* BIO_new_file creates a file BIO by opening |filename| with the given mode.
|
||||
* See the |fopen| manual page for details of the mode argument. */
|
||||
OPENSSL_EXPORT BIO *BIO_new_file(const char *filename, const char *mode);
|
||||
|
||||
/* BIO_new_fp creates a new file BIO that wraps the given |FILE|. If
|
||||
* |close_flag| is |BIO_CLOSE|, then |fclose| will be called on |stream| when
|
||||
* the BIO is closed. */
|
||||
OPENSSL_EXPORT BIO *BIO_new_fp(FILE *stream, int close_flag);
|
||||
|
||||
/* BIO_get_fp sets |*out_file| to the current |FILE| for |bio|. It returns one
|
||||
* on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int BIO_get_fp(BIO *bio, FILE **out_file);
|
||||
|
||||
/* BIO_set_fp sets the |FILE| for |bio|. If |close_flag| is |BIO_CLOSE| then
|
||||
* |fclose| will be called on |file| when |bio| is closed. It returns one on
|
||||
* sucess and zero otherwise. */
|
||||
OPENSSL_EXPORT int BIO_set_fp(BIO *bio, FILE *file, int close_flag);
|
||||
|
||||
/* BIO_read_filename opens |filename| for reading and sets the result as the
|
||||
* |FILE| for |bio|. It returns one on success and zero otherwise. The |FILE|
|
||||
* will be closed when |bio| is freed. */
|
||||
OPENSSL_EXPORT int BIO_read_filename(BIO *bio, const char *filename);
|
||||
|
||||
/* BIO_write_filename opens |filename| for writing and sets the result as the
|
||||
* |FILE| for |bio|. It returns one on success and zero otherwise. The |FILE|
|
||||
* will be closed when |bio| is freed. */
|
||||
OPENSSL_EXPORT int BIO_write_filename(BIO *bio, const char *filename);
|
||||
|
||||
/* BIO_append_filename opens |filename| for appending and sets the result as
|
||||
* the |FILE| for |bio|. It returns one on success and zero otherwise. The
|
||||
* |FILE| will be closed when |bio| is freed. */
|
||||
OPENSSL_EXPORT int BIO_append_filename(BIO *bio, const char *filename);
|
||||
|
||||
/* BIO_rw_filename opens |filename| for reading and writing and sets the result
|
||||
* as the |FILE| for |bio|. It returns one on success and zero otherwise. The
|
||||
* |FILE| will be closed when |bio| is freed. */
|
||||
OPENSSL_EXPORT int BIO_rw_filename(BIO *bio, const char *filename);
|
||||
|
||||
|
||||
/* Buffer BIOs.
|
||||
*
|
||||
* Buffer BIOs are a filter-type BIO, i.e. they are designed to be used in a
|
||||
* chain of BIOs. They provide buffering to reduce the number of operations on
|
||||
* the underlying BIOs. */
|
||||
|
||||
OPENSSL_EXPORT const BIO_METHOD *BIO_f_buffer(void);
|
||||
|
||||
/* BIO_set_read_buffer_size sets the size, in bytes, of the read buffer and
|
||||
* clears it. It returns one on success and zero on failure. */
|
||||
OPENSSL_EXPORT int BIO_set_read_buffer_size(BIO *bio, int buffer_size);
|
||||
|
||||
/* BIO_set_write_buffer_size sets the size, in bytes, of the write buffer and
|
||||
* clears it. It returns one on success and zero on failure. */
|
||||
OPENSSL_EXPORT int BIO_set_write_buffer_size(BIO *bio, int buffer_size);
|
||||
|
||||
|
||||
/* Socket BIOs. */
|
||||
|
||||
OPENSSL_EXPORT const BIO_METHOD *BIO_s_socket(void);
|
||||
|
||||
/* BIO_new_socket allocates and initialises a fresh BIO which will read and
|
||||
* write to the socket |fd|. If |close_flag| is |BIO_CLOSE| then closing the
|
||||
* BIO will close |fd|. It returns the fresh |BIO| or NULL on error. */
|
||||
OPENSSL_EXPORT BIO *BIO_new_socket(int fd, int close_flag);
|
||||
|
||||
|
||||
/* Connect BIOs.
|
||||
*
|
||||
* A connection BIO creates a network connection and transfers data over the
|
||||
* resulting socket. */
|
||||
|
||||
OPENSSL_EXPORT const BIO_METHOD *BIO_s_connect(void);
|
||||
|
||||
/* BIO_new_connect returns a BIO that connects to the given hostname and port.
|
||||
* The |host_and_optional_port| argument should be of the form
|
||||
* "www.example.com" or "www.example.com:443". If the port is omitted, it must
|
||||
* be provided with |BIO_set_conn_port|.
|
||||
*
|
||||
* It returns the new BIO on success, or NULL on error. */
|
||||
OPENSSL_EXPORT BIO *BIO_new_connect(const char *host_and_optional_port);
|
||||
|
||||
/* BIO_set_conn_hostname sets |host_and_optional_port| as the hostname and
|
||||
* optional port that |bio| will connect to. If the port is omitted, it must be
|
||||
* provided with |BIO_set_conn_port|.
|
||||
*
|
||||
* It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int BIO_set_conn_hostname(BIO *bio,
|
||||
const char *host_and_optional_port);
|
||||
|
||||
/* BIO_set_conn_port sets |port_str| as the port or service name that |bio|
|
||||
* will connect to. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int BIO_set_conn_port(BIO *bio, const char *port_str);
|
||||
|
||||
/* BIO_set_nbio sets whether |bio| will use non-blocking I/O operations. It
|
||||
* returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int BIO_set_nbio(BIO *bio, int on);
|
||||
|
||||
|
||||
/* Datagram BIOs.
|
||||
*
|
||||
* TODO(fork): not implemented. */
|
||||
|
||||
#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */
|
||||
|
||||
#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for MTU. want to use
|
||||
this if asking the kernel fails */
|
||||
|
||||
#define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU was exceed in
|
||||
the previous write operation. */
|
||||
|
||||
#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT \
|
||||
45 /* Next DTLS handshake timeout to adjust socket timeouts */
|
||||
|
||||
#define BIO_CTRL_DGRAM_GET_PEER 46
|
||||
|
||||
#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47
|
||||
|
||||
|
||||
/* BIO Pairs.
|
||||
*
|
||||
* BIO pairs provide a "loopback" like system: a pair of BIOs where data
|
||||
* written to one can be read from the other and vice versa. */
|
||||
|
||||
/* BIO_new_bio_pair sets |*out1| and |*out2| to two freshly created BIOs where
|
||||
* data written to one can be read from the other and vice versa. The
|
||||
* |writebuf1| argument gives the size of the buffer used in |*out1| and
|
||||
* |writebuf2| for |*out2|. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int BIO_new_bio_pair(BIO **out1, size_t writebuf1, BIO **out2,
|
||||
size_t writebuf2);
|
||||
|
||||
/* BIO_new_bio_pair_external_buf is the same as |BIO_new_bio_pair| with the
|
||||
* difference that the caller keeps ownership of the write buffers
|
||||
* |ext_writebuf1_len| and |ext_writebuf2_len|. This is useful when using zero
|
||||
* copy API for read and write operations, in cases where the buffers need to
|
||||
* outlive the BIO pairs. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int BIO_new_bio_pair_external_buf(BIO** bio1_p,
|
||||
size_t writebuf1_len,
|
||||
uint8_t* ext_writebuf1,
|
||||
BIO** bio2_p,
|
||||
size_t writebuf2_len,
|
||||
uint8_t* ext_writebuf2);
|
||||
|
||||
/* BIO_ctrl_get_read_request returns the number of bytes that the other side of
|
||||
* |bio| tried (unsuccessfully) to read. */
|
||||
OPENSSL_EXPORT size_t BIO_ctrl_get_read_request(BIO *bio);
|
||||
|
||||
/* BIO_ctrl_get_write_guarantee returns the number of bytes that |bio| (which
|
||||
* must have been returned by |BIO_new_bio_pair|) will accept on the next
|
||||
* |BIO_write| call. */
|
||||
OPENSSL_EXPORT size_t BIO_ctrl_get_write_guarantee(BIO *bio);
|
||||
|
||||
/* BIO_shutdown_wr marks |bio| as closed, from the point of view of the other
|
||||
* side of the pair. Future |BIO_write| calls on |bio| will fail. It returns
|
||||
* one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int BIO_shutdown_wr(BIO *bio);
|
||||
|
||||
|
||||
/* Zero copy versions of BIO_read and BIO_write for BIO pairs. */
|
||||
|
||||
/* BIO_zero_copy_get_read_buf initiates a zero copy read operation.
|
||||
* |out_read_buf| is set to the internal read buffer, and |out_buf_offset| is
|
||||
* set to the current read position of |out_read_buf|. The number of bytes
|
||||
* available for read from |out_read_buf| + |out_buf_offset| is returned in
|
||||
* |out_available_bytes|. Note that this function might report fewer bytes
|
||||
* available than |BIO_pending|, if the internal ring buffer is wrapped. It
|
||||
* returns one on success. In case of error it returns zero and pushes to the
|
||||
* error stack.
|
||||
*
|
||||
* The zero copy read operation is completed by calling
|
||||
* |BIO_zero_copy_get_read_buf_done|. Neither |BIO_zero_copy_get_read_buf| nor
|
||||
* any other I/O read operation may be called while a zero copy read operation
|
||||
* is active. */
|
||||
OPENSSL_EXPORT int BIO_zero_copy_get_read_buf(BIO* bio,
|
||||
uint8_t** out_read_buf,
|
||||
size_t* out_buf_offset,
|
||||
size_t* out_available_bytes);
|
||||
|
||||
/* BIO_zero_copy_get_read_buf_done must be called after reading from a BIO using
|
||||
* |BIO_zero_copy_get_read_buf| to finish the read operation. The |bytes_read|
|
||||
* argument is the number of bytes read.
|
||||
*
|
||||
* It returns one on success. In case of error it returns zero and pushes to the
|
||||
* error stack. */
|
||||
OPENSSL_EXPORT int BIO_zero_copy_get_read_buf_done(BIO* bio, size_t bytes_read);
|
||||
|
||||
/* BIO_zero_copy_get_write_buf_done initiates a zero copy write operation.
|
||||
* |out_write_buf| is set to to the internal write buffer, and |out_buf_offset|
|
||||
* is set to the current write position of |out_write_buf|.
|
||||
* The number of bytes available for write from |out_write_buf| +
|
||||
* |out_buf_offset| is returned in |out_available_bytes|. Note that this
|
||||
* function might report fewer bytes available than
|
||||
* |BIO_ctrl_get_write_guarantee|, if the internal buffer is wrapped. It returns
|
||||
* one on success. In case of error it returns zero and pushes to the error
|
||||
* stack.
|
||||
*
|
||||
* The zero copy write operation is completed by calling
|
||||
* |BIO_zero_copy_write_buf_done|. Neither |BIO_zero_copy_get_write_buf|
|
||||
* nor any other I/O write operation may be called while a zero copy write
|
||||
* operation is active. */
|
||||
OPENSSL_EXPORT int BIO_zero_copy_get_write_buf(BIO* bio,
|
||||
uint8_t** out_write_buf,
|
||||
size_t* out_buf_offset,
|
||||
size_t* out_available_bytes);
|
||||
|
||||
/* BIO_zero_copy_write_buf_done must be called after writing to a BIO using
|
||||
* |BIO_zero_copy_get_write_buf_done| to finish the write operation. The
|
||||
* |bytes_written| argument gives the number of bytes written.
|
||||
*
|
||||
* It returns one on success. In case of error it returns zero and pushes to the
|
||||
* error stack. */
|
||||
OPENSSL_EXPORT int BIO_zero_copy_get_write_buf_done(BIO* bio,
|
||||
size_t bytes_written);
|
||||
|
||||
|
||||
/* BIO_NOCLOSE and |BIO_CLOSE| can be used as symbolic arguments when a "close
|
||||
* flag" is passed to a BIO function. */
|
||||
#define BIO_NOCLOSE 0
|
||||
#define BIO_CLOSE 1
|
||||
|
||||
/* These are passed to the BIO callback */
|
||||
#define BIO_CB_FREE 0x01
|
||||
#define BIO_CB_READ 0x02
|
||||
#define BIO_CB_WRITE 0x03
|
||||
#define BIO_CB_PUTS 0x04
|
||||
#define BIO_CB_GETS 0x05
|
||||
#define BIO_CB_CTRL 0x06
|
||||
|
||||
/* The callback is called before and after the underling operation,
|
||||
* The BIO_CB_RETURN flag indicates if it is after the call */
|
||||
#define BIO_CB_RETURN 0x80
|
||||
|
||||
/* These are values of the |cmd| argument to |BIO_ctrl|. */
|
||||
#define BIO_CTRL_RESET 1 /* opt - rewind/zero etc */
|
||||
#define BIO_CTRL_EOF 2 /* opt - are we at the eof */
|
||||
#define BIO_CTRL_INFO 3 /* opt - extra tit-bits */
|
||||
#define BIO_CTRL_SET 4 /* man - set the 'IO' type */
|
||||
#define BIO_CTRL_GET 5 /* man - get the 'IO' type */
|
||||
#define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */
|
||||
#define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */
|
||||
#define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */
|
||||
#define BIO_CTRL_FLUSH 11 /* opt - 'flush' buffered output */
|
||||
#define BIO_CTRL_WPENDING 13 /* opt - number of bytes still to write */
|
||||
/* callback is int cb(BIO *bio,state,ret); */
|
||||
#define BIO_CTRL_SET_CALLBACK 14 /* opt - set callback function */
|
||||
#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */
|
||||
#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */
|
||||
|
||||
|
||||
/* Android compatibility section.
|
||||
*
|
||||
* A previous version of BoringSSL used in Android renamed ERR_print_errors_fp
|
||||
* to BIO_print_errors_fp. It has subsequently been renamed back to
|
||||
* ERR_print_errors_fp. */
|
||||
#define BIO_print_errors_fp ERR_print_errors_fp
|
||||
|
||||
|
||||
/* Private functions */
|
||||
|
||||
#define BIO_FLAGS_READ 0x01
|
||||
#define BIO_FLAGS_WRITE 0x02
|
||||
#define BIO_FLAGS_IO_SPECIAL 0x04
|
||||
#define BIO_FLAGS_RWS (BIO_FLAGS_READ | BIO_FLAGS_WRITE | BIO_FLAGS_IO_SPECIAL)
|
||||
#define BIO_FLAGS_SHOULD_RETRY 0x08
|
||||
#define BIO_FLAGS_BASE64_NO_NL 0x100
|
||||
/* This is used with memory BIOs: it means we shouldn't free up or change the
|
||||
* data in any way. */
|
||||
#define BIO_FLAGS_MEM_RDONLY 0x200
|
||||
|
||||
/* These are the 'types' of BIOs */
|
||||
#define BIO_TYPE_NONE 0
|
||||
#define BIO_TYPE_MEM (1 | 0x0400)
|
||||
#define BIO_TYPE_FILE (2 | 0x0400)
|
||||
#define BIO_TYPE_FD (4 | 0x0400 | 0x0100)
|
||||
#define BIO_TYPE_SOCKET (5 | 0x0400 | 0x0100)
|
||||
#define BIO_TYPE_NULL (6 | 0x0400)
|
||||
#define BIO_TYPE_SSL (7 | 0x0200)
|
||||
#define BIO_TYPE_MD (8 | 0x0200) /* passive filter */
|
||||
#define BIO_TYPE_BUFFER (9 | 0x0200) /* filter */
|
||||
#define BIO_TYPE_CIPHER (10 | 0x0200) /* filter */
|
||||
#define BIO_TYPE_BASE64 (11 | 0x0200) /* filter */
|
||||
#define BIO_TYPE_CONNECT (12 | 0x0400 | 0x0100) /* socket - connect */
|
||||
#define BIO_TYPE_ACCEPT (13 | 0x0400 | 0x0100) /* socket for accept */
|
||||
#define BIO_TYPE_PROXY_CLIENT (14 | 0x0200) /* client proxy BIO */
|
||||
#define BIO_TYPE_PROXY_SERVER (15 | 0x0200) /* server proxy BIO */
|
||||
#define BIO_TYPE_NBIO_TEST (16 | 0x0200) /* server proxy BIO */
|
||||
#define BIO_TYPE_NULL_FILTER (17 | 0x0200)
|
||||
#define BIO_TYPE_BER (18 | 0x0200) /* BER -> bin filter */
|
||||
#define BIO_TYPE_BIO (19 | 0x0400) /* (half a) BIO pair */
|
||||
#define BIO_TYPE_LINEBUFFER (20 | 0x0200) /* filter */
|
||||
#define BIO_TYPE_DGRAM (21 | 0x0400 | 0x0100)
|
||||
#define BIO_TYPE_ASN1 (22 | 0x0200) /* filter */
|
||||
#define BIO_TYPE_COMP (23 | 0x0200) /* filter */
|
||||
|
||||
#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */
|
||||
#define BIO_TYPE_FILTER 0x0200
|
||||
#define BIO_TYPE_SOURCE_SINK 0x0400
|
||||
|
||||
struct bio_method_st {
|
||||
int type;
|
||||
const char *name;
|
||||
int (*bwrite)(BIO *, const char *, int);
|
||||
int (*bread)(BIO *, char *, int);
|
||||
/* TODO(fork): remove bputs. */
|
||||
int (*bputs)(BIO *, const char *);
|
||||
int (*bgets)(BIO *, char *, int);
|
||||
long (*ctrl)(BIO *, int, long, void *);
|
||||
int (*create)(BIO *);
|
||||
int (*destroy)(BIO *);
|
||||
long (*callback_ctrl)(BIO *, int, bio_info_cb);
|
||||
};
|
||||
|
||||
struct bio_st {
|
||||
const BIO_METHOD *method;
|
||||
/* bio, mode, argp, argi, argl, ret */
|
||||
long (*callback)(struct bio_st *, int, const char *, int, long, long);
|
||||
char *cb_arg; /* first argument for the callback */
|
||||
|
||||
/* init is non-zero if this |BIO| has been initialised. */
|
||||
int init;
|
||||
/* shutdown is often used by specific |BIO_METHOD|s to determine whether
|
||||
* they own some underlying resource. This flag can often by controlled by
|
||||
* |BIO_set_close|. For example, whether an fd BIO closes the underlying fd
|
||||
* when it, itself, is closed. */
|
||||
int shutdown;
|
||||
int flags;
|
||||
int retry_reason;
|
||||
/* num is a BIO-specific value. For example, in fd BIOs it's used to store a
|
||||
* file descriptor. */
|
||||
int num;
|
||||
CRYPTO_refcount_t references;
|
||||
void *ptr;
|
||||
/* next_bio points to the next |BIO| in a chain. This |BIO| owns a reference
|
||||
* to |next_bio|. */
|
||||
struct bio_st *next_bio; /* used by filter BIOs */
|
||||
size_t num_read, num_write;
|
||||
};
|
||||
|
||||
#define BIO_C_SET_CONNECT 100
|
||||
#define BIO_C_DO_STATE_MACHINE 101
|
||||
#define BIO_C_SET_NBIO 102
|
||||
#define BIO_C_SET_PROXY_PARAM 103
|
||||
#define BIO_C_SET_FD 104
|
||||
#define BIO_C_GET_FD 105
|
||||
#define BIO_C_SET_FILE_PTR 106
|
||||
#define BIO_C_GET_FILE_PTR 107
|
||||
#define BIO_C_SET_FILENAME 108
|
||||
#define BIO_C_SET_SSL 109
|
||||
#define BIO_C_GET_SSL 110
|
||||
#define BIO_C_SET_MD 111
|
||||
#define BIO_C_GET_MD 112
|
||||
#define BIO_C_GET_CIPHER_STATUS 113
|
||||
#define BIO_C_SET_BUF_MEM 114
|
||||
#define BIO_C_GET_BUF_MEM_PTR 115
|
||||
#define BIO_C_GET_BUFF_NUM_LINES 116
|
||||
#define BIO_C_SET_BUFF_SIZE 117
|
||||
#define BIO_C_SET_ACCEPT 118
|
||||
#define BIO_C_SSL_MODE 119
|
||||
#define BIO_C_GET_MD_CTX 120
|
||||
#define BIO_C_GET_PROXY_PARAM 121
|
||||
#define BIO_C_SET_BUFF_READ_DATA 122 /* data to read first */
|
||||
#define BIO_C_GET_CONNECT 123
|
||||
#define BIO_C_GET_ACCEPT 124
|
||||
#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125
|
||||
#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126
|
||||
#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127
|
||||
#define BIO_C_FILE_SEEK 128
|
||||
#define BIO_C_GET_CIPHER_CTX 129
|
||||
#define BIO_C_SET_BUF_MEM_EOF_RETURN 130/*return end of input value*/
|
||||
#define BIO_C_SET_BIND_MODE 131
|
||||
#define BIO_C_GET_BIND_MODE 132
|
||||
#define BIO_C_FILE_TELL 133
|
||||
#define BIO_C_GET_SOCKS 134
|
||||
#define BIO_C_SET_SOCKS 135
|
||||
|
||||
#define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */
|
||||
#define BIO_C_GET_WRITE_BUF_SIZE 137
|
||||
#define BIO_C_GET_WRITE_GUARANTEE 140
|
||||
#define BIO_C_GET_READ_REQUEST 141
|
||||
#define BIO_C_SHUTDOWN_WR 142
|
||||
#define BIO_C_NREAD0 143
|
||||
#define BIO_C_NREAD 144
|
||||
#define BIO_C_NWRITE0 145
|
||||
#define BIO_C_NWRITE 146
|
||||
#define BIO_C_RESET_READ_REQUEST 147
|
||||
#define BIO_C_SET_MD_CTX 148
|
||||
|
||||
#define BIO_C_SET_PREFIX 149
|
||||
#define BIO_C_GET_PREFIX 150
|
||||
#define BIO_C_SET_SUFFIX 151
|
||||
#define BIO_C_GET_SUFFIX 152
|
||||
|
||||
#define BIO_C_SET_EX_ARG 153
|
||||
#define BIO_C_GET_EX_ARG 154
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define BIO_F_BIO_callback_ctrl 100
|
||||
#define BIO_F_BIO_ctrl 101
|
||||
#define BIO_F_BIO_new 102
|
||||
#define BIO_F_BIO_new_file 103
|
||||
#define BIO_F_BIO_new_mem_buf 104
|
||||
#define BIO_F_BIO_zero_copy_get_read_buf 105
|
||||
#define BIO_F_BIO_zero_copy_get_read_buf_done 106
|
||||
#define BIO_F_BIO_zero_copy_get_write_buf 107
|
||||
#define BIO_F_BIO_zero_copy_get_write_buf_done 108
|
||||
#define BIO_F_bio_io 109
|
||||
#define BIO_F_bio_make_pair 110
|
||||
#define BIO_F_bio_write 111
|
||||
#define BIO_F_buffer_ctrl 112
|
||||
#define BIO_F_conn_ctrl 113
|
||||
#define BIO_F_conn_state 114
|
||||
#define BIO_F_file_ctrl 115
|
||||
#define BIO_F_file_read 116
|
||||
#define BIO_F_mem_write 117
|
||||
#define BIO_F_BIO_printf 118
|
||||
#define BIO_R_BAD_FOPEN_MODE 100
|
||||
#define BIO_R_BROKEN_PIPE 101
|
||||
#define BIO_R_CONNECT_ERROR 102
|
||||
#define BIO_R_ERROR_SETTING_NBIO 103
|
||||
#define BIO_R_INVALID_ARGUMENT 104
|
||||
#define BIO_R_IN_USE 105
|
||||
#define BIO_R_KEEPALIVE 106
|
||||
#define BIO_R_NBIO_CONNECT_ERROR 107
|
||||
#define BIO_R_NO_HOSTNAME_SPECIFIED 108
|
||||
#define BIO_R_NO_PORT_SPECIFIED 109
|
||||
#define BIO_R_NO_SUCH_FILE 110
|
||||
#define BIO_R_NULL_PARAMETER 111
|
||||
#define BIO_R_SYS_LIB 112
|
||||
#define BIO_R_UNABLE_TO_CREATE_SOCKET 113
|
||||
#define BIO_R_UNINITIALIZED 114
|
||||
#define BIO_R_UNSUPPORTED_METHOD 115
|
||||
#define BIO_R_WRITE_TO_READ_ONLY_BIO 116
|
||||
|
||||
#endif /* OPENSSL_HEADER_BIO_H */
|
|
@ -0,0 +1,93 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_BLOWFISH_H
|
||||
#define OPENSSL_HEADER_BLOWFISH_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#define BF_ENCRYPT 1
|
||||
#define BF_DECRYPT 0
|
||||
|
||||
#define BF_ROUNDS 16
|
||||
#define BF_BLOCK 8
|
||||
|
||||
typedef struct bf_key_st {
|
||||
uint32_t P[BF_ROUNDS + 2];
|
||||
uint32_t S[4 * 256];
|
||||
} BF_KEY;
|
||||
|
||||
OPENSSL_EXPORT void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data);
|
||||
OPENSSL_EXPORT void BF_encrypt(uint32_t *data, const BF_KEY *key);
|
||||
OPENSSL_EXPORT void BF_decrypt(uint32_t *data, const BF_KEY *key);
|
||||
|
||||
OPENSSL_EXPORT void BF_ecb_encrypt(const uint8_t *in, uint8_t *out,
|
||||
const BF_KEY *key, int enc);
|
||||
OPENSSL_EXPORT void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, long length,
|
||||
const BF_KEY *schedule, uint8_t *ivec,
|
||||
int enc);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_BLOWFISH_H */
|
|
@ -0,0 +1,875 @@
|
|||
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
*
|
||||
* Portions of the attached software ("Contribution") are developed by
|
||||
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
|
||||
*
|
||||
* The Contribution is licensed pursuant to the Eric Young open source
|
||||
* license provided above.
|
||||
*
|
||||
* The binary polynomial arithmetic software is originally written by
|
||||
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
|
||||
* Laboratories. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_BN_H
|
||||
#define OPENSSL_HEADER_BN_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/thread.h>
|
||||
|
||||
#include <inttypes.h> /* for PRIu64 and friends */
|
||||
#include <stdio.h> /* for FILE* */
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* BN provides support for working with arbitary sized integers. For example,
|
||||
* although the largest integer supported by the compiler might be 64 bits, BN
|
||||
* will allow you to work with numbers until you run out of memory. */
|
||||
|
||||
|
||||
/* BN_ULONG is the native word size when working with big integers.
|
||||
*
|
||||
* Note: on some platforms, inttypes.h does not define print format macros in
|
||||
* C++ unless |__STDC_FORMAT_MACROS| defined. As this is a public header, bn.h
|
||||
* does not define |__STDC_FORMAT_MACROS| itself. C++ source files which use the
|
||||
* FMT macros must define it externally. */
|
||||
#if defined(OPENSSL_64_BIT)
|
||||
#define BN_ULONG uint64_t
|
||||
#define BN_BITS2 64
|
||||
#define BN_DEC_FMT1 "%" PRIu64
|
||||
#define BN_DEC_FMT2 "%019" PRIu64
|
||||
#define BN_HEX_FMT1 "%" PRIx64
|
||||
#elif defined(OPENSSL_32_BIT)
|
||||
#define BN_ULONG uint32_t
|
||||
#define BN_BITS2 32
|
||||
#define BN_DEC_FMT1 "%" PRIu32
|
||||
#define BN_DEC_FMT2 "%09" PRIu32
|
||||
#define BN_HEX_FMT1 "%" PRIx32
|
||||
#else
|
||||
#error "Must define either OPENSSL_32_BIT or OPENSSL_64_BIT"
|
||||
#endif
|
||||
|
||||
|
||||
/* Allocation and freeing. */
|
||||
|
||||
/* BN_new creates a new, allocated BIGNUM and initialises it. */
|
||||
OPENSSL_EXPORT BIGNUM *BN_new(void);
|
||||
|
||||
/* BN_init initialises a stack allocated |BIGNUM|. */
|
||||
OPENSSL_EXPORT void BN_init(BIGNUM *bn);
|
||||
|
||||
/* BN_free frees the data referenced by |bn| and, if |bn| was originally
|
||||
* allocated on the heap, frees |bn| also. */
|
||||
OPENSSL_EXPORT void BN_free(BIGNUM *bn);
|
||||
|
||||
/* BN_clear_free erases and frees the data referenced by |bn| and, if |bn| was
|
||||
* originally allocated on the heap, frees |bn| also. */
|
||||
OPENSSL_EXPORT void BN_clear_free(BIGNUM *bn);
|
||||
|
||||
/* BN_dup allocates a new BIGNUM and sets it equal to |src|. It returns the
|
||||
* allocated BIGNUM on success or NULL otherwise. */
|
||||
OPENSSL_EXPORT BIGNUM *BN_dup(const BIGNUM *src);
|
||||
|
||||
/* BN_copy sets |dest| equal to |src| and returns |dest|. */
|
||||
OPENSSL_EXPORT BIGNUM *BN_copy(BIGNUM *dest, const BIGNUM *src);
|
||||
|
||||
/* BN_clear sets |bn| to zero and erases the old data. */
|
||||
OPENSSL_EXPORT void BN_clear(BIGNUM *bn);
|
||||
|
||||
/* BN_value_one returns a static BIGNUM with value 1. */
|
||||
OPENSSL_EXPORT const BIGNUM *BN_value_one(void);
|
||||
|
||||
/* BN_with_flags initialises a stack allocated |BIGNUM| with pointers to the
|
||||
* contents of |in| but with |flags| ORed into the flags field.
|
||||
*
|
||||
* Note: the two BIGNUMs share state and so |out| should /not/ be passed to
|
||||
* |BN_free|. */
|
||||
OPENSSL_EXPORT void BN_with_flags(BIGNUM *out, const BIGNUM *in, int flags);
|
||||
|
||||
|
||||
/* Basic functions. */
|
||||
|
||||
/* BN_num_bits returns the minimum number of bits needed to represent the
|
||||
* absolute value of |bn|. */
|
||||
OPENSSL_EXPORT unsigned BN_num_bits(const BIGNUM *bn);
|
||||
|
||||
/* BN_num_bytes returns the minimum number of bytes needed to represent the
|
||||
* absolute value of |bn|. */
|
||||
OPENSSL_EXPORT unsigned BN_num_bytes(const BIGNUM *bn);
|
||||
|
||||
/* BN_zero sets |bn| to zero. */
|
||||
OPENSSL_EXPORT void BN_zero(BIGNUM *bn);
|
||||
|
||||
/* BN_one sets |bn| to one. It returns one on success or zero on allocation
|
||||
* failure. */
|
||||
OPENSSL_EXPORT int BN_one(BIGNUM *bn);
|
||||
|
||||
/* BN_set_word sets |bn| to |value|. It returns one on success or zero on
|
||||
* allocation failure. */
|
||||
OPENSSL_EXPORT int BN_set_word(BIGNUM *bn, BN_ULONG value);
|
||||
|
||||
/* BN_set_negative sets the sign of |bn|. */
|
||||
OPENSSL_EXPORT void BN_set_negative(BIGNUM *bn, int sign);
|
||||
|
||||
/* BN_is_negative returns one if |bn| is negative and zero otherwise. */
|
||||
OPENSSL_EXPORT int BN_is_negative(const BIGNUM *bn);
|
||||
|
||||
/* BN_get_flags returns |bn->flags| & |flags|. */
|
||||
OPENSSL_EXPORT int BN_get_flags(const BIGNUM *bn, int flags);
|
||||
|
||||
/* BN_set_flags sets |flags| on |bn|. */
|
||||
OPENSSL_EXPORT void BN_set_flags(BIGNUM *bn, int flags);
|
||||
|
||||
|
||||
/* Conversion functions. */
|
||||
|
||||
/* BN_bin2bn sets |*ret| to the value of |len| bytes from |in|, interpreted as
|
||||
* a big-endian number, and returns |ret|. If |ret| is NULL then a fresh
|
||||
* |BIGNUM| is allocated and returned. It returns NULL on allocation
|
||||
* failure. */
|
||||
OPENSSL_EXPORT BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret);
|
||||
|
||||
/* BN_bn2bin serialises the absolute value of |in| to |out| as a big-endian
|
||||
* integer, which must have |BN_num_bytes| of space available. It returns the
|
||||
* number of bytes written. */
|
||||
OPENSSL_EXPORT size_t BN_bn2bin(const BIGNUM *in, uint8_t *out);
|
||||
|
||||
/* BN_bn2bin_padded serialises the absolute value of |in| to |out| as a
|
||||
* big-endian integer. The integer is padded with leading zeros up to size
|
||||
* |len|. If |len| is smaller than |BN_num_bytes|, the function fails and
|
||||
* returns 0. Otherwise, it returns 1. */
|
||||
OPENSSL_EXPORT int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in);
|
||||
|
||||
/* BN_bn2hex returns an allocated string that contains a NUL-terminated, hex
|
||||
* representation of |bn|. If |bn| is negative, the first char in the resulting
|
||||
* string will be '-'. Returns NULL on allocation failure. */
|
||||
OPENSSL_EXPORT char *BN_bn2hex(const BIGNUM *bn);
|
||||
|
||||
/* BN_hex2bn parses the leading hex number from |in|, which may be proceeded by
|
||||
* a '-' to indicate a negative number and may contain trailing, non-hex data.
|
||||
* If |outp| is not NULL, it constructs a BIGNUM equal to the hex number and
|
||||
* stores it in |*outp|. If |*outp| is NULL then it allocates a new BIGNUM and
|
||||
* updates |*outp|. It returns the number of bytes of |in| processed or zero on
|
||||
* error. */
|
||||
OPENSSL_EXPORT int BN_hex2bn(BIGNUM **outp, const char *in);
|
||||
|
||||
/* BN_bn2dec returns an allocated string that contains a NUL-terminated,
|
||||
* decimal representation of |bn|. If |bn| is negative, the first char in the
|
||||
* resulting string will be '-'. Returns NULL on allocation failure. */
|
||||
OPENSSL_EXPORT char *BN_bn2dec(const BIGNUM *a);
|
||||
|
||||
/* BN_dec2bn parses the leading decimal number from |in|, which may be
|
||||
* proceeded by a '-' to indicate a negative number and may contain trailing,
|
||||
* non-decimal data. If |outp| is not NULL, it constructs a BIGNUM equal to the
|
||||
* decimal number and stores it in |*outp|. If |*outp| is NULL then it
|
||||
* allocates a new BIGNUM and updates |*outp|. It returns the number of bytes
|
||||
* of |in| processed or zero on error. */
|
||||
OPENSSL_EXPORT int BN_dec2bn(BIGNUM **outp, const char *in);
|
||||
|
||||
/* BN_asc2bn acts like |BN_dec2bn| or |BN_hex2bn| depending on whether |in|
|
||||
* begins with "0X" or "0x" (indicating hex) or not (indicating decimal). A
|
||||
* leading '-' is still permitted and comes before the optional 0X/0x. It
|
||||
* returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int BN_asc2bn(BIGNUM **outp, const char *in);
|
||||
|
||||
/* BN_print writes a hex encoding of |a| to |bio|. It returns one on success
|
||||
* and zero on error. */
|
||||
OPENSSL_EXPORT int BN_print(BIO *bio, const BIGNUM *a);
|
||||
|
||||
/* BN_print_fp acts like |BIO_print|, but wraps |fp| in a |BIO| first. */
|
||||
OPENSSL_EXPORT int BN_print_fp(FILE *fp, const BIGNUM *a);
|
||||
|
||||
/* BN_get_word returns the absolute value of |bn| as a single word. If |bn| is
|
||||
* too large to be represented as a single word, the maximum possible value
|
||||
* will be returned. */
|
||||
OPENSSL_EXPORT BN_ULONG BN_get_word(const BIGNUM *bn);
|
||||
|
||||
|
||||
/* Internal functions.
|
||||
*
|
||||
* These functions are useful for code that is doing low-level manipulations of
|
||||
* BIGNUM values. However, be sure that no other function in this file does
|
||||
* what you want before turning to these. */
|
||||
|
||||
/* bn_correct_top decrements |bn->top| until |bn->d[top-1]| is non-zero or
|
||||
* until |top| is zero. */
|
||||
OPENSSL_EXPORT void bn_correct_top(BIGNUM *bn);
|
||||
|
||||
/* bn_wexpand ensures that |bn| has at least |words| works of space without
|
||||
* altering its value. It returns one on success or zero on allocation
|
||||
* failure. */
|
||||
OPENSSL_EXPORT BIGNUM *bn_wexpand(BIGNUM *bn, unsigned words);
|
||||
|
||||
|
||||
/* BIGNUM pools.
|
||||
*
|
||||
* Certain BIGNUM operations need to use many temporary variables and
|
||||
* allocating and freeing them can be quite slow. Thus such opertions typically
|
||||
* take a |BN_CTX| parameter, which contains a pool of |BIGNUMs|. The |ctx|
|
||||
* argument to a public function may be NULL, in which case a local |BN_CTX|
|
||||
* will be created just for the lifetime of that call.
|
||||
*
|
||||
* A function must call |BN_CTX_start| first. Then, |BN_CTX_get| may be called
|
||||
* repeatedly to obtain temporary |BIGNUM|s. All |BN_CTX_get| calls must be made
|
||||
* before calling any other functions that use the |ctx| as an argument.
|
||||
*
|
||||
* Finally, |BN_CTX_end| must be called before returning from the function.
|
||||
* When |BN_CTX_end| is called, the |BIGNUM| pointers obtained from
|
||||
* |BN_CTX_get| become invalid. */
|
||||
|
||||
/* BN_CTX_new returns a new, empty BN_CTX or NULL on allocation failure. */
|
||||
OPENSSL_EXPORT BN_CTX *BN_CTX_new(void);
|
||||
|
||||
/* BN_CTX_free frees all BIGNUMs contained in |ctx| and then frees |ctx|
|
||||
* itself. */
|
||||
OPENSSL_EXPORT void BN_CTX_free(BN_CTX *ctx);
|
||||
|
||||
/* BN_CTX_start "pushes" a new entry onto the |ctx| stack and allows future
|
||||
* calls to |BN_CTX_get|. */
|
||||
OPENSSL_EXPORT void BN_CTX_start(BN_CTX *ctx);
|
||||
|
||||
/* BN_CTX_get returns a new |BIGNUM|, or NULL on allocation failure. Once
|
||||
* |BN_CTX_get| has returned NULL, all future calls will also return NULL until
|
||||
* |BN_CTX_end| is called. */
|
||||
OPENSSL_EXPORT BIGNUM *BN_CTX_get(BN_CTX *ctx);
|
||||
|
||||
/* BN_CTX_end invalidates all |BIGNUM|s returned from |BN_CTX_get| since the
|
||||
* matching |BN_CTX_start| call. */
|
||||
OPENSSL_EXPORT void BN_CTX_end(BN_CTX *ctx);
|
||||
|
||||
|
||||
/* Simple arithmetic */
|
||||
|
||||
/* BN_add sets |r| = |a| + |b|, where |r| may be the same pointer as either |a|
|
||||
* or |b|. It returns one on success and zero on allocation failure. */
|
||||
OPENSSL_EXPORT int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
||||
|
||||
/* BN_uadd sets |r| = |a| + |b|, where |a| and |b| are non-negative and |r| may
|
||||
* be the same pointer as either |a| or |b|. It returns one on success and zero
|
||||
* on allocation failure. */
|
||||
OPENSSL_EXPORT int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
||||
|
||||
/* BN_add_word adds |w| to |a|. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int BN_add_word(BIGNUM *a, BN_ULONG w);
|
||||
|
||||
/* BN_sub sets |r| = |a| - |b|, where |r| must be a distinct pointer from |a|
|
||||
* and |b|. It returns one on success and zero on allocation failure. */
|
||||
OPENSSL_EXPORT int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
||||
|
||||
/* BN_usub sets |r| = |a| - |b|, where |a| and |b| are non-negative integers,
|
||||
* |b| < |a| and |r| must be a distinct pointer from |a| and |b|. It returns
|
||||
* one on success and zero on allocation failure. */
|
||||
OPENSSL_EXPORT int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
||||
|
||||
/* BN_sub_word subtracts |w| from |a|. It returns one on success and zero on
|
||||
* allocation failure. */
|
||||
OPENSSL_EXPORT int BN_sub_word(BIGNUM *a, BN_ULONG w);
|
||||
|
||||
/* BN_mul sets |r| = |a| * |b|, where |r| may be the same pointer as |a| or
|
||||
* |b|. Returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* BN_mul_word sets |bn| = |bn| * |w|. It returns one on success or zero on
|
||||
* allocation failure. */
|
||||
OPENSSL_EXPORT int BN_mul_word(BIGNUM *bn, BN_ULONG w);
|
||||
|
||||
/* BN_sqr sets |r| = |a|^2 (i.e. squares), where |r| may be the same pointer as
|
||||
* |a|. Returns one on success and zero otherwise. This is more efficient than
|
||||
* BN_mul(r, a, a, ctx). */
|
||||
OPENSSL_EXPORT int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
|
||||
|
||||
/* BN_div divides |numerator| by |divisor| and places the result in |quotient|
|
||||
* and the remainder in |rem|. Either of |quotient| or |rem| may be NULL, in
|
||||
* which case the respective value is not returned. The result is rounded
|
||||
* towards zero; thus if |numerator| is negative, the remainder will be zero or
|
||||
* negative. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int BN_div(BIGNUM *quotient, BIGNUM *rem,
|
||||
const BIGNUM *numerator, const BIGNUM *divisor,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* BN_div_word sets |numerator| = |numerator|/|divisor| and returns the
|
||||
* remainder or (BN_ULONG)-1 on error. */
|
||||
OPENSSL_EXPORT BN_ULONG BN_div_word(BIGNUM *numerator, BN_ULONG divisor);
|
||||
|
||||
/* BN_sqrt sets |*out_sqrt| (which may be the same |BIGNUM| as |in|) to the
|
||||
* square root of |in|, using |ctx|. It returns one on success or zero on
|
||||
* error. Negative numbers and non-square numbers will result in an error with
|
||||
* appropriate errors on the error queue. */
|
||||
OPENSSL_EXPORT int BN_sqrt(BIGNUM *out_sqrt, const BIGNUM *in, BN_CTX *ctx);
|
||||
|
||||
|
||||
/* Comparison functions */
|
||||
|
||||
/* BN_cmp returns a value less than, equal to or greater than zero if |a| is
|
||||
* less than, equal to or greater than |b|, respectively. */
|
||||
OPENSSL_EXPORT int BN_cmp(const BIGNUM *a, const BIGNUM *b);
|
||||
|
||||
/* BN_ucmp returns a value less than, equal to or greater than zero if the
|
||||
* absolute value of |a| is less than, equal to or greater than the absolute
|
||||
* value of |b|, respectively. */
|
||||
OPENSSL_EXPORT int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
|
||||
|
||||
/* BN_abs_is_word returns one if the absolute value of |bn| equals |w| and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int BN_abs_is_word(const BIGNUM *bn, BN_ULONG w);
|
||||
|
||||
/* BN_is_zero returns one if |bn| is zero and zero otherwise. */
|
||||
OPENSSL_EXPORT int BN_is_zero(const BIGNUM *bn);
|
||||
|
||||
/* BN_is_one returns one if |bn| equals one and zero otherwise. */
|
||||
OPENSSL_EXPORT int BN_is_one(const BIGNUM *bn);
|
||||
|
||||
/* BN_is_word returns one if |bn| is exactly |w| and zero otherwise. */
|
||||
OPENSSL_EXPORT int BN_is_word(const BIGNUM *bn, BN_ULONG w);
|
||||
|
||||
/* BN_is_odd returns one if |bn| is odd and zero otherwise. */
|
||||
OPENSSL_EXPORT int BN_is_odd(const BIGNUM *bn);
|
||||
|
||||
|
||||
/* Bitwise operations. */
|
||||
|
||||
/* BN_lshift sets |r| equal to |a| << n. The |a| and |r| arguments may be the
|
||||
* same |BIGNUM|. It returns one on success and zero on allocation failure. */
|
||||
OPENSSL_EXPORT int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
|
||||
|
||||
/* BN_lshift1 sets |r| equal to |a| << 1, where |r| and |a| may be the same
|
||||
* pointer. It returns one on success and zero on allocation failure. */
|
||||
OPENSSL_EXPORT int BN_lshift1(BIGNUM *r, const BIGNUM *a);
|
||||
|
||||
/* BN_rshift sets |r| equal to |a| >> n, where |r| and |a| may be the same
|
||||
* pointer. It returns one on success and zero on allocation failure. */
|
||||
OPENSSL_EXPORT int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
|
||||
|
||||
/* BN_rshift1 sets |r| equal to |a| >> 1, where |r| and |a| may be the same
|
||||
* pointer. It returns one on success and zero on allocation failure. */
|
||||
OPENSSL_EXPORT int BN_rshift1(BIGNUM *r, const BIGNUM *a);
|
||||
|
||||
/* BN_set_bit sets the |n|th, least-significant bit in |a|. For example, if |a|
|
||||
* is 2 then setting bit zero will make it 3. It returns one on success or zero
|
||||
* on allocation failure. */
|
||||
OPENSSL_EXPORT int BN_set_bit(BIGNUM *a, int n);
|
||||
|
||||
/* BN_clear_bit clears the |n|th, least-significant bit in |a|. For example, if
|
||||
* |a| is 3, clearing bit zero will make it two. It returns one on success or
|
||||
* zero on allocation failure. */
|
||||
OPENSSL_EXPORT int BN_clear_bit(BIGNUM *a, int n);
|
||||
|
||||
/* BN_is_bit_set returns the value of the |n|th, least-significant bit in |a|,
|
||||
* or zero if the bit doesn't exist. */
|
||||
OPENSSL_EXPORT int BN_is_bit_set(const BIGNUM *a, int n);
|
||||
|
||||
/* BN_mask_bits truncates |a| so that it is only |n| bits long. It returns one
|
||||
* on success or zero if |n| is greater than the length of |a| already. */
|
||||
OPENSSL_EXPORT int BN_mask_bits(BIGNUM *a, int n);
|
||||
|
||||
|
||||
/* Modulo arithmetic. */
|
||||
|
||||
/* BN_mod_word returns |a| mod |w|. */
|
||||
OPENSSL_EXPORT BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
|
||||
|
||||
/* BN_mod is a helper macro that calls |BN_div| and discards the quotient. */
|
||||
#define BN_mod(rem, numerator, divisor, ctx) \
|
||||
BN_div(NULL, (rem), (numerator), (divisor), (ctx))
|
||||
|
||||
/* BN_nnmod is a non-negative modulo function. It acts like |BN_mod|, but 0 <=
|
||||
* |rem| < |divisor| is always true. It returns one on success and zero on
|
||||
* error. */
|
||||
OPENSSL_EXPORT int BN_nnmod(BIGNUM *rem, const BIGNUM *numerator,
|
||||
const BIGNUM *divisor, BN_CTX *ctx);
|
||||
|
||||
/* BN_mod_add sets |r| = |a| + |b| mod |m|. It returns one on success and zero
|
||||
* on error. */
|
||||
OPENSSL_EXPORT int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
const BIGNUM *m, BN_CTX *ctx);
|
||||
|
||||
/* BN_mod_add_quick acts like |BN_mod_add| but requires that |a| and |b| be
|
||||
* non-negative and less than |m|. */
|
||||
OPENSSL_EXPORT int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
const BIGNUM *m);
|
||||
|
||||
/* BN_mod_sub sets |r| = |a| - |b| mod |m|. It returns one on success and zero
|
||||
* on error. */
|
||||
OPENSSL_EXPORT int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
const BIGNUM *m, BN_CTX *ctx);
|
||||
|
||||
/* BN_mod_sub_quick acts like |BN_mod_sub| but requires that |a| and |b| be
|
||||
* non-negative and less than |m|. */
|
||||
OPENSSL_EXPORT int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
const BIGNUM *m);
|
||||
|
||||
/* BN_mod_mul sets |r| = |a|*|b| mod |m|. It returns one on success and zero
|
||||
* on error. */
|
||||
OPENSSL_EXPORT int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
const BIGNUM *m, BN_CTX *ctx);
|
||||
|
||||
/* BN_mod_mul sets |r| = |a|^2 mod |m|. It returns one on success and zero
|
||||
* on error. */
|
||||
OPENSSL_EXPORT int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* BN_mod_lshift sets |r| = (|a| << n) mod |m|, where |r| and |a| may be the
|
||||
* same pointer. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n,
|
||||
const BIGNUM *m, BN_CTX *ctx);
|
||||
|
||||
/* BN_mod_lshift_quick acts like |BN_mod_lshift| but requires that |a| be
|
||||
* non-negative and less than |m|. */
|
||||
OPENSSL_EXPORT int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n,
|
||||
const BIGNUM *m);
|
||||
|
||||
/* BN_mod_lshift1 sets |r| = (|a| << 1) mod |m|, where |r| and |a| may be the
|
||||
* same pointer. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* BN_mod_lshift1_quick acts like |BN_mod_lshift1| but requires that |a| be
|
||||
* non-negative and less than |m|. */
|
||||
OPENSSL_EXPORT int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a,
|
||||
const BIGNUM *m);
|
||||
|
||||
/* BN_mod_sqrt returns a |BIGNUM|, r, such that r^2 == a (mod p). */
|
||||
OPENSSL_EXPORT BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p,
|
||||
BN_CTX *ctx);
|
||||
|
||||
|
||||
/* Random and prime number generation. */
|
||||
|
||||
/* BN_rand sets |rnd| to a random number of length |bits|. If |top| is zero, the
|
||||
* most-significant bit, if any, will be set. If |top| is one, the two most
|
||||
* significant bits, if any, will be set.
|
||||
*
|
||||
* If |top| is -1 then no extra action will be taken and |BN_num_bits(rnd)| may
|
||||
* not equal |bits| if the most significant bits randomly ended up as zeros.
|
||||
*
|
||||
* If |bottom| is non-zero, the least-significant bit, if any, will be set. The
|
||||
* function returns one on success or zero otherwise. */
|
||||
OPENSSL_EXPORT int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
|
||||
|
||||
/* BN_pseudo_rand is an alias for |BN_rand|. */
|
||||
OPENSSL_EXPORT int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
|
||||
|
||||
/* BN_rand_range sets |rnd| to a random value [0..range). It returns one on
|
||||
* success and zero otherwise. */
|
||||
OPENSSL_EXPORT int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
|
||||
|
||||
/* BN_pseudo_rand_range is an alias for BN_rand_range. */
|
||||
OPENSSL_EXPORT int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
|
||||
|
||||
/* BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
|
||||
* BN_rand_range, it also includes the contents of |priv| and |message| in the
|
||||
* generation so that an RNG failure isn't fatal as long as |priv| remains
|
||||
* secret. This is intended for use in DSA and ECDSA where an RNG weakness
|
||||
* leads directly to private key exposure unless this function is used.
|
||||
* It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
|
||||
const BIGNUM *priv,
|
||||
const uint8_t *message,
|
||||
size_t message_len, BN_CTX *ctx);
|
||||
|
||||
/* BN_GENCB holds a callback function that is used by generation functions that
|
||||
* can take a very long time to complete. Use |BN_GENCB_set| to initialise a
|
||||
* |BN_GENCB| structure.
|
||||
*
|
||||
* The callback receives the address of that |BN_GENCB| structure as its last
|
||||
* argument and the user is free to put an arbitary pointer in |arg|. The other
|
||||
* arguments are set as follows:
|
||||
* event=BN_GENCB_GENERATED, n=i: after generating the i'th possible prime
|
||||
* number.
|
||||
* event=BN_GENCB_PRIME_TEST, n=-1: when finished trial division primality
|
||||
* checks.
|
||||
* event=BN_GENCB_PRIME_TEST, n=i: when the i'th primality test has finished.
|
||||
*
|
||||
* The callback can return zero to abort the generation progress or one to
|
||||
* allow it to continue.
|
||||
*
|
||||
* When other code needs to call a BN generation function it will often take a
|
||||
* BN_GENCB argument and may call the function with other argument values. */
|
||||
#define BN_GENCB_GENERATED 0
|
||||
#define BN_GENCB_PRIME_TEST 1
|
||||
|
||||
struct bn_gencb_st {
|
||||
void *arg; /* callback-specific data */
|
||||
int (*callback)(int event, int n, struct bn_gencb_st *);
|
||||
};
|
||||
|
||||
/* BN_GENCB_set configures |callback| to call |f| and sets |callout->arg| to
|
||||
* |arg|. */
|
||||
OPENSSL_EXPORT void BN_GENCB_set(BN_GENCB *callback,
|
||||
int (*f)(int event, int n,
|
||||
struct bn_gencb_st *),
|
||||
void *arg);
|
||||
|
||||
/* BN_GENCB_call calls |callback|, if not NULL, and returns the return value of
|
||||
* the callback, or 1 if |callback| is NULL. */
|
||||
OPENSSL_EXPORT int BN_GENCB_call(BN_GENCB *callback, int event, int n);
|
||||
|
||||
/* BN_generate_prime_ex sets |ret| to a prime number of |bits| length. If safe
|
||||
* is non-zero then the prime will be such that (ret-1)/2 is also a prime.
|
||||
* (This is needed for Diffie-Hellman groups to ensure that the only subgroups
|
||||
* are of size 2 and (p-1)/2.).
|
||||
*
|
||||
* If |add| is not NULL, the prime will fulfill the condition |ret| % |add| ==
|
||||
* |rem| in order to suit a given generator. (If |rem| is NULL then |ret| %
|
||||
* |add| == 1.)
|
||||
*
|
||||
* If |cb| is not NULL, it will be called during processing to give an
|
||||
* indication of progress. See the comments for |BN_GENCB|. It returns one on
|
||||
* success and zero otherwise. */
|
||||
OPENSSL_EXPORT int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
|
||||
const BIGNUM *add, const BIGNUM *rem,
|
||||
BN_GENCB *cb);
|
||||
|
||||
/* BN_prime_checks is magic value that can be used as the |checks| argument to
|
||||
* the primality testing functions in order to automatically select a number of
|
||||
* Miller-Rabin checks that gives a false positive rate of ~2^{-80}. */
|
||||
#define BN_prime_checks 0
|
||||
|
||||
/* BN_primality_test sets |*is_probably_prime| to one if |candidate| is
|
||||
* probably a prime number by the Miller-Rabin test or zero if it's certainly
|
||||
* not.
|
||||
*
|
||||
* If |do_trial_division| is non-zero then |candidate| will be tested against a
|
||||
* list of small primes before Miller-Rabin tests. The probability of this
|
||||
* function returning a false positive is 2^{2*checks}. If |checks| is
|
||||
* |BN_prime_checks| then a value that results in approximately 2^{-80} false
|
||||
* positive probability is used. If |cb| is not NULL then it is called during
|
||||
* the checking process. See the comment above |BN_GENCB|.
|
||||
*
|
||||
* The function returns one on success and zero on error.
|
||||
*
|
||||
* (If you are unsure whether you want |do_trial_division|, don't set it.) */
|
||||
OPENSSL_EXPORT int BN_primality_test(int *is_probably_prime,
|
||||
const BIGNUM *candidate, int checks,
|
||||
BN_CTX *ctx, int do_trial_division,
|
||||
BN_GENCB *cb);
|
||||
|
||||
/* BN_is_prime_fasttest_ex returns one if |candidate| is probably a prime
|
||||
* number by the Miller-Rabin test, zero if it's certainly not and -1 on error.
|
||||
*
|
||||
* If |do_trial_division| is non-zero then |candidate| will be tested against a
|
||||
* list of small primes before Miller-Rabin tests. The probability of this
|
||||
* function returning one when |candidate| is composite is 2^{2*checks}. If
|
||||
* |checks| is |BN_prime_checks| then a value that results in approximately
|
||||
* 2^{-80} false positive probability is used. If |cb| is not NULL then it is
|
||||
* called during the checking process. See the comment above |BN_GENCB|.
|
||||
*
|
||||
* WARNING: deprecated. Use |BN_primality_test|. */
|
||||
OPENSSL_EXPORT int BN_is_prime_fasttest_ex(const BIGNUM *candidate, int checks,
|
||||
BN_CTX *ctx, int do_trial_division,
|
||||
BN_GENCB *cb);
|
||||
|
||||
/* BN_is_prime_ex acts the same as |BN_is_prime_fasttest_ex| with
|
||||
* |do_trial_division| set to zero.
|
||||
*
|
||||
* WARNING: deprecated: Use |BN_primality_test|. */
|
||||
OPENSSL_EXPORT int BN_is_prime_ex(const BIGNUM *candidate, int checks,
|
||||
BN_CTX *ctx, BN_GENCB *cb);
|
||||
|
||||
|
||||
/* Number theory functions */
|
||||
|
||||
/* BN_gcd sets |r| = gcd(|a|, |b|). It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* BN_mod_inverse sets |out| equal to |a|^-1, mod |n|. If either of |a| or |n|
|
||||
* have |BN_FLG_CONSTTIME| set then the operation is performed in constant
|
||||
* time. If |out| is NULL, a fresh BIGNUM is allocated. It returns the result
|
||||
* or NULL on error. */
|
||||
OPENSSL_EXPORT BIGNUM *BN_mod_inverse(BIGNUM *out, const BIGNUM *a,
|
||||
const BIGNUM *n, BN_CTX *ctx);
|
||||
|
||||
/* BN_kronecker returns the Kronecker symbol of |a| and |b| (which is -1, 0 or
|
||||
* 1), or -2 on error. */
|
||||
OPENSSL_EXPORT int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
|
||||
|
||||
|
||||
/* Montgomery arithmetic. */
|
||||
|
||||
/* BN_MONT_CTX contains the precomputed values needed to work in a specific
|
||||
* Montgomery domain. */
|
||||
|
||||
/* BN_MONT_CTX_new returns a fresh BN_MONT_CTX or NULL on allocation failure. */
|
||||
OPENSSL_EXPORT BN_MONT_CTX *BN_MONT_CTX_new(void);
|
||||
|
||||
/* BN_MONT_CTX_init initialises a stack allocated |BN_MONT_CTX|. */
|
||||
OPENSSL_EXPORT void BN_MONT_CTX_init(BN_MONT_CTX *mont);
|
||||
|
||||
/* BN_MONT_CTX_free frees the contexts of |mont| and, if it was originally
|
||||
* allocated with |BN_MONT_CTX_new|, |mont| itself. */
|
||||
OPENSSL_EXPORT void BN_MONT_CTX_free(BN_MONT_CTX *mont);
|
||||
|
||||
/* BN_MONT_CTX_copy sets |to| equal to |from|. It returns |to| on success or
|
||||
* NULL on error. */
|
||||
OPENSSL_EXPORT BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,
|
||||
BN_MONT_CTX *from);
|
||||
|
||||
/* BN_MONT_CTX_set sets up a Montgomery context given the modulus, |mod|. It
|
||||
* returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* BN_MONT_CTX_set_locked takes |lock| and checks whether |*pmont| is NULL. If
|
||||
* so, it creates a new |BN_MONT_CTX| and sets the modulus for it to |mod|. It
|
||||
* then stores it as |*pmont| and returns it, or NULL on error.
|
||||
*
|
||||
* If |*pmont| is already non-NULL then the existing value is returned. */
|
||||
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock,
|
||||
const BIGNUM *mod, BN_CTX *bn_ctx);
|
||||
|
||||
/* BN_to_montgomery sets |ret| equal to |a| in the Montgomery domain. It
|
||||
* returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int BN_to_montgomery(BIGNUM *ret, const BIGNUM *a,
|
||||
const BN_MONT_CTX *mont, BN_CTX *ctx);
|
||||
|
||||
/* BN_from_montgomery sets |ret| equal to |a| * R^-1, i.e. translates values
|
||||
* out of the Montgomery domain. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a,
|
||||
const BN_MONT_CTX *mont, BN_CTX *ctx);
|
||||
|
||||
/* BN_mod_mul_montgomery set |r| equal to |a| * |b|, in the Montgomery domain.
|
||||
* Both |a| and |b| must already be in the Montgomery domain (by
|
||||
* |BN_to_montgomery|). It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a,
|
||||
const BIGNUM *b,
|
||||
const BN_MONT_CTX *mont, BN_CTX *ctx);
|
||||
|
||||
|
||||
/* Exponentiation. */
|
||||
|
||||
/* BN_exp sets |r| equal to |a|^{|p|}. It does so with a square-and-multiply
|
||||
* algorithm that leaks side-channel information. It returns one on success or
|
||||
* zero otherwise. */
|
||||
OPENSSL_EXPORT int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* BN_mod_exp sets |r| equal to |a|^{|p|} mod |m|. It does so with the best
|
||||
* algorithm for the values provided and can run in constant time if
|
||||
* |BN_FLG_CONSTTIME| is set for |p|. It returns one on success or zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx);
|
||||
|
||||
OPENSSL_EXPORT int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx,
|
||||
BN_MONT_CTX *m_ctx);
|
||||
|
||||
OPENSSL_EXPORT int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a,
|
||||
const BIGNUM *p, const BIGNUM *m,
|
||||
BN_CTX *ctx, BN_MONT_CTX *in_mont);
|
||||
|
||||
OPENSSL_EXPORT int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx,
|
||||
BN_MONT_CTX *m_ctx);
|
||||
OPENSSL_EXPORT int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1,
|
||||
const BIGNUM *p1, const BIGNUM *a2,
|
||||
const BIGNUM *p2, const BIGNUM *m,
|
||||
BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
||||
|
||||
|
||||
/* Private functions */
|
||||
|
||||
struct bignum_st {
|
||||
BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks in little-endian
|
||||
order. */
|
||||
int top; /* Index of last used element in |d|, plus one. */
|
||||
int dmax; /* Size of |d|, in words. */
|
||||
int neg; /* one if the number is negative */
|
||||
int flags; /* bitmask of BN_FLG_* values */
|
||||
};
|
||||
|
||||
struct bn_mont_ctx_st {
|
||||
BIGNUM RR; /* used to convert to montgomery form */
|
||||
BIGNUM N; /* The modulus */
|
||||
BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1
|
||||
* (Ni is only stored for bignum algorithm) */
|
||||
BN_ULONG n0[2]; /* least significant word(s) of Ni;
|
||||
(type changed with 0.9.9, was "BN_ULONG n0;" before) */
|
||||
int flags;
|
||||
int ri; /* number of bits in R */
|
||||
};
|
||||
|
||||
OPENSSL_EXPORT unsigned BN_num_bits_word(BN_ULONG l);
|
||||
|
||||
#define BN_FLG_MALLOCED 0x01
|
||||
#define BN_FLG_STATIC_DATA 0x02
|
||||
/* avoid leaking exponent information through timing, BN_mod_exp_mont() will
|
||||
* call BN_mod_exp_mont_consttime, BN_div() will call BN_div_no_branch,
|
||||
* BN_mod_inverse() will call BN_mod_inverse_no_branch. */
|
||||
#define BN_FLG_CONSTTIME 0x04
|
||||
|
||||
|
||||
/* Android compatibility section.
|
||||
*
|
||||
* These functions are declared, temporarily, for Android because
|
||||
* wpa_supplicant will take a little time to sync with upstream. Outside of
|
||||
* Android they'll have no definition. */
|
||||
|
||||
OPENSSL_EXPORT BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define BN_F_BN_CTX_get 100
|
||||
#define BN_F_BN_CTX_new 101
|
||||
#define BN_F_BN_CTX_start 102
|
||||
#define BN_F_BN_bn2dec 103
|
||||
#define BN_F_BN_bn2hex 104
|
||||
#define BN_F_BN_div 105
|
||||
#define BN_F_BN_div_recp 106
|
||||
#define BN_F_BN_exp 107
|
||||
#define BN_F_BN_generate_dsa_nonce 108
|
||||
#define BN_F_BN_generate_prime_ex 109
|
||||
#define BN_F_BN_mod_exp2_mont 110
|
||||
#define BN_F_BN_mod_exp_mont 111
|
||||
#define BN_F_BN_mod_exp_mont_consttime 112
|
||||
#define BN_F_BN_mod_exp_mont_word 113
|
||||
#define BN_F_BN_mod_inverse 114
|
||||
#define BN_F_BN_mod_inverse_no_branch 115
|
||||
#define BN_F_BN_mod_lshift_quick 116
|
||||
#define BN_F_BN_mod_sqrt 117
|
||||
#define BN_F_BN_new 118
|
||||
#define BN_F_BN_rand 119
|
||||
#define BN_F_BN_rand_range 120
|
||||
#define BN_F_BN_sqrt 121
|
||||
#define BN_F_BN_usub 122
|
||||
#define BN_F_bn_wexpand 123
|
||||
#define BN_F_mod_exp_recp 124
|
||||
#define BN_F_BN_lshift 125
|
||||
#define BN_F_BN_rshift 126
|
||||
#define BN_R_ARG2_LT_ARG3 100
|
||||
#define BN_R_BAD_RECIPROCAL 101
|
||||
#define BN_R_BIGNUM_TOO_LONG 102
|
||||
#define BN_R_BITS_TOO_SMALL 103
|
||||
#define BN_R_CALLED_WITH_EVEN_MODULUS 104
|
||||
#define BN_R_DIV_BY_ZERO 105
|
||||
#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 106
|
||||
#define BN_R_INPUT_NOT_REDUCED 107
|
||||
#define BN_R_INVALID_RANGE 108
|
||||
#define BN_R_NEGATIVE_NUMBER 109
|
||||
#define BN_R_NOT_A_SQUARE 110
|
||||
#define BN_R_NOT_INITIALIZED 111
|
||||
#define BN_R_NO_INVERSE 112
|
||||
#define BN_R_PRIVATE_KEY_TOO_LARGE 113
|
||||
#define BN_R_P_IS_NOT_PRIME 114
|
||||
#define BN_R_TOO_MANY_ITERATIONS 115
|
||||
#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 116
|
||||
|
||||
#endif /* OPENSSL_HEADER_BN_H */
|
|
@ -0,0 +1,123 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_BUFFER_H
|
||||
#define OPENSSL_HEADER_BUFFER_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Memory and string functions, see also mem.h. */
|
||||
|
||||
|
||||
/* BUF_MEM is a generic buffer object used by OpenSSL. */
|
||||
struct buf_mem_st {
|
||||
size_t length; /* current number of bytes */
|
||||
char *data;
|
||||
size_t max; /* size of buffer */
|
||||
};
|
||||
|
||||
/* BUF_MEM_new creates a new BUF_MEM which has no allocated data buffer. */
|
||||
OPENSSL_EXPORT BUF_MEM *BUF_MEM_new(void);
|
||||
|
||||
/* BUF_MEM_free frees |buf->data| if needed and then frees |buf| itself. */
|
||||
OPENSSL_EXPORT void BUF_MEM_free(BUF_MEM *buf);
|
||||
|
||||
/* BUF_MEM_grow ensures that |buf| has length |len| and allocates memory if
|
||||
* needed. If the length of |buf| increased, the new bytes are filled with
|
||||
* zeros. It returns the length of |buf|, or zero if there's an error. */
|
||||
OPENSSL_EXPORT size_t BUF_MEM_grow(BUF_MEM *buf, size_t len);
|
||||
|
||||
/* BUF_MEM_grow_clean acts the same as |BUF_MEM_grow|, but clears the previous
|
||||
* contents of memory if reallocing. */
|
||||
OPENSSL_EXPORT size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
|
||||
|
||||
/* BUF_strdup returns an allocated, duplicate of |str|. */
|
||||
OPENSSL_EXPORT char *BUF_strdup(const char *str);
|
||||
|
||||
/* BUF_strnlen returns the number of characters in |str|, excluding the NUL
|
||||
* byte, but at most |max_len|. This function never reads more than |max_len|
|
||||
* bytes from |str|. */
|
||||
OPENSSL_EXPORT size_t BUF_strnlen(const char *str, size_t max_len);
|
||||
|
||||
/* BUF_strndup returns an allocated, duplicate of |str|, which is, at most,
|
||||
* |size| bytes. The result is always NUL terminated. */
|
||||
OPENSSL_EXPORT char *BUF_strndup(const char *str, size_t size);
|
||||
|
||||
/* BUF_memdup returns an allocated, duplicate of |size| bytes from |data|. */
|
||||
OPENSSL_EXPORT void *BUF_memdup(const void *data, size_t size);
|
||||
|
||||
/* BUF_strlcpy acts like strlcpy(3). */
|
||||
OPENSSL_EXPORT size_t BUF_strlcpy(char *dst, const char *src, size_t dst_size);
|
||||
|
||||
/* BUF_strlcat acts like strlcat(3). */
|
||||
OPENSSL_EXPORT size_t BUF_strlcat(char *dst, const char *src, size_t size);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define BUF_F_BUF_MEM_new 100
|
||||
#define BUF_F_BUF_memdup 101
|
||||
#define BUF_F_BUF_strndup 102
|
||||
#define BUF_F_buf_mem_grow 103
|
||||
|
||||
#endif /* OPENSSL_HEADER_BUFFER_H */
|
|
@ -0,0 +1,18 @@
|
|||
/* Copyright (c) 2015, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "buf.h"
|
|
@ -0,0 +1,325 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_BYTESTRING_H
|
||||
#define OPENSSL_HEADER_BYTESTRING_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Bytestrings are used for parsing and building TLS and ASN.1 messages.
|
||||
*
|
||||
* A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and
|
||||
* provides utility functions for safely parsing length-prefixed structures
|
||||
* like TLS and ASN.1 from it.
|
||||
*
|
||||
* A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and
|
||||
* provides utility functions for building length-prefixed messages. */
|
||||
|
||||
|
||||
/* CRYPTO ByteString */
|
||||
|
||||
struct cbs_st {
|
||||
const uint8_t *data;
|
||||
size_t len;
|
||||
};
|
||||
|
||||
/* CBS_init sets |cbs| to point to |data|. It does not take ownership of
|
||||
* |data|. */
|
||||
OPENSSL_EXPORT void CBS_init(CBS *cbs, const uint8_t *data, size_t len);
|
||||
|
||||
/* CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int CBS_skip(CBS *cbs, size_t len);
|
||||
|
||||
/* CBS_data returns a pointer to the contents of |cbs|. */
|
||||
OPENSSL_EXPORT const uint8_t *CBS_data(const CBS *cbs);
|
||||
|
||||
/* CBS_len returns the number of bytes remaining in |cbs|. */
|
||||
OPENSSL_EXPORT size_t CBS_len(const CBS *cbs);
|
||||
|
||||
/* CBS_stow copies the current contents of |cbs| into |*out_ptr| and
|
||||
* |*out_len|. If |*out_ptr| is not NULL, the contents are freed with
|
||||
* OPENSSL_free. It returns one on success and zero on allocation failure. On
|
||||
* success, |*out_ptr| should be freed with OPENSSL_free. If |cbs| is empty,
|
||||
* |*out_ptr| will be NULL. */
|
||||
OPENSSL_EXPORT int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len);
|
||||
|
||||
/* CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a
|
||||
* NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed
|
||||
* with OPENSSL_free. It returns one on success and zero on allocation
|
||||
* failure. On success, |*out_ptr| should be freed with OPENSSL_free.
|
||||
*
|
||||
* NOTE: If |cbs| contains NUL bytes, the string will be truncated. Call
|
||||
* |CBS_contains_zero_byte(cbs)| to check for NUL bytes. */
|
||||
OPENSSL_EXPORT int CBS_strdup(const CBS *cbs, char **out_ptr);
|
||||
|
||||
/* CBS_contains_zero_byte returns one if the current contents of |cbs| contains
|
||||
* a NUL byte and zero otherwise. */
|
||||
OPENSSL_EXPORT int CBS_contains_zero_byte(const CBS *cbs);
|
||||
|
||||
/* CBS_mem_equal compares the current contents of |cbs| with the |len| bytes
|
||||
* starting at |data|. If they're equal, it returns one, otherwise zero. If the
|
||||
* lengths match, it uses a constant-time comparison. */
|
||||
OPENSSL_EXPORT int CBS_mem_equal(const CBS *cbs, const uint8_t *data,
|
||||
size_t len);
|
||||
|
||||
/* CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It
|
||||
* returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int CBS_get_u8(CBS *cbs, uint8_t *out);
|
||||
|
||||
/* CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and
|
||||
* advances |cbs|. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int CBS_get_u16(CBS *cbs, uint16_t *out);
|
||||
|
||||
/* CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and
|
||||
* advances |cbs|. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int CBS_get_u24(CBS *cbs, uint32_t *out);
|
||||
|
||||
/* CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|
|
||||
* and advances |cbs|. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int CBS_get_u32(CBS *cbs, uint32_t *out);
|
||||
|
||||
/* CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances
|
||||
* |cbs|. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int CBS_get_bytes(CBS *cbs, CBS *out, size_t len);
|
||||
|
||||
/* CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit,
|
||||
* length-prefixed value from |cbs| and advances |cbs| over it. It returns one
|
||||
* on success and zero on error. */
|
||||
OPENSSL_EXPORT int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out);
|
||||
|
||||
/* CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit,
|
||||
* big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
|
||||
* returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out);
|
||||
|
||||
/* CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit,
|
||||
* big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
|
||||
* returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out);
|
||||
|
||||
|
||||
/* Parsing ASN.1 */
|
||||
|
||||
#define CBS_ASN1_BOOLEAN 0x1
|
||||
#define CBS_ASN1_INTEGER 0x2
|
||||
#define CBS_ASN1_BITSTRING 0x3
|
||||
#define CBS_ASN1_OCTETSTRING 0x4
|
||||
#define CBS_ASN1_OBJECT 0x6
|
||||
#define CBS_ASN1_ENUMERATED 0xa
|
||||
#define CBS_ASN1_SEQUENCE (0x10 | CBS_ASN1_CONSTRUCTED)
|
||||
#define CBS_ASN1_SET (0x11 | CBS_ASN1_CONSTRUCTED)
|
||||
|
||||
#define CBS_ASN1_CONSTRUCTED 0x20
|
||||
#define CBS_ASN1_CONTEXT_SPECIFIC 0x80
|
||||
|
||||
/* CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not
|
||||
* including tag and length bytes) and advances |cbs| over it. The ASN.1
|
||||
* element must match |tag_value|. It returns one on success and zero
|
||||
* on error.
|
||||
*
|
||||
* Tag numbers greater than 30 are not supported (i.e. short form only). */
|
||||
OPENSSL_EXPORT int CBS_get_asn1(CBS *cbs, CBS *out, unsigned tag_value);
|
||||
|
||||
/* CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the
|
||||
* ASN.1 header bytes too. */
|
||||
OPENSSL_EXPORT int CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned tag_value);
|
||||
|
||||
/* CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one
|
||||
* if the next ASN.1 element on |cbs| would have tag |tag_value|. If
|
||||
* |cbs| is empty or the tag does not match, it returns zero. Note: if
|
||||
* it returns one, CBS_get_asn1 may still fail if the rest of the
|
||||
* element is malformed. */
|
||||
OPENSSL_EXPORT int CBS_peek_asn1_tag(const CBS *cbs, unsigned tag_value);
|
||||
|
||||
/* CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
|
||||
* |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
|
||||
* the tag number and |*out_header_len| to the length of the ASN.1 header. Each
|
||||
* of |out|, |out_tag|, and |out_header_len| may be NULL to ignore the value.
|
||||
*
|
||||
* Tag numbers greater than 30 are not supported (i.e. short form only). */
|
||||
OPENSSL_EXPORT int CBS_get_any_asn1_element(CBS *cbs, CBS *out,
|
||||
unsigned *out_tag,
|
||||
size_t *out_header_len);
|
||||
|
||||
/* CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1|
|
||||
* and sets |*out| to its value. It returns one on success and zero on error,
|
||||
* where error includes the integer being negative, or too large to represent
|
||||
* in 64 bits. */
|
||||
OPENSSL_EXPORT int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out);
|
||||
|
||||
/* CBS_get_optional_asn1 gets an optional explicitly-tagged element
|
||||
* from |cbs| tagged with |tag| and sets |*out| to its contents. If
|
||||
* present, it sets |*out_present| to one, otherwise zero. It returns
|
||||
* one on success, whether or not the element was present, and zero on
|
||||
* decode failure. */
|
||||
OPENSSL_EXPORT int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
|
||||
unsigned tag);
|
||||
|
||||
/* CBS_get_optional_asn1_octet_string gets an optional
|
||||
* explicitly-tagged OCTET STRING from |cbs|. If present, it sets
|
||||
* |*out| to the string and |*out_present| to one. Otherwise, it sets
|
||||
* |*out| to empty and |*out_present| to zero. |out_present| may be
|
||||
* NULL. It returns one on success, whether or not the element was
|
||||
* present, and zero on decode failure. */
|
||||
OPENSSL_EXPORT int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out,
|
||||
int *out_present,
|
||||
unsigned tag);
|
||||
|
||||
/* CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged
|
||||
* INTEGER from |cbs|. If present, it sets |*out| to the
|
||||
* value. Otherwise, it sets |*out| to |default_value|. It returns one
|
||||
* on success, whether or not the element was present, and zero on
|
||||
* decode failure. */
|
||||
OPENSSL_EXPORT int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out,
|
||||
unsigned tag,
|
||||
uint64_t default_value);
|
||||
|
||||
/* CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from
|
||||
* |cbs|. If present, it sets |*out| to either zero or one, based on the
|
||||
* boolean. Otherwise, it sets |*out| to |default_value|. It returns one on
|
||||
* success, whether or not the element was present, and zero on decode
|
||||
* failure. */
|
||||
OPENSSL_EXPORT int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned tag,
|
||||
int default_value);
|
||||
|
||||
|
||||
/* CRYPTO ByteBuilder.
|
||||
*
|
||||
* |CBB| objects allow one to build length-prefixed serialisations. A |CBB|
|
||||
* object is associated with a buffer and new buffers are created with
|
||||
* |CBB_init|. Several |CBB| objects can point at the same buffer when a
|
||||
* length-prefix is pending, however only a single |CBB| can be 'current' at
|
||||
* any one time. For example, if one calls |CBB_add_u8_length_prefixed| then
|
||||
* the new |CBB| points at the same buffer as the original. But if the original
|
||||
* |CBB| is used then the length prefix is written out and the new |CBB| must
|
||||
* not be used again.
|
||||
*
|
||||
* If one needs to force a length prefix to be written out because a |CBB| is
|
||||
* going out of scope, use |CBB_flush|. */
|
||||
|
||||
struct cbb_buffer_st {
|
||||
uint8_t *buf;
|
||||
size_t len; /* The number of valid bytes. */
|
||||
size_t cap; /* The size of buf. */
|
||||
char can_resize; /* One iff |buf| is owned by this object. If not then |buf|
|
||||
cannot be resized. */
|
||||
};
|
||||
|
||||
struct cbb_st {
|
||||
struct cbb_buffer_st *base;
|
||||
/* offset is the offset from the start of |base->buf| to the position of any
|
||||
* pending length-prefix. */
|
||||
size_t offset;
|
||||
/* child points to a child CBB if a length-prefix is pending. */
|
||||
struct cbb_st *child;
|
||||
/* pending_len_len contains the number of bytes in a pending length-prefix,
|
||||
* or zero if no length-prefix is pending. */
|
||||
uint8_t pending_len_len;
|
||||
char pending_is_asn1;
|
||||
/* is_top_level is true iff this is a top-level |CBB| (as opposed to a child
|
||||
* |CBB|). Top-level objects are valid arguments for |CBB_finish|. */
|
||||
char is_top_level;
|
||||
};
|
||||
|
||||
/* CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as
|
||||
* needed, the |initial_capacity| is just a hint. It returns one on success or
|
||||
* zero on error. */
|
||||
OPENSSL_EXPORT int CBB_init(CBB *cbb, size_t initial_capacity);
|
||||
|
||||
/* CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since
|
||||
* |buf| cannot grow, trying to write more than |len| bytes will cause CBB
|
||||
* functions to fail. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len);
|
||||
|
||||
/* CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects
|
||||
* writing to the same buffer. This should be used in an error case where a
|
||||
* serialisation is abandoned. */
|
||||
OPENSSL_EXPORT void CBB_cleanup(CBB *cbb);
|
||||
|
||||
/* CBB_finish completes any pending length prefix and sets |*out_data| to a
|
||||
* malloced buffer and |*out_len| to the length of that buffer. The caller
|
||||
* takes ownership of the buffer and, unless the buffer was fixed with
|
||||
* |CBB_init_fixed|, must call |OPENSSL_free| when done.
|
||||
*
|
||||
* It can only be called on a "top level" |CBB|, i.e. one initialised with
|
||||
* |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on
|
||||
* error. */
|
||||
OPENSSL_EXPORT int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len);
|
||||
|
||||
/* CBB_flush causes any pending length prefixes to be written out and any child
|
||||
* |CBB| objects of |cbb| to be invalidated. It returns one on success or zero
|
||||
* on error. */
|
||||
OPENSSL_EXPORT int CBB_flush(CBB *cbb);
|
||||
|
||||
/* CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
|
||||
* data written to |*out_contents| will be prefixed in |cbb| with an 8-bit
|
||||
* length. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents);
|
||||
|
||||
/* CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|.
|
||||
* The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit,
|
||||
* big-endian length. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents);
|
||||
|
||||
/* CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|.
|
||||
* The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit,
|
||||
* big-endian length. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents);
|
||||
|
||||
/* CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an
|
||||
* ASN.1 object can be written. The |tag| argument will be used as the tag for
|
||||
* the object. Passing in |tag| number 31 will return in an error since only
|
||||
* single octet identifiers are supported. It returns one on success or zero
|
||||
* on error. */
|
||||
OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, uint8_t tag);
|
||||
|
||||
/* CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on
|
||||
* success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len);
|
||||
|
||||
/* CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to
|
||||
* the beginning of that space. The caller must then write |len| bytes of
|
||||
* actual contents to |*out_data|. It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len);
|
||||
|
||||
/* CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on
|
||||
* success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CBB_add_u8(CBB *cbb, uint8_t value);
|
||||
|
||||
/* CBB_add_u8 appends a 16-bit, big-endian number from |value| to |cbb|. It
|
||||
* returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CBB_add_u16(CBB *cbb, uint16_t value);
|
||||
|
||||
/* CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It
|
||||
* returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CBB_add_u24(CBB *cbb, uint32_t value);
|
||||
|
||||
/* CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1|
|
||||
* and writes |value| in its contents. It returns one on success and zero on
|
||||
* error. */
|
||||
OPENSSL_EXPORT int CBB_add_asn1_uint64(CBB *cbb, uint64_t value);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_BYTESTRING_H */
|
|
@ -0,0 +1,96 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_CAST_H
|
||||
#define OPENSSL_HEADER_CAST_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#define CAST_ENCRYPT 1
|
||||
#define CAST_DECRYPT 0
|
||||
|
||||
#define CAST_BLOCK 8
|
||||
#define CAST_KEY_LENGTH 16
|
||||
|
||||
typedef struct cast_key_st {
|
||||
uint32_t data[32];
|
||||
int short_key; /* Use reduced rounds for short key */
|
||||
} CAST_KEY;
|
||||
|
||||
OPENSSL_EXPORT void CAST_set_key(CAST_KEY *key, size_t len,
|
||||
const uint8_t *data);
|
||||
OPENSSL_EXPORT void CAST_ecb_encrypt(const uint8_t *in, uint8_t *out,
|
||||
const CAST_KEY *key, int enc);
|
||||
OPENSSL_EXPORT void CAST_encrypt(uint32_t *data, const CAST_KEY *key);
|
||||
OPENSSL_EXPORT void CAST_decrypt(uint32_t *data, const CAST_KEY *key);
|
||||
OPENSSL_EXPORT void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out,
|
||||
long length, const CAST_KEY *ks,
|
||||
uint8_t *iv, int enc);
|
||||
|
||||
OPENSSL_EXPORT void CAST_cfb64_encrypt(const uint8_t *in, uint8_t *out,
|
||||
long length, const CAST_KEY *schedule,
|
||||
uint8_t *ivec, int *num, int enc);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_CAST_H */
|
|
@ -0,0 +1,37 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_CHACHA_H
|
||||
#define OPENSSL_HEADER_CHACHA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* CRYPTO_chacha_20 encrypts |in_len| bytes from |in| with the given key and
|
||||
* nonce and writes the result to |out|, which may be equal to |in|. The
|
||||
* initial block counter is specified by |counter|. */
|
||||
void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in,
|
||||
size_t in_len, const uint8_t key[32],
|
||||
const uint8_t nonce[8], size_t counter);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_CHACHA_H */
|
|
@ -0,0 +1,598 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_CIPHER_H
|
||||
#define OPENSSL_HEADER_CIPHER_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Ciphers. */
|
||||
|
||||
|
||||
/* Cipher primitives.
|
||||
*
|
||||
* The following functions return |EVP_CIPHER| objects that implement the named
|
||||
* cipher algorithm. */
|
||||
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_rc4(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_cbc(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ecb(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_cbc(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ecb(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cbc(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ctr(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ofb(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ecb(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ctr(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ofb(void);
|
||||
|
||||
/* Deprecated AES-GCM implementations that set |EVP_CIPH_FLAG_CUSTOM_CIPHER|.
|
||||
* Use |EVP_aead_aes_128_gcm| and |EVP_aead_aes_256_gcm| instead. */
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_gcm(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_gcm(void);
|
||||
|
||||
/* Deprecated 192-bit version of AES. */
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ctr(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_gcm(void);
|
||||
|
||||
/* EVP_enc_null returns a 'cipher' that passes plaintext through as
|
||||
* ciphertext. */
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_enc_null(void);
|
||||
|
||||
/* EVP_rc2_40_cbc returns a cipher that implements 40-bit RC2 in CBC mode. This
|
||||
* is obviously very, very weak and is included only in order to read PKCS#12
|
||||
* files, which often encrypt the certificate chain using this cipher. It is
|
||||
* deliberately not exported. */
|
||||
const EVP_CIPHER *EVP_rc2_40_cbc(void);
|
||||
|
||||
/* EVP_get_cipherbynid returns the cipher corresponding to the given NID, or
|
||||
* NULL if no such cipher is known. */
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbynid(int nid);
|
||||
|
||||
|
||||
/* Cipher context allocation.
|
||||
*
|
||||
* An |EVP_CIPHER_CTX| represents the state of an encryption or decryption in
|
||||
* progress. */
|
||||
|
||||
/* EVP_CIPHER_CTX_init initialises an, already allocated, |EVP_CIPHER_CTX|. */
|
||||
OPENSSL_EXPORT void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx);
|
||||
|
||||
/* EVP_CIPHER_CTX_new allocates a fresh |EVP_CIPHER_CTX|, calls
|
||||
* |EVP_CIPHER_CTX_init| and returns it, or NULL on allocation failure. */
|
||||
OPENSSL_EXPORT EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
|
||||
|
||||
/* EVP_CIPHER_CTX_cleanup frees any memory referenced by |ctx|. It returns
|
||||
* one. */
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx);
|
||||
|
||||
/* EVP_CIPHER_CTX_free calls |EVP_CIPHER_CTX_cleanup| on |ctx| and then frees
|
||||
* |ctx| itself. */
|
||||
OPENSSL_EXPORT void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
|
||||
|
||||
/* EVP_CIPHER_CTX_copy sets |out| to be a duplicate of the current state of
|
||||
* |in|. The |out| argument must have been previously initialised. */
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out,
|
||||
const EVP_CIPHER_CTX *in);
|
||||
|
||||
|
||||
/* Cipher context configuration. */
|
||||
|
||||
/* EVP_CipherInit_ex configures |ctx| for a fresh encryption (or decryption, if
|
||||
* |enc| is zero) operation using |cipher|. If |ctx| has been previously
|
||||
* configured with a cipher then |cipher|, |key| and |iv| may be |NULL| and
|
||||
* |enc| may be -1 to reuse the previous values. The operation will use |key|
|
||||
* as the key and |iv| as the IV (if any). These should have the correct
|
||||
* lengths given by |EVP_CIPHER_key_length| and |EVP_CIPHER_iv_length|. It
|
||||
* returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
|
||||
const EVP_CIPHER *cipher, ENGINE *engine,
|
||||
const uint8_t *key, const uint8_t *iv,
|
||||
int enc);
|
||||
|
||||
/* EVP_EncryptInit_ex calls |EVP_CipherInit_ex| with |enc| equal to one. */
|
||||
OPENSSL_EXPORT int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
|
||||
const EVP_CIPHER *cipher, ENGINE *impl,
|
||||
const uint8_t *key, const uint8_t *iv);
|
||||
|
||||
/* EVP_DecryptInit_ex calls |EVP_CipherInit_ex| with |enc| equal to zero. */
|
||||
OPENSSL_EXPORT int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
|
||||
const EVP_CIPHER *cipher, ENGINE *impl,
|
||||
const uint8_t *key, const uint8_t *iv);
|
||||
|
||||
|
||||
/* Cipher operations. */
|
||||
|
||||
/* EVP_EncryptUpdate encrypts |in_len| bytes from |in| to |out|. The number
|
||||
* of output bytes may be up to |in_len| plus the block length minus one and
|
||||
* |out| must have sufficient space. The number of bytes actually output is
|
||||
* written to |*out_len|. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len, const uint8_t *in,
|
||||
int in_len);
|
||||
|
||||
/* EVP_EncryptFinal_ex writes at most a block of ciphertext to |out| and sets
|
||||
* |*out_len| to the number of bytes written. If padding is enabled (the
|
||||
* default) then standard padding is applied to create the final block. If
|
||||
* padding is disabled (with |EVP_CIPHER_CTX_set_padding|) then any partial
|
||||
* block remaining will cause an error. The function returns one on success and
|
||||
* zero otherwise. */
|
||||
OPENSSL_EXPORT int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
/* EVP_DecryptUpdate decrypts |in_len| bytes from |in| to |out|. The number of
|
||||
* output bytes may be up to |in_len| plus the block length minus one and |out|
|
||||
* must have sufficient space. The number of bytes actually output is written
|
||||
* to |*out_len|. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len, const uint8_t *in,
|
||||
int in_len);
|
||||
|
||||
/* EVP_DecryptFinal_ex writes at most a block of ciphertext to |out| and sets
|
||||
* |*out_len| to the number of bytes written. If padding is enabled (the
|
||||
* default) then padding is removed from the final block.
|
||||
*
|
||||
* WARNING: it is unsafe to call this function with unauthenticted
|
||||
* ciphertext if padding is enabled. */
|
||||
OPENSSL_EXPORT int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
int *out_len);
|
||||
|
||||
/* EVP_Cipher performs a one-shot encryption/decryption operation. No partial
|
||||
* blocks are maintained between calls. However, any internal cipher state is
|
||||
* still updated. For CBC-mode ciphers, the IV is updated to the final
|
||||
* ciphertext block. For stream ciphers, the stream is advanced past the bytes
|
||||
* used. It returns one on success and zero otherwise, unless |EVP_CIPHER_flags|
|
||||
* has |EVP_CIPH_FLAG_CUSTOM_CIPHER| set. Then it returns the number of bytes
|
||||
* written or -1 on error.
|
||||
*
|
||||
* WARNING: this differs from the usual return value convention when using
|
||||
* |EVP_CIPH_FLAG_CUSTOM_CIPHER|.
|
||||
*
|
||||
* TODO(davidben): The normal ciphers currently never fail, even if, e.g.,
|
||||
* |in_len| is not a multiple of the block size for CBC-mode decryption. The
|
||||
* input just gets rounded up while the output gets truncated. This should
|
||||
* either be officially documented or fail. */
|
||||
OPENSSL_EXPORT int EVP_Cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
const uint8_t *in, size_t in_len);
|
||||
|
||||
/* EVP_CipherUpdate calls either |EVP_EncryptUpdate| or |EVP_DecryptUpdate|
|
||||
* depending on how |ctx| has been setup. */
|
||||
OPENSSL_EXPORT int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len, const uint8_t *in,
|
||||
int in_len);
|
||||
|
||||
/* EVP_CipherFinal_ex calls either |EVP_EncryptFinal_ex| or
|
||||
* |EVP_DecryptFinal_ex| depending on how |ctx| has been setup. */
|
||||
OPENSSL_EXPORT int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
|
||||
/* Cipher context accessors. */
|
||||
|
||||
/* EVP_CIPHER_CTX_cipher returns the |EVP_CIPHER| underlying |ctx|, or NULL if
|
||||
* none has been set. */
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_CIPHER_CTX_cipher(
|
||||
const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
/* EVP_CIPHER_CTX_nid returns a NID identifying the |EVP_CIPHER| underlying
|
||||
* |ctx| (e.g. |NID_aes_128_gcm|). It will crash if no cipher has been
|
||||
* configured. */
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
/* EVP_CIPHER_CTX_block_size returns the block size, in bytes, of the cipher
|
||||
* underlying |ctx|, or one if the cipher is a stream cipher. It will crash if
|
||||
* no cipher has been configured. */
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
/* EVP_CIPHER_CTX_key_length returns the key size, in bytes, of the cipher
|
||||
* underlying |ctx| or zero if no cipher has been configured. */
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
/* EVP_CIPHER_CTX_iv_length returns the IV size, in bytes, of the cipher
|
||||
* underlying |ctx|. It will crash if no cipher has been configured. */
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
/* EVP_CIPHER_CTX_get_app_data returns the opaque, application data pointer for
|
||||
* |ctx|, or NULL if none has been set. */
|
||||
OPENSSL_EXPORT void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
/* EVP_CIPHER_CTX_set_app_data sets the opaque, application data pointer for
|
||||
* |ctx| to |data|. */
|
||||
OPENSSL_EXPORT void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx,
|
||||
void *data);
|
||||
|
||||
/* EVP_CIPHER_CTX_flags returns a value which is the OR of zero or more
|
||||
* |EVP_CIPH_*| flags. It will crash if no cipher has been configured. */
|
||||
OPENSSL_EXPORT uint32_t EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
/* EVP_CIPHER_CTX_mode returns one of the |EVP_CIPH_*| cipher mode values
|
||||
* enumerated below. It will crash if no cipher has been configured. */
|
||||
OPENSSL_EXPORT uint32_t EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
/* EVP_CIPHER_CTX_ctrl is an |ioctl| like function. The |command| argument
|
||||
* should be one of the |EVP_CTRL_*| values. The |arg| and |ptr| arguments are
|
||||
* specific to the command in question. */
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int command,
|
||||
int arg, void *ptr);
|
||||
|
||||
/* EVP_CIPHER_CTX_set_padding sets whether padding is enabled for |ctx| and
|
||||
* returns one. Pass a non-zero |pad| to enable padding (the default) or zero
|
||||
* to disable. */
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad);
|
||||
|
||||
/* EVP_CIPHER_CTX_set_key_length sets the key length for |ctx|. This is only
|
||||
* valid for ciphers that can take a variable length key. It returns one on
|
||||
* success and zero on error. */
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *ctx, unsigned key_len);
|
||||
|
||||
|
||||
/* Cipher accessors. */
|
||||
|
||||
/* EVP_CIPHER_nid returns a NID identifing |cipher|. (For example,
|
||||
* |NID_aes_128_gcm|.) */
|
||||
OPENSSL_EXPORT int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
|
||||
|
||||
/* EVP_CIPHER_block_size returns the block size, in bytes, for |cipher|, or one
|
||||
* if |cipher| is a stream cipher. */
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
|
||||
|
||||
/* EVP_CIPHER_key_length returns the key size, in bytes, for |cipher|. If
|
||||
* |cipher| can take a variable key length then this function returns the
|
||||
* default key length and |EVP_CIPHER_flags| will return a value with
|
||||
* |EVP_CIPH_VARIABLE_LENGTH| set. */
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
|
||||
|
||||
/* EVP_CIPHER_iv_length returns the IV size, in bytes, of |cipher|, or zero if
|
||||
* |cipher| doesn't take an IV. */
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
|
||||
|
||||
/* EVP_CIPHER_flags returns a value which is the OR of zero or more
|
||||
* |EVP_CIPH_*| flags. */
|
||||
OPENSSL_EXPORT uint32_t EVP_CIPHER_flags(const EVP_CIPHER *cipher);
|
||||
|
||||
/* EVP_CIPHER_mode returns one of the cipher mode values enumerated below. */
|
||||
OPENSSL_EXPORT uint32_t EVP_CIPHER_mode(const EVP_CIPHER *cipher);
|
||||
|
||||
|
||||
/* Key derivation. */
|
||||
|
||||
/* EVP_BytesToKey generates a key and IV for the cipher |type| by iterating
|
||||
* |md| |count| times using |data| and |salt|. On entry, the |key| and |iv|
|
||||
* buffers must have enough space to hold a key and IV for |type|. It returns
|
||||
* the length of the key on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
|
||||
const uint8_t *salt, const uint8_t *data,
|
||||
size_t data_len, unsigned count, uint8_t *key,
|
||||
uint8_t *iv);
|
||||
|
||||
|
||||
/* Cipher modes (for |EVP_CIPHER_mode|). */
|
||||
|
||||
#define EVP_CIPH_STREAM_CIPHER 0x0
|
||||
#define EVP_CIPH_ECB_MODE 0x1
|
||||
#define EVP_CIPH_CBC_MODE 0x2
|
||||
#define EVP_CIPH_CFB_MODE 0x3
|
||||
#define EVP_CIPH_OFB_MODE 0x4
|
||||
#define EVP_CIPH_CTR_MODE 0x5
|
||||
#define EVP_CIPH_GCM_MODE 0x6
|
||||
|
||||
|
||||
/* Cipher flags (for |EVP_CIPHER_flags|). */
|
||||
|
||||
/* EVP_CIPH_VARIABLE_LENGTH indicates that the cipher takes a variable length
|
||||
* key. */
|
||||
#define EVP_CIPH_VARIABLE_LENGTH 0x40
|
||||
|
||||
/* EVP_CIPH_ALWAYS_CALL_INIT indicates that the |init| function for the cipher
|
||||
* should always be called when initialising a new operation, even if the key
|
||||
* is NULL to indicate that the same key is being used. */
|
||||
#define EVP_CIPH_ALWAYS_CALL_INIT 0x80
|
||||
|
||||
/* EVP_CIPH_CUSTOM_IV indicates that the cipher manages the IV itself rather
|
||||
* than keeping it in the |iv| member of |EVP_CIPHER_CTX|. */
|
||||
#define EVP_CIPH_CUSTOM_IV 0x100
|
||||
|
||||
/* EVP_CIPH_CTRL_INIT indicates that EVP_CTRL_INIT should be used when
|
||||
* initialising an |EVP_CIPHER_CTX|. */
|
||||
#define EVP_CIPH_CTRL_INIT 0x200
|
||||
|
||||
/* EVP_CIPH_FLAG_CUSTOM_CIPHER indicates that the cipher manages blocking
|
||||
* itself. This causes EVP_(En|De)crypt_ex to be simple wrapper functions. */
|
||||
#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x400
|
||||
|
||||
/* EVP_CIPH_FLAG_AEAD_CIPHER specifies that the cipher is an AEAD. This is an
|
||||
* older version of the proper AEAD interface. See aead.h for the current
|
||||
* one. */
|
||||
#define EVP_CIPH_FLAG_AEAD_CIPHER 0x800
|
||||
|
||||
/* EVP_CIPH_CUSTOM_COPY indicates that the |ctrl| callback should be called
|
||||
* with |EVP_CTRL_COPY| at the end of normal |EVP_CIPHER_CTX_copy|
|
||||
* processing. */
|
||||
#define EVP_CIPH_CUSTOM_COPY 0x1000
|
||||
|
||||
|
||||
/* Deprecated functions */
|
||||
|
||||
/* EVP_CipherInit acts like EVP_CipherInit_ex except that |EVP_CIPHER_CTX_init|
|
||||
* is called on |cipher| first, if |cipher| is not NULL. */
|
||||
OPENSSL_EXPORT int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
||||
const uint8_t *key, const uint8_t *iv,
|
||||
int enc);
|
||||
|
||||
/* EVP_EncryptInit calls |EVP_CipherInit| with |enc| equal to one. */
|
||||
OPENSSL_EXPORT int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,
|
||||
const EVP_CIPHER *cipher, const uint8_t *key,
|
||||
const uint8_t *iv);
|
||||
|
||||
/* EVP_DecryptInit calls |EVP_CipherInit| with |enc| equal to zero. */
|
||||
OPENSSL_EXPORT int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,
|
||||
const EVP_CIPHER *cipher, const uint8_t *key,
|
||||
const uint8_t *iv);
|
||||
|
||||
/* EVP_add_cipher_alias does nothing and returns one. */
|
||||
OPENSSL_EXPORT int EVP_add_cipher_alias(const char *a, const char *b);
|
||||
|
||||
/* EVP_get_cipherbyname returns an |EVP_CIPHER| given a human readable name in
|
||||
* |name|, or NULL if the name is unknown. */
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
|
||||
|
||||
|
||||
/* Private functions. */
|
||||
|
||||
/* EVP_CIPH_NO_PADDING disables padding in block ciphers. */
|
||||
#define EVP_CIPH_NO_PADDING 0x800
|
||||
|
||||
/* EVP_CIPHER_CTX_ctrl commands. */
|
||||
#define EVP_CTRL_INIT 0x0
|
||||
#define EVP_CTRL_SET_KEY_LENGTH 0x1
|
||||
#define EVP_CTRL_GET_RC2_KEY_BITS 0x2
|
||||
#define EVP_CTRL_SET_RC2_KEY_BITS 0x3
|
||||
#define EVP_CTRL_GET_RC5_ROUNDS 0x4
|
||||
#define EVP_CTRL_SET_RC5_ROUNDS 0x5
|
||||
#define EVP_CTRL_RAND_KEY 0x6
|
||||
#define EVP_CTRL_PBE_PRF_NID 0x7
|
||||
#define EVP_CTRL_COPY 0x8
|
||||
#define EVP_CTRL_GCM_SET_IVLEN 0x9
|
||||
#define EVP_CTRL_GCM_GET_TAG 0x10
|
||||
#define EVP_CTRL_GCM_SET_TAG 0x11
|
||||
#define EVP_CTRL_GCM_SET_IV_FIXED 0x12
|
||||
#define EVP_CTRL_GCM_IV_GEN 0x13
|
||||
#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
|
||||
/* Set the GCM invocation field, decrypt only */
|
||||
#define EVP_CTRL_GCM_SET_IV_INV 0x18
|
||||
|
||||
/* GCM TLS constants */
|
||||
/* Length of fixed part of IV derived from PRF */
|
||||
#define EVP_GCM_TLS_FIXED_IV_LEN 4
|
||||
/* Length of explicit part of IV part of TLS records */
|
||||
#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8
|
||||
/* Length of tag for TLS */
|
||||
#define EVP_GCM_TLS_TAG_LEN 16
|
||||
|
||||
#define EVP_MAX_KEY_LENGTH 64
|
||||
#define EVP_MAX_IV_LENGTH 16
|
||||
#define EVP_MAX_BLOCK_LENGTH 32
|
||||
|
||||
struct evp_cipher_ctx_st {
|
||||
/* cipher contains the underlying cipher for this context. */
|
||||
const EVP_CIPHER *cipher;
|
||||
|
||||
/* app_data is a pointer to opaque, user data. */
|
||||
void *app_data; /* application stuff */
|
||||
|
||||
/* cipher_data points to the |cipher| specific state. */
|
||||
void *cipher_data;
|
||||
|
||||
/* key_len contains the length of the key, which may differ from
|
||||
* |cipher->key_len| if the cipher can take a variable key length. */
|
||||
unsigned key_len;
|
||||
|
||||
/* encrypt is one if encrypting and zero if decrypting. */
|
||||
int encrypt;
|
||||
|
||||
/* flags contains the OR of zero or more |EVP_CIPH_*| flags, above. */
|
||||
uint32_t flags;
|
||||
|
||||
/* oiv contains the original IV value. */
|
||||
uint8_t oiv[EVP_MAX_IV_LENGTH];
|
||||
|
||||
/* iv contains the current IV value, which may have been updated. */
|
||||
uint8_t iv[EVP_MAX_IV_LENGTH];
|
||||
|
||||
/* buf contains a partial block which is used by, for example, CTR mode to
|
||||
* store unused keystream bytes. */
|
||||
uint8_t buf[EVP_MAX_BLOCK_LENGTH];
|
||||
|
||||
/* buf_len contains the number of bytes of a partial block contained in
|
||||
* |buf|. */
|
||||
int buf_len;
|
||||
|
||||
/* num contains the number of bytes of |iv| which are valid for modes that
|
||||
* manage partial blocks themselves. */
|
||||
int num;
|
||||
|
||||
/* final_used is non-zero if the |final| buffer contains plaintext. */
|
||||
int final_used;
|
||||
|
||||
/* block_mask contains |cipher->block_size| minus one. (The block size
|
||||
* assumed to be a power of two.) */
|
||||
int block_mask;
|
||||
|
||||
uint8_t final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
|
||||
} /* EVP_CIPHER_CTX */;
|
||||
|
||||
typedef struct evp_cipher_info_st {
|
||||
const EVP_CIPHER *cipher;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH];
|
||||
} EVP_CIPHER_INFO;
|
||||
|
||||
struct evp_cipher_st {
|
||||
/* type contains a NID identifing the cipher. (e.g. NID_aes_128_gcm.) */
|
||||
int nid;
|
||||
|
||||
/* block_size contains the block size, in bytes, of the cipher, or 1 for a
|
||||
* stream cipher. */
|
||||
unsigned block_size;
|
||||
|
||||
/* key_len contains the key size, in bytes, for the cipher. If the cipher
|
||||
* takes a variable key size then this contains the default size. */
|
||||
unsigned key_len;
|
||||
|
||||
/* iv_len contains the IV size, in bytes, or zero if inapplicable. */
|
||||
unsigned iv_len;
|
||||
|
||||
/* ctx_size contains the size, in bytes, of the per-key context for this
|
||||
* cipher. */
|
||||
unsigned ctx_size;
|
||||
|
||||
/* flags contains the OR of a number of flags. See |EVP_CIPH_*|. */
|
||||
uint32_t flags;
|
||||
|
||||
/* app_data is a pointer to opaque, user data. */
|
||||
void *app_data;
|
||||
|
||||
int (*init)(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv,
|
||||
int enc);
|
||||
|
||||
int (*cipher)(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
|
||||
size_t inl);
|
||||
|
||||
/* cleanup, if non-NULL, releases memory associated with the context. It is
|
||||
* called if |EVP_CTRL_INIT| succeeds. Note that |init| may not have been
|
||||
* called at this point. */
|
||||
void (*cleanup)(EVP_CIPHER_CTX *);
|
||||
|
||||
int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define CIPHER_F_EVP_AEAD_CTX_init 100
|
||||
#define CIPHER_F_EVP_AEAD_CTX_open 101
|
||||
#define CIPHER_F_EVP_AEAD_CTX_seal 102
|
||||
#define CIPHER_F_EVP_CIPHER_CTX_copy 103
|
||||
#define CIPHER_F_EVP_CIPHER_CTX_ctrl 104
|
||||
#define CIPHER_F_EVP_CIPHER_CTX_set_key_length 105
|
||||
#define CIPHER_F_EVP_CipherInit_ex 106
|
||||
#define CIPHER_F_EVP_DecryptFinal_ex 107
|
||||
#define CIPHER_F_EVP_EncryptFinal_ex 108
|
||||
#define CIPHER_F_aead_aes_gcm_init 109
|
||||
#define CIPHER_F_aead_aes_gcm_open 110
|
||||
#define CIPHER_F_aead_aes_gcm_seal 111
|
||||
#define CIPHER_F_aead_aes_key_wrap_init 112
|
||||
#define CIPHER_F_aead_aes_key_wrap_open 113
|
||||
#define CIPHER_F_aead_aes_key_wrap_seal 114
|
||||
#define CIPHER_F_aead_chacha20_poly1305_init 115
|
||||
#define CIPHER_F_aead_chacha20_poly1305_open 116
|
||||
#define CIPHER_F_aead_chacha20_poly1305_seal 117
|
||||
#define CIPHER_F_aead_rc4_md5_tls_init 118
|
||||
#define CIPHER_F_aead_rc4_md5_tls_open 119
|
||||
#define CIPHER_F_aead_rc4_md5_tls_seal 120
|
||||
#define CIPHER_F_aead_ssl3_ensure_cipher_init 121
|
||||
#define CIPHER_F_aead_ssl3_init 122
|
||||
#define CIPHER_F_aead_ssl3_open 123
|
||||
#define CIPHER_F_aead_ssl3_seal 124
|
||||
#define CIPHER_F_aead_tls_ensure_cipher_init 125
|
||||
#define CIPHER_F_aead_tls_init 126
|
||||
#define CIPHER_F_aead_tls_open 127
|
||||
#define CIPHER_F_aead_tls_seal 128
|
||||
#define CIPHER_F_aes_init_key 129
|
||||
#define CIPHER_F_aesni_init_key 130
|
||||
#define CIPHER_F_EVP_AEAD_CTX_init_with_direction 131
|
||||
#define CIPHER_F_aead_aes_ctr_hmac_sha256_init 132
|
||||
#define CIPHER_F_aead_aes_ctr_hmac_sha256_open 133
|
||||
#define CIPHER_F_aead_aes_ctr_hmac_sha256_seal 134
|
||||
#define CIPHER_R_AES_KEY_SETUP_FAILED 100
|
||||
#define CIPHER_R_BAD_DECRYPT 101
|
||||
#define CIPHER_R_BAD_KEY_LENGTH 102
|
||||
#define CIPHER_R_BUFFER_TOO_SMALL 103
|
||||
#define CIPHER_R_CTRL_NOT_IMPLEMENTED 104
|
||||
#define CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED 105
|
||||
#define CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 106
|
||||
#define CIPHER_R_INITIALIZATION_ERROR 107
|
||||
#define CIPHER_R_INPUT_NOT_INITIALIZED 108
|
||||
#define CIPHER_R_INVALID_AD_SIZE 109
|
||||
#define CIPHER_R_INVALID_KEY_LENGTH 110
|
||||
#define CIPHER_R_INVALID_NONCE_SIZE 111
|
||||
#define CIPHER_R_INVALID_OPERATION 112
|
||||
#define CIPHER_R_IV_TOO_LARGE 113
|
||||
#define CIPHER_R_NO_CIPHER_SET 114
|
||||
#define CIPHER_R_OUTPUT_ALIASES_INPUT 115
|
||||
#define CIPHER_R_TAG_TOO_LARGE 116
|
||||
#define CIPHER_R_TOO_LARGE 117
|
||||
#define CIPHER_R_UNSUPPORTED_AD_SIZE 118
|
||||
#define CIPHER_R_UNSUPPORTED_INPUT_SIZE 119
|
||||
#define CIPHER_R_UNSUPPORTED_KEY_SIZE 120
|
||||
#define CIPHER_R_UNSUPPORTED_NONCE_SIZE 121
|
||||
#define CIPHER_R_UNSUPPORTED_TAG_SIZE 122
|
||||
#define CIPHER_R_WRONG_FINAL_BLOCK_LENGTH 123
|
||||
#define CIPHER_R_NO_DIRECTION_SET 124
|
||||
|
||||
#endif /* OPENSSL_HEADER_CIPHER_H */
|
|
@ -0,0 +1,76 @@
|
|||
/* Copyright (c) 2015, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_CMAC_H
|
||||
#define OPENSSL_HEADER_CMAC_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* CMAC.
|
||||
*
|
||||
* CMAC is a MAC based on AES-CBC and defined in
|
||||
* https://tools.ietf.org/html/rfc4493#section-2.3. */
|
||||
|
||||
|
||||
/* One-shot functions. */
|
||||
|
||||
/* AES_CMAC calculates the 16-byte, CMAC authenticator of |in_len| bytes of
|
||||
* |in| and writes it to |out|. The |key_len| may be 16 or 32 bytes to select
|
||||
* between AES-128 and AES-256. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int AES_CMAC(uint8_t out[16], const uint8_t *key, size_t key_len,
|
||||
const uint8_t *in, size_t in_len);
|
||||
|
||||
|
||||
/* Incremental interface. */
|
||||
|
||||
/* CMAC_CTX_new allocates a fresh |CMAC_CTX| and returns it, or NULL on
|
||||
* error. */
|
||||
OPENSSL_EXPORT CMAC_CTX *CMAC_CTX_new(void);
|
||||
|
||||
/* CMAC_CTX_free frees a |CMAC_CTX|. */
|
||||
OPENSSL_EXPORT void CMAC_CTX_free(CMAC_CTX *ctx);
|
||||
|
||||
/* CMAC_Init configures |ctx| to use the given |key| and |cipher|. The CMAC RFC
|
||||
* only specifies the use of AES-128 thus |key_len| should be 16 and |cipher|
|
||||
* should be |EVP_aes_128_cbc()|. However, this implementation also supports
|
||||
* AES-256 by setting |key_len| to 32 and |cipher| to |EVP_aes_256_cbc()|. The
|
||||
* |engine| argument is ignored.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t key_len,
|
||||
const EVP_CIPHER *cipher, ENGINE *engine);
|
||||
|
||||
|
||||
/* CMAC_Reset resets |ctx| so that a fresh message can be authenticated. */
|
||||
OPENSSL_EXPORT int CMAC_Reset(CMAC_CTX *ctx);
|
||||
|
||||
/* CMAC_Update processes |in_len| bytes of message from |in|. It returns one on
|
||||
* success or zero on error. */
|
||||
OPENSSL_EXPORT int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len);
|
||||
|
||||
/* CMAC_Final sets |*out_len| to 16 and, if |out| is not NULL, writes 16 bytes
|
||||
* of authenticator to it. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_CBC_H */
|
|
@ -0,0 +1,149 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_CONF_H
|
||||
#define OPENSSL_HEADER_CONF_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/stack.h>
|
||||
#include <openssl/lhash.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Config files look like:
|
||||
*
|
||||
* # Comment
|
||||
*
|
||||
* # This key is in the default section.
|
||||
* key=value
|
||||
*
|
||||
* [section_name]
|
||||
* key2=value2
|
||||
*
|
||||
* Config files are representated by a |CONF|. */
|
||||
|
||||
struct conf_value_st {
|
||||
char *section;
|
||||
char *name;
|
||||
char *value;
|
||||
};
|
||||
|
||||
struct conf_st {
|
||||
LHASH_OF(CONF_VALUE) *data;
|
||||
};
|
||||
|
||||
|
||||
/* NCONF_new returns a fresh, empty |CONF|, or NULL on error. The |method|
|
||||
* argument must be NULL. */
|
||||
CONF *NCONF_new(void *method);
|
||||
|
||||
/* NCONF_free frees all the data owned by |conf| and then |conf| itself. */
|
||||
void NCONF_free(CONF *conf);
|
||||
|
||||
/* NCONF_load parses the file named |filename| and adds the values found to
|
||||
* |conf|. It returns one on success and zero on error. In the event of an
|
||||
* error, if |out_error_line| is not NULL, |*out_error_line| is set to the
|
||||
* number of the line that contained the error. */
|
||||
int NCONF_load(CONF *conf, const char *filename, long *out_error_line);
|
||||
|
||||
/* NCONF_load_bio acts like |NCONF_load| but reads from |bio| rather than from
|
||||
* a named file. */
|
||||
int NCONF_load_bio(CONF *conf, BIO *bio, long *out_error_line);
|
||||
|
||||
/* NCONF_get_section returns a stack of values for a given section in |conf|.
|
||||
* If |section| is NULL, the default section is returned. It returns NULL on
|
||||
* error. */
|
||||
STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section);
|
||||
|
||||
/* NCONF_get_string returns the value of the key |name|, in section |section|.
|
||||
* The |section| argument may be NULL to indicate the default section. It
|
||||
* returns the value or NULL on error. */
|
||||
const char *NCONF_get_string(const CONF *conf, const char *section,
|
||||
const char *name);
|
||||
|
||||
|
||||
/* Utility functions */
|
||||
|
||||
/* CONF_parse_list takes a list separated by 'sep' and calls |list_cb| giving
|
||||
* the start and length of each member, optionally stripping leading and
|
||||
* trailing whitespace. This can be used to parse comma separated lists for
|
||||
* example. If |list_cb| returns <= 0, then the iteration is halted and that
|
||||
* value is returned immediately. Otherwise it returns one. Note that |list_cb|
|
||||
* may be called on an empty member. */
|
||||
int CONF_parse_list(const char *list, char sep, int remove_whitespace,
|
||||
int (*list_cb)(const char *elem, int len, void *usr),
|
||||
void *arg);
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define CONF_F_CONF_parse_list 100
|
||||
#define CONF_F_NCONF_load 101
|
||||
#define CONF_F_def_load_bio 102
|
||||
#define CONF_F_str_copy 103
|
||||
#define CONF_R_LIST_CANNOT_BE_NULL 100
|
||||
#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 101
|
||||
#define CONF_R_MISSING_EQUAL_SIGN 102
|
||||
#define CONF_R_NO_CLOSE_BRACE 103
|
||||
#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 104
|
||||
#define CONF_R_VARIABLE_HAS_NO_VALUE 105
|
||||
|
||||
#endif /* OPENSSL_HEADER_THREAD_H */
|
|
@ -0,0 +1,121 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com). */
|
||||
|
||||
#ifndef OPENSSL_HEADER_CPU_H
|
||||
#define OPENSSL_HEADER_CPU_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Runtime CPU feature support */
|
||||
|
||||
|
||||
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
|
||||
/* OPENSSL_ia32cap_P contains the Intel CPUID bits when running on an x86 or
|
||||
* x86-64 system.
|
||||
*
|
||||
* Index 0:
|
||||
* EDX for CPUID where EAX = 1
|
||||
* Bit 30 is used to indicate an Intel CPU
|
||||
* Index 1:
|
||||
* ECX for CPUID where EAX = 1
|
||||
* Index 2:
|
||||
* EBX for CPUID where EAX = 7
|
||||
*
|
||||
* Note: the CPUID bits are pre-adjusted for the OSXSAVE bit and the YMM and XMM
|
||||
* bits in XCR0, so it is not necessary to check those. */
|
||||
extern uint32_t OPENSSL_ia32cap_P[4];
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
|
||||
/* CRYPTO_is_NEON_capable returns true if the current CPU has a NEON unit. Note
|
||||
* that |OPENSSL_armcap_P| also exists and contains the same information in a
|
||||
* form that's easier for assembly to use. */
|
||||
OPENSSL_EXPORT char CRYPTO_is_NEON_capable(void);
|
||||
|
||||
/* CRYPTO_set_NEON_capable sets the return value of |CRYPTO_is_NEON_capable|.
|
||||
* By default, unless the code was compiled with |-mfpu=neon|, NEON is assumed
|
||||
* not to be present. It is not autodetected. Calling this with a zero
|
||||
* argument also causes |CRYPTO_is_NEON_functional| to return false. */
|
||||
OPENSSL_EXPORT void CRYPTO_set_NEON_capable(char neon_capable);
|
||||
|
||||
/* CRYPTO_is_NEON_functional returns true if the current CPU has a /working/
|
||||
* NEON unit. Some phones have a NEON unit, but the Poly1305 NEON code causes
|
||||
* it to fail. See https://code.google.com/p/chromium/issues/detail?id=341598 */
|
||||
OPENSSL_EXPORT char CRYPTO_is_NEON_functional(void);
|
||||
|
||||
/* CRYPTO_set_NEON_functional sets the "NEON functional" flag. For
|
||||
* |CRYPTO_is_NEON_functional| to return true, both this flag and the NEON flag
|
||||
* must be true. By default NEON is assumed to be functional if the code was
|
||||
* compiled with |-mfpu=neon| or if |CRYPTO_set_NEON_capable| has been called
|
||||
* with a non-zero argument. */
|
||||
OPENSSL_EXPORT void CRYPTO_set_NEON_functional(char neon_functional);
|
||||
#endif /* OPENSSL_ARM */
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_CPU_H */
|
|
@ -0,0 +1,63 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_CRYPTO_H
|
||||
#define OPENSSL_HEADER_CRYPTO_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
/* Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than
|
||||
* mem.h. */
|
||||
#include <openssl/mem.h>
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* crypto.h contains functions for initializing the crypto library. */
|
||||
|
||||
|
||||
/* CRYPTO_library_init initializes the crypto library. It must be called if the
|
||||
* library is built with BORINGSSL_NO_STATIC_INITIALIZER. Otherwise, it does
|
||||
* nothing and a static initializer is used instead. */
|
||||
OPENSSL_EXPORT void CRYPTO_library_init(void);
|
||||
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
#define OPENSSL_VERSION_TEXT "BoringSSL"
|
||||
|
||||
#define SSLEAY_VERSION 0
|
||||
|
||||
/* SSLeay_version is a compatibility function that returns the string
|
||||
* "BoringSSL". */
|
||||
OPENSSL_EXPORT const char *SSLeay_version(int unused);
|
||||
|
||||
/* SSLeay is a compatibility function that returns OPENSSL_VERSION_NUMBER from
|
||||
* base.h. */
|
||||
OPENSSL_EXPORT unsigned long SSLeay(void);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define CRYPTO_F_CRYPTO_get_ex_new_index 100
|
||||
#define CRYPTO_F_CRYPTO_set_ex_data 101
|
||||
#define CRYPTO_F_get_class 102
|
||||
#define CRYPTO_F_get_func_pointers 103
|
||||
|
||||
#endif /* OPENSSL_HEADER_CRYPTO_H */
|
|
@ -0,0 +1,149 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_DES_H
|
||||
#define OPENSSL_HEADER_DES_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* DES. */
|
||||
|
||||
|
||||
typedef struct DES_cblock_st {
|
||||
uint8_t bytes[8];
|
||||
} DES_cblock;
|
||||
|
||||
typedef struct DES_ks {
|
||||
union {
|
||||
DES_cblock cblock;
|
||||
/* make sure things are correct size on machines with
|
||||
* 8 byte longs */
|
||||
uint32_t deslong[2];
|
||||
} ks[16];
|
||||
} DES_key_schedule;
|
||||
|
||||
|
||||
#define DES_KEY_SZ (sizeof(DES_cblock))
|
||||
#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
|
||||
|
||||
#define DES_ENCRYPT 1
|
||||
#define DES_DECRYPT 0
|
||||
|
||||
#define DES_CBC_MODE 0
|
||||
#define DES_PCBC_MODE 1
|
||||
|
||||
/* DES_set_key performs a key schedule and initialises |schedule| with |key|. */
|
||||
OPENSSL_EXPORT void DES_set_key(const DES_cblock *key,
|
||||
DES_key_schedule *schedule);
|
||||
|
||||
/* DES_set_odd_parity sets the parity bits (the least-significant bits in each
|
||||
* byte) of |key| given the other bits in each byte. */
|
||||
OPENSSL_EXPORT void DES_set_odd_parity(DES_cblock *key);
|
||||
|
||||
/* DES_ecb_encrypt encrypts (or decrypts, if |is_encrypt| is |DES_DECRYPT|) a
|
||||
* single DES block (8 bytes) from in to out, using the key configured in
|
||||
* |schedule|. */
|
||||
OPENSSL_EXPORT void DES_ecb_encrypt(const DES_cblock *in, DES_cblock *out,
|
||||
const DES_key_schedule *schedule,
|
||||
int is_encrypt);
|
||||
|
||||
/* DES_ncbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
|
||||
* bytes from |in| to |out| with DES in CBC mode. */
|
||||
OPENSSL_EXPORT void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len,
|
||||
const DES_key_schedule *schedule,
|
||||
DES_cblock *ivec, int enc);
|
||||
|
||||
/* DES_ecb3_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) a single
|
||||
* block (8 bytes) of data from |input| to |output| using 3DES. */
|
||||
OPENSSL_EXPORT void DES_ecb3_encrypt(const DES_cblock *input,
|
||||
DES_cblock *output,
|
||||
const DES_key_schedule *ks1,
|
||||
const DES_key_schedule *ks2,
|
||||
const DES_key_schedule *ks3,
|
||||
int enc);
|
||||
|
||||
/* DES_ede3_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
|
||||
* bytes from |in| to |out| with 3DES in CBC mode. 3DES uses three keys, thus
|
||||
* the function takes three different |DES_key_schedule|s. */
|
||||
OPENSSL_EXPORT void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len,
|
||||
const DES_key_schedule *ks1,
|
||||
const DES_key_schedule *ks2,
|
||||
const DES_key_schedule *ks3,
|
||||
DES_cblock *ivec, int enc);
|
||||
|
||||
/* DES_ede2_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
|
||||
* bytes from |in| to |out| with 3DES in CBC mode. With this keying option, the
|
||||
* first and third 3DES keys are identical. Thus, this function takes only two
|
||||
* different |DES_key_schedule|s. */
|
||||
OPENSSL_EXPORT void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len,
|
||||
const DES_key_schedule *ks1,
|
||||
const DES_key_schedule *ks2,
|
||||
DES_cblock *ivec, int enc);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_DES_H */
|
|
@ -0,0 +1,274 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_DH_H
|
||||
#define OPENSSL_HEADER_DH_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/ex_data.h>
|
||||
#include <openssl/thread.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* DH contains functions for performing Diffie-Hellman key agreement in
|
||||
* multiplicative groups. */
|
||||
|
||||
|
||||
/* Allocation and destruction. */
|
||||
|
||||
/* DH_new returns a new, empty DH object or NULL on error. */
|
||||
OPENSSL_EXPORT DH *DH_new(void);
|
||||
|
||||
/* DH_new_method acts the same as |DH_new| but takes an explicit |ENGINE|. */
|
||||
OPENSSL_EXPORT DH *DH_new_method(const ENGINE *engine);
|
||||
|
||||
/* DH_free decrements the reference count of |dh| and frees it if the reference
|
||||
* count drops to zero. */
|
||||
OPENSSL_EXPORT void DH_free(DH *dh);
|
||||
|
||||
/* DH_up_ref increments the reference count of |dh|. */
|
||||
OPENSSL_EXPORT int DH_up_ref(DH *dh);
|
||||
|
||||
|
||||
/* Standard parameters.
|
||||
*
|
||||
* These functions return new DH objects with standard parameters configured
|
||||
* that use the given ENGINE, which may be NULL. They return NULL on allocation
|
||||
* failure. */
|
||||
|
||||
/* These parameters are taken from RFC 5114. */
|
||||
|
||||
OPENSSL_EXPORT DH *DH_get_1024_160(const ENGINE *engine);
|
||||
OPENSSL_EXPORT DH *DH_get_2048_224(const ENGINE *engine);
|
||||
OPENSSL_EXPORT DH *DH_get_2048_256(const ENGINE *engine);
|
||||
|
||||
|
||||
/* Parameter generation. */
|
||||
|
||||
#define DH_GENERATOR_2 2
|
||||
#define DH_GENERATOR_5 5
|
||||
|
||||
/* DH_generate_parameters_ex generates a suitable Diffie-Hellman group with a
|
||||
* prime that is |prime_bits| long and stores it in |dh|. The generator of the
|
||||
* group will be |generator|, which should be |DH_GENERATOR_2| unless there's a
|
||||
* good reason to use a different value. The |cb| argument contains a callback
|
||||
* function that will be called during the generation. See the documentation in
|
||||
* |bn.h| about this. In addition to the callback invocations from |BN|, |cb|
|
||||
* will also be called with |event| equal to three when the generation is
|
||||
* complete. */
|
||||
OPENSSL_EXPORT int DH_generate_parameters_ex(DH *dh, int prime_bits,
|
||||
int generator, BN_GENCB *cb);
|
||||
|
||||
|
||||
/* Diffie-Hellman operations. */
|
||||
|
||||
/* DH_generate_key generates a new, random, private key and stores it in
|
||||
* |dh|. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int DH_generate_key(DH *dh);
|
||||
|
||||
/* DH_compute_key calculates the shared key between |dh| and |peers_key| and
|
||||
* writes it as a big-endian integer into |out|, which must have |DH_size|
|
||||
* bytes of space. It returns the number of bytes written, or a negative number
|
||||
* on error. */
|
||||
OPENSSL_EXPORT int DH_compute_key(uint8_t *out, const BIGNUM *peers_key,
|
||||
DH *dh);
|
||||
|
||||
|
||||
/* Utility functions. */
|
||||
|
||||
/* DH_size returns the number of bytes in the DH group's prime. */
|
||||
OPENSSL_EXPORT int DH_size(const DH *dh);
|
||||
|
||||
/* DH_num_bits returns the minimum number of bits needed to represent the
|
||||
* absolute value of the DH group's prime. */
|
||||
OPENSSL_EXPORT unsigned DH_num_bits(const DH *dh);
|
||||
|
||||
#define DH_CHECK_P_NOT_PRIME 0x01
|
||||
#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
|
||||
#define DH_CHECK_UNABLE_TO_CHECK_GENERATOR 0x04
|
||||
#define DH_CHECK_NOT_SUITABLE_GENERATOR 0x08
|
||||
#define DH_CHECK_Q_NOT_PRIME 0x10
|
||||
#define DH_CHECK_INVALID_Q_VALUE 0x20
|
||||
#define DH_CHECK_INVALID_J_VALUE 0x40
|
||||
|
||||
/* These are compatibility defines. */
|
||||
#define DH_NOT_SUITABLE_GENERATOR DH_CHECK_NOT_SUITABLE_GENERATOR
|
||||
#define DH_UNABLE_TO_CHECK_GENERATOR DH_CHECK_UNABLE_TO_CHECK_GENERATOR
|
||||
|
||||
/* DH_check checks the suitability of |dh| as a Diffie-Hellman group. and sets
|
||||
* |DH_CHECK_*| flags in |*out_flags| if it finds any errors. It returns one if
|
||||
* |*out_flags| was successfully set and zero on error.
|
||||
*
|
||||
* Note: these checks may be quite computationally expensive. */
|
||||
OPENSSL_EXPORT int DH_check(const DH *dh, int *out_flags);
|
||||
|
||||
#define DH_CHECK_PUBKEY_TOO_SMALL 1
|
||||
#define DH_CHECK_PUBKEY_TOO_LARGE 2
|
||||
|
||||
/* DH_check_pub_key checks the suitability of |pub_key| as a public key for the
|
||||
* DH group in |dh| and sets |DH_CHECK_PUBKEY_*| flags in |*out_flags| if it
|
||||
* finds any errors. It returns one if |*out_flags| was successfully set and
|
||||
* zero on error. */
|
||||
OPENSSL_EXPORT int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key,
|
||||
int *out_flags);
|
||||
|
||||
/* DHparams_dup allocates a fresh |DH| and copies the parameters from |dh| into
|
||||
* it. It returns the new |DH| or NULL on error. */
|
||||
OPENSSL_EXPORT DH *DHparams_dup(const DH *dh);
|
||||
|
||||
|
||||
/* ASN.1 functions. */
|
||||
|
||||
/* d2i_DHparams parses an ASN.1, DER encoded Diffie-Hellman parameters
|
||||
* structure from |len| bytes at |*inp|. If |ret| is not NULL then, on exit, a
|
||||
* pointer to the result is in |*ret|. If |*ret| is already non-NULL on entry
|
||||
* then the result is written directly into |*ret|, otherwise a fresh |DH| is
|
||||
* allocated. On successful exit, |*inp| is advanced past the DER structure. It
|
||||
* returns the result or NULL on error. */
|
||||
OPENSSL_EXPORT DH *d2i_DHparams(DH **ret, const unsigned char **inp, long len);
|
||||
|
||||
/* i2d_DHparams marshals |in| to an ASN.1, DER structure. If |outp| is not NULL
|
||||
* then the result is written to |*outp| and |*outp| is advanced just past the
|
||||
* output. It returns the number of bytes in the result, whether written or
|
||||
* not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_DHparams(const DH *in, unsigned char **outp);
|
||||
|
||||
|
||||
/* ex_data functions.
|
||||
*
|
||||
* See |ex_data.h| for details. */
|
||||
|
||||
OPENSSL_EXPORT int DH_get_ex_new_index(long argl, void *argp,
|
||||
CRYPTO_EX_new *new_func,
|
||||
CRYPTO_EX_dup *dup_func,
|
||||
CRYPTO_EX_free *free_func);
|
||||
OPENSSL_EXPORT int DH_set_ex_data(DH *d, int idx, void *arg);
|
||||
OPENSSL_EXPORT void *DH_get_ex_data(DH *d, int idx);
|
||||
|
||||
|
||||
/* dh_method contains function pointers to override the implementation of DH.
|
||||
* See |engine.h| for details. */
|
||||
struct dh_method {
|
||||
struct openssl_method_common_st common;
|
||||
|
||||
/* app_data is an opaque pointer for the method to use. */
|
||||
void *app_data;
|
||||
|
||||
/* init is called just before the return of |DH_new_method|. It returns one
|
||||
* on success or zero on error. */
|
||||
int (*init)(DH *dh);
|
||||
|
||||
/* finish is called before |dh| is destructed. */
|
||||
void (*finish)(DH *dh);
|
||||
|
||||
/* generate_parameters is called by |DH_generate_parameters_ex|. */
|
||||
int (*generate_parameters)(DH *dh, int prime_bits, int generator,
|
||||
BN_GENCB *cb);
|
||||
|
||||
/* generate_parameters is called by |DH_generate_key|. */
|
||||
int (*generate_key)(DH *dh);
|
||||
|
||||
/* compute_key is called by |DH_compute_key|. */
|
||||
int (*compute_key)(DH *dh, uint8_t *out, const BIGNUM *pub_key);
|
||||
};
|
||||
|
||||
struct dh_st {
|
||||
DH_METHOD *meth;
|
||||
|
||||
BIGNUM *p;
|
||||
BIGNUM *g;
|
||||
BIGNUM *pub_key; /* g^x */
|
||||
BIGNUM *priv_key; /* x */
|
||||
|
||||
/* priv_length contains the length, in bits, of the private value. If zero,
|
||||
* the private value will be the same length as |p|. */
|
||||
unsigned priv_length;
|
||||
|
||||
CRYPTO_MUTEX method_mont_p_lock;
|
||||
BN_MONT_CTX *method_mont_p;
|
||||
|
||||
/* Place holders if we want to do X9.42 DH */
|
||||
BIGNUM *q;
|
||||
BIGNUM *j;
|
||||
unsigned char *seed;
|
||||
int seedlen;
|
||||
BIGNUM *counter;
|
||||
|
||||
int flags;
|
||||
CRYPTO_refcount_t references;
|
||||
CRYPTO_EX_DATA ex_data;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define DH_F_DH_new_method 100
|
||||
#define DH_F_compute_key 101
|
||||
#define DH_F_generate_key 102
|
||||
#define DH_F_generate_parameters 103
|
||||
#define DH_R_BAD_GENERATOR 100
|
||||
#define DH_R_INVALID_PUBKEY 101
|
||||
#define DH_R_MODULUS_TOO_LARGE 102
|
||||
#define DH_R_NO_PRIVATE_VALUE 103
|
||||
|
||||
#endif /* OPENSSL_HEADER_DH_H */
|
|
@ -0,0 +1,265 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_DIGEST_H
|
||||
#define OPENSSL_HEADER_DIGEST_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Digest functions.
|
||||
*
|
||||
* An EVP_MD abstracts the details of a specific hash function allowing code to
|
||||
* deal with the concept of a "hash function" without needing to know exactly
|
||||
* which hash function it is. */
|
||||
|
||||
|
||||
/* Hash algorithms.
|
||||
*
|
||||
* The following functions return |EVP_MD| objects that implement the named hash
|
||||
* function. */
|
||||
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_md4(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_md5(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha1(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha224(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha256(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha384(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha512(void);
|
||||
|
||||
/* EVP_md5_sha1 is a TLS-specific |EVP_MD| which computes the concatenation of
|
||||
* MD5 and SHA-1, as used in TLS 1.1 and below. */
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_md5_sha1(void);
|
||||
|
||||
/* EVP_get_digestbynid returns an |EVP_MD| for the given NID, or NULL if no
|
||||
* such digest is known. */
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_get_digestbynid(int nid);
|
||||
|
||||
/* EVP_get_digestbyobj returns an |EVP_MD| for the given |ASN1_OBJECT|, or NULL
|
||||
* if no such digest is known. */
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *obj);
|
||||
|
||||
|
||||
/* Digest contexts.
|
||||
*
|
||||
* An EVP_MD_CTX represents the state of a specific digest operation in
|
||||
* progress. */
|
||||
|
||||
/* EVP_MD_CTX_init initialises an, already allocated, |EVP_MD_CTX|. */
|
||||
OPENSSL_EXPORT void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
|
||||
|
||||
/* EVP_MD_CTX_create allocates and initialises a fresh |EVP_MD_CTX| and returns
|
||||
* it, or NULL on allocation failure. */
|
||||
OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_create(void);
|
||||
|
||||
/* EVP_MD_CTX_cleanup frees any resources owned by |ctx| and resets it to a
|
||||
* freshly initialised state. It does not free |ctx| itself. It returns one. */
|
||||
OPENSSL_EXPORT int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
|
||||
|
||||
/* EVP_MD_CTX_destroy calls |EVP_MD_CTX_cleanup| and then frees |ctx| itself. */
|
||||
OPENSSL_EXPORT void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
|
||||
|
||||
/* EVP_MD_CTX_copy_ex sets |out|, which must already be initialised, to be a
|
||||
* copy of |in|. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
|
||||
|
||||
|
||||
/* Digest operations. */
|
||||
|
||||
/* EVP_DigestInit_ex configures |ctx|, which must already have been
|
||||
* initialised, for a fresh hashing operation using |type|. It returns one on
|
||||
* success and zero otherwise. */
|
||||
OPENSSL_EXPORT int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
|
||||
ENGINE *engine);
|
||||
|
||||
/* EVP_DigestInit acts like |EVP_DigestInit_ex| except that |ctx| is
|
||||
* initialised before use. */
|
||||
OPENSSL_EXPORT int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
|
||||
|
||||
/* EVP_DigestUpdate hashes |len| bytes from |data| into the hashing operation
|
||||
* in |ctx|. It returns one. */
|
||||
OPENSSL_EXPORT int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
|
||||
size_t len);
|
||||
|
||||
/* EVP_MAX_MD_SIZE is the largest digest size supported. Functions that output
|
||||
* a digest generally require the buffer have at least this much space. */
|
||||
#define EVP_MAX_MD_SIZE 64 /* SHA-512 is the longest so far. */
|
||||
|
||||
/* EVP_DigestFinal_ex finishes the digest in |ctx| and writes the output to
|
||||
* |md_out|. At most |EVP_MAX_MD_SIZE| bytes are written. If |out_size| is not
|
||||
* NULL then |*out_size| is set to the number of bytes written. It returns one.
|
||||
* After this call, the hash cannot be updated or finished again until
|
||||
* |EVP_DigestInit_ex| is called to start another hashing operation. */
|
||||
OPENSSL_EXPORT int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, uint8_t *md_out,
|
||||
unsigned int *out_size);
|
||||
|
||||
/* EVP_DigestFinal acts like |EVP_DigestFinal_ex| except that
|
||||
* |EVP_MD_CTX_cleanup| is called on |ctx| before returning. */
|
||||
OPENSSL_EXPORT int EVP_DigestFinal(EVP_MD_CTX *ctx, uint8_t *md_out,
|
||||
unsigned int *out_size);
|
||||
|
||||
/* EVP_Digest performs a complete hashing operation in one call. It hashes
|
||||
* |len| bytes from |data| and writes the digest to |md_out|. At most
|
||||
* |EVP_MAX_MD_SIZE| bytes are written. If |out_size| is not NULL then
|
||||
* |*out_size| is set to the number of bytes written. It returns one on success
|
||||
* and zero otherwise. */
|
||||
OPENSSL_EXPORT int EVP_Digest(const void *data, size_t len, uint8_t *md_out,
|
||||
unsigned int *md_out_size, const EVP_MD *type,
|
||||
ENGINE *impl);
|
||||
|
||||
|
||||
/* Digest function accessors.
|
||||
*
|
||||
* These functions allow code to learn details about an abstract hash
|
||||
* function. */
|
||||
|
||||
/* EVP_MD_type returns a NID identifing |md|. (For example, |NID_sha256|.) */
|
||||
OPENSSL_EXPORT int EVP_MD_type(const EVP_MD *md);
|
||||
|
||||
/* EVP_MD_flags returns the flags for |md|, which is a set of |EVP_MD_FLAG_*|
|
||||
* values, ORed together. */
|
||||
OPENSSL_EXPORT uint32_t EVP_MD_flags(const EVP_MD *md);
|
||||
|
||||
/* EVP_MD_size returns the digest size of |md|, in bytes. */
|
||||
OPENSSL_EXPORT size_t EVP_MD_size(const EVP_MD *md);
|
||||
|
||||
/* EVP_MD_block_size returns the native block-size of |md|. */
|
||||
OPENSSL_EXPORT size_t EVP_MD_block_size(const EVP_MD *md);
|
||||
|
||||
/* EVP_MD_FLAG_PKEY_DIGEST indicates the the digest function is used with a
|
||||
* specific public key in order to verify signatures. (For example,
|
||||
* EVP_dss1.) */
|
||||
#define EVP_MD_FLAG_PKEY_DIGEST 1
|
||||
|
||||
/* EVP_MD_FLAG_DIGALGID_ABSENT indicates that the parameter type in an X.509
|
||||
* DigestAlgorithmIdentifier representing this digest function should be
|
||||
* undefined rather than NULL. */
|
||||
#define EVP_MD_FLAG_DIGALGID_ABSENT 2
|
||||
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
/* EVP_MD_CTX_copy sets |out|, which must /not/ be initialised, to be a copy of
|
||||
* |in|. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
|
||||
|
||||
/* EVP_add_digest does nothing and returns one. It exists only for
|
||||
* compatibility with OpenSSL. */
|
||||
OPENSSL_EXPORT int EVP_add_digest(const EVP_MD *digest);
|
||||
|
||||
/* EVP_get_cipherbyname returns an |EVP_MD| given a human readable name in
|
||||
* |name|, or NULL if the name is unknown. */
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyname(const char *);
|
||||
|
||||
|
||||
/* Digest operation accessors. */
|
||||
|
||||
/* EVP_MD_CTX_md returns the underlying digest function, or NULL if one has not
|
||||
* been set. */
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
|
||||
|
||||
/* EVP_MD_CTX_size returns the digest size of |ctx|. It will crash if a digest
|
||||
* hasn't been set on |ctx|. */
|
||||
OPENSSL_EXPORT unsigned EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
|
||||
|
||||
/* EVP_MD_CTX_block_size returns the block size of the digest function used by
|
||||
* |ctx|. It will crash if a digest hasn't been set on |ctx|. */
|
||||
OPENSSL_EXPORT unsigned EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
|
||||
|
||||
/* EVP_MD_CTX_type returns a NID describing the digest function used by |ctx|.
|
||||
* (For example, |NID_sha256|.) It will crash if a digest hasn't been set on
|
||||
* |ctx|. */
|
||||
OPENSSL_EXPORT int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
|
||||
|
||||
|
||||
struct evp_md_pctx_ops;
|
||||
|
||||
struct env_md_ctx_st {
|
||||
/* digest is the underlying digest function, or NULL if not set. */
|
||||
const EVP_MD *digest;
|
||||
/* flags is the OR of a number of |EVP_MD_CTX_FLAG_*| values. */
|
||||
uint32_t flags;
|
||||
/* md_data points to a block of memory that contains the hash-specific
|
||||
* context. */
|
||||
void *md_data;
|
||||
/* update is usually copied from |digest->update| but can differ in some
|
||||
* cases, i.e. HMAC.
|
||||
* TODO(davidben): Remove this hook once |EVP_PKEY_HMAC| is gone. */
|
||||
void (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
|
||||
|
||||
/* pctx is an opaque (at this layer) pointer to additional context that
|
||||
* EVP_PKEY functions may store in this object. */
|
||||
EVP_PKEY_CTX *pctx;
|
||||
|
||||
/* pctx_ops, if not NULL, points to a vtable that contains functions to
|
||||
* manipulate |pctx|. */
|
||||
const struct evp_md_pctx_ops *pctx_ops;
|
||||
} /* EVP_MD_CTX */;
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define DIGEST_F_EVP_DigestInit_ex 100
|
||||
#define DIGEST_F_EVP_MD_CTX_copy_ex 101
|
||||
#define DIGEST_R_INPUT_NOT_INITIALIZED 100
|
||||
|
||||
#endif /* OPENSSL_HEADER_DIGEST_H */
|
|
@ -0,0 +1,379 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*
|
||||
* The DSS routines are based on patches supplied by
|
||||
* Steven Schoch <schoch@sheba.arc.nasa.gov>. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_DSA_H
|
||||
#define OPENSSL_HEADER_DSA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/ex_data.h>
|
||||
#include <openssl/thread.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* DSA contains functions for signing and verifing with the Digital Signature
|
||||
* Algorithm. */
|
||||
|
||||
|
||||
/* Allocation and destruction. */
|
||||
|
||||
/* DSA_new returns a new, empty DSA object or NULL on error. */
|
||||
OPENSSL_EXPORT DSA *DSA_new(void);
|
||||
|
||||
/* DSA_new_method acts the same as |DH_new| but takes an explicit |ENGINE|. */
|
||||
OPENSSL_EXPORT DSA *DSA_new_method(const ENGINE *engine);
|
||||
|
||||
/* DSA_free decrements the reference count of |dsa| and frees it if the
|
||||
* reference count drops to zero. */
|
||||
OPENSSL_EXPORT void DSA_free(DSA *dsa);
|
||||
|
||||
/* DSA_up_ref increments the reference count of |dsa|. */
|
||||
OPENSSL_EXPORT int DSA_up_ref(DSA *dsa);
|
||||
|
||||
|
||||
/* Parameter generation. */
|
||||
|
||||
/* DSA_generate_parameters_ex generates a set of DSA parameters by following
|
||||
* the procedure given in FIPS 186-4, appendix A.
|
||||
* (http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf)
|
||||
*
|
||||
* The larger prime will have a length of |bits| (e.g. 2048). The |seed| value
|
||||
* allows others to generate and verify the same parameters and should be
|
||||
* random input which is kept for reference. If |out_counter| or |out_h| are
|
||||
* not NULL then the counter and h value used in the generation are written to
|
||||
* them.
|
||||
*
|
||||
* The |cb| argument is passed to |BN_generate_prime_ex| and is thus called
|
||||
* during the generation process in order to indicate progress. See the
|
||||
* comments for that function for details. In addition to the calls made by
|
||||
* |BN_generate_prime_ex|, |DSA_generate_parameters_ex| will call it with
|
||||
* |event| equal to 2 and 3 at different stages of the process.
|
||||
*
|
||||
* It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int DSA_generate_parameters_ex(DSA *dsa, unsigned bits,
|
||||
const uint8_t *seed,
|
||||
size_t seed_len, int *out_counter,
|
||||
unsigned long *out_h,
|
||||
BN_GENCB *cb);
|
||||
|
||||
/* DSAparams_dup returns a freshly allocated |DSA| that contains a copy of the
|
||||
* parameters from |dsa|. It returns NULL on error. */
|
||||
OPENSSL_EXPORT DSA *DSAparams_dup(const DSA *dsa);
|
||||
|
||||
|
||||
/* Key generation. */
|
||||
|
||||
/* DSA_generate_key generates a public/private key pair in |dsa|, which must
|
||||
* already have parameters setup. It returns one on success and zero on
|
||||
* error. */
|
||||
OPENSSL_EXPORT int DSA_generate_key(DSA *dsa);
|
||||
|
||||
|
||||
/* Signatures. */
|
||||
|
||||
/* DSA_SIG contains a DSA signature as a pair of integers. */
|
||||
typedef struct DSA_SIG_st {
|
||||
BIGNUM *r, *s;
|
||||
} DSA_SIG;
|
||||
|
||||
/* DSA_SIG_new returns a freshly allocated, DIG_SIG structure or NULL on error.
|
||||
* Both |r| and |s| in the signature will be NULL. */
|
||||
OPENSSL_EXPORT DSA_SIG *DSA_SIG_new(void);
|
||||
|
||||
/* DSA_SIG_free frees the contents of |sig| and then frees |sig| itself. */
|
||||
OPENSSL_EXPORT void DSA_SIG_free(DSA_SIG *sig);
|
||||
|
||||
/* DSA_do_sign returns a signature of the hash in |digest| by the key in |dsa|
|
||||
* and returns an allocated, DSA_SIG structure, or NULL on error. */
|
||||
OPENSSL_EXPORT DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len,
|
||||
DSA *dsa);
|
||||
|
||||
/* DSA_do_verify verifies that |sig| is a valid signature, by the public key in
|
||||
* |dsa|, of the hash in |digest|. It returns one if so, zero if invalid and -1
|
||||
* on error.
|
||||
*
|
||||
* WARNING: do not use. This function returns -1 for error, 0 for invalid and 1
|
||||
* for valid. However, this is dangerously different to the usual OpenSSL
|
||||
* convention and could be a disaster if a user did |if (DSA_do_verify(...))|.
|
||||
* Because of this, |DSA_check_signature| is a safer version of this.
|
||||
*
|
||||
* TODO(fork): deprecate. */
|
||||
OPENSSL_EXPORT int DSA_do_verify(const uint8_t *digest, size_t digest_len,
|
||||
DSA_SIG *sig, const DSA *dsa);
|
||||
|
||||
/* DSA_do_check_signature sets |*out_valid| to zero. Then it verifies that |sig|
|
||||
* is a valid signature, by the public key in |dsa| of the hash in |digest|
|
||||
* and, if so, it sets |*out_valid| to one.
|
||||
*
|
||||
* It returns one if it was able to verify the signature as valid or invalid,
|
||||
* and zero on error. */
|
||||
OPENSSL_EXPORT int DSA_do_check_signature(int *out_valid, const uint8_t *digest,
|
||||
size_t digest_len, DSA_SIG *sig,
|
||||
const DSA *dsa);
|
||||
|
||||
|
||||
/* ASN.1 signatures.
|
||||
*
|
||||
* These functions also perform DSA signature operations, but deal with ASN.1
|
||||
* encoded signatures as opposed to raw |BIGNUM|s. If you don't know what
|
||||
* encoding a DSA signature is in, it's probably ASN.1. */
|
||||
|
||||
/* DSA_sign signs |digest| with the key in |dsa| and writes the resulting
|
||||
* signature, in ASN.1 form, to |out_sig| and the length of the signature to
|
||||
* |*out_siglen|. There must be, at least, |DSA_size(dsa)| bytes of space in
|
||||
* |out_sig|. It returns one on success and zero otherwise.
|
||||
*
|
||||
* (The |type| argument is ignored.) */
|
||||
OPENSSL_EXPORT int DSA_sign(int type, const uint8_t *digest, size_t digest_len,
|
||||
uint8_t *out_sig, unsigned int *out_siglen,
|
||||
DSA *dsa);
|
||||
|
||||
/* DSA_verify verifies that |sig| is a valid, ASN.1 signature, by the public
|
||||
* key in |dsa|, of the hash in |digest|. It returns one if so, zero if invalid
|
||||
* and -1 on error.
|
||||
*
|
||||
* (The |type| argument is ignored.)
|
||||
*
|
||||
* WARNING: do not use. This function returns -1 for error, 0 for invalid and 1
|
||||
* for valid. However, this is dangerously different to the usual OpenSSL
|
||||
* convention and could be a disaster if a user did |if (DSA_do_verify(...))|.
|
||||
* Because of this, |DSA_check_signature| is a safer version of this.
|
||||
*
|
||||
* TODO(fork): deprecate. */
|
||||
OPENSSL_EXPORT int DSA_verify(int type, const uint8_t *digest,
|
||||
size_t digest_len, const uint8_t *sig,
|
||||
size_t sig_len, const DSA *dsa);
|
||||
|
||||
/* DSA_check_signature sets |*out_valid| to zero. Then it verifies that |sig|
|
||||
* is a valid, ASN.1 signature, by the public key in |dsa|, of the hash in
|
||||
* |digest|. If so, it sets |*out_valid| to one.
|
||||
*
|
||||
* It returns one if it was able to verify the signature as valid or invalid,
|
||||
* and zero on error. */
|
||||
OPENSSL_EXPORT int DSA_check_signature(int *out_valid, const uint8_t *digest,
|
||||
size_t digest_len, const uint8_t *sig,
|
||||
size_t sig_len, const DSA *dsa);
|
||||
|
||||
/* DSA_size returns the size, in bytes, of an ASN.1 encoded, DSA signature
|
||||
* generated by |dsa|. Parameters must already have been setup in |dsa|. */
|
||||
OPENSSL_EXPORT int DSA_size(const DSA *dsa);
|
||||
|
||||
|
||||
/* ASN.1 encoding. */
|
||||
|
||||
/* d2i_DSA_SIG parses an ASN.1, DER-encoded, DSA signature from |len| bytes at
|
||||
* |*inp|. If |out_sig| is not NULL then, on exit, a pointer to the result is
|
||||
* in |*out_sig|. If |*out_sig| is already non-NULL on entry then the result is
|
||||
* written directly into |*out_sig|, otherwise a fresh |DSA_SIG| is allocated.
|
||||
* On successful exit, |*inp| is advanced past the DER structure. It returns
|
||||
* the result or NULL on error. */
|
||||
OPENSSL_EXPORT DSA_SIG *d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp,
|
||||
long len);
|
||||
|
||||
/* i2d_DSA_SIG marshals |in| to an ASN.1, DER structure. If |outp| is not NULL
|
||||
* then the result is written to |*outp| and |*outp| is advanced just past the
|
||||
* output. It returns the number of bytes in the result, whether written or not,
|
||||
* or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_DSA_SIG(const DSA_SIG *in, uint8_t **outp);
|
||||
|
||||
/* d2i_DSAPublicKey parses an ASN.1, DER-encoded, DSA public key from |len|
|
||||
* bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
|
||||
* is in |*out|. If |*out| is already non-NULL on entry then the result is
|
||||
* written directly into |*out|, otherwise a fresh |DSA| is allocated. On
|
||||
* successful exit, |*inp| is advanced past the DER structure. It returns the
|
||||
* result or NULL on error. */
|
||||
OPENSSL_EXPORT DSA *d2i_DSAPublicKey(DSA **out, const uint8_t **inp, long len);
|
||||
|
||||
/* i2d_DSAPublicKey marshals a public key from |in| to an ASN.1, DER structure.
|
||||
* If |outp| is not NULL then the result is written to |*outp| and |*outp| is
|
||||
* advanced just past the output. It returns the number of bytes in the result,
|
||||
* whether written or not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_DSAPublicKey(const DSA *in, unsigned char **outp);
|
||||
|
||||
/* d2i_DSAPrivateKey parses an ASN.1, DER-encoded, DSA private key from |len|
|
||||
* bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
|
||||
* is in |*out|. If |*out| is already non-NULL on entry then the result is
|
||||
* written directly into |*out|, otherwise a fresh |DSA| is allocated. On
|
||||
* successful exit, |*inp| is advanced past the DER structure. It returns the
|
||||
* result or NULL on error. */
|
||||
OPENSSL_EXPORT DSA *d2i_DSAPrivateKey(DSA **out, const uint8_t **inp, long len);
|
||||
|
||||
/* i2d_DSAPrivateKey marshals a private key from |in| to an ASN.1, DER structure.
|
||||
* If |outp| is not NULL then the result is written to |*outp| and |*outp| is
|
||||
* advanced just past the output. It returns the number of bytes in the result,
|
||||
* whether written or not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_DSAPrivateKey(const DSA *in, unsigned char **outp);
|
||||
|
||||
/* d2i_DSAparams parses ASN.1, DER-encoded, DSA parameters from |len| bytes at
|
||||
* |*inp|. If |out| is not NULL then, on exit, a pointer to the result is in
|
||||
* |*out|. If |*out| is already non-NULL on entry then the result is written
|
||||
* directly into |*out|, otherwise a fresh |DSA| is allocated. On successful
|
||||
* exit, |*inp| is advanced past the DER structure. It returns the result or
|
||||
* NULL on error. */
|
||||
OPENSSL_EXPORT DSA *d2i_DSAparams(DSA **out, const uint8_t **inp, long len);
|
||||
|
||||
/* i2d_DSAparams marshals DSA parameters from |in| to an ASN.1, DER structure.
|
||||
* If |outp| is not NULL then the result is written to |*outp| and |*outp| is
|
||||
* advanced just past the output. It returns the number of bytes in the result,
|
||||
* whether written or not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_DSAparams(const DSA *in, unsigned char **outp);
|
||||
|
||||
|
||||
/* Precomputation. */
|
||||
|
||||
/* DSA_sign_setup precomputes the message independent part of the DSA signature
|
||||
* and writes them to |*out_kinv| and |*out_r|. Returns one on success, zero on
|
||||
* error.
|
||||
*
|
||||
* TODO(fork): decide what to do with this. Since making DSA* opaque there's no
|
||||
* way for the user to install them. Also, it forces the DSA* not to be const
|
||||
* when passing to the signing function. */
|
||||
OPENSSL_EXPORT int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx,
|
||||
BIGNUM **out_kinv, BIGNUM **out_r);
|
||||
|
||||
|
||||
/* Conversion. */
|
||||
|
||||
/* DSA_dup_DH returns a |DH| constructed from the parameters of |dsa|. This is
|
||||
* sometimes needed when Diffie-Hellman parameters are stored in the form of
|
||||
* DSA parameters. It returns an allocated |DH| on success or NULL on error. */
|
||||
OPENSSL_EXPORT DH *DSA_dup_DH(const DSA *dsa);
|
||||
|
||||
|
||||
/* ex_data functions.
|
||||
*
|
||||
* See |ex_data.h| for details. */
|
||||
|
||||
OPENSSL_EXPORT int DSA_get_ex_new_index(long argl, void *argp,
|
||||
CRYPTO_EX_new *new_func,
|
||||
CRYPTO_EX_dup *dup_func,
|
||||
CRYPTO_EX_free *free_func);
|
||||
OPENSSL_EXPORT int DSA_set_ex_data(DSA *d, int idx, void *arg);
|
||||
OPENSSL_EXPORT void *DSA_get_ex_data(const DSA *d, int idx);
|
||||
|
||||
|
||||
struct dsa_method {
|
||||
struct openssl_method_common_st common;
|
||||
|
||||
void *app_data;
|
||||
|
||||
int (*init)(DSA *dsa);
|
||||
int (*finish)(DSA *dsa);
|
||||
|
||||
DSA_SIG *(*sign)(const uint8_t *digest, size_t digest_len, DSA *dsa);
|
||||
|
||||
int (*sign_setup)(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp,
|
||||
const uint8_t *digest, size_t digest_len);
|
||||
|
||||
int (*verify)(int *out_valid, const uint8_t *digest, size_t digest_len,
|
||||
DSA_SIG *sig, const DSA *dsa);
|
||||
|
||||
/* generate_parameters, if non-NULL, is used to generate DSA parameters. */
|
||||
int (*generate_parameters)(DSA *dsa, unsigned bits, const uint8_t *seed,
|
||||
size_t seed_len, int *counter_ret,
|
||||
unsigned long *h_ret, BN_GENCB *cb);
|
||||
|
||||
/* keygen, if non-NULL, is used to generate DSA keys. */
|
||||
int (*keygen)(DSA *dsa);
|
||||
};
|
||||
|
||||
struct dsa_st {
|
||||
long version;
|
||||
int write_params;
|
||||
BIGNUM *p;
|
||||
BIGNUM *q; /* == 20 */
|
||||
BIGNUM *g;
|
||||
|
||||
BIGNUM *pub_key; /* y public key */
|
||||
BIGNUM *priv_key; /* x private key */
|
||||
|
||||
BIGNUM *kinv; /* Signing pre-calc */
|
||||
BIGNUM *r; /* Signing pre-calc */
|
||||
|
||||
int flags;
|
||||
/* Normally used to cache montgomery values */
|
||||
CRYPTO_MUTEX method_mont_p_lock;
|
||||
BN_MONT_CTX *method_mont_p;
|
||||
CRYPTO_refcount_t references;
|
||||
CRYPTO_EX_DATA ex_data;
|
||||
DSA_METHOD *meth;
|
||||
/* functional reference if 'meth' is ENGINE-provided */
|
||||
ENGINE *engine;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define DSA_F_DSA_new_method 100
|
||||
#define DSA_F_dsa_sig_cb 101
|
||||
#define DSA_F_sign 102
|
||||
#define DSA_F_sign_setup 103
|
||||
#define DSA_F_verify 104
|
||||
#define DSA_R_BAD_Q_VALUE 100
|
||||
#define DSA_R_MISSING_PARAMETERS 101
|
||||
#define DSA_R_MODULUS_TOO_LARGE 102
|
||||
#define DSA_R_NEED_NEW_SETUP_VALUES 103
|
||||
|
||||
#endif /* OPENSSL_HEADER_DSA_H */
|
|
@ -0,0 +1,16 @@
|
|||
/* Copyright (c) 2015, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
|
@ -0,0 +1,433 @@
|
|||
/* Originally written by Bodo Moeller for the OpenSSL project.
|
||||
* ====================================================================
|
||||
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
*
|
||||
* Portions of the attached software ("Contribution") are developed by
|
||||
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
|
||||
*
|
||||
* The Contribution is licensed pursuant to the OpenSSL open source
|
||||
* license provided above.
|
||||
*
|
||||
* The elliptic curve binary polynomial software is originally written by
|
||||
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
|
||||
* Laboratories. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_EC_H
|
||||
#define OPENSSL_HEADER_EC_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Low-level operations on elliptic curves. */
|
||||
|
||||
|
||||
typedef struct ec_group_st EC_GROUP;
|
||||
typedef struct ec_point_st EC_POINT;
|
||||
|
||||
/** Enum for the point conversion form as defined in X9.62 (ECDSA)
|
||||
* for the encoding of a elliptic curve point (x,y) */
|
||||
typedef enum {
|
||||
/** the point is encoded as z||x, where the octet z specifies
|
||||
* which solution of the quadratic equation y is */
|
||||
POINT_CONVERSION_COMPRESSED = 2,
|
||||
/** the point is encoded as z||x||y, where z is the octet 0x02 */
|
||||
POINT_CONVERSION_UNCOMPRESSED = 4
|
||||
} point_conversion_form_t;
|
||||
|
||||
|
||||
/* Elliptic curve groups. */
|
||||
|
||||
/* EC_GROUP_new_by_curve_name returns a fresh EC_GROUP object for the elliptic
|
||||
* curve specified by |nid|, or NULL on error.
|
||||
*
|
||||
* The supported NIDs are:
|
||||
* NID_secp224r1,
|
||||
* NID_X9_62_prime256v1,
|
||||
* NID_secp384r1,
|
||||
* NID_secp521r1 */
|
||||
OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
|
||||
|
||||
/* EC_GROUP_free frees |group| and the data that it points to. */
|
||||
OPENSSL_EXPORT void EC_GROUP_free(EC_GROUP *group);
|
||||
|
||||
/* EC_GROUP_dup returns a fresh |EC_GROUP| which is equal to |a| or NULL on
|
||||
* error. */
|
||||
OPENSSL_EXPORT EC_GROUP *EC_GROUP_dup(const EC_GROUP *a);
|
||||
|
||||
/* EC_GROUP_cmp returns zero if |a| and |b| are the same group and non-zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b,
|
||||
BN_CTX *ignored);
|
||||
|
||||
/* EC_GROUP_get0_generator returns a pointer to the internal |EC_POINT| object
|
||||
* in |group| that specifies the generator for the group. */
|
||||
OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
|
||||
|
||||
/* EC_GROUP_get_order sets |*order| to the order of |group|, if it's not
|
||||
* NULL. It returns one on success and zero otherwise. |ctx| is ignored. */
|
||||
OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* EC_GROUP_get_cofactor sets |*cofactor| to the cofactor of |group| using
|
||||
* |ctx|, if it's not NULL. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int EC_GROUP_get_cofactor(const EC_GROUP *group,
|
||||
BIGNUM *cofactor, BN_CTX *ctx);
|
||||
|
||||
/* EC_GROUP_get_curve_GFp gets various parameters about a group. It sets
|
||||
* |*out_p| to the order of the coordinate field and |*out_a| and |*out_b| to
|
||||
* the parameters of the curve when expressed as y² = x³ + ax + b. Any of the
|
||||
* output parameters can be NULL. It returns one on success and zero on
|
||||
* error. */
|
||||
OPENSSL_EXPORT int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *out_p,
|
||||
BIGNUM *out_a, BIGNUM *out_b,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* EC_GROUP_get_curve_name returns a NID that identifies |group|. */
|
||||
OPENSSL_EXPORT int EC_GROUP_get_curve_name(const EC_GROUP *group);
|
||||
|
||||
/* EC_GROUP_get_degree returns the number of bits needed to represent an
|
||||
* element of the field underlying |group|. */
|
||||
OPENSSL_EXPORT int EC_GROUP_get_degree(const EC_GROUP *group);
|
||||
|
||||
/* EC_GROUP_precompute_mult precomputes multiplies of the generator in order to
|
||||
* speed up operations that involve calculating generator multiples. It returns
|
||||
* one on sucess and zero otherwise. If |ctx| is not NULL, it may be used. */
|
||||
OPENSSL_EXPORT int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
|
||||
|
||||
/* EC_GROUP_have_precompute_mult returns one if |group| contains precomputed
|
||||
* generator multiples. */
|
||||
OPENSSL_EXPORT int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
|
||||
|
||||
|
||||
/* Points on elliptic curves. */
|
||||
|
||||
/* EC_POINT_new returns a fresh |EC_POINT| object in the given group, or NULL
|
||||
* on error. */
|
||||
OPENSSL_EXPORT EC_POINT *EC_POINT_new(const EC_GROUP *group);
|
||||
|
||||
/* EC_POINT_free frees |point| and the data that it points to. */
|
||||
OPENSSL_EXPORT void EC_POINT_free(EC_POINT *point);
|
||||
|
||||
/* EC_POINT_clear_free clears the data that |point| points to, frees it and
|
||||
* then frees |point| itself. */
|
||||
OPENSSL_EXPORT void EC_POINT_clear_free(EC_POINT *point);
|
||||
|
||||
/* EC_POINT_copy sets |*dest| equal to |*src|. It returns one on success and
|
||||
* zero otherwise. */
|
||||
OPENSSL_EXPORT int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src);
|
||||
|
||||
/* EC_POINT_dup returns a fresh |EC_POINT| that contains the same values as
|
||||
* |src|, or NULL on error. */
|
||||
OPENSSL_EXPORT EC_POINT *EC_POINT_dup(const EC_POINT *src,
|
||||
const EC_GROUP *group);
|
||||
|
||||
/* EC_POINT_set_to_infinity sets |point| to be the "point at infinity" for the
|
||||
* given group. */
|
||||
OPENSSL_EXPORT int EC_POINT_set_to_infinity(const EC_GROUP *group,
|
||||
EC_POINT *point);
|
||||
|
||||
/* EC_POINT_is_at_infinity returns one iff |point| is the point at infinity and
|
||||
* zero otherwise. */
|
||||
OPENSSL_EXPORT int EC_POINT_is_at_infinity(const EC_GROUP *group,
|
||||
const EC_POINT *point);
|
||||
|
||||
/* EC_POINT_is_on_curve returns one if |point| is an element of |group| and
|
||||
* zero otheriwse. If |ctx| is non-NULL, it may be used. */
|
||||
OPENSSL_EXPORT int EC_POINT_is_on_curve(const EC_GROUP *group,
|
||||
const EC_POINT *point, BN_CTX *ctx);
|
||||
|
||||
/* EC_POINT_cmp returns zero if |a| is equal to |b|, greater than zero is
|
||||
* non-equal and -1 on error. If |ctx| is not NULL, it may be used. */
|
||||
OPENSSL_EXPORT int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a,
|
||||
const EC_POINT *b, BN_CTX *ctx);
|
||||
|
||||
/* EC_POINT_make_affine converts |point| to affine form, internally. It returns
|
||||
* one on success and zero otherwise. If |ctx| is not NULL, it may be used. */
|
||||
OPENSSL_EXPORT int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* EC_POINTs_make_affine converts |num| points from |points| to affine form,
|
||||
* internally. It returns one on success and zero otherwise. If |ctx| is not
|
||||
* NULL, it may be used. */
|
||||
OPENSSL_EXPORT int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
|
||||
EC_POINT *points[], BN_CTX *ctx);
|
||||
|
||||
|
||||
/* Point conversion. */
|
||||
|
||||
/* EC_POINT_get_affine_coordinates_GFp sets |x| and |y| to the affine value of
|
||||
* |point| using |ctx|, if it's not NULL. It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
|
||||
const EC_POINT *point,
|
||||
BIGNUM *x, BIGNUM *y,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* EC_POINT_set_affine_coordinates sets the value of |p| to be (|x|, |y|). The
|
||||
* |ctx| argument may be used if not NULL. */
|
||||
OPENSSL_EXPORT int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
|
||||
EC_POINT *point,
|
||||
const BIGNUM *x,
|
||||
const BIGNUM *y,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* EC_POINT_point2oct serialises |point| into the X9.62 form given by |form|
|
||||
* into, at most, |len| bytes at |buf|. It returns the number of bytes written
|
||||
* or zero on error if |buf| is non-NULL, else the number of bytes needed. The
|
||||
* |ctx| argument may be used if not NULL. */
|
||||
OPENSSL_EXPORT size_t EC_POINT_point2oct(const EC_GROUP *group,
|
||||
const EC_POINT *point,
|
||||
point_conversion_form_t form,
|
||||
uint8_t *buf, size_t len, BN_CTX *ctx);
|
||||
|
||||
/* EC_POINT_oct2point sets |point| from |len| bytes of X9.62 format
|
||||
* serialisation in |buf|. It returns one on success and zero otherwise. The
|
||||
* |ctx| argument may be used if not NULL. */
|
||||
OPENSSL_EXPORT int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
const uint8_t *buf, size_t len,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* EC_POINT_set_compressed_coordinates_GFp sets |point| to equal the point with
|
||||
* the given |x| coordinate and the y coordinate specified by |y_bit| (see
|
||||
* X9.62). It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int EC_POINT_set_compressed_coordinates_GFp(
|
||||
const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit,
|
||||
BN_CTX *ctx);
|
||||
|
||||
|
||||
/* Group operations. */
|
||||
|
||||
/* EC_POINT_add sets |r| equal to |a| plus |b|. It returns one on success and
|
||||
* zero otherwise. If |ctx| is not NULL, it may be used. */
|
||||
OPENSSL_EXPORT int EC_POINT_add(const EC_GROUP *group, EC_POINT *r,
|
||||
const EC_POINT *a, const EC_POINT *b,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* EC_POINT_dbl sets |r| equal to |a| plus |a|. It returns one on success and
|
||||
* zero otherwise. If |ctx| is not NULL, it may be used. */
|
||||
OPENSSL_EXPORT int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r,
|
||||
const EC_POINT *a, BN_CTX *ctx);
|
||||
|
||||
/* EC_POINT_dbl sets |a| equal to minus |a|. It returns one on success and zero
|
||||
* otherwise. If |ctx| is not NULL, it may be used. */
|
||||
OPENSSL_EXPORT int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a,
|
||||
BN_CTX *ctx);
|
||||
|
||||
/* EC_POINT_mul sets r = generator*n + q*m. It returns one on success and zero
|
||||
* otherwise. If |ctx| is not NULL, it may be used. */
|
||||
OPENSSL_EXPORT int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
const BIGNUM *n, const EC_POINT *q,
|
||||
const BIGNUM *m, BN_CTX *ctx);
|
||||
|
||||
/* EC_POINTs_mul sets r = generator*n + sum(p[i]*m[i]). It returns one on
|
||||
* success and zero otherwise. If |ctx| is not NULL, it may be used. */
|
||||
OPENSSL_EXPORT int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
const BIGNUM *n, size_t num,
|
||||
const EC_POINT *p[], const BIGNUM *m[],
|
||||
BN_CTX *ctx);
|
||||
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
/* EC_GROUP_new_curve_GFp creates a new, arbitrary elliptic curve group based
|
||||
* on the equation y² = x³ + a·x + b. It returns the new group or NULL on
|
||||
* error.
|
||||
*
|
||||
* |EC_GROUP|s returned by this function will always compare as unequal via
|
||||
* |EC_GROUP_cmp| (even to themselves). |EC_GROUP_get_curve_name| will always
|
||||
* return |NID_undef|. */
|
||||
OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p,
|
||||
const BIGNUM *a,
|
||||
const BIGNUM *b, BN_CTX *ctx);
|
||||
|
||||
/* EC_GROUP_set_generator sets the generator for |group| to |generator|, which
|
||||
* must have the given order and cofactor. This should only be used with
|
||||
* |EC_GROUP| objects returned by |EC_GROUP_new_curve_GFp|. */
|
||||
OPENSSL_EXPORT int EC_GROUP_set_generator(EC_GROUP *group,
|
||||
const EC_POINT *generator,
|
||||
const BIGNUM *order,
|
||||
const BIGNUM *cofactor);
|
||||
|
||||
/* EC_GROUP_set_asn1_flag does nothing. */
|
||||
OPENSSL_EXPORT void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
|
||||
|
||||
#define OPENSSL_EC_NAMED_CURVE 0
|
||||
|
||||
typedef struct ec_method_st EC_METHOD;
|
||||
|
||||
/* EC_GROUP_method_of returns NULL. */
|
||||
OPENSSL_EXPORT const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
|
||||
|
||||
/* EC_METHOD_get_field_type returns NID_X9_62_prime_field. */
|
||||
OPENSSL_EXPORT int EC_METHOD_get_field_type(const EC_METHOD *meth);
|
||||
|
||||
/* EC_GROUP_set_point_conversion_form aborts the process if |form| is not
|
||||
* |POINT_CONVERSION_UNCOMPRESSED| and otherwise does nothing. */
|
||||
OPENSSL_EXPORT void EC_GROUP_set_point_conversion_form(
|
||||
EC_GROUP *group, point_conversion_form_t form);
|
||||
|
||||
|
||||
/* Old code expects to get EC_KEY from ec.h. */
|
||||
#if !defined(OPENSSL_HEADER_EC_KEY_H)
|
||||
#include <openssl/ec_key.h>
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define EC_F_EC_GROUP_copy 100
|
||||
#define EC_F_EC_GROUP_get_curve_GFp 101
|
||||
#define EC_F_EC_GROUP_get_degree 102
|
||||
#define EC_F_EC_GROUP_new_by_curve_name 103
|
||||
#define EC_F_EC_KEY_check_key 104
|
||||
#define EC_F_EC_KEY_copy 105
|
||||
#define EC_F_EC_KEY_generate_key 106
|
||||
#define EC_F_EC_KEY_new_method 107
|
||||
#define EC_F_EC_KEY_set_public_key_affine_coordinates 108
|
||||
#define EC_F_EC_POINT_add 109
|
||||
#define EC_F_EC_POINT_cmp 110
|
||||
#define EC_F_EC_POINT_copy 111
|
||||
#define EC_F_EC_POINT_dbl 112
|
||||
#define EC_F_EC_POINT_dup 113
|
||||
#define EC_F_EC_POINT_get_affine_coordinates_GFp 114
|
||||
#define EC_F_EC_POINT_invert 115
|
||||
#define EC_F_EC_POINT_is_at_infinity 116
|
||||
#define EC_F_EC_POINT_is_on_curve 117
|
||||
#define EC_F_EC_POINT_make_affine 118
|
||||
#define EC_F_EC_POINT_new 119
|
||||
#define EC_F_EC_POINT_oct2point 120
|
||||
#define EC_F_EC_POINT_point2oct 121
|
||||
#define EC_F_EC_POINT_set_affine_coordinates_GFp 122
|
||||
#define EC_F_EC_POINT_set_compressed_coordinates_GFp 123
|
||||
#define EC_F_EC_POINT_set_to_infinity 124
|
||||
#define EC_F_EC_POINTs_make_affine 125
|
||||
#define EC_F_compute_wNAF 126
|
||||
#define EC_F_d2i_ECPKParameters 127
|
||||
#define EC_F_d2i_ECParameters 128
|
||||
#define EC_F_d2i_ECPrivateKey 129
|
||||
#define EC_F_ec_GFp_mont_field_decode 130
|
||||
#define EC_F_ec_GFp_mont_field_encode 131
|
||||
#define EC_F_ec_GFp_mont_field_mul 132
|
||||
#define EC_F_ec_GFp_mont_field_set_to_one 133
|
||||
#define EC_F_ec_GFp_mont_field_sqr 134
|
||||
#define EC_F_ec_GFp_mont_group_set_curve 135
|
||||
#define EC_F_ec_GFp_simple_group_check_discriminant 136
|
||||
#define EC_F_ec_GFp_simple_group_set_curve 137
|
||||
#define EC_F_ec_GFp_simple_make_affine 138
|
||||
#define EC_F_ec_GFp_simple_oct2point 139
|
||||
#define EC_F_ec_GFp_simple_point2oct 140
|
||||
#define EC_F_ec_GFp_simple_point_get_affine_coordinates 141
|
||||
#define EC_F_ec_GFp_simple_point_set_affine_coordinates 142
|
||||
#define EC_F_ec_GFp_simple_points_make_affine 143
|
||||
#define EC_F_ec_GFp_simple_set_compressed_coordinates 144
|
||||
#define EC_F_ec_asn1_group2pkparameters 145
|
||||
#define EC_F_ec_asn1_pkparameters2group 146
|
||||
#define EC_F_ec_group_new 147
|
||||
#define EC_F_ec_group_new_curve_GFp 148
|
||||
#define EC_F_ec_group_new_from_data 149
|
||||
#define EC_F_ec_point_set_Jprojective_coordinates_GFp 150
|
||||
#define EC_F_ec_pre_comp_new 151
|
||||
#define EC_F_ec_wNAF_mul 152
|
||||
#define EC_F_ec_wNAF_precompute_mult 153
|
||||
#define EC_F_i2d_ECPKParameters 154
|
||||
#define EC_F_i2d_ECParameters 155
|
||||
#define EC_F_i2d_ECPrivateKey 156
|
||||
#define EC_F_i2o_ECPublicKey 157
|
||||
#define EC_F_o2i_ECPublicKey 158
|
||||
#define EC_F_BN_to_felem 159
|
||||
#define EC_F_ec_GFp_nistp256_group_set_curve 160
|
||||
#define EC_F_ec_GFp_nistp256_point_get_affine_coordinates 161
|
||||
#define EC_F_ec_GFp_nistp256_points_mul 162
|
||||
#define EC_F_ec_group_copy 163
|
||||
#define EC_F_nistp256_pre_comp_new 164
|
||||
#define EC_F_EC_KEY_new_by_curve_name 165
|
||||
#define EC_F_EC_GROUP_new_curve_GFp 166
|
||||
#define EC_R_BUFFER_TOO_SMALL 100
|
||||
#define EC_R_COORDINATES_OUT_OF_RANGE 101
|
||||
#define EC_R_D2I_ECPKPARAMETERS_FAILURE 102
|
||||
#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 103
|
||||
#define EC_R_GROUP2PKPARAMETERS_FAILURE 104
|
||||
#define EC_R_I2D_ECPKPARAMETERS_FAILURE 105
|
||||
#define EC_R_INCOMPATIBLE_OBJECTS 106
|
||||
#define EC_R_INVALID_COMPRESSED_POINT 107
|
||||
#define EC_R_INVALID_COMPRESSION_BIT 108
|
||||
#define EC_R_INVALID_ENCODING 109
|
||||
#define EC_R_INVALID_FIELD 110
|
||||
#define EC_R_INVALID_FORM 111
|
||||
#define EC_R_INVALID_GROUP_ORDER 112
|
||||
#define EC_R_INVALID_PRIVATE_KEY 113
|
||||
#define EC_R_MISSING_PARAMETERS 114
|
||||
#define EC_R_MISSING_PRIVATE_KEY 115
|
||||
#define EC_R_NON_NAMED_CURVE 116
|
||||
#define EC_R_NOT_INITIALIZED 117
|
||||
#define EC_R_PKPARAMETERS2GROUP_FAILURE 118
|
||||
#define EC_R_POINT_AT_INFINITY 119
|
||||
#define EC_R_POINT_IS_NOT_ON_CURVE 120
|
||||
#define EC_R_SLOT_FULL 121
|
||||
#define EC_R_UNDEFINED_GENERATOR 122
|
||||
#define EC_R_UNKNOWN_GROUP 123
|
||||
#define EC_R_UNKNOWN_ORDER 124
|
||||
#define EC_R_WRONG_ORDER 125
|
||||
#define EC_R_BIGNUM_OUT_OF_RANGE 126
|
||||
#define EC_R_WRONG_CURVE_PARAMETERS 127
|
||||
|
||||
#endif /* OPENSSL_HEADER_EC_H */
|
|
@ -0,0 +1,286 @@
|
|||
/* Originally written by Bodo Moeller for the OpenSSL project.
|
||||
* ====================================================================
|
||||
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
*
|
||||
* Portions of the attached software ("Contribution") are developed by
|
||||
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
|
||||
*
|
||||
* The Contribution is licensed pursuant to the OpenSSL open source
|
||||
* license provided above.
|
||||
*
|
||||
* The elliptic curve binary polynomial software is originally written by
|
||||
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
|
||||
* Laboratories. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_EC_KEY_H
|
||||
#define OPENSSL_HEADER_EC_KEY_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/ex_data.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* ec_key.h contains functions that handle elliptic-curve points that are
|
||||
* public/private keys. */
|
||||
|
||||
|
||||
/* EC key objects. */
|
||||
|
||||
/* EC_KEY_new returns a fresh |EC_KEY| object or NULL on error. */
|
||||
OPENSSL_EXPORT EC_KEY *EC_KEY_new(void);
|
||||
|
||||
/* EC_KEY_new_method acts the same as |EC_KEY_new|, but takes an explicit
|
||||
* |ENGINE|. */
|
||||
OPENSSL_EXPORT EC_KEY *EC_KEY_new_method(const ENGINE *engine);
|
||||
|
||||
/* EC_KEY_new_by_curve_name returns a fresh EC_KEY for group specified by |nid|
|
||||
* or NULL on error. */
|
||||
OPENSSL_EXPORT EC_KEY *EC_KEY_new_by_curve_name(int nid);
|
||||
|
||||
/* EC_KEY_free frees all the data owned by |key| and |key| itself. */
|
||||
OPENSSL_EXPORT void EC_KEY_free(EC_KEY *key);
|
||||
|
||||
/* EC_KEY_copy sets |dst| equal to |src| and returns |dst| or NULL on error. */
|
||||
OPENSSL_EXPORT EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
|
||||
|
||||
/* EC_KEY_dup returns a fresh copy of |src| or NULL on error. */
|
||||
OPENSSL_EXPORT EC_KEY *EC_KEY_dup(const EC_KEY *src);
|
||||
|
||||
/* EC_KEY_up_ref increases the reference count of |key|. It returns one on
|
||||
* success and zero otherwise. */
|
||||
OPENSSL_EXPORT int EC_KEY_up_ref(EC_KEY *key);
|
||||
|
||||
/* EC_KEY_is_opaque returns one if |key| is opaque and doesn't expose its key
|
||||
* material. Otherwise it return zero. */
|
||||
OPENSSL_EXPORT int EC_KEY_is_opaque(const EC_KEY *key);
|
||||
|
||||
/* EC_KEY_get0_group returns a pointer to the |EC_GROUP| object inside |key|. */
|
||||
OPENSSL_EXPORT const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
|
||||
|
||||
/* EC_KEY_set_group sets the |EC_GROUP| object that |key| will use to |group|.
|
||||
* It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
|
||||
|
||||
/* EC_KEY_get0_private_key returns a pointer to the private key inside |key|. */
|
||||
OPENSSL_EXPORT const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
|
||||
|
||||
/* EC_KEY_set_private_key sets the private key of |key| to |priv|. It returns
|
||||
* one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
|
||||
|
||||
/* EC_KEY_get0_public_key returns a pointer to the public key point inside
|
||||
* |key|. */
|
||||
OPENSSL_EXPORT const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
|
||||
|
||||
/* EC_KEY_set_public_key sets the public key of |key| to |pub|, by copying it.
|
||||
* It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
|
||||
|
||||
#define EC_PKEY_NO_PARAMETERS 0x001
|
||||
#define EC_PKEY_NO_PUBKEY 0x002
|
||||
|
||||
/* EC_KEY_get_enc_flags returns the encoding flags for |key|, which is a
|
||||
* bitwise-OR of |EC_PKEY_*| values. */
|
||||
OPENSSL_EXPORT unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
|
||||
|
||||
/* EC_KEY_set_enc_flags sets the encoding flags for |key|, which is a
|
||||
* bitwise-OR of |EC_PKEY_*| values. */
|
||||
OPENSSL_EXPORT void EC_KEY_set_enc_flags(EC_KEY *key, unsigned flags);
|
||||
|
||||
/* EC_KEY_get_conv_form returns the conversation form that will be used by
|
||||
* |key|. */
|
||||
OPENSSL_EXPORT point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
|
||||
|
||||
/* EC_KEY_set_conv_form sets the conversion form to be used by |key|. */
|
||||
OPENSSL_EXPORT void EC_KEY_set_conv_form(EC_KEY *key,
|
||||
point_conversion_form_t cform);
|
||||
|
||||
/* EC_KEY_precompute_mult precomputes multiplies of the generator of the
|
||||
* underlying group in order to speed up operations that calculate generator
|
||||
* multiples. If |ctx| is not NULL, it may be used. It returns one on success
|
||||
* and zero otherwise. */
|
||||
OPENSSL_EXPORT int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
|
||||
|
||||
/* EC_KEY_check_key performs several checks on |key| (possibly including an
|
||||
* expensive check that the public key is in the primary subgroup). It returns
|
||||
* one if all checks pass and zero otherwise. If it returns zero then detail
|
||||
* about the problem can be found on the error stack. */
|
||||
OPENSSL_EXPORT int EC_KEY_check_key(const EC_KEY *key);
|
||||
|
||||
/* EC_KEY_set_public_key_affine_coordinates sets the public key in |key| to
|
||||
* (|x|, |y|). It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key,
|
||||
BIGNUM *x,
|
||||
BIGNUM *y);
|
||||
|
||||
|
||||
/* Key generation. */
|
||||
|
||||
/* EC_KEY_generate_key generates a random, private key, calculates the
|
||||
* corresponding public key and stores both in |key|. It returns one on success
|
||||
* or zero otherwise. */
|
||||
OPENSSL_EXPORT int EC_KEY_generate_key(EC_KEY *key);
|
||||
|
||||
|
||||
/* Serialisation. */
|
||||
|
||||
/* d2i_ECPrivateKey parses an ASN.1, DER-encoded, private key from |len| bytes
|
||||
* at |*inp|. If |out_key| is not NULL then, on exit, a pointer to the result
|
||||
* is in |*out_key|. If |*out_key| is already non-NULL on entry then the result
|
||||
* is written directly into |*out_key|, otherwise a fresh |EC_KEY| is
|
||||
* allocated. On successful exit, |*inp| is advanced past the DER structure. It
|
||||
* returns the result or NULL on error. */
|
||||
OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey(EC_KEY **out_key, const uint8_t **inp,
|
||||
long len);
|
||||
|
||||
/* i2d_ECParameters marshals an EC private key from |key| to an ASN.1, DER
|
||||
* structure. If |outp| is not NULL then the result is written to |*outp| and
|
||||
* |*outp| is advanced just past the output. It returns the number of bytes in
|
||||
* the result, whether written or not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp);
|
||||
|
||||
/* d2i_ECParameters parses an ASN.1, DER-encoded, set of EC parameters from
|
||||
* |len| bytes at |*inp|. If |out_key| is not NULL then, on exit, a pointer to
|
||||
* the result is in |*out_key|. If |*out_key| is already non-NULL on entry then
|
||||
* the result is written directly into |*out_key|, otherwise a fresh |EC_KEY|
|
||||
* is allocated. On successful exit, |*inp| is advanced past the DER structure.
|
||||
* It returns the result or NULL on error. */
|
||||
OPENSSL_EXPORT EC_KEY *d2i_ECParameters(EC_KEY **out_key, const uint8_t **inp,
|
||||
long len);
|
||||
|
||||
/* i2d_ECParameters marshals EC parameters from |key| to an ASN.1, DER
|
||||
* structure. If |outp| is not NULL then the result is written to |*outp| and
|
||||
* |*outp| is advanced just past the output. It returns the number of bytes in
|
||||
* the result, whether written or not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_ECParameters(const EC_KEY *key, uint8_t **outp);
|
||||
|
||||
/* o2i_ECPublicKey parses an EC point from |len| bytes at |*inp| into
|
||||
* |*out_key|. Note that this differs from the d2i format in that |*out_key|
|
||||
* must be non-NULL. On successful exit, |*inp| is advanced past the DER
|
||||
* structure. It returns |*out_key| or NULL on error. */
|
||||
OPENSSL_EXPORT EC_KEY *o2i_ECPublicKey(EC_KEY **out_key, const uint8_t **inp,
|
||||
long len);
|
||||
|
||||
/* i2o_ECPublicKey marshals an EC point from |key|. If |outp| is not NULL then
|
||||
* the result is written to |*outp| and |*outp| is advanced just past the
|
||||
* output. It returns the number of bytes in the result, whether written or
|
||||
* not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2o_ECPublicKey(const EC_KEY *key, unsigned char **outp);
|
||||
|
||||
|
||||
/* ex_data functions.
|
||||
*
|
||||
* These functions are wrappers. See |ex_data.h| for details. */
|
||||
|
||||
OPENSSL_EXPORT int EC_KEY_get_ex_new_index(long argl, void *argp,
|
||||
CRYPTO_EX_new *new_func,
|
||||
CRYPTO_EX_dup *dup_func,
|
||||
CRYPTO_EX_free *free_func);
|
||||
OPENSSL_EXPORT int EC_KEY_set_ex_data(EC_KEY *r, int idx, void *arg);
|
||||
OPENSSL_EXPORT void *EC_KEY_get_ex_data(const EC_KEY *r, int idx);
|
||||
|
||||
|
||||
/* ECDSA method. */
|
||||
|
||||
/* ECDSA_FLAG_OPAQUE specifies that this ECDSA_METHOD does not expose its key
|
||||
* material. This may be set if, for instance, it is wrapping some other crypto
|
||||
* API, like a platform key store. */
|
||||
#define ECDSA_FLAG_OPAQUE 1
|
||||
|
||||
/* ecdsa_method_st is a structure of function pointers for implementing ECDSA.
|
||||
* See engine.h. */
|
||||
struct ecdsa_method_st {
|
||||
struct openssl_method_common_st common;
|
||||
|
||||
void *app_data;
|
||||
|
||||
int (*init)(EC_KEY *key);
|
||||
int (*finish)(EC_KEY *key);
|
||||
|
||||
/* group_order_size returns the number of bytes needed to represent the order
|
||||
* of the group. This is used to calculate the maximum size of an ECDSA
|
||||
* signature in |ECDSA_size|. */
|
||||
size_t (*group_order_size)(const EC_KEY *key);
|
||||
|
||||
/* sign matches the arguments and behaviour of |ECDSA_sign|. */
|
||||
int (*sign)(const uint8_t *digest, size_t digest_len, uint8_t *sig,
|
||||
unsigned int *sig_len, EC_KEY *eckey);
|
||||
|
||||
/* verify matches the arguments and behaviour of |ECDSA_verify|. */
|
||||
int (*verify)(const uint8_t *digest, size_t digest_len, const uint8_t *sig,
|
||||
size_t sig_len, EC_KEY *eckey);
|
||||
|
||||
int flags;
|
||||
};
|
||||
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
/* EC_KEY_set_asn1_flag does nothing. */
|
||||
OPENSSL_EXPORT void EC_KEY_set_asn1_flag(EC_KEY *key, int flag);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_EC_KEY_H */
|
|
@ -0,0 +1,103 @@
|
|||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
*
|
||||
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
|
||||
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
|
||||
* to the OpenSSL project.
|
||||
*
|
||||
* The ECC Code is licensed pursuant to the OpenSSL open source
|
||||
* license provided below.
|
||||
*
|
||||
* The ECDH software is originally written by Douglas Stebila of
|
||||
* Sun Microsystems Laboratories.
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* licensing@OpenSSL.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com). */
|
||||
|
||||
#ifndef OPENSSL_HEADER_ECDH_H
|
||||
#define OPENSSL_HEADER_ECDH_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/ec_key.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Elliptic curve Diffie-Hellman. */
|
||||
|
||||
|
||||
/* ECDH_compute_key calculates the shared key between |pub_key| and |priv_key|.
|
||||
* If |KDF| is not NULL, then it is called with the bytes of the shared key and
|
||||
* the parameter |out|. When |KDF| returns, the value of |*outlen| becomes the
|
||||
* return value. Otherwise, as many bytes of the shared key as will fit are
|
||||
* copied directly to, at most, |outlen| bytes at |out|. It returns the number
|
||||
* of bytes written to |out|, or -1 on error. */
|
||||
OPENSSL_EXPORT int ECDH_compute_key(void *out, size_t outlen,
|
||||
const EC_POINT *pub_key, EC_KEY *priv_key,
|
||||
void *(*KDF)(const void *in, size_t inlen,
|
||||
void *out, size_t *outlen));
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define ECDH_F_ECDH_compute_key 100
|
||||
#define ECDH_R_KDF_FAILED 100
|
||||
#define ECDH_R_NO_PRIVATE_VALUE 101
|
||||
#define ECDH_R_POINT_ARITHMETIC_FAILURE 102
|
||||
|
||||
#endif /* OPENSSL_HEADER_ECDH_H */
|
|
@ -0,0 +1,182 @@
|
|||
/* ====================================================================
|
||||
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@OpenSSL.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com). */
|
||||
|
||||
#ifndef OPENSSL_HEADER_ECDSA_H
|
||||
#define OPENSSL_HEADER_ECDSA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/ec_key.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* ECDSA contains functions for signing and verifying with the Digital Signature
|
||||
* Algorithm over elliptic curves. */
|
||||
|
||||
|
||||
/* Signing and verifing. */
|
||||
|
||||
/* ECDSA_sign signs |digest_len| bytes from |digest| with |key| and writes the
|
||||
* resulting signature to |sig|, which must have |ECDSA_size(key)| bytes of
|
||||
* space. On successful exit, |*sig_len| is set to the actual number of bytes
|
||||
* written. The |type| argument should be zero. It returns one on success and
|
||||
* zero otherwise. */
|
||||
OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest,
|
||||
size_t digest_len, uint8_t *sig,
|
||||
unsigned int *sig_len, EC_KEY *key);
|
||||
|
||||
/* ECDSA_verify verifies that |sig_len| bytes from |sig| constitute a valid
|
||||
* signature by |key| of |digest|. (The |type| argument should be zero.) It
|
||||
* returns one on success or zero if the signature is invalid or an error
|
||||
* occured. */
|
||||
OPENSSL_EXPORT int ECDSA_verify(int type, const uint8_t *digest,
|
||||
size_t digest_len, const uint8_t *sig,
|
||||
size_t sig_len, EC_KEY *key);
|
||||
|
||||
/* ECDSA_size returns the maximum size of an ECDSA signature using |key|. It
|
||||
* returns zero on error. */
|
||||
OPENSSL_EXPORT size_t ECDSA_size(const EC_KEY *key);
|
||||
|
||||
|
||||
/* Low-level signing and verification.
|
||||
*
|
||||
* Low-level functions handle signatures as |ECDSA_SIG| structures which allow
|
||||
* the two values in an ECDSA signature to be handled separately. */
|
||||
|
||||
struct ecdsa_sig_st {
|
||||
BIGNUM *r;
|
||||
BIGNUM *s;
|
||||
};
|
||||
|
||||
/* ECDSA_SIG_new returns a fresh |ECDSA_SIG| structure or NULL on error. */
|
||||
OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_new(void);
|
||||
|
||||
/* ECDSA_SIG_free frees |sig| its member |BIGNUM|s. */
|
||||
OPENSSL_EXPORT void ECDSA_SIG_free(ECDSA_SIG *sig);
|
||||
|
||||
/* ECDSA_sign signs |digest_len| bytes from |digest| with |key| and returns the
|
||||
* resulting signature structure, or NULL on error. */
|
||||
OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest,
|
||||
size_t digest_len, EC_KEY *key);
|
||||
|
||||
/* ECDSA_verify verifies that |sig| constitutes a valid signature by |key| of
|
||||
* |digest|. It returns one on success or zero if the signature is invalid or
|
||||
* on error. */
|
||||
OPENSSL_EXPORT int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
|
||||
const ECDSA_SIG *sig, EC_KEY *key);
|
||||
|
||||
|
||||
/* Signing with precomputation.
|
||||
*
|
||||
* Parts of the ECDSA signature can be independent of the message to be signed
|
||||
* thus it's possible to precompute them and reduce the signing latency.
|
||||
*
|
||||
* TODO(fork): remove support for this as it cannot support safe-randomness. */
|
||||
|
||||
/* ECDSA_sign_setup precomputes parts of an ECDSA signing operation. It sets
|
||||
* |*kinv| and |*rp| to the precomputed values and uses the |ctx| argument, if
|
||||
* not NULL. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
|
||||
BIGNUM **rp);
|
||||
|
||||
/* ECDSA_do_sign_ex is the same as |ECDSA_do_sign| but takes precomputed values
|
||||
* as generated by |ECDSA_sign_setup|. */
|
||||
OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest,
|
||||
size_t digest_len,
|
||||
const BIGNUM *kinv, const BIGNUM *rp,
|
||||
EC_KEY *eckey);
|
||||
|
||||
/* ECDSA_sign_ex is the same as |ECDSA_sign| but takes precomputed values as
|
||||
* generated by |ECDSA_sign_setup|. */
|
||||
OPENSSL_EXPORT int ECDSA_sign_ex(int type, const uint8_t *digest,
|
||||
size_t digest_len, uint8_t *sig,
|
||||
unsigned int *sig_len, const BIGNUM *kinv,
|
||||
const BIGNUM *rp, EC_KEY *eckey);
|
||||
|
||||
|
||||
/* ASN.1 functions. */
|
||||
|
||||
/* d2i_ECDSA_SIG parses an ASN.1, DER-encoded, signature from |len| bytes at
|
||||
* |*inp|. If |out| is not NULL then, on exit, a pointer to the result is in
|
||||
* |*out|. If |*out| is already non-NULL on entry then the result is written
|
||||
* directly into |*out|, otherwise a fresh |ECDSA_SIG| is allocated. On
|
||||
* successful exit, |*inp| is advanced past the DER structure. It returns the
|
||||
* result or NULL on error. */
|
||||
OPENSSL_EXPORT ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp,
|
||||
long len);
|
||||
|
||||
/* i2d_ECDSA_SIG marshals a signature from |sig| to an ASN.1, DER
|
||||
* structure. If |outp| is not NULL then the result is written to |*outp| and
|
||||
* |*outp| is advanced just past the output. It returns the number of bytes in
|
||||
* the result, whether written or not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define ECDSA_F_ECDSA_do_sign_ex 100
|
||||
#define ECDSA_F_ECDSA_do_verify 101
|
||||
#define ECDSA_F_ECDSA_sign_ex 102
|
||||
#define ECDSA_F_digest_to_bn 103
|
||||
#define ECDSA_F_ecdsa_sign_setup 104
|
||||
#define ECDSA_R_BAD_SIGNATURE 100
|
||||
#define ECDSA_R_MISSING_PARAMETERS 101
|
||||
#define ECDSA_R_NEED_NEW_SETUP_VALUES 102
|
||||
#define ECDSA_R_NOT_IMPLEMENTED 103
|
||||
#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104
|
||||
|
||||
#endif /* OPENSSL_HEADER_ECDSA_H */
|
|
@ -0,0 +1,107 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_ENGINE_H
|
||||
#define OPENSSL_HEADER_ENGINE_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Engines are collections of methods. Methods are tables of function pointers,
|
||||
* defined for certain algorithms, that allow operations on those algorithms to
|
||||
* be overridden via a callback. This can be used, for example, to implement an
|
||||
* RSA* that forwards operations to a hardware module.
|
||||
*
|
||||
* Methods are reference counted but |ENGINE|s are not. When creating a method,
|
||||
* you should zero the whole structure and fill in the function pointers that
|
||||
* you wish before setting it on an |ENGINE|. Any functions pointers that
|
||||
* are NULL indicate that the default behaviour should be used. */
|
||||
|
||||
|
||||
/* Allocation and destruction. */
|
||||
|
||||
/* ENGINE_new returns an empty ENGINE that uses the default method for all
|
||||
* algorithms. */
|
||||
OPENSSL_EXPORT ENGINE *ENGINE_new(void);
|
||||
|
||||
/* ENGINE_free decrements the reference counts for all methods linked from
|
||||
* |engine| and frees |engine| itself. */
|
||||
OPENSSL_EXPORT void ENGINE_free(ENGINE *engine);
|
||||
|
||||
|
||||
/* Method accessors.
|
||||
*
|
||||
* Method accessors take a method pointer and the size of the structure. The
|
||||
* size allows for ABI compatibility in the case that the method structure is
|
||||
* extended with extra elements at the end. Methods are always copied by the
|
||||
* set functions.
|
||||
*
|
||||
* Set functions return one on success and zero on allocation failure. */
|
||||
|
||||
OPENSSL_EXPORT int ENGINE_set_DH_method(ENGINE *engine, const DH_METHOD *method,
|
||||
size_t method_size);
|
||||
OPENSSL_EXPORT DH_METHOD *ENGINE_get_DH_method(const ENGINE *engine);
|
||||
|
||||
OPENSSL_EXPORT int ENGINE_set_DSA_method(ENGINE *engine,
|
||||
const DSA_METHOD *method,
|
||||
size_t method_size);
|
||||
OPENSSL_EXPORT DSA_METHOD *ENGINE_get_DSA_method(const ENGINE *engine);
|
||||
|
||||
OPENSSL_EXPORT int ENGINE_set_RSA_method(ENGINE *engine,
|
||||
const RSA_METHOD *method,
|
||||
size_t method_size);
|
||||
OPENSSL_EXPORT RSA_METHOD *ENGINE_get_RSA_method(const ENGINE *engine);
|
||||
|
||||
OPENSSL_EXPORT int ENGINE_set_ECDSA_method(ENGINE *engine,
|
||||
const ECDSA_METHOD *method,
|
||||
size_t method_size);
|
||||
OPENSSL_EXPORT ECDSA_METHOD *ENGINE_get_ECDSA_method(const ENGINE *engine);
|
||||
|
||||
|
||||
/* Generic method functions.
|
||||
*
|
||||
* These functions take a void* type but actually operate on all method
|
||||
* structures. */
|
||||
|
||||
/* METHOD_ref increments the reference count of |method|. This is a no-op for
|
||||
* now because all methods are currently static. */
|
||||
void METHOD_ref(void *method);
|
||||
|
||||
/* METHOD_unref decrements the reference count of |method| and frees it if the
|
||||
* reference count drops to zero. This is a no-op for now because all methods
|
||||
* are currently static. */
|
||||
void METHOD_unref(void *method);
|
||||
|
||||
|
||||
/* Private functions. */
|
||||
|
||||
/* openssl_method_common_st contains the common part of all method structures.
|
||||
* This must be the first member of all method structures. */
|
||||
struct openssl_method_common_st {
|
||||
int references; /* dummy – not used. */
|
||||
char is_static;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define ENGINE_R_OPERATION_NOT_SUPPORTED 100
|
||||
|
||||
#endif /* OPENSSL_HEADER_ENGINE_H */
|
|
@ -0,0 +1,509 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com). */
|
||||
|
||||
#ifndef OPENSSL_HEADER_ERR_H
|
||||
#define OPENSSL_HEADER_ERR_H
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Error queue handling functions.
|
||||
*
|
||||
* Errors in OpenSSL are generally signalled by the return value of a function.
|
||||
* When a function fails it may add an entry to a per-thread error queue,
|
||||
* which is managed by the functions in this header.
|
||||
*
|
||||
* Each error contains:
|
||||
* 1) The library (i.e. ec, pem, rsa) which created it.
|
||||
* 2) A function identifier and reason code.
|
||||
* 3) The file and line number of the call that added the error.
|
||||
* 4) A pointer to some error specific data, which may be NULL.
|
||||
*
|
||||
* The library identifier, function identifier and reason code are packed in a
|
||||
* uint32_t and there exist various functions for unpacking it.
|
||||
*
|
||||
* The typical behaviour is that an error will occur deep in a call queue and
|
||||
* that code will push an error onto the error queue. As the error queue
|
||||
* unwinds, other functions will push their own errors. Thus, the "least
|
||||
* recent" error is the most specific and the other errors will provide a
|
||||
* backtrace of sorts. */
|
||||
|
||||
|
||||
/* Startup and shutdown. */
|
||||
|
||||
/* ERR_load_BIO_strings does nothing.
|
||||
*
|
||||
* TODO(fork): remove. libjingle calls this. */
|
||||
OPENSSL_EXPORT void ERR_load_BIO_strings(void);
|
||||
|
||||
/* ERR_load_ERR_strings does nothing. */
|
||||
OPENSSL_EXPORT void ERR_load_ERR_strings(void);
|
||||
|
||||
/* ERR_load_crypto_strings does nothing. */
|
||||
OPENSSL_EXPORT void ERR_load_crypto_strings(void);
|
||||
|
||||
/* ERR_free_strings does nothing. */
|
||||
OPENSSL_EXPORT void ERR_free_strings(void);
|
||||
|
||||
|
||||
/* Reading and formatting errors. */
|
||||
|
||||
/* ERR_get_error gets the packed error code for the least recent error and
|
||||
* removes that error from the queue. If there are no errors in the queue then
|
||||
* it returns zero. */
|
||||
OPENSSL_EXPORT uint32_t ERR_get_error(void);
|
||||
|
||||
/* ERR_get_error_line acts like |ERR_get_error|, except that the file and line
|
||||
* number of the call that added the error are also returned. */
|
||||
OPENSSL_EXPORT uint32_t ERR_get_error_line(const char **file, int *line);
|
||||
|
||||
/* ERR_get_error_line_data acts like |ERR_get_error_line|, but also returns the
|
||||
* error-specific data pointer and flags. The flags are a bitwise-OR of
|
||||
* |ERR_FLAG_*| values. The error-specific data is owned by the error queue
|
||||
* and the pointer becomes invalid after the next call that affects the same
|
||||
* thread's error queue. If |*flags| contains |ERR_FLAG_STRING| then |*data| is
|
||||
* human-readable. */
|
||||
OPENSSL_EXPORT uint32_t ERR_get_error_line_data(const char **file, int *line,
|
||||
const char **data, int *flags);
|
||||
|
||||
/* The "peek" functions act like the |ERR_get_error| functions, above, but they
|
||||
* do not remove the error from the queue. */
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_error(void);
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_error_line(const char **file, int *line);
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_error_line_data(const char **file, int *line,
|
||||
const char **data, int *flags);
|
||||
|
||||
/* The "peek last" functions act like the "peek" functions, above, except that
|
||||
* they return the most recent error. */
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_last_error(void);
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_last_error_line(const char **file, int *line);
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_last_error_line_data(const char **file,
|
||||
int *line,
|
||||
const char **data,
|
||||
int *flags);
|
||||
|
||||
/* ERR_error_string generates a human-readable string representing
|
||||
* |packed_error|, places it at |buf| (which must be at least
|
||||
* ERR_ERROR_STRING_BUF_LEN bytes long) and returns |buf|. If |buf| is NULL,
|
||||
* the error string is placed in a static buffer which is returned. (The static
|
||||
* buffer may be overridden by concurrent calls in other threads so this form
|
||||
* is deprecated.)
|
||||
*
|
||||
* The string will have the following format:
|
||||
*
|
||||
* error:[error code]:[library name]:[function name]:[reason string]
|
||||
*
|
||||
* error code is an 8 digit hexadecimal number; library name, function name
|
||||
* and reason string are ASCII text.
|
||||
*
|
||||
* TODO(fork): remove in favour of |ERR_error_string_n|. */
|
||||
OPENSSL_EXPORT char *ERR_error_string(uint32_t packed_error, char *buf);
|
||||
#define ERR_ERROR_STRING_BUF_LEN 256
|
||||
|
||||
/* ERR_error_string_n is a variant of |ERR_error_string| that writes at most
|
||||
* len characters (including the terminating NUL) and truncates the string if
|
||||
* necessary. If |len| is greater than zero then |buf| is always NUL
|
||||
* terminated. */
|
||||
OPENSSL_EXPORT void ERR_error_string_n(uint32_t packed_error, char *buf,
|
||||
size_t len);
|
||||
|
||||
/* ERR_lib_error_string returns a string representation of the library that
|
||||
* generated |packed_error|. */
|
||||
OPENSSL_EXPORT const char *ERR_lib_error_string(uint32_t packed_error);
|
||||
|
||||
/* ERR_func_error_string returns a string representation of the function that
|
||||
* generated |packed_error|. */
|
||||
OPENSSL_EXPORT const char *ERR_func_error_string(uint32_t packed_error);
|
||||
|
||||
/* ERR_reason_error_string returns a string representation of the reason for
|
||||
* |packed_error|. */
|
||||
OPENSSL_EXPORT const char *ERR_reason_error_string(uint32_t packed_error);
|
||||
|
||||
/* ERR_print_errors_callback_t is the type of a function used by
|
||||
* |ERR_print_errors_cb|. It takes a pointer to a human readable string (and
|
||||
* its length) that describes an entry in the error queue. The |ctx| argument
|
||||
* is an opaque pointer given to |ERR_print_errors_cb|.
|
||||
*
|
||||
* It should return one on success or zero on error, which will stop the
|
||||
* iteration over the error queue. */
|
||||
typedef int (*ERR_print_errors_callback_t)(const char *str, size_t len,
|
||||
void *ctx);
|
||||
|
||||
/* ERR_print_errors_cb calls |callback| with a string representation of each
|
||||
* error in the current thread's error queue, from the least recent to the most
|
||||
* recent error.
|
||||
*
|
||||
* The string will have the following format (which differs from
|
||||
* |ERR_error_string|):
|
||||
*
|
||||
* [thread id]:error:[error code]:[library name]:[function name]:
|
||||
* [reason string]:[file]:[line number]:[optional string data]
|
||||
*
|
||||
* (All in one line.)
|
||||
*
|
||||
* The callback can return one to continue the iteration or zero to stop it.
|
||||
* The |ctx| argument is an opaque value that is passed through to the
|
||||
* callback. */
|
||||
OPENSSL_EXPORT void ERR_print_errors_cb(ERR_print_errors_callback_t callback,
|
||||
void *ctx);
|
||||
|
||||
|
||||
/* ERR_print_errors_fp prints the current contents of the error stack to |file|
|
||||
* using human readable strings where possible. */
|
||||
OPENSSL_EXPORT void ERR_print_errors_fp(FILE *file);
|
||||
|
||||
/* Clearing errors. */
|
||||
|
||||
/* ERR_clear_error clears the error queue for the current thread. */
|
||||
OPENSSL_EXPORT void ERR_clear_error(void);
|
||||
|
||||
/* ERR_remove_thread_state clears the error queue for the current thread if
|
||||
* |tid| is NULL. Otherwise it calls |assert(0)|, because it's no longer
|
||||
* possible to delete the error queue for other threads.
|
||||
*
|
||||
* Error queues are thread-local data and are deleted automatically. You do not
|
||||
* need to call this function. Use |ERR_clear_error|. */
|
||||
OPENSSL_EXPORT void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
|
||||
|
||||
|
||||
/* Custom errors. */
|
||||
|
||||
/* ERR_get_next_error_library returns a value suitable for passing as the
|
||||
* |library| argument to |ERR_put_error|. This is intended for code that wishes
|
||||
* to push its own, non-standard errors to the error queue. */
|
||||
OPENSSL_EXPORT int ERR_get_next_error_library(void);
|
||||
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
/* |ERR_remove_state| calls |ERR_clear_error|. */
|
||||
OPENSSL_EXPORT void ERR_remove_state(unsigned long pid);
|
||||
|
||||
|
||||
/* Private functions. */
|
||||
|
||||
/* ERR_clear_system_error clears the system's error value (i.e. errno). */
|
||||
OPENSSL_EXPORT void ERR_clear_system_error(void);
|
||||
|
||||
/* OPENSSL_PUT_ERROR is used by OpenSSL code to add an error to the error
|
||||
* queue. */
|
||||
#define OPENSSL_PUT_ERROR(library, func, reason) \
|
||||
ERR_put_error(ERR_LIB_##library, library##_F_##func, reason, __FILE__, \
|
||||
__LINE__)
|
||||
|
||||
/* OPENSSL_PUT_SYSTEM_ERROR is used by OpenSSL code to add an error from the
|
||||
* operating system to the error queue. */
|
||||
/* TODO(fork): include errno. */
|
||||
#define OPENSSL_PUT_SYSTEM_ERROR(func) \
|
||||
ERR_put_error(ERR_LIB_SYS, SYS_F_##func, 0, __FILE__, __LINE__);
|
||||
|
||||
/* ERR_put_error adds an error to the error queue, dropping the least recent
|
||||
* error if neccessary for space reasons. */
|
||||
OPENSSL_EXPORT void ERR_put_error(int library, int func, int reason,
|
||||
const char *file, unsigned line);
|
||||
|
||||
/* ERR_add_error_data takes a variable number (|count|) of const char*
|
||||
* pointers, concatenates them and sets the result as the data on the most
|
||||
* recent error. */
|
||||
OPENSSL_EXPORT void ERR_add_error_data(unsigned count, ...);
|
||||
|
||||
/* ERR_add_error_dataf takes a printf-style format and arguments, and sets the
|
||||
* result as the data on the most recent error. */
|
||||
OPENSSL_EXPORT void ERR_add_error_dataf(const char *format, ...);
|
||||
|
||||
/* ERR_set_mark "marks" the most recent error for use with |ERR_pop_to_mark|.
|
||||
* It returns one if an error was marked and zero if there are no errors. */
|
||||
OPENSSL_EXPORT int ERR_set_mark(void);
|
||||
|
||||
/* ERR_pop_to_mark removes errors from the most recent to the least recent
|
||||
* until (and not including) a "marked" error. It returns zero if no marked
|
||||
* error was found (and thus all errors were removed) and one otherwise. Errors
|
||||
* are marked using |ERR_set_mark|. */
|
||||
OPENSSL_EXPORT int ERR_pop_to_mark(void);
|
||||
|
||||
struct err_error_st {
|
||||
/* file contains the filename where the error occured. */
|
||||
const char *file;
|
||||
/* data contains optional data. It must be freed with |OPENSSL_free| if
|
||||
* |flags&ERR_FLAG_MALLOCED|. */
|
||||
char *data;
|
||||
/* packed contains the error library, function and reason, as packed by
|
||||
* ERR_PACK. */
|
||||
uint32_t packed;
|
||||
/* line contains the line number where the error occured. */
|
||||
uint16_t line;
|
||||
/* flags contains a bitwise-OR of ERR_FLAG_* values. */
|
||||
uint8_t flags;
|
||||
};
|
||||
|
||||
/* ERR_FLAG_STRING means that the |data| member is a NUL-terminated string that
|
||||
* can be printed. */
|
||||
#define ERR_FLAG_STRING 1
|
||||
/* ERR_TXT_STRING is provided for compatibility with code that assumes that
|
||||
* it's using OpenSSL. */
|
||||
#define ERR_TXT_STRING ERR_FLAG_STRING
|
||||
|
||||
/* ERR_FLAG_PUBLIC_MASK is applied to the flags field before it is returned
|
||||
* from functions like |ERR_get_error_line_data|. */
|
||||
#define ERR_FLAG_PUBLIC_MASK 0xf
|
||||
|
||||
/* The following flag values are internal and are masked when flags are
|
||||
* returned from functions like |ERR_get_error_line_data|. */
|
||||
|
||||
/* ERR_FLAG_MALLOCED means the the |data| member must be freed when no longer
|
||||
* needed. */
|
||||
#define ERR_FLAG_MALLOCED 16
|
||||
/* ERR_FLAG_MARK is used to indicate a reversion point in the queue. See
|
||||
* |ERR_pop_to_mark|. */
|
||||
#define ERR_FLAG_MARK 32
|
||||
|
||||
/* ERR_NUM_ERRORS is the limit of the number of errors in the queue. */
|
||||
#define ERR_NUM_ERRORS 16
|
||||
|
||||
/* ERR_STATE contains the per-thread, error queue. */
|
||||
typedef struct err_state_st {
|
||||
/* errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring
|
||||
* buffer. */
|
||||
struct err_error_st errors[ERR_NUM_ERRORS];
|
||||
/* top contains the index one past the most recent error. If |top| equals
|
||||
* |bottom| then the queue is empty. */
|
||||
unsigned top;
|
||||
/* bottom contains the index of the last error in the queue. */
|
||||
unsigned bottom;
|
||||
|
||||
/* to_free, if not NULL, contains a pointer owned by this structure that was
|
||||
* previously a |data| pointer of one of the elements of |errors|. */
|
||||
void *to_free;
|
||||
} ERR_STATE;
|
||||
|
||||
enum {
|
||||
ERR_LIB_NONE = 1,
|
||||
ERR_LIB_SYS,
|
||||
ERR_LIB_BN,
|
||||
ERR_LIB_RSA,
|
||||
ERR_LIB_DH,
|
||||
ERR_LIB_EVP,
|
||||
ERR_LIB_BUF,
|
||||
ERR_LIB_OBJ,
|
||||
ERR_LIB_PEM,
|
||||
ERR_LIB_DSA,
|
||||
ERR_LIB_X509,
|
||||
ERR_LIB_ASN1,
|
||||
ERR_LIB_CONF,
|
||||
ERR_LIB_CRYPTO,
|
||||
ERR_LIB_EC,
|
||||
ERR_LIB_SSL,
|
||||
ERR_LIB_BIO,
|
||||
ERR_LIB_PKCS7,
|
||||
ERR_LIB_PKCS8,
|
||||
ERR_LIB_X509V3,
|
||||
ERR_LIB_RAND,
|
||||
ERR_LIB_ENGINE,
|
||||
ERR_LIB_OCSP,
|
||||
ERR_LIB_UI,
|
||||
ERR_LIB_COMP,
|
||||
ERR_LIB_ECDSA,
|
||||
ERR_LIB_ECDH,
|
||||
ERR_LIB_HMAC,
|
||||
ERR_LIB_DIGEST,
|
||||
ERR_LIB_CIPHER,
|
||||
ERR_LIB_USER,
|
||||
ERR_LIB_HKDF,
|
||||
ERR_NUM_LIBS
|
||||
};
|
||||
|
||||
#define ERR_R_SYS_LIB ERR_LIB_SYS
|
||||
#define ERR_R_BN_LIB ERR_LIB_BN
|
||||
#define ERR_R_RSA_LIB ERR_LIB_RSA
|
||||
#define ERR_R_DH_LIB ERR_LIB_DH
|
||||
#define ERR_R_EVP_LIB ERR_LIB_EVP
|
||||
#define ERR_R_BUF_LIB ERR_LIB_BUF
|
||||
#define ERR_R_OBJ_LIB ERR_LIB_OBJ
|
||||
#define ERR_R_PEM_LIB ERR_LIB_PEM
|
||||
#define ERR_R_DSA_LIB ERR_LIB_DSA
|
||||
#define ERR_R_X509_LIB ERR_LIB_X509
|
||||
#define ERR_R_ASN1_LIB ERR_LIB_ASN1
|
||||
#define ERR_R_CONF_LIB ERR_LIB_CONF
|
||||
#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO
|
||||
#define ERR_R_EC_LIB ERR_LIB_EC
|
||||
#define ERR_R_SSL_LIB ERR_LIB_SSL
|
||||
#define ERR_R_BIO_LIB ERR_LIB_BIO
|
||||
#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7
|
||||
#define ERR_R_PKCS8_LIB ERR_LIB_PKCS8
|
||||
#define ERR_R_X509V3_LIB ERR_LIB_X509V3
|
||||
#define ERR_R_RAND_LIB ERR_LIB_RAND
|
||||
#define ERR_R_DSO_LIB ERR_LIB_DSO
|
||||
#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE
|
||||
#define ERR_R_OCSP_LIB ERR_LIB_OCSP
|
||||
#define ERR_R_UI_LIB ERR_LIB_UI
|
||||
#define ERR_R_COMP_LIB ERR_LIB_COMP
|
||||
#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA
|
||||
#define ERR_R_ECDH_LIB ERR_LIB_ECDH
|
||||
#define ERR_R_STORE_LIB ERR_LIB_STORE
|
||||
#define ERR_R_FIPS_LIB ERR_LIB_FIPS
|
||||
#define ERR_R_CMS_LIB ERR_LIB_CMS
|
||||
#define ERR_R_TS_LIB ERR_LIB_TS
|
||||
#define ERR_R_HMAC_LIB ERR_LIB_HMAC
|
||||
#define ERR_R_JPAKE_LIB ERR_LIB_JPAKE
|
||||
#define ERR_R_USER_LIB ERR_LIB_USER
|
||||
#define ERR_R_DIGEST_LIB ERR_LIB_DIGEST
|
||||
#define ERR_R_CIPHER_LIB ERR_LIB_CIPHER
|
||||
#define ERR_R_HKDF_LIB ERR_LIB_HKDF
|
||||
|
||||
/* Global reasons. */
|
||||
#define ERR_R_FATAL 64
|
||||
#define ERR_R_MALLOC_FAILURE (1 | ERR_R_FATAL)
|
||||
#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2 | ERR_R_FATAL)
|
||||
#define ERR_R_PASSED_NULL_PARAMETER (3 | ERR_R_FATAL)
|
||||
#define ERR_R_INTERNAL_ERROR (4 | ERR_R_FATAL)
|
||||
#define ERR_R_OVERFLOW (5 | ERR_R_FATAL)
|
||||
|
||||
/* System error functions */
|
||||
#define SYS_F_fopen 100
|
||||
#define SYS_F_fclose 101
|
||||
#define SYS_F_fread 102
|
||||
#define SYS_F_fwrite 103
|
||||
#define SYS_F_socket 104
|
||||
#define SYS_F_setsockopt 105
|
||||
#define SYS_F_connect 106
|
||||
#define SYS_F_getaddrinfo 107
|
||||
|
||||
#define ERR_PACK(lib, func, reason) \
|
||||
(((((uint32_t)lib) & 0xff) << 24) | ((((uint32_t)func) & 0xfff) << 12) | \
|
||||
((((uint32_t)reason) & 0xfff)))
|
||||
|
||||
#define ERR_GET_LIB(packed_error) ((int)(((packed_error) >> 24) & 0xff))
|
||||
#define ERR_GET_FUNC(packed_error) ((int)(((packed_error) >> 12) & 0xfff))
|
||||
#define ERR_GET_REASON(packed_error) ((int)((packed_error) & 0xfff))
|
||||
|
||||
/* OPENSSL_DECLARE_ERROR_REASON is used by util/make_errors.h (which generates
|
||||
* the error defines) to recognise that an additional reason value is needed.
|
||||
* This is needed when the reason value is used outside of an
|
||||
* |OPENSSL_PUT_ERROR| macro. The resulting define will be
|
||||
* ${lib}_R_${reason}. */
|
||||
#define OPENSSL_DECLARE_ERROR_REASON(lib, reason)
|
||||
|
||||
/* OPENSSL_DECLARE_ERROR_FUNCTION is used by util/make_errors.h (which
|
||||
* generates the error * defines to recognise that an additional function value
|
||||
* is needed. This is * needed when the function value is used outside of an
|
||||
* |OPENSSL_PUT_ERROR| * macro. The resulting define will be
|
||||
* ${lib}_F_${reason}. */
|
||||
#define OPENSSL_DECLARE_ERROR_FUNCTION(lib, function_name)
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_ERR_H */
|
|
@ -0,0 +1,826 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_EVP_H
|
||||
#define OPENSSL_HEADER_EVP_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/thread.h>
|
||||
|
||||
/* OpenSSL included digest and cipher functions in this header so we include
|
||||
* them for users that still expect that.
|
||||
*
|
||||
* TODO(fork): clean up callers so that they include what they use. */
|
||||
#include <openssl/aead.h>
|
||||
#include <openssl/cipher.h>
|
||||
#include <openssl/digest.h>
|
||||
#include <openssl/obj.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* EVP abstracts over public/private key algorithms. */
|
||||
|
||||
|
||||
/* Public key objects. */
|
||||
|
||||
/* EVP_PKEY_new creates a new, empty public-key object and returns it or NULL
|
||||
* on allocation failure. */
|
||||
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new(void);
|
||||
|
||||
/* EVP_PKEY_free frees all data referenced by |pkey| and then frees |pkey|
|
||||
* itself. */
|
||||
OPENSSL_EXPORT void EVP_PKEY_free(EVP_PKEY *pkey);
|
||||
|
||||
/* EVP_PKEY_up_ref increments the reference count of |pkey| and returns it. */
|
||||
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_up_ref(EVP_PKEY *pkey);
|
||||
|
||||
/* EVP_PKEY_is_opaque returns one if |pkey| is opaque. Opaque keys are backed by
|
||||
* custom implementations which do not expose key material and parameters. It is
|
||||
* an error to attempt to duplicate, export, or compare an opaque key. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_is_opaque(const EVP_PKEY *pkey);
|
||||
|
||||
/* EVP_PKEY_supports_digest returns one if |pkey| supports digests of
|
||||
* type |md|. This is intended for use with EVP_PKEYs backing custom
|
||||
* implementations which can't sign all digests. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_supports_digest(const EVP_PKEY *pkey,
|
||||
const EVP_MD *md);
|
||||
|
||||
/* EVP_PKEY_cmp compares |a| and |b| and returns one if they are equal, zero if
|
||||
* not and a negative number on error.
|
||||
*
|
||||
* WARNING: this differs from the traditional return value of a "cmp"
|
||||
* function. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
|
||||
|
||||
/* EVP_PKEY_copy_parameters sets the parameters of |to| to equal the parameters
|
||||
* of |from|. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
|
||||
|
||||
/* EVP_PKEY_missing_parameters returns one if |pkey| is missing needed
|
||||
* parameters or zero if not, or if the algorithm doesn't take parameters. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
|
||||
|
||||
/* EVP_PKEY_size returns the maximum size, in bytes, of a signature signed by
|
||||
* |pkey|. For an RSA key, this returns the number of bytes needed to represent
|
||||
* the modulus. For an EC key, this returns the maximum size of a DER-encoded
|
||||
* ECDSA signature. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_size(const EVP_PKEY *pkey);
|
||||
|
||||
/* EVP_PKEY_bits returns the "size", in bits, of |pkey|. For an RSA key, this
|
||||
* returns the bit length of the modulus. For an EC key, this returns the bit
|
||||
* length of the group order. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_bits(EVP_PKEY *pkey);
|
||||
|
||||
/* EVP_PKEY_id returns the type of |pkey|, which is one of the |EVP_PKEY_*|
|
||||
* values. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_id(const EVP_PKEY *pkey);
|
||||
|
||||
/* EVP_PKEY_type returns a canonicalised form of |NID|. For example,
|
||||
* |EVP_PKEY_RSA2| will be turned into |EVP_PKEY_RSA|. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_type(int nid);
|
||||
|
||||
/* Deprecated: EVP_PKEY_new_mac_key allocates a fresh |EVP_PKEY| of the given
|
||||
* type (e.g. |EVP_PKEY_HMAC|), sets |mac_key| as the MAC key and "generates" a
|
||||
* new key, suitable for signing. It returns the fresh |EVP_PKEY|, or NULL on
|
||||
* error. Use |HMAC_CTX| directly instead. */
|
||||
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *engine,
|
||||
const uint8_t *mac_key,
|
||||
size_t mac_key_len);
|
||||
|
||||
|
||||
/* Getting and setting concrete public key types.
|
||||
*
|
||||
* The following functions get and set the underlying public key in an
|
||||
* |EVP_PKEY| object. The |set1| functions take an additional reference to the
|
||||
* underlying key and return one on success or zero on error. The |assign|
|
||||
* functions adopt the caller's reference. The getters return a fresh reference
|
||||
* to the underlying object. */
|
||||
|
||||
OPENSSL_EXPORT int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
|
||||
OPENSSL_EXPORT int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
|
||||
OPENSSL_EXPORT RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
|
||||
|
||||
OPENSSL_EXPORT int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
|
||||
OPENSSL_EXPORT int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
|
||||
OPENSSL_EXPORT struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
|
||||
|
||||
OPENSSL_EXPORT int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
|
||||
OPENSSL_EXPORT int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
|
||||
OPENSSL_EXPORT struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
|
||||
|
||||
OPENSSL_EXPORT int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
|
||||
OPENSSL_EXPORT int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
|
||||
OPENSSL_EXPORT struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
|
||||
|
||||
#define EVP_PKEY_NONE NID_undef
|
||||
#define EVP_PKEY_RSA NID_rsaEncryption
|
||||
#define EVP_PKEY_RSA2 NID_rsa
|
||||
#define EVP_PKEY_DSA NID_dsa
|
||||
#define EVP_PKEY_DH NID_dhKeyAgreement
|
||||
#define EVP_PKEY_DHX NID_dhpublicnumber
|
||||
#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
|
||||
|
||||
/* Deprecated: Use |HMAC_CTX| directly instead. */
|
||||
#define EVP_PKEY_HMAC NID_hmac
|
||||
|
||||
/* EVP_PKEY_assign sets the underlying key of |pkey| to |key|, which must be of
|
||||
* the given type. The |type| argument should be one of the |EVP_PKEY_*|
|
||||
* values. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
|
||||
|
||||
/* EVP_PKEY_set_type sets the type of |pkey| to |type|, which should be one of
|
||||
* the |EVP_PKEY_*| values. It returns one if sucessful or zero otherwise. If
|
||||
* |pkey| is NULL, it simply reports whether the type is known. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
|
||||
|
||||
/* EVP_PKEY_cmp_parameters compares the parameters of |a| and |b|. It returns
|
||||
* one if they match, zero if not, or a negative number of on error.
|
||||
*
|
||||
* WARNING: the return value differs from the usual return value convention. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_cmp_parameters(const EVP_PKEY *a,
|
||||
const EVP_PKEY *b);
|
||||
|
||||
|
||||
/* ASN.1 functions */
|
||||
|
||||
/* d2i_PrivateKey parses an ASN.1, DER-encoded, private key from |len| bytes at
|
||||
* |*inp|. If |out| is not NULL then, on exit, a pointer to the result is in
|
||||
* |*out|. If |*out| is already non-NULL on entry then the result is written
|
||||
* directly into |*out|, otherwise a fresh |EVP_PKEY| is allocated. On
|
||||
* successful exit, |*inp| is advanced past the DER structure. It returns the
|
||||
* result or NULL on error. */
|
||||
OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out,
|
||||
const uint8_t **inp, long len);
|
||||
|
||||
/* d2i_AutoPrivateKey acts the same as |d2i_PrivateKey|, but detects the type
|
||||
* of the private key. */
|
||||
OPENSSL_EXPORT EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp,
|
||||
long len);
|
||||
|
||||
/* i2d_PrivateKey marshals a private key from |key| to an ASN.1, DER
|
||||
* structure. If |outp| is not NULL then the result is written to |*outp| and
|
||||
* |*outp| is advanced just past the output. It returns the number of bytes in
|
||||
* the result, whether written or not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_PrivateKey(const EVP_PKEY *key, uint8_t **outp);
|
||||
|
||||
/* i2d_PublicKey marshals a public key from |key| to an ASN.1, DER
|
||||
* structure. If |outp| is not NULL then the result is written to |*outp| and
|
||||
* |*outp| is advanced just past the output. It returns the number of bytes in
|
||||
* the result, whether written or not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_PublicKey(EVP_PKEY *key, uint8_t **outp);
|
||||
|
||||
|
||||
/* Signing */
|
||||
|
||||
/* EVP_DigestSignInit sets up |ctx| for a signing operation with |type| and
|
||||
* |pkey|. The |ctx| argument must have been initialised with
|
||||
* |EVP_MD_CTX_init|. If |pctx| is not NULL, the |EVP_PKEY_CTX| of the signing
|
||||
* operation will be written to |*pctx|; this can be used to set alternative
|
||||
* signing options.
|
||||
*
|
||||
* It returns one on success, or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||
const EVP_MD *type, ENGINE *e,
|
||||
EVP_PKEY *pkey);
|
||||
|
||||
/* EVP_DigestSignUpdate appends |len| bytes from |data| to the data which will
|
||||
* be signed in |EVP_DigestSignFinal|. It returns one. */
|
||||
OPENSSL_EXPORT int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data,
|
||||
size_t len);
|
||||
|
||||
/* EVP_DigestSignFinal signs the data that has been included by one or more
|
||||
* calls to |EVP_DigestSignUpdate|. If |out_sig| is NULL then |*out_sig_len| is
|
||||
* set to the maximum number of output bytes. Otherwise, on entry,
|
||||
* |*out_sig_len| must contain the length of the |out_sig| buffer. If the call
|
||||
* is successful, the signature is written to |out_sig| and |*out_sig_len| is
|
||||
* set to its length.
|
||||
*
|
||||
* It returns one on success, or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_DigestSignFinal(EVP_MD_CTX *ctx, uint8_t *out_sig,
|
||||
size_t *out_sig_len);
|
||||
|
||||
/* EVP_DigestSignAlgorithm encodes the signing parameters of |ctx| as an
|
||||
* AlgorithmIdentifer and saves the result in |algor|.
|
||||
*
|
||||
* It returns one on success, or zero on error.
|
||||
*
|
||||
* TODO(davidben): This API should eventually lose the dependency on
|
||||
* crypto/asn1/. */
|
||||
OPENSSL_EXPORT int EVP_DigestSignAlgorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor);
|
||||
|
||||
|
||||
/* Verifying */
|
||||
|
||||
/* EVP_DigestVerifyInit sets up |ctx| for a signature verification operation
|
||||
* with |type| and |pkey|. The |ctx| argument must have been initialised with
|
||||
* |EVP_MD_CTX_init|. If |pctx| is not NULL, the |EVP_PKEY_CTX| of the signing
|
||||
* operation will be written to |*pctx|; this can be used to set alternative
|
||||
* signing options.
|
||||
*
|
||||
* It returns one on success, or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||
const EVP_MD *type, ENGINE *e,
|
||||
EVP_PKEY *pkey);
|
||||
|
||||
/* EVP_DigestVerifyInitFromAlgorithm sets up |ctx| for a signature verification
|
||||
* operation with public key |pkey| and parameters from |algor|. The |ctx|
|
||||
* argument must have been initialised with |EVP_MD_CTX_init|.
|
||||
*
|
||||
* It returns one on success, or zero on error.
|
||||
*
|
||||
* TODO(davidben): This API should eventually lose the dependency on
|
||||
* crypto/asn1/. */
|
||||
OPENSSL_EXPORT int EVP_DigestVerifyInitFromAlgorithm(EVP_MD_CTX *ctx,
|
||||
X509_ALGOR *algor,
|
||||
EVP_PKEY *pkey);
|
||||
|
||||
/* EVP_DigestVerifyUpdate appends |len| bytes from |data| to the data which
|
||||
* will be verified by |EVP_DigestVerifyFinal|. It returns one. */
|
||||
OPENSSL_EXPORT int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data,
|
||||
size_t len);
|
||||
|
||||
/* EVP_DigestVerifyFinal verifies that |sig_len| bytes of |sig| are a valid
|
||||
* signature for the data that has been included by one or more calls to
|
||||
* |EVP_DigestVerifyUpdate|. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig,
|
||||
size_t sig_len);
|
||||
|
||||
|
||||
/* Signing (old functions) */
|
||||
|
||||
/* EVP_SignInit_ex configures |ctx|, which must already have been initialised,
|
||||
* for a fresh signing operation using the hash function |type|. It returns one
|
||||
* on success and zero otherwise.
|
||||
*
|
||||
* (In order to initialise |ctx|, either obtain it initialised with
|
||||
* |EVP_MD_CTX_create|, or use |EVP_MD_CTX_init|.) */
|
||||
OPENSSL_EXPORT int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
|
||||
ENGINE *impl);
|
||||
|
||||
/* EVP_SignInit is a deprecated version of |EVP_SignInit_ex|.
|
||||
*
|
||||
* TODO(fork): remove. */
|
||||
OPENSSL_EXPORT int EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
|
||||
|
||||
/* EVP_SignUpdate appends |len| bytes from |data| to the data which will be
|
||||
* signed in |EVP_SignFinal|. */
|
||||
OPENSSL_EXPORT int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *data,
|
||||
size_t len);
|
||||
|
||||
/* EVP_SignFinal signs the data that has been included by one or more calls to
|
||||
* |EVP_SignUpdate|, using the key |pkey|, and writes it to |sig|. On entry,
|
||||
* |sig| must point to at least |EVP_PKEY_size(pkey)| bytes of space. The
|
||||
* actual size of the signature is written to |*out_sig_len|.
|
||||
*
|
||||
* It returns one on success and zero otherwise.
|
||||
*
|
||||
* It does not modify |ctx|, thus it's possible to continue to use |ctx| in
|
||||
* order to sign a longer message. */
|
||||
OPENSSL_EXPORT int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
|
||||
unsigned int *out_sig_len, EVP_PKEY *pkey);
|
||||
|
||||
|
||||
/* Verifying (old functions) */
|
||||
|
||||
/* EVP_VerifyInit_ex configures |ctx|, which must already have been
|
||||
* initialised, for a fresh signature verification operation using the hash
|
||||
* function |type|. It returns one on success and zero otherwise.
|
||||
*
|
||||
* (In order to initialise |ctx|, either obtain it initialised with
|
||||
* |EVP_MD_CTX_create|, or use |EVP_MD_CTX_init|.) */
|
||||
OPENSSL_EXPORT int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
|
||||
ENGINE *impl);
|
||||
|
||||
/* EVP_VerifyInit is a deprecated version of |EVP_VerifyInit_ex|.
|
||||
*
|
||||
* TODO(fork): remove. */
|
||||
OPENSSL_EXPORT int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
|
||||
|
||||
/* EVP_VerifyUpdate appends |len| bytes from |data| to the data which will be
|
||||
* signed in |EVP_VerifyFinal|. */
|
||||
OPENSSL_EXPORT int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *data,
|
||||
size_t len);
|
||||
|
||||
/* EVP_VerifyFinal verifies that |sig_len| bytes of |sig| are a valid
|
||||
* signature, by |pkey|, for the data that has been included by one or more
|
||||
* calls to |EVP_VerifyUpdate|.
|
||||
*
|
||||
* It returns one on success and zero otherwise.
|
||||
*
|
||||
* It does not modify |ctx|, thus it's possible to continue to use |ctx| in
|
||||
* order to sign a longer message. */
|
||||
OPENSSL_EXPORT int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig,
|
||||
size_t sig_len, EVP_PKEY *pkey);
|
||||
|
||||
|
||||
/* Printing */
|
||||
|
||||
/* EVP_PKEY_print_public prints a textual representation of the public key in
|
||||
* |pkey| to |out|. Returns one on success or zero otherwise. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
|
||||
int indent, ASN1_PCTX *pctx);
|
||||
|
||||
/* EVP_PKEY_print_public prints a textual representation of the private key in
|
||||
* |pkey| to |out|. Returns one on success or zero otherwise. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
|
||||
int indent, ASN1_PCTX *pctx);
|
||||
|
||||
/* EVP_PKEY_print_public prints a textual representation of the parameters in
|
||||
* |pkey| to |out|. Returns one on success or zero otherwise. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
|
||||
int indent, ASN1_PCTX *pctx);
|
||||
|
||||
|
||||
/* Password stretching.
|
||||
*
|
||||
* Password stretching functions take a low-entropy password and apply a slow
|
||||
* function that results in a key suitable for use in symmetric
|
||||
* cryptography. */
|
||||
|
||||
/* PKCS5_PBKDF2_HMAC computes |iterations| iterations of PBKDF2 of |password|
|
||||
* and |salt|, using |digest|, and outputs |key_len| bytes to |out_key|. It
|
||||
* returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
|
||||
const uint8_t *salt, size_t salt_len,
|
||||
unsigned iterations, const EVP_MD *digest,
|
||||
size_t key_len, uint8_t *out_key);
|
||||
|
||||
/* PKCS5_PBKDF2_HMAC_SHA1 is the same as PKCS5_PBKDF2_HMAC, but with |digest|
|
||||
* fixed to |EVP_sha1|. */
|
||||
OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC_SHA1(const char *password,
|
||||
size_t password_len, const uint8_t *salt,
|
||||
size_t salt_len, unsigned iterations,
|
||||
size_t key_len, uint8_t *out_key);
|
||||
|
||||
|
||||
/* Public key contexts.
|
||||
*
|
||||
* |EVP_PKEY_CTX| objects hold the context of an operation (e.g. signing or
|
||||
* encrypting) that uses a public key. */
|
||||
|
||||
/* EVP_PKEY_CTX_new allocates a fresh |EVP_PKEY_CTX| for use with |pkey|. It
|
||||
* returns the context or NULL on error. */
|
||||
OPENSSL_EXPORT EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
|
||||
|
||||
/* EVP_PKEY_CTX_new allocates a fresh |EVP_PKEY_CTX| for a key of type |id|
|
||||
* (e.g. |EVP_PKEY_HMAC|). This can be used for key generation where
|
||||
* |EVP_PKEY_CTX_new| can't be used because there isn't an |EVP_PKEY| to pass
|
||||
* it. It returns the context or NULL on error. */
|
||||
OPENSSL_EXPORT EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
|
||||
|
||||
/* EVP_KEY_CTX_free frees |ctx| and the data it owns. */
|
||||
OPENSSL_EXPORT void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
|
||||
|
||||
/* EVP_PKEY_CTX_dup allocates a fresh |EVP_PKEY_CTX| and sets it equal to the
|
||||
* state of |ctx|. It returns the fresh |EVP_PKEY_CTX| or NULL on error. */
|
||||
OPENSSL_EXPORT EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
|
||||
|
||||
/* EVP_PKEY_CTX_get0_pkey returns the |EVP_PKEY| associated with |ctx|. */
|
||||
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
|
||||
|
||||
/* EVP_PKEY_CTX_set_app_data sets an opaque pointer on |ctx|. */
|
||||
OPENSSL_EXPORT void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
|
||||
|
||||
/* EVP_PKEY_CTX_get_app_data returns the opaque pointer from |ctx| that was
|
||||
* previously set with |EVP_PKEY_CTX_set_app_data|, or NULL if none has been
|
||||
* set. */
|
||||
OPENSSL_EXPORT void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
|
||||
|
||||
/* EVP_PKEY_sign_init initialises an |EVP_PKEY_CTX| for a signing operation. It
|
||||
* should be called before |EVP_PKEY_sign|.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
|
||||
|
||||
/* EVP_PKEY_sign signs |data_len| bytes from |data| using |ctx|. If |sig| is
|
||||
* NULL, the maximum size of the signature is written to
|
||||
* |out_sig_len|. Otherwise, |*sig_len| must contain the number of bytes of
|
||||
* space available at |sig|. If sufficient, the signature will be written to
|
||||
* |sig| and |*sig_len| updated with the true length.
|
||||
*
|
||||
* WARNING: Setting |sig| to NULL only gives the maximum size of the
|
||||
* signature. The actual signature may be smaller.
|
||||
*
|
||||
* It returns one on success or zero on error. (Note: this differs from
|
||||
* OpenSSL, which can also return negative values to indicate an error. ) */
|
||||
OPENSSL_EXPORT int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, uint8_t *sig,
|
||||
size_t *sig_len, const uint8_t *data,
|
||||
size_t data_len);
|
||||
|
||||
/* EVP_PKEY_verify_init initialises an |EVP_PKEY_CTX| for a signature
|
||||
* verification operation. It should be called before |EVP_PKEY_verify|.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
|
||||
|
||||
/* EVP_PKEY_verify verifies that |sig_len| bytes from |sig| are a valid signature
|
||||
* for |data|.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig,
|
||||
size_t sig_len, const uint8_t *data,
|
||||
size_t data_len);
|
||||
|
||||
/* EVP_PKEY_encrypt_init initialises an |EVP_PKEY_CTX| for an encryption
|
||||
* operation. It should be called before |EVP_PKEY_encrypt|.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
|
||||
|
||||
/* EVP_PKEY_encrypt encrypts |in_len| bytes from |in|. If |out| is NULL, the
|
||||
* maximum size of the ciphertext is written to |out_len|. Otherwise, |*out_len|
|
||||
* must contain the number of bytes of space available at |out|. If sufficient,
|
||||
* the ciphertext will be written to |out| and |*out_len| updated with the true
|
||||
* length.
|
||||
*
|
||||
* WARNING: Setting |out| to NULL only gives the maximum size of the
|
||||
* ciphertext. The actual ciphertext may be smaller.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
/* EVP_PKEY_decrypt_init initialises an |EVP_PKEY_CTX| for a decryption
|
||||
* operation. It should be called before |EVP_PKEY_decrypt|.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
|
||||
|
||||
/* EVP_PKEY_decrypt decrypts |in_len| bytes from |in|. If |out| is NULL, the
|
||||
* maximum size of the plaintext is written to |out_len|. Otherwise, |*out_len|
|
||||
* must contain the number of bytes of space available at |out|. If sufficient,
|
||||
* the ciphertext will be written to |out| and |*out_len| updated with the true
|
||||
* length.
|
||||
*
|
||||
* WARNING: Setting |out| to NULL only gives the maximum size of the
|
||||
* plaintext. The actual plaintext may be smaller.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
/* EVP_PKEY_derive_init initialises an |EVP_PKEY_CTX| for a key derivation
|
||||
* operation. It should be called before |EVP_PKEY_derive_set_peer| and
|
||||
* |EVP_PKEY_derive|.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
|
||||
|
||||
/* EVP_PKEY_derive_set_peer sets the peer's key to be used for key derivation
|
||||
* by |ctx| to |peer|. It should be called after |EVP_PKEY_derive_init|. (For
|
||||
* example, this is used to set the peer's key in (EC)DH.) It returns one on
|
||||
* success and zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
|
||||
|
||||
/* EVP_PKEY_derive derives a shared key between the two keys configured in
|
||||
* |ctx|. If |key| is non-NULL then, on entry, |out_key_len| must contain the
|
||||
* amount of space at |key|. If sufficient then the shared key will be written
|
||||
* to |key| and |*out_key_len| will be set to the length. If |key| is NULL then
|
||||
* |out_key_len| will be set to the maximum length.
|
||||
*
|
||||
* WARNING: Setting |out| to NULL only gives the maximum size of the key. The
|
||||
* actual key may be smaller.
|
||||
*
|
||||
* It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, uint8_t *key,
|
||||
size_t *out_key_len);
|
||||
|
||||
/* EVP_PKEY_keygen_init initialises an |EVP_PKEY_CTX| for a key generation
|
||||
* operation. It should be called before |EVP_PKEY_keygen|.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
|
||||
|
||||
/* EVP_PKEY_keygen performs a key generation operation using the values from
|
||||
* |ctx| and sets |*ppkey| to a fresh |EVP_PKEY| containing the resulting key.
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
|
||||
|
||||
|
||||
/* Generic control functions. */
|
||||
|
||||
/* EVP_PKEY_CTX_set_signature_md sets |md| as the digest to be used in a
|
||||
* signature operation. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx,
|
||||
const EVP_MD *md);
|
||||
|
||||
/* EVP_PKEY_CTX_get_signature_md sets |*out_md| to the digest to be used in a
|
||||
* signature operation. It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx,
|
||||
const EVP_MD **out_md);
|
||||
|
||||
|
||||
/* RSA specific control functions. */
|
||||
|
||||
/* EVP_PKEY_CTX_set_rsa_padding sets the padding type to use. It should be one
|
||||
* of the |RSA_*_PADDING| values. Returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int padding);
|
||||
|
||||
/* EVP_PKEY_CTX_get_rsa_padding sets |*out_padding| to the current padding
|
||||
* value, which is one of the |RSA_*_PADDING| values. Returns one on success or
|
||||
* zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx,
|
||||
int *out_padding);
|
||||
|
||||
/* EVP_PKEY_CTX_set_rsa_pss_saltlen sets the length of the salt in a PSS-padded
|
||||
* signature. A value of -1 cause the salt to be the same length as the digest
|
||||
* in the signature. A value of -2 causes the salt to be the maximum length
|
||||
* that will fit. Otherwise the value gives the size of the salt in bytes.
|
||||
*
|
||||
* Returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx,
|
||||
int salt_len);
|
||||
|
||||
/* EVP_PKEY_CTX_get_rsa_pss_saltlen sets |*out_salt_len| to the salt length of
|
||||
* a PSS-padded signature. See the documentation for
|
||||
* |EVP_PKEY_CTX_set_rsa_pss_saltlen| for details of the special values that it
|
||||
* can take.
|
||||
*
|
||||
* Returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx,
|
||||
int *out_salt_len);
|
||||
|
||||
/* EVP_PKEY_CTX_set_rsa_keygen_bits sets the size of the desired RSA modulus,
|
||||
* in bits, for key generation. Returns one on success or zero on
|
||||
* error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx,
|
||||
int bits);
|
||||
|
||||
/* EVP_PKEY_CTX_set_rsa_keygen_pubexp sets |e| as the public exponent for key
|
||||
* generation. Returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx,
|
||||
BIGNUM *e);
|
||||
|
||||
/* EVP_PKEY_CTX_set_rsa_oaep_md sets |md| as the digest used in OAEP padding.
|
||||
* Returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx,
|
||||
const EVP_MD *md);
|
||||
|
||||
/* EVP_PKEY_CTX_get_rsa_oaep_md sets |*out_md| to the digest function used in
|
||||
* OAEP padding. Returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx,
|
||||
const EVP_MD **out_md);
|
||||
|
||||
/* EVP_PKEY_CTX_set_rsa_mgf1_md sets |md| as the digest used in MGF1. Returns
|
||||
* one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx,
|
||||
const EVP_MD *md);
|
||||
|
||||
/* EVP_PKEY_CTX_get_rsa_mgf1_md sets |*out_md| to the digest function used in
|
||||
* MGF1. Returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx,
|
||||
const EVP_MD **out_md);
|
||||
|
||||
/* EVP_PKEY_CTX_set0_rsa_oaep_label sets |label_len| bytes from |label| as the
|
||||
* label used in OAEP. DANGER: On success, this call takes ownership of |label|
|
||||
* and will call |OPENSSL_free| on it when |ctx| is destroyed.
|
||||
*
|
||||
* Returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx,
|
||||
const uint8_t *label,
|
||||
size_t label_len);
|
||||
|
||||
/* EVP_PKEY_CTX_get0_rsa_oaep_label sets |*out_label| to point to the internal
|
||||
* buffer containing the OAEP label (which may be NULL) and returns the length
|
||||
* of the label or a negative value on error.
|
||||
*
|
||||
* WARNING: the return value differs from the usual return value convention. */
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx,
|
||||
const uint8_t **out_label);
|
||||
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
/* EVP_PKEY_dup adds one to the reference count of |pkey| and returns
|
||||
* |pkey|.
|
||||
*
|
||||
* WARNING: this is a |_dup| function that doesn't actually duplicate! Use
|
||||
* |EVP_PKEY_up_ref| if you want to increment the reference count without
|
||||
* confusion. */
|
||||
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey);
|
||||
|
||||
|
||||
/* Private functions */
|
||||
|
||||
/* OpenSSL_add_all_algorithms does nothing. */
|
||||
OPENSSL_EXPORT void OpenSSL_add_all_algorithms(void);
|
||||
|
||||
/* OpenSSL_add_all_ciphers does nothing. */
|
||||
OPENSSL_EXPORT void OpenSSL_add_all_ciphers(void);
|
||||
|
||||
/* OpenSSL_add_all_digests does nothing. */
|
||||
OPENSSL_EXPORT void OpenSSL_add_all_digests(void);
|
||||
|
||||
/* EVP_cleanup does nothing. */
|
||||
OPENSSL_EXPORT void EVP_cleanup(void);
|
||||
|
||||
/* EVP_PKEY_asn1_find returns the ASN.1 method table for the given |nid|, which
|
||||
* should be one of the |EVP_PKEY_*| values. It returns NULL if |nid| is
|
||||
* unknown. */
|
||||
OPENSSL_EXPORT const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pengine,
|
||||
int nid);
|
||||
|
||||
/* TODO(fork): move to PEM? */
|
||||
OPENSSL_EXPORT const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(
|
||||
ENGINE **pengine, const char *name, size_t len);
|
||||
|
||||
struct evp_pkey_st {
|
||||
CRYPTO_refcount_t references;
|
||||
|
||||
/* type contains one of the EVP_PKEY_* values or NID_undef and determines
|
||||
* which element (if any) of the |pkey| union is valid. */
|
||||
int type;
|
||||
|
||||
union {
|
||||
char *ptr;
|
||||
struct rsa_st *rsa; /* RSA */
|
||||
struct dsa_st *dsa; /* DSA */
|
||||
struct dh_st *dh; /* DH */
|
||||
struct ec_key_st *ec; /* ECC */
|
||||
} pkey;
|
||||
|
||||
/* ameth contains a pointer to a method table that contains many ASN.1
|
||||
* methods for the key type. */
|
||||
const EVP_PKEY_ASN1_METHOD *ameth;
|
||||
} /* EVP_PKEY */;
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define EVP_F_EVP_PKEY_derive_init 108
|
||||
#define EVP_F_EVP_PKEY_encrypt 110
|
||||
#define EVP_F_EVP_PKEY_encrypt_init 111
|
||||
#define EVP_F_EVP_PKEY_get1_DH 112
|
||||
#define EVP_F_EVP_PKEY_get1_EC_KEY 114
|
||||
#define EVP_F_EVP_PKEY_get1_RSA 115
|
||||
#define EVP_F_EVP_PKEY_keygen 116
|
||||
#define EVP_F_EVP_PKEY_sign 120
|
||||
#define EVP_F_EVP_PKEY_sign_init 121
|
||||
#define EVP_F_EVP_PKEY_verify 122
|
||||
#define EVP_F_EVP_PKEY_verify_init 123
|
||||
#define EVP_F_d2i_AutoPrivateKey 125
|
||||
#define EVP_F_d2i_PrivateKey 126
|
||||
#define EVP_F_do_EC_KEY_print 127
|
||||
#define EVP_F_do_sigver_init 129
|
||||
#define EVP_F_eckey_param2type 130
|
||||
#define EVP_F_eckey_param_decode 131
|
||||
#define EVP_F_eckey_priv_decode 132
|
||||
#define EVP_F_eckey_priv_encode 133
|
||||
#define EVP_F_eckey_pub_decode 134
|
||||
#define EVP_F_eckey_pub_encode 135
|
||||
#define EVP_F_eckey_type2param 136
|
||||
#define EVP_F_evp_pkey_ctx_new 137
|
||||
#define EVP_F_hmac_signctx 138
|
||||
#define EVP_F_i2d_PublicKey 139
|
||||
#define EVP_F_old_ec_priv_decode 140
|
||||
#define EVP_F_old_rsa_priv_decode 141
|
||||
#define EVP_F_pkey_ec_ctrl 142
|
||||
#define EVP_F_pkey_ec_derive 143
|
||||
#define EVP_F_pkey_ec_keygen 144
|
||||
#define EVP_F_pkey_ec_paramgen 145
|
||||
#define EVP_F_pkey_ec_sign 146
|
||||
#define EVP_F_pkey_rsa_ctrl 147
|
||||
#define EVP_F_pkey_rsa_decrypt 148
|
||||
#define EVP_F_pkey_rsa_encrypt 149
|
||||
#define EVP_F_pkey_rsa_sign 150
|
||||
#define EVP_F_rsa_algor_to_md 151
|
||||
#define EVP_F_rsa_digest_verify_init_from_algorithm 152
|
||||
#define EVP_F_rsa_mgf1_to_md 153
|
||||
#define EVP_F_rsa_priv_decode 154
|
||||
#define EVP_F_rsa_priv_encode 155
|
||||
#define EVP_F_rsa_pss_to_ctx 156
|
||||
#define EVP_F_rsa_pub_decode 157
|
||||
#define EVP_F_pkey_hmac_ctrl 158
|
||||
#define EVP_F_EVP_PKEY_CTX_get0_rsa_oaep_label 159
|
||||
#define EVP_F_EVP_DigestSignAlgorithm 160
|
||||
#define EVP_F_EVP_DigestVerifyInitFromAlgorithm 161
|
||||
#define EVP_F_EVP_PKEY_CTX_ctrl 162
|
||||
#define EVP_F_EVP_PKEY_CTX_dup 163
|
||||
#define EVP_F_EVP_PKEY_copy_parameters 164
|
||||
#define EVP_F_EVP_PKEY_decrypt 165
|
||||
#define EVP_F_EVP_PKEY_decrypt_init 166
|
||||
#define EVP_F_EVP_PKEY_derive 167
|
||||
#define EVP_F_EVP_PKEY_derive_set_peer 168
|
||||
#define EVP_F_EVP_PKEY_get1_DSA 169
|
||||
#define EVP_F_EVP_PKEY_keygen_init 170
|
||||
#define EVP_F_EVP_PKEY_new 171
|
||||
#define EVP_F_EVP_PKEY_set_type 172
|
||||
#define EVP_F_check_padding_md 173
|
||||
#define EVP_F_do_dsa_print 174
|
||||
#define EVP_F_do_rsa_print 175
|
||||
#define EVP_F_dsa_param_decode 176
|
||||
#define EVP_F_dsa_priv_decode 177
|
||||
#define EVP_F_dsa_priv_encode 178
|
||||
#define EVP_F_dsa_pub_decode 179
|
||||
#define EVP_F_dsa_pub_encode 180
|
||||
#define EVP_F_dsa_sig_print 181
|
||||
#define EVP_F_old_dsa_priv_decode 182
|
||||
#define EVP_R_BUFFER_TOO_SMALL 100
|
||||
#define EVP_R_COMMAND_NOT_SUPPORTED 101
|
||||
#define EVP_R_DIFFERENT_KEY_TYPES 104
|
||||
#define EVP_R_DIFFERENT_PARAMETERS 105
|
||||
#define EVP_R_EXPECTING_AN_EC_KEY_KEY 107
|
||||
#define EVP_R_EXPECTING_A_DH_KEY 109
|
||||
#define EVP_R_EXPECTING_A_DSA_KEY 110
|
||||
#define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 111
|
||||
#define EVP_R_INVALID_CURVE 112
|
||||
#define EVP_R_INVALID_DIGEST_LENGTH 113
|
||||
#define EVP_R_INVALID_DIGEST_TYPE 114
|
||||
#define EVP_R_INVALID_KEYBITS 115
|
||||
#define EVP_R_INVALID_MGF1_MD 116
|
||||
#define EVP_R_INVALID_PADDING_MODE 118
|
||||
#define EVP_R_INVALID_PSS_PARAMETERS 119
|
||||
#define EVP_R_INVALID_SALT_LENGTH 121
|
||||
#define EVP_R_INVALID_TRAILER 122
|
||||
#define EVP_R_KEYS_NOT_SET 123
|
||||
#define EVP_R_MISSING_PARAMETERS 124
|
||||
#define EVP_R_NO_DEFAULT_DIGEST 125
|
||||
#define EVP_R_NO_KEY_SET 126
|
||||
#define EVP_R_NO_MDC2_SUPPORT 127
|
||||
#define EVP_R_NO_NID_FOR_CURVE 128
|
||||
#define EVP_R_NO_OPERATION_SET 129
|
||||
#define EVP_R_NO_PARAMETERS_SET 130
|
||||
#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 131
|
||||
#define EVP_R_OPERATON_NOT_INITIALIZED 132
|
||||
#define EVP_R_UNKNOWN_DIGEST 133
|
||||
#define EVP_R_UNKNOWN_MASK_DIGEST 134
|
||||
#define EVP_R_UNSUPPORTED_ALGORITHM 138
|
||||
#define EVP_R_UNSUPPORTED_MASK_ALGORITHM 139
|
||||
#define EVP_R_UNSUPPORTED_MASK_PARAMETER 140
|
||||
#define EVP_R_EXPECTING_AN_RSA_KEY 141
|
||||
#define EVP_R_INVALID_OPERATION 142
|
||||
#define EVP_R_DECODE_ERROR 143
|
||||
#define EVP_R_INVALID_PSS_SALTLEN 144
|
||||
#define EVP_R_UNKNOWN_PUBLIC_KEY_TYPE 145
|
||||
#define EVP_R_CONTEXT_NOT_INITIALISED 146
|
||||
#define EVP_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 147
|
||||
#define EVP_R_WRONG_PUBLIC_KEY_TYPE 148
|
||||
#define EVP_R_UNKNOWN_SIGNATURE_ALGORITHM 149
|
||||
#define EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 150
|
||||
#define EVP_R_BN_DECODE_ERROR 151
|
||||
#define EVP_R_PARAMETER_ENCODING_ERROR 152
|
||||
#define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 153
|
||||
#define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 154
|
||||
|
||||
#endif /* OPENSSL_HEADER_EVP_H */
|
|
@ -0,0 +1,214 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com). */
|
||||
|
||||
#ifndef OPENSSL_HEADER_EX_DATA_H
|
||||
#define OPENSSL_HEADER_EX_DATA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/stack.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* ex_data is a mechanism for associating arbitrary extra data with objects.
|
||||
* For each type of object that supports ex_data, different users can be
|
||||
* assigned indexes in which to store their data. Each index has callback
|
||||
* functions that are called when a new object of that type is created, freed
|
||||
* and duplicated. */
|
||||
|
||||
|
||||
typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
|
||||
|
||||
|
||||
/* Type-specific functions.
|
||||
*
|
||||
* Each type that supports ex_data provides three functions: */
|
||||
|
||||
#if 0 /* Sample */
|
||||
|
||||
/* |TYPE_get_ex_new_index| allocates a new index for |TYPE|. See the
|
||||
* descriptions of the callback typedefs for details of when they are
|
||||
* called. Any of the callback arguments may be NULL. The |argl| and |argp|
|
||||
* arguments are opaque values that are passed to the callbacks. It returns the
|
||||
* new index or a negative number on error.
|
||||
*
|
||||
* TODO(fork): this should follow the standard calling convention. */
|
||||
OPENSSL_EXPORT int TYPE_get_ex_new_index(long argl, void *argp,
|
||||
CRYPTO_EX_new *new_func,
|
||||
CRYPTO_EX_dup *dup_func,
|
||||
CRYPTO_EX_free *free_func);
|
||||
|
||||
/* |TYPE_set_ex_data| sets an extra data pointer on |t|. The |index| argument
|
||||
* should have been returned from a previous call to |TYPE_get_ex_new_index|. */
|
||||
OPENSSL_EXPORT int TYPE_set_ex_data(TYPE *t, int index, void *arg);
|
||||
|
||||
/* |TYPE_get_ex_data| returns an extra data pointer for |t|, or NULL if no such
|
||||
* pointer exists. The |index| argument should have been returned from a
|
||||
* previous call to |TYPE_get_ex_new_index|. */
|
||||
OPENSSL_EXPORT void *TYPE_get_ex_data(const TYPE *t, int index);
|
||||
|
||||
#endif /* Sample */
|
||||
|
||||
|
||||
/* Callback types. */
|
||||
|
||||
/* CRYPTO_EX_new is the type of a callback function that is called whenever a
|
||||
* new object of a given class is created. For example, if this callback has
|
||||
* been passed to |SSL_get_ex_new_index| then it'll be called each time an SSL*
|
||||
* is created.
|
||||
*
|
||||
* The callback is passed the new object (i.e. the SSL*) in |parent|. The
|
||||
* arguments |argl| and |argp| contain opaque values that were given to
|
||||
* |CRYPTO_get_ex_new_index|. The callback should return one on success, but
|
||||
* the value is ignored.
|
||||
*
|
||||
* TODO(fork): the |ptr| argument is always NULL, no? */
|
||||
typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
|
||||
int index, long argl, void *argp);
|
||||
|
||||
/* CRYPTO_EX_free is a callback function that is called when an object of the
|
||||
* class is being destroyed. See |CRYPTO_EX_new| for a discussion of the
|
||||
* arguments.
|
||||
*
|
||||
* If |CRYPTO_get_ex_new_index| was called after the creation of objects of the
|
||||
* class that this applies to then, when those those objects are destroyed,
|
||||
* this callback will be called with a NULL value for |ptr|. */
|
||||
typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
|
||||
int index, long argl, void *argp);
|
||||
|
||||
/* CRYPTO_EX_dup is a callback function that is called when an object of the
|
||||
* class is being copied and thus the ex_data linked to it also needs to be
|
||||
* copied. On entry, |*from_d| points to the data for this index from the
|
||||
* original object. When the callback returns, |*from_d| will be set as the
|
||||
* data for this index in |to|.
|
||||
*
|
||||
* If |CRYPTO_get_ex_new_index| was called after the creation of objects of the
|
||||
* class that this applies to then, when those those objects are copies, this
|
||||
* callback will be called with a NULL value for |*from_d|. */
|
||||
typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
|
||||
void **from_d, int index, long argl, void *argp);
|
||||
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
/* CRYPTO_cleanup_all_ex_data does nothing. */
|
||||
OPENSSL_EXPORT void CRYPTO_cleanup_all_ex_data(void);
|
||||
|
||||
struct crypto_ex_data_st {
|
||||
STACK_OF(void) *sk;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_EX_DATA_H */
|
|
@ -0,0 +1,45 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_HKDF_H
|
||||
#define OPENSSL_HEADER_HKDF_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Computes HKDF (as specified by RFC 5869) of initial keying material |secret|
|
||||
* with |salt| and |info| using |digest|, and outputs |out_len| bytes to
|
||||
* |out_key|. It returns one on success and zero on error.
|
||||
*
|
||||
* HKDF is an Extract-and-Expand algorithm. It does not do any key stretching,
|
||||
* and as such, is not suited to be used alone to generate a key from a
|
||||
* password. */
|
||||
OPENSSL_EXPORT int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest,
|
||||
const uint8_t *secret, size_t secret_len,
|
||||
const uint8_t *salt, size_t salt_len,
|
||||
const uint8_t *info, size_t info_len);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define HKDF_F_HKDF 100
|
||||
#define HKDF_R_OUTPUT_TOO_LARGE 100
|
||||
|
||||
#endif /* OPENSSL_HEADER_HKDF_H */
|
|
@ -0,0 +1,160 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_HMAC_H
|
||||
#define OPENSSL_HEADER_HMAC_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/digest.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* HMAC contains functions for constructing PRFs from Merkle–Damgård hash
|
||||
* functions using HMAC. */
|
||||
|
||||
|
||||
/* One-shot operation. */
|
||||
|
||||
/* HMAC calculates the HMAC of |data_len| bytes of |data|, using the given key
|
||||
* and hash function, and writes the result to |out|. On entry, |out| must
|
||||
* contain |EVP_MAX_MD_SIZE| bytes of space. The actual length of the result is
|
||||
* written to |*out_len|. It returns |out| or NULL on error. */
|
||||
OPENSSL_EXPORT uint8_t *HMAC(const EVP_MD *evp_md, const void *key,
|
||||
size_t key_len, const uint8_t *data,
|
||||
size_t data_len, uint8_t *out,
|
||||
unsigned int *out_len);
|
||||
|
||||
|
||||
/* Incremental operation. */
|
||||
|
||||
/* HMAC_CTX_init initialises |ctx| for use in an HMAC operation. It's assumed
|
||||
* that HMAC_CTX objects will be allocated on the stack thus no allocation
|
||||
* function is provided. If needed, allocate |sizeof(HMAC_CTX)| and call
|
||||
* |HMAC_CTX_init| on it. */
|
||||
OPENSSL_EXPORT void HMAC_CTX_init(HMAC_CTX *ctx);
|
||||
|
||||
/* HMAC_CTX_cleanup frees data owned by |ctx|. */
|
||||
OPENSSL_EXPORT void HMAC_CTX_cleanup(HMAC_CTX *ctx);
|
||||
|
||||
/* HMAC_Init_ex sets up an initialised |HMAC_CTX| to use |md| as the hash
|
||||
* function and |key| as the key. For a non-initial call, |md| may be NULL, in
|
||||
* which case the previous hash function will be used. If the hash function has
|
||||
* not changed and |key| is NULL, |ctx| reuses the previous key. It returns one
|
||||
* on success or zero otherwise.
|
||||
*
|
||||
* WARNING: NULL and empty keys are ambiguous on non-initial calls. Passing NULL
|
||||
* |key| but repeating the previous |md| reuses the previous key rather than the
|
||||
* empty key. */
|
||||
OPENSSL_EXPORT int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len,
|
||||
const EVP_MD *md, ENGINE *impl);
|
||||
|
||||
/* HMAC_Update hashes |data_len| bytes from |data| into the current HMAC
|
||||
* operation in |ctx|. It returns one. */
|
||||
OPENSSL_EXPORT int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data,
|
||||
size_t data_len);
|
||||
|
||||
/* HMAC_Final completes the HMAC operation in |ctx| and writes the result to
|
||||
* |out| and the sets |*out_len| to the length of the result. On entry, |out|
|
||||
* must contain at least |EVP_MAX_MD_SIZE| bytes of space. It returns one on
|
||||
* success or zero on error. */
|
||||
OPENSSL_EXPORT int HMAC_Final(HMAC_CTX *ctx, uint8_t *out,
|
||||
unsigned int *out_len);
|
||||
|
||||
|
||||
/* Utility functions. */
|
||||
|
||||
/* HMAC_size returns the size, in bytes, of the HMAC that will be produced by
|
||||
* |ctx|. On entry, |ctx| must have been setup with |HMAC_Init_ex|. */
|
||||
OPENSSL_EXPORT size_t HMAC_size(const HMAC_CTX *ctx);
|
||||
|
||||
/* HMAC_CTX_copy_ex sets |dest| equal to |src|. On entry, |dest| must have been
|
||||
* initialised by calling |HMAC_CTX_init|. It returns one on success and zero
|
||||
* on error. */
|
||||
OPENSSL_EXPORT int HMAC_CTX_copy_ex(HMAC_CTX *dest, const HMAC_CTX *src);
|
||||
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
OPENSSL_EXPORT int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
|
||||
const EVP_MD *md);
|
||||
|
||||
/* HMAC_CTX_copy calls |HMAC_CTX_init| on |dest| and then sets it equal to
|
||||
* |src|. On entry, |dest| must /not/ be initialised for an operation with
|
||||
* |HMAC_Init_ex|. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int HMAC_CTX_copy(HMAC_CTX *dest, const HMAC_CTX *src);
|
||||
|
||||
|
||||
/* Private functions */
|
||||
|
||||
#define HMAC_MAX_MD_CBLOCK 128 /* largest known is SHA512 */
|
||||
|
||||
struct hmac_ctx_st {
|
||||
const EVP_MD *md;
|
||||
EVP_MD_CTX md_ctx;
|
||||
EVP_MD_CTX i_ctx;
|
||||
EVP_MD_CTX o_ctx;
|
||||
} /* HMAC_CTX */;
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_HMAC_H */
|
|
@ -0,0 +1,191 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_LHASH_H
|
||||
#define OPENSSL_HEADER_LHASH_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/type_check.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* lhash is a traditional, chaining hash table that automatically expands and
|
||||
* contracts as needed. One should not use the lh_* functions directly, rather
|
||||
* use the type-safe macro wrappers:
|
||||
*
|
||||
* A hash table of a specific type of object has type |LHASH_OF(type)|. This
|
||||
* can be defined (once) with |DEFINE_LHASH_OF(type)| and declared where needed
|
||||
* with |DECLARE_LHASH_OF(type)|. For example:
|
||||
*
|
||||
* struct foo {
|
||||
* int bar;
|
||||
* };
|
||||
*
|
||||
* DEFINE_LHASH_OF(struct foo);
|
||||
*
|
||||
* Although note that the hash table will contain /pointers/ to |foo|.
|
||||
*
|
||||
* A macro will be defined for each of the lh_* functions below. For
|
||||
* LHASH_OF(foo), the macros would be lh_foo_new, lh_foo_num_items etc. */
|
||||
|
||||
|
||||
#define LHASH_OF(type) struct lhash_st_##type
|
||||
|
||||
#define DEFINE_LHASH_OF(type) LHASH_OF(type) { int dummy; }
|
||||
|
||||
#define DECLARE_LHASH_OF(type) LHASH_OF(type);
|
||||
|
||||
/* The make_macros.sh script in this directory parses the following lines and
|
||||
* generates the lhash_macros.h file that contains macros for the following
|
||||
* types of stacks:
|
||||
*
|
||||
* LHASH_OF:ASN1_OBJECT
|
||||
* LHASH_OF:CONF_VALUE
|
||||
* LHASH_OF:SSL_SESSION */
|
||||
|
||||
#define IN_LHASH_H
|
||||
#include <openssl/lhash_macros.h>
|
||||
#undef IN_LHASH_H
|
||||
|
||||
|
||||
/* lhash_item_st is an element of a hash chain. It points to the opaque data
|
||||
* for this element and to the next item in the chain. The linked-list is NULL
|
||||
* terminated. */
|
||||
typedef struct lhash_item_st {
|
||||
void *data;
|
||||
struct lhash_item_st *next;
|
||||
/* hash contains the cached, hash value of |data|. */
|
||||
uint32_t hash;
|
||||
} LHASH_ITEM;
|
||||
|
||||
/* lhash_cmp_func is a comparison function that returns a value equal, or not
|
||||
* equal, to zero depending on whether |*a| is equal, or not equal to |*b|,
|
||||
* respectively. Note the difference between this and |stack_cmp_func| in that
|
||||
* this takes pointers to the objects directly. */
|
||||
typedef int (*lhash_cmp_func)(const void *a, const void *b);
|
||||
|
||||
/* lhash_hash_func is a function that maps an object to a uniformly distributed
|
||||
* uint32_t. */
|
||||
typedef uint32_t (*lhash_hash_func)(const void *a);
|
||||
|
||||
typedef struct lhash_st {
|
||||
/* num_items contains the total number of items in the hash table. */
|
||||
size_t num_items;
|
||||
/* buckets is an array of |num_buckets| pointers. Each points to the head of
|
||||
* a chain of LHASH_ITEM objects that have the same hash value, mod
|
||||
* |num_buckets|. */
|
||||
LHASH_ITEM **buckets;
|
||||
/* num_buckets contains the length of |buckets|. This value is always >=
|
||||
* kMinNumBuckets. */
|
||||
size_t num_buckets;
|
||||
/* callback_depth contains the current depth of |lh_doall| or |lh_doall_arg|
|
||||
* calls. If non-zero then this suppresses resizing of the |buckets| array,
|
||||
* which would otherwise disrupt the iteration. */
|
||||
unsigned callback_depth;
|
||||
|
||||
lhash_cmp_func comp;
|
||||
lhash_hash_func hash;
|
||||
} _LHASH;
|
||||
|
||||
/* lh_new returns a new, empty hash table or NULL on error. If |comp| is NULL,
|
||||
* |strcmp| will be used. If |hash| is NULL, a generic hash function will be
|
||||
* used. */
|
||||
OPENSSL_EXPORT _LHASH *lh_new(lhash_hash_func hash, lhash_cmp_func comp);
|
||||
|
||||
/* lh_free frees the hash table itself but none of the elements. See
|
||||
* |lh_doall|. */
|
||||
OPENSSL_EXPORT void lh_free(_LHASH *lh);
|
||||
|
||||
/* lh_num_items returns the number of items in |lh|. */
|
||||
OPENSSL_EXPORT size_t lh_num_items(const _LHASH *lh);
|
||||
|
||||
/* lh_retrieve finds an element equal to |data| in the hash table and returns
|
||||
* it. If no such element exists, it returns NULL. */
|
||||
OPENSSL_EXPORT void *lh_retrieve(const _LHASH *lh, const void *data);
|
||||
|
||||
/* lh_insert inserts |data| into the hash table. If an existing element is
|
||||
* equal to |data| (with respect to the comparison function) then |*old_data|
|
||||
* will be set to that value and it will be replaced. Otherwise, or in the
|
||||
* event of an error, |*old_data| will be set to NULL. It returns one on
|
||||
* success or zero in the case of an allocation error. */
|
||||
OPENSSL_EXPORT int lh_insert(_LHASH *lh, void **old_data, void *data);
|
||||
|
||||
/* lh_delete removes an element equal to |data| from the hash table and returns
|
||||
* it. If no such element is found, it returns NULL. */
|
||||
OPENSSL_EXPORT void *lh_delete(_LHASH *lh, const void *data);
|
||||
|
||||
/* lh_doall calls |func| on each element of the hash table.
|
||||
* TODO(fork): rename this */
|
||||
OPENSSL_EXPORT void lh_doall(_LHASH *lh, void (*func)(void *));
|
||||
|
||||
/* lh_doall_arg calls |func| on each element of the hash table and also passes
|
||||
* |arg| as the second argument.
|
||||
* TODO(fork): rename this */
|
||||
OPENSSL_EXPORT void lh_doall_arg(_LHASH *lh, void (*func)(void *, void *),
|
||||
void *arg);
|
||||
|
||||
/* lh_strhash is the default hash function which processes NUL-terminated
|
||||
* strings. */
|
||||
OPENSSL_EXPORT uint32_t lh_strhash(const char *c);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_STACK_H */
|
|
@ -0,0 +1,132 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#if !defined(IN_LHASH_H)
|
||||
#error "Don't include this file directly. Include lhash.h"
|
||||
#endif
|
||||
|
||||
/* ASN1_OBJECT */
|
||||
#define lh_ASN1_OBJECT_new(hash, comp) \
|
||||
((LHASH_OF(ASN1_OBJECT) *)lh_new( \
|
||||
CHECKED_CAST(lhash_hash_func, uint32_t (*)(const ASN1_OBJECT *), hash), \
|
||||
CHECKED_CAST(lhash_cmp_func, \
|
||||
int (*)(const ASN1_OBJECT *a, const ASN1_OBJECT *b), \
|
||||
comp)))
|
||||
|
||||
#define lh_ASN1_OBJECT_free(lh) \
|
||||
lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(ASN1_OBJECT) *, lh));
|
||||
|
||||
#define lh_ASN1_OBJECT_num_items(lh) \
|
||||
lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(ASN1_OBJECT) *, lh))
|
||||
|
||||
#define lh_ASN1_OBJECT_retrieve(lh, data) \
|
||||
((ASN1_OBJECT *)lh_retrieve( \
|
||||
CHECKED_CAST(_LHASH *, LHASH_OF(ASN1_OBJECT) *, lh), \
|
||||
CHECKED_CAST(void *, ASN1_OBJECT *, data)))
|
||||
|
||||
#define lh_ASN1_OBJECT_insert(lh, old_data, data) \
|
||||
lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(ASN1_OBJECT) *, lh), \
|
||||
CHECKED_CAST(void **, ASN1_OBJECT **, old_data), \
|
||||
CHECKED_CAST(void *, ASN1_OBJECT *, data))
|
||||
|
||||
#define lh_ASN1_OBJECT_delete(lh, data) \
|
||||
((ASN1_OBJECT *)lh_delete( \
|
||||
CHECKED_CAST(_LHASH *, LHASH_OF(ASN1_OBJECT) *, lh), \
|
||||
CHECKED_CAST(void *, ASN1_OBJECT *, data)))
|
||||
|
||||
#define lh_ASN1_OBJECT_doall(lh, func) \
|
||||
lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(ASN1_OBJECT) *, lh), \
|
||||
CHECKED_CAST(void (*)(void *), void (*)(ASN1_OBJECT *), func));
|
||||
|
||||
#define lh_ASN1_OBJECT_doall_arg(lh, func, arg) \
|
||||
lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(ASN1_OBJECT) *, lh), \
|
||||
CHECKED_CAST(void (*)(void *, void *), \
|
||||
void (*)(ASN1_OBJECT *, void *), func), \
|
||||
arg);
|
||||
|
||||
/* CONF_VALUE */
|
||||
#define lh_CONF_VALUE_new(hash, comp) \
|
||||
((LHASH_OF(CONF_VALUE) *)lh_new( \
|
||||
CHECKED_CAST(lhash_hash_func, uint32_t (*)(const CONF_VALUE *), hash), \
|
||||
CHECKED_CAST(lhash_cmp_func, \
|
||||
int (*)(const CONF_VALUE *a, const CONF_VALUE *b), comp)))
|
||||
|
||||
#define lh_CONF_VALUE_free(lh) \
|
||||
lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(CONF_VALUE) *, lh));
|
||||
|
||||
#define lh_CONF_VALUE_num_items(lh) \
|
||||
lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(CONF_VALUE) *, lh))
|
||||
|
||||
#define lh_CONF_VALUE_retrieve(lh, data) \
|
||||
((CONF_VALUE *)lh_retrieve( \
|
||||
CHECKED_CAST(_LHASH *, LHASH_OF(CONF_VALUE) *, lh), \
|
||||
CHECKED_CAST(void *, CONF_VALUE *, data)))
|
||||
|
||||
#define lh_CONF_VALUE_insert(lh, old_data, data) \
|
||||
lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(CONF_VALUE) *, lh), \
|
||||
CHECKED_CAST(void **, CONF_VALUE **, old_data), \
|
||||
CHECKED_CAST(void *, CONF_VALUE *, data))
|
||||
|
||||
#define lh_CONF_VALUE_delete(lh, data) \
|
||||
((CONF_VALUE *)lh_delete(CHECKED_CAST(_LHASH *, LHASH_OF(CONF_VALUE) *, lh), \
|
||||
CHECKED_CAST(void *, CONF_VALUE *, data)))
|
||||
|
||||
#define lh_CONF_VALUE_doall(lh, func) \
|
||||
lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(CONF_VALUE) *, lh), \
|
||||
CHECKED_CAST(void (*)(void *), void (*)(CONF_VALUE *), func));
|
||||
|
||||
#define lh_CONF_VALUE_doall_arg(lh, func, arg) \
|
||||
lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(CONF_VALUE) *, lh), \
|
||||
CHECKED_CAST(void (*)(void *, void *), \
|
||||
void (*)(CONF_VALUE *, void *), func), \
|
||||
arg);
|
||||
|
||||
/* SSL_SESSION */
|
||||
#define lh_SSL_SESSION_new(hash, comp) \
|
||||
((LHASH_OF(SSL_SESSION) *)lh_new( \
|
||||
CHECKED_CAST(lhash_hash_func, uint32_t (*)(const SSL_SESSION *), hash), \
|
||||
CHECKED_CAST(lhash_cmp_func, \
|
||||
int (*)(const SSL_SESSION *a, const SSL_SESSION *b), \
|
||||
comp)))
|
||||
|
||||
#define lh_SSL_SESSION_free(lh) \
|
||||
lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(SSL_SESSION) *, lh));
|
||||
|
||||
#define lh_SSL_SESSION_num_items(lh) \
|
||||
lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(SSL_SESSION) *, lh))
|
||||
|
||||
#define lh_SSL_SESSION_retrieve(lh, data) \
|
||||
((SSL_SESSION *)lh_retrieve( \
|
||||
CHECKED_CAST(_LHASH *, LHASH_OF(SSL_SESSION) *, lh), \
|
||||
CHECKED_CAST(void *, SSL_SESSION *, data)))
|
||||
|
||||
#define lh_SSL_SESSION_insert(lh, old_data, data) \
|
||||
lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(SSL_SESSION) *, lh), \
|
||||
CHECKED_CAST(void **, SSL_SESSION **, old_data), \
|
||||
CHECKED_CAST(void *, SSL_SESSION *, data))
|
||||
|
||||
#define lh_SSL_SESSION_delete(lh, data) \
|
||||
((SSL_SESSION *)lh_delete( \
|
||||
CHECKED_CAST(_LHASH *, LHASH_OF(SSL_SESSION) *, lh), \
|
||||
CHECKED_CAST(void *, SSL_SESSION *, data)))
|
||||
|
||||
#define lh_SSL_SESSION_doall(lh, func) \
|
||||
lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(SSL_SESSION) *, lh), \
|
||||
CHECKED_CAST(void (*)(void *), void (*)(SSL_SESSION *), func));
|
||||
|
||||
#define lh_SSL_SESSION_doall_arg(lh, func, arg) \
|
||||
lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(SSL_SESSION) *, lh), \
|
||||
CHECKED_CAST(void (*)(void *, void *), \
|
||||
void (*)(SSL_SESSION *, void *), func), \
|
||||
arg);
|
|
@ -0,0 +1,101 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_MD4_H
|
||||
#define OPENSSL_HEADER_MD4_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* MD4. */
|
||||
|
||||
/* MD4_CBLOCK is the block size of MD4. */
|
||||
#define MD4_CBLOCK 64
|
||||
|
||||
/* MD4_DIGEST_LENGTH is the length of an MD4 digest. */
|
||||
#define MD4_DIGEST_LENGTH 16
|
||||
|
||||
/* MD41_Init initialises |md4| and returns one. */
|
||||
OPENSSL_EXPORT int MD4_Init(MD4_CTX *md4);
|
||||
|
||||
/* MD4_Update adds |len| bytes from |data| to |md4| and returns one. */
|
||||
OPENSSL_EXPORT int MD4_Update(MD4_CTX *md4, const void *data, size_t len);
|
||||
|
||||
/* MD4_Final adds the final padding to |md4| and writes the resulting digest to
|
||||
* |md|, which must have at least |MD4_DIGEST_LENGTH| bytes of space. It
|
||||
* returns one. */
|
||||
OPENSSL_EXPORT int MD4_Final(uint8_t *md, MD4_CTX *md4);
|
||||
|
||||
/* MD4_Transform is a low-level function that performs a single, MD4 block
|
||||
* transformation using the state from |md4| and 64 bytes from |block|. */
|
||||
OPENSSL_EXPORT void MD4_Transform(MD4_CTX *md4, const uint8_t *block);
|
||||
|
||||
struct md4_state_st {
|
||||
uint32_t A, B, C, D;
|
||||
uint32_t Nl, Nh;
|
||||
uint32_t data[16];
|
||||
unsigned int num;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_MD4_H */
|
|
@ -0,0 +1,106 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_MD5_H
|
||||
#define OPENSSL_HEADER_MD5_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* MD5. */
|
||||
|
||||
|
||||
/* MD5_CBLOCK is the block size of MD5. */
|
||||
#define MD5_CBLOCK 64
|
||||
|
||||
/* MD5_DIGEST_LENGTH is the length of an MD5 digest. */
|
||||
#define MD5_DIGEST_LENGTH 16
|
||||
|
||||
/* MD51_Init initialises |md5| and returns one. */
|
||||
OPENSSL_EXPORT int MD5_Init(MD5_CTX *md5);
|
||||
|
||||
/* MD5_Update adds |len| bytes from |data| to |md5| and returns one. */
|
||||
OPENSSL_EXPORT int MD5_Update(MD5_CTX *md5, const void *data, size_t len);
|
||||
|
||||
/* MD5_Final adds the final padding to |md5| and writes the resulting digest to
|
||||
* |md|, which must have at least |MD5_DIGEST_LENGTH| bytes of space. It
|
||||
* returns one. */
|
||||
OPENSSL_EXPORT int MD5_Final(uint8_t *md, MD5_CTX *md5);
|
||||
|
||||
/* MD5 writes the digest of |len| bytes from |data| to |out| and returns |out|.
|
||||
* There must be at least |MD5_DIGEST_LENGTH| bytes of space in |out|. */
|
||||
OPENSSL_EXPORT uint8_t *MD5(const uint8_t *data, size_t len, uint8_t *out);
|
||||
|
||||
/* MD5_Transform is a low-level function that performs a single, MD5 block
|
||||
* transformation using the state from |md5| and 64 bytes from |block|. */
|
||||
OPENSSL_EXPORT void MD5_Transform(MD5_CTX *md5, const uint8_t *block);
|
||||
|
||||
struct md5_state_st {
|
||||
uint32_t A, B, C, D;
|
||||
uint32_t Nl, Nh;
|
||||
uint32_t data[16];
|
||||
unsigned int num;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_MD5_H */
|
|
@ -0,0 +1,139 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_MEM_H
|
||||
#define OPENSSL_HEADER_MEM_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Memory and string functions, see also buf.h.
|
||||
*
|
||||
* OpenSSL has, historically, had a complex set of malloc debugging options.
|
||||
* However, that was written in a time before Valgrind and ASAN. Since we now
|
||||
* have those tools, the OpenSSL allocation functions are simply macros around
|
||||
* the standard memory functions. */
|
||||
|
||||
|
||||
#define OPENSSL_malloc malloc
|
||||
#define OPENSSL_realloc realloc
|
||||
#define OPENSSL_free free
|
||||
|
||||
/* OPENSSL_realloc_clean acts like |realloc|, but clears the previous memory
|
||||
* buffer. Because this is implemented as a wrapper around |malloc|, it needs
|
||||
* to be given the size of the buffer pointed to by |ptr|. */
|
||||
void *OPENSSL_realloc_clean(void *ptr, size_t old_size, size_t new_size);
|
||||
|
||||
/* OPENSSL_cleanse zeros out |len| bytes of memory at |ptr|. This is similar to
|
||||
* |memset_s| from C11. */
|
||||
OPENSSL_EXPORT void OPENSSL_cleanse(void *ptr, size_t len);
|
||||
|
||||
/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
|
||||
* takes an amount of time dependent on |len|, but independent of the contents
|
||||
* of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
|
||||
* defined order as the return value when a != b is undefined, other than to be
|
||||
* non-zero. */
|
||||
OPENSSL_EXPORT int CRYPTO_memcmp(const void *a, const void *b, size_t len);
|
||||
|
||||
/* OPENSSL_hash32 implements the 32 bit, FNV-1a hash. */
|
||||
OPENSSL_EXPORT uint32_t OPENSSL_hash32(const void *ptr, size_t len);
|
||||
|
||||
/* OPENSSL_strdup has the same behaviour as strdup(3). */
|
||||
OPENSSL_EXPORT char *OPENSSL_strdup(const char *s);
|
||||
|
||||
/* OPENSSL_strnlen has the same behaviour as strnlen(3). */
|
||||
OPENSSL_EXPORT size_t OPENSSL_strnlen(const char *s, size_t len);
|
||||
|
||||
/* OPENSSL_strcasecmp has the same behaviour as strcasecmp(3). */
|
||||
OPENSSL_EXPORT int OPENSSL_strcasecmp(const char *a, const char *b);
|
||||
|
||||
/* OPENSSL_strncasecmp has the same behaviour as strncasecmp(3). */
|
||||
OPENSSL_EXPORT int OPENSSL_strncasecmp(const char *a, const char *b, size_t n);
|
||||
|
||||
/* DECIMAL_SIZE returns an upper bound for the length of the decimal
|
||||
* representation of the given type. */
|
||||
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
|
||||
|
||||
/* Printf functions.
|
||||
*
|
||||
* These functions are either OpenSSL wrappers for standard functions (i.e.
|
||||
* |BIO_snprintf| and |BIO_vsnprintf|) which don't exist in C89, or are
|
||||
* versions of printf functions that output to a BIO rather than a FILE. */
|
||||
#ifdef __GNUC__
|
||||
#define __bio_h__attr__ __attribute__
|
||||
#else
|
||||
#define __bio_h__attr__(x)
|
||||
#endif
|
||||
OPENSSL_EXPORT int BIO_snprintf(char *buf, size_t n, const char *format, ...)
|
||||
__bio_h__attr__((__format__(__printf__, 3, 4)));
|
||||
|
||||
OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format,
|
||||
va_list args)
|
||||
__bio_h__attr__((__format__(__printf__, 3, 0)));
|
||||
#undef __bio_h__attr__
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_MEM_H */
|
|
@ -0,0 +1,223 @@
|
|||
/* ====================================================================
|
||||
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ==================================================================== */
|
||||
|
||||
#ifndef OPENSSL_HEADER_MODES_H
|
||||
#define OPENSSL_HEADER_MODES_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* modes.h contains functions that implement various block-cipher modes. */
|
||||
|
||||
|
||||
/* block128_f is the type of a 128-bit, block cipher. */
|
||||
typedef void (*block128_f)(const uint8_t in[16], uint8_t out[16],
|
||||
const void *key);
|
||||
|
||||
|
||||
/* CTR. */
|
||||
|
||||
/* ctr128_f is the type of a function that performs CTR-mode encryption. */
|
||||
typedef void (*ctr128_f)(const uint8_t *in, uint8_t *out, size_t blocks,
|
||||
const void *key, const uint8_t ivec[16]);
|
||||
|
||||
/* CRYPTO_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode)
|
||||
* |len| bytes from |in| to |out| using |block| in counter mode. There's no
|
||||
* requirement that |len| be a multiple of any value and any partial blocks are
|
||||
* stored in |ecount_buf| and |*num|, which must be zeroed before the initial
|
||||
* call. The counter is a 128-bit, big-endian value in |ivec| and is
|
||||
* incremented by this function. */
|
||||
OPENSSL_EXPORT void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len, const void *key,
|
||||
uint8_t ivec[16],
|
||||
uint8_t ecount_buf[16],
|
||||
unsigned int *num, block128_f block);
|
||||
|
||||
/* CRYPTO_ctr128_encrypt_ctr32 acts like |CRYPTO_ctr128_encrypt| but takes
|
||||
* |ctr|, a function that performs CTR mode but only deals with the lower 32
|
||||
* bits of the counter. This is useful when |ctr| can be an optimised
|
||||
* function. */
|
||||
OPENSSL_EXPORT void CRYPTO_ctr128_encrypt_ctr32(
|
||||
const uint8_t *in, uint8_t *out, size_t len, const void *key,
|
||||
uint8_t ivec[16], uint8_t ecount_buf[16], unsigned int *num, ctr128_f ctr);
|
||||
|
||||
|
||||
/* GCM. */
|
||||
|
||||
typedef struct gcm128_context GCM128_CONTEXT;
|
||||
|
||||
/* CRYPTO_gcm128_new allocates a fresh |GCM128_CONTEXT| and calls
|
||||
* |CRYPTO_gcm128_init|. It returns the new context, or NULL on error. */
|
||||
OPENSSL_EXPORT GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
|
||||
|
||||
/* CRYPTO_gcm128_init initialises |ctx| to use |block| (typically AES) with the
|
||||
* given key. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key,
|
||||
block128_f block);
|
||||
|
||||
/* CRYPTO_gcm128_setiv sets the IV (nonce) for |ctx|. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const uint8_t *iv,
|
||||
size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_aad sets the authenticated data for an instance of GCM. This
|
||||
* must be called before and data is encrypted. It returns one on success and
|
||||
* zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad,
|
||||
size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_encrypt encrypts |len| bytes from |in| to |out|. It returns
|
||||
* one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const uint8_t *in,
|
||||
uint8_t *out, size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_decrypt decrypts |len| bytes from |in| to |out|. It returns
|
||||
* one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const uint8_t *in,
|
||||
uint8_t *out, size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_encrypt_ctr32 encrypts |len| bytes from |in| to |out| using a
|
||||
* CTR function that only handles the bottom 32 bits of the nonce, like
|
||||
* |CRYPTO_ctr128_encrypt_ctr32|. It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
const uint8_t *in, uint8_t *out,
|
||||
size_t len, ctr128_f stream);
|
||||
|
||||
/* CRYPTO_gcm128_decrypt_ctr32 decrypts |len| bytes from |in| to |out| using a
|
||||
* CTR function that only handles the bottom 32 bits of the nonce, like
|
||||
* |CRYPTO_ctr128_encrypt_ctr32|. It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
const uint8_t *in, uint8_t *out,
|
||||
size_t len, ctr128_f stream);
|
||||
|
||||
/* CRYPTO_gcm128_finish calculates the authenticator and compares it against
|
||||
* |len| bytes of |tag|. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag,
|
||||
size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_tag calculates the authenticator and copies it into |tag|. The
|
||||
* minimum of |len| and 16 bytes are copied into |tag|. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, uint8_t *tag,
|
||||
size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_release clears and frees |ctx|. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
|
||||
|
||||
|
||||
/* CBC. */
|
||||
|
||||
/* cbc128_f is the type of a function that performs CBC-mode encryption. */
|
||||
typedef void (*cbc128_f)(const uint8_t *in, uint8_t *out, size_t len,
|
||||
const void *key, uint8_t ivec[16], int enc);
|
||||
|
||||
/* CRYPTO_cbc128_encrypt encrypts |len| bytes from |in| to |out| using the
|
||||
* given IV and block cipher in CBC mode. The input need not be a multiple of
|
||||
* 128 bits long, but the output will round up to the nearest 128 bit multiple,
|
||||
* zero padding the input if needed. The IV will be updated on return. */
|
||||
void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
||||
const void *key, uint8_t ivec[16], block128_f block);
|
||||
|
||||
/* CRYPTO_cbc128_decrypt decrypts |len| bytes from |in| to |out| using the
|
||||
* given IV and block cipher in CBC mode. If |len| is not a multiple of 128
|
||||
* bits then only that many bytes will be written, but a multiple of 128 bits
|
||||
* is always read from |in|. The IV will be updated on return. */
|
||||
void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
|
||||
const void *key, uint8_t ivec[16], block128_f block);
|
||||
|
||||
|
||||
/* OFB. */
|
||||
|
||||
/* CRYPTO_ofb128_encrypt encrypts (or decrypts, it's the same with OFB mode)
|
||||
* |len| bytes from |in| to |out| using |block| in OFB mode. There's no
|
||||
* requirement that |len| be a multiple of any value and any partial blocks are
|
||||
* stored in |ivec| and |*num|, the latter must be zero before the initial
|
||||
* call. */
|
||||
void CRYPTO_ofb128_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len, const void *key, uint8_t ivec[16],
|
||||
int *num, block128_f block);
|
||||
|
||||
|
||||
/* CFB. */
|
||||
|
||||
/* CRYPTO_cfb128_encrypt encrypts (or decrypts, if |enc| is zero) |len| bytes
|
||||
* from |in| to |out| using |block| in CFB mode. There's no requirement that
|
||||
* |len| be a multiple of any value and any partial blocks are stored in |ivec|
|
||||
* and |*num|, the latter must be zero before the initial call. */
|
||||
void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
||||
const void *key, uint8_t ivec[16], int *num, int enc,
|
||||
block128_f block);
|
||||
|
||||
/* CRYPTO_cfb128_8_encrypt encrypts (or decrypts, if |enc| is zero) |len| bytes
|
||||
* from |in| to |out| using |block| in CFB-8 mode. Prior to the first call
|
||||
* |num| should be set to zero. */
|
||||
void CRYPTO_cfb128_8_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
||||
const void *key, uint8_t ivec[16], int *num,
|
||||
int enc, block128_f block);
|
||||
|
||||
/* CRYPTO_cfb128_1_encrypt encrypts (or decrypts, if |enc| is zero) |len| bytes
|
||||
* from |in| to |out| using |block| in CFB-1 mode. Prior to the first call
|
||||
* |num| should be set to zero. */
|
||||
void CRYPTO_cfb128_1_encrypt(const uint8_t *in, uint8_t *out, size_t bits,
|
||||
const void *key, uint8_t ivec[16], int *num,
|
||||
int enc, block128_f block);
|
||||
|
||||
size_t CRYPTO_cts128_encrypt_block(const uint8_t *in, uint8_t *out, size_t len,
|
||||
const void *key, uint8_t ivec[16],
|
||||
block128_f block);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_MODES_H */
|
|
@ -0,0 +1,202 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_OBJECTS_H
|
||||
#define OPENSSL_HEADER_OBJECTS_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/bytestring.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* The objects library deals with the registration and indexing of ASN.1 object
|
||||
* identifiers. These values are often written as a dotted sequence of numbers,
|
||||
* e.g. 1.2.840.113549.1.9.16.3.9.
|
||||
*
|
||||
* Internally, OpenSSL likes to deal with these values by numbering them with
|
||||
* numbers called "nids". OpenSSL has a large, built-in database of common
|
||||
* object identifiers and also has both short and long names for them.
|
||||
*
|
||||
* This library provides functions for translating between object identifiers,
|
||||
* nids, short names and long names.
|
||||
*
|
||||
* The nid values should not be used outside of a single process: they are not
|
||||
* stable identifiers. */
|
||||
|
||||
|
||||
/* Basic operations. */
|
||||
|
||||
/* OBJ_dup returns a duplicate copy of |obj| or NULL on allocation failure. */
|
||||
OPENSSL_EXPORT ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *obj);
|
||||
|
||||
/* OBJ_cmp returns a value less than, equal to or greater than zero if |a| is
|
||||
* less than, equal to or greater than |b|, respectively. */
|
||||
OPENSSL_EXPORT int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
|
||||
|
||||
|
||||
/* Looking up nids. */
|
||||
|
||||
/* OBJ_obj2nid returns the nid corresponding to |obj|, or |NID_undef| if no
|
||||
* such object is known. */
|
||||
OPENSSL_EXPORT int OBJ_obj2nid(const ASN1_OBJECT *obj);
|
||||
|
||||
/* OBJ_cbs2nid returns the nid corresponding to the DER data in |cbs|, or
|
||||
* |NID_undef| if no such object is known. */
|
||||
OPENSSL_EXPORT int OBJ_cbs2nid(const CBS *cbs);
|
||||
|
||||
/* OBJ_sn2nid returns the nid corresponding to |short_name|, or |NID_undef| if
|
||||
* no such short name is known. */
|
||||
OPENSSL_EXPORT int OBJ_sn2nid(const char *short_name);
|
||||
|
||||
/* OBJ_ln2nid returns the nid corresponding to |long_name|, or |NID_undef| if
|
||||
* no such long name is known. */
|
||||
OPENSSL_EXPORT int OBJ_ln2nid(const char *long_name);
|
||||
|
||||
/* OBJ_txt2nid returns the nid corresponding to |s|, which may be a short name,
|
||||
* long name, or an ASCII string containing a dotted sequence of numbers. It
|
||||
* returns the nid or NID_undef if unknown. */
|
||||
OPENSSL_EXPORT int OBJ_txt2nid(const char *s);
|
||||
|
||||
|
||||
/* Getting information about nids. */
|
||||
|
||||
/* OBJ_nid2obj returns the ASN1_OBJECT corresponding to |nid|, or NULL if |nid|
|
||||
* is unknown. */
|
||||
OPENSSL_EXPORT const ASN1_OBJECT *OBJ_nid2obj(int nid);
|
||||
|
||||
/* OBJ_nid2sn returns the short name for |nid|, or NULL if |nid| is unknown. */
|
||||
OPENSSL_EXPORT const char *OBJ_nid2sn(int nid);
|
||||
|
||||
/* OBJ_nid2sn returns the long name for |nid|, or NULL if |nid| is unknown. */
|
||||
OPENSSL_EXPORT const char *OBJ_nid2ln(int nid);
|
||||
|
||||
/* OBJ_nid2cbs writes |nid| as an ASN.1 OBJECT IDENTIFIER to |out|. It returns
|
||||
* one on success or zero otherwise. */
|
||||
OPENSSL_EXPORT int OBJ_nid2cbb(CBB *out, int nid);
|
||||
|
||||
|
||||
/* Dealing with textual representations of object identifiers. */
|
||||
|
||||
/* OBJ_txt2obj returns an ASN1_OBJECT for the textual respresentation in |s|.
|
||||
* If |dont_search_names| is zero, then |s| will be matched against the long
|
||||
* and short names of a known objects to find a match. Otherwise |s| must
|
||||
* contain an ASCII string with a dotted sequence of numbers. The resulting
|
||||
* object need not be previously known. It returns a freshly allocated
|
||||
* |ASN1_OBJECT| or NULL on error. */
|
||||
OPENSSL_EXPORT ASN1_OBJECT *OBJ_txt2obj(const char *s, int dont_search_names);
|
||||
|
||||
/* OBJ_obj2txt converts |obj| to a textual representation. If
|
||||
* |dont_return_name| is zero then |obj| will be matched against known objects
|
||||
* and the long (preferably) or short name will be used if found. Otherwise
|
||||
* |obj| will be converted into a dotted sequence of integers. If |out| is not
|
||||
* NULL, then at most |out_len| bytes of the textual form will be written
|
||||
* there. If |out_len| is at least one, then string written to |out| will
|
||||
* always be NUL terminated. It returns the number of characters that could
|
||||
* have been written, not including the final NUL, or -1 on error. */
|
||||
OPENSSL_EXPORT int OBJ_obj2txt(char *out, int out_len, const ASN1_OBJECT *obj,
|
||||
int dont_return_name);
|
||||
|
||||
|
||||
/* Adding objects at runtime. */
|
||||
|
||||
/* OBJ_create adds a known object and returns the nid of the new object, or
|
||||
* NID_undef on error. */
|
||||
OPENSSL_EXPORT int OBJ_create(const char *oid, const char *short_name,
|
||||
const char *long_name);
|
||||
|
||||
|
||||
/* Handling signature algorithm identifiers.
|
||||
*
|
||||
* Some NIDs (e.g. sha256WithRSAEncryption) specify both a digest algorithm and
|
||||
* a public key algorithm. The following functions map between pairs of digest
|
||||
* and public-key algorithms and the NIDs that specify their combination.
|
||||
*
|
||||
* Sometimes the combination NID leaves the digest unspecified (e.g.
|
||||
* rsassaPss). In these cases, the digest NID is |NID_undef|. */
|
||||
|
||||
/* OBJ_find_sigid_algs finds the digest and public-key NIDs that correspond to
|
||||
* the signing algorithm |sign_nid|. If successful, it sets |*out_digest_nid|
|
||||
* and |*out_pkey_nid| and returns one. Otherwise it returns zero. Any of
|
||||
* |out_digest_nid| or |out_pkey_nid| can be NULL if the caller doesn't need
|
||||
* that output value. */
|
||||
OPENSSL_EXPORT int OBJ_find_sigid_algs(int sign_nid, int *out_digest_nid,
|
||||
int *out_pkey_nid);
|
||||
|
||||
/* OBJ_find_sigid_by_algs finds the signature NID that corresponds to the
|
||||
* combination of |digest_nid| and |pkey_nid|. If success, it sets
|
||||
* |*out_sign_nid| and returns one. Otherwise it returns zero. The
|
||||
* |out_sign_nid| argument can be NULL if the caller only wishes to learn
|
||||
* whether the combination is valid. */
|
||||
OPENSSL_EXPORT int OBJ_find_sigid_by_algs(int *out_sign_nid, int digest_nid,
|
||||
int pkey_nid);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define OBJ_F_OBJ_create 100
|
||||
#define OBJ_F_OBJ_dup 101
|
||||
#define OBJ_F_OBJ_nid2obj 102
|
||||
#define OBJ_F_OBJ_txt2obj 103
|
||||
#define OBJ_R_UNKNOWN_NID 100
|
||||
|
||||
#endif /* OPENSSL_HEADER_OBJECTS_H */
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,18 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "obj.h"
|
|
@ -0,0 +1,60 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_OPENSSLFEATURES_H
|
||||
#define OPENSSL_HEADER_OPENSSLFEATURES_H
|
||||
|
||||
|
||||
#define OPENSSL_NO_BF
|
||||
#define OPENSSL_NO_BUF_FREELISTS
|
||||
#define OPENSSL_NO_CAMELLIA
|
||||
#define OPENSSL_NO_CAPIENG
|
||||
#define OPENSSL_NO_CAST
|
||||
#define OPENSSL_NO_CMS
|
||||
#define OPENSSL_NO_COMP
|
||||
#define OPENSSL_NO_DANE
|
||||
#define OPENSSL_NO_DEPRECATED
|
||||
#define OPENSSL_NO_DYNAMIC_ENGINE
|
||||
#define OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
#define OPENSSL_NO_EC2M
|
||||
#define OPENSSL_NO_ENGINE
|
||||
#define OPENSSL_NO_GMP
|
||||
#define OPENSSL_NO_GOST
|
||||
#define OPENSSL_NO_HEARTBEATS
|
||||
#define OPENSSL_NO_HW
|
||||
#define OPENSSL_NO_IDEA
|
||||
#define OPENSSL_NO_JPAKE
|
||||
#define OPENSSL_NO_KRB5
|
||||
#define OPENSSL_NO_MD2
|
||||
#define OPENSSL_NO_MDC2
|
||||
#define OPENSSL_NO_OCB
|
||||
#define OPENSSL_NO_OCSP
|
||||
#define OPENSSL_NO_RC2
|
||||
#define OPENSSL_NO_RC5
|
||||
#define OPENSSL_NO_RFC3779
|
||||
#define OPENSSL_NO_RIPEMD
|
||||
#define OPENSSL_NO_RMD160
|
||||
#define OPENSSL_NO_SCTP
|
||||
#define OPENSSL_NO_SEED
|
||||
#define OPENSSL_NO_SRP
|
||||
#define OPENSSL_NO_SSL2
|
||||
#define OPENSSL_NO_STATIC_ENGINE
|
||||
#define OPENSSL_NO_STORE
|
||||
#define OPENSSL_NO_WHIRLPOOL
|
||||
|
||||
|
||||
#endif /* OPENSSL_HEADER_OPENSSLFEATURES_H */
|
|
@ -0,0 +1,18 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "crypto.h"
|
|
@ -0,0 +1,18 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "base.h"
|
|
@ -0,0 +1,545 @@
|
|||
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_PEM_H
|
||||
#define OPENSSL_HEADER_PEM_H
|
||||
|
||||
#include <openssl/base64.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/cipher.h>
|
||||
#include <openssl/digest.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/stack.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#define PEM_BUFSIZE 1024
|
||||
|
||||
#define PEM_OBJ_UNDEF 0
|
||||
#define PEM_OBJ_X509 1
|
||||
#define PEM_OBJ_X509_REQ 2
|
||||
#define PEM_OBJ_CRL 3
|
||||
#define PEM_OBJ_SSL_SESSION 4
|
||||
#define PEM_OBJ_PRIV_KEY 10
|
||||
#define PEM_OBJ_PRIV_RSA 11
|
||||
#define PEM_OBJ_PRIV_DSA 12
|
||||
#define PEM_OBJ_PRIV_DH 13
|
||||
#define PEM_OBJ_PUB_RSA 14
|
||||
#define PEM_OBJ_PUB_DSA 15
|
||||
#define PEM_OBJ_PUB_DH 16
|
||||
#define PEM_OBJ_DHPARAMS 17
|
||||
#define PEM_OBJ_DSAPARAMS 18
|
||||
#define PEM_OBJ_PRIV_RSA_PUBLIC 19
|
||||
#define PEM_OBJ_PRIV_ECDSA 20
|
||||
#define PEM_OBJ_PUB_ECDSA 21
|
||||
#define PEM_OBJ_ECPARAMETERS 22
|
||||
|
||||
#define PEM_ERROR 30
|
||||
#define PEM_DEK_DES_CBC 40
|
||||
#define PEM_DEK_IDEA_CBC 45
|
||||
#define PEM_DEK_DES_EDE 50
|
||||
#define PEM_DEK_DES_ECB 60
|
||||
#define PEM_DEK_RSA 70
|
||||
#define PEM_DEK_RSA_MD2 80
|
||||
#define PEM_DEK_RSA_MD5 90
|
||||
|
||||
#define PEM_MD_MD2 NID_md2
|
||||
#define PEM_MD_MD5 NID_md5
|
||||
#define PEM_MD_SHA NID_sha
|
||||
#define PEM_MD_MD2_RSA NID_md2WithRSAEncryption
|
||||
#define PEM_MD_MD5_RSA NID_md5WithRSAEncryption
|
||||
#define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption
|
||||
|
||||
#define PEM_STRING_X509_OLD "X509 CERTIFICATE"
|
||||
#define PEM_STRING_X509 "CERTIFICATE"
|
||||
#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR"
|
||||
#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
|
||||
#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
|
||||
#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST"
|
||||
#define PEM_STRING_X509_CRL "X509 CRL"
|
||||
#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY"
|
||||
#define PEM_STRING_PUBLIC "PUBLIC KEY"
|
||||
#define PEM_STRING_RSA "RSA PRIVATE KEY"
|
||||
#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"
|
||||
#define PEM_STRING_DSA "DSA PRIVATE KEY"
|
||||
#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
|
||||
#define PEM_STRING_PKCS7 "PKCS7"
|
||||
#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
|
||||
#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
|
||||
#define PEM_STRING_PKCS8INF "PRIVATE KEY"
|
||||
#define PEM_STRING_DHPARAMS "DH PARAMETERS"
|
||||
#define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS"
|
||||
#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
|
||||
#define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
|
||||
#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
|
||||
#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
|
||||
#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
|
||||
#define PEM_STRING_PARAMETERS "PARAMETERS"
|
||||
#define PEM_STRING_CMS "CMS"
|
||||
|
||||
/* Note that this structure is initialised by PEM_SealInit and cleaned up
|
||||
by PEM_SealFinal (at least for now) */
|
||||
typedef struct PEM_Encode_Seal_st
|
||||
{
|
||||
EVP_ENCODE_CTX encode;
|
||||
EVP_MD_CTX md;
|
||||
EVP_CIPHER_CTX cipher;
|
||||
} PEM_ENCODE_SEAL_CTX;
|
||||
|
||||
/* enc_type is one off */
|
||||
#define PEM_TYPE_ENCRYPTED 10
|
||||
#define PEM_TYPE_MIC_ONLY 20
|
||||
#define PEM_TYPE_MIC_CLEAR 30
|
||||
#define PEM_TYPE_CLEAR 40
|
||||
|
||||
typedef struct pem_recip_st
|
||||
{
|
||||
char *name;
|
||||
X509_NAME *dn;
|
||||
|
||||
int cipher;
|
||||
int key_enc;
|
||||
/* char iv[8]; unused and wrong size */
|
||||
} PEM_USER;
|
||||
|
||||
typedef struct pem_ctx_st
|
||||
{
|
||||
int type; /* what type of object */
|
||||
|
||||
struct {
|
||||
int version;
|
||||
int mode;
|
||||
} proc_type;
|
||||
|
||||
char *domain;
|
||||
|
||||
struct {
|
||||
int cipher;
|
||||
/* unused, and wrong size
|
||||
unsigned char iv[8]; */
|
||||
} DEK_info;
|
||||
|
||||
PEM_USER *originator;
|
||||
|
||||
int num_recipient;
|
||||
PEM_USER **recipient;
|
||||
|
||||
EVP_MD *md; /* signature type */
|
||||
|
||||
int md_enc; /* is the md encrypted or not? */
|
||||
int md_len; /* length of md_data */
|
||||
char *md_data; /* message digest, could be pkey encrypted */
|
||||
|
||||
EVP_CIPHER *dec; /* date encryption cipher */
|
||||
int key_len; /* key length */
|
||||
unsigned char *key; /* key */
|
||||
/* unused, and wrong size
|
||||
unsigned char iv[8]; */
|
||||
|
||||
|
||||
int data_enc; /* is the data encrypted */
|
||||
int data_len;
|
||||
unsigned char *data;
|
||||
} PEM_CTX;
|
||||
|
||||
/* These macros make the PEM_read/PEM_write functions easier to maintain and
|
||||
* write. Now they are all implemented with either:
|
||||
* IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
|
||||
*/
|
||||
|
||||
#ifdef OPENSSL_NO_FP_API
|
||||
|
||||
#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
|
||||
#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
|
||||
#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
|
||||
#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
|
||||
#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
|
||||
|
||||
#else
|
||||
|
||||
#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
|
||||
OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
|
||||
{ \
|
||||
return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
|
||||
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x) \
|
||||
{ \
|
||||
return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
|
||||
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x) \
|
||||
{ \
|
||||
return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
|
||||
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
|
||||
unsigned char *kstr, int klen, pem_password_cb *cb, \
|
||||
void *u) \
|
||||
{ \
|
||||
return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
|
||||
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
|
||||
unsigned char *kstr, int klen, pem_password_cb *cb, \
|
||||
void *u) \
|
||||
{ \
|
||||
return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
|
||||
OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
|
||||
{ \
|
||||
return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x) \
|
||||
{ \
|
||||
return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x) \
|
||||
{ \
|
||||
return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
|
||||
unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
|
||||
{ \
|
||||
return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
|
||||
unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
|
||||
{ \
|
||||
return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_fp(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_read(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_read_fp(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_read(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_read(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_const(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_read(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_cb(name, type, str, asn1)
|
||||
|
||||
/* These are the same except they are for the declarations */
|
||||
|
||||
#if defined(OPENSSL_NO_FP_API)
|
||||
|
||||
#define DECLARE_PEM_read_fp(name, type) /**/
|
||||
#define DECLARE_PEM_write_fp(name, type) /**/
|
||||
#define DECLARE_PEM_write_cb_fp(name, type) /**/
|
||||
|
||||
#else
|
||||
|
||||
#define DECLARE_PEM_read_fp(name, type) \
|
||||
OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
|
||||
|
||||
#define DECLARE_PEM_write_fp(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x);
|
||||
|
||||
#define DECLARE_PEM_write_fp_const(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x);
|
||||
|
||||
#define DECLARE_PEM_write_cb_fp(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
|
||||
unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
|
||||
|
||||
#endif
|
||||
|
||||
#define DECLARE_PEM_read_bio(name, type) \
|
||||
OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
|
||||
|
||||
#define DECLARE_PEM_write_bio(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x);
|
||||
|
||||
#define DECLARE_PEM_write_bio_const(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x);
|
||||
|
||||
#define DECLARE_PEM_write_cb_bio(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
|
||||
unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
|
||||
|
||||
|
||||
#define DECLARE_PEM_write(name, type) \
|
||||
DECLARE_PEM_write_bio(name, type) \
|
||||
DECLARE_PEM_write_fp(name, type)
|
||||
|
||||
#define DECLARE_PEM_write_const(name, type) \
|
||||
DECLARE_PEM_write_bio_const(name, type) \
|
||||
DECLARE_PEM_write_fp_const(name, type)
|
||||
|
||||
#define DECLARE_PEM_write_cb(name, type) \
|
||||
DECLARE_PEM_write_cb_bio(name, type) \
|
||||
DECLARE_PEM_write_cb_fp(name, type)
|
||||
|
||||
#define DECLARE_PEM_read(name, type) \
|
||||
DECLARE_PEM_read_bio(name, type) \
|
||||
DECLARE_PEM_read_fp(name, type)
|
||||
|
||||
#define DECLARE_PEM_rw(name, type) \
|
||||
DECLARE_PEM_read(name, type) \
|
||||
DECLARE_PEM_write(name, type)
|
||||
|
||||
#define DECLARE_PEM_rw_const(name, type) \
|
||||
DECLARE_PEM_read(name, type) \
|
||||
DECLARE_PEM_write_const(name, type)
|
||||
|
||||
#define DECLARE_PEM_rw_cb(name, type) \
|
||||
DECLARE_PEM_read(name, type) \
|
||||
DECLARE_PEM_write_cb(name, type)
|
||||
|
||||
/* "userdata": new with OpenSSL 0.9.4 */
|
||||
typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
|
||||
|
||||
OPENSSL_EXPORT int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
|
||||
OPENSSL_EXPORT int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, pem_password_cb *callback,void *u);
|
||||
|
||||
OPENSSL_EXPORT int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,long *len);
|
||||
OPENSSL_EXPORT int PEM_write_bio(BIO *bp,const char *name, const char *hdr, const unsigned char *data, long len);
|
||||
OPENSSL_EXPORT int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x, const EVP_CIPHER *enc,unsigned char *kstr,int klen, pem_password_cb *cb, void *u);
|
||||
|
||||
OPENSSL_EXPORT STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
|
||||
|
||||
OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,long *len);
|
||||
OPENSSL_EXPORT int PEM_write(FILE *fp, const char *name, const char *hdr, const unsigned char *data, long len);
|
||||
OPENSSL_EXPORT void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, void *x,const EVP_CIPHER *enc,unsigned char *kstr, int klen,pem_password_cb *callback, void *u);
|
||||
OPENSSL_EXPORT STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
|
||||
|
||||
OPENSSL_EXPORT int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk);
|
||||
OPENSSL_EXPORT void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl);
|
||||
OPENSSL_EXPORT int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl, unsigned char *out, int *outl, EVP_PKEY *priv);
|
||||
|
||||
OPENSSL_EXPORT void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
|
||||
OPENSSL_EXPORT void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
|
||||
OPENSSL_EXPORT int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey);
|
||||
|
||||
/* |PEM_def_callback| treats |userdata| as a string and copies it into |buf|,
|
||||
* assuming its |size| is sufficient. Returns the length of the string, or 0
|
||||
* if there is not enough room. If either |buf| or |userdata| is NULL, 0 is
|
||||
* returned. Note that this is different from OpenSSL, which prompts for a
|
||||
* password. */
|
||||
OPENSSL_EXPORT int PEM_def_callback(char *buf, int size, int rwflag, void *userdata);
|
||||
OPENSSL_EXPORT void PEM_proc_type(char *buf, int type);
|
||||
OPENSSL_EXPORT void PEM_dek_info(char *buf, const char *type, int len, char *str);
|
||||
|
||||
|
||||
DECLARE_PEM_rw(X509, X509)
|
||||
|
||||
DECLARE_PEM_rw(X509_AUX, X509)
|
||||
|
||||
DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
|
||||
|
||||
DECLARE_PEM_rw(X509_REQ, X509_REQ)
|
||||
DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
|
||||
|
||||
DECLARE_PEM_rw(X509_CRL, X509_CRL)
|
||||
|
||||
/* DECLARE_PEM_rw(PKCS7, PKCS7) */
|
||||
|
||||
DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
|
||||
|
||||
DECLARE_PEM_rw(PKCS8, X509_SIG)
|
||||
|
||||
DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
|
||||
|
||||
DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
|
||||
|
||||
DECLARE_PEM_rw_const(RSAPublicKey, RSA)
|
||||
DECLARE_PEM_rw(RSA_PUBKEY, RSA)
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
|
||||
DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
|
||||
|
||||
DECLARE_PEM_rw(DSA_PUBKEY, DSA)
|
||||
|
||||
DECLARE_PEM_rw_const(DSAparams, DSA)
|
||||
|
||||
#endif
|
||||
|
||||
DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
|
||||
DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
|
||||
DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
|
||||
|
||||
|
||||
DECLARE_PEM_rw_const(DHparams, DH)
|
||||
DECLARE_PEM_write_const(DHxparams, DH)
|
||||
|
||||
|
||||
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
|
||||
|
||||
DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
|
||||
|
||||
OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, char *, int, pem_password_cb *, void *);
|
||||
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
|
||||
|
||||
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u);
|
||||
|
||||
OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
|
||||
|
||||
OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, char *kstr,int klen, pem_password_cb *cd, void *u);
|
||||
|
||||
OPENSSL_EXPORT EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
|
||||
OPENSSL_EXPORT int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
|
||||
|
||||
|
||||
OPENSSL_EXPORT EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
|
||||
OPENSSL_EXPORT EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
|
||||
OPENSSL_EXPORT EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
|
||||
OPENSSL_EXPORT EVP_PKEY *b2i_PublicKey_bio(BIO *in);
|
||||
OPENSSL_EXPORT int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
|
||||
OPENSSL_EXPORT int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
|
||||
OPENSSL_EXPORT EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, void *u);
|
||||
|
||||
|
||||
void ERR_load_PEM_strings(void);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#define PEM_F_PEM_ASN1_read 100
|
||||
#define PEM_F_PEM_ASN1_read_bio 101
|
||||
#define PEM_F_PEM_ASN1_write 102
|
||||
#define PEM_F_PEM_ASN1_write_bio 103
|
||||
#define PEM_F_PEM_X509_INFO_read 104
|
||||
#define PEM_F_PEM_X509_INFO_read_bio 105
|
||||
#define PEM_F_PEM_X509_INFO_write_bio 106
|
||||
#define PEM_F_PEM_do_header 107
|
||||
#define PEM_F_PEM_get_EVP_CIPHER_INFO 108
|
||||
#define PEM_F_PEM_read 109
|
||||
#define PEM_F_PEM_read_DHparams 110
|
||||
#define PEM_F_PEM_read_PrivateKey 111
|
||||
#define PEM_F_PEM_read_bio 112
|
||||
#define PEM_F_PEM_read_bio_DHparams 113
|
||||
#define PEM_F_PEM_read_bio_Parameters 114
|
||||
#define PEM_F_PEM_read_bio_PrivateKey 115
|
||||
#define PEM_F_PEM_write 116
|
||||
#define PEM_F_PEM_write_PrivateKey 117
|
||||
#define PEM_F_PEM_write_bio 118
|
||||
#define PEM_F_d2i_PKCS8PrivateKey_bio 119
|
||||
#define PEM_F_d2i_PKCS8PrivateKey_fp 120
|
||||
#define PEM_F_do_pk8pkey 121
|
||||
#define PEM_F_do_pk8pkey_fp 122
|
||||
#define PEM_F_load_iv 123
|
||||
#define PEM_R_BAD_BASE64_DECODE 100
|
||||
#define PEM_R_BAD_DECRYPT 101
|
||||
#define PEM_R_BAD_END_LINE 102
|
||||
#define PEM_R_BAD_IV_CHARS 103
|
||||
#define PEM_R_BAD_PASSWORD_READ 104
|
||||
#define PEM_R_CIPHER_IS_NULL 105
|
||||
#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 106
|
||||
#define PEM_R_NOT_DEK_INFO 107
|
||||
#define PEM_R_NOT_ENCRYPTED 108
|
||||
#define PEM_R_NOT_PROC_TYPE 109
|
||||
#define PEM_R_NO_START_LINE 110
|
||||
#define PEM_R_READ_KEY 111
|
||||
#define PEM_R_SHORT_HEADER 112
|
||||
#define PEM_R_UNSUPPORTED_CIPHER 113
|
||||
#define PEM_R_UNSUPPORTED_ENCRYPTION 114
|
||||
|
||||
#endif /* OPENSSL_HEADER_PEM_H */
|
|
@ -0,0 +1,18 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "pkcs8.h"
|
|
@ -0,0 +1,16 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
|
@ -0,0 +1,217 @@
|
|||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 1999.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* licensing@OpenSSL.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com). */
|
||||
|
||||
|
||||
#ifndef OPENSSL_HEADER_PKCS8_H
|
||||
#define OPENSSL_HEADER_PKCS8_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* PKCS8_encrypt_pbe serializes and encrypts a PKCS8_PRIV_KEY_INFO with PBES1 as
|
||||
* defined in PKCS #5. Only pbeWithSHAAnd128BitRC4,
|
||||
* pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHA1And40BitRC2, defined in PKCS
|
||||
* #12, are supported. The |pass_raw_len| bytes pointed to by |pass_raw| are
|
||||
* used as the password. Note that any conversions from the password as
|
||||
* supplied in a text string (such as those specified in B.1 of PKCS #12) must
|
||||
* be performed by the caller.
|
||||
*
|
||||
* If |salt| is NULL, a random salt of |salt_len| bytes is generated. If
|
||||
* |salt_len| is zero, a default salt length is used instead.
|
||||
*
|
||||
* The resulting structure is stored in an X509_SIG which must be freed by the
|
||||
* caller.
|
||||
*
|
||||
* TODO(davidben): Really? An X509_SIG? OpenSSL probably did that because it has
|
||||
* the same structure as EncryptedPrivateKeyInfo. */
|
||||
OPENSSL_EXPORT X509_SIG *PKCS8_encrypt_pbe(int pbe_nid,
|
||||
const uint8_t *pass_raw,
|
||||
size_t pass_raw_len,
|
||||
uint8_t *salt, size_t salt_len,
|
||||
int iterations,
|
||||
PKCS8_PRIV_KEY_INFO *p8inf);
|
||||
|
||||
/* PKCS8_decrypt_pbe decrypts and decodes a PKCS8_PRIV_KEY_INFO with PBES1 as
|
||||
* defined in PKCS #5. Only pbeWithSHAAnd128BitRC4,
|
||||
* pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHA1And40BitRC2, defined in PKCS
|
||||
* #12, are supported. The |pass_raw_len| bytes pointed to by |pass_raw| are
|
||||
* used as the password. Note that any conversions from the password as
|
||||
* supplied in a text string (such as those specified in B.1 of PKCS #12) must
|
||||
* be performed by the caller.
|
||||
*
|
||||
* The resulting structure must be freed by the caller. */
|
||||
OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_pbe(X509_SIG *pkcs8,
|
||||
const uint8_t *pass_raw,
|
||||
size_t pass_raw_len);
|
||||
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
/* PKCS8_encrypt calls PKCS8_encrypt_pbe after treating |pass| as an ASCII
|
||||
* string, appending U+0000, and converting to UCS-2. (So the empty password
|
||||
* encodes as two NUL bytes.) The |cipher| argument is ignored. */
|
||||
OPENSSL_EXPORT X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
|
||||
const char *pass, int pass_len,
|
||||
uint8_t *salt, size_t salt_len,
|
||||
int iterations,
|
||||
PKCS8_PRIV_KEY_INFO *p8inf);
|
||||
|
||||
/* PKCS8_decrypt calls PKCS8_decrypt_pbe after treating |pass| as an ASCII
|
||||
* string, appending U+0000, and converting to UCS-2. (So the empty password
|
||||
* encodes as two NUL bytes.) */
|
||||
OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *pkcs8,
|
||||
const char *pass,
|
||||
int pass_len);
|
||||
|
||||
/* PKCS12_get_key_and_certs parses a PKCS#12 structure from |in|, authenticates
|
||||
* and decrypts it using |password|, sets |*out_key| to the included private
|
||||
* key and appends the included certificates to |out_certs|. It returns one on
|
||||
* success and zero on error. The caller takes ownership of the outputs. */
|
||||
OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key,
|
||||
STACK_OF(X509) *out_certs,
|
||||
CBS *in, const char *password);
|
||||
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
/* PKCS12_PBE_add does nothing. It exists for compatibility with OpenSSL. */
|
||||
OPENSSL_EXPORT void PKCS12_PBE_add(void);
|
||||
|
||||
/* d2i_PKCS12 is a dummy function that copies |*ber_bytes| into a
|
||||
* |PKCS12| structure. The |out_p12| argument must be NULL. On exit,
|
||||
* |*ber_bytes| will be advanced by |ber_len|. It returns a fresh |PKCS12|
|
||||
* structure or NULL on error.
|
||||
*
|
||||
* Note: unlike other d2i functions, |d2i_PKCS12| will always consume |ber_len|
|
||||
* bytes.*/
|
||||
OPENSSL_EXPORT PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes,
|
||||
size_t ber_len);
|
||||
|
||||
/* d2i_PKCS12_bio acts like |d2i_PKCS12| but reads from a |BIO|. */
|
||||
OPENSSL_EXPORT PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12);
|
||||
|
||||
/* d2i_PKCS12_fp acts like |d2i_PKCS12| but reads from a |FILE|. */
|
||||
OPENSSL_EXPORT PKCS12* d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12);
|
||||
|
||||
/* PKCS12_parse calls |PKCS12_get_key_and_certs| on the ASN.1 data stored in
|
||||
* |p12|. The |out_pkey| and |out_cert| arguments must not be NULL and, on
|
||||
* successful exit, the private key and first certificate will be stored in
|
||||
* them. The |out_ca_certs| argument may be NULL but, if not, then any extra
|
||||
* certificates will be appended to |*out_ca_certs|. If |*out_ca_certs| is NULL
|
||||
* then it will be set to a freshly allocated stack containing the extra certs.
|
||||
*
|
||||
* It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int PKCS12_parse(const PKCS12 *p12, const char *password,
|
||||
EVP_PKEY **out_pkey, X509 **out_cert,
|
||||
STACK_OF(X509) **out_ca_certs);
|
||||
|
||||
/* PKCS12_free frees |p12| and its contents. */
|
||||
OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12);
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define PKCS8_F_EVP_PKCS82PKEY 100
|
||||
#define PKCS8_F_EVP_PKEY2PKCS8 101
|
||||
#define PKCS8_F_PKCS12_get_key_and_certs 102
|
||||
#define PKCS8_F_PKCS12_handle_content_info 103
|
||||
#define PKCS8_F_PKCS12_handle_content_infos 104
|
||||
#define PKCS8_F_PKCS5_pbe2_set_iv 105
|
||||
#define PKCS8_F_PKCS5_pbe_set 106
|
||||
#define PKCS8_F_PKCS5_pbe_set0_algor 107
|
||||
#define PKCS8_F_PKCS5_pbkdf2_set 108
|
||||
#define PKCS8_F_PKCS8_decrypt 109
|
||||
#define PKCS8_F_PKCS8_encrypt 110
|
||||
#define PKCS8_F_PKCS8_encrypt_pbe 111
|
||||
#define PKCS8_F_pbe_cipher_init 112
|
||||
#define PKCS8_F_pbe_crypt 113
|
||||
#define PKCS8_F_pkcs12_item_decrypt_d2i 114
|
||||
#define PKCS8_F_pkcs12_item_i2d_encrypt 115
|
||||
#define PKCS8_F_pkcs12_key_gen_raw 116
|
||||
#define PKCS8_F_pkcs12_pbe_keyivgen 117
|
||||
#define PKCS8_R_BAD_PKCS12_DATA 100
|
||||
#define PKCS8_R_BAD_PKCS12_VERSION 101
|
||||
#define PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 102
|
||||
#define PKCS8_R_CRYPT_ERROR 103
|
||||
#define PKCS8_R_DECODE_ERROR 104
|
||||
#define PKCS8_R_ENCODE_ERROR 105
|
||||
#define PKCS8_R_ENCRYPT_ERROR 106
|
||||
#define PKCS8_R_ERROR_SETTING_CIPHER_PARAMS 107
|
||||
#define PKCS8_R_INCORRECT_PASSWORD 108
|
||||
#define PKCS8_R_KEYGEN_FAILURE 109
|
||||
#define PKCS8_R_KEY_GEN_ERROR 110
|
||||
#define PKCS8_R_METHOD_NOT_SUPPORTED 111
|
||||
#define PKCS8_R_MISSING_MAC 112
|
||||
#define PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12 113
|
||||
#define PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED 114
|
||||
#define PKCS8_R_PKCS12_TOO_DEEPLY_NESTED 115
|
||||
#define PKCS8_R_PRIVATE_KEY_DECODE_ERROR 116
|
||||
#define PKCS8_R_PRIVATE_KEY_ENCODE_ERROR 117
|
||||
#define PKCS8_R_TOO_LONG 118
|
||||
#define PKCS8_R_UNKNOWN_ALGORITHM 119
|
||||
#define PKCS8_R_UNKNOWN_CIPHER 120
|
||||
#define PKCS8_R_UNKNOWN_CIPHER_ALGORITHM 121
|
||||
#define PKCS8_R_UNKNOWN_DIGEST 122
|
||||
#define PKCS8_R_UNKNOWN_HASH 123
|
||||
#define PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 124
|
||||
|
||||
#endif /* OPENSSL_HEADER_PKCS8_H */
|
|
@ -0,0 +1,47 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_POLY1305_H
|
||||
#define OPENSSL_HEADER_POLY1305_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
typedef unsigned char poly1305_state[512];
|
||||
|
||||
/* poly1305_init sets up |state| so that it can be used to calculate an
|
||||
* authentication tag with the one-time key |key|. Note that |key| is a
|
||||
* one-time key and therefore there is no `reset' method because that would
|
||||
* enable several messages to be authenticated with the same key. */
|
||||
extern void CRYPTO_poly1305_init(poly1305_state* state, const uint8_t key[32]);
|
||||
|
||||
/* poly1305_update processes |in_len| bytes from |in|. It can be called zero or
|
||||
* more times after poly1305_init. */
|
||||
extern void CRYPTO_poly1305_update(poly1305_state* state, const uint8_t* in,
|
||||
size_t in_len);
|
||||
|
||||
/* poly1305_finish completes the poly1305 calculation and writes a 16 byte
|
||||
* authentication tag to |mac|. The |mac| address must be 16-byte aligned. */
|
||||
extern void CRYPTO_poly1305_finish(poly1305_state* state, uint8_t mac[16]);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_POLY1305_H */
|
|
@ -0,0 +1,146 @@
|
|||
/*
|
||||
* DTLS implementation written by Nagendra Modadugu
|
||||
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@OpenSSL.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com). */
|
||||
|
||||
#ifndef OPENSSL_HEADER_PQUEUE_H
|
||||
#define OPENSSL_HEADER_PQUEUE_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Priority queue.
|
||||
*
|
||||
* The priority queue maintains a linked-list of nodes, each with a unique,
|
||||
* 64-bit priority, in ascending priority order. */
|
||||
|
||||
typedef struct _pqueue *pqueue;
|
||||
|
||||
typedef struct _pitem {
|
||||
uint8_t priority[8]; /* 64-bit value in big-endian encoding */
|
||||
void *data;
|
||||
struct _pitem *next;
|
||||
} pitem;
|
||||
|
||||
typedef struct _pitem *piterator;
|
||||
|
||||
|
||||
/* Creating and freeing queues. */
|
||||
|
||||
/* pqueue_new allocates a fresh, empty priority queue object and returns it, or
|
||||
* NULL on error. */
|
||||
OPENSSL_EXPORT pqueue pqueue_new(void);
|
||||
|
||||
/* pqueue_free frees |pq| but not any of the items it points to. Thus |pq| must
|
||||
* be empty or a memory leak will occur. */
|
||||
OPENSSL_EXPORT void pqueue_free(pqueue pq);
|
||||
|
||||
|
||||
/* Creating and freeing items. */
|
||||
|
||||
/* pitem_new allocates a fresh priority queue item that points at |data| and
|
||||
* has a priority given by |prio64be|, which is a 64-bit, unsigned number
|
||||
* expressed in big-endian form. It returns the fresh item, or NULL on
|
||||
* error. */
|
||||
OPENSSL_EXPORT pitem *pitem_new(uint8_t prio64be[8], void *data);
|
||||
|
||||
/* pitem_free frees |item|, but not any data that it points to. */
|
||||
OPENSSL_EXPORT void pitem_free(pitem *item);
|
||||
|
||||
|
||||
/* Queue accessor functions */
|
||||
|
||||
/* pqueue_peek returns the item with the smallest priority from |pq|, or NULL
|
||||
* if empty. */
|
||||
OPENSSL_EXPORT pitem *pqueue_peek(pqueue pq);
|
||||
|
||||
/* pqueue_find returns the item whose priority matches |prio64be| or NULL if no
|
||||
* such item exists. */
|
||||
OPENSSL_EXPORT pitem *pqueue_find(pqueue pq, uint8_t *prio64be);
|
||||
|
||||
|
||||
/* Queue mutation functions */
|
||||
|
||||
/* pqueue_insert inserts |item| into |pq| and returns item. */
|
||||
OPENSSL_EXPORT pitem *pqueue_insert(pqueue pq, pitem *item);
|
||||
|
||||
/* pqueue_pop takes the item with the least priority from |pq| and returns it,
|
||||
* or NULL if |pq| is empty. */
|
||||
OPENSSL_EXPORT pitem *pqueue_pop(pqueue pq);
|
||||
|
||||
/* pqueue_size returns the number of items in |pq|. */
|
||||
OPENSSL_EXPORT size_t pqueue_size(pqueue pq);
|
||||
|
||||
|
||||
/* Iterating */
|
||||
|
||||
/* pqueue_iterator returns an iterator that can be used to iterate over the
|
||||
* contents of the queue. */
|
||||
OPENSSL_EXPORT piterator pqueue_iterator(pqueue pq);
|
||||
|
||||
/* pqueue_next returns the current value of |iter| and advances it to the next
|
||||
* position. If the iterator has advanced over all the elements, it returns
|
||||
* NULL. */
|
||||
OPENSSL_EXPORT pitem *pqueue_next(piterator *iter);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_PQUEUE_H */
|
|
@ -0,0 +1,61 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_RAND_H
|
||||
#define OPENSSL_HEADER_RAND_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Random number generation. */
|
||||
|
||||
|
||||
/* RAND_bytes writes |len| bytes of random data to |buf| and returns one. */
|
||||
OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len);
|
||||
|
||||
/* RAND_cleanup frees any resources used by the RNG. This is not safe if other
|
||||
* threads might still be calling |RAND_bytes|. */
|
||||
OPENSSL_EXPORT void RAND_cleanup(void);
|
||||
|
||||
|
||||
/* Deprecated functions */
|
||||
|
||||
/* RAND_pseudo_bytes is a wrapper around |RAND_bytes|. */
|
||||
OPENSSL_EXPORT int RAND_pseudo_bytes(uint8_t *buf, size_t len);
|
||||
|
||||
/* RAND_seed does nothing. */
|
||||
OPENSSL_EXPORT void RAND_seed(const void *buf, int num);
|
||||
|
||||
/* RAND_load_file returns a nonnegative number. */
|
||||
OPENSSL_EXPORT int RAND_load_file(const char *path, long num);
|
||||
|
||||
/* RAND_add does nothing. */
|
||||
OPENSSL_EXPORT void RAND_add(const void *buf, int num, double entropy);
|
||||
|
||||
/* RAND_poll returns one. */
|
||||
OPENSSL_EXPORT int RAND_poll(void);
|
||||
|
||||
/* RAND_status returns one. */
|
||||
OPENSSL_EXPORT int RAND_status(void);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_RAND_H */
|
|
@ -0,0 +1,90 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_RC4_H
|
||||
#define OPENSSL_HEADER_RC4_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* RC4. */
|
||||
|
||||
|
||||
struct rc4_key_st {
|
||||
uint32_t x, y;
|
||||
uint32_t data[256];
|
||||
} /* RC4_KEY */;
|
||||
|
||||
/* RC4_set_key performs an RC4 key schedule and initialises |rc4key| with |len|
|
||||
* bytes of key material from |key|. */
|
||||
OPENSSL_EXPORT void RC4_set_key(RC4_KEY *rc4key, unsigned len,
|
||||
const uint8_t *key);
|
||||
|
||||
/* RC4 encrypts (or decrypts, it's the same with RC4) |len| bytes from |in| to
|
||||
* |out|. */
|
||||
OPENSSL_EXPORT void RC4(RC4_KEY *key, size_t len, const uint8_t *in,
|
||||
uint8_t *out);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_RC4_H */
|
|
@ -0,0 +1,575 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_RSA_H
|
||||
#define OPENSSL_HEADER_RSA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/ex_data.h>
|
||||
#include <openssl/thread.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* rsa.h contains functions for handling encryption and signature using RSA. */
|
||||
|
||||
|
||||
/* Allocation and destruction. */
|
||||
|
||||
/* RSA_new returns a new, empty RSA object or NULL on error. */
|
||||
OPENSSL_EXPORT RSA *RSA_new(void);
|
||||
|
||||
/* RSA_new_method acts the same as |RSA_new| but takes an explicit |ENGINE|. */
|
||||
OPENSSL_EXPORT RSA *RSA_new_method(const ENGINE *engine);
|
||||
|
||||
/* RSA_free decrements the reference count of |rsa| and frees it if the
|
||||
* reference count drops to zero. */
|
||||
OPENSSL_EXPORT void RSA_free(RSA *rsa);
|
||||
|
||||
/* RSA_up_ref increments the reference count of |rsa|. */
|
||||
OPENSSL_EXPORT int RSA_up_ref(RSA *rsa);
|
||||
|
||||
|
||||
/* Key generation. */
|
||||
|
||||
/* RSA_generate_key_ex generates a new RSA key where the modulus has size
|
||||
* |bits| and the public exponent is |e|. If unsure, |RSA_F4| is a good value
|
||||
* for |e|. If |cb| is not NULL then it is called during the key generation
|
||||
* process. In addition to the calls documented for |BN_generate_prime_ex|, it
|
||||
* is called with event=2 when the n'th prime is rejected as unsuitable and
|
||||
* with event=3 when a suitable value for |p| is found.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
|
||||
BN_GENCB *cb);
|
||||
|
||||
|
||||
/* Encryption / Decryption */
|
||||
|
||||
/* Padding types for encryption. */
|
||||
#define RSA_PKCS1_PADDING 1
|
||||
#define RSA_NO_PADDING 3
|
||||
#define RSA_PKCS1_OAEP_PADDING 4
|
||||
/* RSA_PKCS1_PSS_PADDING can only be used via the EVP interface. */
|
||||
#define RSA_PKCS1_PSS_PADDING 6
|
||||
|
||||
/* RSA_encrypt encrypts |in_len| bytes from |in| to the public key from |rsa|
|
||||
* and writes, at most, |max_out| bytes of encrypted data to |out|. The
|
||||
* |max_out| argument must be, at least, |RSA_size| in order to ensure success.
|
||||
*
|
||||
* It returns 1 on success or zero on error.
|
||||
*
|
||||
* The |padding| argument must be one of the |RSA_*_PADDING| values. If in
|
||||
* doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_OAEP_PADDING|
|
||||
* is the most secure. */
|
||||
OPENSSL_EXPORT int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out,
|
||||
size_t max_out, const uint8_t *in, size_t in_len,
|
||||
int padding);
|
||||
|
||||
/* RSA_decrypt decrypts |in_len| bytes from |in| with the private key from
|
||||
* |rsa| and writes, at most, |max_out| bytes of plaintext to |out|. The
|
||||
* |max_out| argument must be, at least, |RSA_size| in order to ensure success.
|
||||
*
|
||||
* It returns 1 on success or zero on error.
|
||||
*
|
||||
* The |padding| argument must be one of the |RSA_*_PADDING| values. If in
|
||||
* doubt, |RSA_PKCS1_PADDING| is the most common but |RSA_PKCS1_OAEP_PADDING|
|
||||
* is the most secure. */
|
||||
OPENSSL_EXPORT int RSA_decrypt(RSA *rsa, size_t *out_len, uint8_t *out,
|
||||
size_t max_out, const uint8_t *in, size_t in_len,
|
||||
int padding);
|
||||
|
||||
/* RSA_public_encrypt encrypts |flen| bytes from |from| to the public key in
|
||||
* |rsa| and writes the encrypted data to |to|. The |to| buffer must have at
|
||||
* least |RSA_size| bytes of space. It returns the number of bytes written, or
|
||||
* -1 on error. The |padding| argument must be one of the |RSA_*_PADDING|
|
||||
* values. If in doubt, |RSA_PKCS1_PADDING| is the most common but
|
||||
* |RSA_PKCS1_OAEP_PADDING| is the most secure.
|
||||
*
|
||||
* WARNING: this function is dangerous because it breaks the usual return value
|
||||
* convention. Use |RSA_encrypt| instead. */
|
||||
OPENSSL_EXPORT int RSA_public_encrypt(int flen, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa, int padding);
|
||||
|
||||
/* RSA_private_decrypt decrypts |flen| bytes from |from| with the public key in
|
||||
* |rsa| and writes the plaintext to |to|. The |to| buffer must have at
|
||||
* least |RSA_size| bytes of space. It returns the number of bytes written, or
|
||||
* -1 on error. The |padding| argument must be one of the |RSA_*_PADDING|
|
||||
* values. If in doubt, |RSA_PKCS1_PADDING| is the most common but
|
||||
* |RSA_PKCS1_OAEP_PADDING| is the most secure.
|
||||
*
|
||||
* WARNING: this function is dangerous because it breaks the usual return value
|
||||
* convention. Use |RSA_decrypt| instead. */
|
||||
OPENSSL_EXPORT int RSA_private_decrypt(int flen, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa, int padding);
|
||||
|
||||
/* RSA_message_index_PKCS1_type_2 performs the first step of a PKCS #1 padding
|
||||
* check for decryption. If the |from_len| bytes pointed to at |from| are a
|
||||
* valid PKCS #1 message, it returns one and sets |*out_index| to the start of
|
||||
* the unpadded message. The unpadded message is a suffix of the input and has
|
||||
* length |from_len - *out_index|. Otherwise, it returns zero and sets
|
||||
* |*out_index| to zero. This function runs in time independent of the input
|
||||
* data and is intended to be used directly to avoid Bleichenbacher's attack.
|
||||
*
|
||||
* WARNING: This function behaves differently from the usual OpenSSL convention
|
||||
* in that it does NOT put an error on the queue in the error case. */
|
||||
OPENSSL_EXPORT int RSA_message_index_PKCS1_type_2(const uint8_t *from,
|
||||
size_t from_len,
|
||||
size_t *out_index);
|
||||
|
||||
|
||||
/* Signing / Verification */
|
||||
|
||||
/* RSA_sign signs |in_len| bytes of digest from |in| with |rsa| and writes, at
|
||||
* most, |RSA_size(rsa)| bytes to |out|. On successful return, the actual
|
||||
* number of bytes written is written to |*out_len|.
|
||||
*
|
||||
* The |hash_nid| argument identifies the hash function used to calculate |in|
|
||||
* and is embedded in the resulting signature. For example, it might be
|
||||
* |NID_sha256|.
|
||||
*
|
||||
* It returns 1 on success and zero on error. */
|
||||
OPENSSL_EXPORT int RSA_sign(int hash_nid, const uint8_t *in,
|
||||
unsigned int in_len, uint8_t *out,
|
||||
unsigned int *out_len, RSA *rsa);
|
||||
|
||||
/* RSA_sign_raw signs |in_len| bytes from |in| with the public key from |rsa|
|
||||
* and writes, at most, |max_out| bytes of signature data to |out|. The
|
||||
* |max_out| argument must be, at least, |RSA_size| in order to ensure success.
|
||||
*
|
||||
* It returns 1 on success or zero on error.
|
||||
*
|
||||
* The |padding| argument must be one of the |RSA_*_PADDING| values. If in
|
||||
* doubt, |RSA_PKCS1_PADDING| is the most common. */
|
||||
OPENSSL_EXPORT int RSA_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out,
|
||||
size_t max_out, const uint8_t *in,
|
||||
size_t in_len, int padding);
|
||||
|
||||
/* RSA_verify verifies that |sig_len| bytes from |sig| are a valid, PKCS#1
|
||||
* signature of |msg_len| bytes at |msg| by |rsa|.
|
||||
*
|
||||
* The |hash_nid| argument identifies the hash function used to calculate |in|
|
||||
* and is embedded in the resulting signature in order to prevent hash
|
||||
* confusion attacks. For example, it might be |NID_sha256|.
|
||||
*
|
||||
* It returns one if the signature is valid and zero otherwise.
|
||||
*
|
||||
* WARNING: this differs from the original, OpenSSL function which additionally
|
||||
* returned -1 on error. */
|
||||
OPENSSL_EXPORT int RSA_verify(int hash_nid, const uint8_t *msg, size_t msg_len,
|
||||
const uint8_t *sig, size_t sig_len, RSA *rsa);
|
||||
|
||||
/* RSA_verify_raw verifies |in_len| bytes of signature from |in| using the
|
||||
* public key from |rsa| and writes, at most, |max_out| bytes of plaintext to
|
||||
* |out|. The |max_out| argument must be, at least, |RSA_size| in order to
|
||||
* ensure success.
|
||||
*
|
||||
* It returns 1 on success or zero on error.
|
||||
*
|
||||
* The |padding| argument must be one of the |RSA_*_PADDING| values. If in
|
||||
* doubt, |RSA_PKCS1_PADDING| is the most common. */
|
||||
OPENSSL_EXPORT int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out,
|
||||
size_t max_out, const uint8_t *in,
|
||||
size_t in_len, int padding);
|
||||
|
||||
/* RSA_private_encrypt encrypts |flen| bytes from |from| with the private key in
|
||||
* |rsa| and writes the encrypted data to |to|. The |to| buffer must have at
|
||||
* least |RSA_size| bytes of space. It returns the number of bytes written, or
|
||||
* -1 on error. The |padding| argument must be one of the |RSA_*_PADDING|
|
||||
* values. If in doubt, |RSA_PKCS1_PADDING| is the most common.
|
||||
*
|
||||
* WARNING: this function is dangerous because it breaks the usual return value
|
||||
* convention. Use |RSA_sign_raw| instead. */
|
||||
OPENSSL_EXPORT int RSA_private_encrypt(int flen, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa, int padding);
|
||||
|
||||
/* RSA_private_encrypt verifies |flen| bytes of signature from |from| using the
|
||||
* public key in |rsa| and writes the plaintext to |to|. The |to| buffer must
|
||||
* have at least |RSA_size| bytes of space. It returns the number of bytes
|
||||
* written, or -1 on error. The |padding| argument must be one of the
|
||||
* |RSA_*_PADDING| values. If in doubt, |RSA_PKCS1_PADDING| is the most common.
|
||||
*
|
||||
* WARNING: this function is dangerous because it breaks the usual return value
|
||||
* convention. Use |RSA_verify_raw| instead. */
|
||||
OPENSSL_EXPORT int RSA_public_decrypt(int flen, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa, int padding);
|
||||
|
||||
|
||||
/* Utility functions. */
|
||||
|
||||
/* RSA_size returns the number of bytes in the modulus, which is also the size
|
||||
* of a signature or encrypted value using |rsa|. */
|
||||
OPENSSL_EXPORT unsigned RSA_size(const RSA *rsa);
|
||||
|
||||
/* RSA_is_opaque returns one if |rsa| is opaque and doesn't expose its key
|
||||
* material. Otherwise it returns zero. */
|
||||
OPENSSL_EXPORT int RSA_is_opaque(const RSA *rsa);
|
||||
|
||||
/* RSA_supports_digest returns one if |rsa| supports signing digests
|
||||
* of type |md|. Otherwise it returns zero. */
|
||||
OPENSSL_EXPORT int RSA_supports_digest(const RSA *rsa, const EVP_MD *md);
|
||||
|
||||
/* RSAPublicKey_dup allocates a fresh |RSA| and copies the private key from
|
||||
* |rsa| into it. It returns the fresh |RSA| object, or NULL on error. */
|
||||
OPENSSL_EXPORT RSA *RSAPublicKey_dup(const RSA *rsa);
|
||||
|
||||
/* RSAPrivateKey_dup allocates a fresh |RSA| and copies the private key from
|
||||
* |rsa| into it. It returns the fresh |RSA| object, or NULL on error. */
|
||||
OPENSSL_EXPORT RSA *RSAPrivateKey_dup(const RSA *rsa);
|
||||
|
||||
/* RSA_check_key performs basic validatity tests on |rsa|. It returns one if
|
||||
* they pass and zero otherwise. Opaque keys and public keys always pass. If it
|
||||
* returns zero then a more detailed error is available on the error queue. */
|
||||
OPENSSL_EXPORT int RSA_check_key(const RSA *rsa);
|
||||
|
||||
/* RSA_recover_crt_params uses |rsa->n|, |rsa->d| and |rsa->e| in order to
|
||||
* calculate the two primes used and thus the precomputed, CRT values. These
|
||||
* values are set in the |p|, |q|, |dmp1|, |dmq1| and |iqmp| members of |rsa|,
|
||||
* which must be |NULL| on entry. It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int RSA_recover_crt_params(RSA *rsa);
|
||||
|
||||
/* RSA_verify_PKCS1_PSS_mgf1 verifies that |EM| is a correct PSS padding of
|
||||
* |mHash|, where |mHash| is a digest produced by |Hash|. |EM| must point to
|
||||
* exactly |RSA_size(rsa)| bytes of data. The |mgf1Hash| argument specifies the
|
||||
* hash function for generating the mask. If NULL, |Hash| is used. The |sLen|
|
||||
* argument specifies the expected salt length in bytes. If |sLen| is -1 then
|
||||
* the salt length is the same as the hash length. If -2, then the salt length
|
||||
* is maximal and is taken from the size of |EM|.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash,
|
||||
const EVP_MD *Hash,
|
||||
const EVP_MD *mgf1Hash,
|
||||
const uint8_t *EM, int sLen);
|
||||
|
||||
/* RSA_padding_add_PKCS1_PSS_mgf1 writes a PSS padding of |mHash| to |EM|,
|
||||
* where |mHash| is a digest produced by |Hash|. |RSA_size(rsa)| bytes of
|
||||
* output will be written to |EM|. The |mgf1Hash| argument specifies the hash
|
||||
* function for generating the mask. If NULL, |Hash| is used. The |sLen|
|
||||
* argument specifies the expected salt length in bytes. If |sLen| is -1 then
|
||||
* the salt length is the same as the hash length. If -2, then the salt length
|
||||
* is maximal given the space in |EM|.
|
||||
*
|
||||
* It returns one on success or zero on error. */
|
||||
OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM,
|
||||
const uint8_t *mHash,
|
||||
const EVP_MD *Hash,
|
||||
const EVP_MD *mgf1Hash,
|
||||
int sLen);
|
||||
|
||||
|
||||
/* ASN.1 functions. */
|
||||
|
||||
/* d2i_RSAPublicKey parses an ASN.1, DER-encoded, RSA public key from |len|
|
||||
* bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
|
||||
* is in |*out|. If |*out| is already non-NULL on entry then the result is
|
||||
* written directly into |*out|, otherwise a fresh |RSA| is allocated. On
|
||||
* successful exit, |*inp| is advanced past the DER structure. It returns the
|
||||
* result or NULL on error. */
|
||||
OPENSSL_EXPORT RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len);
|
||||
|
||||
/* i2d_RSAPublicKey marshals |in| to an ASN.1, DER structure. If |outp| is not
|
||||
* NULL then the result is written to |*outp| and |*outp| is advanced just past
|
||||
* the output. It returns the number of bytes in the result, whether written or
|
||||
* not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_RSAPublicKey(const RSA *in, uint8_t **outp);
|
||||
|
||||
/* d2i_RSAPrivateKey parses an ASN.1, DER-encoded, RSA private key from |len|
|
||||
* bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
|
||||
* is in |*out|. If |*out| is already non-NULL on entry then the result is
|
||||
* written directly into |*out|, otherwise a fresh |RSA| is allocated. On
|
||||
* successful exit, |*inp| is advanced past the DER structure. It returns the
|
||||
* result or NULL on error. */
|
||||
OPENSSL_EXPORT RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len);
|
||||
|
||||
/* i2d_RSAPrivateKey marshals |in| to an ASN.1, DER structure. If |outp| is not
|
||||
* NULL then the result is written to |*outp| and |*outp| is advanced just past
|
||||
* the output. It returns the number of bytes in the result, whether written or
|
||||
* not, or a negative value on error. */
|
||||
OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp);
|
||||
|
||||
|
||||
/* ex_data functions.
|
||||
*
|
||||
* See |ex_data.h| for details. */
|
||||
|
||||
OPENSSL_EXPORT int RSA_get_ex_new_index(long argl, void *argp,
|
||||
CRYPTO_EX_new *new_func,
|
||||
CRYPTO_EX_dup *dup_func,
|
||||
CRYPTO_EX_free *free_func);
|
||||
OPENSSL_EXPORT int RSA_set_ex_data(RSA *r, int idx, void *arg);
|
||||
OPENSSL_EXPORT void *RSA_get_ex_data(const RSA *r, int idx);
|
||||
|
||||
/* RSA_FLAG_OPAQUE specifies that this RSA_METHOD does not expose its key
|
||||
* material. This may be set if, for instance, it is wrapping some other crypto
|
||||
* API, like a platform key store. */
|
||||
#define RSA_FLAG_OPAQUE 1
|
||||
|
||||
/* RSA_FLAG_CACHE_PUBLIC causes a precomputed Montgomery context to be created,
|
||||
* on demand, for the public key operations. */
|
||||
#define RSA_FLAG_CACHE_PUBLIC 2
|
||||
|
||||
/* RSA_FLAG_CACHE_PRIVATE causes a precomputed Montgomery context to be
|
||||
* created, on demand, for the private key operations. */
|
||||
#define RSA_FLAG_CACHE_PRIVATE 4
|
||||
|
||||
/* RSA_FLAG_NO_BLINDING disables blinding of private operations. */
|
||||
#define RSA_FLAG_NO_BLINDING 8
|
||||
|
||||
/* RSA_FLAG_EXT_PKEY means that private key operations will be handled by
|
||||
* |mod_exp| and that they do not depend on the private key components being
|
||||
* present: for example a key stored in external hardware. */
|
||||
#define RSA_FLAG_EXT_PKEY 0x20
|
||||
|
||||
/* RSA_FLAG_SIGN_VER causes the |sign| and |verify| functions of |rsa_meth_st|
|
||||
* to be called when set. */
|
||||
#define RSA_FLAG_SIGN_VER 0x40
|
||||
|
||||
|
||||
/* RSA public exponent values. */
|
||||
|
||||
#define RSA_3 0x3
|
||||
#define RSA_F4 0x10001
|
||||
|
||||
|
||||
/* Deprecated functions. */
|
||||
|
||||
/* RSA_blinding_on returns one. */
|
||||
OPENSSL_EXPORT int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
|
||||
|
||||
|
||||
struct rsa_meth_st {
|
||||
struct openssl_method_common_st common;
|
||||
|
||||
void *app_data;
|
||||
|
||||
int (*init)(RSA *rsa);
|
||||
int (*finish)(RSA *rsa);
|
||||
|
||||
/* size returns the size of the RSA modulus in bytes. */
|
||||
size_t (*size)(const RSA *rsa);
|
||||
|
||||
int (*sign)(int type, const uint8_t *m, unsigned int m_length,
|
||||
uint8_t *sigret, unsigned int *siglen, const RSA *rsa);
|
||||
|
||||
int (*verify)(int dtype, const uint8_t *m, unsigned int m_length,
|
||||
const uint8_t *sigbuf, unsigned int siglen, const RSA *rsa);
|
||||
|
||||
|
||||
/* These functions mirror the |RSA_*| functions of the same name. */
|
||||
int (*encrypt)(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
||||
const uint8_t *in, size_t in_len, int padding);
|
||||
int (*sign_raw)(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
||||
const uint8_t *in, size_t in_len, int padding);
|
||||
|
||||
int (*decrypt)(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
||||
const uint8_t *in, size_t in_len, int padding);
|
||||
int (*verify_raw)(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
||||
const uint8_t *in, size_t in_len, int padding);
|
||||
|
||||
/* private_transform takes a big-endian integer from |in|, calculates the
|
||||
* d'th power of it, modulo the RSA modulus and writes the result as a
|
||||
* big-endian integer to |out|. Both |in| and |out| are |len| bytes long and
|
||||
* |len| is always equal to |RSA_size(rsa)|. If the result of the transform
|
||||
* can be represented in fewer than |len| bytes, then |out| must be zero
|
||||
* padded on the left.
|
||||
*
|
||||
* It returns one on success and zero otherwise.
|
||||
*
|
||||
* RSA decrypt and sign operations will call this, thus an ENGINE might wish
|
||||
* to override it in order to avoid having to implement the padding
|
||||
* functionality demanded by those, higher level, operations. */
|
||||
int (*private_transform)(RSA *rsa, uint8_t *out, const uint8_t *in,
|
||||
size_t len);
|
||||
|
||||
int (*mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
|
||||
BN_CTX *ctx); /* Can be null */
|
||||
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx,
|
||||
BN_MONT_CTX *m_ctx);
|
||||
|
||||
int flags;
|
||||
|
||||
int (*keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
|
||||
|
||||
/* supports_digest returns one if |rsa| supports digests of type
|
||||
* |md|. If null, it is assumed that all digests are supported. */
|
||||
int (*supports_digest)(const RSA *rsa, const EVP_MD *md);
|
||||
};
|
||||
|
||||
|
||||
/* Private functions. */
|
||||
|
||||
typedef struct bn_blinding_st BN_BLINDING;
|
||||
|
||||
struct rsa_st {
|
||||
/* version is only used during ASN.1 (de)serialisation. */
|
||||
long version;
|
||||
RSA_METHOD *meth;
|
||||
|
||||
BIGNUM *n;
|
||||
BIGNUM *e;
|
||||
BIGNUM *d;
|
||||
BIGNUM *p;
|
||||
BIGNUM *q;
|
||||
BIGNUM *dmp1;
|
||||
BIGNUM *dmq1;
|
||||
BIGNUM *iqmp;
|
||||
/* be careful using this if the RSA structure is shared */
|
||||
CRYPTO_EX_DATA ex_data;
|
||||
CRYPTO_refcount_t references;
|
||||
int flags;
|
||||
|
||||
CRYPTO_MUTEX lock;
|
||||
|
||||
/* Used to cache montgomery values. The creation of these values is protected
|
||||
* by |lock|. */
|
||||
BN_MONT_CTX *_method_mod_n;
|
||||
BN_MONT_CTX *_method_mod_p;
|
||||
BN_MONT_CTX *_method_mod_q;
|
||||
|
||||
/* num_blindings contains the size of the |blindings| and |blindings_inuse|
|
||||
* arrays. This member and the |blindings_inuse| array are protected by
|
||||
* |lock|. */
|
||||
unsigned num_blindings;
|
||||
/* blindings is an array of BN_BLINDING structures that can be reserved by a
|
||||
* thread by locking |lock| and changing the corresponding element in
|
||||
* |blindings_inuse| from 0 to 1. */
|
||||
BN_BLINDING **blindings;
|
||||
unsigned char *blindings_inuse;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#define RSA_F_BN_BLINDING_convert_ex 100
|
||||
#define RSA_F_BN_BLINDING_create_param 101
|
||||
#define RSA_F_BN_BLINDING_invert_ex 102
|
||||
#define RSA_F_BN_BLINDING_new 103
|
||||
#define RSA_F_BN_BLINDING_update 104
|
||||
#define RSA_F_RSA_check_key 105
|
||||
#define RSA_F_RSA_new_method 106
|
||||
#define RSA_F_RSA_padding_add_PKCS1_OAEP_mgf1 107
|
||||
#define RSA_F_RSA_padding_add_PKCS1_PSS_mgf1 108
|
||||
#define RSA_F_RSA_padding_add_PKCS1_type_1 109
|
||||
#define RSA_F_RSA_padding_add_PKCS1_type_2 110
|
||||
#define RSA_F_RSA_padding_add_none 111
|
||||
#define RSA_F_RSA_padding_check_PKCS1_OAEP_mgf1 112
|
||||
#define RSA_F_RSA_padding_check_PKCS1_type_1 113
|
||||
#define RSA_F_RSA_padding_check_PKCS1_type_2 114
|
||||
#define RSA_F_RSA_padding_check_none 115
|
||||
#define RSA_F_RSA_recover_crt_params 116
|
||||
#define RSA_F_RSA_sign 117
|
||||
#define RSA_F_RSA_verify 118
|
||||
#define RSA_F_RSA_verify_PKCS1_PSS_mgf1 119
|
||||
#define RSA_F_decrypt 120
|
||||
#define RSA_F_encrypt 121
|
||||
#define RSA_F_keygen 122
|
||||
#define RSA_F_pkcs1_prefixed_msg 123
|
||||
#define RSA_F_private_transform 124
|
||||
#define RSA_F_rsa_setup_blinding 125
|
||||
#define RSA_F_sign_raw 126
|
||||
#define RSA_F_verify_raw 127
|
||||
#define RSA_R_BAD_E_VALUE 100
|
||||
#define RSA_R_BAD_FIXED_HEADER_DECRYPT 101
|
||||
#define RSA_R_BAD_PAD_BYTE_COUNT 102
|
||||
#define RSA_R_BAD_RSA_PARAMETERS 103
|
||||
#define RSA_R_BAD_SIGNATURE 104
|
||||
#define RSA_R_BLOCK_TYPE_IS_NOT_01 105
|
||||
#define RSA_R_BN_NOT_INITIALIZED 106
|
||||
#define RSA_R_CRT_PARAMS_ALREADY_GIVEN 107
|
||||
#define RSA_R_CRT_VALUES_INCORRECT 108
|
||||
#define RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN 109
|
||||
#define RSA_R_DATA_TOO_LARGE 110
|
||||
#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 111
|
||||
#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 112
|
||||
#define RSA_R_DATA_TOO_SMALL 113
|
||||
#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 114
|
||||
#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 115
|
||||
#define RSA_R_D_E_NOT_CONGRUENT_TO_1 116
|
||||
#define RSA_R_EMPTY_PUBLIC_KEY 117
|
||||
#define RSA_R_FIRST_OCTET_INVALID 118
|
||||
#define RSA_R_INCONSISTENT_SET_OF_CRT_VALUES 119
|
||||
#define RSA_R_INTERNAL_ERROR 120
|
||||
#define RSA_R_INVALID_MESSAGE_LENGTH 121
|
||||
#define RSA_R_KEY_SIZE_TOO_SMALL 122
|
||||
#define RSA_R_LAST_OCTET_INVALID 123
|
||||
#define RSA_R_MODULUS_TOO_LARGE 124
|
||||
#define RSA_R_NO_PUBLIC_EXPONENT 125
|
||||
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 126
|
||||
#define RSA_R_N_NOT_EQUAL_P_Q 127
|
||||
#define RSA_R_OAEP_DECODING_ERROR 128
|
||||
#define RSA_R_ONLY_ONE_OF_P_Q_GIVEN 129
|
||||
#define RSA_R_OUTPUT_BUFFER_TOO_SMALL 130
|
||||
#define RSA_R_PADDING_CHECK_FAILED 131
|
||||
#define RSA_R_PKCS_DECODING_ERROR 132
|
||||
#define RSA_R_SLEN_CHECK_FAILED 133
|
||||
#define RSA_R_SLEN_RECOVERY_FAILED 134
|
||||
#define RSA_R_TOO_LONG 135
|
||||
#define RSA_R_TOO_MANY_ITERATIONS 136
|
||||
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 137
|
||||
#define RSA_R_UNKNOWN_PADDING_TYPE 138
|
||||
#define RSA_R_VALUE_MISSING 139
|
||||
#define RSA_R_WRONG_SIGNATURE_LENGTH 140
|
||||
|
||||
#endif /* OPENSSL_HEADER_RSA_H */
|
|
@ -0,0 +1,16 @@
|
|||
/* Copyright (c) 2014, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
|
@ -0,0 +1,241 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_SHA_H
|
||||
#define OPENSSL_HEADER_SHA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* The SHA family of hash functions (SHA-1 and SHA-2). */
|
||||
|
||||
|
||||
/* SHA_CBLOCK is the block size of SHA-1. */
|
||||
#define SHA_CBLOCK 64
|
||||
|
||||
/* SHA_DIGEST_LENGTH is the length of a SHA-1 digest. */
|
||||
#define SHA_DIGEST_LENGTH 20
|
||||
|
||||
/* TODO(fork): remove */
|
||||
#define SHA_LBLOCK 16
|
||||
#define SHA_LONG uint32_t
|
||||
|
||||
/* SHA1_Init initialises |sha| and returns one. */
|
||||
OPENSSL_EXPORT int SHA1_Init(SHA_CTX *sha);
|
||||
|
||||
/* SHA1_Update adds |len| bytes from |data| to |sha| and returns one. */
|
||||
OPENSSL_EXPORT int SHA1_Update(SHA_CTX *sha, const void *data, size_t len);
|
||||
|
||||
/* SHA1_Final adds the final padding to |sha| and writes the resulting digest
|
||||
* to |md|, which must have at least |SHA_DIGEST_LENGTH| bytes of space. It
|
||||
* returns one. */
|
||||
OPENSSL_EXPORT int SHA1_Final(uint8_t *md, SHA_CTX *sha);
|
||||
|
||||
/* SHA1 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
* |out|. There must be at least |SHA_DIGEST_LENGTH| bytes of space in
|
||||
* |out|. */
|
||||
OPENSSL_EXPORT uint8_t *SHA1(const uint8_t *data, size_t len, uint8_t *out);
|
||||
|
||||
/* SHA1_Transform is a low-level function that performs a single, SHA-1 block
|
||||
* transformation using the state from |sha| and 64 bytes from |block|. */
|
||||
OPENSSL_EXPORT void SHA1_Transform(SHA_CTX *sha, const uint8_t *block);
|
||||
|
||||
struct sha_state_st {
|
||||
uint32_t h0, h1, h2, h3, h4;
|
||||
uint32_t Nl, Nh;
|
||||
uint32_t data[16];
|
||||
unsigned int num;
|
||||
};
|
||||
|
||||
|
||||
/* SHA-224. */
|
||||
|
||||
/* SHA224_CBLOCK is the block size of SHA-224. */
|
||||
#define SHA224_CBLOCK 64
|
||||
|
||||
/* SHA224_DIGEST_LENGTH is the length of a SHA-224 digest. */
|
||||
#define SHA224_DIGEST_LENGTH 28
|
||||
|
||||
/* SHA224_Init initialises |sha| and returns 1. */
|
||||
OPENSSL_EXPORT int SHA224_Init(SHA256_CTX *sha);
|
||||
|
||||
/* SHA224_Update adds |len| bytes from |data| to |sha| and returns 1. */
|
||||
OPENSSL_EXPORT int SHA224_Update(SHA256_CTX *sha, const void *data, size_t len);
|
||||
|
||||
/* SHA224_Final adds the final padding to |sha| and writes the resulting digest
|
||||
* to |md|, which must have at least |SHA224_DIGEST_LENGTH| bytes of space. It
|
||||
* returns one on success and zero on programmer error. */
|
||||
OPENSSL_EXPORT int SHA224_Final(uint8_t *md, SHA256_CTX *sha);
|
||||
|
||||
/* SHA224 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
* |out|. There must be at least |SHA224_DIGEST_LENGTH| bytes of space in
|
||||
* |out|. */
|
||||
OPENSSL_EXPORT uint8_t *SHA224(const uint8_t *data, size_t len, uint8_t *out);
|
||||
|
||||
|
||||
/* SHA-256. */
|
||||
|
||||
/* SHA256_CBLOCK is the block size of SHA-256. */
|
||||
#define SHA256_CBLOCK 64
|
||||
|
||||
/* SHA256_DIGEST_LENGTH is the length of a SHA-256 digest. */
|
||||
#define SHA256_DIGEST_LENGTH 32
|
||||
|
||||
/* SHA256_Init initialises |sha| and returns 1. */
|
||||
OPENSSL_EXPORT int SHA256_Init(SHA256_CTX *sha);
|
||||
|
||||
/* SHA256_Update adds |len| bytes from |data| to |sha| and returns 1. */
|
||||
OPENSSL_EXPORT int SHA256_Update(SHA256_CTX *sha, const void *data, size_t len);
|
||||
|
||||
/* SHA256_Final adds the final padding to |sha| and writes the resulting digest
|
||||
* to |md|, which must have at least |SHA256_DIGEST_LENGTH| bytes of space. It
|
||||
* returns one on success and zero on programmer error. */
|
||||
OPENSSL_EXPORT int SHA256_Final(uint8_t *md, SHA256_CTX *sha);
|
||||
|
||||
/* SHA256 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
* |out|. There must be at least |SHA256_DIGEST_LENGTH| bytes of space in
|
||||
* |out|. */
|
||||
OPENSSL_EXPORT uint8_t *SHA256(const uint8_t *data, size_t len, uint8_t *out);
|
||||
|
||||
/* SHA256_Transform is a low-level function that performs a single, SHA-1 block
|
||||
* transformation using the state from |sha| and 64 bytes from |block|. */
|
||||
OPENSSL_EXPORT void SHA256_Transform(SHA256_CTX *sha, const uint8_t *data);
|
||||
|
||||
struct sha256_state_st {
|
||||
uint32_t h[8];
|
||||
uint32_t Nl, Nh;
|
||||
uint32_t data[16];
|
||||
unsigned int num, md_len;
|
||||
};
|
||||
|
||||
|
||||
/* SHA-384. */
|
||||
|
||||
/* SHA384_CBLOCK is the block size of SHA-384. */
|
||||
#define SHA384_CBLOCK 128
|
||||
|
||||
/* SHA384_DIGEST_LENGTH is the length of a SHA-384 digest. */
|
||||
#define SHA384_DIGEST_LENGTH 48
|
||||
|
||||
/* SHA384_Init initialises |sha| and returns 1. */
|
||||
OPENSSL_EXPORT int SHA384_Init(SHA512_CTX *sha);
|
||||
|
||||
/* SHA384_Update adds |len| bytes from |data| to |sha| and returns 1. */
|
||||
OPENSSL_EXPORT int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len);
|
||||
|
||||
/* SHA384_Final adds the final padding to |sha| and writes the resulting digest
|
||||
* to |md|, which must have at least |SHA384_DIGEST_LENGTH| bytes of space. It
|
||||
* returns one on success and zero on programmer error. */
|
||||
OPENSSL_EXPORT int SHA384_Final(uint8_t *md, SHA512_CTX *sha);
|
||||
|
||||
/* SHA384 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
* |out|. There must be at least |SHA384_DIGEST_LENGTH| bytes of space in
|
||||
* |out|. */
|
||||
OPENSSL_EXPORT uint8_t *SHA384(const uint8_t *data, size_t len, uint8_t *out);
|
||||
|
||||
/* SHA384_Transform is a low-level function that performs a single, SHA-1 block
|
||||
* transformation using the state from |sha| and 64 bytes from |block|. */
|
||||
OPENSSL_EXPORT void SHA384_Transform(SHA512_CTX *sha, const uint8_t *data);
|
||||
|
||||
|
||||
/* SHA-512. */
|
||||
|
||||
/* SHA512_CBLOCK is the block size of SHA-512. */
|
||||
#define SHA512_CBLOCK 128
|
||||
|
||||
/* SHA512_DIGEST_LENGTH is the length of a SHA-512 digest. */
|
||||
#define SHA512_DIGEST_LENGTH 64
|
||||
|
||||
/* SHA512_Init initialises |sha| and returns 1. */
|
||||
OPENSSL_EXPORT int SHA512_Init(SHA512_CTX *sha);
|
||||
|
||||
/* SHA512_Update adds |len| bytes from |data| to |sha| and returns 1. */
|
||||
OPENSSL_EXPORT int SHA512_Update(SHA512_CTX *sha, const void *data, size_t len);
|
||||
|
||||
/* SHA512_Final adds the final padding to |sha| and writes the resulting digest
|
||||
* to |md|, which must have at least |SHA512_DIGEST_LENGTH| bytes of space. It
|
||||
* returns one on success and zero on programmer error. */
|
||||
OPENSSL_EXPORT int SHA512_Final(uint8_t *md, SHA512_CTX *sha);
|
||||
|
||||
/* SHA512 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
* |out|. There must be at least |SHA512_DIGEST_LENGTH| bytes of space in
|
||||
* |out|. */
|
||||
OPENSSL_EXPORT uint8_t *SHA512(const uint8_t *data, size_t len, uint8_t *out);
|
||||
|
||||
/* SHA512_Transform is a low-level function that performs a single, SHA-1 block
|
||||
* transformation using the state from |sha| and 64 bytes from |block|. */
|
||||
OPENSSL_EXPORT void SHA512_Transform(SHA512_CTX *sha, const uint8_t *data);
|
||||
|
||||
struct sha512_state_st {
|
||||
uint64_t h[8];
|
||||
uint64_t Nl, Nh;
|
||||
union {
|
||||
uint64_t d[16];
|
||||
uint8_t p[128];
|
||||
} u;
|
||||
unsigned int num, md_len;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_SHA_H */
|
|
@ -0,0 +1,178 @@
|
|||
/* ssl/tls1.h */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/*
|
||||
DTLS code by Eric Rescorla <ekr@rtfm.com>
|
||||
|
||||
Copyright (C) 2006, Network Resonance, Inc.
|
||||
Copyright (C) 2011, RTFM, Inc.
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_HEADER_SRTP_H
|
||||
#define OPENSSL_HEADER_SRTP_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Constants for SRTP profiles */
|
||||
#define SRTP_AES128_CM_SHA1_80 0x0001
|
||||
#define SRTP_AES128_CM_SHA1_32 0x0002
|
||||
#define SRTP_AES128_F8_SHA1_80 0x0003
|
||||
#define SRTP_AES128_F8_SHA1_32 0x0004
|
||||
#define SRTP_NULL_SHA1_80 0x0005
|
||||
#define SRTP_NULL_SHA1_32 0x0006
|
||||
|
||||
/* SSL_CTX_set_srtp_profiles enables SRTP for all SSL objects created from
|
||||
* |ctx|. |profile| contains a colon-separated list of profile names. It returns
|
||||
* one on success and zero on failure. */
|
||||
OPENSSL_EXPORT int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx,
|
||||
const char *profiles);
|
||||
|
||||
/* SSL_set_srtp_profiles enables SRTP for |ssl|. |profile| contains a
|
||||
* colon-separated list of profile names. It returns one on success and zero on
|
||||
* failure. */
|
||||
OPENSSL_EXPORT int SSL_set_srtp_profiles(SSL *ctx, const char *profiles);
|
||||
|
||||
/* SSL_get_srtp_profiles returns the SRTP profiles supported by |ssl|. */
|
||||
OPENSSL_EXPORT STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(
|
||||
SSL *ssl);
|
||||
|
||||
/* SSL_get_selected_srtp_profile returns the selected SRTP profile, or NULL if
|
||||
* SRTP was not negotiated. */
|
||||
OPENSSL_EXPORT const SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(
|
||||
SSL *s);
|
||||
|
||||
|
||||
/* Deprecated functions */
|
||||
|
||||
/* SSL_CTX_set_tlsext_use_srtp calls SSL_CTX_set_srtp_profiles. It returns zero
|
||||
* on success and one on failure.
|
||||
*
|
||||
* WARNING: this function is dangerous because it breaks the usual return value
|
||||
* convention. Use SSL_CTX_set_srtp_profiles instead. */
|
||||
OPENSSL_EXPORT int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,
|
||||
const char *profiles);
|
||||
|
||||
/* SSL_set_tlsext_use_srtp calls SSL_set_srtp_profiles. It returns zero on
|
||||
* success and one on failure.
|
||||
*
|
||||
* WARNING: this function is dangerous because it breaks the usual return value
|
||||
* convention. Use SSL_set_srtp_profiles instead. */
|
||||
OPENSSL_EXPORT int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_SRTP_H */
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,268 @@
|
|||
/* ssl/ssl2.h */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef HEADER_SSL2_H
|
||||
#define HEADER_SSL2_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Protocol Version Codes */
|
||||
#define SSL2_VERSION 0x0002
|
||||
#define SSL2_VERSION_MAJOR 0x00
|
||||
#define SSL2_VERSION_MINOR 0x02
|
||||
/* #define SSL2_CLIENT_VERSION 0x0002 */
|
||||
/* #define SSL2_SERVER_VERSION 0x0002 */
|
||||
|
||||
/* Protocol Message Codes */
|
||||
#define SSL2_MT_ERROR 0
|
||||
#define SSL2_MT_CLIENT_HELLO 1
|
||||
#define SSL2_MT_CLIENT_MASTER_KEY 2
|
||||
#define SSL2_MT_CLIENT_FINISHED 3
|
||||
#define SSL2_MT_SERVER_HELLO 4
|
||||
#define SSL2_MT_SERVER_VERIFY 5
|
||||
#define SSL2_MT_SERVER_FINISHED 6
|
||||
#define SSL2_MT_REQUEST_CERTIFICATE 7
|
||||
#define SSL2_MT_CLIENT_CERTIFICATE 8
|
||||
|
||||
/* Error Message Codes */
|
||||
#define SSL2_PE_UNDEFINED_ERROR 0x0000
|
||||
#define SSL2_PE_NO_CIPHER 0x0001
|
||||
#define SSL2_PE_NO_CERTIFICATE 0x0002
|
||||
#define SSL2_PE_BAD_CERTIFICATE 0x0004
|
||||
#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
|
||||
|
||||
/* Cipher Kind Values */
|
||||
#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
|
||||
#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
|
||||
#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
|
||||
#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
|
||||
#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
|
||||
#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
|
||||
#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
|
||||
#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
|
||||
#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
|
||||
#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
|
||||
#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
|
||||
|
||||
#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
|
||||
#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
|
||||
|
||||
#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
|
||||
#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
|
||||
#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
|
||||
#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
|
||||
#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
|
||||
#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
|
||||
#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
|
||||
#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
|
||||
#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
|
||||
#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
|
||||
#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
|
||||
#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
|
||||
|
||||
#define SSL2_TXT_NULL "NULL"
|
||||
|
||||
/* Flags for the SSL_CIPHER.algorithm2 field */
|
||||
#define SSL2_CF_5_BYTE_ENC 0x01
|
||||
#define SSL2_CF_8_BYTE_ENC 0x02
|
||||
|
||||
/* Certificate Type Codes */
|
||||
#define SSL2_CT_X509_CERTIFICATE 0x01
|
||||
|
||||
/* Authentication Type Code */
|
||||
#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
|
||||
|
||||
#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
|
||||
|
||||
/* Upper/Lower Bounds */
|
||||
#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
|
||||
#ifdef OPENSSL_SYS_MPE
|
||||
#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
|
||||
#else
|
||||
#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
|
||||
#endif
|
||||
#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
|
||||
|
||||
#define SSL2_CHALLENGE_LENGTH 16
|
||||
/*#define SSL2_CHALLENGE_LENGTH 32 */
|
||||
#define SSL2_MIN_CHALLENGE_LENGTH 16
|
||||
#define SSL2_MAX_CHALLENGE_LENGTH 32
|
||||
#define SSL2_CONNECTION_ID_LENGTH 16
|
||||
#define SSL2_MAX_CONNECTION_ID_LENGTH 16
|
||||
#define SSL2_SSL_SESSION_ID_LENGTH 16
|
||||
#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
|
||||
#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
|
||||
#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
|
||||
|
||||
#ifndef OPENSSL_NO_SSL_INTERN
|
||||
|
||||
typedef struct ssl2_state_st
|
||||
{
|
||||
int three_byte_header;
|
||||
int clear_text; /* clear text */
|
||||
int escape; /* not used in SSLv2 */
|
||||
int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */
|
||||
|
||||
/* non-blocking io info, used to make sure the same
|
||||
* args were passwd */
|
||||
unsigned int wnum; /* number of bytes sent so far */
|
||||
int wpend_tot;
|
||||
const unsigned char *wpend_buf;
|
||||
|
||||
int wpend_off; /* offset to data to write */
|
||||
int wpend_len; /* number of bytes passwd to write */
|
||||
int wpend_ret; /* number of bytes to return to caller */
|
||||
|
||||
/* buffer raw data */
|
||||
int rbuf_left;
|
||||
int rbuf_offs;
|
||||
unsigned char *rbuf;
|
||||
unsigned char *wbuf;
|
||||
|
||||
unsigned char *write_ptr;/* used to point to the start due to
|
||||
* 2/3 byte header. */
|
||||
|
||||
unsigned int padding;
|
||||
unsigned int rlength; /* passed to ssl2_enc */
|
||||
int ract_data_length; /* Set when things are encrypted. */
|
||||
unsigned int wlength; /* passed to ssl2_enc */
|
||||
int wact_data_length; /* Set when things are decrypted. */
|
||||
unsigned char *ract_data;
|
||||
unsigned char *wact_data;
|
||||
unsigned char *mac_data;
|
||||
|
||||
unsigned char *read_key;
|
||||
unsigned char *write_key;
|
||||
|
||||
/* Stuff specifically to do with this SSL session */
|
||||
unsigned int challenge_length;
|
||||
unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
|
||||
unsigned int conn_id_length;
|
||||
unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
|
||||
unsigned int key_material_length;
|
||||
unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
|
||||
|
||||
unsigned long read_sequence;
|
||||
unsigned long write_sequence;
|
||||
|
||||
struct {
|
||||
unsigned int conn_id_length;
|
||||
unsigned int cert_type;
|
||||
unsigned int cert_length;
|
||||
unsigned int csl;
|
||||
unsigned int clear;
|
||||
unsigned int enc;
|
||||
unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
|
||||
unsigned int cipher_spec_length;
|
||||
unsigned int session_id_length;
|
||||
unsigned int clen;
|
||||
unsigned int rlen;
|
||||
} tmp;
|
||||
} SSL2_STATE;
|
||||
|
||||
#endif
|
||||
|
||||
/* SSLv2 */
|
||||
/* client */
|
||||
#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT)
|
||||
#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT)
|
||||
/* server */
|
||||
#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT)
|
||||
#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT)
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
|
@ -0,0 +1,85 @@
|
|||
/* ssl/ssl23.h */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef HEADER_SSL23_H
|
||||
#define HEADER_SSL23_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/*client */
|
||||
/* write to server */
|
||||
#define SSL23_ST_CW_CLNT_HELLO_A (0x210 | SSL_ST_CONNECT)
|
||||
#define SSL23_ST_CW_CLNT_HELLO_B (0x211 | SSL_ST_CONNECT)
|
||||
/* read from server */
|
||||
#define SSL23_ST_CR_SRVR_HELLO_A (0x220 | SSL_ST_CONNECT)
|
||||
#define SSL23_ST_CR_SRVR_HELLO_B (0x221 | SSL_ST_CONNECT)
|
||||
|
||||
/* server */
|
||||
/* read from client */
|
||||
#define SSL23_ST_SR_CLNT_HELLO (0x210 | SSL_ST_ACCEPT)
|
||||
#define SSL23_ST_SR_V2_CLNT_HELLO (0x220 | SSL_ST_ACCEPT)
|
||||
#define SSL23_ST_SR_SWITCH_VERSION (0x230 | SSL_ST_ACCEPT)
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
#endif
|
|
@ -0,0 +1,681 @@
|
|||
/* ssl/ssl3.h */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
* ECC cipher suite support in OpenSSL originally developed by
|
||||
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
|
||||
*/
|
||||
|
||||
#ifndef HEADER_SSL3_H
|
||||
#define HEADER_SSL3_H
|
||||
|
||||
#include <openssl/aead.h>
|
||||
#include <openssl/buf.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/type_check.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Signalling cipher suite value: from RFC5746 */
|
||||
#define SSL3_CK_SCSV 0x030000FF
|
||||
/* Fallback signalling cipher suite value: not IANA assigned.
|
||||
* See https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01 */
|
||||
#define SSL3_CK_FALLBACK_SCSV 0x03005600
|
||||
|
||||
#define SSL3_CK_RSA_NULL_MD5 0x03000001
|
||||
#define SSL3_CK_RSA_NULL_SHA 0x03000002
|
||||
#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
|
||||
#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
|
||||
#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
|
||||
#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
|
||||
#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
|
||||
#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
|
||||
#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
|
||||
#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
|
||||
|
||||
#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
|
||||
#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
|
||||
#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
|
||||
#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
|
||||
#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
|
||||
#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
|
||||
|
||||
#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
|
||||
#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
|
||||
#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
|
||||
#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
|
||||
#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
|
||||
#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
|
||||
|
||||
#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
|
||||
#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
|
||||
#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
|
||||
#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
|
||||
#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
|
||||
|
||||
#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
|
||||
#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
|
||||
#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
|
||||
#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
|
||||
#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
|
||||
#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
|
||||
#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
|
||||
#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
|
||||
#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
|
||||
#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
|
||||
|
||||
#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
|
||||
#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
|
||||
#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
|
||||
#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
|
||||
#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
|
||||
#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
|
||||
|
||||
#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
|
||||
#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
|
||||
#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
|
||||
#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
|
||||
#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
|
||||
#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
|
||||
|
||||
#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
|
||||
#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
|
||||
#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
|
||||
#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
|
||||
#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
|
||||
|
||||
#define SSL3_SSL_SESSION_ID_LENGTH 32
|
||||
#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
|
||||
|
||||
#define SSL3_MASTER_SECRET_SIZE 48
|
||||
#define SSL3_RANDOM_SIZE 32
|
||||
#define SSL3_SESSION_ID_SIZE 32
|
||||
#define SSL3_RT_HEADER_LENGTH 5
|
||||
|
||||
#define SSL3_HM_HEADER_LENGTH 4
|
||||
|
||||
#ifndef SSL3_ALIGN_PAYLOAD
|
||||
/* Some will argue that this increases memory footprint, but it's not actually
|
||||
* true. Point is that malloc has to return at least 64-bit aligned pointers,
|
||||
* meaning that allocating 5 bytes wastes 3 bytes in either case. Suggested
|
||||
* pre-gaping simply moves these wasted bytes from the end of allocated region
|
||||
* to its front, but makes data payload aligned, which improves performance. */
|
||||
#define SSL3_ALIGN_PAYLOAD 8
|
||||
#else
|
||||
#if (SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) != 0
|
||||
#error "insane SSL3_ALIGN_PAYLOAD"
|
||||
#undef SSL3_ALIGN_PAYLOAD
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* This is the maximum MAC (digest) size used by the SSL library. Currently
|
||||
* maximum of 20 is used by SHA1, but we reserve for future extension for
|
||||
* 512-bit hashes. */
|
||||
|
||||
#define SSL3_RT_MAX_MD_SIZE 64
|
||||
|
||||
/* Maximum block size used in all ciphersuites. Currently 16 for AES. */
|
||||
|
||||
#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
|
||||
|
||||
#define SSL3_RT_MAX_EXTRA (16384)
|
||||
|
||||
/* Maximum plaintext length: defined by SSL/TLS standards */
|
||||
#define SSL3_RT_MAX_PLAIN_LENGTH 16384
|
||||
/* Maximum compression overhead: defined by SSL/TLS standards */
|
||||
#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
|
||||
|
||||
/* The standards give a maximum encryption overhead of 1024 bytes. In practice
|
||||
* the value is lower than this. The overhead is the maximum number of padding
|
||||
* bytes (256) plus the mac size.
|
||||
*
|
||||
* TODO(davidben): This derivation doesn't take AEADs into account, or TLS 1.1
|
||||
* explicit nonces. It happens to work because |SSL3_RT_MAX_MD_SIZE| is larger
|
||||
* than necessary and no true AEAD has variable overhead in TLS 1.2. */
|
||||
#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
|
||||
|
||||
/* SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD is the maximum overhead in encrypting a
|
||||
* record. This does not include the record header. Some ciphers use explicit
|
||||
* nonces, so it includes both the AEAD overhead as well as the nonce. */
|
||||
#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
|
||||
(EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH)
|
||||
|
||||
OPENSSL_COMPILE_ASSERT(
|
||||
SSL3_RT_MAX_ENCRYPTED_OVERHEAD >= SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD,
|
||||
max_overheads_are_consistent);
|
||||
|
||||
/* SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for
|
||||
* |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the
|
||||
* compression overhead. */
|
||||
#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
|
||||
|
||||
#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
|
||||
(SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH)
|
||||
#define SSL3_RT_MAX_PACKET_SIZE \
|
||||
(SSL3_RT_MAX_ENCRYPTED_LENGTH + SSL3_RT_HEADER_LENGTH)
|
||||
|
||||
#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
|
||||
#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
|
||||
|
||||
#define SSL3_VERSION 0x0300
|
||||
#define SSL3_VERSION_MAJOR 0x03
|
||||
#define SSL3_VERSION_MINOR 0x00
|
||||
|
||||
#define SSL3_RT_CHANGE_CIPHER_SPEC 20
|
||||
#define SSL3_RT_ALERT 21
|
||||
#define SSL3_RT_HANDSHAKE 22
|
||||
#define SSL3_RT_APPLICATION_DATA 23
|
||||
|
||||
/* Pseudo content types to indicate additional parameters */
|
||||
#define TLS1_RT_CRYPTO 0x1000
|
||||
#define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1)
|
||||
#define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2)
|
||||
#define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3)
|
||||
#define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4)
|
||||
|
||||
#define TLS1_RT_CRYPTO_READ 0x0000
|
||||
#define TLS1_RT_CRYPTO_WRITE 0x0100
|
||||
#define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5)
|
||||
#define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6)
|
||||
#define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7)
|
||||
#define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8)
|
||||
|
||||
/* Pseudo content type for SSL/TLS header info */
|
||||
#define SSL3_RT_HEADER 0x100
|
||||
|
||||
#define SSL3_AL_WARNING 1
|
||||
#define SSL3_AL_FATAL 2
|
||||
|
||||
#define SSL3_AD_CLOSE_NOTIFY 0
|
||||
#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
|
||||
#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
|
||||
#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
|
||||
#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
|
||||
#define SSL3_AD_NO_CERTIFICATE 41
|
||||
#define SSL3_AD_BAD_CERTIFICATE 42
|
||||
#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
|
||||
#define SSL3_AD_CERTIFICATE_REVOKED 44
|
||||
#define SSL3_AD_CERTIFICATE_EXPIRED 45
|
||||
#define SSL3_AD_CERTIFICATE_UNKNOWN 46
|
||||
#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
|
||||
#define SSL3_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */
|
||||
|
||||
typedef struct ssl3_record_st {
|
||||
/* type is the record type. */
|
||||
uint8_t type;
|
||||
/* length is the number of unconsumed bytes of |data|. */
|
||||
uint16_t length;
|
||||
/* off is the number of consumed bytes of |data|. */
|
||||
uint16_t off;
|
||||
/* data is a non-owning pointer to the record contents. The total length of
|
||||
* the buffer is |off| + |length|. */
|
||||
uint8_t *data;
|
||||
/* epoch, in DTLS, is the epoch number of the record. */
|
||||
uint16_t epoch;
|
||||
/* seq_num, in DTLS, is the sequence number of the record. The top two bytes
|
||||
* are always zero.
|
||||
*
|
||||
* TODO(davidben): This is confusing. They should include the epoch or the
|
||||
* field should be six bytes. */
|
||||
uint8_t seq_num[8];
|
||||
} SSL3_RECORD;
|
||||
|
||||
typedef struct ssl3_buffer_st {
|
||||
uint8_t *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see
|
||||
ssl3_setup_buffers() */
|
||||
size_t len; /* buffer size */
|
||||
int offset; /* where to 'copy from' */
|
||||
int left; /* how many bytes left */
|
||||
} SSL3_BUFFER;
|
||||
|
||||
#define SSL3_CT_RSA_SIGN 1
|
||||
#define SSL3_CT_DSS_SIGN 2
|
||||
#define SSL3_CT_RSA_FIXED_DH 3
|
||||
#define SSL3_CT_DSS_FIXED_DH 4
|
||||
#define SSL3_CT_RSA_EPHEMERAL_DH 5
|
||||
#define SSL3_CT_DSS_EPHEMERAL_DH 6
|
||||
#define SSL3_CT_FORTEZZA_DMS 20
|
||||
|
||||
|
||||
/* TODO(davidben): This flag can probably be merged into s3->change_cipher_spec
|
||||
* to something tri-state. (Normal / Expect CCS / Between CCS and Finished). */
|
||||
#define SSL3_FLAGS_EXPECT_CCS 0x0080
|
||||
|
||||
typedef struct ssl3_state_st {
|
||||
long flags;
|
||||
|
||||
uint8_t read_sequence[8];
|
||||
int read_mac_secret_size;
|
||||
uint8_t read_mac_secret[EVP_MAX_MD_SIZE];
|
||||
uint8_t write_sequence[8];
|
||||
int write_mac_secret_size;
|
||||
uint8_t write_mac_secret[EVP_MAX_MD_SIZE];
|
||||
|
||||
uint8_t server_random[SSL3_RANDOM_SIZE];
|
||||
uint8_t client_random[SSL3_RANDOM_SIZE];
|
||||
|
||||
/* flags for countermeasure against known-IV weakness */
|
||||
int need_record_splitting;
|
||||
|
||||
/* The value of 'extra' when the buffers were initialized */
|
||||
int init_extra;
|
||||
|
||||
/* have_version is true if the connection's final version is known. Otherwise
|
||||
* the version has not been negotiated yet. */
|
||||
char have_version;
|
||||
|
||||
/* initial_handshake_complete is true if the initial handshake has
|
||||
* completed. */
|
||||
char initial_handshake_complete;
|
||||
|
||||
/* sniff_buffer is used by the server in the initial handshake to read a
|
||||
* V2ClientHello before the record layer is initialized. */
|
||||
BUF_MEM *sniff_buffer;
|
||||
size_t sniff_buffer_len;
|
||||
|
||||
SSL3_BUFFER rbuf; /* read IO goes into here */
|
||||
SSL3_BUFFER wbuf; /* write IO goes into here */
|
||||
|
||||
SSL3_RECORD rrec; /* each decoded record goes in here */
|
||||
|
||||
/* storage for Handshake protocol data received but not yet processed by
|
||||
* ssl3_read_bytes: */
|
||||
uint8_t handshake_fragment[4];
|
||||
unsigned int handshake_fragment_len;
|
||||
|
||||
/* partial write - check the numbers match */
|
||||
unsigned int wnum; /* number of bytes sent so far */
|
||||
int wpend_tot; /* number bytes written */
|
||||
int wpend_type;
|
||||
int wpend_ret; /* number of bytes submitted */
|
||||
const uint8_t *wpend_buf;
|
||||
|
||||
/* used during startup, digest all incoming/outgoing packets */
|
||||
BIO *handshake_buffer;
|
||||
/* When set of handshake digests is determined, buffer is hashed and freed
|
||||
* and MD_CTX-es for all required digests are stored in this array */
|
||||
EVP_MD_CTX **handshake_dgst;
|
||||
/* this is set whenerver we see a change_cipher_spec message come in when we
|
||||
* are not looking for one */
|
||||
int change_cipher_spec;
|
||||
|
||||
int warn_alert;
|
||||
int fatal_alert;
|
||||
/* we allow one fatal and one warning alert to be outstanding, send close
|
||||
* alert via the warning alert */
|
||||
int alert_dispatch;
|
||||
uint8_t send_alert[2];
|
||||
|
||||
int total_renegotiations;
|
||||
|
||||
/* State pertaining to the pending handshake.
|
||||
*
|
||||
* TODO(davidben): State is current spread all over the place. Move
|
||||
* pending handshake state here so it can be managed separately from
|
||||
* established connection state in case of renegotiations. */
|
||||
struct {
|
||||
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
|
||||
uint8_t finish_md[EVP_MAX_MD_SIZE * 2];
|
||||
int finish_md_len;
|
||||
uint8_t peer_finish_md[EVP_MAX_MD_SIZE * 2];
|
||||
int peer_finish_md_len;
|
||||
|
||||
unsigned long message_size;
|
||||
int message_type;
|
||||
|
||||
/* used to hold the new cipher we are going to use */
|
||||
const SSL_CIPHER *new_cipher;
|
||||
DH *dh;
|
||||
|
||||
EC_KEY *ecdh; /* holds short lived ECDH key */
|
||||
|
||||
/* used when SSL_ST_FLUSH_DATA is entered */
|
||||
int next_state;
|
||||
|
||||
int reuse_message;
|
||||
|
||||
/* Client-only: cert_req determines if a client certificate is to be sent.
|
||||
* This is 0 if no client Certificate message is to be sent, 1 if there is
|
||||
* a client certificate, and 2 to send an empty client Certificate
|
||||
* message. */
|
||||
int cert_req;
|
||||
|
||||
/* Client-only: ca_names contains the list of CAs received in a
|
||||
* CertificateRequest message. */
|
||||
STACK_OF(X509_NAME) *ca_names;
|
||||
|
||||
/* Client-only: certificate_types contains the set of certificate types
|
||||
* received in a CertificateRequest message. */
|
||||
uint8_t *certificate_types;
|
||||
size_t num_certificate_types;
|
||||
|
||||
int key_block_length;
|
||||
uint8_t *key_block;
|
||||
|
||||
const EVP_AEAD *new_aead;
|
||||
uint8_t new_mac_secret_len;
|
||||
uint8_t new_fixed_iv_len;
|
||||
uint8_t new_variable_iv_len;
|
||||
|
||||
/* Server-only: cert_request is true if a client certificate was
|
||||
* requested. */
|
||||
int cert_request;
|
||||
|
||||
/* certificate_status_expected is true if OCSP stapling was negotiated and
|
||||
* the server is expected to send a CertificateStatus message. */
|
||||
char certificate_status_expected;
|
||||
|
||||
/* peer_ecpointformatlist contains the EC point formats advertised by the
|
||||
* peer. */
|
||||
uint8_t *peer_ecpointformatlist;
|
||||
size_t peer_ecpointformatlist_length;
|
||||
|
||||
/* Server-only: peer_ellipticcurvelist contains the EC curve IDs advertised
|
||||
* by the peer. This is only set on the server's end. The server does not
|
||||
* advertise this extension to the client. */
|
||||
uint16_t *peer_ellipticcurvelist;
|
||||
size_t peer_ellipticcurvelist_length;
|
||||
|
||||
/* extended_master_secret indicates whether the extended master secret
|
||||
* computation is used in this handshake. Note that this is different from
|
||||
* whether it was used for the current session. If this is a resumption
|
||||
* handshake then EMS might be negotiated in the client and server hello
|
||||
* messages, but it doesn't matter if the session that's being resumed
|
||||
* didn't use it to create the master secret initially. */
|
||||
char extended_master_secret;
|
||||
|
||||
/* Client-only: peer_psk_identity_hint is the psk_identity_hint sent by the
|
||||
* server when using a PSK key exchange. */
|
||||
char *peer_psk_identity_hint;
|
||||
|
||||
/* new_mac_secret_size is unused and exists only until wpa_supplicant can
|
||||
* be updated. It is only needed for EAP-FAST, which we don't support. */
|
||||
uint8_t new_mac_secret_size;
|
||||
|
||||
/* Client-only: in_false_start is one if there is a pending handshake in
|
||||
* False Start. The client may write data at this point. */
|
||||
char in_false_start;
|
||||
} tmp;
|
||||
|
||||
/* Connection binding to prevent renegotiation attacks */
|
||||
uint8_t previous_client_finished[EVP_MAX_MD_SIZE];
|
||||
uint8_t previous_client_finished_len;
|
||||
uint8_t previous_server_finished[EVP_MAX_MD_SIZE];
|
||||
uint8_t previous_server_finished_len;
|
||||
int send_connection_binding; /* TODOEKR */
|
||||
|
||||
/* Set if we saw the Next Protocol Negotiation extension from our peer. */
|
||||
int next_proto_neg_seen;
|
||||
|
||||
/* ALPN information
|
||||
* (we are in the process of transitioning from NPN to ALPN.) */
|
||||
|
||||
/* In a server these point to the selected ALPN protocol after the
|
||||
* ClientHello has been processed. In a client these contain the protocol
|
||||
* that the server selected once the ServerHello has been processed. */
|
||||
uint8_t *alpn_selected;
|
||||
size_t alpn_selected_len;
|
||||
|
||||
/* In a client, this means that the server supported Channel ID and that a
|
||||
* Channel ID was sent. In a server it means that we echoed support for
|
||||
* Channel IDs and that tlsext_channel_id will be valid after the
|
||||
* handshake. */
|
||||
char tlsext_channel_id_valid;
|
||||
/* tlsext_channel_id_new means that the updated Channel ID extension was
|
||||
* negotiated. This is a temporary hack in the code to support both forms of
|
||||
* Channel ID extension while we transition to the new format, which fixed a
|
||||
* security issue. */
|
||||
char tlsext_channel_id_new;
|
||||
/* For a server:
|
||||
* If |tlsext_channel_id_valid| is true, then this contains the
|
||||
* verified Channel ID from the client: a P256 point, (x,y), where
|
||||
* each are big-endian values. */
|
||||
uint8_t tlsext_channel_id[64];
|
||||
} SSL3_STATE;
|
||||
|
||||
/* SSLv3 */
|
||||
/* client */
|
||||
/* extra state */
|
||||
#define SSL3_ST_CW_FLUSH (0x100 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_FALSE_START (0x101 | SSL_ST_CONNECT)
|
||||
/* write to server */
|
||||
#define SSL3_ST_CW_CLNT_HELLO_A (0x110 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CLNT_HELLO_B (0x111 | SSL_ST_CONNECT)
|
||||
/* read from server */
|
||||
#define SSL3_ST_CR_SRVR_HELLO_A (0x120 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_SRVR_HELLO_B (0x121 | SSL_ST_CONNECT)
|
||||
#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126 | SSL_ST_CONNECT)
|
||||
#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_CERT_A (0x130 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_CERT_B (0x131 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_KEY_EXCH_A (0x140 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_KEY_EXCH_B (0x141 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_CERT_REQ_A (0x150 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_CERT_REQ_B (0x151 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_SRVR_DONE_A (0x160 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_SRVR_DONE_B (0x161 | SSL_ST_CONNECT)
|
||||
/* write to server */
|
||||
#define SSL3_ST_CW_CERT_A (0x170 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CERT_B (0x171 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CERT_C (0x172 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CERT_D (0x173 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_KEY_EXCH_A (0x180 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_KEY_EXCH_B (0x181 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CERT_VRFY_A (0x190 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CERT_VRFY_B (0x191 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CHANGE_A (0x1A0 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CHANGE_B (0x1A1 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_NEXT_PROTO_A (0x200 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_NEXT_PROTO_B (0x201 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CHANNEL_ID_A (0x220 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_CHANNEL_ID_B (0x221 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_FINISHED_A (0x1B0 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CW_FINISHED_B (0x1B1 | SSL_ST_CONNECT)
|
||||
/* read from server */
|
||||
#define SSL3_ST_CR_CHANGE (0x1C0 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_FINISHED_A (0x1D0 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_FINISHED_B (0x1D1 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_CERT_STATUS_A (0x1F0 | SSL_ST_CONNECT)
|
||||
#define SSL3_ST_CR_CERT_STATUS_B (0x1F1 | SSL_ST_CONNECT)
|
||||
|
||||
/* server */
|
||||
/* extra state */
|
||||
#define SSL3_ST_SW_FLUSH (0x100 | SSL_ST_ACCEPT)
|
||||
/* read from client */
|
||||
#define SSL3_ST_SR_INITIAL_BYTES (0x240 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_V2_CLIENT_HELLO (0x241 | SSL_ST_ACCEPT)
|
||||
/* Do not change the number values, they do matter */
|
||||
#define SSL3_ST_SR_CLNT_HELLO_A (0x110 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_CLNT_HELLO_B (0x111 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_CLNT_HELLO_C (0x112 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_CLNT_HELLO_D (0x115 | SSL_ST_ACCEPT)
|
||||
/* write to client */
|
||||
#define SSL3_ST_SW_HELLO_REQ_A (0x120 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_HELLO_REQ_B (0x121 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_HELLO_REQ_C (0x122 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_SRVR_HELLO_A (0x130 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_SRVR_HELLO_B (0x131 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_CERT_A (0x140 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_CERT_B (0x141 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_KEY_EXCH_A (0x150 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_KEY_EXCH_B (0x151 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_CERT_REQ_A (0x160 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_CERT_REQ_B (0x161 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_SRVR_DONE_A (0x170 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_SRVR_DONE_B (0x171 | SSL_ST_ACCEPT)
|
||||
/* read from client */
|
||||
#define SSL3_ST_SR_CERT_A (0x180 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_CERT_B (0x181 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_KEY_EXCH_A (0x190 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_KEY_EXCH_B (0x191 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_CERT_VRFY_A (0x1A0 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_CERT_VRFY_B (0x1A1 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_CHANGE (0x1B0 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_NEXT_PROTO_A (0x210 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_NEXT_PROTO_B (0x211 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_CHANNEL_ID_A (0x230 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_CHANNEL_ID_B (0x231 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_FINISHED_A (0x1C0 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SR_FINISHED_B (0x1C1 | SSL_ST_ACCEPT)
|
||||
|
||||
/* write to client */
|
||||
#define SSL3_ST_SW_CHANGE_A (0x1D0 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_CHANGE_B (0x1D1 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_FINISHED_A (0x1E0 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_FINISHED_B (0x1E1 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_CERT_STATUS_A (0x200 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_CERT_STATUS_B (0x201 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_SUPPLEMENTAL_DATA_A (0x220 | SSL_ST_ACCEPT)
|
||||
#define SSL3_ST_SW_SUPPLEMENTAL_DATA_B (0x221 | SSL_ST_ACCEPT)
|
||||
|
||||
#define SSL3_MT_HELLO_REQUEST 0
|
||||
#define SSL3_MT_CLIENT_HELLO 1
|
||||
#define SSL3_MT_SERVER_HELLO 2
|
||||
#define SSL3_MT_NEWSESSION_TICKET 4
|
||||
#define SSL3_MT_CERTIFICATE 11
|
||||
#define SSL3_MT_SERVER_KEY_EXCHANGE 12
|
||||
#define SSL3_MT_CERTIFICATE_REQUEST 13
|
||||
#define SSL3_MT_SERVER_DONE 14
|
||||
#define SSL3_MT_CERTIFICATE_VERIFY 15
|
||||
#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
|
||||
#define SSL3_MT_FINISHED 20
|
||||
#define SSL3_MT_CERTIFICATE_STATUS 22
|
||||
#define SSL3_MT_SUPPLEMENTAL_DATA 23
|
||||
#define SSL3_MT_NEXT_PROTO 67
|
||||
#define SSL3_MT_ENCRYPTED_EXTENSIONS 203
|
||||
#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
|
||||
|
||||
|
||||
#define SSL3_MT_CCS 1
|
||||
|
||||
/* These are used when changing over to a new cipher */
|
||||
#define SSL3_CC_READ 0x01
|
||||
#define SSL3_CC_WRITE 0x02
|
||||
#define SSL3_CC_CLIENT 0x10
|
||||
#define SSL3_CC_SERVER 0x20
|
||||
#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT | SSL3_CC_WRITE)
|
||||
#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER | SSL3_CC_READ)
|
||||
#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT | SSL3_CC_READ)
|
||||
#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER | SSL3_CC_WRITE)
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
#endif
|
|
@ -0,0 +1,301 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_STACK_H
|
||||
#define OPENSSL_HEADER_STACK_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/type_check.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* A stack, in OpenSSL, is an array of pointers. They are the most commonly
|
||||
* used collection object.
|
||||
*
|
||||
* This file defines macros for type safe use of the stack functions. A stack
|
||||
* of a specific type of object has type |STACK_OF(type)|. This can be defined
|
||||
* (once) with |DEFINE_STACK_OF(type)| and declared where needed with
|
||||
* |DECLARE_STACK_OF(type)|. For example:
|
||||
*
|
||||
* struct foo {
|
||||
* int bar;
|
||||
* };
|
||||
*
|
||||
* DEFINE_STACK_OF(struct foo);
|
||||
*
|
||||
* Although note that the stack will contain /pointers/ to |foo|.
|
||||
*
|
||||
* A macro will be defined for each of the sk_* functions below. For
|
||||
* STACK_OF(foo), the macros would be sk_foo_new, sk_foo_pop etc. */
|
||||
|
||||
|
||||
/* stack_cmp_func is a comparison function that returns a value < 0, 0 or > 0
|
||||
* if |*a| is less than, equal to or greater than |*b|, respectively. Note the
|
||||
* extra indirection - the function is given a pointer to a pointer to the
|
||||
* element. This differs from the usual qsort/bsearch comparison function. */
|
||||
typedef int (*stack_cmp_func)(const void **a, const void **b);
|
||||
|
||||
/* stack_st contains an array of pointers. It is not designed to be used
|
||||
* directly, rather the wrapper macros should be used. */
|
||||
typedef struct stack_st {
|
||||
/* num contains the number of valid pointers in |data|. */
|
||||
size_t num;
|
||||
void **data;
|
||||
/* sorted is non-zero if the values pointed to by |data| are in ascending
|
||||
* order, based on |comp|. */
|
||||
size_t sorted;
|
||||
/* num_alloc contains the number of pointers allocated in the buffer pointed
|
||||
* to by |data|, which may be larger than |num|. */
|
||||
size_t num_alloc;
|
||||
/* comp is an optional comparison function. */
|
||||
stack_cmp_func comp;
|
||||
} _STACK;
|
||||
|
||||
|
||||
#define STACK_OF(type) struct stack_st_##type
|
||||
|
||||
#define DEFINE_STACK_OF(type) \
|
||||
STACK_OF(type) {\
|
||||
_STACK stack; \
|
||||
}
|
||||
|
||||
#define DECLARE_STACK_OF(type) STACK_OF(type);
|
||||
|
||||
/* The make_macros.sh script in this directory parses the following lines and
|
||||
* generates the stack_macros.h file that contains macros for the following
|
||||
* types of stacks:
|
||||
*
|
||||
* STACK_OF:ACCESS_DESCRIPTION
|
||||
* STACK_OF:ASN1_ADB_TABLE
|
||||
* STACK_OF:ASN1_GENERALSTRING
|
||||
* STACK_OF:ASN1_INTEGER
|
||||
* STACK_OF:ASN1_OBJECT
|
||||
* STACK_OF:ASN1_STRING_TABLE
|
||||
* STACK_OF:ASN1_TYPE
|
||||
* STACK_OF:ASN1_VALUE
|
||||
* STACK_OF:BIO
|
||||
* STACK_OF:BY_DIR_ENTRY
|
||||
* STACK_OF:BY_DIR_HASH
|
||||
* STACK_OF:CONF_VALUE
|
||||
* STACK_OF:CRYPTO_EX_DATA_FUNCS
|
||||
* STACK_OF:DIST_POINT
|
||||
* STACK_OF:GENERAL_NAME
|
||||
* STACK_OF:GENERAL_NAMES
|
||||
* STACK_OF:GENERAL_SUBTREE
|
||||
* STACK_OF:MIME_HEADER
|
||||
* STACK_OF:PKCS7_SIGNER_INFO
|
||||
* STACK_OF:PKCS7_RECIP_INFO
|
||||
* STACK_OF:POLICYINFO
|
||||
* STACK_OF:POLICYQUALINFO
|
||||
* STACK_OF:POLICY_MAPPING
|
||||
* STACK_OF:SSL_COMP
|
||||
* STACK_OF:STACK_OF_X509_NAME_ENTRY
|
||||
* STACK_OF:SXNETID
|
||||
* STACK_OF:X509
|
||||
* STACK_OF:X509V3_EXT_METHOD
|
||||
* STACK_OF:X509_ALGOR
|
||||
* STACK_OF:X509_ATTRIBUTE
|
||||
* STACK_OF:X509_CRL
|
||||
* STACK_OF:X509_EXTENSION
|
||||
* STACK_OF:X509_INFO
|
||||
* STACK_OF:X509_LOOKUP
|
||||
* STACK_OF:X509_NAME
|
||||
* STACK_OF:X509_NAME_ENTRY
|
||||
* STACK_OF:X509_OBJECT
|
||||
* STACK_OF:X509_POLICY_DATA
|
||||
* STACK_OF:X509_POLICY_NODE
|
||||
* STACK_OF:X509_PURPOSE
|
||||
* STACK_OF:X509_REVOKED
|
||||
* STACK_OF:X509_TRUST
|
||||
* STACK_OF:X509_VERIFY_PARAM
|
||||
* STACK_OF:void
|
||||
*
|
||||
* Some stacks contain only const structures, so the stack should return const
|
||||
* pointers to retain type-checking.
|
||||
*
|
||||
* CONST_STACK_OF:SRTP_PROTECTION_PROFILE
|
||||
* CONST_STACK_OF:SSL_CIPHER */
|
||||
|
||||
|
||||
/* Some stacks are special because, although we would like STACK_OF(char *),
|
||||
* that would actually be a stack of pointers to char*, but we just want to
|
||||
* point to the string directly. In this case we call them "special" and use
|
||||
* |DEFINE_SPECIAL_STACK_OF(type)| */
|
||||
#define DEFINE_SPECIAL_STACK_OF(type, inner) \
|
||||
STACK_OF(type) { _STACK special_stack; }; \
|
||||
OPENSSL_COMPILE_ASSERT(sizeof(type) == sizeof(void *), \
|
||||
special_stack_of_non_pointer_##type);
|
||||
|
||||
typedef char *OPENSSL_STRING;
|
||||
|
||||
DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
|
||||
DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, uint8_t)
|
||||
|
||||
/* The make_macros.sh script in this directory parses the following lines and
|
||||
* generates the stack_macros.h file that contains macros for the following
|
||||
* types of stacks:
|
||||
*
|
||||
* SPECIAL_STACK_OF:OPENSSL_STRING
|
||||
* SPECIAL_STACK_OF:OPENSSL_BLOCK */
|
||||
|
||||
#define IN_STACK_H
|
||||
#include <openssl/stack_macros.h>
|
||||
#undef IN_STACK_H
|
||||
|
||||
|
||||
/* These are the raw stack functions, you shouldn't be using them. Rather you
|
||||
* should be using the type stack macros implemented above. */
|
||||
|
||||
/* sk_new creates a new, empty stack with the given comparison function, which
|
||||
* may be zero. It returns the new stack or NULL on allocation failure. */
|
||||
OPENSSL_EXPORT _STACK *sk_new(stack_cmp_func comp);
|
||||
|
||||
/* sk_new_null creates a new, empty stack. It returns the new stack or NULL on
|
||||
* allocation failure. */
|
||||
OPENSSL_EXPORT _STACK *sk_new_null(void);
|
||||
|
||||
/* sk_num returns the number of elements in |s|. */
|
||||
OPENSSL_EXPORT size_t sk_num(const _STACK *sk);
|
||||
|
||||
/* sk_zero resets |sk| to the empty state but does nothing to free the
|
||||
* individual elements themselves. */
|
||||
OPENSSL_EXPORT void sk_zero(_STACK *sk);
|
||||
|
||||
/* sk_value returns the |i|th pointer in |sk|, or NULL if |i| is out of
|
||||
* range. */
|
||||
OPENSSL_EXPORT void *sk_value(const _STACK *sk, size_t i);
|
||||
|
||||
/* sk_set sets the |i|th pointer in |sk| to |p| and returns |p|. If |i| is out
|
||||
* of range, it returns NULL. */
|
||||
OPENSSL_EXPORT void *sk_set(_STACK *sk, size_t i, void *p);
|
||||
|
||||
/* sk_free frees the given stack and array of pointers, but does nothing to
|
||||
* free the individual elements. Also see |sk_pop_free|. */
|
||||
OPENSSL_EXPORT void sk_free(_STACK *sk);
|
||||
|
||||
/* sk_pop_free calls |free_func| on each element in the stack and then frees
|
||||
* the stack itself. */
|
||||
OPENSSL_EXPORT void sk_pop_free(_STACK *sk, void (*free_func)(void *));
|
||||
|
||||
/* sk_insert inserts |p| into the stack at index |where|, moving existing
|
||||
* elements if needed. It returns the length of the new stack, or zero on
|
||||
* error. */
|
||||
OPENSSL_EXPORT size_t sk_insert(_STACK *sk, void *p, size_t where);
|
||||
|
||||
/* sk_delete removes the pointer at index |where|, moving other elements down
|
||||
* if needed. It returns the removed pointer, or NULL if |where| is out of
|
||||
* range. */
|
||||
OPENSSL_EXPORT void *sk_delete(_STACK *sk, size_t where);
|
||||
|
||||
/* sk_delete_ptr removes, at most, one instance of |p| from the stack based on
|
||||
* pointer equality. If an instance of |p| is found then |p| is returned,
|
||||
* otherwise it returns NULL. */
|
||||
OPENSSL_EXPORT void *sk_delete_ptr(_STACK *sk, void *p);
|
||||
|
||||
/* sk_find returns the first value in the stack equal to |p|. If a comparison
|
||||
* function has been set on the stack, then equality is defined by it and the
|
||||
* stack will be sorted if need be so that a binary search can be used.
|
||||
* Otherwise pointer equality is used. If a matching element is found, its
|
||||
* index is written to |*out_index| (if |out_index| is not NULL) and one is
|
||||
* returned. Otherwise zero is returned. */
|
||||
OPENSSL_EXPORT int sk_find(_STACK *sk, size_t *out_index, void *p);
|
||||
|
||||
/* sk_shift removes and returns the first element in the stack, or returns NULL
|
||||
* if the stack is empty. */
|
||||
OPENSSL_EXPORT void *sk_shift(_STACK *sk);
|
||||
|
||||
/* sk_push appends |p| to the stack and returns the length of the new stack, or
|
||||
* 0 on allocation failure. */
|
||||
OPENSSL_EXPORT size_t sk_push(_STACK *sk, void *p);
|
||||
|
||||
/* sk_pop returns and removes the last element on the stack, or NULL if the
|
||||
* stack is empty. */
|
||||
OPENSSL_EXPORT void *sk_pop(_STACK *sk);
|
||||
|
||||
/* sk_dup performs a shallow copy of a stack and returns the new stack, or NULL
|
||||
* on error. */
|
||||
OPENSSL_EXPORT _STACK *sk_dup(const _STACK *sk);
|
||||
|
||||
/* sk_sort sorts the elements of |sk| into ascending order based on the
|
||||
* comparison function. The stack maintains a |sorted| flag and sorting an
|
||||
* already sorted stack is a no-op. */
|
||||
OPENSSL_EXPORT void sk_sort(_STACK *sk);
|
||||
|
||||
/* sk_is_sorted returns one if |sk| is known to be sorted and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int sk_is_sorted(const _STACK *sk);
|
||||
|
||||
/* sk_set_cmp_func sets the comparison function to be used by |sk| and returns
|
||||
* the previous one. */
|
||||
OPENSSL_EXPORT stack_cmp_func sk_set_cmp_func(_STACK *sk, stack_cmp_func comp);
|
||||
|
||||
/* sk_deep_copy performs a copy of |sk| and of each of the non-NULL elements in
|
||||
* |sk| by using |copy_func|. If an error occurs, |free_func| is used to free
|
||||
* any copies already made and NULL is returned. */
|
||||
OPENSSL_EXPORT _STACK *sk_deep_copy(const _STACK *sk,
|
||||
void *(*copy_func)(void *),
|
||||
void (*free_func)(void *));
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_STACK_H */
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,173 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_THREAD_H
|
||||
#define OPENSSL_HEADER_THREAD_H
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(OPENSSL_NO_THREADS)
|
||||
typedef struct crypto_mutex_st {} CRYPTO_MUTEX;
|
||||
#elif defined(OPENSSL_WINDOWS)
|
||||
/* CRYPTO_MUTEX can appear in public header files so we really don't want to
|
||||
* pull in windows.h. It's statically asserted that this structure is large
|
||||
* enough to contain a Windows CRITICAL_SECTION by thread_win.c. */
|
||||
typedef union crypto_mutex_st {
|
||||
double alignment;
|
||||
uint8_t padding[4*sizeof(void*) + 2*sizeof(int)];
|
||||
} CRYPTO_MUTEX;
|
||||
#elif defined(__MACH__) && defined(__APPLE__)
|
||||
typedef pthread_rwlock_t CRYPTO_MUTEX;
|
||||
#else
|
||||
/* It is reasonable to include pthread.h on non-Windows systems, however the
|
||||
* |pthread_rwlock_t| that we need is hidden under feature flags, and we can't
|
||||
* ensure that we'll be able to get it. It's statically asserted that this
|
||||
* structure is large enough to contain a |pthread_rwlock_t| by
|
||||
* thread_pthread.c. */
|
||||
typedef union crypto_mutex_st {
|
||||
double alignment;
|
||||
uint8_t padding[3*sizeof(int) + 5*sizeof(unsigned) + 16 + 8];
|
||||
} CRYPTO_MUTEX;
|
||||
#endif
|
||||
|
||||
/* CRYPTO_refcount_t is the type of a reference count.
|
||||
*
|
||||
* Since some platforms use C11 atomics to access this, it should have the
|
||||
* _Atomic qualifier. However, this header is included by C++ programs as well
|
||||
* as C code that might not set -std=c11. So, in practice, it's not possible to
|
||||
* do that. Instead we statically assert that the size and native alignment of
|
||||
* a plain uint32_t and an _Atomic uint32_t are equal in refcount_c11.c. */
|
||||
typedef uint32_t CRYPTO_refcount_t;
|
||||
|
||||
|
||||
/* Deprecated functions */
|
||||
|
||||
/* These defines do nothing but are provided to make old code easier to
|
||||
* compile. */
|
||||
#define CRYPTO_LOCK 1
|
||||
#define CRYPTO_UNLOCK 2
|
||||
#define CRYPTO_READ 4
|
||||
#define CRYPTO_WRITE 8
|
||||
|
||||
/* CRYPTO_num_locks returns one. (This is non-zero that callers who allocate
|
||||
* sizeof(lock) times this value don't get zero and then fail because malloc(0)
|
||||
* returned NULL.) */
|
||||
OPENSSL_EXPORT int CRYPTO_num_locks(void);
|
||||
|
||||
/* CRYPTO_set_locking_callback does nothing. */
|
||||
OPENSSL_EXPORT void CRYPTO_set_locking_callback(
|
||||
void (*func)(int mode, int lock_num, const char *file, int line));
|
||||
|
||||
/* CRYPTO_set_add_lock_callback does nothing. */
|
||||
OPENSSL_EXPORT void CRYPTO_set_add_lock_callback(int (*func)(
|
||||
int *num, int amount, int lock_num, const char *file, int line));
|
||||
|
||||
/* CRYPTO_get_lock_name returns a fixed, dummy string. */
|
||||
OPENSSL_EXPORT const char *CRYPTO_get_lock_name(int lock_num);
|
||||
|
||||
/* CRYPTO_THREADID_set_callback returns one. */
|
||||
OPENSSL_EXPORT int CRYPTO_THREADID_set_callback(
|
||||
void (*threadid_func)(CRYPTO_THREADID *threadid));
|
||||
|
||||
/* CRYPTO_THREADID_set_numeric does nothing. */
|
||||
OPENSSL_EXPORT void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id,
|
||||
unsigned long val);
|
||||
|
||||
/* CRYPTO_THREADID_set_pointer does nothing. */
|
||||
OPENSSL_EXPORT void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
|
||||
|
||||
/* CRYPTO_THREADID_current does nothing. */
|
||||
OPENSSL_EXPORT void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
|
||||
|
||||
|
||||
/* Private functions.
|
||||
*
|
||||
* Some old code calls these functions and so no-op implementations are
|
||||
* provided.
|
||||
*
|
||||
* TODO(fork): cleanup callers and remove. */
|
||||
|
||||
OPENSSL_EXPORT void CRYPTO_set_id_callback(unsigned long (*func)(void));
|
||||
|
||||
typedef struct {
|
||||
int references;
|
||||
struct CRYPTO_dynlock_value *data;
|
||||
} CRYPTO_dynlock;
|
||||
|
||||
OPENSSL_EXPORT void CRYPTO_set_dynlock_create_callback(
|
||||
struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file,
|
||||
int line));
|
||||
|
||||
OPENSSL_EXPORT void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(
|
||||
int mode, struct CRYPTO_dynlock_value *l, const char *file, int line));
|
||||
|
||||
OPENSSL_EXPORT void CRYPTO_set_dynlock_destroy_callback(
|
||||
void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l,
|
||||
const char *file, int line));
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_THREAD_H */
|
|
@ -0,0 +1,90 @@
|
|||
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
|
||||
* project 2001.
|
||||
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 2008.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* licensing@OpenSSL.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com). */
|
||||
|
||||
#ifndef OPENSSL_HEADER_TIME_H
|
||||
#define OPENSSL_HEADER_TIME_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Wrapper functions for time functions. */
|
||||
|
||||
|
||||
/* OPENSSL_gmtime wraps |gmtime_r|. See the manual page for that function. */
|
||||
struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
|
||||
|
||||
/* OPENSSL_gmtime_adj updates |tm| by adding |offset_day| days and |offset_sec|
|
||||
* seconds. */
|
||||
int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
|
||||
|
||||
/* OPENSSL_gmtime_diff calculates the difference between |from| and |to| and
|
||||
* outputs the difference as a number of days and seconds in |*out_days| and
|
||||
* |*out_secs|. */
|
||||
int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
|
||||
const struct tm *to);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_TIME_H */
|
|
@ -0,0 +1,714 @@
|
|||
/* ssl/tls1.h */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
*
|
||||
* Portions of the attached software ("Contribution") are developed by
|
||||
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
|
||||
*
|
||||
* The Contribution is licensed pursuant to the OpenSSL open source
|
||||
* license provided above.
|
||||
*
|
||||
* ECC cipher suite support in OpenSSL originally written by
|
||||
* Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
* The portions of the attached software ("Contribution") is developed by
|
||||
* Nokia Corporation and is licensed pursuant to the OpenSSL open source
|
||||
* license.
|
||||
*
|
||||
* The Contribution, originally written by Mika Kousa and Pasi Eronen of
|
||||
* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
|
||||
* support (see RFC 4279) to OpenSSL.
|
||||
*
|
||||
* No patent licenses or other rights except those expressly stated in
|
||||
* the OpenSSL open source license shall be deemed granted or received
|
||||
* expressly, by implication, estoppel, or otherwise.
|
||||
*
|
||||
* No assurances are provided by Nokia that the Contribution does not
|
||||
* infringe the patent or other intellectual property rights of any third
|
||||
* party or that the license provides you with all the necessary rights
|
||||
* to make use of the Contribution.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
|
||||
* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
|
||||
* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
|
||||
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
|
||||
* OTHERWISE.
|
||||
*/
|
||||
|
||||
#ifndef HEADER_TLS1_H
|
||||
#define HEADER_TLS1_H
|
||||
|
||||
#include <openssl/buf.h>
|
||||
#include <openssl/stack.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
|
||||
|
||||
#define TLS1_AD_DECRYPTION_FAILED 21
|
||||
#define TLS1_AD_RECORD_OVERFLOW 22
|
||||
#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
|
||||
#define TLS1_AD_ACCESS_DENIED 49 /* fatal */
|
||||
#define TLS1_AD_DECODE_ERROR 50 /* fatal */
|
||||
#define TLS1_AD_DECRYPT_ERROR 51
|
||||
#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */
|
||||
#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
|
||||
#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
|
||||
#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
|
||||
#define TLS1_AD_USER_CANCELLED 90
|
||||
#define TLS1_AD_NO_RENEGOTIATION 100
|
||||
/* codes 110-114 are from RFC3546 */
|
||||
#define TLS1_AD_UNSUPPORTED_EXTENSION 110
|
||||
#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
|
||||
#define TLS1_AD_UNRECOGNIZED_NAME 112
|
||||
#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
|
||||
#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
|
||||
#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
|
||||
|
||||
/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
|
||||
#define TLSEXT_TYPE_server_name 0
|
||||
#define TLSEXT_TYPE_max_fragment_length 1
|
||||
#define TLSEXT_TYPE_client_certificate_url 2
|
||||
#define TLSEXT_TYPE_trusted_ca_keys 3
|
||||
#define TLSEXT_TYPE_truncated_hmac 4
|
||||
#define TLSEXT_TYPE_status_request 5
|
||||
/* ExtensionType values from RFC4681 */
|
||||
#define TLSEXT_TYPE_user_mapping 6
|
||||
|
||||
/* ExtensionType values from RFC5878 */
|
||||
#define TLSEXT_TYPE_client_authz 7
|
||||
#define TLSEXT_TYPE_server_authz 8
|
||||
|
||||
/* ExtensionType values from RFC6091 */
|
||||
#define TLSEXT_TYPE_cert_type 9
|
||||
|
||||
/* ExtensionType values from RFC4492 */
|
||||
#define TLSEXT_TYPE_elliptic_curves 10
|
||||
#define TLSEXT_TYPE_ec_point_formats 11
|
||||
|
||||
/* ExtensionType value from RFC5054 */
|
||||
#define TLSEXT_TYPE_srp 12
|
||||
|
||||
/* ExtensionType values from RFC5246 */
|
||||
#define TLSEXT_TYPE_signature_algorithms 13
|
||||
|
||||
/* ExtensionType value from RFC5764 */
|
||||
#define TLSEXT_TYPE_use_srtp 14
|
||||
|
||||
/* ExtensionType value from RFC5620 */
|
||||
#define TLSEXT_TYPE_heartbeat 15
|
||||
|
||||
/* ExtensionType value from RFC7301 */
|
||||
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
|
||||
|
||||
/* ExtensionType value for TLS padding extension.
|
||||
* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
|
||||
* http://tools.ietf.org/html/draft-agl-tls-padding-03
|
||||
*/
|
||||
#define TLSEXT_TYPE_padding 21
|
||||
|
||||
/* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */
|
||||
#define TLSEXT_TYPE_extended_master_secret 23
|
||||
|
||||
/* ExtensionType value from RFC4507 */
|
||||
#define TLSEXT_TYPE_session_ticket 35
|
||||
|
||||
/* ExtensionType value from RFC5746 */
|
||||
#define TLSEXT_TYPE_renegotiate 0xff01
|
||||
|
||||
/* ExtensionType value from RFC6962 */
|
||||
#define TLSEXT_TYPE_certificate_timestamp 18
|
||||
|
||||
/* This is not an IANA defined extension number */
|
||||
#define TLSEXT_TYPE_next_proto_neg 13172
|
||||
|
||||
/* This is not an IANA defined extension number */
|
||||
#define TLSEXT_TYPE_channel_id 30031
|
||||
#define TLSEXT_TYPE_channel_id_new 30032
|
||||
|
||||
/* NameType value from RFC 3546 */
|
||||
#define TLSEXT_NAMETYPE_host_name 0
|
||||
/* status request value from RFC 3546 */
|
||||
#define TLSEXT_STATUSTYPE_ocsp 1
|
||||
|
||||
/* ECPointFormat values from RFC 4492 */
|
||||
#define TLSEXT_ECPOINTFORMAT_uncompressed 0
|
||||
#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
|
||||
#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
|
||||
|
||||
/* Signature and hash algorithms from RFC 5246 */
|
||||
|
||||
#define TLSEXT_signature_anonymous 0
|
||||
#define TLSEXT_signature_rsa 1
|
||||
#define TLSEXT_signature_dsa 2
|
||||
#define TLSEXT_signature_ecdsa 3
|
||||
|
||||
#define TLSEXT_hash_none 0
|
||||
#define TLSEXT_hash_md5 1
|
||||
#define TLSEXT_hash_sha1 2
|
||||
#define TLSEXT_hash_sha224 3
|
||||
#define TLSEXT_hash_sha256 4
|
||||
#define TLSEXT_hash_sha384 5
|
||||
#define TLSEXT_hash_sha512 6
|
||||
|
||||
/* Flag set for unrecognised algorithms */
|
||||
#define TLSEXT_nid_unknown 0x1000000
|
||||
|
||||
/* ECC curves */
|
||||
|
||||
#define TLSEXT_curve_P_256 23
|
||||
#define TLSEXT_curve_P_384 24
|
||||
|
||||
|
||||
#define TLSEXT_MAXLEN_host_name 255
|
||||
|
||||
OPENSSL_EXPORT const char *SSL_get_servername(const SSL *s, const int type);
|
||||
OPENSSL_EXPORT int SSL_get_servername_type(const SSL *s);
|
||||
|
||||
/* SSL_export_keying_material exports a value derived from the master secret, as
|
||||
* specified in RFC 5705. It writes |out_len| bytes to |out| given a label and
|
||||
* optional context. (Since a zero length context is allowed, the |use_context|
|
||||
* flag controls whether a context is included.)
|
||||
*
|
||||
* It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int SSL_export_keying_material(
|
||||
SSL *s, uint8_t *out, size_t out_len, const char *label, size_t label_len,
|
||||
const uint8_t *context, size_t context_len, int use_context);
|
||||
|
||||
OPENSSL_EXPORT int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash,
|
||||
int *psignandhash, uint8_t *rsig,
|
||||
uint8_t *rhash);
|
||||
|
||||
OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign,
|
||||
int *phash, int *psignandhash,
|
||||
uint8_t *rsig, uint8_t *rhash);
|
||||
|
||||
/* SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name|
|
||||
* in the server_name extension. It returns one on success and zero on error. */
|
||||
OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name);
|
||||
|
||||
/* SSL_CTX_set_tlsext_servername_callback configures |callback| to be called on
|
||||
* the server after ClientHello extensions have been parsed and returns one.
|
||||
* |callback| may use |SSL_get_servername| to examine the server_name extension
|
||||
* and return a |SSL_TLSEXT_ERR_*| value. If it returns |SSL_TLSEXT_ERR_NOACK|,
|
||||
* the server_name extension is not acknowledged in the ServerHello. If the
|
||||
* return value signals an alert, |callback| should set |*out_alert| to the
|
||||
* alert to send. */
|
||||
OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback(
|
||||
SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg));
|
||||
|
||||
#define SSL_TLSEXT_ERR_OK 0
|
||||
#define SSL_TLSEXT_ERR_ALERT_WARNING 1
|
||||
#define SSL_TLSEXT_ERR_ALERT_FATAL 2
|
||||
#define SSL_TLSEXT_ERR_NOACK 3
|
||||
|
||||
/* SSL_CTX_set_tlsext_servername_arg sets the argument to the servername
|
||||
* callback and returns one. See |SSL_CTX_set_tlsext_servername_callback|. */
|
||||
OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
|
||||
|
||||
#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
|
||||
SSL_CTX_ctrl((ctx), SSL_CTRL_GET_TLSEXT_TICKET_KEYS, (keylen), (keys))
|
||||
#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
|
||||
SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys))
|
||||
|
||||
/* SSL_CTX_set_tlsext_ticket_key_cb sets the ticket callback to |callback| and
|
||||
* returns one. |callback| will be called when encrypting a new ticket and when
|
||||
* decrypting a ticket from the client.
|
||||
*
|
||||
* In both modes, |ctx| and |hmac_ctx| will already have been initialized with
|
||||
* |EVP_CIPHER_CTX_init| and |HMAC_CTX_init|, respectively. |callback|
|
||||
* configures |hmac_ctx| with an HMAC digest and key, and configures |ctx|
|
||||
* for encryption or decryption, based on the mode.
|
||||
*
|
||||
* When encrypting a new ticket, |encrypt| will be one. It writes a public
|
||||
* 16-byte key name to |key_name| and a fresh IV to |iv|. The output IV length
|
||||
* must match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode,
|
||||
* |callback| returns 1 on success and -1 on error.
|
||||
*
|
||||
* When decrypting a ticket, |encrypt| will be zero. |key_name| will point to a
|
||||
* 16-byte key name and |iv| points to an IV. The length of the IV consumed must
|
||||
* match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode,
|
||||
* |callback| returns -1 to abort the handshake, 0 if decrypting the ticket
|
||||
* failed, and 1 or 2 on success. If it returns 2, the ticket will be renewed.
|
||||
* This may be used to re-key the ticket.
|
||||
*
|
||||
* WARNING: |callback| wildly breaks the usual return value convention and is
|
||||
* called in two different modes. */
|
||||
OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb(
|
||||
SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
|
||||
EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
|
||||
int encrypt));
|
||||
|
||||
/* PSK ciphersuites from 4279 */
|
||||
#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
|
||||
#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B
|
||||
#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
|
||||
#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
|
||||
|
||||
/* PSK ciphersuites from RFC 5489 */
|
||||
#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035
|
||||
#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036
|
||||
|
||||
/* Additional TLS ciphersuites from expired Internet Draft
|
||||
* draft-ietf-tls-56-bit-ciphersuites-01.txt
|
||||
* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
|
||||
* s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
|
||||
* shouldn't. Note that the first two are actually not in the IDs. */
|
||||
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */
|
||||
#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */
|
||||
#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
|
||||
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
|
||||
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
|
||||
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
|
||||
#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
|
||||
|
||||
/* AES ciphersuites from RFC3268 */
|
||||
|
||||
#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
|
||||
#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
|
||||
|
||||
#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
|
||||
#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
|
||||
|
||||
/* TLS v1.2 ciphersuites */
|
||||
#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B
|
||||
#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C
|
||||
#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
|
||||
|
||||
/* Camellia ciphersuites from RFC4132 */
|
||||
#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
|
||||
#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
|
||||
#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
|
||||
#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
|
||||
#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
|
||||
#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
|
||||
|
||||
/* TLS v1.2 ciphersuites */
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B
|
||||
#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
|
||||
#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
|
||||
|
||||
/* Camellia ciphersuites from RFC4132 */
|
||||
#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
|
||||
#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
|
||||
#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
|
||||
#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
|
||||
#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
|
||||
#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
|
||||
|
||||
/* SEED ciphersuites from RFC4162 */
|
||||
#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
|
||||
#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
|
||||
#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
|
||||
#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
|
||||
#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
|
||||
#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
|
||||
|
||||
/* TLS v1.2 GCM ciphersuites from RFC5288 */
|
||||
#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
|
||||
#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5
|
||||
#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
|
||||
#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
|
||||
|
||||
/* ECC ciphersuites from RFC4492 */
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
|
||||
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
|
||||
|
||||
#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
|
||||
#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
|
||||
#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
|
||||
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
|
||||
|
||||
#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
|
||||
#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
|
||||
#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
|
||||
#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
|
||||
#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
|
||||
|
||||
/* SRP ciphersuites from RFC 5054 */
|
||||
#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A
|
||||
#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B
|
||||
#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C
|
||||
#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D
|
||||
#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E
|
||||
#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F
|
||||
#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020
|
||||
#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
|
||||
#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
|
||||
|
||||
/* ECDH HMAC based ciphersuites from RFC5289 */
|
||||
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
|
||||
|
||||
/* ECDH GCM based ciphersuites from RFC5289 */
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
|
||||
|
||||
#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CC13
|
||||
#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CC14
|
||||
#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CC15
|
||||
|
||||
/* XXX
|
||||
* Inconsistency alert:
|
||||
* The OpenSSL names of ciphers with ephemeral DH here include the string
|
||||
* "DHE", while elsewhere it has always been "EDH".
|
||||
* (The alias for the list of all such ciphers also is "EDH".)
|
||||
* The specifications speak of "EDH"; maybe we should allow both forms
|
||||
* for everything. */
|
||||
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
|
||||
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
|
||||
#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA \
|
||||
"EXP1024-DHE-DSS-DES-CBC-SHA"
|
||||
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
|
||||
|
||||
/* AES ciphersuites from RFC3268 */
|
||||
#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
|
||||
#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
|
||||
|
||||
#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
|
||||
#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
|
||||
|
||||
/* ECC ciphersuites from RFC4492 */
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
|
||||
|
||||
/* PSK ciphersuites from RFC 4279 */
|
||||
#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
|
||||
#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
|
||||
#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
|
||||
#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
|
||||
|
||||
/* PSK ciphersuites from RFC 5489 */
|
||||
#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA"
|
||||
#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA"
|
||||
|
||||
/* SRP ciphersuite from RFC 5054 */
|
||||
#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
|
||||
|
||||
/* Camellia ciphersuites from RFC4132 */
|
||||
#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
|
||||
#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
|
||||
#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
|
||||
#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
|
||||
|
||||
#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
|
||||
#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
|
||||
#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
|
||||
#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
|
||||
|
||||
/* SEED ciphersuites from RFC4162 */
|
||||
#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
|
||||
#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
|
||||
#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
|
||||
#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
|
||||
|
||||
/* TLS v1.2 ciphersuites */
|
||||
#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"
|
||||
#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"
|
||||
#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"
|
||||
#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
|
||||
#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
|
||||
|
||||
/* TLS v1.2 GCM ciphersuites from RFC5288 */
|
||||
#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
|
||||
|
||||
/* ECDH HMAC based ciphersuites from RFC5289 */
|
||||
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
|
||||
|
||||
/* ECDH GCM based ciphersuites from RFC5289 */
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \
|
||||
"ECDHE-ECDSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \
|
||||
"ECDH-ECDSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \
|
||||
"ECDH-ECDSA-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
|
||||
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 \
|
||||
"ECDHE-ECDSA-CHACHA20-POLY1305"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
|
||||
|
||||
#define TLS_CT_RSA_SIGN 1
|
||||
#define TLS_CT_DSS_SIGN 2
|
||||
#define TLS_CT_RSA_FIXED_DH 3
|
||||
#define TLS_CT_DSS_FIXED_DH 4
|
||||
#define TLS_CT_ECDSA_SIGN 64
|
||||
#define TLS_CT_RSA_FIXED_ECDH 65
|
||||
#define TLS_CT_ECDSA_FIXED_ECDH 66
|
||||
|
||||
#define TLS_MD_MAX_CONST_SIZE 20
|
||||
#define TLS_MD_CLIENT_FINISH_CONST "client finished"
|
||||
#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
|
||||
#define TLS_MD_SERVER_FINISH_CONST "server finished"
|
||||
#define TLS_MD_SERVER_FINISH_CONST_SIZE 15
|
||||
#define TLS_MD_KEY_EXPANSION_CONST "key expansion"
|
||||
#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
|
||||
#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
|
||||
#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
|
||||
#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
|
||||
#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
|
||||
#define TLS_MD_IV_BLOCK_CONST "IV block"
|
||||
#define TLS_MD_IV_BLOCK_CONST_SIZE 8
|
||||
#define TLS_MD_MASTER_SECRET_CONST "master secret"
|
||||
#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
|
||||
#define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret"
|
||||
#define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
#endif
|
|
@ -0,0 +1,91 @@
|
|||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.] */
|
||||
|
||||
#ifndef OPENSSL_HEADER_TYPE_CHECK_H
|
||||
#define OPENSSL_HEADER_TYPE_CHECK_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* This header file contains some common macros for enforcing type checking.
|
||||
* Several, common OpenSSL structures (i.e. stack and lhash) operate on void
|
||||
* pointers, but we wish to have type checking when they are used with a
|
||||
* specific type. */
|
||||
|
||||
/* CHECKED_CAST casts |p| from type |from| to type |to|. */
|
||||
#define CHECKED_CAST(to, from, p) ((to) (1 ? (p) : (from)0))
|
||||
|
||||
/* CHECKED_PTR_OF casts a given pointer to void* and statically checks that it
|
||||
* was a pointer to |type|. */
|
||||
#define CHECKED_PTR_OF(type, p) CHECKED_CAST(void*, type*, (p))
|
||||
|
||||
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
|
||||
#define OPENSSL_COMPILE_ASSERT(cond, msg) _Static_assert(cond, #msg)
|
||||
#else
|
||||
#define OPENSSL_COMPILE_ASSERT(cond, msg) \
|
||||
typedef char OPENSSL_COMPILE_ASSERT_##msg[((cond) ? 1 : -1)]
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_TYPE_CHECK_H */
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,612 @@
|
|||
/* crypto/x509/x509_vfy.h */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#ifndef HEADER_X509_H
|
||||
#include <openssl/x509.h>
|
||||
/* openssl/x509.h ends up #include-ing this file at about the only
|
||||
* appropriate moment. */
|
||||
#endif
|
||||
|
||||
#ifndef HEADER_X509_VFY_H
|
||||
#define HEADER_X509_VFY_H
|
||||
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/lhash.h>
|
||||
#include <openssl/thread.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
/* Outer object */
|
||||
typedef struct x509_hash_dir_st
|
||||
{
|
||||
int num_dirs;
|
||||
char **dirs;
|
||||
int *dirs_type;
|
||||
int num_dirs_alloced;
|
||||
} X509_HASH_DIR_CTX;
|
||||
#endif
|
||||
|
||||
typedef struct x509_file_st
|
||||
{
|
||||
int num_paths; /* number of paths to files or directories */
|
||||
int num_alloced;
|
||||
char **paths; /* the list of paths or directories */
|
||||
int *path_type;
|
||||
} X509_CERT_FILE_CTX;
|
||||
|
||||
/*******************************/
|
||||
/*
|
||||
SSL_CTX -> X509_STORE
|
||||
-> X509_LOOKUP
|
||||
->X509_LOOKUP_METHOD
|
||||
-> X509_LOOKUP
|
||||
->X509_LOOKUP_METHOD
|
||||
|
||||
SSL -> X509_STORE_CTX
|
||||
->X509_STORE
|
||||
|
||||
The X509_STORE holds the tables etc for verification stuff.
|
||||
A X509_STORE_CTX is used while validating a single certificate.
|
||||
The X509_STORE has X509_LOOKUPs for looking up certs.
|
||||
The X509_STORE then calls a function to actually verify the
|
||||
certificate chain.
|
||||
*/
|
||||
|
||||
#define X509_LU_RETRY -1
|
||||
#define X509_LU_FAIL 0
|
||||
#define X509_LU_X509 1
|
||||
#define X509_LU_CRL 2
|
||||
#define X509_LU_PKEY 3
|
||||
|
||||
typedef struct x509_object_st
|
||||
{
|
||||
/* one of the above types */
|
||||
int type;
|
||||
union {
|
||||
char *ptr;
|
||||
X509 *x509;
|
||||
X509_CRL *crl;
|
||||
EVP_PKEY *pkey;
|
||||
} data;
|
||||
} X509_OBJECT;
|
||||
|
||||
typedef struct x509_lookup_st X509_LOOKUP;
|
||||
|
||||
DECLARE_STACK_OF(X509_LOOKUP)
|
||||
DECLARE_STACK_OF(X509_OBJECT)
|
||||
|
||||
/* This is a static that defines the function interface */
|
||||
typedef struct x509_lookup_method_st
|
||||
{
|
||||
const char *name;
|
||||
int (*new_item)(X509_LOOKUP *ctx);
|
||||
void (*free)(X509_LOOKUP *ctx);
|
||||
int (*init)(X509_LOOKUP *ctx);
|
||||
int (*shutdown)(X509_LOOKUP *ctx);
|
||||
int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
|
||||
char **ret);
|
||||
int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
|
||||
X509_OBJECT *ret);
|
||||
int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
|
||||
ASN1_INTEGER *serial,X509_OBJECT *ret);
|
||||
int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
|
||||
unsigned char *bytes,int len,
|
||||
X509_OBJECT *ret);
|
||||
int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
|
||||
X509_OBJECT *ret);
|
||||
} X509_LOOKUP_METHOD;
|
||||
|
||||
typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
|
||||
|
||||
/* This structure hold all parameters associated with a verify operation
|
||||
* by including an X509_VERIFY_PARAM structure in related structures the
|
||||
* parameters used can be customized
|
||||
*/
|
||||
|
||||
typedef struct X509_VERIFY_PARAM_st
|
||||
{
|
||||
char *name;
|
||||
time_t check_time; /* Time to use */
|
||||
unsigned long inh_flags; /* Inheritance flags */
|
||||
unsigned long flags; /* Various verify flags */
|
||||
int purpose; /* purpose to check untrusted certificates */
|
||||
int trust; /* trust setting to check */
|
||||
int depth; /* Verify depth */
|
||||
STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
|
||||
X509_VERIFY_PARAM_ID *id; /* opaque ID data */
|
||||
} X509_VERIFY_PARAM;
|
||||
|
||||
DECLARE_STACK_OF(X509_VERIFY_PARAM)
|
||||
|
||||
/* This is used to hold everything. It is used for all certificate
|
||||
* validation. Once we have a certificate chain, the 'verify'
|
||||
* function is then called to actually check the cert chain. */
|
||||
struct x509_store_st
|
||||
{
|
||||
/* The following is a cache of trusted certs */
|
||||
int cache; /* if true, stash any hits */
|
||||
STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
|
||||
CRYPTO_MUTEX objs_lock;
|
||||
|
||||
/* These are external lookup methods */
|
||||
STACK_OF(X509_LOOKUP) *get_cert_methods;
|
||||
|
||||
X509_VERIFY_PARAM *param;
|
||||
|
||||
/* Callbacks for various operations */
|
||||
int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
|
||||
int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
|
||||
int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
|
||||
int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
|
||||
int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
|
||||
int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
|
||||
int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
|
||||
int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
|
||||
STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
|
||||
STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
|
||||
int (*cleanup)(X509_STORE_CTX *ctx);
|
||||
|
||||
CRYPTO_refcount_t references;
|
||||
} /* X509_STORE */;
|
||||
|
||||
OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth);
|
||||
|
||||
#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
|
||||
#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
|
||||
|
||||
/* This is the functions plus an instance of the local variables. */
|
||||
struct x509_lookup_st
|
||||
{
|
||||
int init; /* have we been started */
|
||||
int skip; /* don't use us. */
|
||||
X509_LOOKUP_METHOD *method; /* the functions */
|
||||
char *method_data; /* method data */
|
||||
|
||||
X509_STORE *store_ctx; /* who owns us */
|
||||
} /* X509_LOOKUP */;
|
||||
|
||||
/* This is a used when verifying cert chains. Since the
|
||||
* gathering of the cert chain can take some time (and have to be
|
||||
* 'retried', this needs to be kept and passed around. */
|
||||
struct x509_store_ctx_st /* X509_STORE_CTX */
|
||||
{
|
||||
X509_STORE *ctx;
|
||||
int current_method; /* used when looking up certs */
|
||||
|
||||
/* The following are set by the caller */
|
||||
X509 *cert; /* The cert to check */
|
||||
STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
|
||||
STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */
|
||||
|
||||
X509_VERIFY_PARAM *param;
|
||||
void *other_ctx; /* Other info for use with get_issuer() */
|
||||
|
||||
/* Callbacks for various operations */
|
||||
int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
|
||||
int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
|
||||
int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
|
||||
int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
|
||||
int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
|
||||
int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
|
||||
int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
|
||||
int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
|
||||
int (*check_policy)(X509_STORE_CTX *ctx);
|
||||
STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
|
||||
STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
|
||||
int (*cleanup)(X509_STORE_CTX *ctx);
|
||||
|
||||
/* The following is built up */
|
||||
int valid; /* if 0, rebuild chain */
|
||||
int last_untrusted; /* index of last untrusted cert */
|
||||
STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
|
||||
X509_POLICY_TREE *tree; /* Valid policy tree */
|
||||
|
||||
int explicit_policy; /* Require explicit policy value */
|
||||
|
||||
/* When something goes wrong, this is why */
|
||||
int error_depth;
|
||||
int error;
|
||||
X509 *current_cert;
|
||||
X509 *current_issuer; /* cert currently being tested as valid issuer */
|
||||
X509_CRL *current_crl; /* current CRL */
|
||||
|
||||
int current_crl_score; /* score of current CRL */
|
||||
unsigned int current_reasons; /* Reason mask */
|
||||
|
||||
X509_STORE_CTX *parent; /* For CRL path validation: parent context */
|
||||
|
||||
CRYPTO_EX_DATA ex_data;
|
||||
} /* X509_STORE_CTX */;
|
||||
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
||||
|
||||
#define X509_STORE_CTX_set_app_data(ctx,data) \
|
||||
X509_STORE_CTX_set_ex_data(ctx,0,data)
|
||||
#define X509_STORE_CTX_get_app_data(ctx) \
|
||||
X509_STORE_CTX_get_ex_data(ctx,0)
|
||||
|
||||
#define X509_L_FILE_LOAD 1
|
||||
#define X509_L_ADD_DIR 2
|
||||
|
||||
#define X509_LOOKUP_load_file(x,name,type) \
|
||||
X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
|
||||
|
||||
#define X509_LOOKUP_add_dir(x,name,type) \
|
||||
X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
|
||||
|
||||
#define X509_V_OK 0
|
||||
/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
|
||||
|
||||
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
|
||||
#define X509_V_ERR_UNABLE_TO_GET_CRL 3
|
||||
#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
|
||||
#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
|
||||
#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
|
||||
#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
|
||||
#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
|
||||
#define X509_V_ERR_CERT_NOT_YET_VALID 9
|
||||
#define X509_V_ERR_CERT_HAS_EXPIRED 10
|
||||
#define X509_V_ERR_CRL_NOT_YET_VALID 11
|
||||
#define X509_V_ERR_CRL_HAS_EXPIRED 12
|
||||
#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
|
||||
#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
|
||||
#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
|
||||
#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
|
||||
#define X509_V_ERR_OUT_OF_MEM 17
|
||||
#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
|
||||
#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
|
||||
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
|
||||
#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
|
||||
#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
|
||||
#define X509_V_ERR_CERT_REVOKED 23
|
||||
#define X509_V_ERR_INVALID_CA 24
|
||||
#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
|
||||
#define X509_V_ERR_INVALID_PURPOSE 26
|
||||
#define X509_V_ERR_CERT_UNTRUSTED 27
|
||||
#define X509_V_ERR_CERT_REJECTED 28
|
||||
/* These are 'informational' when looking for issuer cert */
|
||||
#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
|
||||
#define X509_V_ERR_AKID_SKID_MISMATCH 30
|
||||
#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
|
||||
#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
|
||||
|
||||
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
|
||||
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
|
||||
#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
|
||||
#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
|
||||
#define X509_V_ERR_INVALID_NON_CA 37
|
||||
#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
|
||||
#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
|
||||
#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
|
||||
|
||||
#define X509_V_ERR_INVALID_EXTENSION 41
|
||||
#define X509_V_ERR_INVALID_POLICY_EXTENSION 42
|
||||
#define X509_V_ERR_NO_EXPLICIT_POLICY 43
|
||||
#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
|
||||
#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
|
||||
|
||||
#define X509_V_ERR_UNNESTED_RESOURCE 46
|
||||
|
||||
#define X509_V_ERR_PERMITTED_VIOLATION 47
|
||||
#define X509_V_ERR_EXCLUDED_VIOLATION 48
|
||||
#define X509_V_ERR_SUBTREE_MINMAX 49
|
||||
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
|
||||
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
|
||||
#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
|
||||
#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
|
||||
|
||||
/* Suite B mode algorithm violation */
|
||||
#define X509_V_ERR_SUITE_B_INVALID_VERSION 56
|
||||
#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
|
||||
#define X509_V_ERR_SUITE_B_INVALID_CURVE 58
|
||||
#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
|
||||
#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
|
||||
#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
|
||||
|
||||
/* Host, email and IP check errors */
|
||||
#define X509_V_ERR_HOSTNAME_MISMATCH 62
|
||||
#define X509_V_ERR_EMAIL_MISMATCH 63
|
||||
#define X509_V_ERR_IP_ADDRESS_MISMATCH 64
|
||||
|
||||
/* The application is not happy */
|
||||
#define X509_V_ERR_APPLICATION_VERIFICATION 50
|
||||
|
||||
/* Certificate verify flags */
|
||||
|
||||
/* Send issuer+subject checks to verify_cb */
|
||||
#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
|
||||
/* Use check time instead of current time */
|
||||
#define X509_V_FLAG_USE_CHECK_TIME 0x2
|
||||
/* Lookup CRLs */
|
||||
#define X509_V_FLAG_CRL_CHECK 0x4
|
||||
/* Lookup CRLs for whole chain */
|
||||
#define X509_V_FLAG_CRL_CHECK_ALL 0x8
|
||||
/* Ignore unhandled critical extensions */
|
||||
#define X509_V_FLAG_IGNORE_CRITICAL 0x10
|
||||
/* Disable workarounds for broken certificates */
|
||||
#define X509_V_FLAG_X509_STRICT 0x20
|
||||
/* Enable proxy certificate validation */
|
||||
#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40
|
||||
/* Enable policy checking */
|
||||
#define X509_V_FLAG_POLICY_CHECK 0x80
|
||||
/* Policy variable require-explicit-policy */
|
||||
#define X509_V_FLAG_EXPLICIT_POLICY 0x100
|
||||
/* Policy variable inhibit-any-policy */
|
||||
#define X509_V_FLAG_INHIBIT_ANY 0x200
|
||||
/* Policy variable inhibit-policy-mapping */
|
||||
#define X509_V_FLAG_INHIBIT_MAP 0x400
|
||||
/* Notify callback that policy is OK */
|
||||
#define X509_V_FLAG_NOTIFY_POLICY 0x800
|
||||
/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
|
||||
#define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000
|
||||
/* Delta CRL support */
|
||||
#define X509_V_FLAG_USE_DELTAS 0x2000
|
||||
/* Check selfsigned CA signature */
|
||||
#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
|
||||
/* Use trusted store first */
|
||||
#define X509_V_FLAG_TRUSTED_FIRST 0x8000
|
||||
/* Suite B 128 bit only mode: not normally used */
|
||||
#define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000
|
||||
/* Suite B 192 bit only mode */
|
||||
#define X509_V_FLAG_SUITEB_192_LOS 0x20000
|
||||
/* Suite B 128 bit mode allowing 192 bit algorithms */
|
||||
#define X509_V_FLAG_SUITEB_128_LOS 0x30000
|
||||
|
||||
/* Allow partial chains if at least one certificate is in trusted store */
|
||||
#define X509_V_FLAG_PARTIAL_CHAIN 0x80000
|
||||
|
||||
#define X509_VP_FLAG_DEFAULT 0x1
|
||||
#define X509_VP_FLAG_OVERWRITE 0x2
|
||||
#define X509_VP_FLAG_RESET_FLAGS 0x4
|
||||
#define X509_VP_FLAG_LOCKED 0x8
|
||||
#define X509_VP_FLAG_ONCE 0x10
|
||||
|
||||
/* Internal use: mask of policy related options */
|
||||
#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
|
||||
| X509_V_FLAG_EXPLICIT_POLICY \
|
||||
| X509_V_FLAG_INHIBIT_ANY \
|
||||
| X509_V_FLAG_INHIBIT_MAP)
|
||||
|
||||
OPENSSL_EXPORT int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
|
||||
X509_NAME *name);
|
||||
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
|
||||
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
|
||||
OPENSSL_EXPORT void X509_OBJECT_up_ref_count(X509_OBJECT *a);
|
||||
OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *a);
|
||||
OPENSSL_EXPORT X509_STORE *X509_STORE_new(void );
|
||||
OPENSSL_EXPORT void X509_STORE_free(X509_STORE *v);
|
||||
|
||||
OPENSSL_EXPORT STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
|
||||
OPENSSL_EXPORT STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
|
||||
OPENSSL_EXPORT int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
|
||||
OPENSSL_EXPORT int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
|
||||
OPENSSL_EXPORT int X509_STORE_set_trust(X509_STORE *ctx, int trust);
|
||||
OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
|
||||
|
||||
OPENSSL_EXPORT void X509_STORE_set_verify_cb(X509_STORE *ctx,
|
||||
int (*verify_cb)(int, X509_STORE_CTX *));
|
||||
|
||||
OPENSSL_EXPORT void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
|
||||
STACK_OF(X509_CRL)* (*cb)(X509_STORE_CTX *ctx, X509_NAME *nm));
|
||||
|
||||
OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);
|
||||
|
||||
OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
|
||||
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
|
||||
OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
|
||||
X509 *x509, STACK_OF(X509) *chain);
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
|
||||
|
||||
OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
|
||||
|
||||
OPENSSL_EXPORT X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
|
||||
|
||||
OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
|
||||
OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
|
||||
|
||||
OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
|
||||
OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
|
||||
|
||||
OPENSSL_EXPORT int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
|
||||
X509_OBJECT *ret);
|
||||
|
||||
OPENSSL_EXPORT int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
|
||||
long argl, char **ret);
|
||||
|
||||
#ifndef OPENSSL_NO_STDIO
|
||||
OPENSSL_EXPORT int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
|
||||
OPENSSL_EXPORT int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
|
||||
OPENSSL_EXPORT int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
|
||||
#endif
|
||||
|
||||
|
||||
OPENSSL_EXPORT X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
|
||||
OPENSSL_EXPORT void X509_LOOKUP_free(X509_LOOKUP *ctx);
|
||||
OPENSSL_EXPORT int X509_LOOKUP_init(X509_LOOKUP *ctx);
|
||||
OPENSSL_EXPORT int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
|
||||
X509_OBJECT *ret);
|
||||
OPENSSL_EXPORT int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
|
||||
ASN1_INTEGER *serial, X509_OBJECT *ret);
|
||||
OPENSSL_EXPORT int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
|
||||
unsigned char *bytes, int len, X509_OBJECT *ret);
|
||||
OPENSSL_EXPORT int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
|
||||
int len, X509_OBJECT *ret);
|
||||
OPENSSL_EXPORT int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
|
||||
|
||||
#ifndef OPENSSL_NO_STDIO
|
||||
OPENSSL_EXPORT int X509_STORE_load_locations (X509_STORE *ctx,
|
||||
const char *file, const char *dir);
|
||||
OPENSSL_EXPORT int X509_STORE_set_default_paths(X509_STORE *ctx);
|
||||
#endif
|
||||
|
||||
OPENSSL_EXPORT int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
|
||||
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
|
||||
OPENSSL_EXPORT int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
|
||||
OPENSSL_EXPORT void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
|
||||
OPENSSL_EXPORT int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
|
||||
OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
|
||||
OPENSSL_EXPORT X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
|
||||
OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
|
||||
OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
|
||||
OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
|
||||
OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
|
||||
OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk);
|
||||
OPENSSL_EXPORT int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
|
||||
OPENSSL_EXPORT int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
|
||||
OPENSSL_EXPORT int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
|
||||
int purpose, int trust);
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
|
||||
time_t t);
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
|
||||
int (*verify_cb)(int, X509_STORE_CTX *));
|
||||
|
||||
OPENSSL_EXPORT X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
|
||||
OPENSSL_EXPORT int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
|
||||
|
||||
OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
|
||||
OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
|
||||
OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
|
||||
|
||||
/* X509_VERIFY_PARAM functions */
|
||||
|
||||
OPENSSL_EXPORT X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
|
||||
OPENSSL_EXPORT void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
|
||||
const X509_VERIFY_PARAM *from);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
|
||||
const X509_VERIFY_PARAM *from);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
|
||||
unsigned long flags);
|
||||
OPENSSL_EXPORT unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
|
||||
OPENSSL_EXPORT void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
|
||||
OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
|
||||
ASN1_OBJECT *policy);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
|
||||
STACK_OF(ASN1_OBJECT) *policies);
|
||||
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
|
||||
const char *name, size_t namelen);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
|
||||
const char *name,
|
||||
size_t namelen);
|
||||
OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
|
||||
unsigned int flags);
|
||||
OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
|
||||
const char *email, size_t emaillen);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
|
||||
const unsigned char *ip, size_t iplen);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
|
||||
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
|
||||
OPENSSL_EXPORT const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param);
|
||||
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
|
||||
OPENSSL_EXPORT int X509_VERIFY_PARAM_get_count(void);
|
||||
OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
|
||||
OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
|
||||
OPENSSL_EXPORT void X509_VERIFY_PARAM_table_cleanup(void);
|
||||
|
||||
OPENSSL_EXPORT int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
|
||||
STACK_OF(X509) *certs,
|
||||
STACK_OF(ASN1_OBJECT) *policy_oids,
|
||||
unsigned int flags);
|
||||
|
||||
OPENSSL_EXPORT void X509_policy_tree_free(X509_POLICY_TREE *tree);
|
||||
|
||||
OPENSSL_EXPORT int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
|
||||
OPENSSL_EXPORT X509_POLICY_LEVEL *
|
||||
X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);
|
||||
|
||||
OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *
|
||||
X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);
|
||||
|
||||
OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *
|
||||
X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);
|
||||
|
||||
OPENSSL_EXPORT int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
|
||||
|
||||
OPENSSL_EXPORT X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i);
|
||||
|
||||
OPENSSL_EXPORT const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
|
||||
|
||||
OPENSSL_EXPORT STACK_OF(POLICYQUALINFO) *
|
||||
X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);
|
||||
OPENSSL_EXPORT const X509_POLICY_NODE *
|
||||
X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
|
@ -0,0 +1,855 @@
|
|||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 1999. */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* licensing@OpenSSL.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com). */
|
||||
|
||||
#ifndef HEADER_X509V3_H
|
||||
#define HEADER_X509V3_H
|
||||
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Forward reference */
|
||||
struct v3_ext_method;
|
||||
struct v3_ext_ctx;
|
||||
|
||||
/* Useful typedefs */
|
||||
|
||||
typedef void * (*X509V3_EXT_NEW)(void);
|
||||
typedef void (*X509V3_EXT_FREE)(void *);
|
||||
typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
|
||||
typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
|
||||
typedef STACK_OF(CONF_VALUE) *
|
||||
(*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext,
|
||||
STACK_OF(CONF_VALUE) *extlist);
|
||||
typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method,
|
||||
struct v3_ext_ctx *ctx,
|
||||
STACK_OF(CONF_VALUE) *values);
|
||||
typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
|
||||
typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method,
|
||||
struct v3_ext_ctx *ctx, const char *str);
|
||||
typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
|
||||
BIO *out, int indent);
|
||||
typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method,
|
||||
struct v3_ext_ctx *ctx, const char *str);
|
||||
|
||||
/* V3 extension structure */
|
||||
|
||||
struct v3_ext_method {
|
||||
int ext_nid;
|
||||
int ext_flags;
|
||||
/* If this is set the following four fields are ignored */
|
||||
ASN1_ITEM_EXP *it;
|
||||
/* Old style ASN1 calls */
|
||||
X509V3_EXT_NEW ext_new;
|
||||
X509V3_EXT_FREE ext_free;
|
||||
X509V3_EXT_D2I d2i;
|
||||
X509V3_EXT_I2D i2d;
|
||||
|
||||
/* The following pair is used for string extensions */
|
||||
X509V3_EXT_I2S i2s;
|
||||
X509V3_EXT_S2I s2i;
|
||||
|
||||
/* The following pair is used for multi-valued extensions */
|
||||
X509V3_EXT_I2V i2v;
|
||||
X509V3_EXT_V2I v2i;
|
||||
|
||||
/* The following are used for raw extensions */
|
||||
X509V3_EXT_I2R i2r;
|
||||
X509V3_EXT_R2I r2i;
|
||||
|
||||
void *usr_data; /* Any extension specific data */
|
||||
};
|
||||
|
||||
typedef struct X509V3_CONF_METHOD_st {
|
||||
char * (*get_string)(void *db, char *section, char *value);
|
||||
STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
|
||||
void (*free_string)(void *db, char * string);
|
||||
void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
|
||||
} X509V3_CONF_METHOD;
|
||||
|
||||
/* Context specific info */
|
||||
struct v3_ext_ctx {
|
||||
#define CTX_TEST 0x1
|
||||
int flags;
|
||||
X509 *issuer_cert;
|
||||
X509 *subject_cert;
|
||||
X509_REQ *subject_req;
|
||||
X509_CRL *crl;
|
||||
const X509V3_CONF_METHOD *db_meth;
|
||||
void *db;
|
||||
/* Maybe more here */
|
||||
};
|
||||
|
||||
typedef struct v3_ext_method X509V3_EXT_METHOD;
|
||||
|
||||
DECLARE_STACK_OF(X509V3_EXT_METHOD)
|
||||
|
||||
/* ext_flags values */
|
||||
#define X509V3_EXT_DYNAMIC 0x1
|
||||
#define X509V3_EXT_CTX_DEP 0x2
|
||||
#define X509V3_EXT_MULTILINE 0x4
|
||||
|
||||
typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
|
||||
|
||||
typedef struct BASIC_CONSTRAINTS_st {
|
||||
int ca;
|
||||
ASN1_INTEGER *pathlen;
|
||||
} BASIC_CONSTRAINTS;
|
||||
|
||||
|
||||
typedef struct PKEY_USAGE_PERIOD_st {
|
||||
ASN1_GENERALIZEDTIME *notBefore;
|
||||
ASN1_GENERALIZEDTIME *notAfter;
|
||||
} PKEY_USAGE_PERIOD;
|
||||
|
||||
typedef struct otherName_st {
|
||||
ASN1_OBJECT *type_id;
|
||||
ASN1_TYPE *value;
|
||||
} OTHERNAME;
|
||||
|
||||
typedef struct EDIPartyName_st {
|
||||
ASN1_STRING *nameAssigner;
|
||||
ASN1_STRING *partyName;
|
||||
} EDIPARTYNAME;
|
||||
|
||||
typedef struct GENERAL_NAME_st {
|
||||
|
||||
#define GEN_OTHERNAME 0
|
||||
#define GEN_EMAIL 1
|
||||
#define GEN_DNS 2
|
||||
#define GEN_X400 3
|
||||
#define GEN_DIRNAME 4
|
||||
#define GEN_EDIPARTY 5
|
||||
#define GEN_URI 6
|
||||
#define GEN_IPADD 7
|
||||
#define GEN_RID 8
|
||||
|
||||
int type;
|
||||
union {
|
||||
char *ptr;
|
||||
OTHERNAME *otherName; /* otherName */
|
||||
ASN1_IA5STRING *rfc822Name;
|
||||
ASN1_IA5STRING *dNSName;
|
||||
ASN1_TYPE *x400Address;
|
||||
X509_NAME *directoryName;
|
||||
EDIPARTYNAME *ediPartyName;
|
||||
ASN1_IA5STRING *uniformResourceIdentifier;
|
||||
ASN1_OCTET_STRING *iPAddress;
|
||||
ASN1_OBJECT *registeredID;
|
||||
|
||||
/* Old names */
|
||||
ASN1_OCTET_STRING *ip; /* iPAddress */
|
||||
X509_NAME *dirn; /* dirn */
|
||||
ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
|
||||
ASN1_OBJECT *rid; /* registeredID */
|
||||
ASN1_TYPE *other; /* x400Address */
|
||||
} d;
|
||||
} GENERAL_NAME;
|
||||
|
||||
typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
|
||||
|
||||
typedef struct ACCESS_DESCRIPTION_st {
|
||||
ASN1_OBJECT *method;
|
||||
GENERAL_NAME *location;
|
||||
} ACCESS_DESCRIPTION;
|
||||
|
||||
typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
|
||||
typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
|
||||
|
||||
DECLARE_STACK_OF(GENERAL_NAME)
|
||||
DECLARE_ASN1_SET_OF(GENERAL_NAME)
|
||||
|
||||
DECLARE_STACK_OF(ACCESS_DESCRIPTION)
|
||||
DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
|
||||
|
||||
typedef struct DIST_POINT_NAME_st {
|
||||
int type;
|
||||
union {
|
||||
GENERAL_NAMES *fullname;
|
||||
STACK_OF(X509_NAME_ENTRY) *relativename;
|
||||
} name;
|
||||
/* If relativename then this contains the full distribution point name */
|
||||
X509_NAME *dpname;
|
||||
} DIST_POINT_NAME;
|
||||
/* All existing reasons */
|
||||
#define CRLDP_ALL_REASONS 0x807f
|
||||
|
||||
#define CRL_REASON_NONE -1
|
||||
#define CRL_REASON_UNSPECIFIED 0
|
||||
#define CRL_REASON_KEY_COMPROMISE 1
|
||||
#define CRL_REASON_CA_COMPROMISE 2
|
||||
#define CRL_REASON_AFFILIATION_CHANGED 3
|
||||
#define CRL_REASON_SUPERSEDED 4
|
||||
#define CRL_REASON_CESSATION_OF_OPERATION 5
|
||||
#define CRL_REASON_CERTIFICATE_HOLD 6
|
||||
#define CRL_REASON_REMOVE_FROM_CRL 8
|
||||
#define CRL_REASON_PRIVILEGE_WITHDRAWN 9
|
||||
#define CRL_REASON_AA_COMPROMISE 10
|
||||
|
||||
struct DIST_POINT_st {
|
||||
DIST_POINT_NAME *distpoint;
|
||||
ASN1_BIT_STRING *reasons;
|
||||
GENERAL_NAMES *CRLissuer;
|
||||
int dp_reasons;
|
||||
};
|
||||
|
||||
typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
|
||||
|
||||
DECLARE_STACK_OF(DIST_POINT)
|
||||
DECLARE_ASN1_SET_OF(DIST_POINT)
|
||||
|
||||
struct AUTHORITY_KEYID_st {
|
||||
ASN1_OCTET_STRING *keyid;
|
||||
GENERAL_NAMES *issuer;
|
||||
ASN1_INTEGER *serial;
|
||||
};
|
||||
|
||||
/* Strong extranet structures */
|
||||
|
||||
typedef struct SXNET_ID_st {
|
||||
ASN1_INTEGER *zone;
|
||||
ASN1_OCTET_STRING *user;
|
||||
} SXNETID;
|
||||
|
||||
DECLARE_STACK_OF(SXNETID)
|
||||
DECLARE_ASN1_SET_OF(SXNETID)
|
||||
|
||||
typedef struct SXNET_st {
|
||||
ASN1_INTEGER *version;
|
||||
STACK_OF(SXNETID) *ids;
|
||||
} SXNET;
|
||||
|
||||
typedef struct NOTICEREF_st {
|
||||
ASN1_STRING *organization;
|
||||
STACK_OF(ASN1_INTEGER) *noticenos;
|
||||
} NOTICEREF;
|
||||
|
||||
typedef struct USERNOTICE_st {
|
||||
NOTICEREF *noticeref;
|
||||
ASN1_STRING *exptext;
|
||||
} USERNOTICE;
|
||||
|
||||
typedef struct POLICYQUALINFO_st {
|
||||
ASN1_OBJECT *pqualid;
|
||||
union {
|
||||
ASN1_IA5STRING *cpsuri;
|
||||
USERNOTICE *usernotice;
|
||||
ASN1_TYPE *other;
|
||||
} d;
|
||||
} POLICYQUALINFO;
|
||||
|
||||
DECLARE_STACK_OF(POLICYQUALINFO)
|
||||
DECLARE_ASN1_SET_OF(POLICYQUALINFO)
|
||||
|
||||
typedef struct POLICYINFO_st {
|
||||
ASN1_OBJECT *policyid;
|
||||
STACK_OF(POLICYQUALINFO) *qualifiers;
|
||||
} POLICYINFO;
|
||||
|
||||
typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
|
||||
|
||||
DECLARE_STACK_OF(POLICYINFO)
|
||||
DECLARE_ASN1_SET_OF(POLICYINFO)
|
||||
|
||||
typedef struct POLICY_MAPPING_st {
|
||||
ASN1_OBJECT *issuerDomainPolicy;
|
||||
ASN1_OBJECT *subjectDomainPolicy;
|
||||
} POLICY_MAPPING;
|
||||
|
||||
DECLARE_STACK_OF(POLICY_MAPPING)
|
||||
|
||||
typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
|
||||
|
||||
typedef struct GENERAL_SUBTREE_st {
|
||||
GENERAL_NAME *base;
|
||||
ASN1_INTEGER *minimum;
|
||||
ASN1_INTEGER *maximum;
|
||||
} GENERAL_SUBTREE;
|
||||
|
||||
DECLARE_STACK_OF(GENERAL_SUBTREE)
|
||||
|
||||
struct NAME_CONSTRAINTS_st {
|
||||
STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
|
||||
STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
|
||||
};
|
||||
|
||||
typedef struct POLICY_CONSTRAINTS_st {
|
||||
ASN1_INTEGER *requireExplicitPolicy;
|
||||
ASN1_INTEGER *inhibitPolicyMapping;
|
||||
} POLICY_CONSTRAINTS;
|
||||
|
||||
/* Proxy certificate structures, see RFC 3820 */
|
||||
typedef struct PROXY_POLICY_st
|
||||
{
|
||||
ASN1_OBJECT *policyLanguage;
|
||||
ASN1_OCTET_STRING *policy;
|
||||
} PROXY_POLICY;
|
||||
|
||||
typedef struct PROXY_CERT_INFO_EXTENSION_st
|
||||
{
|
||||
ASN1_INTEGER *pcPathLengthConstraint;
|
||||
PROXY_POLICY *proxyPolicy;
|
||||
} PROXY_CERT_INFO_EXTENSION;
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
|
||||
DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
|
||||
|
||||
struct ISSUING_DIST_POINT_st
|
||||
{
|
||||
DIST_POINT_NAME *distpoint;
|
||||
int onlyuser;
|
||||
int onlyCA;
|
||||
ASN1_BIT_STRING *onlysomereasons;
|
||||
int indirectCRL;
|
||||
int onlyattr;
|
||||
};
|
||||
|
||||
/* Values in idp_flags field */
|
||||
/* IDP present */
|
||||
#define IDP_PRESENT 0x1
|
||||
/* IDP values inconsistent */
|
||||
#define IDP_INVALID 0x2
|
||||
/* onlyuser true */
|
||||
#define IDP_ONLYUSER 0x4
|
||||
/* onlyCA true */
|
||||
#define IDP_ONLYCA 0x8
|
||||
/* onlyattr true */
|
||||
#define IDP_ONLYATTR 0x10
|
||||
/* indirectCRL true */
|
||||
#define IDP_INDIRECT 0x20
|
||||
/* onlysomereasons present */
|
||||
#define IDP_REASONS 0x40
|
||||
|
||||
#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
|
||||
",name:", val->name, ",value:", val->value);
|
||||
|
||||
#define X509V3_set_ctx_test(ctx) \
|
||||
X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
|
||||
#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
|
||||
|
||||
#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
|
||||
0,0,0,0, \
|
||||
0,0, \
|
||||
(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
|
||||
(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
|
||||
NULL, NULL, \
|
||||
(void *)table}
|
||||
|
||||
#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
|
||||
0,0,0,0, \
|
||||
(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
|
||||
(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
|
||||
0,0,0,0, \
|
||||
NULL}
|
||||
|
||||
#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
|
||||
|
||||
|
||||
/* X509_PURPOSE stuff */
|
||||
|
||||
#define EXFLAG_BCONS 0x1
|
||||
#define EXFLAG_KUSAGE 0x2
|
||||
#define EXFLAG_XKUSAGE 0x4
|
||||
#define EXFLAG_NSCERT 0x8
|
||||
|
||||
#define EXFLAG_CA 0x10
|
||||
/* Really self issued not necessarily self signed */
|
||||
#define EXFLAG_SI 0x20
|
||||
#define EXFLAG_V1 0x40
|
||||
#define EXFLAG_INVALID 0x80
|
||||
#define EXFLAG_SET 0x100
|
||||
#define EXFLAG_CRITICAL 0x200
|
||||
#define EXFLAG_PROXY 0x400
|
||||
|
||||
#define EXFLAG_INVALID_POLICY 0x800
|
||||
#define EXFLAG_FRESHEST 0x1000
|
||||
/* Self signed */
|
||||
#define EXFLAG_SS 0x2000
|
||||
|
||||
#define KU_DIGITAL_SIGNATURE 0x0080
|
||||
#define KU_NON_REPUDIATION 0x0040
|
||||
#define KU_KEY_ENCIPHERMENT 0x0020
|
||||
#define KU_DATA_ENCIPHERMENT 0x0010
|
||||
#define KU_KEY_AGREEMENT 0x0008
|
||||
#define KU_KEY_CERT_SIGN 0x0004
|
||||
#define KU_CRL_SIGN 0x0002
|
||||
#define KU_ENCIPHER_ONLY 0x0001
|
||||
#define KU_DECIPHER_ONLY 0x8000
|
||||
|
||||
#define NS_SSL_CLIENT 0x80
|
||||
#define NS_SSL_SERVER 0x40
|
||||
#define NS_SMIME 0x20
|
||||
#define NS_OBJSIGN 0x10
|
||||
#define NS_SSL_CA 0x04
|
||||
#define NS_SMIME_CA 0x02
|
||||
#define NS_OBJSIGN_CA 0x01
|
||||
#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
|
||||
|
||||
#define XKU_SSL_SERVER 0x1
|
||||
#define XKU_SSL_CLIENT 0x2
|
||||
#define XKU_SMIME 0x4
|
||||
#define XKU_CODE_SIGN 0x8
|
||||
#define XKU_SGC 0x10
|
||||
#define XKU_OCSP_SIGN 0x20
|
||||
#define XKU_TIMESTAMP 0x40
|
||||
#define XKU_DVCS 0x80
|
||||
#define XKU_ANYEKU 0x100
|
||||
|
||||
#define X509_PURPOSE_DYNAMIC 0x1
|
||||
#define X509_PURPOSE_DYNAMIC_NAME 0x2
|
||||
|
||||
typedef struct x509_purpose_st {
|
||||
int purpose;
|
||||
int trust; /* Default trust ID */
|
||||
int flags;
|
||||
int (*check_purpose)(const struct x509_purpose_st *,
|
||||
const X509 *, int);
|
||||
char *name;
|
||||
char *sname;
|
||||
void *usr_data;
|
||||
} X509_PURPOSE;
|
||||
|
||||
#define X509_PURPOSE_SSL_CLIENT 1
|
||||
#define X509_PURPOSE_SSL_SERVER 2
|
||||
#define X509_PURPOSE_NS_SSL_SERVER 3
|
||||
#define X509_PURPOSE_SMIME_SIGN 4
|
||||
#define X509_PURPOSE_SMIME_ENCRYPT 5
|
||||
#define X509_PURPOSE_CRL_SIGN 6
|
||||
#define X509_PURPOSE_ANY 7
|
||||
#define X509_PURPOSE_OCSP_HELPER 8
|
||||
#define X509_PURPOSE_TIMESTAMP_SIGN 9
|
||||
|
||||
#define X509_PURPOSE_MIN 1
|
||||
#define X509_PURPOSE_MAX 9
|
||||
|
||||
/* Flags for X509V3_EXT_print() */
|
||||
|
||||
#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
|
||||
/* Return error for unknown extensions */
|
||||
#define X509V3_EXT_DEFAULT 0
|
||||
/* Print error for unknown extensions */
|
||||
#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
|
||||
/* ASN1 parse unknown extensions */
|
||||
#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
|
||||
/* BIO_dump unknown extensions */
|
||||
#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
|
||||
|
||||
/* Flags for X509V3_add1_i2d */
|
||||
|
||||
#define X509V3_ADD_OP_MASK 0xfL
|
||||
#define X509V3_ADD_DEFAULT 0L
|
||||
#define X509V3_ADD_APPEND 1L
|
||||
#define X509V3_ADD_REPLACE 2L
|
||||
#define X509V3_ADD_REPLACE_EXISTING 3L
|
||||
#define X509V3_ADD_KEEP_EXISTING 4L
|
||||
#define X509V3_ADD_DELETE 5L
|
||||
#define X509V3_ADD_SILENT 0x10
|
||||
|
||||
DECLARE_STACK_OF(X509_PURPOSE)
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(SXNET)
|
||||
DECLARE_ASN1_FUNCTIONS(SXNETID)
|
||||
|
||||
int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
|
||||
int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen);
|
||||
int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen);
|
||||
|
||||
ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
|
||||
ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
|
||||
ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
|
||||
OPENSSL_EXPORT GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
|
||||
OPENSSL_EXPORT int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
|
||||
|
||||
|
||||
|
||||
OPENSSL_EXPORT ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
|
||||
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
|
||||
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
|
||||
ASN1_BIT_STRING *bits,
|
||||
STACK_OF(CONF_VALUE) *extlist);
|
||||
|
||||
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
|
||||
OPENSSL_EXPORT int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
|
||||
|
||||
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
|
||||
GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
|
||||
OPENSSL_EXPORT GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
|
||||
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(OTHERNAME)
|
||||
DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
|
||||
OPENSSL_EXPORT int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
|
||||
OPENSSL_EXPORT void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
|
||||
OPENSSL_EXPORT void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
|
||||
OPENSSL_EXPORT int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
|
||||
ASN1_OBJECT *oid, ASN1_TYPE *value);
|
||||
OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
|
||||
ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
|
||||
|
||||
OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
|
||||
OPENSSL_EXPORT ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
|
||||
OPENSSL_EXPORT int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
|
||||
DECLARE_ASN1_FUNCTIONS(POLICYINFO)
|
||||
DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
|
||||
DECLARE_ASN1_FUNCTIONS(USERNOTICE)
|
||||
DECLARE_ASN1_FUNCTIONS(NOTICEREF)
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
|
||||
DECLARE_ASN1_FUNCTIONS(DIST_POINT)
|
||||
DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
|
||||
DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
|
||||
|
||||
OPENSSL_EXPORT int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
|
||||
|
||||
OPENSSL_EXPORT int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
|
||||
DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
|
||||
|
||||
DECLARE_ASN1_ITEM(POLICY_MAPPING)
|
||||
DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
|
||||
DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
|
||||
|
||||
DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
|
||||
DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
|
||||
|
||||
DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
|
||||
DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
|
||||
|
||||
DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
|
||||
DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
|
||||
|
||||
OPENSSL_EXPORT GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
|
||||
const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
|
||||
int gen_type, char *value, int is_nc);
|
||||
|
||||
OPENSSL_EXPORT GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
|
||||
CONF_VALUE *cnf);
|
||||
OPENSSL_EXPORT GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
|
||||
const X509V3_EXT_METHOD *method,
|
||||
X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
|
||||
OPENSSL_EXPORT void X509V3_conf_free(CONF_VALUE *val);
|
||||
|
||||
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
|
||||
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
|
||||
OPENSSL_EXPORT int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
|
||||
OPENSSL_EXPORT int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
|
||||
OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
|
||||
OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
|
||||
|
||||
OPENSSL_EXPORT int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
|
||||
char *section, X509_CRL *crl);
|
||||
|
||||
OPENSSL_EXPORT int X509V3_add_value_bool_nf(char *name, int asn1_bool,
|
||||
STACK_OF(CONF_VALUE) **extlist);
|
||||
OPENSSL_EXPORT int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
|
||||
OPENSSL_EXPORT int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
|
||||
OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
|
||||
|
||||
OPENSSL_EXPORT char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
|
||||
OPENSSL_EXPORT STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
|
||||
OPENSSL_EXPORT void X509V3_string_free(X509V3_CTX *ctx, char *str);
|
||||
OPENSSL_EXPORT void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
|
||||
OPENSSL_EXPORT void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
|
||||
X509_REQ *req, X509_CRL *crl, int flags);
|
||||
|
||||
OPENSSL_EXPORT int X509V3_add_value(const char *name, const char *value,
|
||||
STACK_OF(CONF_VALUE) **extlist);
|
||||
OPENSSL_EXPORT int X509V3_add_value_uchar(const char *name, const unsigned char *value,
|
||||
STACK_OF(CONF_VALUE) **extlist);
|
||||
OPENSSL_EXPORT int X509V3_add_value_bool(const char *name, int asn1_bool,
|
||||
STACK_OF(CONF_VALUE) **extlist);
|
||||
OPENSSL_EXPORT int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
|
||||
STACK_OF(CONF_VALUE) **extlist);
|
||||
OPENSSL_EXPORT char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
|
||||
OPENSSL_EXPORT ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
|
||||
OPENSSL_EXPORT char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
|
||||
OPENSSL_EXPORT char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
|
||||
OPENSSL_EXPORT int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
|
||||
OPENSSL_EXPORT int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
|
||||
OPENSSL_EXPORT int X509V3_EXT_add_alias(int nid_to, int nid_from);
|
||||
OPENSSL_EXPORT void X509V3_EXT_cleanup(void);
|
||||
|
||||
OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
|
||||
OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
|
||||
OPENSSL_EXPORT int X509V3_add_standard_extensions(void);
|
||||
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
|
||||
OPENSSL_EXPORT void *X509V3_EXT_d2i(X509_EXTENSION *ext);
|
||||
OPENSSL_EXPORT void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
|
||||
|
||||
|
||||
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
|
||||
OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
|
||||
|
||||
char *hex_to_string(const unsigned char *buffer, long len);
|
||||
unsigned char *string_to_hex(const char *str, long *len);
|
||||
int name_cmp(const char *name, const char *cmp);
|
||||
|
||||
OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
|
||||
int ml);
|
||||
OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
|
||||
OPENSSL_EXPORT int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
|
||||
|
||||
OPENSSL_EXPORT int X509V3_extensions_print(BIO *out, const char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
|
||||
|
||||
OPENSSL_EXPORT int X509_check_ca(X509 *x);
|
||||
OPENSSL_EXPORT int X509_check_purpose(X509 *x, int id, int ca);
|
||||
OPENSSL_EXPORT int X509_supported_extension(X509_EXTENSION *ex);
|
||||
OPENSSL_EXPORT int X509_PURPOSE_set(int *p, int purpose);
|
||||
OPENSSL_EXPORT int X509_check_issued(X509 *issuer, X509 *subject);
|
||||
OPENSSL_EXPORT int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
|
||||
OPENSSL_EXPORT int X509_PURPOSE_get_count(void);
|
||||
OPENSSL_EXPORT X509_PURPOSE * X509_PURPOSE_get0(int idx);
|
||||
OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(char *sname);
|
||||
OPENSSL_EXPORT int X509_PURPOSE_get_by_id(int id);
|
||||
OPENSSL_EXPORT int X509_PURPOSE_add(int id, int trust, int flags,
|
||||
int (*ck)(const X509_PURPOSE *, const X509 *, int),
|
||||
char *name, char *sname, void *arg);
|
||||
OPENSSL_EXPORT char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
|
||||
OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
|
||||
OPENSSL_EXPORT int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
|
||||
OPENSSL_EXPORT void X509_PURPOSE_cleanup(void);
|
||||
OPENSSL_EXPORT int X509_PURPOSE_get_id(X509_PURPOSE *);
|
||||
|
||||
OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
|
||||
OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
|
||||
OPENSSL_EXPORT void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
|
||||
OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
|
||||
/* Flags for X509_check_* functions */
|
||||
|
||||
/* Always check subject name for host match even if subject alt names present */
|
||||
#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1
|
||||
/* Disable wildcard matching for dnsName fields and common name. */
|
||||
#define X509_CHECK_FLAG_NO_WILDCARDS 0x2
|
||||
/* Wildcards must not match a partial label. */
|
||||
#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
|
||||
/* Allow (non-partial) wildcards to match multiple labels. */
|
||||
#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
|
||||
/* Constraint verifier subdomain patterns to match a single labels. */
|
||||
#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
|
||||
/*
|
||||
* Match reference identifiers starting with "." to any sub-domain.
|
||||
* This is a non-public flag, turned on implicitly when the subject
|
||||
* reference identity is a DNS name.
|
||||
*/
|
||||
#define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
|
||||
|
||||
OPENSSL_EXPORT int X509_check_host(X509 *x, const char *chk, size_t chklen,
|
||||
unsigned int flags, char **peername);
|
||||
OPENSSL_EXPORT int X509_check_email(X509 *x, const char *chk, size_t chklen,
|
||||
unsigned int flags);
|
||||
OPENSSL_EXPORT int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
|
||||
unsigned int flags);
|
||||
OPENSSL_EXPORT int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
|
||||
|
||||
OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
|
||||
OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
|
||||
OPENSSL_EXPORT int a2i_ipadd(unsigned char *ipout, const char *ipasc);
|
||||
OPENSSL_EXPORT int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
|
||||
unsigned long chtype);
|
||||
|
||||
OPENSSL_EXPORT void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
|
||||
DECLARE_STACK_OF(X509_POLICY_NODE)
|
||||
|
||||
/* BEGIN ERROR CODES */
|
||||
/* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
* made after this point may be overwritten when the script is next run.
|
||||
*/
|
||||
void ERR_load_X509V3_strings(void);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
#define X509V3_F_SXNET_add_id_INTEGER 100
|
||||
#define X509V3_F_SXNET_add_id_asc 101
|
||||
#define X509V3_F_SXNET_add_id_ulong 102
|
||||
#define X509V3_F_SXNET_get_id_asc 103
|
||||
#define X509V3_F_SXNET_get_id_ulong 104
|
||||
#define X509V3_F_X509V3_EXT_add 105
|
||||
#define X509V3_F_X509V3_EXT_add_alias 106
|
||||
#define X509V3_F_X509V3_EXT_free 107
|
||||
#define X509V3_F_X509V3_EXT_i2d 108
|
||||
#define X509V3_F_X509V3_EXT_nconf 109
|
||||
#define X509V3_F_X509V3_add1_i2d 110
|
||||
#define X509V3_F_X509V3_add_value 111
|
||||
#define X509V3_F_X509V3_get_section 112
|
||||
#define X509V3_F_X509V3_get_string 113
|
||||
#define X509V3_F_X509V3_get_value_bool 114
|
||||
#define X509V3_F_X509V3_parse_list 115
|
||||
#define X509V3_F_X509_PURPOSE_add 116
|
||||
#define X509V3_F_X509_PURPOSE_set 117
|
||||
#define X509V3_F_a2i_GENERAL_NAME 118
|
||||
#define X509V3_F_copy_email 119
|
||||
#define X509V3_F_copy_issuer 120
|
||||
#define X509V3_F_do_dirname 121
|
||||
#define X509V3_F_do_ext_i2d 122
|
||||
#define X509V3_F_do_ext_nconf 123
|
||||
#define X509V3_F_gnames_from_sectname 124
|
||||
#define X509V3_F_hex_to_string 125
|
||||
#define X509V3_F_i2s_ASN1_ENUMERATED 126
|
||||
#define X509V3_F_i2s_ASN1_IA5STRING 127
|
||||
#define X509V3_F_i2s_ASN1_INTEGER 128
|
||||
#define X509V3_F_i2v_AUTHORITY_INFO_ACCESS 129
|
||||
#define X509V3_F_notice_section 130
|
||||
#define X509V3_F_nref_nos 131
|
||||
#define X509V3_F_policy_section 132
|
||||
#define X509V3_F_process_pci_value 133
|
||||
#define X509V3_F_r2i_certpol 134
|
||||
#define X509V3_F_r2i_pci 135
|
||||
#define X509V3_F_s2i_ASN1_IA5STRING 136
|
||||
#define X509V3_F_s2i_ASN1_INTEGER 137
|
||||
#define X509V3_F_s2i_ASN1_OCTET_STRING 138
|
||||
#define X509V3_F_s2i_skey_id 139
|
||||
#define X509V3_F_set_dist_point_name 140
|
||||
#define X509V3_F_string_to_hex 141
|
||||
#define X509V3_F_v2i_ASN1_BIT_STRING 142
|
||||
#define X509V3_F_v2i_AUTHORITY_INFO_ACCESS 143
|
||||
#define X509V3_F_v2i_AUTHORITY_KEYID 144
|
||||
#define X509V3_F_v2i_BASIC_CONSTRAINTS 145
|
||||
#define X509V3_F_v2i_EXTENDED_KEY_USAGE 146
|
||||
#define X509V3_F_v2i_GENERAL_NAMES 147
|
||||
#define X509V3_F_v2i_GENERAL_NAME_ex 148
|
||||
#define X509V3_F_v2i_NAME_CONSTRAINTS 149
|
||||
#define X509V3_F_v2i_POLICY_CONSTRAINTS 150
|
||||
#define X509V3_F_v2i_POLICY_MAPPINGS 151
|
||||
#define X509V3_F_v2i_crld 152
|
||||
#define X509V3_F_v2i_idp 153
|
||||
#define X509V3_F_v2i_issuer_alt 154
|
||||
#define X509V3_F_v2i_subject_alt 155
|
||||
#define X509V3_F_v3_generic_extension 156
|
||||
#define X509V3_R_BAD_IP_ADDRESS 100
|
||||
#define X509V3_R_BAD_OBJECT 101
|
||||
#define X509V3_R_BN_DEC2BN_ERROR 102
|
||||
#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 103
|
||||
#define X509V3_R_CANNOT_FIND_FREE_FUNCTION 104
|
||||
#define X509V3_R_DIRNAME_ERROR 105
|
||||
#define X509V3_R_DISTPOINT_ALREADY_SET 106
|
||||
#define X509V3_R_DUPLICATE_ZONE_ID 107
|
||||
#define X509V3_R_ERROR_CONVERTING_ZONE 108
|
||||
#define X509V3_R_ERROR_CREATING_EXTENSION 109
|
||||
#define X509V3_R_ERROR_IN_EXTENSION 110
|
||||
#define X509V3_R_EXPECTED_A_SECTION_NAME 111
|
||||
#define X509V3_R_EXTENSION_EXISTS 112
|
||||
#define X509V3_R_EXTENSION_NAME_ERROR 113
|
||||
#define X509V3_R_EXTENSION_NOT_FOUND 114
|
||||
#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 115
|
||||
#define X509V3_R_EXTENSION_VALUE_ERROR 116
|
||||
#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 117
|
||||
#define X509V3_R_ILLEGAL_HEX_DIGIT 118
|
||||
#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 119
|
||||
#define X509V3_R_INVALID_BOOLEAN_STRING 120
|
||||
#define X509V3_R_INVALID_EXTENSION_STRING 121
|
||||
#define X509V3_R_INVALID_MULTIPLE_RDNS 122
|
||||
#define X509V3_R_INVALID_NAME 123
|
||||
#define X509V3_R_INVALID_NULL_ARGUMENT 124
|
||||
#define X509V3_R_INVALID_NULL_NAME 125
|
||||
#define X509V3_R_INVALID_NULL_VALUE 126
|
||||
#define X509V3_R_INVALID_NUMBER 127
|
||||
#define X509V3_R_INVALID_NUMBERS 128
|
||||
#define X509V3_R_INVALID_OBJECT_IDENTIFIER 129
|
||||
#define X509V3_R_INVALID_OPTION 130
|
||||
#define X509V3_R_INVALID_POLICY_IDENTIFIER 131
|
||||
#define X509V3_R_INVALID_PROXY_POLICY_SETTING 132
|
||||
#define X509V3_R_INVALID_PURPOSE 133
|
||||
#define X509V3_R_INVALID_SECTION 134
|
||||
#define X509V3_R_INVALID_SYNTAX 135
|
||||
#define X509V3_R_ISSUER_DECODE_ERROR 136
|
||||
#define X509V3_R_MISSING_VALUE 137
|
||||
#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 138
|
||||
#define X509V3_R_NO_CONFIG_DATABASE 139
|
||||
#define X509V3_R_NO_ISSUER_CERTIFICATE 140
|
||||
#define X509V3_R_NO_ISSUER_DETAILS 141
|
||||
#define X509V3_R_NO_POLICY_IDENTIFIER 142
|
||||
#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 143
|
||||
#define X509V3_R_NO_PUBLIC_KEY 144
|
||||
#define X509V3_R_NO_SUBJECT_DETAILS 145
|
||||
#define X509V3_R_ODD_NUMBER_OF_DIGITS 146
|
||||
#define X509V3_R_OPERATION_NOT_DEFINED 147
|
||||
#define X509V3_R_OTHERNAME_ERROR 148
|
||||
#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 149
|
||||
#define X509V3_R_POLICY_PATH_LENGTH 150
|
||||
#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 151
|
||||
#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 152
|
||||
#define X509V3_R_SECTION_NOT_FOUND 153
|
||||
#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 154
|
||||
#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 155
|
||||
#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 156
|
||||
#define X509V3_R_UNKNOWN_EXTENSION 157
|
||||
#define X509V3_R_UNKNOWN_EXTENSION_NAME 158
|
||||
#define X509V3_R_UNKNOWN_OPTION 159
|
||||
#define X509V3_R_UNSUPPORTED_OPTION 160
|
||||
#define X509V3_R_UNSUPPORTED_TYPE 161
|
||||
#define X509V3_R_USER_TOO_LONG 162
|
||||
|
||||
#endif
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,5 @@
|
|||
# with neos tree
|
||||
cd ~/android/system
|
||||
mka libcurl
|
||||
|
||||
cp ~/android/system/out/target/product/oneplus3/obj/STATIC_LIBRARIES/libcurl_intermediates/libcurl.a lib/
|
|
@ -0,0 +1,5 @@
|
|||
SUBDIRS = curl
|
||||
|
||||
EXTRA_DIST = README
|
||||
|
||||
AUTOMAKE_OPTIONS = foreign no-dependencies
|
|
@ -0,0 +1,55 @@
|
|||
_ _ ____ _
|
||||
___| | | | _ \| |
|
||||
/ __| | | | |_) | |
|
||||
| (__| |_| | _ <| |___
|
||||
\___|\___/|_| \_\_____|
|
||||
|
||||
Include files for libcurl, external users.
|
||||
|
||||
They're all placed in the curl subdirectory here for better fit in any kind
|
||||
of environment. You must include files from here using...
|
||||
|
||||
#include <curl/curl.h>
|
||||
|
||||
... style and point the compiler's include path to the directory holding the
|
||||
curl subdirectory. It makes it more likely to survive future modifications.
|
||||
|
||||
NOTE FOR LIBCURL HACKERS
|
||||
|
||||
The following notes apply to libcurl version 7.19.0 and later.
|
||||
|
||||
* The distributed curl/curlbuild.h file is only intended to be used on systems
|
||||
which can not run the also distributed configure script.
|
||||
|
||||
* The distributed curlbuild.h file is generated as a copy of curlbuild.h.dist
|
||||
when the libcurl source code distribution archive file is originally created.
|
||||
|
||||
* If you check out from git on a non-configure platform, you must run the
|
||||
appropriate buildconf* script to set up curlbuild.h and other local files
|
||||
before being able of compiling the library.
|
||||
|
||||
* On systems capable of running the configure script, the configure process
|
||||
will overwrite the distributed include/curl/curlbuild.h file with one that
|
||||
is suitable and specific to the library being configured and built, which
|
||||
is generated from the include/curl/curlbuild.h.in template file.
|
||||
|
||||
* If you intend to distribute an already compiled libcurl library you _MUST_
|
||||
also distribute along with it the generated curl/curlbuild.h which has been
|
||||
used to compile it. Otherwise the library will be of no use for the users of
|
||||
the library that you have built. It is _your_ responsibility to provide this
|
||||
file. No one at the cURL project can know how you have built the library.
|
||||
|
||||
* File curl/curlbuild.h includes platform and configuration dependent info,
|
||||
and must not be modified by anyone. Configure script generates it for you.
|
||||
|
||||
* We cannot assume anything else but very basic compiler features being
|
||||
present. While libcurl requires an ANSI C compiler to build, some of the
|
||||
earlier ANSI compilers clearly can't deal with some preprocessor operators.
|
||||
|
||||
* Newlines must remain unix-style for older compilers' sake.
|
||||
|
||||
* Comments must be written in the old-style /* unnested C-fashion */
|
||||
|
||||
To figure out how to do good and portable checks for features, operating
|
||||
systems or specific hardwarare, a very good resource is Bjorn Reese's
|
||||
collection at http://predef.sf.net/
|
|
@ -0,0 +1,3 @@
|
|||
stamp-h2
|
||||
stamp-h3
|
||||
curlver.h.dist
|
|
@ -0,0 +1,53 @@
|
|||
#***************************************************************************
|
||||
# _ _ ____ _
|
||||
# Project ___| | | | _ \| |
|
||||
# / __| | | | |_) | |
|
||||
# | (__| |_| | _ <| |___
|
||||
# \___|\___/|_| \_\_____|
|
||||
#
|
||||
# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
#
|
||||
# This software is licensed as described in the file COPYING, which
|
||||
# you should have received as part of this distribution. The terms
|
||||
# are also available at http://curl.haxx.se/docs/copyright.html.
|
||||
#
|
||||
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
# copies of the Software, and permit persons to whom the Software is
|
||||
# furnished to do so, under the terms of the COPYING file.
|
||||
#
|
||||
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
# KIND, either express or implied.
|
||||
#
|
||||
###########################################################################
|
||||
pkginclude_HEADERS = \
|
||||
curl.h curlver.h easy.h mprintf.h stdcheaders.h multi.h \
|
||||
typecheck-gcc.h curlbuild.h curlrules.h
|
||||
|
||||
pkgincludedir= $(includedir)/curl
|
||||
|
||||
# curlbuild.h does not exist in the git tree. When the original libcurl
|
||||
# source code distribution archive file is created, curlbuild.h.dist is
|
||||
# renamed to curlbuild.h and included in the tarball so that it can be
|
||||
# used directly on non-configure systems.
|
||||
#
|
||||
# The distributed curlbuild.h will be overwritten on configure systems
|
||||
# when the configure script runs, with one that is suitable and specific
|
||||
# to the library being configured and built.
|
||||
#
|
||||
# curlbuild.h.in is the distributed template file from which the configure
|
||||
# script creates curlbuild.h at library configuration time, overwiting the
|
||||
# one included in the distribution archive.
|
||||
#
|
||||
# curlbuild.h.dist is not included in the source code distribution archive.
|
||||
|
||||
EXTRA_DIST = curlbuild.h.in
|
||||
|
||||
DISTCLEANFILES = curlbuild.h
|
||||
|
||||
checksrc:
|
||||
@@PERL@ $(top_srcdir)/lib/checksrc.pl -Wcurlbuild.h -D$(top_srcdir)/include/curl $(pkginclude_HEADERS) $(EXTRA_DIST)
|
||||
|
||||
if CURLDEBUG
|
||||
# for debug builds, we scan the sources on all regular make invokes
|
||||
all-local: checksrc
|
||||
endif
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,195 @@
|
|||
/* include/curl/curlbuild.h. Generated from curlbuild.h.in by configure. */
|
||||
#ifndef __CURL_CURLBUILD_H
|
||||
#define __CURL_CURLBUILD_H
|
||||
/***************************************************************************
|
||||
* _ _ ____ _
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at http://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
* copies of the Software, and permit persons to whom the Software is
|
||||
* furnished to do so, under the terms of the COPYING file.
|
||||
*
|
||||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
* KIND, either express or implied.
|
||||
*
|
||||
***************************************************************************/
|
||||
|
||||
/* ================================================================ */
|
||||
/* NOTES FOR CONFIGURE CAPABLE SYSTEMS */
|
||||
/* ================================================================ */
|
||||
|
||||
/*
|
||||
* NOTE 1:
|
||||
* -------
|
||||
*
|
||||
* Nothing in this file is intended to be modified or adjusted by the
|
||||
* curl library user nor by the curl library builder.
|
||||
*
|
||||
* If you think that something actually needs to be changed, adjusted
|
||||
* or fixed in this file, then, report it on the libcurl development
|
||||
* mailing list: http://cool.haxx.se/mailman/listinfo/curl-library/
|
||||
*
|
||||
* This header file shall only export symbols which are 'curl' or 'CURL'
|
||||
* prefixed, otherwise public name space would be polluted.
|
||||
*
|
||||
* NOTE 2:
|
||||
* -------
|
||||
*
|
||||
* Right now you might be staring at file include/curl/curlbuild.h.in or
|
||||
* at file include/curl/curlbuild.h, this is due to the following reason:
|
||||
*
|
||||
* On systems capable of running the configure script, the configure process
|
||||
* will overwrite the distributed include/curl/curlbuild.h file with one that
|
||||
* is suitable and specific to the library being configured and built, which
|
||||
* is generated from the include/curl/curlbuild.h.in template file.
|
||||
*
|
||||
*/
|
||||
|
||||
/* ================================================================ */
|
||||
/* DEFINITION OF THESE SYMBOLS SHALL NOT TAKE PLACE ANYWHERE ELSE */
|
||||
/* ================================================================ */
|
||||
|
||||
#ifdef CURL_SIZEOF_LONG
|
||||
#error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_LONG_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_TYPEOF_CURL_SOCKLEN_T
|
||||
#error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SIZEOF_CURL_SOCKLEN_T
|
||||
#error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_TYPEOF_CURL_OFF_T
|
||||
#error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_CURL_OFF_T
|
||||
#error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_CURL_OFF_TU
|
||||
#error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_OFF_T
|
||||
#error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SIZEOF_CURL_OFF_T
|
||||
#error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SUFFIX_CURL_OFF_T
|
||||
#error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SUFFIX_CURL_OFF_TU
|
||||
#error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_already_defined
|
||||
#endif
|
||||
|
||||
/* ================================================================ */
|
||||
/* EXTERNAL INTERFACE SETTINGS FOR CONFIGURE CAPABLE SYSTEMS ONLY */
|
||||
/* ================================================================ */
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file ws2tcpip.h must be included by the external interface. */
|
||||
/* #undef CURL_PULL_WS2TCPIP_H */
|
||||
#ifdef CURL_PULL_WS2TCPIP_H
|
||||
# ifndef WIN32_LEAN_AND_MEAN
|
||||
# define WIN32_LEAN_AND_MEAN
|
||||
# endif
|
||||
# include <windows.h>
|
||||
# include <winsock2.h>
|
||||
# include <ws2tcpip.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file sys/types.h must be included by the external interface. */
|
||||
#define CURL_PULL_SYS_TYPES_H 1
|
||||
#ifdef CURL_PULL_SYS_TYPES_H
|
||||
# include <sys/types.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file stdint.h must be included by the external interface. */
|
||||
#define CURL_PULL_STDINT_H 1
|
||||
#ifdef CURL_PULL_STDINT_H
|
||||
# include <stdint.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file inttypes.h must be included by the external interface. */
|
||||
#define CURL_PULL_INTTYPES_H 1
|
||||
#ifdef CURL_PULL_INTTYPES_H
|
||||
# include <inttypes.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file sys/socket.h must be included by the external interface. */
|
||||
#define CURL_PULL_SYS_SOCKET_H 1
|
||||
#ifdef CURL_PULL_SYS_SOCKET_H
|
||||
# include <sys/socket.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file sys/poll.h must be included by the external interface. */
|
||||
/* #undef CURL_PULL_SYS_POLL_H */
|
||||
#ifdef CURL_PULL_SYS_POLL_H
|
||||
# include <sys/poll.h>
|
||||
#endif
|
||||
|
||||
/* Integral data type used for curl_socklen_t. */
|
||||
#define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
|
||||
|
||||
/* The size of `curl_socklen_t', as computed by sizeof. */
|
||||
#define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
/* Data type definition of curl_socklen_t. */
|
||||
typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t;
|
||||
|
||||
/* Signed integral data type used for curl_off_t. */
|
||||
#define CURL_TYPEOF_CURL_OFF_T int64_t
|
||||
|
||||
/* Data type definition of curl_off_t. */
|
||||
typedef CURL_TYPEOF_CURL_OFF_T curl_off_t;
|
||||
|
||||
/* curl_off_t formatting string directive without "%" conversion specifier. */
|
||||
#define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
|
||||
/* unsigned curl_off_t formatting string without "%" conversion specifier. */
|
||||
#define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
|
||||
/* curl_off_t formatting string directive with "%" conversion specifier. */
|
||||
#define CURL_FORMAT_OFF_T "%lld"
|
||||
|
||||
/* The size of `curl_off_t', as computed by sizeof. */
|
||||
#define CURL_SIZEOF_CURL_OFF_T 8
|
||||
|
||||
/* curl_off_t constant suffix. */
|
||||
#define CURL_SUFFIX_CURL_OFF_T LL
|
||||
|
||||
/* unsigned curl_off_t constant suffix. */
|
||||
#define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
|
||||
#endif /* __CURL_CURLBUILD_H */
|
|
@ -0,0 +1,197 @@
|
|||
#ifndef __CURL_CURLBUILD_H
|
||||
#define __CURL_CURLBUILD_H
|
||||
/***************************************************************************
|
||||
* _ _ ____ _
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at http://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
* copies of the Software, and permit persons to whom the Software is
|
||||
* furnished to do so, under the terms of the COPYING file.
|
||||
*
|
||||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
* KIND, either express or implied.
|
||||
*
|
||||
***************************************************************************/
|
||||
|
||||
/* ================================================================ */
|
||||
/* NOTES FOR CONFIGURE CAPABLE SYSTEMS */
|
||||
/* ================================================================ */
|
||||
|
||||
/*
|
||||
* NOTE 1:
|
||||
* -------
|
||||
*
|
||||
* Nothing in this file is intended to be modified or adjusted by the
|
||||
* curl library user nor by the curl library builder.
|
||||
*
|
||||
* If you think that something actually needs to be changed, adjusted
|
||||
* or fixed in this file, then, report it on the libcurl development
|
||||
* mailing list: http://cool.haxx.se/mailman/listinfo/curl-library/
|
||||
*
|
||||
* This header file shall only export symbols which are 'curl' or 'CURL'
|
||||
* prefixed, otherwise public name space would be polluted.
|
||||
*
|
||||
* NOTE 2:
|
||||
* -------
|
||||
*
|
||||
* Right now you might be staring at file include/curl/curlbuild.h.in or
|
||||
* at file include/curl/curlbuild.h, this is due to the following reason:
|
||||
*
|
||||
* On systems capable of running the configure script, the configure process
|
||||
* will overwrite the distributed include/curl/curlbuild.h file with one that
|
||||
* is suitable and specific to the library being configured and built, which
|
||||
* is generated from the include/curl/curlbuild.h.in template file.
|
||||
*
|
||||
*/
|
||||
|
||||
/* ================================================================ */
|
||||
/* DEFINITION OF THESE SYMBOLS SHALL NOT TAKE PLACE ANYWHERE ELSE */
|
||||
/* ================================================================ */
|
||||
|
||||
#ifdef CURL_SIZEOF_LONG
|
||||
#error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_LONG_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_TYPEOF_CURL_SOCKLEN_T
|
||||
#error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SIZEOF_CURL_SOCKLEN_T
|
||||
#error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_TYPEOF_CURL_OFF_T
|
||||
#error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_CURL_OFF_T
|
||||
#error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_CURL_OFF_TU
|
||||
#error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_OFF_T
|
||||
#error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SIZEOF_CURL_OFF_T
|
||||
#error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SUFFIX_CURL_OFF_T
|
||||
#error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SUFFIX_CURL_OFF_TU
|
||||
#error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_already_defined
|
||||
#endif
|
||||
|
||||
/* ================================================================ */
|
||||
/* EXTERNAL INTERFACE SETTINGS FOR CONFIGURE CAPABLE SYSTEMS ONLY */
|
||||
/* ================================================================ */
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file ws2tcpip.h must be included by the external interface. */
|
||||
#cmakedefine CURL_PULL_WS2TCPIP_H
|
||||
#ifdef CURL_PULL_WS2TCPIP_H
|
||||
# ifndef WIN32_LEAN_AND_MEAN
|
||||
# define WIN32_LEAN_AND_MEAN
|
||||
# endif
|
||||
# include <windows.h>
|
||||
# include <winsock2.h>
|
||||
# include <ws2tcpip.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file sys/types.h must be included by the external interface. */
|
||||
#cmakedefine CURL_PULL_SYS_TYPES_H
|
||||
#ifdef CURL_PULL_SYS_TYPES_H
|
||||
# include <sys/types.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file stdint.h must be included by the external interface. */
|
||||
#cmakedefine CURL_PULL_STDINT_H
|
||||
#ifdef CURL_PULL_STDINT_H
|
||||
# include <stdint.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file inttypes.h must be included by the external interface. */
|
||||
#cmakedefine CURL_PULL_INTTYPES_H
|
||||
#ifdef CURL_PULL_INTTYPES_H
|
||||
# include <inttypes.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file sys/socket.h must be included by the external interface. */
|
||||
#cmakedefine CURL_PULL_SYS_SOCKET_H
|
||||
#ifdef CURL_PULL_SYS_SOCKET_H
|
||||
# include <sys/socket.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file sys/poll.h must be included by the external interface. */
|
||||
#cmakedefine CURL_PULL_SYS_POLL_H
|
||||
#ifdef CURL_PULL_SYS_POLL_H
|
||||
# include <sys/poll.h>
|
||||
#endif
|
||||
|
||||
/* The size of `long', as computed by sizeof. */
|
||||
#define CURL_SIZEOF_LONG ${CURL_SIZEOF_LONG}
|
||||
|
||||
/* Integral data type used for curl_socklen_t. */
|
||||
#define CURL_TYPEOF_CURL_SOCKLEN_T ${CURL_TYPEOF_CURL_SOCKLEN_T}
|
||||
|
||||
/* The size of `curl_socklen_t', as computed by sizeof. */
|
||||
#define CURL_SIZEOF_CURL_SOCKLEN_T ${CURL_SIZEOF_CURL_SOCKLEN_T}
|
||||
|
||||
/* Data type definition of curl_socklen_t. */
|
||||
typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t;
|
||||
|
||||
/* Signed integral data type used for curl_off_t. */
|
||||
#define CURL_TYPEOF_CURL_OFF_T ${CURL_TYPEOF_CURL_OFF_T}
|
||||
|
||||
/* Data type definition of curl_off_t. */
|
||||
typedef CURL_TYPEOF_CURL_OFF_T curl_off_t;
|
||||
|
||||
/* curl_off_t formatting string directive without "%" conversion specifier. */
|
||||
#define CURL_FORMAT_CURL_OFF_T "${CURL_FORMAT_CURL_OFF_T}"
|
||||
|
||||
/* unsigned curl_off_t formatting string without "%" conversion specifier. */
|
||||
#define CURL_FORMAT_CURL_OFF_TU "${CURL_FORMAT_CURL_OFF_TU}"
|
||||
|
||||
/* curl_off_t formatting string directive with "%" conversion specifier. */
|
||||
#define CURL_FORMAT_OFF_T "${CURL_FORMAT_OFF_T}"
|
||||
|
||||
/* The size of `curl_off_t', as computed by sizeof. */
|
||||
#define CURL_SIZEOF_CURL_OFF_T ${CURL_SIZEOF_CURL_OFF_T}
|
||||
|
||||
/* curl_off_t constant suffix. */
|
||||
#define CURL_SUFFIX_CURL_OFF_T ${CURL_SUFFIX_CURL_OFF_T}
|
||||
|
||||
/* unsigned curl_off_t constant suffix. */
|
||||
#define CURL_SUFFIX_CURL_OFF_TU ${CURL_SUFFIX_CURL_OFF_TU}
|
||||
|
||||
#endif /* __CURL_CURLBUILD_H */
|
|
@ -0,0 +1,585 @@
|
|||
#ifndef __CURL_CURLBUILD_H
|
||||
#define __CURL_CURLBUILD_H
|
||||
/***************************************************************************
|
||||
* _ _ ____ _
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at http://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
* copies of the Software, and permit persons to whom the Software is
|
||||
* furnished to do so, under the terms of the COPYING file.
|
||||
*
|
||||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
* KIND, either express or implied.
|
||||
*
|
||||
***************************************************************************/
|
||||
|
||||
/* ================================================================ */
|
||||
/* NOTES FOR CONFIGURE CAPABLE SYSTEMS */
|
||||
/* ================================================================ */
|
||||
|
||||
/*
|
||||
* NOTE 1:
|
||||
* -------
|
||||
*
|
||||
* See file include/curl/curlbuild.h.in, run configure, and forget
|
||||
* that this file exists it is only used for non-configure systems.
|
||||
* But you can keep reading if you want ;-)
|
||||
*
|
||||
*/
|
||||
|
||||
/* ================================================================ */
|
||||
/* NOTES FOR NON-CONFIGURE SYSTEMS */
|
||||
/* ================================================================ */
|
||||
|
||||
/*
|
||||
* NOTE 1:
|
||||
* -------
|
||||
*
|
||||
* Nothing in this file is intended to be modified or adjusted by the
|
||||
* curl library user nor by the curl library builder.
|
||||
*
|
||||
* If you think that something actually needs to be changed, adjusted
|
||||
* or fixed in this file, then, report it on the libcurl development
|
||||
* mailing list: http://cool.haxx.se/mailman/listinfo/curl-library/
|
||||
*
|
||||
* Try to keep one section per platform, compiler and architecture,
|
||||
* otherwise, if an existing section is reused for a different one and
|
||||
* later on the original is adjusted, probably the piggybacking one can
|
||||
* be adversely changed.
|
||||
*
|
||||
* In order to differentiate between platforms/compilers/architectures
|
||||
* use only compiler built in predefined preprocessor symbols.
|
||||
*
|
||||
* This header file shall only export symbols which are 'curl' or 'CURL'
|
||||
* prefixed, otherwise public name space would be polluted.
|
||||
*
|
||||
* NOTE 2:
|
||||
* -------
|
||||
*
|
||||
* For any given platform/compiler curl_off_t must be typedef'ed to a
|
||||
* 64-bit wide signed integral data type. The width of this data type
|
||||
* must remain constant and independent of any possible large file
|
||||
* support settings.
|
||||
*
|
||||
* As an exception to the above, curl_off_t shall be typedef'ed to a
|
||||
* 32-bit wide signed integral data type if there is no 64-bit type.
|
||||
*
|
||||
* As a general rule, curl_off_t shall not be mapped to off_t. This
|
||||
* rule shall only be violated if off_t is the only 64-bit data type
|
||||
* available and the size of off_t is independent of large file support
|
||||
* settings. Keep your build on the safe side avoiding an off_t gating.
|
||||
* If you have a 64-bit off_t then take for sure that another 64-bit
|
||||
* data type exists, dig deeper and you will find it.
|
||||
*
|
||||
* NOTE 3:
|
||||
* -------
|
||||
*
|
||||
* Right now you might be staring at file include/curl/curlbuild.h.dist or
|
||||
* at file include/curl/curlbuild.h, this is due to the following reason:
|
||||
* file include/curl/curlbuild.h.dist is renamed to include/curl/curlbuild.h
|
||||
* when the libcurl source code distribution archive file is created.
|
||||
*
|
||||
* File include/curl/curlbuild.h.dist is not included in the distribution
|
||||
* archive. File include/curl/curlbuild.h is not present in the git tree.
|
||||
*
|
||||
* The distributed include/curl/curlbuild.h file is only intended to be used
|
||||
* on systems which can not run the also distributed configure script.
|
||||
*
|
||||
* On systems capable of running the configure script, the configure process
|
||||
* will overwrite the distributed include/curl/curlbuild.h file with one that
|
||||
* is suitable and specific to the library being configured and built, which
|
||||
* is generated from the include/curl/curlbuild.h.in template file.
|
||||
*
|
||||
* If you check out from git on a non-configure platform, you must run the
|
||||
* appropriate buildconf* script to set up curlbuild.h and other local files.
|
||||
*
|
||||
*/
|
||||
|
||||
/* ================================================================ */
|
||||
/* DEFINITION OF THESE SYMBOLS SHALL NOT TAKE PLACE ANYWHERE ELSE */
|
||||
/* ================================================================ */
|
||||
|
||||
#ifdef CURL_SIZEOF_LONG
|
||||
# error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_LONG_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_TYPEOF_CURL_SOCKLEN_T
|
||||
# error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SIZEOF_CURL_SOCKLEN_T
|
||||
# error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_TYPEOF_CURL_OFF_T
|
||||
# error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_CURL_OFF_T
|
||||
# error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_CURL_OFF_TU
|
||||
# error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_OFF_T
|
||||
# error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SIZEOF_CURL_OFF_T
|
||||
# error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SUFFIX_CURL_OFF_T
|
||||
# error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SUFFIX_CURL_OFF_TU
|
||||
# error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_already_defined
|
||||
#endif
|
||||
|
||||
/* ================================================================ */
|
||||
/* EXTERNAL INTERFACE SETTINGS FOR NON-CONFIGURE SYSTEMS ONLY */
|
||||
/* ================================================================ */
|
||||
|
||||
#if defined(__DJGPP__) || defined(__GO32__)
|
||||
# if defined(__DJGPP__) && (__DJGPP__ > 1)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long long
|
||||
# define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
# define CURL_FORMAT_OFF_T "%lld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# else
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 4
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# endif
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(__SALFORDC__)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 4
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(__BORLANDC__)
|
||||
# if (__BORLANDC__ < 0x520)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 4
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# else
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T __int64
|
||||
# define CURL_FORMAT_CURL_OFF_T "I64d"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "I64u"
|
||||
# define CURL_FORMAT_OFF_T "%I64d"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T i64
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ui64
|
||||
# endif
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(__TURBOC__)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 4
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(__WATCOMC__)
|
||||
# if defined(__386__)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T __int64
|
||||
# define CURL_FORMAT_CURL_OFF_T "I64d"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "I64u"
|
||||
# define CURL_FORMAT_OFF_T "%I64d"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T i64
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ui64
|
||||
# else
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 4
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# endif
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(__POCC__)
|
||||
# if (__POCC__ < 280)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 4
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# elif defined(_MSC_VER)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T __int64
|
||||
# define CURL_FORMAT_CURL_OFF_T "I64d"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "I64u"
|
||||
# define CURL_FORMAT_OFF_T "%I64d"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T i64
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ui64
|
||||
# else
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long long
|
||||
# define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
# define CURL_FORMAT_OFF_T "%lld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# endif
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(__LCC__)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 4
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(__SYMBIAN32__)
|
||||
# if defined(__EABI__) /* Treat all ARM compilers equally */
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long long
|
||||
# define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
# define CURL_FORMAT_OFF_T "%lld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# elif defined(__CW32__)
|
||||
# pragma longlong on
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long long
|
||||
# define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
# define CURL_FORMAT_OFF_T "%lld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# elif defined(__VC32__)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T __int64
|
||||
# define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
# define CURL_FORMAT_OFF_T "%lld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# endif
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(__MWERKS__)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long long
|
||||
# define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
# define CURL_FORMAT_OFF_T "%lld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(_WIN32_WCE)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T __int64
|
||||
# define CURL_FORMAT_CURL_OFF_T "I64d"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "I64u"
|
||||
# define CURL_FORMAT_OFF_T "%I64d"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T i64
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ui64
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(__MINGW32__)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long long
|
||||
# define CURL_FORMAT_CURL_OFF_T "I64d"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "I64u"
|
||||
# define CURL_FORMAT_OFF_T "%I64d"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(__VMS)
|
||||
# if defined(__VAX)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 4
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# else
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long long
|
||||
# define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
# define CURL_FORMAT_OFF_T "%lld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# endif
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
#elif defined(__OS400__)
|
||||
# if defined(__ILEC400__)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long long
|
||||
# define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
# define CURL_FORMAT_OFF_T "%lld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
# define CURL_PULL_SYS_TYPES_H 1
|
||||
# define CURL_PULL_SYS_SOCKET_H 1
|
||||
# endif
|
||||
|
||||
#elif defined(__MVS__)
|
||||
# if defined(__IBMC__) || defined(__IBMCPP__)
|
||||
# if defined(_ILP32)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# elif defined(_LP64)
|
||||
# define CURL_SIZEOF_LONG 8
|
||||
# endif
|
||||
# if defined(_LONG_LONG)
|
||||
# define CURL_TYPEOF_CURL_OFF_T long long
|
||||
# define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
# define CURL_FORMAT_OFF_T "%lld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# elif defined(_LP64)
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# else
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 4
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# endif
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
# define CURL_PULL_SYS_TYPES_H 1
|
||||
# define CURL_PULL_SYS_SOCKET_H 1
|
||||
# endif
|
||||
|
||||
#elif defined(__370__)
|
||||
# if defined(__IBMC__) || defined(__IBMCPP__)
|
||||
# if defined(_ILP32)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# elif defined(_LP64)
|
||||
# define CURL_SIZEOF_LONG 8
|
||||
# endif
|
||||
# if defined(_LONG_LONG)
|
||||
# define CURL_TYPEOF_CURL_OFF_T long long
|
||||
# define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
# define CURL_FORMAT_OFF_T "%lld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# elif defined(_LP64)
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# else
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 4
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# endif
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
# define CURL_PULL_SYS_TYPES_H 1
|
||||
# define CURL_PULL_SYS_SOCKET_H 1
|
||||
# endif
|
||||
|
||||
#elif defined(TPF)
|
||||
# define CURL_SIZEOF_LONG 8
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
/* ===================================== */
|
||||
/* KEEP MSVC THE PENULTIMATE ENTRY */
|
||||
/* ===================================== */
|
||||
|
||||
#elif defined(_MSC_VER)
|
||||
# if (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T __int64
|
||||
# define CURL_FORMAT_CURL_OFF_T "I64d"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "I64u"
|
||||
# define CURL_FORMAT_OFF_T "%I64d"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T i64
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ui64
|
||||
# else
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 4
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# endif
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T int
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
|
||||
/* ===================================== */
|
||||
/* KEEP GENERIC GCC THE LAST ENTRY */
|
||||
/* ===================================== */
|
||||
|
||||
#elif defined(__GNUC__)
|
||||
# if defined(__ILP32__) || \
|
||||
defined(__i386__) || defined(__ppc__) || defined(__arm__) || defined(__sparc__)
|
||||
# define CURL_SIZEOF_LONG 4
|
||||
# define CURL_TYPEOF_CURL_OFF_T long long
|
||||
# define CURL_FORMAT_CURL_OFF_T "lld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "llu"
|
||||
# define CURL_FORMAT_OFF_T "%lld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T LL
|
||||
# define CURL_SUFFIX_CURL_OFF_TU ULL
|
||||
# elif defined(__LP64__) || \
|
||||
defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__)
|
||||
# define CURL_SIZEOF_LONG 8
|
||||
# define CURL_TYPEOF_CURL_OFF_T long
|
||||
# define CURL_FORMAT_CURL_OFF_T "ld"
|
||||
# define CURL_FORMAT_CURL_OFF_TU "lu"
|
||||
# define CURL_FORMAT_OFF_T "%ld"
|
||||
# define CURL_SIZEOF_CURL_OFF_T 8
|
||||
# define CURL_SUFFIX_CURL_OFF_T L
|
||||
# define CURL_SUFFIX_CURL_OFF_TU UL
|
||||
# endif
|
||||
# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
|
||||
# define CURL_SIZEOF_CURL_SOCKLEN_T 4
|
||||
# define CURL_PULL_SYS_TYPES_H 1
|
||||
# define CURL_PULL_SYS_SOCKET_H 1
|
||||
|
||||
#else
|
||||
# error "Unknown non-configure build target!"
|
||||
Error Compilation_aborted_Unknown_non_configure_build_target
|
||||
#endif
|
||||
|
||||
/* CURL_PULL_SYS_TYPES_H is defined above when inclusion of header file */
|
||||
/* sys/types.h is required here to properly make type definitions below. */
|
||||
#ifdef CURL_PULL_SYS_TYPES_H
|
||||
# include <sys/types.h>
|
||||
#endif
|
||||
|
||||
/* CURL_PULL_SYS_SOCKET_H is defined above when inclusion of header file */
|
||||
/* sys/socket.h is required here to properly make type definitions below. */
|
||||
#ifdef CURL_PULL_SYS_SOCKET_H
|
||||
# include <sys/socket.h>
|
||||
#endif
|
||||
|
||||
/* Data type definition of curl_socklen_t. */
|
||||
|
||||
#ifdef CURL_TYPEOF_CURL_SOCKLEN_T
|
||||
typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t;
|
||||
#endif
|
||||
|
||||
/* Data type definition of curl_off_t. */
|
||||
|
||||
#ifdef CURL_TYPEOF_CURL_OFF_T
|
||||
typedef CURL_TYPEOF_CURL_OFF_T curl_off_t;
|
||||
#endif
|
||||
|
||||
#endif /* __CURL_CURLBUILD_H */
|
|
@ -0,0 +1,194 @@
|
|||
#ifndef __CURL_CURLBUILD_H
|
||||
#define __CURL_CURLBUILD_H
|
||||
/***************************************************************************
|
||||
* _ _ ____ _
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at http://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
* copies of the Software, and permit persons to whom the Software is
|
||||
* furnished to do so, under the terms of the COPYING file.
|
||||
*
|
||||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
* KIND, either express or implied.
|
||||
*
|
||||
***************************************************************************/
|
||||
|
||||
/* ================================================================ */
|
||||
/* NOTES FOR CONFIGURE CAPABLE SYSTEMS */
|
||||
/* ================================================================ */
|
||||
|
||||
/*
|
||||
* NOTE 1:
|
||||
* -------
|
||||
*
|
||||
* Nothing in this file is intended to be modified or adjusted by the
|
||||
* curl library user nor by the curl library builder.
|
||||
*
|
||||
* If you think that something actually needs to be changed, adjusted
|
||||
* or fixed in this file, then, report it on the libcurl development
|
||||
* mailing list: http://cool.haxx.se/mailman/listinfo/curl-library/
|
||||
*
|
||||
* This header file shall only export symbols which are 'curl' or 'CURL'
|
||||
* prefixed, otherwise public name space would be polluted.
|
||||
*
|
||||
* NOTE 2:
|
||||
* -------
|
||||
*
|
||||
* Right now you might be staring at file include/curl/curlbuild.h.in or
|
||||
* at file include/curl/curlbuild.h, this is due to the following reason:
|
||||
*
|
||||
* On systems capable of running the configure script, the configure process
|
||||
* will overwrite the distributed include/curl/curlbuild.h file with one that
|
||||
* is suitable and specific to the library being configured and built, which
|
||||
* is generated from the include/curl/curlbuild.h.in template file.
|
||||
*
|
||||
*/
|
||||
|
||||
/* ================================================================ */
|
||||
/* DEFINITION OF THESE SYMBOLS SHALL NOT TAKE PLACE ANYWHERE ELSE */
|
||||
/* ================================================================ */
|
||||
|
||||
#ifdef CURL_SIZEOF_LONG
|
||||
#error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_LONG_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_TYPEOF_CURL_SOCKLEN_T
|
||||
#error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SIZEOF_CURL_SOCKLEN_T
|
||||
#error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_TYPEOF_CURL_OFF_T
|
||||
#error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_CURL_OFF_T
|
||||
#error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_CURL_OFF_TU
|
||||
#error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_FORMAT_OFF_T
|
||||
#error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_FORMAT_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SIZEOF_CURL_OFF_T
|
||||
#error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SUFFIX_CURL_OFF_T
|
||||
#error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_already_defined
|
||||
#endif
|
||||
|
||||
#ifdef CURL_SUFFIX_CURL_OFF_TU
|
||||
#error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h"
|
||||
Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_already_defined
|
||||
#endif
|
||||
|
||||
/* ================================================================ */
|
||||
/* EXTERNAL INTERFACE SETTINGS FOR CONFIGURE CAPABLE SYSTEMS ONLY */
|
||||
/* ================================================================ */
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file ws2tcpip.h must be included by the external interface. */
|
||||
#undef CURL_PULL_WS2TCPIP_H
|
||||
#ifdef CURL_PULL_WS2TCPIP_H
|
||||
# ifndef WIN32_LEAN_AND_MEAN
|
||||
# define WIN32_LEAN_AND_MEAN
|
||||
# endif
|
||||
# include <windows.h>
|
||||
# include <winsock2.h>
|
||||
# include <ws2tcpip.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file sys/types.h must be included by the external interface. */
|
||||
#undef CURL_PULL_SYS_TYPES_H
|
||||
#ifdef CURL_PULL_SYS_TYPES_H
|
||||
# include <sys/types.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file stdint.h must be included by the external interface. */
|
||||
#undef CURL_PULL_STDINT_H
|
||||
#ifdef CURL_PULL_STDINT_H
|
||||
# include <stdint.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file inttypes.h must be included by the external interface. */
|
||||
#undef CURL_PULL_INTTYPES_H
|
||||
#ifdef CURL_PULL_INTTYPES_H
|
||||
# include <inttypes.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file sys/socket.h must be included by the external interface. */
|
||||
#undef CURL_PULL_SYS_SOCKET_H
|
||||
#ifdef CURL_PULL_SYS_SOCKET_H
|
||||
# include <sys/socket.h>
|
||||
#endif
|
||||
|
||||
/* Configure process defines this to 1 when it finds out that system */
|
||||
/* header file sys/poll.h must be included by the external interface. */
|
||||
#undef CURL_PULL_SYS_POLL_H
|
||||
#ifdef CURL_PULL_SYS_POLL_H
|
||||
# include <sys/poll.h>
|
||||
#endif
|
||||
|
||||
/* Integral data type used for curl_socklen_t. */
|
||||
#undef CURL_TYPEOF_CURL_SOCKLEN_T
|
||||
|
||||
/* The size of `curl_socklen_t', as computed by sizeof. */
|
||||
#undef CURL_SIZEOF_CURL_SOCKLEN_T
|
||||
|
||||
/* Data type definition of curl_socklen_t. */
|
||||
typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t;
|
||||
|
||||
/* Signed integral data type used for curl_off_t. */
|
||||
#undef CURL_TYPEOF_CURL_OFF_T
|
||||
|
||||
/* Data type definition of curl_off_t. */
|
||||
typedef CURL_TYPEOF_CURL_OFF_T curl_off_t;
|
||||
|
||||
/* curl_off_t formatting string directive without "%" conversion specifier. */
|
||||
#undef CURL_FORMAT_CURL_OFF_T
|
||||
|
||||
/* unsigned curl_off_t formatting string without "%" conversion specifier. */
|
||||
#undef CURL_FORMAT_CURL_OFF_TU
|
||||
|
||||
/* curl_off_t formatting string directive with "%" conversion specifier. */
|
||||
#undef CURL_FORMAT_OFF_T
|
||||
|
||||
/* The size of `curl_off_t', as computed by sizeof. */
|
||||
#undef CURL_SIZEOF_CURL_OFF_T
|
||||
|
||||
/* curl_off_t constant suffix. */
|
||||
#undef CURL_SUFFIX_CURL_OFF_T
|
||||
|
||||
/* unsigned curl_off_t constant suffix. */
|
||||
#undef CURL_SUFFIX_CURL_OFF_TU
|
||||
|
||||
#endif /* __CURL_CURLBUILD_H */
|
|
@ -0,0 +1,248 @@
|
|||
#ifndef __CURL_CURLRULES_H
|
||||
#define __CURL_CURLRULES_H
|
||||
/***************************************************************************
|
||||
* _ _ ____ _
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at http://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
* copies of the Software, and permit persons to whom the Software is
|
||||
* furnished to do so, under the terms of the COPYING file.
|
||||
*
|
||||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
* KIND, either express or implied.
|
||||
*
|
||||
***************************************************************************/
|
||||
|
||||
/* ================================================================ */
|
||||
/* COMPILE TIME SANITY CHECKS */
|
||||
/* ================================================================ */
|
||||
|
||||
/*
|
||||
* NOTE 1:
|
||||
* -------
|
||||
*
|
||||
* All checks done in this file are intentionally placed in a public
|
||||
* header file which is pulled by curl/curl.h when an application is
|
||||
* being built using an already built libcurl library. Additionally
|
||||
* this file is also included and used when building the library.
|
||||
*
|
||||
* If compilation fails on this file it is certainly sure that the
|
||||
* problem is elsewhere. It could be a problem in the curlbuild.h
|
||||
* header file, or simply that you are using different compilation
|
||||
* settings than those used to build the library.
|
||||
*
|
||||
* Nothing in this file is intended to be modified or adjusted by the
|
||||
* curl library user nor by the curl library builder.
|
||||
*
|
||||
* Do not deactivate any check, these are done to make sure that the
|
||||
* library is properly built and used.
|
||||
*
|
||||
* You can find further help on the libcurl development mailing list:
|
||||
* http://cool.haxx.se/mailman/listinfo/curl-library/
|
||||
*
|
||||
* NOTE 2
|
||||
* ------
|
||||
*
|
||||
* Some of the following compile time checks are based on the fact
|
||||
* that the dimension of a constant array can not be a negative one.
|
||||
* In this way if the compile time verification fails, the compilation
|
||||
* will fail issuing an error. The error description wording is compiler
|
||||
* dependent but it will be quite similar to one of the following:
|
||||
*
|
||||
* "negative subscript or subscript is too large"
|
||||
* "array must have at least one element"
|
||||
* "-1 is an illegal array size"
|
||||
* "size of array is negative"
|
||||
*
|
||||
* If you are building an application which tries to use an already
|
||||
* built libcurl library and you are getting this kind of errors on
|
||||
* this file, it is a clear indication that there is a mismatch between
|
||||
* how the library was built and how you are trying to use it for your
|
||||
* application. Your already compiled or binary library provider is the
|
||||
* only one who can give you the details you need to properly use it.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Verify that some macros are actually defined.
|
||||
*/
|
||||
|
||||
#ifndef CURL_TYPEOF_CURL_SOCKLEN_T
|
||||
# error "CURL_TYPEOF_CURL_SOCKLEN_T definition is missing!"
|
||||
Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_is_missing
|
||||
#endif
|
||||
|
||||
#ifndef CURL_SIZEOF_CURL_SOCKLEN_T
|
||||
# error "CURL_SIZEOF_CURL_SOCKLEN_T definition is missing!"
|
||||
Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_is_missing
|
||||
#endif
|
||||
|
||||
#ifndef CURL_TYPEOF_CURL_OFF_T
|
||||
# error "CURL_TYPEOF_CURL_OFF_T definition is missing!"
|
||||
Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_is_missing
|
||||
#endif
|
||||
|
||||
#ifndef CURL_FORMAT_CURL_OFF_T
|
||||
# error "CURL_FORMAT_CURL_OFF_T definition is missing!"
|
||||
Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_is_missing
|
||||
#endif
|
||||
|
||||
#ifndef CURL_FORMAT_CURL_OFF_TU
|
||||
# error "CURL_FORMAT_CURL_OFF_TU definition is missing!"
|
||||
Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_is_missing
|
||||
#endif
|
||||
|
||||
#ifndef CURL_FORMAT_OFF_T
|
||||
# error "CURL_FORMAT_OFF_T definition is missing!"
|
||||
Error Compilation_aborted_CURL_FORMAT_OFF_T_is_missing
|
||||
#endif
|
||||
|
||||
#ifndef CURL_SIZEOF_CURL_OFF_T
|
||||
# error "CURL_SIZEOF_CURL_OFF_T definition is missing!"
|
||||
Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_is_missing
|
||||
#endif
|
||||
|
||||
#ifndef CURL_SUFFIX_CURL_OFF_T
|
||||
# error "CURL_SUFFIX_CURL_OFF_T definition is missing!"
|
||||
Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_is_missing
|
||||
#endif
|
||||
|
||||
#ifndef CURL_SUFFIX_CURL_OFF_TU
|
||||
# error "CURL_SUFFIX_CURL_OFF_TU definition is missing!"
|
||||
Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_is_missing
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Macros private to this header file.
|
||||
*/
|
||||
|
||||
#define CurlchkszEQ(t, s) sizeof(t) == s ? 1 : -1
|
||||
|
||||
#define CurlchkszGE(t1, t2) sizeof(t1) >= sizeof(t2) ? 1 : -1
|
||||
|
||||
/*
|
||||
* Verify that the size previously defined and expected for
|
||||
* curl_off_t is actually the the same as the one reported
|
||||
* by sizeof() at compile time.
|
||||
*/
|
||||
|
||||
typedef char
|
||||
__curl_rule_02__
|
||||
[CurlchkszEQ(curl_off_t, CURL_SIZEOF_CURL_OFF_T)];
|
||||
|
||||
/*
|
||||
* Verify at compile time that the size of curl_off_t as reported
|
||||
* by sizeof() is greater or equal than the one reported for long
|
||||
* for the current compilation.
|
||||
*/
|
||||
|
||||
typedef char
|
||||
__curl_rule_03__
|
||||
[CurlchkszGE(curl_off_t, long)];
|
||||
|
||||
/*
|
||||
* Verify that the size previously defined and expected for
|
||||
* curl_socklen_t is actually the the same as the one reported
|
||||
* by sizeof() at compile time.
|
||||
*/
|
||||
|
||||
typedef char
|
||||
__curl_rule_04__
|
||||
[CurlchkszEQ(curl_socklen_t, CURL_SIZEOF_CURL_SOCKLEN_T)];
|
||||
|
||||
/*
|
||||
* Verify at compile time that the size of curl_socklen_t as reported
|
||||
* by sizeof() is greater or equal than the one reported for int for
|
||||
* the current compilation.
|
||||
*/
|
||||
|
||||
typedef char
|
||||
__curl_rule_05__
|
||||
[CurlchkszGE(curl_socklen_t, int)];
|
||||
|
||||
/* ================================================================ */
|
||||
/* EXTERNALLY AND INTERNALLY VISIBLE DEFINITIONS */
|
||||
/* ================================================================ */
|
||||
|
||||
/*
|
||||
* CURL_ISOCPP and CURL_OFF_T_C definitions are done here in order to allow
|
||||
* these to be visible and exported by the external libcurl interface API,
|
||||
* while also making them visible to the library internals, simply including
|
||||
* curl_setup.h, without actually needing to include curl.h internally.
|
||||
* If some day this section would grow big enough, all this should be moved
|
||||
* to its own header file.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Figure out if we can use the ## preprocessor operator, which is supported
|
||||
* by ISO/ANSI C and C++. Some compilers support it without setting __STDC__
|
||||
* or __cplusplus so we need to carefully check for them too.
|
||||
*/
|
||||
|
||||
#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus) || \
|
||||
defined(__HP_aCC) || defined(__BORLANDC__) || defined(__LCC__) || \
|
||||
defined(__POCC__) || defined(__SALFORDC__) || defined(__HIGHC__) || \
|
||||
defined(__ILEC400__)
|
||||
/* This compiler is believed to have an ISO compatible preprocessor */
|
||||
#define CURL_ISOCPP
|
||||
#else
|
||||
/* This compiler is believed NOT to have an ISO compatible preprocessor */
|
||||
#undef CURL_ISOCPP
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Macros for minimum-width signed and unsigned curl_off_t integer constants.
|
||||
*/
|
||||
|
||||
#if defined(__BORLANDC__) && (__BORLANDC__ == 0x0551)
|
||||
# define __CURL_OFF_T_C_HLPR2(x) x
|
||||
# define __CURL_OFF_T_C_HLPR1(x) __CURL_OFF_T_C_HLPR2(x)
|
||||
# define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \
|
||||
__CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_T)
|
||||
# define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \
|
||||
__CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_TU)
|
||||
#else
|
||||
# ifdef CURL_ISOCPP
|
||||
# define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val ## Suffix
|
||||
# else
|
||||
# define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val/**/Suffix
|
||||
# endif
|
||||
# define __CURL_OFF_T_C_HLPR1(Val,Suffix) __CURL_OFF_T_C_HLPR2(Val,Suffix)
|
||||
# define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_T)
|
||||
# define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_TU)
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Get rid of macros private to this header file.
|
||||
*/
|
||||
|
||||
#undef CurlchkszEQ
|
||||
#undef CurlchkszGE
|
||||
|
||||
/*
|
||||
* Get rid of macros not intended to exist beyond this point.
|
||||
*/
|
||||
|
||||
#undef CURL_PULL_WS2TCPIP_H
|
||||
#undef CURL_PULL_SYS_TYPES_H
|
||||
#undef CURL_PULL_SYS_SOCKET_H
|
||||
#undef CURL_PULL_SYS_POLL_H
|
||||
#undef CURL_PULL_STDINT_H
|
||||
#undef CURL_PULL_INTTYPES_H
|
||||
|
||||
#undef CURL_TYPEOF_CURL_SOCKLEN_T
|
||||
#undef CURL_TYPEOF_CURL_OFF_T
|
||||
|
||||
#ifdef CURL_NO_OLDIES
|
||||
#undef CURL_FORMAT_OFF_T /* not required since 7.19.0 - obsoleted in 7.20.0 */
|
||||
#endif
|
||||
|
||||
#endif /* __CURL_CURLRULES_H */
|
|
@ -0,0 +1,77 @@
|
|||
#ifndef __CURL_CURLVER_H
|
||||
#define __CURL_CURLVER_H
|
||||
/***************************************************************************
|
||||
* _ _ ____ _
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at http://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
* copies of the Software, and permit persons to whom the Software is
|
||||
* furnished to do so, under the terms of the COPYING file.
|
||||
*
|
||||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
* KIND, either express or implied.
|
||||
*
|
||||
***************************************************************************/
|
||||
|
||||
/* This header file contains nothing but libcurl version info, generated by
|
||||
a script at release-time. This was made its own header file in 7.11.2 */
|
||||
|
||||
/* This is the global package copyright */
|
||||
#define LIBCURL_COPYRIGHT "1996 - 2015 Daniel Stenberg, <daniel@haxx.se>."
|
||||
|
||||
/* This is the version number of the libcurl package from which this header
|
||||
file origins: */
|
||||
#define LIBCURL_VERSION "7.43.0-DEV"
|
||||
|
||||
/* The numeric version number is also available "in parts" by using these
|
||||
defines: */
|
||||
#define LIBCURL_VERSION_MAJOR 7
|
||||
#define LIBCURL_VERSION_MINOR 43
|
||||
#define LIBCURL_VERSION_PATCH 0
|
||||
|
||||
/* This is the numeric version of the libcurl version number, meant for easier
|
||||
parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
|
||||
always follow this syntax:
|
||||
|
||||
0xXXYYZZ
|
||||
|
||||
Where XX, YY and ZZ are the main version, release and patch numbers in
|
||||
hexadecimal (using 8 bits each). All three numbers are always represented
|
||||
using two digits. 1.2 would appear as "0x010200" while version 9.11.7
|
||||
appears as "0x090b07".
|
||||
|
||||
This 6-digit (24 bits) hexadecimal number does not show pre-release number,
|
||||
and it is always a greater number in a more recent release. It makes
|
||||
comparisons with greater than and less than work.
|
||||
|
||||
Note: This define is the full hex number and _does not_ use the
|
||||
CURL_VERSION_BITS() macro since curl's own configure script greps for it
|
||||
and needs it to contain the full number.
|
||||
*/
|
||||
#define LIBCURL_VERSION_NUM 0x072B00
|
||||
|
||||
/*
|
||||
* This is the date and time when the full source package was created. The
|
||||
* timestamp is not stored in git, as the timestamp is properly set in the
|
||||
* tarballs by the maketgz script.
|
||||
*
|
||||
* The format of the date should follow this template:
|
||||
*
|
||||
* "Mon Feb 12 11:35:33 UTC 2007"
|
||||
*/
|
||||
#define LIBCURL_TIMESTAMP "DEV"
|
||||
|
||||
#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|z)
|
||||
#define CURL_AT_LEAST_VERSION(x,y,z) \
|
||||
(LIBCURL_VERSION_NUM >= CURL_VERSION_BITS(x, y, z))
|
||||
|
||||
#endif /* __CURL_CURLVER_H */
|
|
@ -0,0 +1,102 @@
|
|||
#ifndef __CURL_EASY_H
|
||||
#define __CURL_EASY_H
|
||||
/***************************************************************************
|
||||
* _ _ ____ _
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at http://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
* copies of the Software, and permit persons to whom the Software is
|
||||
* furnished to do so, under the terms of the COPYING file.
|
||||
*
|
||||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
* KIND, either express or implied.
|
||||
*
|
||||
***************************************************************************/
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
CURL_EXTERN CURL *curl_easy_init(void);
|
||||
CURL_EXTERN CURLcode curl_easy_setopt(CURL *curl, CURLoption option, ...);
|
||||
CURL_EXTERN CURLcode curl_easy_perform(CURL *curl);
|
||||
CURL_EXTERN void curl_easy_cleanup(CURL *curl);
|
||||
|
||||
/*
|
||||
* NAME curl_easy_getinfo()
|
||||
*
|
||||
* DESCRIPTION
|
||||
*
|
||||
* Request internal information from the curl session with this function. The
|
||||
* third argument MUST be a pointer to a long, a pointer to a char * or a
|
||||
* pointer to a double (as the documentation describes elsewhere). The data
|
||||
* pointed to will be filled in accordingly and can be relied upon only if the
|
||||
* function returns CURLE_OK. This function is intended to get used *AFTER* a
|
||||
* performed transfer, all results from this function are undefined until the
|
||||
* transfer is completed.
|
||||
*/
|
||||
CURL_EXTERN CURLcode curl_easy_getinfo(CURL *curl, CURLINFO info, ...);
|
||||
|
||||
|
||||
/*
|
||||
* NAME curl_easy_duphandle()
|
||||
*
|
||||
* DESCRIPTION
|
||||
*
|
||||
* Creates a new curl session handle with the same options set for the handle
|
||||
* passed in. Duplicating a handle could only be a matter of cloning data and
|
||||
* options, internal state info and things like persistent connections cannot
|
||||
* be transferred. It is useful in multithreaded applications when you can run
|
||||
* curl_easy_duphandle() for each new thread to avoid a series of identical
|
||||
* curl_easy_setopt() invokes in every thread.
|
||||
*/
|
||||
CURL_EXTERN CURL* curl_easy_duphandle(CURL *curl);
|
||||
|
||||
/*
|
||||
* NAME curl_easy_reset()
|
||||
*
|
||||
* DESCRIPTION
|
||||
*
|
||||
* Re-initializes a CURL handle to the default values. This puts back the
|
||||
* handle to the same state as it was in when it was just created.
|
||||
*
|
||||
* It does keep: live connections, the Session ID cache, the DNS cache and the
|
||||
* cookies.
|
||||
*/
|
||||
CURL_EXTERN void curl_easy_reset(CURL *curl);
|
||||
|
||||
/*
|
||||
* NAME curl_easy_recv()
|
||||
*
|
||||
* DESCRIPTION
|
||||
*
|
||||
* Receives data from the connected socket. Use after successful
|
||||
* curl_easy_perform() with CURLOPT_CONNECT_ONLY option.
|
||||
*/
|
||||
CURL_EXTERN CURLcode curl_easy_recv(CURL *curl, void *buffer, size_t buflen,
|
||||
size_t *n);
|
||||
|
||||
/*
|
||||
* NAME curl_easy_send()
|
||||
*
|
||||
* DESCRIPTION
|
||||
*
|
||||
* Sends data over the connected socket. Use after successful
|
||||
* curl_easy_perform() with CURLOPT_CONNECT_ONLY option.
|
||||
*/
|
||||
CURL_EXTERN CURLcode curl_easy_send(CURL *curl, const void *buffer,
|
||||
size_t buflen, size_t *n);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -0,0 +1,74 @@
|
|||
#ifndef __CURL_MPRINTF_H
|
||||
#define __CURL_MPRINTF_H
|
||||
/***************************************************************************
|
||||
* _ _ ____ _
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at http://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
* copies of the Software, and permit persons to whom the Software is
|
||||
* furnished to do so, under the terms of the COPYING file.
|
||||
*
|
||||
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
* KIND, either express or implied.
|
||||
*
|
||||
***************************************************************************/
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h> /* needed for FILE */
|
||||
|
||||
#include "curl.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
CURL_EXTERN int curl_mprintf(const char *format, ...);
|
||||
CURL_EXTERN int curl_mfprintf(FILE *fd, const char *format, ...);
|
||||
CURL_EXTERN int curl_msprintf(char *buffer, const char *format, ...);
|
||||
CURL_EXTERN int curl_msnprintf(char *buffer, size_t maxlength,
|
||||
const char *format, ...);
|
||||
CURL_EXTERN int curl_mvprintf(const char *format, va_list args);
|
||||
CURL_EXTERN int curl_mvfprintf(FILE *fd, const char *format, va_list args);
|
||||
CURL_EXTERN int curl_mvsprintf(char *buffer, const char *format, va_list args);
|
||||
CURL_EXTERN int curl_mvsnprintf(char *buffer, size_t maxlength,
|
||||
const char *format, va_list args);
|
||||
CURL_EXTERN char *curl_maprintf(const char *format, ...);
|
||||
CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args);
|
||||
|
||||
#ifdef _MPRINTF_REPLACE
|
||||
# undef printf
|
||||
# undef fprintf
|
||||
# undef sprintf
|
||||
# undef vsprintf
|
||||
# undef snprintf
|
||||
# undef vprintf
|
||||
# undef vfprintf
|
||||
# undef vsnprintf
|
||||
# undef aprintf
|
||||
# undef vaprintf
|
||||
# define printf curl_mprintf
|
||||
# define fprintf curl_mfprintf
|
||||
# define sprintf curl_msprintf
|
||||
# define vsprintf curl_mvsprintf
|
||||
# define snprintf curl_msnprintf
|
||||
# define vprintf curl_mvprintf
|
||||
# define vfprintf curl_mvfprintf
|
||||
# define vsnprintf curl_mvsnprintf
|
||||
# define aprintf curl_maprintf
|
||||
# define vaprintf curl_mvaprintf
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* __CURL_MPRINTF_H */
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue