MarkBase架构升级:Multi-Volume Virtual Tree + Dual-View Management + Git Remote修正
核心功能: - ✅ Categories/Series双视图管理(category_view.rs + import_markdown.rs) - ✅ FUSE Multi-Volume支持(tree_type参数) - ✅ SSH/SFTP/SCP/rsync协议完整实现(4042行) - ✅ NFS/SMB Module Phase 1-3完成 - ✅ Archive Module Phase 1-4完成(2916行) - ✅ Download Center API完整实现 - ✅ S3兼容API实现(560行) Git配置修正: - ✅ 删除错误origin(gitea.momentry.ddns.net) - ✅ 删除m5max128(指向机器名) - ✅ 设置origin = m5max128gitea.momentry.ddns.net/admin/markbase - ✅ 设置m4minigitea = m4minigitea.momentry.ddns.net/warren/markbase 数据清理: - ✅ 删除38个临时SQLite(保留accusys.sqlite、demo.sqlite) - ✅ 删除.bak、test_*.bin、调试脚本等临时文件 - ✅ 删除临时目录(build/、download files/、raid_test/等) - ✅ 更新.gitignore排除临时文件 架构优化: - 52个文件修改,2434行新增,4739行删除 - Workspace成员整合(16个crate) - 数据库状态:accusys.sqlite保留(主demo测试) 远程同步: - ✅ 准备推送到m5max128gitea(远程Gitea) - ✅ 准备推送到m4minigitea(本地Gitea)
This commit is contained in:
+491
@@ -0,0 +1,491 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_AEAD_H
|
||||
#define OPENSSL_HEADER_AEAD_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Authenticated Encryption with Additional Data.
|
||||
//
|
||||
// AEAD couples confidentiality and integrity in a single primitive. AEAD
|
||||
// algorithms take a key and then can seal and open individual messages. Each
|
||||
// message has a unique, per-message nonce and, optionally, additional data
|
||||
// which is authenticated but not included in the ciphertext.
|
||||
//
|
||||
// The |EVP_AEAD_CTX_init| function initialises an |EVP_AEAD_CTX| structure and
|
||||
// performs any precomputation needed to use |aead| with |key|. The length of
|
||||
// the key, |key_len|, is given in bytes.
|
||||
//
|
||||
// The |tag_len| argument contains the length of the tags, in bytes, and allows
|
||||
// for the processing of truncated authenticators. A zero value indicates that
|
||||
// the default tag length should be used and this is defined as
|
||||
// |EVP_AEAD_DEFAULT_TAG_LENGTH| in order to make the code clear. Using
|
||||
// truncated tags increases an attacker's chance of creating a valid forgery.
|
||||
// Be aware that the attacker's chance may increase more than exponentially as
|
||||
// would naively be expected.
|
||||
//
|
||||
// When no longer needed, the initialised |EVP_AEAD_CTX| structure must be
|
||||
// passed to |EVP_AEAD_CTX_cleanup|, which will deallocate any memory used.
|
||||
//
|
||||
// With an |EVP_AEAD_CTX| in hand, one can seal and open messages. These
|
||||
// operations are intended to meet the standard notions of privacy and
|
||||
// authenticity for authenticated encryption. For formal definitions see
|
||||
// Bellare and Namprempre, "Authenticated encryption: relations among notions
|
||||
// and analysis of the generic composition paradigm," Lecture Notes in Computer
|
||||
// Science B<1976> (2000), 531–545,
|
||||
// http://www-cse.ucsd.edu/~mihir/papers/oem.html.
|
||||
//
|
||||
// When sealing messages, a nonce must be given. The length of the nonce is
|
||||
// fixed by the AEAD in use and is returned by |EVP_AEAD_nonce_length|. *The
|
||||
// nonce must be unique for all messages with the same key*. This is critically
|
||||
// important - nonce reuse may completely undermine the security of the AEAD.
|
||||
// Nonces may be predictable and public, so long as they are unique. Uniqueness
|
||||
// may be achieved with a simple counter or, if large enough, may be generated
|
||||
// randomly. The nonce must be passed into the "open" operation by the receiver
|
||||
// so must either be implicit (e.g. a counter), or must be transmitted along
|
||||
// with the sealed message.
|
||||
//
|
||||
// The "seal" and "open" operations are atomic - an entire message must be
|
||||
// encrypted or decrypted in a single call. Large messages may have to be split
|
||||
// up in order to accommodate this. When doing so, be mindful of the need not to
|
||||
// repeat nonces and the possibility that an attacker could duplicate, reorder
|
||||
// or drop message chunks. For example, using a single key for a given (large)
|
||||
// message and sealing chunks with nonces counting from zero would be secure as
|
||||
// long as the number of chunks was securely transmitted. (Otherwise an
|
||||
// attacker could truncate the message by dropping chunks from the end.)
|
||||
//
|
||||
// The number of chunks could be transmitted by prefixing it to the plaintext,
|
||||
// for example. This also assumes that no other message would ever use the same
|
||||
// key otherwise the rule that nonces must be unique for a given key would be
|
||||
// violated.
|
||||
//
|
||||
// The "seal" and "open" operations also permit additional data to be
|
||||
// authenticated via the |ad| parameter. This data is not included in the
|
||||
// ciphertext and must be identical for both the "seal" and "open" call. This
|
||||
// permits implicit context to be authenticated but may be empty if not needed.
|
||||
//
|
||||
// The "seal" and "open" operations may work in-place if the |out| and |in|
|
||||
// arguments are equal. Otherwise, if |out| and |in| alias, input data may be
|
||||
// overwritten before it is read. This situation will cause an error.
|
||||
//
|
||||
// The "seal" and "open" operations return one on success and zero on error.
|
||||
|
||||
|
||||
// AEAD algorithms.
|
||||
|
||||
// EVP_aead_aes_128_gcm is AES-128 in Galois Counter Mode.
|
||||
//
|
||||
// Note: AES-GCM should only be used with 12-byte (96-bit) nonces. Although it
|
||||
// is specified to take a variable-length nonce, nonces with other lengths are
|
||||
// effectively randomized, which means one must consider collisions. Unless
|
||||
// implementing an existing protocol which has already specified incorrect
|
||||
// parameters, only use 12-byte nonces.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm(void);
|
||||
|
||||
// EVP_aead_aes_192_gcm is AES-192 in Galois Counter Mode.
|
||||
//
|
||||
// WARNING: AES-192 is superfluous and shouldn't exist. NIST should never have
|
||||
// defined it. Use only when interop with another system requires it, never
|
||||
// de novo.
|
||||
//
|
||||
// Note: AES-GCM should only be used with 12-byte (96-bit) nonces. Although it
|
||||
// is specified to take a variable-length nonce, nonces with other lengths are
|
||||
// effectively randomized, which means one must consider collisions. Unless
|
||||
// implementing an existing protocol which has already specified incorrect
|
||||
// parameters, only use 12-byte nonces.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_192_gcm(void);
|
||||
|
||||
// EVP_aead_aes_256_gcm is AES-256 in Galois Counter Mode.
|
||||
//
|
||||
// Note: AES-GCM should only be used with 12-byte (96-bit) nonces. Although it
|
||||
// is specified to take a variable-length nonce, nonces with other lengths are
|
||||
// effectively randomized, which means one must consider collisions. Unless
|
||||
// implementing an existing protocol which has already specified incorrect
|
||||
// parameters, only use 12-byte nonces.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm(void);
|
||||
|
||||
// EVP_aead_chacha20_poly1305 is the AEAD built from ChaCha20 and
|
||||
// Poly1305 as described in RFC 8439.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
|
||||
|
||||
// EVP_aead_xchacha20_poly1305 is ChaCha20-Poly1305 with an extended nonce that
|
||||
// makes random generation of nonces safe.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_xchacha20_poly1305(void);
|
||||
|
||||
// EVP_aead_aes_128_ctr_hmac_sha256 is AES-128 in CTR mode with HMAC-SHA256 for
|
||||
// authentication. The nonce is 12 bytes; the bottom 32-bits are used as the
|
||||
// block counter, thus the maximum plaintext size is 64GB.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void);
|
||||
|
||||
// EVP_aead_aes_256_ctr_hmac_sha256 is AES-256 in CTR mode with HMAC-SHA256 for
|
||||
// authentication. See |EVP_aead_aes_128_ctr_hmac_sha256| for details.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_ctr_hmac_sha256(void);
|
||||
|
||||
// EVP_aead_aes_128_gcm_siv is AES-128 in GCM-SIV mode. See RFC 8452.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void);
|
||||
|
||||
// EVP_aead_aes_256_gcm_siv is AES-256 in GCM-SIV mode. See RFC 8452.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void);
|
||||
|
||||
// EVP_aead_aes_128_gcm_randnonce is AES-128 in Galois Counter Mode with
|
||||
// internal nonce generation. The 12-byte nonce is appended to the tag
|
||||
// and is generated internally. The "tag", for the purposes of the API, is thus
|
||||
// 12 bytes larger. The nonce parameter when using this AEAD must be
|
||||
// zero-length. Since the nonce is random, a single key should not be used for
|
||||
// more than 2^32 seal operations.
|
||||
//
|
||||
// Warning: this is for use for FIPS compliance only. It is probably not
|
||||
// suitable for other uses. Using standard AES-GCM AEADs allows one to achieve
|
||||
// the same effect, but gives more control over nonce storage.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_randnonce(void);
|
||||
|
||||
// EVP_aead_aes_256_gcm_randnonce is AES-256 in Galois Counter Mode with
|
||||
// internal nonce generation. The 12-byte nonce is appended to the tag
|
||||
// and is generated internally. The "tag", for the purposes of the API, is thus
|
||||
// 12 bytes larger. The nonce parameter when using this AEAD must be
|
||||
// zero-length. Since the nonce is random, a single key should not be used for
|
||||
// more than 2^32 seal operations.
|
||||
//
|
||||
// Warning: this is for use for FIPS compliance only. It is probably not
|
||||
// suitable for other uses. Using standard AES-GCM AEADs allows one to achieve
|
||||
// the same effect, but gives more control over nonce storage.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_randnonce(void);
|
||||
|
||||
// EVP_aead_aes_128_ccm_bluetooth is AES-128-CCM with M=4 and L=2 (4-byte tags
|
||||
// and 13-byte nonces), as described in the Bluetooth Core Specification v5.0,
|
||||
// Volume 6, Part E, Section 1.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth(void);
|
||||
|
||||
// EVP_aead_aes_128_ccm_bluetooth_8 is AES-128-CCM with M=8 and L=2 (8-byte tags
|
||||
// and 13-byte nonces), as used in the Bluetooth Mesh Networking Specification
|
||||
// v1.0.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth_8(void);
|
||||
|
||||
// EVP_aead_aes_128_ccm_matter is AES-128-CCM with M=16 and L=2 (16-byte tags
|
||||
// and 13-byte nonces), as used in the Matter specification.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_matter(void);
|
||||
|
||||
// EVP_has_aes_hardware returns one if we enable hardware support for fast and
|
||||
// constant-time AES-GCM.
|
||||
OPENSSL_EXPORT int EVP_has_aes_hardware(void);
|
||||
|
||||
|
||||
// Utility functions.
|
||||
|
||||
// EVP_AEAD_key_length returns the length, in bytes, of the keys used by
|
||||
// |aead|.
|
||||
OPENSSL_EXPORT size_t EVP_AEAD_key_length(const EVP_AEAD *aead);
|
||||
|
||||
// EVP_AEAD_nonce_length returns the length, in bytes, of the per-message nonce
|
||||
// for |aead|. Some |aead|s might support a larger set of nonce-lengths (e.g.
|
||||
// aes-gcm).
|
||||
OPENSSL_EXPORT size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead);
|
||||
|
||||
// EVP_AEAD_max_overhead returns the maximum number of additional bytes added
|
||||
// by the act of sealing data with |aead|.
|
||||
OPENSSL_EXPORT size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead);
|
||||
|
||||
// EVP_AEAD_max_tag_len returns the maximum tag length when using |aead|. This
|
||||
// is the largest value that can be passed as |tag_len| to
|
||||
// |EVP_AEAD_CTX_init|.
|
||||
OPENSSL_EXPORT size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead);
|
||||
|
||||
|
||||
// AEAD operations.
|
||||
|
||||
union evp_aead_ctx_st_state {
|
||||
uint8_t opaque[564];
|
||||
uint64_t alignment;
|
||||
void *ptr;
|
||||
};
|
||||
|
||||
// An evp_aead_ctx_st (typedefed as |EVP_AEAD_CTX| in base.h) represents an AEAD
|
||||
// algorithm configured with a specific key and message-independent IV.
|
||||
struct evp_aead_ctx_st {
|
||||
const EVP_AEAD *aead;
|
||||
union evp_aead_ctx_st_state state;
|
||||
uint8_t state_offset;
|
||||
// tag_len may contain the actual length of the authentication tag if it is
|
||||
// known at initialization time.
|
||||
uint8_t tag_len;
|
||||
};
|
||||
|
||||
// EVP_AEAD_MAX_KEY_LENGTH contains the maximum key length used by
|
||||
// any AEAD defined in this header.
|
||||
#define EVP_AEAD_MAX_KEY_LENGTH 80
|
||||
|
||||
// EVP_AEAD_MAX_NONCE_LENGTH contains the maximum nonce length used by
|
||||
// any AEAD defined in this header.
|
||||
#define EVP_AEAD_MAX_NONCE_LENGTH 24
|
||||
|
||||
// EVP_AEAD_MAX_OVERHEAD contains the maximum overhead used by any AEAD
|
||||
// defined in this header.
|
||||
#define EVP_AEAD_MAX_OVERHEAD 64
|
||||
|
||||
// EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to
|
||||
// EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD should
|
||||
// be used.
|
||||
#define EVP_AEAD_DEFAULT_TAG_LENGTH 0
|
||||
|
||||
// EVP_AEAD_CTX_zero sets an uninitialized |ctx| to the zero state. It must be
|
||||
// initialized with |EVP_AEAD_CTX_init| before use. It is safe, but not
|
||||
// necessary, to call |EVP_AEAD_CTX_cleanup| in this state. This may be used for
|
||||
// more uniform cleanup of |EVP_AEAD_CTX|.
|
||||
OPENSSL_EXPORT void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx);
|
||||
|
||||
// EVP_AEAD_CTX_new allocates an |EVP_AEAD_CTX|, calls |EVP_AEAD_CTX_init| and
|
||||
// returns the |EVP_AEAD_CTX|, or NULL on error.
|
||||
OPENSSL_EXPORT EVP_AEAD_CTX *EVP_AEAD_CTX_new(const EVP_AEAD *aead,
|
||||
const uint8_t *key,
|
||||
size_t key_len, size_t tag_len);
|
||||
|
||||
// EVP_AEAD_CTX_free calls |EVP_AEAD_CTX_cleanup| and |OPENSSL_free| on
|
||||
// |ctx|.
|
||||
OPENSSL_EXPORT void EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx);
|
||||
|
||||
// EVP_AEAD_CTX_init initializes |ctx| for the given AEAD algorithm. The |impl|
|
||||
// argument is ignored and should be NULL. Authentication tags may be truncated
|
||||
// by passing a size as |tag_len|. A |tag_len| of zero indicates the default
|
||||
// tag length and this is defined as EVP_AEAD_DEFAULT_TAG_LENGTH for
|
||||
// readability.
|
||||
//
|
||||
// Returns 1 on success. Otherwise returns 0 and pushes to the error stack. In
|
||||
// the error case, you do not need to call |EVP_AEAD_CTX_cleanup|, but it's
|
||||
// harmless to do so.
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
|
||||
const uint8_t *key, size_t key_len,
|
||||
size_t tag_len, ENGINE *impl);
|
||||
|
||||
// EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. It is a no-op to
|
||||
// call |EVP_AEAD_CTX_cleanup| on a |EVP_AEAD_CTX| that has been |memset| to
|
||||
// all zeros.
|
||||
OPENSSL_EXPORT void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx);
|
||||
|
||||
// EVP_AEAD_CTX_seal encrypts and authenticates |in_len| bytes from |in| and
|
||||
// authenticates |ad_len| bytes from |ad| and writes the result to |out|. It
|
||||
// returns one on success and zero otherwise.
|
||||
//
|
||||
// This function may be called concurrently with itself or any other seal/open
|
||||
// function on the same |EVP_AEAD_CTX|.
|
||||
//
|
||||
// At most |max_out_len| bytes are written to |out| and, in order to ensure
|
||||
// success, |max_out_len| should be |in_len| plus the result of
|
||||
// |EVP_AEAD_max_overhead|. On successful return, |*out_len| is set to the
|
||||
// actual number of bytes written.
|
||||
//
|
||||
// The length of |nonce|, |nonce_len|, must be equal to the result of
|
||||
// |EVP_AEAD_nonce_length| for this AEAD.
|
||||
//
|
||||
// |EVP_AEAD_CTX_seal| never results in a partial output. If |max_out_len| is
|
||||
// insufficient, zero will be returned. If any error occurs, |out| will be
|
||||
// filled with zero bytes and |*out_len| set to zero.
|
||||
//
|
||||
// If |in| and |out| alias then |out| must be == |in|.
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, size_t max_out_len,
|
||||
const uint8_t *nonce, size_t nonce_len,
|
||||
const uint8_t *in, size_t in_len,
|
||||
const uint8_t *ad, size_t ad_len);
|
||||
|
||||
// EVP_AEAD_CTX_open authenticates |in_len| bytes from |in| and |ad_len| bytes
|
||||
// from |ad| and decrypts at most |in_len| bytes into |out|. It returns one on
|
||||
// success and zero otherwise.
|
||||
//
|
||||
// This function may be called concurrently with itself or any other seal/open
|
||||
// function on the same |EVP_AEAD_CTX|.
|
||||
//
|
||||
// At most |in_len| bytes are written to |out|. In order to ensure success,
|
||||
// |max_out_len| should be at least |in_len|. On successful return, |*out_len|
|
||||
// is set to the the actual number of bytes written.
|
||||
//
|
||||
// The length of |nonce|, |nonce_len|, must be equal to the result of
|
||||
// |EVP_AEAD_nonce_length| for this AEAD.
|
||||
//
|
||||
// |EVP_AEAD_CTX_open| never results in a partial output. If |max_out_len| is
|
||||
// insufficient, zero will be returned. If any error occurs, |out| will be
|
||||
// filled with zero bytes and |*out_len| set to zero.
|
||||
//
|
||||
// If |in| and |out| alias then |out| must be == |in|.
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, size_t max_out_len,
|
||||
const uint8_t *nonce, size_t nonce_len,
|
||||
const uint8_t *in, size_t in_len,
|
||||
const uint8_t *ad, size_t ad_len);
|
||||
|
||||
// EVP_AEAD_CTX_seal_scatter encrypts and authenticates |in_len| bytes from |in|
|
||||
// and authenticates |ad_len| bytes from |ad|. It writes |in_len| bytes of
|
||||
// ciphertext to |out| and the authentication tag to |out_tag|. It returns one
|
||||
// on success and zero otherwise.
|
||||
//
|
||||
// This function may be called concurrently with itself or any other seal/open
|
||||
// function on the same |EVP_AEAD_CTX|.
|
||||
//
|
||||
// Exactly |in_len| bytes are written to |out|, and up to
|
||||
// |EVP_AEAD_max_overhead+extra_in_len| bytes to |out_tag|. On successful
|
||||
// return, |*out_tag_len| is set to the actual number of bytes written to
|
||||
// |out_tag|.
|
||||
//
|
||||
// |extra_in| may point to an additional plaintext input buffer if the cipher
|
||||
// supports it. If present, |extra_in_len| additional bytes of plaintext are
|
||||
// encrypted and authenticated, and the ciphertext is written (before the tag)
|
||||
// to |out_tag|. |max_out_tag_len| must be sized to allow for the additional
|
||||
// |extra_in_len| bytes.
|
||||
//
|
||||
// The length of |nonce|, |nonce_len|, must be equal to the result of
|
||||
// |EVP_AEAD_nonce_length| for this AEAD.
|
||||
//
|
||||
// |EVP_AEAD_CTX_seal_scatter| never results in a partial output. If
|
||||
// |max_out_tag_len| is insufficient, zero will be returned. If any error
|
||||
// occurs, |out| and |out_tag| will be filled with zero bytes and |*out_tag_len|
|
||||
// set to zero.
|
||||
//
|
||||
// If |in| and |out| alias then |out| must be == |in|. |out_tag| may not alias
|
||||
// any other argument.
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_seal_scatter(
|
||||
const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
|
||||
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
|
||||
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
|
||||
size_t extra_in_len, const uint8_t *ad, size_t ad_len);
|
||||
|
||||
// EVP_AEAD_CTX_open_gather decrypts and authenticates |in_len| bytes from |in|
|
||||
// and authenticates |ad_len| bytes from |ad| using |in_tag_len| bytes of
|
||||
// authentication tag from |in_tag|. If successful, it writes |in_len| bytes of
|
||||
// plaintext to |out|. It returns one on success and zero otherwise.
|
||||
//
|
||||
// This function may be called concurrently with itself or any other seal/open
|
||||
// function on the same |EVP_AEAD_CTX|.
|
||||
//
|
||||
// The length of |nonce|, |nonce_len|, must be equal to the result of
|
||||
// |EVP_AEAD_nonce_length| for this AEAD.
|
||||
//
|
||||
// |EVP_AEAD_CTX_open_gather| never results in a partial output. If any error
|
||||
// occurs, |out| will be filled with zero bytes.
|
||||
//
|
||||
// If |in| and |out| alias then |out| must be == |in|.
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_open_gather(
|
||||
const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
|
||||
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
|
||||
size_t in_tag_len, const uint8_t *ad, size_t ad_len);
|
||||
|
||||
// EVP_AEAD_CTX_aead returns the underlying AEAD for |ctx|, or NULL if one has
|
||||
// not been set.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_AEAD_CTX_aead(const EVP_AEAD_CTX *ctx);
|
||||
|
||||
|
||||
// TLS-specific AEAD algorithms.
|
||||
//
|
||||
// These AEAD primitives do not meet the definition of generic AEADs. They are
|
||||
// all specific to TLS and should not be used outside of that context. They must
|
||||
// be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful, and may
|
||||
// not be used concurrently. Any nonces are used as IVs, so they must be
|
||||
// unpredictable. They only accept an |ad| parameter of length 11 (the standard
|
||||
// TLS one with length omitted).
|
||||
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls_implicit_iv(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls_implicit_iv(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha256_tls(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha256_tls_implicit_iv(
|
||||
void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha384_tls(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void);
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_null_sha1_tls(void);
|
||||
|
||||
// EVP_aead_aes_128_gcm_tls12 is AES-128 in Galois Counter Mode using the TLS
|
||||
// 1.2 nonce construction.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_tls12(void);
|
||||
|
||||
// EVP_aead_aes_256_gcm_tls12 is AES-256 in Galois Counter Mode using the TLS
|
||||
// 1.2 nonce construction.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_tls12(void);
|
||||
|
||||
// EVP_aead_aes_128_gcm_tls13 is AES-128 in Galois Counter Mode using the TLS
|
||||
// 1.3 nonce construction.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_tls13(void);
|
||||
|
||||
// EVP_aead_aes_256_gcm_tls13 is AES-256 in Galois Counter Mode using the TLS
|
||||
// 1.3 nonce construction.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_tls13(void);
|
||||
|
||||
|
||||
// Obscure functions.
|
||||
|
||||
// evp_aead_direction_t denotes the direction of an AEAD operation.
|
||||
enum evp_aead_direction_t {
|
||||
evp_aead_open,
|
||||
evp_aead_seal
|
||||
};
|
||||
|
||||
// EVP_AEAD_CTX_init_with_direction calls |EVP_AEAD_CTX_init| for normal
|
||||
// AEADs. For TLS-specific and SSL3-specific AEADs, it initializes |ctx| for a
|
||||
// given direction.
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_init_with_direction(
|
||||
EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len,
|
||||
size_t tag_len, enum evp_aead_direction_t dir);
|
||||
|
||||
// EVP_AEAD_CTX_get_iv sets |*out_len| to the length of the IV for |ctx| and
|
||||
// sets |*out_iv| to point to that many bytes of the current IV. This is only
|
||||
// meaningful for AEADs with implicit IVs (i.e. CBC mode in TLS 1.0).
|
||||
//
|
||||
// It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_get_iv(const EVP_AEAD_CTX *ctx,
|
||||
const uint8_t **out_iv, size_t *out_len);
|
||||
|
||||
// EVP_AEAD_CTX_tag_len computes the exact byte length of the tag written by
|
||||
// |EVP_AEAD_CTX_seal_scatter| and writes it to |*out_tag_len|. It returns one
|
||||
// on success or zero on error. |in_len| and |extra_in_len| must equal the
|
||||
// arguments of the same names passed to |EVP_AEAD_CTX_seal_scatter|.
|
||||
OPENSSL_EXPORT int EVP_AEAD_CTX_tag_len(const EVP_AEAD_CTX *ctx,
|
||||
size_t *out_tag_len,
|
||||
const size_t in_len,
|
||||
const size_t extra_in_len);
|
||||
|
||||
#define FIPS_AES_GCM_NONCE_LENGTH 12
|
||||
|
||||
// EVP_AEAD_get_iv_from_ipv4_nanosecs computes a deterministic IV compliant with
|
||||
// NIST SP 800-38D, built from an IPv4 address and the number of nanoseconds
|
||||
// since boot, writing it to |out_iv| (in little endian).
|
||||
// It returns one on success or zero for error.
|
||||
//
|
||||
// This is not a general-purpose API, you should not be using it unless you
|
||||
// specifically know you need to use this.
|
||||
OPENSSL_EXPORT int EVP_AEAD_get_iv_from_ipv4_nanosecs(
|
||||
const uint32_t ipv4_address, const uint64_t nanosecs,
|
||||
uint8_t out_iv[FIPS_AES_GCM_NONCE_LENGTH]);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
using ScopedEVP_AEAD_CTX =
|
||||
internal::StackAllocated<EVP_AEAD_CTX, void, EVP_AEAD_CTX_zero,
|
||||
EVP_AEAD_CTX_cleanup>;
|
||||
|
||||
BORINGSSL_MAKE_DELETER(EVP_AEAD_CTX, EVP_AEAD_CTX_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_AEAD_H
|
||||
+180
@@ -0,0 +1,180 @@
|
||||
// Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_AES_H
|
||||
#define OPENSSL_HEADER_AES_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Raw AES functions.
|
||||
|
||||
|
||||
#define AES_ENCRYPT 1
|
||||
#define AES_DECRYPT 0
|
||||
|
||||
// AES_MAXNR is the maximum number of AES rounds.
|
||||
#define AES_MAXNR 14
|
||||
|
||||
#define AES_BLOCK_SIZE 16
|
||||
|
||||
// aes_key_st should be an opaque type, but EVP requires that the size be
|
||||
// known.
|
||||
struct aes_key_st {
|
||||
uint32_t rd_key[4 * (AES_MAXNR + 1)];
|
||||
unsigned rounds;
|
||||
};
|
||||
typedef struct aes_key_st AES_KEY;
|
||||
|
||||
// AES_set_encrypt_key configures |aeskey| to encrypt with the |bits|-bit key,
|
||||
// |key|. |key| must point to |bits|/8 bytes. It returns zero on success and a
|
||||
// negative number if |bits| is an invalid AES key size.
|
||||
//
|
||||
// WARNING: this function breaks the usual return value convention.
|
||||
OPENSSL_EXPORT int AES_set_encrypt_key(const uint8_t *key, unsigned bits,
|
||||
AES_KEY *aeskey);
|
||||
|
||||
// AES_set_decrypt_key configures |aeskey| to decrypt with the |bits|-bit key,
|
||||
// |key|. |key| must point to |bits|/8 bytes. It returns zero on success and a
|
||||
// negative number if |bits| is an invalid AES key size.
|
||||
//
|
||||
// WARNING: this function breaks the usual return value convention.
|
||||
OPENSSL_EXPORT int AES_set_decrypt_key(const uint8_t *key, unsigned bits,
|
||||
AES_KEY *aeskey);
|
||||
|
||||
// AES_encrypt encrypts a single block from |in| to |out| with |key|. The |in|
|
||||
// and |out| pointers may overlap.
|
||||
OPENSSL_EXPORT void AES_encrypt(const uint8_t *in, uint8_t *out,
|
||||
const AES_KEY *key);
|
||||
|
||||
// AES_decrypt decrypts a single block from |in| to |out| with |key|. The |in|
|
||||
// and |out| pointers may overlap.
|
||||
OPENSSL_EXPORT void AES_decrypt(const uint8_t *in, uint8_t *out,
|
||||
const AES_KEY *key);
|
||||
|
||||
|
||||
// Block cipher modes.
|
||||
|
||||
// AES_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode) |len|
|
||||
// bytes from |in| to |out|. The |num| parameter must be set to zero on the
|
||||
// first call and |ivec| will be incremented. This function may be called
|
||||
// in-place with |in| equal to |out|, but otherwise the buffers may not
|
||||
// partially overlap. A partial overlap may overwrite input data before it is
|
||||
// read.
|
||||
OPENSSL_EXPORT void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len, const AES_KEY *key,
|
||||
uint8_t ivec[AES_BLOCK_SIZE],
|
||||
uint8_t ecount_buf[AES_BLOCK_SIZE],
|
||||
unsigned int *num);
|
||||
|
||||
// AES_ecb_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) a single,
|
||||
// 16 byte block from |in| to |out|. This function may be called in-place with
|
||||
// |in| equal to |out|, but otherwise the buffers may not partially overlap. A
|
||||
// partial overlap may overwrite input data before it is read.
|
||||
OPENSSL_EXPORT void AES_ecb_encrypt(const uint8_t *in, uint8_t *out,
|
||||
const AES_KEY *key, const int enc);
|
||||
|
||||
// AES_cbc_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
|
||||
// bytes from |in| to |out|. The length must be a multiple of the block size.
|
||||
// This function may be called in-place with |in| equal to |out|, but otherwise
|
||||
// the buffers may not partially overlap. A partial overlap may overwrite input
|
||||
// data before it is read.
|
||||
OPENSSL_EXPORT void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
||||
const AES_KEY *key, uint8_t *ivec,
|
||||
const int enc);
|
||||
|
||||
// AES_ofb128_encrypt encrypts (or decrypts, it's the same in OFB mode) |len|
|
||||
// bytes from |in| to |out|. The |num| parameter must be set to zero on the
|
||||
// first call. This function may be called in-place with |in| equal to |out|,
|
||||
// but otherwise the buffers may not partially overlap. A partial overlap may
|
||||
// overwrite input data before it is read.
|
||||
OPENSSL_EXPORT void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len, const AES_KEY *key,
|
||||
uint8_t *ivec, int *num);
|
||||
|
||||
// AES_cfb1_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
|
||||
// bytes from |in| to |out|. The |num| parameter must be set to zero on the
|
||||
// first call. This function may be called in-place with |in| equal to |out|,
|
||||
// but otherwise the buffers may not partially overlap. A partial overlap may
|
||||
// overwrite input data before it is read.
|
||||
OPENSSL_EXPORT void AES_cfb1_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t bits, const AES_KEY *key,
|
||||
uint8_t *ivec, int *num, int enc);
|
||||
|
||||
// AES_cfb8_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
|
||||
// bytes from |in| to |out|. The |num| parameter must be set to zero on the
|
||||
// first call. This function may be called in-place with |in| equal to |out|,
|
||||
// but otherwise the buffers may not partially overlap. A partial overlap may
|
||||
// overwrite input data before it is read.
|
||||
OPENSSL_EXPORT void AES_cfb8_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len, const AES_KEY *key,
|
||||
uint8_t *ivec, int *num, int enc);
|
||||
|
||||
// AES_cfb128_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
|
||||
// bytes from |in| to |out|. The |num| parameter must be set to zero on the
|
||||
// first call. This function may be called in-place with |in| equal to |out|,
|
||||
// but otherwise the buffers may not partially overlap. A partial overlap may
|
||||
// overwrite input data before it is read.
|
||||
OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len, const AES_KEY *key,
|
||||
uint8_t *ivec, int *num, int enc);
|
||||
|
||||
|
||||
// AES key wrap.
|
||||
//
|
||||
// These functions implement AES Key Wrap mode, as defined in RFC 3394. They
|
||||
// should never be used except to interoperate with existing systems that use
|
||||
// this mode.
|
||||
|
||||
// AES_wrap_key performs AES key wrap on |in| which must be a multiple of 8
|
||||
// bytes. |iv| must point to an 8 byte value or be NULL to use the default IV.
|
||||
// |key| must have been configured for encryption. On success, it writes
|
||||
// |in_len| + 8 bytes to |out| and returns |in_len| + 8. Otherwise, it returns
|
||||
// -1.
|
||||
OPENSSL_EXPORT int AES_wrap_key(const AES_KEY *key, const uint8_t *iv,
|
||||
uint8_t *out, const uint8_t *in, size_t in_len);
|
||||
|
||||
// AES_unwrap_key performs AES key unwrap on |in| which must be a multiple of 8
|
||||
// bytes. |iv| must point to an 8 byte value or be NULL to use the default IV.
|
||||
// |key| must have been configured for decryption. On success, it writes
|
||||
// |in_len| - 8 bytes to |out| and returns |in_len| - 8. Otherwise, it returns
|
||||
// -1.
|
||||
OPENSSL_EXPORT int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv,
|
||||
uint8_t *out, const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
|
||||
// AES key wrap with padding.
|
||||
//
|
||||
// These functions implement AES Key Wrap with Padding mode, as defined in RFC
|
||||
// 5649. They should never be used except to interoperate with existing systems
|
||||
// that use this mode.
|
||||
|
||||
// AES_wrap_key_padded performs a padded AES key wrap on |in| which must be
|
||||
// between 1 and 2^32-1 bytes. |key| must have been configured for encryption.
|
||||
// On success it writes at most |max_out| bytes of ciphertext to |out|, sets
|
||||
// |*out_len| to the number of bytes written, and returns one. On failure it
|
||||
// returns zero. To ensure success, set |max_out| to at least |in_len| + 15.
|
||||
OPENSSL_EXPORT int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out,
|
||||
size_t *out_len, size_t max_out,
|
||||
const uint8_t *in, size_t in_len);
|
||||
|
||||
// AES_unwrap_key_padded performs a padded AES key unwrap on |in| which must be
|
||||
// a multiple of 8 bytes. |key| must have been configured for decryption. On
|
||||
// success it writes at most |max_out| bytes to |out|, sets |*out_len| to the
|
||||
// number of bytes written, and returns one. On failure it returns zero. Setting
|
||||
// |max_out| to |in_len| is a sensible estimate.
|
||||
OPENSSL_EXPORT int AES_unwrap_key_padded(const AES_KEY *key, uint8_t *out,
|
||||
size_t *out_len, size_t max_out,
|
||||
const uint8_t *in, size_t in_len);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_AES_H
|
||||
+111
@@ -0,0 +1,111 @@
|
||||
// Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_ARM_ARCH_H
|
||||
#define OPENSSL_HEADER_ARM_ARCH_H
|
||||
|
||||
#include <openssl/target.h>
|
||||
|
||||
// arm_arch.h contains symbols used by ARM assembly, and the C code that calls
|
||||
// it. It is included as a public header to simplify the build, but is not
|
||||
// intended for external use.
|
||||
|
||||
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
|
||||
|
||||
// ARMV7_NEON is true when a NEON unit is present in the current CPU.
|
||||
#define ARMV7_NEON (1 << 0)
|
||||
|
||||
// ARMV8_AES indicates support for hardware AES instructions.
|
||||
#define ARMV8_AES (1 << 2)
|
||||
|
||||
// ARMV8_SHA1 indicates support for hardware SHA-1 instructions.
|
||||
#define ARMV8_SHA1 (1 << 3)
|
||||
|
||||
// ARMV8_SHA256 indicates support for hardware SHA-256 instructions.
|
||||
#define ARMV8_SHA256 (1 << 4)
|
||||
|
||||
// ARMV8_PMULL indicates support for carryless multiplication.
|
||||
#define ARMV8_PMULL (1 << 5)
|
||||
|
||||
// ARMV8_SHA512 indicates support for hardware SHA-512 instructions.
|
||||
#define ARMV8_SHA512 (1 << 6)
|
||||
|
||||
// ARMV8_SHA3 indicates support for hardware SHA-3 instructions including EOR3.
|
||||
#define ARMV8_SHA3 (1 << 11)
|
||||
|
||||
// Combination of all Armv8 Neon extension bits: 0x087c
|
||||
// NOTE: If you add further Armv8 Neon extension bits, adjust
|
||||
// "Test algorithm dispatch without CPU indicator or Neon extension capability bits"
|
||||
// in util/all_tests.json
|
||||
|
||||
// The Neoverse N1, V1, V2, and Apple M1 micro-architectures are detected to
|
||||
// allow selecting the fasted implementations for SHA3/SHAKE and AES-GCM.
|
||||
// Combination of all CPU indicator bits: 0x7080
|
||||
// NOTE: If you add further CPU indicator bits, adjust
|
||||
// "Test algorithm dispatch without CPU indicator bits" in util/all_tests.json.
|
||||
#define ARMV8_NEOVERSE_N1 (1 << 7)
|
||||
#define ARMV8_NEOVERSE_V1 (1 << 12)
|
||||
#define ARMV8_APPLE_M (1 << 13)
|
||||
#define ARMV8_NEOVERSE_V2 (1 << 14)
|
||||
|
||||
// Combination of CPU indicator bits and Armv8 Neon extension bits: 0x78fc
|
||||
|
||||
// ARMV8_DIT indicates support for the Data-Independent Timing (DIT) flag.
|
||||
#define ARMV8_DIT (1 << 15)
|
||||
// ARMV8_DIT_ALLOWED is a run-time en/disabler for the Data-Independent
|
||||
// Timing (DIT) flag capability. It makes the DIT capability allowed when it is
|
||||
// first discovered in |OPENSSL_cpuid_setup|. But that bit position in
|
||||
// |OPENSSL_armcap_P| can be toggled off and back on at run-time via
|
||||
// |armv8_disable_dit| and |armv8_enable_dit|, respectively.
|
||||
#define ARMV8_DIT_ALLOWED (1 << 16)
|
||||
|
||||
// ARMV8_RNG indicates supports for hardware RNG instruction RNDR.
|
||||
#define ARMV8_RNG (1 << 17)
|
||||
|
||||
//
|
||||
// MIDR_EL1 system register
|
||||
//
|
||||
// 63___ _ ___32_31___ _ ___24_23_____20_19_____16_15__ _ __4_3_______0
|
||||
// | | | | | | |
|
||||
// |RES0 | Implementer | Variant | Arch | PartNum |Revision|
|
||||
// |____ _ _____|_____ _ _____|_________|_______ _|____ _ ___|________|
|
||||
//
|
||||
|
||||
# define ARM_CPU_IMP_ARM 0x41
|
||||
|
||||
# define ARM_CPU_PART_CORTEX_A72 0xD08
|
||||
# define ARM_CPU_PART_N1 0xD0C
|
||||
# define ARM_CPU_PART_V1 0xD40
|
||||
# define ARM_CPU_PART_V2 0xD4F
|
||||
|
||||
# define MIDR_PARTNUM_SHIFT 4
|
||||
# define MIDR_PARTNUM_MASK (0xfffUL << MIDR_PARTNUM_SHIFT)
|
||||
# define MIDR_PARTNUM(midr) \
|
||||
(((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT)
|
||||
|
||||
# define MIDR_IMPLEMENTER_SHIFT 24
|
||||
# define MIDR_IMPLEMENTER_MASK (0xffUL << MIDR_IMPLEMENTER_SHIFT)
|
||||
# define MIDR_IMPLEMENTER(midr) \
|
||||
(((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT)
|
||||
|
||||
# define MIDR_ARCHITECTURE_SHIFT 16
|
||||
# define MIDR_ARCHITECTURE_MASK (0xfUL << MIDR_ARCHITECTURE_SHIFT)
|
||||
# define MIDR_ARCHITECTURE(midr) \
|
||||
(((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT)
|
||||
|
||||
# define MIDR_CPU_MODEL_MASK \
|
||||
(MIDR_IMPLEMENTER_MASK | \
|
||||
MIDR_PARTNUM_MASK | \
|
||||
MIDR_ARCHITECTURE_MASK)
|
||||
|
||||
# define MIDR_CPU_MODEL(imp, partnum) \
|
||||
(((imp) << MIDR_IMPLEMENTER_SHIFT) | \
|
||||
(0xfUL << MIDR_ARCHITECTURE_SHIFT) | \
|
||||
((partnum) << MIDR_PARTNUM_SHIFT))
|
||||
|
||||
# define MIDR_IS_CPU_MODEL(midr, imp, partnum) \
|
||||
(((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum))
|
||||
|
||||
#endif // ARM || AARCH64
|
||||
|
||||
#endif // OPENSSL_HEADER_ARM_ARCH_H
|
||||
+206
@@ -0,0 +1,206 @@
|
||||
// Copyright (c) 2023, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_ASM_BASE_H
|
||||
#define OPENSSL_HEADER_ASM_BASE_H
|
||||
|
||||
#include <openssl/target.h>
|
||||
|
||||
// This header contains symbols and common sections used by assembly files. It
|
||||
// is included as a public header to simplify the build, but is not intended for
|
||||
// external use.
|
||||
//
|
||||
// Every assembly file must include this header. Some linker features require
|
||||
// all object files to be tagged with some section metadata. This header file,
|
||||
// when included in assembly, adds that metadata. It also makes defines like
|
||||
// |OPENSSL_X86_64| available and includes the prefixing macros.
|
||||
//
|
||||
// Including this header in an assembly file imples:
|
||||
//
|
||||
// - The file does not require an executable stack.
|
||||
//
|
||||
// - The file, on aarch64, uses the macros defined below to be compatible with
|
||||
// BTI and PAC.
|
||||
//
|
||||
// - The file, on x86_64, requires the program to be compatible with Intel IBT
|
||||
// and SHSTK
|
||||
|
||||
#if defined(__ASSEMBLER__)
|
||||
|
||||
#include <openssl/boringssl_prefix_symbols_asm.h>
|
||||
|
||||
#if defined(__ELF__)
|
||||
// Every ELF object file, even empty ones, should disable executable stacks. See
|
||||
// https://www.airs.com/blog/archives/518.
|
||||
.pushsection .note.GNU-stack, "", %progbits
|
||||
.popsection
|
||||
#endif
|
||||
|
||||
#if defined(__CET__) && defined(OPENSSL_X86_64)
|
||||
// Clang and GCC define __CET__ and provide <cet.h> when they support Intel's
|
||||
// Indirect Branch Tracking.
|
||||
// https://lpc.events/event/7/contributions/729/attachments/496/903/CET-LPC-2020.pdf
|
||||
//
|
||||
// cet.h defines _CET_ENDBR which is used to mark function entry points for IBT.
|
||||
// and adds the assembly marker. The value of _CET_ENDBR is made dependant on if
|
||||
// '-fcf-protection' is passed to the compiler. _CET_ENDBR is only required when
|
||||
// the function is the target of an indirect jump, but BoringSSL chooses to mark
|
||||
// all assembly entry points because it is easier, and allows BoringSSL's ABI
|
||||
// tester to call the assembly entry points via an indirect jump.
|
||||
#include <cet.h>
|
||||
#elif !defined(_CET_ENDBR)
|
||||
// If cet.h does not exist, manually define _CET_ENDBR to be the ENDBR64
|
||||
// instruction, with an explicit byte sequence for compilers/assemblers that
|
||||
// don't know about it. Note that it is safe to use ENDBR64 on all platforms,
|
||||
// since the encoding is by design interpreted as a NOP on all pre-CET x86_64
|
||||
// processors.
|
||||
#define _CET_ENDBR .byte 0xf3,0x0f,0x1e,0xfa
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
|
||||
|
||||
#if defined(__aarch64__) && !defined(__ARM_ARCH)
|
||||
// Support for GCC v4.8+. GCC 4.8 was the first version to support aarch64
|
||||
// but it doesn't define __ARM_ARCH for aarch64 targets.
|
||||
#if defined(__GNUC__) && (__GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8))
|
||||
#error "GCC 4.8 or later is required for aarch64 support"
|
||||
#endif
|
||||
#define __ARM_ARCH 8
|
||||
#endif
|
||||
|
||||
// We require the ARM assembler provide |__ARM_ARCH| from Arm C Language
|
||||
// Extensions (ACLE). This is supported in GCC 4.8+ and Clang 3.2+. MSVC does
|
||||
// not implement ACLE, but we require Clang's assembler on Windows.
|
||||
#if !defined(__ARM_ARCH)
|
||||
#error "ARM assembler must define __ARM_ARCH"
|
||||
#endif
|
||||
|
||||
// Even when building for 32-bit ARM, support for aarch64 crypto instructions
|
||||
// will be included.
|
||||
//
|
||||
// TODO(davidben): Remove this and the corresponding ifdefs? This is only
|
||||
// defined because some OpenSSL assembly files would allow disabling the NEON
|
||||
// code entirely. I think we'd prefer to do that by lifting the dispatch to C
|
||||
// anyway.
|
||||
#define __ARM_MAX_ARCH__ 8
|
||||
|
||||
// Support macros for
|
||||
// - Armv8.3-A Pointer Authentication and
|
||||
// - Armv8.5-A Branch Target Identification
|
||||
// features which require emitting a .note.gnu.property section with the
|
||||
// appropriate architecture-dependent feature bits set.
|
||||
//
|
||||
// |AARCH64_SIGN_LINK_REGISTER| and |AARCH64_VALIDATE_LINK_REGISTER| expand to
|
||||
// PACIxSP and AUTIxSP, respectively. |AARCH64_SIGN_LINK_REGISTER| should be
|
||||
// used immediately before saving the LR register (x30) to the stack.
|
||||
// |AARCH64_VALIDATE_LINK_REGISTER| should be used immediately after restoring
|
||||
// it. Note |AARCH64_SIGN_LINK_REGISTER|'s modifications to LR must be undone
|
||||
// with |AARCH64_VALIDATE_LINK_REGISTER| before RET. The SP register must also
|
||||
// have the same value at the two points. For example:
|
||||
//
|
||||
// .global f
|
||||
// f:
|
||||
// AARCH64_SIGN_LINK_REGISTER
|
||||
// stp x29, x30, [sp, #-96]!
|
||||
// mov x29, sp
|
||||
// ...
|
||||
// ldp x29, x30, [sp], #96
|
||||
// AARCH64_VALIDATE_LINK_REGISTER
|
||||
// ret
|
||||
//
|
||||
// |AARCH64_VALID_CALL_TARGET| expands to BTI 'c'. Either it, or
|
||||
// |AARCH64_SIGN_LINK_REGISTER|, must be used at every point that may be an
|
||||
// indirect call target. In particular, all symbols exported from a file must
|
||||
// begin with one of these macros. For example, a leaf function that does not
|
||||
// save LR can instead use |AARCH64_VALID_CALL_TARGET|:
|
||||
//
|
||||
// .globl return_zero
|
||||
// return_zero:
|
||||
// AARCH64_VALID_CALL_TARGET
|
||||
// mov x0, #0
|
||||
// ret
|
||||
//
|
||||
// A non-leaf function which does not immediately save LR may need both macros
|
||||
// because |AARCH64_SIGN_LINK_REGISTER| appears late. For example, the function
|
||||
// may jump to an alternate implementation before setting up the stack:
|
||||
//
|
||||
// .globl with_early_jump
|
||||
// with_early_jump:
|
||||
// AARCH64_VALID_CALL_TARGET
|
||||
// cmp x0, #128
|
||||
// b.lt .Lwith_early_jump_128
|
||||
// AARCH64_SIGN_LINK_REGISTER
|
||||
// stp x29, x30, [sp, #-96]!
|
||||
// mov x29, sp
|
||||
// ...
|
||||
// ldp x29, x30, [sp], #96
|
||||
// AARCH64_VALIDATE_LINK_REGISTER
|
||||
// ret
|
||||
//
|
||||
// .Lwith_early_jump_128:
|
||||
// ...
|
||||
// ret
|
||||
//
|
||||
// These annotations are only required with indirect calls. Private symbols that
|
||||
// are only the target of direct calls do not require annotations. Also note
|
||||
// that |AARCH64_VALID_CALL_TARGET| is only valid for indirect calls (BLR), not
|
||||
// indirect jumps (BR). Indirect jumps in assembly are currently not supported
|
||||
// and would require a macro for BTI 'j'.
|
||||
//
|
||||
// Although not necessary, it is safe to use these macros in 32-bit ARM
|
||||
// assembly. This may be used to simplify dual 32-bit and 64-bit files.
|
||||
//
|
||||
// References:
|
||||
// - "ELF for the Arm® 64-bit Architecture"
|
||||
// https://github.com/ARM-software/abi-aa/blob/master/aaelf64/aaelf64.rst
|
||||
// - "Providing protection for complex software"
|
||||
// https://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software
|
||||
|
||||
#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
|
||||
#define GNU_PROPERTY_AARCH64_BTI (1 << 0) // Has Branch Target Identification
|
||||
#define AARCH64_VALID_CALL_TARGET hint #34 // BTI 'c'
|
||||
#else
|
||||
#define GNU_PROPERTY_AARCH64_BTI 0 // No Branch Target Identification
|
||||
#define AARCH64_VALID_CALL_TARGET
|
||||
#endif
|
||||
|
||||
#if defined(__ARM_FEATURE_PAC_DEFAULT) && \
|
||||
(__ARM_FEATURE_PAC_DEFAULT & 1) == 1 // Signed with A-key
|
||||
#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
|
||||
(1 << 1) // Has Pointer Authentication
|
||||
#define AARCH64_SIGN_LINK_REGISTER hint #25 // PACIASP
|
||||
#define AARCH64_VALIDATE_LINK_REGISTER hint #29 // AUTIASP
|
||||
#elif defined(__ARM_FEATURE_PAC_DEFAULT) && \
|
||||
(__ARM_FEATURE_PAC_DEFAULT & 2) == 2 // Signed with B-key
|
||||
#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
|
||||
(1 << 1) // Has Pointer Authentication
|
||||
#define AARCH64_SIGN_LINK_REGISTER hint #27 // PACIBSP
|
||||
#define AARCH64_VALIDATE_LINK_REGISTER hint #31 // AUTIBSP
|
||||
#else
|
||||
#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 // No Pointer Authentication
|
||||
#if GNU_PROPERTY_AARCH64_BTI != 0
|
||||
#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET
|
||||
#else
|
||||
#define AARCH64_SIGN_LINK_REGISTER
|
||||
#endif
|
||||
#define AARCH64_VALIDATE_LINK_REGISTER
|
||||
#endif
|
||||
|
||||
#if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0
|
||||
.pushsection .note.gnu.property, "a";
|
||||
.balign 8;
|
||||
.long 4;
|
||||
.long 0x10;
|
||||
.long 0x5;
|
||||
.asciz "GNU";
|
||||
.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
|
||||
.long 4;
|
||||
.long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI);
|
||||
.long 0;
|
||||
.popsection;
|
||||
#endif
|
||||
#endif // ARM || AARCH64
|
||||
|
||||
#endif // __ASSEMBLER__
|
||||
|
||||
#endif // OPENSSL_HEADER_ASM_BASE_H
|
||||
+2149
File diff suppressed because it is too large
Load Diff
+7
@@ -0,0 +1,7 @@
|
||||
// Copyright (c) 2016, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "asn1.h"
|
||||
+657
@@ -0,0 +1,657 @@
|
||||
// Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 2000.
|
||||
// Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_ASN1T_H
|
||||
#define OPENSSL_HEADER_ASN1T_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/* Legacy ASN.1 library template definitions.
|
||||
*
|
||||
* This header is used to define new types in OpenSSL's ASN.1 implementation. It
|
||||
* is deprecated and will be unexported from the library. Use the new |CBS| and
|
||||
* |CBB| library in <openssl/bytestring.h> instead. */
|
||||
|
||||
|
||||
typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
|
||||
typedef struct ASN1_TLC_st ASN1_TLC;
|
||||
|
||||
/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
|
||||
#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
|
||||
|
||||
|
||||
/* Macros for start and end of ASN1_ITEM definition */
|
||||
|
||||
#define ASN1_ITEM_start(itname) \
|
||||
const ASN1_ITEM itname##_it = {
|
||||
|
||||
#define ASN1_ITEM_end(itname) \
|
||||
};
|
||||
|
||||
/* Macros to aid ASN1 template writing */
|
||||
|
||||
#define ASN1_ITEM_TEMPLATE(tname) \
|
||||
static const ASN1_TEMPLATE tname##_item_tt
|
||||
|
||||
#define ASN1_ITEM_TEMPLATE_END(tname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_PRIMITIVE,\
|
||||
-1,\
|
||||
&tname##_item_tt,\
|
||||
0,\
|
||||
NULL,\
|
||||
0,\
|
||||
#tname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
|
||||
/* This is a ASN1 type which just embeds a template */
|
||||
|
||||
/* This pair helps declare a SEQUENCE. We can do:
|
||||
*
|
||||
* ASN1_SEQUENCE(stname) = {
|
||||
* ... SEQUENCE components ...
|
||||
* } ASN1_SEQUENCE_END(stname)
|
||||
*
|
||||
* This will produce an ASN1_ITEM called stname_it
|
||||
* for a structure called stname.
|
||||
*
|
||||
* If you want the same structure but a different
|
||||
* name then use:
|
||||
*
|
||||
* ASN1_SEQUENCE(itname) = {
|
||||
* ... SEQUENCE components ...
|
||||
* } ASN1_SEQUENCE_END_name(stname, itname)
|
||||
*
|
||||
* This will create an item called itname_it using
|
||||
* a structure called stname.
|
||||
*/
|
||||
|
||||
#define ASN1_SEQUENCE(tname) \
|
||||
static const ASN1_TEMPLATE tname##_seq_tt[]
|
||||
|
||||
#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
|
||||
|
||||
#define ASN1_SEQUENCE_END_name(stname, tname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_SEQUENCE,\
|
||||
V_ASN1_SEQUENCE,\
|
||||
tname##_seq_tt,\
|
||||
sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
|
||||
NULL,\
|
||||
sizeof(stname),\
|
||||
#stname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
#define ASN1_SEQUENCE_cb(tname, cb) \
|
||||
static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \
|
||||
ASN1_SEQUENCE(tname)
|
||||
|
||||
#define ASN1_SEQUENCE_ref(tname, cb) \
|
||||
static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), cb, 0}; \
|
||||
ASN1_SEQUENCE(tname)
|
||||
|
||||
#define ASN1_SEQUENCE_enc(tname, enc, cb) \
|
||||
static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, offsetof(tname, enc)}; \
|
||||
ASN1_SEQUENCE(tname)
|
||||
|
||||
#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
|
||||
|
||||
#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
|
||||
|
||||
#define ASN1_SEQUENCE_END_ref(stname, tname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_SEQUENCE,\
|
||||
V_ASN1_SEQUENCE,\
|
||||
tname##_seq_tt,\
|
||||
sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
|
||||
&tname##_aux,\
|
||||
sizeof(stname),\
|
||||
#stname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
|
||||
/* This pair helps declare a CHOICE type. We can do:
|
||||
*
|
||||
* ASN1_CHOICE(chname) = {
|
||||
* ... CHOICE options ...
|
||||
* ASN1_CHOICE_END(chname)
|
||||
*
|
||||
* This will produce an ASN1_ITEM called chname_it
|
||||
* for a structure called chname. The structure
|
||||
* definition must look like this:
|
||||
* typedef struct {
|
||||
* int type;
|
||||
* union {
|
||||
* ASN1_SOMETHING *opt1;
|
||||
* ASN1_SOMEOTHER *opt2;
|
||||
* } value;
|
||||
* } chname;
|
||||
*
|
||||
* the name of the selector must be 'type'.
|
||||
* to use an alternative selector name use the
|
||||
* ASN1_CHOICE_END_selector() version.
|
||||
*/
|
||||
|
||||
#define ASN1_CHOICE(tname) \
|
||||
static const ASN1_TEMPLATE tname##_ch_tt[]
|
||||
|
||||
#define ASN1_CHOICE_cb(tname, cb) \
|
||||
static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \
|
||||
ASN1_CHOICE(tname)
|
||||
|
||||
#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
|
||||
|
||||
#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
|
||||
|
||||
#define ASN1_CHOICE_END_selector(stname, tname, selname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_CHOICE,\
|
||||
offsetof(stname,selname) ,\
|
||||
tname##_ch_tt,\
|
||||
sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
|
||||
NULL,\
|
||||
sizeof(stname),\
|
||||
#stname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
#define ASN1_CHOICE_END_cb(stname, tname, selname) \
|
||||
;\
|
||||
ASN1_ITEM_start(tname) \
|
||||
ASN1_ITYPE_CHOICE,\
|
||||
offsetof(stname,selname) ,\
|
||||
tname##_ch_tt,\
|
||||
sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
|
||||
&tname##_aux,\
|
||||
sizeof(stname),\
|
||||
#stname \
|
||||
ASN1_ITEM_end(tname)
|
||||
|
||||
/* This helps with the template wrapper form of ASN1_ITEM */
|
||||
|
||||
#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
|
||||
(flags), (tag), 0,\
|
||||
#name, ASN1_ITEM_ref(type) }
|
||||
|
||||
/* These help with SEQUENCE or CHOICE components */
|
||||
|
||||
/* used to declare other types */
|
||||
|
||||
#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
|
||||
(flags), (tag), offsetof(stname, field),\
|
||||
#field, ASN1_ITEM_ref(type) }
|
||||
|
||||
/* used when the structure is combined with the parent */
|
||||
|
||||
#define ASN1_EX_COMBINE(flags, tag, type) { \
|
||||
(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
|
||||
|
||||
/* implicit and explicit helper macros */
|
||||
|
||||
#define ASN1_IMP_EX(stname, field, type, tag, ex) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
|
||||
|
||||
#define ASN1_EXP_EX(stname, field, type, tag, ex) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
|
||||
|
||||
/* Any defined by macros: the field used is in the table itself */
|
||||
|
||||
#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
|
||||
/* Plain simple type */
|
||||
#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
|
||||
|
||||
/* OPTIONAL simple type */
|
||||
#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
|
||||
|
||||
/* IMPLICIT tagged simple type */
|
||||
#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
|
||||
|
||||
/* IMPLICIT tagged OPTIONAL simple type */
|
||||
#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
|
||||
|
||||
/* Same as above but EXPLICIT */
|
||||
|
||||
#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
|
||||
#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
|
||||
|
||||
/* SEQUENCE OF type */
|
||||
#define ASN1_SEQUENCE_OF(stname, field, type) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
|
||||
|
||||
/* OPTIONAL SEQUENCE OF */
|
||||
#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
|
||||
|
||||
/* Same as above but for SET OF */
|
||||
|
||||
#define ASN1_SET_OF(stname, field, type) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
|
||||
|
||||
#define ASN1_SET_OF_OPT(stname, field, type) \
|
||||
ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
|
||||
|
||||
/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
|
||||
|
||||
#define ASN1_IMP_SET_OF(stname, field, type, tag) \
|
||||
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
|
||||
|
||||
#define ASN1_EXP_SET_OF(stname, field, type, tag) \
|
||||
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
|
||||
|
||||
#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
|
||||
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
|
||||
|
||||
#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
|
||||
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
|
||||
|
||||
#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
|
||||
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
|
||||
|
||||
#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
|
||||
ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
|
||||
|
||||
#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
|
||||
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
|
||||
|
||||
#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
|
||||
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
|
||||
|
||||
/* Macros for the ASN1_ADB structure */
|
||||
|
||||
#define ASN1_ADB(name) \
|
||||
static const ASN1_ADB_TABLE name##_adbtbl[]
|
||||
|
||||
#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
|
||||
;\
|
||||
static const ASN1_ADB name##_adb = {\
|
||||
flags,\
|
||||
offsetof(name, field),\
|
||||
app_table,\
|
||||
name##_adbtbl,\
|
||||
sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
|
||||
def,\
|
||||
none\
|
||||
}
|
||||
|
||||
#define ADB_ENTRY(val, template) {val, template}
|
||||
|
||||
#define ASN1_ADB_TEMPLATE(name) \
|
||||
static const ASN1_TEMPLATE name##_tt
|
||||
|
||||
/* This is the ASN1 template structure that defines
|
||||
* a wrapper round the actual type. It determines the
|
||||
* actual position of the field in the value structure,
|
||||
* various flags such as OPTIONAL and the field name.
|
||||
*/
|
||||
|
||||
struct ASN1_TEMPLATE_st {
|
||||
uint32_t flags; /* Various flags */
|
||||
int tag; /* tag, not used if no tagging */
|
||||
unsigned long offset; /* Offset of this field in structure */
|
||||
const char *field_name; /* Field name */
|
||||
ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
|
||||
};
|
||||
|
||||
/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
|
||||
|
||||
#define ASN1_TEMPLATE_item(t) (t->item_ptr)
|
||||
#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
|
||||
|
||||
typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
|
||||
typedef struct ASN1_ADB_st ASN1_ADB;
|
||||
|
||||
typedef struct asn1_must_be_null_st ASN1_MUST_BE_NULL;
|
||||
|
||||
struct ASN1_ADB_st {
|
||||
uint32_t flags; /* Various flags */
|
||||
unsigned long offset; /* Offset of selector field */
|
||||
ASN1_MUST_BE_NULL *unused;
|
||||
const ASN1_ADB_TABLE *tbl; /* Table of possible types */
|
||||
long tblcount; /* Number of entries in tbl */
|
||||
const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
|
||||
const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
|
||||
};
|
||||
|
||||
struct ASN1_ADB_TABLE_st {
|
||||
int value; /* NID for an object */
|
||||
const ASN1_TEMPLATE tt; /* item for this value */
|
||||
};
|
||||
|
||||
/* template flags */
|
||||
|
||||
/* Field is optional */
|
||||
#define ASN1_TFLG_OPTIONAL (0x1)
|
||||
|
||||
/* Field is a SET OF */
|
||||
#define ASN1_TFLG_SET_OF (0x1 << 1)
|
||||
|
||||
/* Field is a SEQUENCE OF */
|
||||
#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1)
|
||||
|
||||
/* Mask for SET OF or SEQUENCE OF */
|
||||
#define ASN1_TFLG_SK_MASK (0x3 << 1)
|
||||
|
||||
/* These flags mean the tag should be taken from the
|
||||
* tag field. If EXPLICIT then the underlying type
|
||||
* is used for the inner tag.
|
||||
*/
|
||||
|
||||
/* IMPLICIT tagging */
|
||||
#define ASN1_TFLG_IMPTAG (0x1 << 3)
|
||||
|
||||
|
||||
/* EXPLICIT tagging, inner tag from underlying type */
|
||||
#define ASN1_TFLG_EXPTAG (0x2 << 3)
|
||||
|
||||
#define ASN1_TFLG_TAG_MASK (0x3 << 3)
|
||||
|
||||
/* context specific IMPLICIT */
|
||||
#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
|
||||
|
||||
/* context specific EXPLICIT */
|
||||
#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
|
||||
|
||||
/* If tagging is in force these determine the
|
||||
* type of tag to use. Otherwise the tag is
|
||||
* determined by the underlying type. These
|
||||
* values reflect the actual octet format.
|
||||
*/
|
||||
|
||||
/* Universal tag */
|
||||
#define ASN1_TFLG_UNIVERSAL (0x0<<6)
|
||||
/* Application tag */
|
||||
#define ASN1_TFLG_APPLICATION (0x1<<6)
|
||||
/* Context specific tag */
|
||||
#define ASN1_TFLG_CONTEXT (0x2<<6)
|
||||
/* Private tag */
|
||||
#define ASN1_TFLG_PRIVATE (0x3<<6)
|
||||
|
||||
#define ASN1_TFLG_TAG_CLASS (0x3<<6)
|
||||
|
||||
/* These are for ANY DEFINED BY type. In this case
|
||||
* the 'item' field points to an ASN1_ADB structure
|
||||
* which contains a table of values to decode the
|
||||
* relevant type
|
||||
*/
|
||||
|
||||
#define ASN1_TFLG_ADB_MASK (0x3<<8)
|
||||
|
||||
#define ASN1_TFLG_ADB_OID (0x1<<8)
|
||||
|
||||
/* This flag means a parent structure is passed
|
||||
* instead of the field: this is useful is a
|
||||
* SEQUENCE is being combined with a CHOICE for
|
||||
* example. Since this means the structure and
|
||||
* item name will differ we need to use the
|
||||
* ASN1_CHOICE_END_name() macro for example.
|
||||
*/
|
||||
|
||||
#define ASN1_TFLG_COMBINE (0x1<<10)
|
||||
|
||||
/* This is the actual ASN1 item itself */
|
||||
|
||||
struct ASN1_ITEM_st {
|
||||
char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */
|
||||
int utype; /* underlying type */
|
||||
const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
|
||||
long tcount; /* Number of templates if SEQUENCE or CHOICE */
|
||||
const void *funcs; /* functions that handle this type */
|
||||
long size; /* Structure size (usually)*/
|
||||
const char *sname; /* Structure name */
|
||||
};
|
||||
|
||||
/* These are values for the itype field and
|
||||
* determine how the type is interpreted.
|
||||
*
|
||||
* For PRIMITIVE types the underlying type
|
||||
* determines the behaviour if items is NULL.
|
||||
*
|
||||
* Otherwise templates must contain a single
|
||||
* template and the type is treated in the
|
||||
* same way as the type specified in the template.
|
||||
*
|
||||
* For SEQUENCE types the templates field points
|
||||
* to the members, the size field is the
|
||||
* structure size.
|
||||
*
|
||||
* For CHOICE types the templates field points
|
||||
* to each possible member (typically a union)
|
||||
* and the 'size' field is the offset of the
|
||||
* selector.
|
||||
*
|
||||
* The 'funcs' field is used for application
|
||||
* specific functions.
|
||||
*
|
||||
* The EXTERN type uses a new style d2i/i2d.
|
||||
* The new style should be used where possible
|
||||
* because it avoids things like the d2i IMPLICIT
|
||||
* hack.
|
||||
*
|
||||
* MSTRING is a multiple string type, it is used
|
||||
* for a CHOICE of character strings where the
|
||||
* actual strings all occupy an ASN1_STRING
|
||||
* structure. In this case the 'utype' field
|
||||
* has a special meaning, it is used as a mask
|
||||
* of acceptable types using the B_ASN1 constants.
|
||||
*
|
||||
*/
|
||||
|
||||
#define ASN1_ITYPE_PRIMITIVE 0x0
|
||||
|
||||
#define ASN1_ITYPE_SEQUENCE 0x1
|
||||
|
||||
#define ASN1_ITYPE_CHOICE 0x2
|
||||
|
||||
#define ASN1_ITYPE_EXTERN 0x4
|
||||
|
||||
#define ASN1_ITYPE_MSTRING 0x5
|
||||
|
||||
/* Deprecated tag and length cache */
|
||||
struct ASN1_TLC_st;
|
||||
|
||||
/* Typedefs for ASN1 function pointers */
|
||||
|
||||
typedef ASN1_VALUE * ASN1_new_func(void);
|
||||
typedef void ASN1_free_func(ASN1_VALUE *a);
|
||||
typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
|
||||
typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
|
||||
|
||||
typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
|
||||
int tag, int aclass, char opt, ASN1_TLC *ctx);
|
||||
|
||||
typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
|
||||
typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
||||
|
||||
typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
|
||||
int indent, const char *fname,
|
||||
const ASN1_PCTX *pctx);
|
||||
|
||||
typedef struct ASN1_EXTERN_FUNCS_st {
|
||||
void *app_data;
|
||||
ASN1_ex_new_func *asn1_ex_new;
|
||||
ASN1_ex_free_func *asn1_ex_free;
|
||||
ASN1_ex_d2i *asn1_ex_d2i;
|
||||
ASN1_ex_i2d *asn1_ex_i2d;
|
||||
/* asn1_ex_print is unused. */
|
||||
ASN1_ex_print_func *asn1_ex_print;
|
||||
} ASN1_EXTERN_FUNCS;
|
||||
|
||||
/* This is the ASN1_AUX structure: it handles various
|
||||
* miscellaneous requirements. For example the use of
|
||||
* reference counts and an informational callback.
|
||||
*
|
||||
* The "informational callback" is called at various
|
||||
* points during the ASN1 encoding and decoding. It can
|
||||
* be used to provide minor customisation of the structures
|
||||
* used. This is most useful where the supplied routines
|
||||
* *almost* do the right thing but need some extra help
|
||||
* at a few points. If the callback returns zero then
|
||||
* it is assumed a fatal error has occurred and the
|
||||
* main operation should be abandoned.
|
||||
*
|
||||
* If major changes in the default behaviour are required
|
||||
* then an external type is more appropriate.
|
||||
*/
|
||||
|
||||
typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
|
||||
void *exarg);
|
||||
|
||||
typedef struct ASN1_AUX_st {
|
||||
void *app_data;
|
||||
uint32_t flags;
|
||||
int ref_offset; /* Offset of reference value */
|
||||
ASN1_aux_cb *asn1_cb;
|
||||
int enc_offset; /* Offset of ASN1_ENCODING structure */
|
||||
} ASN1_AUX;
|
||||
|
||||
/* Flags in ASN1_AUX */
|
||||
|
||||
/* Use a reference count */
|
||||
#define ASN1_AFLG_REFCOUNT 1
|
||||
/* Save the encoding of structure (useful for signatures) */
|
||||
#define ASN1_AFLG_ENCODING 2
|
||||
|
||||
/* operation values for asn1_cb */
|
||||
|
||||
#define ASN1_OP_NEW_PRE 0
|
||||
#define ASN1_OP_NEW_POST 1
|
||||
#define ASN1_OP_FREE_PRE 2
|
||||
#define ASN1_OP_FREE_POST 3
|
||||
#define ASN1_OP_D2I_PRE 4
|
||||
#define ASN1_OP_D2I_POST 5
|
||||
/* ASN1_OP_I2D_PRE and ASN1_OP_I2D_POST are not supported. We leave the
|
||||
* constants undefined so code relying on them does not accidentally compile. */
|
||||
#define ASN1_OP_PRINT_PRE 8
|
||||
#define ASN1_OP_PRINT_POST 9
|
||||
#define ASN1_OP_STREAM_PRE 10
|
||||
#define ASN1_OP_STREAM_POST 11
|
||||
#define ASN1_OP_DETACHED_PRE 12
|
||||
#define ASN1_OP_DETACHED_POST 13
|
||||
|
||||
/* Macro to implement a primitive type */
|
||||
#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
|
||||
#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
|
||||
ASN1_ITEM_start(itname) \
|
||||
ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
|
||||
ASN1_ITEM_end(itname)
|
||||
|
||||
/* Macro to implement a multi string type */
|
||||
#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
|
||||
ASN1_ITEM_start(itname) \
|
||||
ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
|
||||
ASN1_ITEM_end(itname)
|
||||
|
||||
#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
|
||||
ASN1_ITEM_start(sname) \
|
||||
ASN1_ITYPE_EXTERN, \
|
||||
tag, \
|
||||
NULL, \
|
||||
0, \
|
||||
&fptrs, \
|
||||
0, \
|
||||
#sname \
|
||||
ASN1_ITEM_end(sname)
|
||||
|
||||
/* Macro to implement standard functions in terms of ASN1_ITEM structures */
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
|
||||
IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
|
||||
|
||||
#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
|
||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
|
||||
|
||||
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
|
||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
|
||||
|
||||
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
|
||||
pre stname *fname##_new(void) \
|
||||
{ \
|
||||
return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
|
||||
} \
|
||||
pre void fname##_free(stname *a) \
|
||||
{ \
|
||||
ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
|
||||
stname *fname##_new(void) \
|
||||
{ \
|
||||
return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
|
||||
} \
|
||||
void fname##_free(stname *a) \
|
||||
{ \
|
||||
ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
|
||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
|
||||
|
||||
#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
|
||||
stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
|
||||
{ \
|
||||
return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
|
||||
} \
|
||||
int i2d_##fname(stname *a, unsigned char **out) \
|
||||
{ \
|
||||
return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
|
||||
}
|
||||
|
||||
/* This includes evil casts to remove const: they will go away when full
|
||||
* ASN1 constification is done.
|
||||
*/
|
||||
#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
|
||||
stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
|
||||
{ \
|
||||
return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
|
||||
} \
|
||||
int i2d_##fname(const stname *a, unsigned char **out) \
|
||||
{ \
|
||||
return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
|
||||
}
|
||||
|
||||
#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
|
||||
stname *stname##_dup(stname *x) { \
|
||||
return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_ASN1_DUP_FUNCTION_const(stname) \
|
||||
stname *stname##_dup(const stname *x) { \
|
||||
return ASN1_item_dup(ASN1_ITEM_rptr(stname), (void *)x); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
|
||||
IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
|
||||
|
||||
#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
|
||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
|
||||
|
||||
/* external definitions for primitive types */
|
||||
|
||||
DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
|
||||
|
||||
DEFINE_STACK_OF(ASN1_VALUE)
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_ASN1T_H
|
||||
+613
@@ -0,0 +1,613 @@
|
||||
// Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_BASE_H
|
||||
#define OPENSSL_HEADER_BASE_H
|
||||
|
||||
|
||||
/**
|
||||
* @file
|
||||
* @brief This file should be the first included by all AWS-LC headers.
|
||||
*/
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#if defined(__MINGW32__)
|
||||
// stdio.h is needed on MinGW for __MINGW_PRINTF_FORMAT.
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
#if defined(__APPLE__)
|
||||
#include <TargetConditionals.h>
|
||||
#endif
|
||||
|
||||
// Include an AWS-LC-only header so consumers including this header without
|
||||
// setting up include paths do not accidentally pick up the system
|
||||
// opensslconf.h.
|
||||
#include <openssl/is_awslc.h>
|
||||
#include <openssl/opensslconf.h>
|
||||
#include <openssl/target.h> // IWYU pragma: export
|
||||
|
||||
#include <openssl/boringssl_prefix_symbols.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(BORINGSSL_FIPS)
|
||||
#define AWSLC_FIPS
|
||||
#endif
|
||||
|
||||
#define AWSLC_VERSION_NAME "AWS-LC"
|
||||
#define OPENSSL_IS_AWSLC
|
||||
// |OPENSSL_VERSION_NUMBER| should match the version number in opensslv.h.
|
||||
#define OPENSSL_VERSION_NUMBER 0x1010107f
|
||||
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
|
||||
|
||||
// BORINGSSL_API_VERSION is replaced with AWSLC_API_VERSION to avoid users interpreting AWSLC as BoringSSL.
|
||||
// Below are BoringSSL's comments on BORINGSSL_API_VERSION.
|
||||
// BORINGSSL_API_VERSION is a positive integer that increments as BoringSSL
|
||||
// changes over time. The value itself is not meaningful. It will be incremented
|
||||
// whenever is convenient to coordinate an API change with consumers. This will
|
||||
// not denote any special point in development.
|
||||
//
|
||||
// A consumer may use this symbol in the preprocessor to temporarily build
|
||||
// against multiple revisions of BoringSSL at the same time. It is not
|
||||
// recommended to do so for longer than is necessary.
|
||||
#define AWSLC_API_VERSION 35
|
||||
|
||||
// This string tracks the most current production release version on Github
|
||||
// https://github.com/aws/aws-lc/releases.
|
||||
// When bumping the encoded version number, also update the test fixture:
|
||||
// ServiceIndicatorTest.AWSLCVersionString
|
||||
// Note: there are two versions of this test. Only one test is compiled
|
||||
// depending on FIPS mode.
|
||||
#define AWSLC_VERSION_NUMBER_STRING "1.73.0"
|
||||
|
||||
#if defined(BORINGSSL_SHARED_LIBRARY)
|
||||
|
||||
#if defined(OPENSSL_WINDOWS)
|
||||
|
||||
#if defined(BORINGSSL_IMPLEMENTATION)
|
||||
#define OPENSSL_EXPORT __declspec(dllexport)
|
||||
#else
|
||||
#define OPENSSL_EXPORT __declspec(dllimport)
|
||||
#endif
|
||||
|
||||
#else // defined(OPENSSL_WINDOWS)
|
||||
|
||||
#if defined(BORINGSSL_IMPLEMENTATION)
|
||||
#define OPENSSL_EXPORT __attribute__((visibility("default")))
|
||||
#else
|
||||
#define OPENSSL_EXPORT
|
||||
#endif
|
||||
|
||||
#endif // defined(OPENSSL_WINDOWS)
|
||||
|
||||
#else // defined(BORINGSSL_SHARED_LIBRARY)
|
||||
|
||||
#if defined(OPENSSL_WINDOWS)
|
||||
#define OPENSSL_EXPORT
|
||||
#else
|
||||
#define OPENSSL_EXPORT __attribute__((visibility("default")))
|
||||
#endif
|
||||
|
||||
#endif // defined(BORINGSSL_SHARED_LIBRARY)
|
||||
|
||||
#if !defined(OPENSSL_WARN_UNUSED_RESULT)
|
||||
// This should only affect internal usage of functions
|
||||
#if defined(BORINGSSL_IMPLEMENTATION) || defined(AWS_LC_TEST_ENV)
|
||||
#if defined(__GNUC__) || defined(__clang__)
|
||||
# define OPENSSL_WARN_UNUSED_RESULT __attribute__ ((warn_unused_result))
|
||||
#elif defined(_MSC_VER)
|
||||
# define OPENSSL_WARN_UNUSED_RESULT _Check_return_
|
||||
#else
|
||||
# define OPENSSL_WARN_UNUSED_RESULT
|
||||
#endif
|
||||
#else
|
||||
// The macro is ignored by consumers
|
||||
# define OPENSSL_WARN_UNUSED_RESULT
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
|
||||
// OPENSSL_DEPRECATED is used to mark a function as deprecated. Use
|
||||
// of any functions so marked in caller code will produce a warning.
|
||||
// OPENSSL_BEGIN_ALLOW_DEPRECATED and OPENSSL_END_ALLOW_DEPRECATED
|
||||
// can be used to suppress the warning in regions of caller code.
|
||||
#define OPENSSL_DEPRECATED __declspec(deprecated)
|
||||
#define OPENSSL_BEGIN_ALLOW_DEPRECATED \
|
||||
__pragma(warning(push)) __pragma(warning(disable : 4996))
|
||||
#define OPENSSL_END_ALLOW_DEPRECATED __pragma(warning(pop))
|
||||
|
||||
#elif (defined(__GNUC__) && ((__GNUC__ > 4) || (__GNUC_MINOR__ >= 6))) || defined(__clang__)
|
||||
// `_Pragma("GCC diagnostic push")` was added in GCC 4.6
|
||||
// http://gcc.gnu.org/gcc-4.6/changes.html
|
||||
#define OPENSSL_DEPRECATED __attribute__((__deprecated__))
|
||||
#define OPENSSL_BEGIN_ALLOW_DEPRECATED \
|
||||
_Pragma("GCC diagnostic push") \
|
||||
_Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")
|
||||
#define OPENSSL_END_ALLOW_DEPRECATED _Pragma("GCC diagnostic pop")
|
||||
|
||||
#else
|
||||
|
||||
#define OPENSSL_DEPRECATED
|
||||
#define OPENSSL_BEGIN_ALLOW_DEPRECATED
|
||||
#define OPENSSL_END_ALLOW_DEPRECATED
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(__GNUC__) || defined(__clang__)
|
||||
// MinGW has two different printf implementations. Ensure the format macro
|
||||
// matches the selected implementation. See
|
||||
// https://sourceforge.net/p/mingw-w64/wiki2/gnu%20printf/.
|
||||
#if defined(__MINGW_PRINTF_FORMAT)
|
||||
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \
|
||||
__attribute__( \
|
||||
(__format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check)))
|
||||
#else
|
||||
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \
|
||||
__attribute__((__format__(__printf__, string_index, first_to_check)))
|
||||
#endif
|
||||
#else
|
||||
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check)
|
||||
#endif
|
||||
|
||||
// OPENSSL_CLANG_PRAGMA emits a pragma on clang and nothing on other compilers.
|
||||
#if defined(__clang__)
|
||||
#define OPENSSL_CLANG_PRAGMA(arg) _Pragma(arg)
|
||||
#else
|
||||
#define OPENSSL_CLANG_PRAGMA(arg)
|
||||
#endif
|
||||
|
||||
// OPENSSL_MSVC_PRAGMA emits a pragma on MSVC and nothing on other compilers.
|
||||
#if defined(_MSC_VER)
|
||||
#define OPENSSL_MSVC_PRAGMA(arg) __pragma(arg)
|
||||
#else
|
||||
#define OPENSSL_MSVC_PRAGMA(arg)
|
||||
#endif
|
||||
|
||||
#if defined(__GNUC__) || defined(__clang__)
|
||||
#define OPENSSL_UNUSED __attribute__((unused))
|
||||
#else
|
||||
#define OPENSSL_UNUSED
|
||||
#endif
|
||||
|
||||
// C99-compatible static assertion using bit-field width trick.
|
||||
// A negative bit-field width causes a compile-time error.
|
||||
//
|
||||
// Previously we defined |OPENSSL_STATIC_ASSERT| to use one of two keywords:
|
||||
// |Static_assert| or |static_assert|. The latter was used if we were compiling
|
||||
// a C++ translation unit or on Windows (excluding when using a Clang compiler).
|
||||
// The former was used in other cases. However, these two keywords are not
|
||||
// defined before C11. So, we can't rely on these when we want to be C99
|
||||
// compliant. If we at some point decide that we want to only be compliant with
|
||||
// C11 (and up), we can reintroduce these keywords. Instead, use a method that
|
||||
// is guaranteed to be C99 compliant and still give us an equivalent static
|
||||
// assert mechanism.
|
||||
//
|
||||
// The solution below defines a struct type containing a bit field.
|
||||
// The name of that type is |static_assertion_msg|. |msg| is a concatenation of
|
||||
// a user-chosen error (which should be chosen with respect to actual assertion)
|
||||
// and the line the assertion is defined. This should ensure name uniqueness.
|
||||
// The width of the bit field is set to 1 or -1, depending on the evaluation of
|
||||
// the boolean expression |cond|. If the condition is false, the width requested
|
||||
// is -1, which is illegal and would cause the compiler to throw an error.
|
||||
//
|
||||
// An example of an error thrown during compilation:
|
||||
// ```
|
||||
// error: negative width in bit-field
|
||||
// 'static_assertion_at_line_913_error_is_AEAD_state_is_too_small'
|
||||
// ```
|
||||
#define AWSLC_CONCAT(left, right) left##right
|
||||
#define AWSLC_STATIC_ASSERT_DEFINE(cond, msg) typedef struct { \
|
||||
unsigned int AWSLC_CONCAT(static_assertion_, msg) : (cond) ? 1 : -1; \
|
||||
} AWSLC_CONCAT(static_assertion_, msg) OPENSSL_UNUSED;
|
||||
#define AWSLC_STATIC_ASSERT_ADD_LINE0(cond, suffix) AWSLC_STATIC_ASSERT_DEFINE(cond, AWSLC_CONCAT(at_line_, suffix))
|
||||
#define AWSLC_STATIC_ASSERT_ADD_LINE1(cond, line, suffix) AWSLC_STATIC_ASSERT_ADD_LINE0(cond, AWSLC_CONCAT(line, suffix))
|
||||
#define AWSLC_STATIC_ASSERT_ADD_LINE2(cond, suffix) AWSLC_STATIC_ASSERT_ADD_LINE1(cond, __LINE__, suffix)
|
||||
#define AWSLC_STATIC_ASSERT_ADD_ERROR(cond, suffix) AWSLC_STATIC_ASSERT_ADD_LINE2(cond, AWSLC_CONCAT(_error_is_, suffix))
|
||||
#define OPENSSL_STATIC_ASSERT(cond, error) AWSLC_STATIC_ASSERT_ADD_ERROR(cond, error)
|
||||
|
||||
// Sanity check of "target.h": OPENSSL_64_BIT/OPENSSL_32_BIT must match actual pointer size
|
||||
#if defined(OPENSSL_64_BIT)
|
||||
OPENSSL_STATIC_ASSERT(sizeof(void *) == 8, pointer_size_must_be_8_bytes_for_64_bit)
|
||||
#elif defined(OPENSSL_32_BIT)
|
||||
OPENSSL_STATIC_ASSERT(sizeof(void *) == 4, pointer_size_must_be_4_bytes_for_32_bit)
|
||||
#endif
|
||||
|
||||
// Sanity checks of "target.h": OPENSSL_BIG_ENDIAN should be consistent with other endianness indicators.
|
||||
// If architecture-specific big-endian macros are defined, OPENSSL_BIG_ENDIAN should be too.
|
||||
#if (defined(__ARMEB__) || defined(__AARCH64EB__) || defined(__MIPSEB__) || \
|
||||
defined(__BIG_ENDIAN__) || (defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__) && \
|
||||
__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)) && !defined(OPENSSL_BIG_ENDIAN)
|
||||
#error "Big-endian architecture detected but OPENSSL_BIG_ENDIAN is not defined"
|
||||
#endif
|
||||
// If architecture-specific little-endian macros are defined, OPENSSL_BIG_ENDIAN should not be.
|
||||
#if (defined(__ARMEL__) || defined(__AARCH64EL__) || defined(__MIPSEL__) || \
|
||||
defined(__LITTLE_ENDIAN__) || (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
|
||||
__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) && defined(OPENSSL_BIG_ENDIAN)
|
||||
#error "Little-endian architecture detected but OPENSSL_BIG_ENDIAN is defined"
|
||||
#endif
|
||||
|
||||
// C and C++ handle inline functions differently. In C++, an inline function is
|
||||
// defined in just the header file, potentially emitted in multiple compilation
|
||||
// units (in cases the compiler did not inline), but each copy must be identical
|
||||
// to satsify ODR. In C, a non-static inline must be manually emitted in exactly
|
||||
// one compilation unit with a separate extern inline declaration.
|
||||
//
|
||||
// In both languages, exported inline functions referencing file-local symbols
|
||||
// are problematic. C forbids this altogether (though GCC and Clang seem not to
|
||||
// enforce it). It works in C++, but ODR requires the definitions be identical,
|
||||
// including all names in the definitions resolving to the "same entity". In
|
||||
// practice, this is unlikely to be a problem, but an inline function that
|
||||
// returns a pointer to a file-local symbol
|
||||
// could compile oddly.
|
||||
//
|
||||
// Historically, we used static inline in headers. However, to satisfy ODR, use
|
||||
// plain inline in C++, to allow inline consumer functions to call our header
|
||||
// functions. Plain inline would also work better with C99 inline, but that is
|
||||
// not used much in practice, extern inline is tedious, and there are conflicts
|
||||
// with the old gnu89 model:
|
||||
// https://stackoverflow.com/questions/216510/extern-inline
|
||||
#if defined(__cplusplus)
|
||||
#define OPENSSL_INLINE inline
|
||||
#else
|
||||
// Add OPENSSL_UNUSED so that, should an inline function be emitted via macro
|
||||
// (e.g. a |STACK_OF(T)| implementation) in a source file without tripping
|
||||
// clang's -Wunused-function.
|
||||
#define OPENSSL_INLINE static inline OPENSSL_UNUSED
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_WINDOWS)
|
||||
#define OPENSSL_NOINLINE __declspec(noinline)
|
||||
#else
|
||||
#define OPENSSL_NOINLINE __attribute__((noinline))
|
||||
#endif
|
||||
|
||||
// ossl_ssize_t is a signed type which is large enough to fit the size of any
|
||||
// valid memory allocation. We prefer using |size_t|, but sometimes we need a
|
||||
// signed type for OpenSSL API compatibility. This type can be used in such
|
||||
// cases to avoid overflow.
|
||||
//
|
||||
// Not all |size_t| values fit in |ossl_ssize_t|, but all |size_t| values that
|
||||
// are sizes of or indices into C objects, can be converted without overflow.
|
||||
typedef ptrdiff_t ossl_ssize_t;
|
||||
|
||||
// CBS_ASN1_TAG is the type used by |CBS| and |CBB| for ASN.1 tags. See that
|
||||
// header for details. This type is defined in base.h as a forward declaration.
|
||||
typedef uint32_t CBS_ASN1_TAG;
|
||||
|
||||
// CRYPTO_THREADID is a dummy value.
|
||||
typedef int CRYPTO_THREADID;
|
||||
|
||||
// An |ASN1_NULL| is an opaque type. asn1.h represents the ASN.1 NULL value as
|
||||
// an opaque, non-NULL |ASN1_NULL*| pointer.
|
||||
typedef struct asn1_null_st ASN1_NULL;
|
||||
|
||||
typedef int ASN1_BOOLEAN;
|
||||
typedef struct ASN1_ITEM_st ASN1_ITEM;
|
||||
typedef struct asn1_object_st ASN1_OBJECT;
|
||||
typedef struct asn1_pctx_st ASN1_PCTX;
|
||||
typedef struct asn1_string_st ASN1_BIT_STRING;
|
||||
typedef struct asn1_string_st ASN1_BMPSTRING;
|
||||
typedef struct asn1_string_st ASN1_ENUMERATED;
|
||||
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
|
||||
typedef struct asn1_string_st ASN1_GENERALSTRING;
|
||||
typedef struct asn1_string_st ASN1_IA5STRING;
|
||||
typedef struct asn1_string_st ASN1_INTEGER;
|
||||
typedef struct asn1_string_st ASN1_OCTET_STRING;
|
||||
typedef struct asn1_string_st ASN1_PRINTABLESTRING;
|
||||
typedef struct asn1_string_st ASN1_STRING;
|
||||
typedef struct asn1_string_st ASN1_T61STRING;
|
||||
typedef struct asn1_string_st ASN1_TIME;
|
||||
typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
|
||||
typedef struct asn1_string_st ASN1_UTCTIME;
|
||||
typedef struct asn1_string_st ASN1_UTF8STRING;
|
||||
typedef struct asn1_string_st ASN1_VISIBLESTRING;
|
||||
typedef struct asn1_type_st ASN1_TYPE;
|
||||
typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
|
||||
typedef struct BASIC_CONSTRAINTS_st BASIC_CONSTRAINTS;
|
||||
typedef struct DIST_POINT_st DIST_POINT;
|
||||
typedef struct DSA_SIG_st DSA_SIG;
|
||||
typedef struct GENERAL_NAME_st GENERAL_NAME;
|
||||
typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
|
||||
typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
|
||||
typedef struct Netscape_spkac_st NETSCAPE_SPKAC;
|
||||
typedef struct Netscape_spki_st NETSCAPE_SPKI;
|
||||
typedef struct RIPEMD160state_st RIPEMD160_CTX;
|
||||
typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
|
||||
typedef struct X509_algor_st X509_ALGOR;
|
||||
typedef struct X509_crl_st X509_CRL;
|
||||
typedef struct X509_extension_st X509_EXTENSION;
|
||||
typedef struct X509_info_st X509_INFO;
|
||||
typedef struct X509_name_entry_st X509_NAME_ENTRY;
|
||||
typedef struct X509_name_st X509_NAME;
|
||||
typedef struct X509_pubkey_st X509_PUBKEY;
|
||||
typedef struct X509_req_st X509_REQ;
|
||||
typedef struct x509_sig_info_st X509_SIG_INFO;
|
||||
typedef struct X509_sig_st X509_SIG;
|
||||
typedef struct bignum_ctx BN_CTX;
|
||||
typedef struct bignum_st BIGNUM;
|
||||
typedef struct bio_method_st BIO_METHOD;
|
||||
typedef struct bio_st BIO;
|
||||
typedef struct blake2b_state_st BLAKE2B_CTX;
|
||||
typedef struct bn_gencb_st BN_GENCB;
|
||||
typedef struct bn_mont_ctx_st BN_MONT_CTX;
|
||||
typedef struct buf_mem_st BUF_MEM;
|
||||
typedef struct cast_key_st CAST_KEY;
|
||||
typedef struct cbb_st CBB;
|
||||
typedef struct cbs_st CBS;
|
||||
typedef struct cmac_ctx_st CMAC_CTX;
|
||||
typedef struct conf_st CONF;
|
||||
typedef struct conf_value_st CONF_VALUE;
|
||||
typedef struct crypto_buffer_pool_st CRYPTO_BUFFER_POOL;
|
||||
typedef struct crypto_buffer_st CRYPTO_BUFFER;
|
||||
typedef struct ctr_drbg_state_st CTR_DRBG_STATE;
|
||||
typedef struct dh_st DH;
|
||||
typedef struct dsa_st DSA;
|
||||
typedef struct ec_group_st EC_GROUP;
|
||||
typedef struct ec_key_st EC_KEY;
|
||||
typedef struct ec_point_st EC_POINT;
|
||||
typedef struct ec_key_method_st EC_KEY_METHOD;
|
||||
typedef struct ecdsa_sig_st ECDSA_SIG;
|
||||
typedef struct engine_st ENGINE;
|
||||
typedef struct env_md_ctx_st EVP_MD_CTX;
|
||||
typedef struct env_md_st EVP_MD;
|
||||
typedef struct evp_aead_st EVP_AEAD;
|
||||
typedef struct evp_aead_ctx_st EVP_AEAD_CTX;
|
||||
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
|
||||
typedef struct evp_cipher_st EVP_CIPHER;
|
||||
|
||||
/**
|
||||
* @typedef EVP_ENCODE_CTX
|
||||
* @copydoc evp_encode_ctx_st
|
||||
* @see evp_encode_ctx_st
|
||||
*/
|
||||
typedef struct evp_encode_ctx_st EVP_ENCODE_CTX;
|
||||
typedef struct evp_hpke_aead_st EVP_HPKE_AEAD;
|
||||
typedef struct evp_hpke_ctx_st EVP_HPKE_CTX;
|
||||
typedef struct evp_hpke_kdf_st EVP_HPKE_KDF;
|
||||
typedef struct evp_hpke_kem_st EVP_HPKE_KEM;
|
||||
typedef struct evp_hpke_key_st EVP_HPKE_KEY;
|
||||
typedef struct evp_kem_st EVP_KEM;
|
||||
typedef struct kem_key_st KEM_KEY;
|
||||
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
|
||||
typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
|
||||
typedef struct evp_pkey_st EVP_PKEY;
|
||||
typedef struct evp_pkey_ctx_signature_context_params_st EVP_PKEY_CTX_SIGNATURE_CONTEXT_PARAMS;
|
||||
typedef struct hmac_ctx_st HMAC_CTX;
|
||||
typedef struct md4_state_st MD4_CTX;
|
||||
typedef struct md5_state_st MD5_CTX;
|
||||
typedef struct pqdsa_key_st PQDSA_KEY;
|
||||
typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
|
||||
typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
|
||||
typedef struct pkcs7_digest_st PKCS7_DIGEST;
|
||||
typedef struct pkcs7_enc_content_st PKCS7_ENC_CONTENT;
|
||||
typedef struct pkcs7_encrypt_st PKCS7_ENCRYPT;
|
||||
typedef struct pkcs7_envelope_st PKCS7_ENVELOPE;
|
||||
typedef struct pkcs7_issuer_and_serial_st PKCS7_ISSUER_AND_SERIAL;
|
||||
typedef struct pkcs7_recip_info_st PKCS7_RECIP_INFO;
|
||||
typedef struct pkcs7_sign_envelope_st PKCS7_SIGN_ENVELOPE;
|
||||
typedef struct pkcs7_signed_st PKCS7_SIGNED;
|
||||
typedef struct pkcs7_signer_info_st PKCS7_SIGNER_INFO;
|
||||
typedef struct pkcs7_st PKCS7;
|
||||
typedef struct pkcs12_st PKCS12;
|
||||
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
|
||||
typedef struct private_key_st X509_PKEY;
|
||||
typedef struct rand_meth_st RAND_METHOD;
|
||||
typedef struct rc4_key_st RC4_KEY;
|
||||
typedef struct rsa_meth_st RSA_METHOD;
|
||||
typedef struct rsassa_pss_params_st RSASSA_PSS_PARAMS;
|
||||
typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
|
||||
typedef struct rsa_st RSA;
|
||||
typedef struct sha256_state_st SHA256_CTX;
|
||||
typedef struct sha512_state_st SHA512_CTX;
|
||||
typedef struct sha_state_st SHA_CTX;
|
||||
typedef struct spake2_ctx_st SPAKE2_CTX;
|
||||
typedef struct srtp_protection_profile_st SRTP_PROTECTION_PROFILE;
|
||||
typedef struct ssl_cipher_st SSL_CIPHER;
|
||||
typedef struct ssl_ctx_st SSL_CTX;
|
||||
typedef struct ssl_early_callback_ctx SSL_CLIENT_HELLO;
|
||||
typedef struct ssl_ech_keys_st SSL_ECH_KEYS;
|
||||
typedef struct ssl_method_st SSL_METHOD;
|
||||
typedef struct ssl_private_key_method_st SSL_PRIVATE_KEY_METHOD;
|
||||
typedef struct ssl_quic_method_st SSL_QUIC_METHOD;
|
||||
typedef struct ssl_session_st SSL_SESSION;
|
||||
typedef struct ssl_st SSL;
|
||||
typedef struct ssl_ticket_aead_method_st SSL_TICKET_AEAD_METHOD;
|
||||
typedef struct st_ERR_FNS ERR_FNS;
|
||||
typedef struct trust_token_st TRUST_TOKEN;
|
||||
typedef struct trust_token_client_st TRUST_TOKEN_CLIENT;
|
||||
typedef struct trust_token_issuer_st TRUST_TOKEN_ISSUER;
|
||||
typedef struct trust_token_method_st TRUST_TOKEN_METHOD;
|
||||
typedef struct v3_ext_ctx X509V3_CTX;
|
||||
typedef struct v3_ext_method X509V3_EXT_METHOD;
|
||||
typedef struct x509_attributes_st X509_ATTRIBUTE;
|
||||
typedef struct x509_lookup_st X509_LOOKUP;
|
||||
typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
|
||||
typedef struct x509_object_st X509_OBJECT;
|
||||
typedef struct x509_revoked_st X509_REVOKED;
|
||||
typedef struct x509_st X509;
|
||||
typedef struct x509_store_ctx_st X509_STORE_CTX;
|
||||
typedef struct x509_store_st X509_STORE;
|
||||
typedef struct x509_trust_st X509_TRUST;
|
||||
|
||||
typedef void *OPENSSL_BLOCK;
|
||||
|
||||
// BSSL_CHECK aborts if |condition| is not true.
|
||||
#define BSSL_CHECK(condition) \
|
||||
do { \
|
||||
if (!(condition)) { \
|
||||
abort(); \
|
||||
} \
|
||||
} while (0);
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#elif !defined(BORINGSSL_NO_CXX)
|
||||
#define BORINGSSL_NO_CXX
|
||||
#endif
|
||||
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#define BSSL_NAMESPACE_BEGIN \
|
||||
namespace bssl { \
|
||||
inline namespace BORINGSSL_PREFIX {
|
||||
#define BSSL_NAMESPACE_END \
|
||||
} \
|
||||
}
|
||||
#else
|
||||
#define BSSL_NAMESPACE_BEGIN namespace bssl {
|
||||
#define BSSL_NAMESPACE_END }
|
||||
#endif
|
||||
|
||||
// MSVC doesn't set __cplusplus to 201103 to indicate C++11 support (see
|
||||
// https://connect.microsoft.com/VisualStudio/feedback/details/763051/a-value-of-predefined-macro-cplusplus-is-still-199711l)
|
||||
// so MSVC is just assumed to support C++11.
|
||||
#if !defined(BORINGSSL_NO_CXX) && __cplusplus < 201103L && !defined(_MSC_VER)
|
||||
#define BORINGSSL_NO_CXX
|
||||
#endif
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
|
||||
extern "C++" {
|
||||
|
||||
#include <memory>
|
||||
|
||||
// STLPort, used by some Android consumers, not have std::unique_ptr.
|
||||
#if defined(_STLPORT_VERSION)
|
||||
#define BORINGSSL_NO_CXX
|
||||
#endif
|
||||
|
||||
} // extern C++
|
||||
#endif // !BORINGSSL_NO_CXX
|
||||
|
||||
#if defined(BORINGSSL_NO_CXX)
|
||||
|
||||
#define BORINGSSL_MAKE_DELETER(type, deleter)
|
||||
#define BORINGSSL_MAKE_UP_REF(type, up_ref_func)
|
||||
|
||||
#else
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
namespace internal {
|
||||
|
||||
// The Enable parameter is ignored and only exists so specializations can use
|
||||
// SFINAE.
|
||||
template <typename T, typename Enable = void>
|
||||
struct DeleterImpl {};
|
||||
|
||||
struct Deleter {
|
||||
template <typename T>
|
||||
void operator()(T *ptr) {
|
||||
// Rather than specialize Deleter for each type, we specialize
|
||||
// DeleterImpl. This allows bssl::UniquePtr<T> to be used while only
|
||||
// including base.h as long as the destructor is not emitted. This matches
|
||||
// std::unique_ptr's behavior on forward-declared types.
|
||||
//
|
||||
// DeleterImpl itself is specialized in the corresponding module's header
|
||||
// and must be included to release an object. If not included, the compiler
|
||||
// will error that DeleterImpl<T> does not have a method Free.
|
||||
DeleterImpl<T>::Free(ptr);
|
||||
}
|
||||
};
|
||||
|
||||
template <typename T, typename CleanupRet, void (*init)(T *),
|
||||
CleanupRet (*cleanup)(T *)>
|
||||
class StackAllocated {
|
||||
public:
|
||||
StackAllocated() { init(&ctx_); }
|
||||
~StackAllocated() { cleanup(&ctx_); }
|
||||
|
||||
StackAllocated(const StackAllocated &) = delete;
|
||||
StackAllocated& operator=(const StackAllocated &) = delete;
|
||||
|
||||
T *get() { return &ctx_; }
|
||||
const T *get() const { return &ctx_; }
|
||||
|
||||
T *operator->() { return &ctx_; }
|
||||
const T *operator->() const { return &ctx_; }
|
||||
|
||||
void Reset() {
|
||||
cleanup(&ctx_);
|
||||
init(&ctx_);
|
||||
}
|
||||
|
||||
private:
|
||||
T ctx_;
|
||||
};
|
||||
|
||||
template <typename T, typename CleanupRet, void (*init)(T *),
|
||||
CleanupRet (*cleanup)(T *), void (*move)(T *, T *)>
|
||||
class StackAllocatedMovable {
|
||||
public:
|
||||
StackAllocatedMovable() { init(&ctx_); }
|
||||
~StackAllocatedMovable() { cleanup(&ctx_); }
|
||||
|
||||
StackAllocatedMovable(StackAllocatedMovable &&other) {
|
||||
init(&ctx_);
|
||||
move(&ctx_, &other.ctx_);
|
||||
}
|
||||
StackAllocatedMovable &operator=(StackAllocatedMovable &&other) {
|
||||
move(&ctx_, &other.ctx_);
|
||||
return *this;
|
||||
}
|
||||
|
||||
T *get() { return &ctx_; }
|
||||
const T *get() const { return &ctx_; }
|
||||
|
||||
T *operator->() { return &ctx_; }
|
||||
const T *operator->() const { return &ctx_; }
|
||||
|
||||
void Reset() {
|
||||
cleanup(&ctx_);
|
||||
init(&ctx_);
|
||||
}
|
||||
|
||||
private:
|
||||
T ctx_;
|
||||
};
|
||||
|
||||
} // namespace internal
|
||||
|
||||
#define BORINGSSL_MAKE_DELETER(type, deleter) \
|
||||
namespace internal { \
|
||||
template <> \
|
||||
struct DeleterImpl<type> { \
|
||||
static void Free(type *ptr) { deleter(ptr); } \
|
||||
}; \
|
||||
}
|
||||
|
||||
// Holds ownership of heap-allocated BoringSSL structures. Sample usage:
|
||||
// bssl::UniquePtr<RSA> rsa(RSA_new());
|
||||
// bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
|
||||
template <typename T>
|
||||
using UniquePtr = std::unique_ptr<T, internal::Deleter>;
|
||||
|
||||
#define BORINGSSL_MAKE_UP_REF(type, up_ref_func) \
|
||||
inline UniquePtr<type> UpRef(type *v) { \
|
||||
if (v != nullptr) { \
|
||||
up_ref_func(v); \
|
||||
} \
|
||||
return UniquePtr<type>(v); \
|
||||
} \
|
||||
\
|
||||
inline UniquePtr<type> UpRef(const UniquePtr<type> &ptr) { \
|
||||
return UpRef(ptr.get()); \
|
||||
}
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif // !BORINGSSL_NO_CXX
|
||||
|
||||
#endif // OPENSSL_HEADER_BASE_H
|
||||
+613
@@ -0,0 +1,613 @@
|
||||
// Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_BASE_H
|
||||
#define OPENSSL_HEADER_BASE_H
|
||||
|
||||
|
||||
/**
|
||||
* @file
|
||||
* @brief This file should be the first included by all AWS-LC headers.
|
||||
*/
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#if defined(__MINGW32__)
|
||||
// stdio.h is needed on MinGW for __MINGW_PRINTF_FORMAT.
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
#if defined(__APPLE__)
|
||||
#include <TargetConditionals.h>
|
||||
#endif
|
||||
|
||||
// Include an AWS-LC-only header so consumers including this header without
|
||||
// setting up include paths do not accidentally pick up the system
|
||||
// opensslconf.h.
|
||||
#include <openssl/is_awslc.h>
|
||||
#include <openssl/opensslconf.h>
|
||||
#include <openssl/target.h> // IWYU pragma: export
|
||||
|
||||
#include <openssl/boringssl_prefix_symbols.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(BORINGSSL_FIPS)
|
||||
#define AWSLC_FIPS
|
||||
#endif
|
||||
|
||||
#define AWSLC_VERSION_NAME "AWS-LC"
|
||||
#define OPENSSL_IS_AWSLC
|
||||
// |OPENSSL_VERSION_NUMBER| should match the version number in opensslv.h.
|
||||
#define OPENSSL_VERSION_NUMBER @OPENSSL_VERSION_NUMBER@
|
||||
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
|
||||
|
||||
// BORINGSSL_API_VERSION is replaced with AWSLC_API_VERSION to avoid users interpreting AWSLC as BoringSSL.
|
||||
// Below are BoringSSL's comments on BORINGSSL_API_VERSION.
|
||||
// BORINGSSL_API_VERSION is a positive integer that increments as BoringSSL
|
||||
// changes over time. The value itself is not meaningful. It will be incremented
|
||||
// whenever is convenient to coordinate an API change with consumers. This will
|
||||
// not denote any special point in development.
|
||||
//
|
||||
// A consumer may use this symbol in the preprocessor to temporarily build
|
||||
// against multiple revisions of BoringSSL at the same time. It is not
|
||||
// recommended to do so for longer than is necessary.
|
||||
#define AWSLC_API_VERSION 35
|
||||
|
||||
// This string tracks the most current production release version on Github
|
||||
// https://github.com/aws/aws-lc/releases.
|
||||
// When bumping the encoded version number, also update the test fixture:
|
||||
// ServiceIndicatorTest.AWSLCVersionString
|
||||
// Note: there are two versions of this test. Only one test is compiled
|
||||
// depending on FIPS mode.
|
||||
#define AWSLC_VERSION_NUMBER_STRING "@SOFTWARE_VERSION@"
|
||||
|
||||
#if defined(BORINGSSL_SHARED_LIBRARY)
|
||||
|
||||
#if defined(OPENSSL_WINDOWS)
|
||||
|
||||
#if defined(BORINGSSL_IMPLEMENTATION)
|
||||
#define OPENSSL_EXPORT __declspec(dllexport)
|
||||
#else
|
||||
#define OPENSSL_EXPORT __declspec(dllimport)
|
||||
#endif
|
||||
|
||||
#else // defined(OPENSSL_WINDOWS)
|
||||
|
||||
#if defined(BORINGSSL_IMPLEMENTATION)
|
||||
#define OPENSSL_EXPORT __attribute__((visibility("default")))
|
||||
#else
|
||||
#define OPENSSL_EXPORT
|
||||
#endif
|
||||
|
||||
#endif // defined(OPENSSL_WINDOWS)
|
||||
|
||||
#else // defined(BORINGSSL_SHARED_LIBRARY)
|
||||
|
||||
#if defined(OPENSSL_WINDOWS)
|
||||
#define OPENSSL_EXPORT
|
||||
#else
|
||||
#define OPENSSL_EXPORT __attribute__((visibility("default")))
|
||||
#endif
|
||||
|
||||
#endif // defined(BORINGSSL_SHARED_LIBRARY)
|
||||
|
||||
#if !defined(OPENSSL_WARN_UNUSED_RESULT)
|
||||
// This should only affect internal usage of functions
|
||||
#if defined(BORINGSSL_IMPLEMENTATION) || defined(AWS_LC_TEST_ENV)
|
||||
#if defined(__GNUC__) || defined(__clang__)
|
||||
# define OPENSSL_WARN_UNUSED_RESULT __attribute__ ((warn_unused_result))
|
||||
#elif defined(_MSC_VER)
|
||||
# define OPENSSL_WARN_UNUSED_RESULT _Check_return_
|
||||
#else
|
||||
# define OPENSSL_WARN_UNUSED_RESULT
|
||||
#endif
|
||||
#else
|
||||
// The macro is ignored by consumers
|
||||
# define OPENSSL_WARN_UNUSED_RESULT
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
|
||||
// OPENSSL_DEPRECATED is used to mark a function as deprecated. Use
|
||||
// of any functions so marked in caller code will produce a warning.
|
||||
// OPENSSL_BEGIN_ALLOW_DEPRECATED and OPENSSL_END_ALLOW_DEPRECATED
|
||||
// can be used to suppress the warning in regions of caller code.
|
||||
#define OPENSSL_DEPRECATED __declspec(deprecated)
|
||||
#define OPENSSL_BEGIN_ALLOW_DEPRECATED \
|
||||
__pragma(warning(push)) __pragma(warning(disable : 4996))
|
||||
#define OPENSSL_END_ALLOW_DEPRECATED __pragma(warning(pop))
|
||||
|
||||
#elif (defined(__GNUC__) && ((__GNUC__ > 4) || (__GNUC_MINOR__ >= 6))) || defined(__clang__)
|
||||
// `_Pragma("GCC diagnostic push")` was added in GCC 4.6
|
||||
// http://gcc.gnu.org/gcc-4.6/changes.html
|
||||
#define OPENSSL_DEPRECATED __attribute__((__deprecated__))
|
||||
#define OPENSSL_BEGIN_ALLOW_DEPRECATED \
|
||||
_Pragma("GCC diagnostic push") \
|
||||
_Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")
|
||||
#define OPENSSL_END_ALLOW_DEPRECATED _Pragma("GCC diagnostic pop")
|
||||
|
||||
#else
|
||||
|
||||
#define OPENSSL_DEPRECATED
|
||||
#define OPENSSL_BEGIN_ALLOW_DEPRECATED
|
||||
#define OPENSSL_END_ALLOW_DEPRECATED
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(__GNUC__) || defined(__clang__)
|
||||
// MinGW has two different printf implementations. Ensure the format macro
|
||||
// matches the selected implementation. See
|
||||
// https://sourceforge.net/p/mingw-w64/wiki2/gnu%20printf/.
|
||||
#if defined(__MINGW_PRINTF_FORMAT)
|
||||
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \
|
||||
__attribute__( \
|
||||
(__format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check)))
|
||||
#else
|
||||
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \
|
||||
__attribute__((__format__(__printf__, string_index, first_to_check)))
|
||||
#endif
|
||||
#else
|
||||
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check)
|
||||
#endif
|
||||
|
||||
// OPENSSL_CLANG_PRAGMA emits a pragma on clang and nothing on other compilers.
|
||||
#if defined(__clang__)
|
||||
#define OPENSSL_CLANG_PRAGMA(arg) _Pragma(arg)
|
||||
#else
|
||||
#define OPENSSL_CLANG_PRAGMA(arg)
|
||||
#endif
|
||||
|
||||
// OPENSSL_MSVC_PRAGMA emits a pragma on MSVC and nothing on other compilers.
|
||||
#if defined(_MSC_VER)
|
||||
#define OPENSSL_MSVC_PRAGMA(arg) __pragma(arg)
|
||||
#else
|
||||
#define OPENSSL_MSVC_PRAGMA(arg)
|
||||
#endif
|
||||
|
||||
#if defined(__GNUC__) || defined(__clang__)
|
||||
#define OPENSSL_UNUSED __attribute__((unused))
|
||||
#else
|
||||
#define OPENSSL_UNUSED
|
||||
#endif
|
||||
|
||||
// C99-compatible static assertion using bit-field width trick.
|
||||
// A negative bit-field width causes a compile-time error.
|
||||
//
|
||||
// Previously we defined |OPENSSL_STATIC_ASSERT| to use one of two keywords:
|
||||
// |Static_assert| or |static_assert|. The latter was used if we were compiling
|
||||
// a C++ translation unit or on Windows (excluding when using a Clang compiler).
|
||||
// The former was used in other cases. However, these two keywords are not
|
||||
// defined before C11. So, we can't rely on these when we want to be C99
|
||||
// compliant. If we at some point decide that we want to only be compliant with
|
||||
// C11 (and up), we can reintroduce these keywords. Instead, use a method that
|
||||
// is guaranteed to be C99 compliant and still give us an equivalent static
|
||||
// assert mechanism.
|
||||
//
|
||||
// The solution below defines a struct type containing a bit field.
|
||||
// The name of that type is |static_assertion_msg|. |msg| is a concatenation of
|
||||
// a user-chosen error (which should be chosen with respect to actual assertion)
|
||||
// and the line the assertion is defined. This should ensure name uniqueness.
|
||||
// The width of the bit field is set to 1 or -1, depending on the evaluation of
|
||||
// the boolean expression |cond|. If the condition is false, the width requested
|
||||
// is -1, which is illegal and would cause the compiler to throw an error.
|
||||
//
|
||||
// An example of an error thrown during compilation:
|
||||
// ```
|
||||
// error: negative width in bit-field
|
||||
// 'static_assertion_at_line_913_error_is_AEAD_state_is_too_small'
|
||||
// ```
|
||||
#define AWSLC_CONCAT(left, right) left##right
|
||||
#define AWSLC_STATIC_ASSERT_DEFINE(cond, msg) typedef struct { \
|
||||
unsigned int AWSLC_CONCAT(static_assertion_, msg) : (cond) ? 1 : -1; \
|
||||
} AWSLC_CONCAT(static_assertion_, msg) OPENSSL_UNUSED;
|
||||
#define AWSLC_STATIC_ASSERT_ADD_LINE0(cond, suffix) AWSLC_STATIC_ASSERT_DEFINE(cond, AWSLC_CONCAT(at_line_, suffix))
|
||||
#define AWSLC_STATIC_ASSERT_ADD_LINE1(cond, line, suffix) AWSLC_STATIC_ASSERT_ADD_LINE0(cond, AWSLC_CONCAT(line, suffix))
|
||||
#define AWSLC_STATIC_ASSERT_ADD_LINE2(cond, suffix) AWSLC_STATIC_ASSERT_ADD_LINE1(cond, __LINE__, suffix)
|
||||
#define AWSLC_STATIC_ASSERT_ADD_ERROR(cond, suffix) AWSLC_STATIC_ASSERT_ADD_LINE2(cond, AWSLC_CONCAT(_error_is_, suffix))
|
||||
#define OPENSSL_STATIC_ASSERT(cond, error) AWSLC_STATIC_ASSERT_ADD_ERROR(cond, error)
|
||||
|
||||
// Sanity check of "target.h": OPENSSL_64_BIT/OPENSSL_32_BIT must match actual pointer size
|
||||
#if defined(OPENSSL_64_BIT)
|
||||
OPENSSL_STATIC_ASSERT(sizeof(void *) == 8, pointer_size_must_be_8_bytes_for_64_bit)
|
||||
#elif defined(OPENSSL_32_BIT)
|
||||
OPENSSL_STATIC_ASSERT(sizeof(void *) == 4, pointer_size_must_be_4_bytes_for_32_bit)
|
||||
#endif
|
||||
|
||||
// Sanity checks of "target.h": OPENSSL_BIG_ENDIAN should be consistent with other endianness indicators.
|
||||
// If architecture-specific big-endian macros are defined, OPENSSL_BIG_ENDIAN should be too.
|
||||
#if (defined(__ARMEB__) || defined(__AARCH64EB__) || defined(__MIPSEB__) || \
|
||||
defined(__BIG_ENDIAN__) || (defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__) && \
|
||||
__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)) && !defined(OPENSSL_BIG_ENDIAN)
|
||||
#error "Big-endian architecture detected but OPENSSL_BIG_ENDIAN is not defined"
|
||||
#endif
|
||||
// If architecture-specific little-endian macros are defined, OPENSSL_BIG_ENDIAN should not be.
|
||||
#if (defined(__ARMEL__) || defined(__AARCH64EL__) || defined(__MIPSEL__) || \
|
||||
defined(__LITTLE_ENDIAN__) || (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
|
||||
__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) && defined(OPENSSL_BIG_ENDIAN)
|
||||
#error "Little-endian architecture detected but OPENSSL_BIG_ENDIAN is defined"
|
||||
#endif
|
||||
|
||||
// C and C++ handle inline functions differently. In C++, an inline function is
|
||||
// defined in just the header file, potentially emitted in multiple compilation
|
||||
// units (in cases the compiler did not inline), but each copy must be identical
|
||||
// to satsify ODR. In C, a non-static inline must be manually emitted in exactly
|
||||
// one compilation unit with a separate extern inline declaration.
|
||||
//
|
||||
// In both languages, exported inline functions referencing file-local symbols
|
||||
// are problematic. C forbids this altogether (though GCC and Clang seem not to
|
||||
// enforce it). It works in C++, but ODR requires the definitions be identical,
|
||||
// including all names in the definitions resolving to the "same entity". In
|
||||
// practice, this is unlikely to be a problem, but an inline function that
|
||||
// returns a pointer to a file-local symbol
|
||||
// could compile oddly.
|
||||
//
|
||||
// Historically, we used static inline in headers. However, to satisfy ODR, use
|
||||
// plain inline in C++, to allow inline consumer functions to call our header
|
||||
// functions. Plain inline would also work better with C99 inline, but that is
|
||||
// not used much in practice, extern inline is tedious, and there are conflicts
|
||||
// with the old gnu89 model:
|
||||
// https://stackoverflow.com/questions/216510/extern-inline
|
||||
#if defined(__cplusplus)
|
||||
#define OPENSSL_INLINE inline
|
||||
#else
|
||||
// Add OPENSSL_UNUSED so that, should an inline function be emitted via macro
|
||||
// (e.g. a |STACK_OF(T)| implementation) in a source file without tripping
|
||||
// clang's -Wunused-function.
|
||||
#define OPENSSL_INLINE static inline OPENSSL_UNUSED
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_WINDOWS)
|
||||
#define OPENSSL_NOINLINE __declspec(noinline)
|
||||
#else
|
||||
#define OPENSSL_NOINLINE __attribute__((noinline))
|
||||
#endif
|
||||
|
||||
// ossl_ssize_t is a signed type which is large enough to fit the size of any
|
||||
// valid memory allocation. We prefer using |size_t|, but sometimes we need a
|
||||
// signed type for OpenSSL API compatibility. This type can be used in such
|
||||
// cases to avoid overflow.
|
||||
//
|
||||
// Not all |size_t| values fit in |ossl_ssize_t|, but all |size_t| values that
|
||||
// are sizes of or indices into C objects, can be converted without overflow.
|
||||
typedef ptrdiff_t ossl_ssize_t;
|
||||
|
||||
// CBS_ASN1_TAG is the type used by |CBS| and |CBB| for ASN.1 tags. See that
|
||||
// header for details. This type is defined in base.h as a forward declaration.
|
||||
typedef uint32_t CBS_ASN1_TAG;
|
||||
|
||||
// CRYPTO_THREADID is a dummy value.
|
||||
typedef int CRYPTO_THREADID;
|
||||
|
||||
// An |ASN1_NULL| is an opaque type. asn1.h represents the ASN.1 NULL value as
|
||||
// an opaque, non-NULL |ASN1_NULL*| pointer.
|
||||
typedef struct asn1_null_st ASN1_NULL;
|
||||
|
||||
typedef int ASN1_BOOLEAN;
|
||||
typedef struct ASN1_ITEM_st ASN1_ITEM;
|
||||
typedef struct asn1_object_st ASN1_OBJECT;
|
||||
typedef struct asn1_pctx_st ASN1_PCTX;
|
||||
typedef struct asn1_string_st ASN1_BIT_STRING;
|
||||
typedef struct asn1_string_st ASN1_BMPSTRING;
|
||||
typedef struct asn1_string_st ASN1_ENUMERATED;
|
||||
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
|
||||
typedef struct asn1_string_st ASN1_GENERALSTRING;
|
||||
typedef struct asn1_string_st ASN1_IA5STRING;
|
||||
typedef struct asn1_string_st ASN1_INTEGER;
|
||||
typedef struct asn1_string_st ASN1_OCTET_STRING;
|
||||
typedef struct asn1_string_st ASN1_PRINTABLESTRING;
|
||||
typedef struct asn1_string_st ASN1_STRING;
|
||||
typedef struct asn1_string_st ASN1_T61STRING;
|
||||
typedef struct asn1_string_st ASN1_TIME;
|
||||
typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
|
||||
typedef struct asn1_string_st ASN1_UTCTIME;
|
||||
typedef struct asn1_string_st ASN1_UTF8STRING;
|
||||
typedef struct asn1_string_st ASN1_VISIBLESTRING;
|
||||
typedef struct asn1_type_st ASN1_TYPE;
|
||||
typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
|
||||
typedef struct BASIC_CONSTRAINTS_st BASIC_CONSTRAINTS;
|
||||
typedef struct DIST_POINT_st DIST_POINT;
|
||||
typedef struct DSA_SIG_st DSA_SIG;
|
||||
typedef struct GENERAL_NAME_st GENERAL_NAME;
|
||||
typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
|
||||
typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
|
||||
typedef struct Netscape_spkac_st NETSCAPE_SPKAC;
|
||||
typedef struct Netscape_spki_st NETSCAPE_SPKI;
|
||||
typedef struct RIPEMD160state_st RIPEMD160_CTX;
|
||||
typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
|
||||
typedef struct X509_algor_st X509_ALGOR;
|
||||
typedef struct X509_crl_st X509_CRL;
|
||||
typedef struct X509_extension_st X509_EXTENSION;
|
||||
typedef struct X509_info_st X509_INFO;
|
||||
typedef struct X509_name_entry_st X509_NAME_ENTRY;
|
||||
typedef struct X509_name_st X509_NAME;
|
||||
typedef struct X509_pubkey_st X509_PUBKEY;
|
||||
typedef struct X509_req_st X509_REQ;
|
||||
typedef struct x509_sig_info_st X509_SIG_INFO;
|
||||
typedef struct X509_sig_st X509_SIG;
|
||||
typedef struct bignum_ctx BN_CTX;
|
||||
typedef struct bignum_st BIGNUM;
|
||||
typedef struct bio_method_st BIO_METHOD;
|
||||
typedef struct bio_st BIO;
|
||||
typedef struct blake2b_state_st BLAKE2B_CTX;
|
||||
typedef struct bn_gencb_st BN_GENCB;
|
||||
typedef struct bn_mont_ctx_st BN_MONT_CTX;
|
||||
typedef struct buf_mem_st BUF_MEM;
|
||||
typedef struct cast_key_st CAST_KEY;
|
||||
typedef struct cbb_st CBB;
|
||||
typedef struct cbs_st CBS;
|
||||
typedef struct cmac_ctx_st CMAC_CTX;
|
||||
typedef struct conf_st CONF;
|
||||
typedef struct conf_value_st CONF_VALUE;
|
||||
typedef struct crypto_buffer_pool_st CRYPTO_BUFFER_POOL;
|
||||
typedef struct crypto_buffer_st CRYPTO_BUFFER;
|
||||
typedef struct ctr_drbg_state_st CTR_DRBG_STATE;
|
||||
typedef struct dh_st DH;
|
||||
typedef struct dsa_st DSA;
|
||||
typedef struct ec_group_st EC_GROUP;
|
||||
typedef struct ec_key_st EC_KEY;
|
||||
typedef struct ec_point_st EC_POINT;
|
||||
typedef struct ec_key_method_st EC_KEY_METHOD;
|
||||
typedef struct ecdsa_sig_st ECDSA_SIG;
|
||||
typedef struct engine_st ENGINE;
|
||||
typedef struct env_md_ctx_st EVP_MD_CTX;
|
||||
typedef struct env_md_st EVP_MD;
|
||||
typedef struct evp_aead_st EVP_AEAD;
|
||||
typedef struct evp_aead_ctx_st EVP_AEAD_CTX;
|
||||
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
|
||||
typedef struct evp_cipher_st EVP_CIPHER;
|
||||
|
||||
/**
|
||||
* @typedef EVP_ENCODE_CTX
|
||||
* @copydoc evp_encode_ctx_st
|
||||
* @see evp_encode_ctx_st
|
||||
*/
|
||||
typedef struct evp_encode_ctx_st EVP_ENCODE_CTX;
|
||||
typedef struct evp_hpke_aead_st EVP_HPKE_AEAD;
|
||||
typedef struct evp_hpke_ctx_st EVP_HPKE_CTX;
|
||||
typedef struct evp_hpke_kdf_st EVP_HPKE_KDF;
|
||||
typedef struct evp_hpke_kem_st EVP_HPKE_KEM;
|
||||
typedef struct evp_hpke_key_st EVP_HPKE_KEY;
|
||||
typedef struct evp_kem_st EVP_KEM;
|
||||
typedef struct kem_key_st KEM_KEY;
|
||||
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
|
||||
typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
|
||||
typedef struct evp_pkey_st EVP_PKEY;
|
||||
typedef struct evp_pkey_ctx_signature_context_params_st EVP_PKEY_CTX_SIGNATURE_CONTEXT_PARAMS;
|
||||
typedef struct hmac_ctx_st HMAC_CTX;
|
||||
typedef struct md4_state_st MD4_CTX;
|
||||
typedef struct md5_state_st MD5_CTX;
|
||||
typedef struct pqdsa_key_st PQDSA_KEY;
|
||||
typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
|
||||
typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
|
||||
typedef struct pkcs7_digest_st PKCS7_DIGEST;
|
||||
typedef struct pkcs7_enc_content_st PKCS7_ENC_CONTENT;
|
||||
typedef struct pkcs7_encrypt_st PKCS7_ENCRYPT;
|
||||
typedef struct pkcs7_envelope_st PKCS7_ENVELOPE;
|
||||
typedef struct pkcs7_issuer_and_serial_st PKCS7_ISSUER_AND_SERIAL;
|
||||
typedef struct pkcs7_recip_info_st PKCS7_RECIP_INFO;
|
||||
typedef struct pkcs7_sign_envelope_st PKCS7_SIGN_ENVELOPE;
|
||||
typedef struct pkcs7_signed_st PKCS7_SIGNED;
|
||||
typedef struct pkcs7_signer_info_st PKCS7_SIGNER_INFO;
|
||||
typedef struct pkcs7_st PKCS7;
|
||||
typedef struct pkcs12_st PKCS12;
|
||||
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
|
||||
typedef struct private_key_st X509_PKEY;
|
||||
typedef struct rand_meth_st RAND_METHOD;
|
||||
typedef struct rc4_key_st RC4_KEY;
|
||||
typedef struct rsa_meth_st RSA_METHOD;
|
||||
typedef struct rsassa_pss_params_st RSASSA_PSS_PARAMS;
|
||||
typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
|
||||
typedef struct rsa_st RSA;
|
||||
typedef struct sha256_state_st SHA256_CTX;
|
||||
typedef struct sha512_state_st SHA512_CTX;
|
||||
typedef struct sha_state_st SHA_CTX;
|
||||
typedef struct spake2_ctx_st SPAKE2_CTX;
|
||||
typedef struct srtp_protection_profile_st SRTP_PROTECTION_PROFILE;
|
||||
typedef struct ssl_cipher_st SSL_CIPHER;
|
||||
typedef struct ssl_ctx_st SSL_CTX;
|
||||
typedef struct ssl_early_callback_ctx SSL_CLIENT_HELLO;
|
||||
typedef struct ssl_ech_keys_st SSL_ECH_KEYS;
|
||||
typedef struct ssl_method_st SSL_METHOD;
|
||||
typedef struct ssl_private_key_method_st SSL_PRIVATE_KEY_METHOD;
|
||||
typedef struct ssl_quic_method_st SSL_QUIC_METHOD;
|
||||
typedef struct ssl_session_st SSL_SESSION;
|
||||
typedef struct ssl_st SSL;
|
||||
typedef struct ssl_ticket_aead_method_st SSL_TICKET_AEAD_METHOD;
|
||||
typedef struct st_ERR_FNS ERR_FNS;
|
||||
typedef struct trust_token_st TRUST_TOKEN;
|
||||
typedef struct trust_token_client_st TRUST_TOKEN_CLIENT;
|
||||
typedef struct trust_token_issuer_st TRUST_TOKEN_ISSUER;
|
||||
typedef struct trust_token_method_st TRUST_TOKEN_METHOD;
|
||||
typedef struct v3_ext_ctx X509V3_CTX;
|
||||
typedef struct v3_ext_method X509V3_EXT_METHOD;
|
||||
typedef struct x509_attributes_st X509_ATTRIBUTE;
|
||||
typedef struct x509_lookup_st X509_LOOKUP;
|
||||
typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
|
||||
typedef struct x509_object_st X509_OBJECT;
|
||||
typedef struct x509_revoked_st X509_REVOKED;
|
||||
typedef struct x509_st X509;
|
||||
typedef struct x509_store_ctx_st X509_STORE_CTX;
|
||||
typedef struct x509_store_st X509_STORE;
|
||||
typedef struct x509_trust_st X509_TRUST;
|
||||
|
||||
typedef void *OPENSSL_BLOCK;
|
||||
|
||||
// BSSL_CHECK aborts if |condition| is not true.
|
||||
#define BSSL_CHECK(condition) \
|
||||
do { \
|
||||
if (!(condition)) { \
|
||||
abort(); \
|
||||
} \
|
||||
} while (0);
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#elif !defined(BORINGSSL_NO_CXX)
|
||||
#define BORINGSSL_NO_CXX
|
||||
#endif
|
||||
|
||||
#if defined(BORINGSSL_PREFIX)
|
||||
#define BSSL_NAMESPACE_BEGIN \
|
||||
namespace bssl { \
|
||||
inline namespace BORINGSSL_PREFIX {
|
||||
#define BSSL_NAMESPACE_END \
|
||||
} \
|
||||
}
|
||||
#else
|
||||
#define BSSL_NAMESPACE_BEGIN namespace bssl {
|
||||
#define BSSL_NAMESPACE_END }
|
||||
#endif
|
||||
|
||||
// MSVC doesn't set __cplusplus to 201103 to indicate C++11 support (see
|
||||
// https://connect.microsoft.com/VisualStudio/feedback/details/763051/a-value-of-predefined-macro-cplusplus-is-still-199711l)
|
||||
// so MSVC is just assumed to support C++11.
|
||||
#if !defined(BORINGSSL_NO_CXX) && __cplusplus < 201103L && !defined(_MSC_VER)
|
||||
#define BORINGSSL_NO_CXX
|
||||
#endif
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
|
||||
extern "C++" {
|
||||
|
||||
#include <memory>
|
||||
|
||||
// STLPort, used by some Android consumers, not have std::unique_ptr.
|
||||
#if defined(_STLPORT_VERSION)
|
||||
#define BORINGSSL_NO_CXX
|
||||
#endif
|
||||
|
||||
} // extern C++
|
||||
#endif // !BORINGSSL_NO_CXX
|
||||
|
||||
#if defined(BORINGSSL_NO_CXX)
|
||||
|
||||
#define BORINGSSL_MAKE_DELETER(type, deleter)
|
||||
#define BORINGSSL_MAKE_UP_REF(type, up_ref_func)
|
||||
|
||||
#else
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
namespace internal {
|
||||
|
||||
// The Enable parameter is ignored and only exists so specializations can use
|
||||
// SFINAE.
|
||||
template <typename T, typename Enable = void>
|
||||
struct DeleterImpl {};
|
||||
|
||||
struct Deleter {
|
||||
template <typename T>
|
||||
void operator()(T *ptr) {
|
||||
// Rather than specialize Deleter for each type, we specialize
|
||||
// DeleterImpl. This allows bssl::UniquePtr<T> to be used while only
|
||||
// including base.h as long as the destructor is not emitted. This matches
|
||||
// std::unique_ptr's behavior on forward-declared types.
|
||||
//
|
||||
// DeleterImpl itself is specialized in the corresponding module's header
|
||||
// and must be included to release an object. If not included, the compiler
|
||||
// will error that DeleterImpl<T> does not have a method Free.
|
||||
DeleterImpl<T>::Free(ptr);
|
||||
}
|
||||
};
|
||||
|
||||
template <typename T, typename CleanupRet, void (*init)(T *),
|
||||
CleanupRet (*cleanup)(T *)>
|
||||
class StackAllocated {
|
||||
public:
|
||||
StackAllocated() { init(&ctx_); }
|
||||
~StackAllocated() { cleanup(&ctx_); }
|
||||
|
||||
StackAllocated(const StackAllocated &) = delete;
|
||||
StackAllocated& operator=(const StackAllocated &) = delete;
|
||||
|
||||
T *get() { return &ctx_; }
|
||||
const T *get() const { return &ctx_; }
|
||||
|
||||
T *operator->() { return &ctx_; }
|
||||
const T *operator->() const { return &ctx_; }
|
||||
|
||||
void Reset() {
|
||||
cleanup(&ctx_);
|
||||
init(&ctx_);
|
||||
}
|
||||
|
||||
private:
|
||||
T ctx_;
|
||||
};
|
||||
|
||||
template <typename T, typename CleanupRet, void (*init)(T *),
|
||||
CleanupRet (*cleanup)(T *), void (*move)(T *, T *)>
|
||||
class StackAllocatedMovable {
|
||||
public:
|
||||
StackAllocatedMovable() { init(&ctx_); }
|
||||
~StackAllocatedMovable() { cleanup(&ctx_); }
|
||||
|
||||
StackAllocatedMovable(StackAllocatedMovable &&other) {
|
||||
init(&ctx_);
|
||||
move(&ctx_, &other.ctx_);
|
||||
}
|
||||
StackAllocatedMovable &operator=(StackAllocatedMovable &&other) {
|
||||
move(&ctx_, &other.ctx_);
|
||||
return *this;
|
||||
}
|
||||
|
||||
T *get() { return &ctx_; }
|
||||
const T *get() const { return &ctx_; }
|
||||
|
||||
T *operator->() { return &ctx_; }
|
||||
const T *operator->() const { return &ctx_; }
|
||||
|
||||
void Reset() {
|
||||
cleanup(&ctx_);
|
||||
init(&ctx_);
|
||||
}
|
||||
|
||||
private:
|
||||
T ctx_;
|
||||
};
|
||||
|
||||
} // namespace internal
|
||||
|
||||
#define BORINGSSL_MAKE_DELETER(type, deleter) \
|
||||
namespace internal { \
|
||||
template <> \
|
||||
struct DeleterImpl<type> { \
|
||||
static void Free(type *ptr) { deleter(ptr); } \
|
||||
}; \
|
||||
}
|
||||
|
||||
// Holds ownership of heap-allocated BoringSSL structures. Sample usage:
|
||||
// bssl::UniquePtr<RSA> rsa(RSA_new());
|
||||
// bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
|
||||
template <typename T>
|
||||
using UniquePtr = std::unique_ptr<T, internal::Deleter>;
|
||||
|
||||
#define BORINGSSL_MAKE_UP_REF(type, up_ref_func) \
|
||||
inline UniquePtr<type> UpRef(type *v) { \
|
||||
if (v != nullptr) { \
|
||||
up_ref_func(v); \
|
||||
} \
|
||||
return UniquePtr<type>(v); \
|
||||
} \
|
||||
\
|
||||
inline UniquePtr<type> UpRef(const UniquePtr<type> &ptr) { \
|
||||
return UpRef(ptr.get()); \
|
||||
}
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif // !BORINGSSL_NO_CXX
|
||||
|
||||
#endif // OPENSSL_HEADER_BASE_H
|
||||
+145
@@ -0,0 +1,145 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_BASE64_H
|
||||
#define OPENSSL_HEADER_BASE64_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// base64 functions.
|
||||
//
|
||||
// For historical reasons, these functions have the EVP_ prefix but just do
|
||||
// base64 encoding and decoding. Note that BoringSSL is a cryptography library,
|
||||
// so these functions are implemented with side channel protections, at a
|
||||
// performance cost. For other base64 uses, use a general-purpose base64
|
||||
// implementation.
|
||||
|
||||
|
||||
// Encoding
|
||||
|
||||
// EVP_EncodeBlock encodes |src_len| bytes from |src| and writes the
|
||||
// result to |dst| with a trailing NUL. It returns the number of bytes
|
||||
// written, not including this trailing NUL.
|
||||
OPENSSL_EXPORT size_t EVP_EncodeBlock(uint8_t *dst, const uint8_t *src,
|
||||
size_t src_len);
|
||||
|
||||
// EVP_EncodedLength sets |*out_len| to the number of bytes that will be needed
|
||||
// to call |EVP_EncodeBlock| on an input of length |len|. This includes the
|
||||
// final NUL that |EVP_EncodeBlock| writes. It returns one on success or zero
|
||||
// on error.
|
||||
OPENSSL_EXPORT int EVP_EncodedLength(size_t *out_len, size_t len);
|
||||
|
||||
|
||||
// Decoding
|
||||
|
||||
// EVP_DecodedLength sets |*out_len| to the maximum number of bytes that will
|
||||
// be needed to call |EVP_DecodeBase64| on an input of length |len|. It returns
|
||||
// one on success or zero if |len| is not a valid length for a base64-encoded
|
||||
// string.
|
||||
OPENSSL_EXPORT int EVP_DecodedLength(size_t *out_len, size_t len);
|
||||
|
||||
// EVP_DecodeBase64 decodes |in_len| bytes from base64 and writes
|
||||
// |*out_len| bytes to |out|. |max_out| is the size of the output
|
||||
// buffer. If it is not enough for the maximum output size, the
|
||||
// operation fails. It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int EVP_DecodeBase64(uint8_t *out, size_t *out_len,
|
||||
size_t max_out, const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
//
|
||||
// OpenSSL provides a streaming base64 implementation, however its behavior is
|
||||
// very specific to PEM. It is also very lenient of invalid input. Use of any of
|
||||
// these functions is thus deprecated.
|
||||
|
||||
// EVP_ENCODE_CTX_new returns a newly-allocated |EVP_ENCODE_CTX| or NULL on
|
||||
// error. The caller must release the result with |EVP_ENCODE_CTX_free| when
|
||||
// done.
|
||||
OPENSSL_EXPORT EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
|
||||
|
||||
// EVP_ENCODE_CTX_free releases memory associated with |ctx|.
|
||||
OPENSSL_EXPORT void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
|
||||
|
||||
// EVP_EncodeInit initialises |*ctx|, which is typically stack
|
||||
// allocated, for an encoding operation.
|
||||
//
|
||||
// NOTE: The encoding operation breaks its output with newlines every
|
||||
// 64 characters of output (48 characters of input). Use
|
||||
// EVP_EncodeBlock to encode raw base64.
|
||||
OPENSSL_EXPORT void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
|
||||
|
||||
// EVP_EncodeUpdate encodes |in_len| bytes from |in| and writes an encoded
|
||||
// version of them to |out| and sets |*out_len| to the number of bytes written.
|
||||
// Some state may be contained in |ctx| so |EVP_EncodeFinal| must be used to
|
||||
// flush it before using the encoded data.
|
||||
OPENSSL_EXPORT int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out,
|
||||
int *out_len, const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
// EVP_EncodeFinal flushes any remaining output bytes from |ctx| to |out| and
|
||||
// sets |*out_len| to the number of bytes written.
|
||||
OPENSSL_EXPORT void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
// EVP_DecodeInit initialises |*ctx|, which is typically stack allocated, for
|
||||
// a decoding operation.
|
||||
//
|
||||
// TODO(davidben): This isn't a straight-up base64 decode either. Document
|
||||
// and/or fix exactly what's going on here; maximum line length and such.
|
||||
OPENSSL_EXPORT void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
|
||||
|
||||
// EVP_DecodeUpdate decodes |in_len| bytes from |in| and writes the decoded
|
||||
// data to |out| and sets |*out_len| to the number of bytes written. Some state
|
||||
// may be contained in |ctx| so |EVP_DecodeFinal| must be used to flush it
|
||||
// before using the encoded data.
|
||||
//
|
||||
// It returns -1 on error, one if a full line of input was processed and zero
|
||||
// if the line was short (i.e. it was the last line).
|
||||
OPENSSL_EXPORT int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out,
|
||||
int *out_len, const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
// EVP_DecodeFinal flushes any remaining output bytes from |ctx| to |out| and
|
||||
// sets |*out_len| to the number of bytes written. It returns one on success
|
||||
// and minus one on error.
|
||||
OPENSSL_EXPORT int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
// EVP_DecodeBlock encodes |src_len| bytes from |src| and writes the result to
|
||||
// |dst|. It returns the number of bytes written or -1 on error.
|
||||
//
|
||||
// WARNING: EVP_DecodeBlock's return value does not take padding into
|
||||
// account. It also strips leading whitespace and trailing
|
||||
// whitespace and minuses.
|
||||
OPENSSL_EXPORT int EVP_DecodeBlock(uint8_t *dst, const uint8_t *src,
|
||||
size_t src_len);
|
||||
|
||||
|
||||
struct evp_encode_ctx_st {
|
||||
// data_used indicates the number of bytes of |data| that are valid. When
|
||||
// encoding, |data| will be filled and encoded as a lump. When decoding, only
|
||||
// the first four bytes of |data| will be used.
|
||||
unsigned data_used;
|
||||
uint8_t data[48];
|
||||
|
||||
// eof_seen indicates that the end of the base64 data has been seen when
|
||||
// decoding. Only whitespace can follow.
|
||||
char eof_seen;
|
||||
|
||||
// error_encountered indicates that invalid base64 data was found. This will
|
||||
// cause all future calls to fail.
|
||||
char error_encountered;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_BASE64_H
|
||||
+1226
File diff suppressed because it is too large
Load Diff
+48
@@ -0,0 +1,48 @@
|
||||
// Copyright (c) 2021, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_BLAKE2_H
|
||||
#define OPENSSL_HEADER_BLAKE2_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#define BLAKE2B256_DIGEST_LENGTH (256 / 8)
|
||||
#define BLAKE2B_CBLOCK 128
|
||||
|
||||
struct blake2b_state_st {
|
||||
uint64_t h[8];
|
||||
uint64_t t_low, t_high;
|
||||
uint8_t block[BLAKE2B_CBLOCK];
|
||||
size_t block_used;
|
||||
};
|
||||
|
||||
// BLAKE2B256_Init initialises |b2b| to perform a BLAKE2b-256 hash. There are no
|
||||
// pointers inside |b2b| thus release of |b2b| is purely managed by the caller.
|
||||
OPENSSL_EXPORT void BLAKE2B256_Init(BLAKE2B_CTX *b2b);
|
||||
|
||||
// BLAKE2B256_Update appends |len| bytes from |data| to the digest being
|
||||
// calculated by |b2b|.
|
||||
OPENSSL_EXPORT void BLAKE2B256_Update(BLAKE2B_CTX *b2b, const void *data,
|
||||
size_t len);
|
||||
|
||||
// BLAKE2B256_Final completes the digest calculated by |b2b| and writes
|
||||
// |BLAKE2B256_DIGEST_LENGTH| bytes to |out|.
|
||||
OPENSSL_EXPORT void BLAKE2B256_Final(uint8_t out[BLAKE2B256_DIGEST_LENGTH],
|
||||
BLAKE2B_CTX *b2b);
|
||||
|
||||
// BLAKE2B256 writes the BLAKE2b-256 digset of |len| bytes from |data| to
|
||||
// |out|.
|
||||
OPENSSL_EXPORT void BLAKE2B256(const uint8_t *data, size_t len,
|
||||
uint8_t out[BLAKE2B256_DIGEST_LENGTH]);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_BLAKE2_H
|
||||
+54
@@ -0,0 +1,54 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_BLOWFISH_H
|
||||
#define OPENSSL_HEADER_BLOWFISH_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#define BF_ENCRYPT 1
|
||||
#define BF_DECRYPT 0
|
||||
|
||||
#define BF_ROUNDS 16
|
||||
#define BF_BLOCK 8
|
||||
|
||||
typedef struct bf_key_st {
|
||||
uint32_t P[BF_ROUNDS + 2];
|
||||
uint32_t S[4 * 256];
|
||||
} BF_KEY;
|
||||
|
||||
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_set_key(BF_KEY *key, size_t len,
|
||||
const uint8_t *data);
|
||||
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_encrypt(uint32_t *data,
|
||||
const BF_KEY *key);
|
||||
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_decrypt(uint32_t *data,
|
||||
const BF_KEY *key);
|
||||
|
||||
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_ecb_encrypt(const uint8_t *in,
|
||||
uint8_t *out,
|
||||
const BF_KEY *key,
|
||||
int enc);
|
||||
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_cbc_encrypt(const uint8_t *in,
|
||||
uint8_t *out,
|
||||
size_t length,
|
||||
const BF_KEY *schedule,
|
||||
uint8_t *ivec, int enc);
|
||||
|
||||
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_cfb64_encrypt(
|
||||
const uint8_t *in, uint8_t *out, size_t length, const BF_KEY *schedule,
|
||||
uint8_t *ivec, int *num, int encrypt);
|
||||
|
||||
OPENSSL_DEPRECATED OPENSSL_EXPORT void BF_ofb64_encrypt(
|
||||
const uint8_t *in, uint8_t *out, size_t length, const BF_KEY *schedule,
|
||||
uint8_t *ivec, int *num);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_BLOWFISH_H
|
||||
+1038
File diff suppressed because it is too large
Load Diff
+4133
File diff suppressed because it is too large
Load Diff
+4138
File diff suppressed because it is too large
Load Diff
+8246
File diff suppressed because it is too large
Load Diff
+84
@@ -0,0 +1,84 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_BUFFER_H
|
||||
#define OPENSSL_HEADER_BUFFER_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Memory and string functions, see also mem.h.
|
||||
|
||||
|
||||
// buf_mem_st (aka |BUF_MEM|) is a generic buffer object used by OpenSSL.
|
||||
struct buf_mem_st {
|
||||
size_t length; // current number of bytes
|
||||
char *data;
|
||||
size_t max; // size of buffer
|
||||
};
|
||||
|
||||
// BUF_MEM_new creates a new BUF_MEM which has no allocated data buffer.
|
||||
OPENSSL_EXPORT BUF_MEM *BUF_MEM_new(void);
|
||||
|
||||
// BUF_MEM_free frees |buf->data| if needed and then frees |buf| itself.
|
||||
OPENSSL_EXPORT void BUF_MEM_free(BUF_MEM *buf);
|
||||
|
||||
// BUF_MEM_reserve ensures |buf| has capacity |cap| and allocates memory if
|
||||
// needed. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int BUF_MEM_reserve(BUF_MEM *buf, size_t cap);
|
||||
|
||||
// BUF_MEM_grow ensures that |buf| has length |len| and allocates memory if
|
||||
// needed. If the length of |buf| increased, the new bytes are filled with
|
||||
// zeros. It returns the length of |buf|, or zero if there's an error.
|
||||
OPENSSL_EXPORT size_t BUF_MEM_grow(BUF_MEM *buf, size_t len);
|
||||
|
||||
// BUF_MEM_grow_clean calls |BUF_MEM_grow|. BoringSSL always zeros memory
|
||||
// allocated memory on free.
|
||||
OPENSSL_EXPORT size_t BUF_MEM_grow_clean(BUF_MEM *buf, size_t len);
|
||||
|
||||
// BUF_MEM_append appends |in| to |buf|. It returns one on success and zero on
|
||||
// error.
|
||||
OPENSSL_EXPORT int BUF_MEM_append(BUF_MEM *buf, const void *in, size_t len);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// BUF_strdup calls |OPENSSL_strdup|.
|
||||
OPENSSL_EXPORT char *BUF_strdup(const char *str);
|
||||
|
||||
// BUF_strnlen calls |OPENSSL_strnlen|.
|
||||
OPENSSL_EXPORT size_t BUF_strnlen(const char *str, size_t max_len);
|
||||
|
||||
// BUF_strndup calls |OPENSSL_strndup|.
|
||||
OPENSSL_EXPORT char *BUF_strndup(const char *str, size_t size);
|
||||
|
||||
// BUF_memdup calls |OPENSSL_memdup|.
|
||||
OPENSSL_EXPORT void *BUF_memdup(const void *data, size_t size);
|
||||
|
||||
// BUF_strlcpy calls |OPENSSL_strlcpy|.
|
||||
OPENSSL_EXPORT size_t BUF_strlcpy(char *dst, const char *src, size_t dst_size);
|
||||
|
||||
// BUF_strlcat calls |OPENSSL_strlcat|.
|
||||
OPENSSL_EXPORT size_t BUF_strlcat(char *dst, const char *src, size_t dst_size);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(BUF_MEM, BUF_MEM_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_BUFFER_H
|
||||
+7
@@ -0,0 +1,7 @@
|
||||
// Copyright (c) 2015, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "buf.h"
|
||||
+655
@@ -0,0 +1,655 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_BYTESTRING_H
|
||||
#define OPENSSL_HEADER_BYTESTRING_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/span.h>
|
||||
#include <time.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Bytestrings are used for parsing and building TLS and ASN.1 messages.
|
||||
//
|
||||
// A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and
|
||||
// provides utility functions for safely parsing length-prefixed structures
|
||||
// like TLS and ASN.1 from it.
|
||||
//
|
||||
// A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and
|
||||
// provides utility functions for building length-prefixed messages.
|
||||
|
||||
|
||||
// CRYPTO ByteString
|
||||
|
||||
struct cbs_st {
|
||||
const uint8_t *data;
|
||||
size_t len;
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
// Allow implicit conversions to and from bssl::Span<const uint8_t>.
|
||||
cbs_st(bssl::Span<const uint8_t> span)
|
||||
: data(span.data()), len(span.size()) {}
|
||||
operator bssl::Span<const uint8_t>() const {
|
||||
return bssl::MakeConstSpan(data, len);
|
||||
}
|
||||
|
||||
// Defining any constructors requires we explicitly default the others.
|
||||
cbs_st() = default;
|
||||
cbs_st(const cbs_st &) = default;
|
||||
cbs_st &operator=(const cbs_st &) = default;
|
||||
#endif
|
||||
};
|
||||
|
||||
// CBS_init sets |cbs| to point to |data|. It does not take ownership of
|
||||
// |data|.
|
||||
OPENSSL_EXPORT void CBS_init(CBS *cbs, const uint8_t *data, size_t len);
|
||||
|
||||
// CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero
|
||||
// otherwise.
|
||||
OPENSSL_EXPORT int CBS_skip(CBS *cbs, size_t len);
|
||||
|
||||
// CBS_data returns a pointer to the contents of |cbs|.
|
||||
OPENSSL_EXPORT const uint8_t *CBS_data(const CBS *cbs);
|
||||
|
||||
// CBS_len returns the number of bytes remaining in |cbs|.
|
||||
OPENSSL_EXPORT size_t CBS_len(const CBS *cbs);
|
||||
|
||||
// CBS_stow copies the current contents of |cbs| into |*out_ptr| and
|
||||
// |*out_len|. If |*out_ptr| is not NULL, the contents are freed with
|
||||
// OPENSSL_free. It returns one on success and zero on allocation failure. On
|
||||
// success, |*out_ptr| should be freed with OPENSSL_free. If |cbs| is empty,
|
||||
// |*out_ptr| will be NULL.
|
||||
OPENSSL_EXPORT int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len);
|
||||
|
||||
// CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a
|
||||
// NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed
|
||||
// with OPENSSL_free. It returns one on success and zero on allocation
|
||||
// failure. On success, |*out_ptr| should be freed with OPENSSL_free.
|
||||
//
|
||||
// NOTE: If |cbs| contains NUL bytes, the string will be truncated. Call
|
||||
// |CBS_contains_zero_byte(cbs)| to check for NUL bytes.
|
||||
OPENSSL_EXPORT int CBS_strdup(const CBS *cbs, char **out_ptr);
|
||||
|
||||
// CBS_contains_zero_byte returns one if the current contents of |cbs| contains
|
||||
// a NUL byte and zero otherwise.
|
||||
OPENSSL_EXPORT int CBS_contains_zero_byte(const CBS *cbs);
|
||||
|
||||
// CBS_mem_equal compares the current contents of |cbs| with the |len| bytes
|
||||
// starting at |data|. If they're equal, it returns one, otherwise zero. If the
|
||||
// lengths match, it uses a constant-time comparison.
|
||||
OPENSSL_EXPORT int CBS_mem_equal(const CBS *cbs, const uint8_t *data,
|
||||
size_t len);
|
||||
|
||||
// CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It
|
||||
// returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_u8(CBS *cbs, uint8_t *out);
|
||||
|
||||
// CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and
|
||||
// advances |cbs|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_u16(CBS *cbs, uint16_t *out);
|
||||
|
||||
// CBS_get_u16le sets |*out| to the next, little-endian uint16_t from |cbs| and
|
||||
// advances |cbs|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_u16le(CBS *cbs, uint16_t *out);
|
||||
|
||||
// CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and
|
||||
// advances |cbs|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_u24(CBS *cbs, uint32_t *out);
|
||||
|
||||
// CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|
|
||||
// and advances |cbs|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_u32(CBS *cbs, uint32_t *out);
|
||||
|
||||
// CBS_get_u32le sets |*out| to the next, little-endian uint32_t value from
|
||||
// |cbs| and advances |cbs|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_u32le(CBS *cbs, uint32_t *out);
|
||||
|
||||
// CBS_get_u64 sets |*out| to the next, big-endian uint64_t value from |cbs|
|
||||
// and advances |cbs|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_u64(CBS *cbs, uint64_t *out);
|
||||
|
||||
// CBS_get_u64le sets |*out| to the next, little-endian uint64_t value from
|
||||
// |cbs| and advances |cbs|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_u64le(CBS *cbs, uint64_t *out);
|
||||
|
||||
// CBS_get_last_u8 sets |*out| to the last uint8_t from |cbs| and shortens
|
||||
// |cbs|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_last_u8(CBS *cbs, uint8_t *out);
|
||||
|
||||
// CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances
|
||||
// |cbs|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_bytes(CBS *cbs, CBS *out, size_t len);
|
||||
|
||||
// CBS_copy_bytes copies the next |len| bytes from |cbs| to |out| and advances
|
||||
// |cbs|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len);
|
||||
|
||||
// CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit,
|
||||
// length-prefixed value from |cbs| and advances |cbs| over it. It returns one
|
||||
// on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out);
|
||||
|
||||
// CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit,
|
||||
// big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
|
||||
// returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out);
|
||||
|
||||
// CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit,
|
||||
// big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
|
||||
// returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out);
|
||||
|
||||
// CBS_get_until_first finds the first instance of |c| in |cbs|. If found, it
|
||||
// sets |*out| to the text before the match, advances |cbs| over it, and returns
|
||||
// one. Otherwise, it returns zero and leaves |cbs| unmodified.
|
||||
OPENSSL_EXPORT int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c);
|
||||
|
||||
// CBS_get_u64_decimal reads a decimal integer from |cbs| and writes it to
|
||||
// |*out|. It stops reading at the end of the string, or the first non-digit
|
||||
// character. It returns one on success and zero on error. This function behaves
|
||||
// analogously to |strtoul| except it does not accept empty inputs, leading
|
||||
// zeros, or negative values.
|
||||
OPENSSL_EXPORT int CBS_get_u64_decimal(CBS *cbs, uint64_t *out);
|
||||
|
||||
|
||||
// Parsing ASN.1
|
||||
//
|
||||
// |CBS| may be used to parse DER structures. Rather than using a schema
|
||||
// compiler, the following functions act on tag-length-value elements in the
|
||||
// serialization itself. Thus the caller is responsible for looping over a
|
||||
// SEQUENCE, branching on CHOICEs or OPTIONAL fields, checking for trailing
|
||||
// data, and handling explict vs. implicit tagging.
|
||||
//
|
||||
// Tags are represented as |CBS_ASN1_TAG| values in memory. The upper few bits
|
||||
// store the class and constructed bit, and the remaining bits store the tag
|
||||
// number. Note this differs from the DER serialization, to support tag numbers
|
||||
// beyond 31. Consumers must use the constants defined below to decompose or
|
||||
// assemble tags.
|
||||
//
|
||||
// This library treats an element's constructed bit as part of its tag. In DER,
|
||||
// the constructed bit is computable from the type. The constants for universal
|
||||
// types have the bit set. Callers must set it correctly for tagged types.
|
||||
// Explicitly-tagged types are always constructed, and implicitly-tagged types
|
||||
// inherit the underlying type's bit.
|
||||
|
||||
// CBS_ASN1_TAG_SHIFT is how much the in-memory representation shifts the class
|
||||
// and constructed bits from the DER serialization.
|
||||
#define CBS_ASN1_TAG_SHIFT 24
|
||||
|
||||
// CBS_ASN1_CONSTRUCTED may be ORed into a tag to set the constructed bit.
|
||||
#define CBS_ASN1_CONSTRUCTED (0x20u << CBS_ASN1_TAG_SHIFT)
|
||||
|
||||
// The following values specify the tag class and may be ORed into a tag number
|
||||
// to produce the final tag. If none is used, the tag will be UNIVERSAL.
|
||||
#define CBS_ASN1_UNIVERSAL (0u << CBS_ASN1_TAG_SHIFT)
|
||||
#define CBS_ASN1_APPLICATION (0x40u << CBS_ASN1_TAG_SHIFT)
|
||||
#define CBS_ASN1_CONTEXT_SPECIFIC (0x80u << CBS_ASN1_TAG_SHIFT)
|
||||
#define CBS_ASN1_PRIVATE (0xc0u << CBS_ASN1_TAG_SHIFT)
|
||||
|
||||
// CBS_ASN1_CLASS_MASK may be ANDed with a tag to query its class. This will
|
||||
// give one of the four values above.
|
||||
#define CBS_ASN1_CLASS_MASK (0xc0u << CBS_ASN1_TAG_SHIFT)
|
||||
|
||||
// CBS_ASN1_TAG_NUMBER_MASK may be ANDed with a tag to query its number.
|
||||
#define CBS_ASN1_TAG_NUMBER_MASK ((1u << (5 + CBS_ASN1_TAG_SHIFT)) - 1)
|
||||
|
||||
// The following values are constants for UNIVERSAL tags. Note these constants
|
||||
// include the constructed bit.
|
||||
#define CBS_ASN1_BOOLEAN 0x1u
|
||||
#define CBS_ASN1_INTEGER 0x2u
|
||||
#define CBS_ASN1_BITSTRING 0x3u
|
||||
#define CBS_ASN1_OCTETSTRING 0x4u
|
||||
#define CBS_ASN1_NULL 0x5u
|
||||
#define CBS_ASN1_OBJECT 0x6u
|
||||
#define CBS_ASN1_ENUMERATED 0xau
|
||||
#define CBS_ASN1_UTF8STRING 0xcu
|
||||
#define CBS_ASN1_SEQUENCE (0x10u | CBS_ASN1_CONSTRUCTED)
|
||||
#define CBS_ASN1_SET (0x11u | CBS_ASN1_CONSTRUCTED)
|
||||
#define CBS_ASN1_NUMERICSTRING 0x12u
|
||||
#define CBS_ASN1_PRINTABLESTRING 0x13u
|
||||
#define CBS_ASN1_T61STRING 0x14u
|
||||
#define CBS_ASN1_VIDEOTEXSTRING 0x15u
|
||||
#define CBS_ASN1_IA5STRING 0x16u
|
||||
#define CBS_ASN1_UTCTIME 0x17u
|
||||
#define CBS_ASN1_GENERALIZEDTIME 0x18u
|
||||
#define CBS_ASN1_GRAPHICSTRING 0x19u
|
||||
#define CBS_ASN1_VISIBLESTRING 0x1au
|
||||
#define CBS_ASN1_GENERALSTRING 0x1bu
|
||||
#define CBS_ASN1_UNIVERSALSTRING 0x1cu
|
||||
#define CBS_ASN1_BMPSTRING 0x1eu
|
||||
|
||||
// CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not
|
||||
// including tag and length bytes) and advances |cbs| over it. The ASN.1
|
||||
// element must match |tag_value|.
|
||||
//
|
||||
// If |*out| is NULL, then the contents will be discarded.
|
||||
//
|
||||
// It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_asn1(CBS *cbs, CBS *out, CBS_ASN1_TAG tag_value);
|
||||
|
||||
// CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the
|
||||
// ASN.1 header bytes too.
|
||||
OPENSSL_EXPORT int CBS_get_asn1_element(CBS *cbs, CBS *out,
|
||||
CBS_ASN1_TAG tag_value);
|
||||
|
||||
// CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one
|
||||
// if the next ASN.1 element on |cbs| would have tag |tag_value|. If
|
||||
// |cbs| is empty or the tag does not match, it returns zero. Note: if
|
||||
// it returns one, CBS_get_asn1 may still fail if the rest of the
|
||||
// element is malformed.
|
||||
OPENSSL_EXPORT int CBS_peek_asn1_tag(const CBS *cbs, CBS_ASN1_TAG tag_value);
|
||||
|
||||
// CBS_get_any_asn1 sets |*out| to contain the next ASN.1 element from |*cbs|
|
||||
// (not including tag and length bytes), sets |*out_tag| to the tag number, and
|
||||
// advances |*cbs|. It returns one on success and zero on error. Either of |out|
|
||||
// and |out_tag| may be NULL to ignore the value.
|
||||
OPENSSL_EXPORT int CBS_get_any_asn1(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag);
|
||||
|
||||
// CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
|
||||
// |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
|
||||
// the tag number and |*out_header_len| to the length of the ASN.1 header. Each
|
||||
// of |out|, |out_tag|, and |out_header_len| may be NULL to ignore the value.
|
||||
OPENSSL_EXPORT int CBS_get_any_asn1_element(CBS *cbs, CBS *out,
|
||||
CBS_ASN1_TAG *out_tag,
|
||||
size_t *out_header_len);
|
||||
|
||||
// CBS_get_any_ber_asn1_element acts the same as |CBS_get_any_asn1_element| but
|
||||
// also allows indefinite-length elements to be returned and does not enforce
|
||||
// that lengths are minimal. It sets |*out_indefinite| to one if the length was
|
||||
// indefinite and zero otherwise. If indefinite, |*out_header_len| and
|
||||
// |CBS_len(out)| will be equal as only the header is returned (although this is
|
||||
// also true for empty elements so |*out_indefinite| should be checked). If
|
||||
// |out_ber_found| is not NULL then it is set to one if any case of invalid DER
|
||||
// but valid BER is found, and to zero otherwise.
|
||||
//
|
||||
// This function will not successfully parse an end-of-contents (EOC) as an
|
||||
// element. Callers parsing indefinite-length encoding must check for EOC
|
||||
// separately.
|
||||
OPENSSL_EXPORT int CBS_get_any_ber_asn1_element(CBS *cbs, CBS *out,
|
||||
CBS_ASN1_TAG *out_tag,
|
||||
size_t *out_header_len,
|
||||
int *out_ber_found,
|
||||
int *out_indefinite);
|
||||
|
||||
// CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1|
|
||||
// and sets |*out| to its value. It returns one on success and zero on error,
|
||||
// where error includes the integer being negative, or too large to represent
|
||||
// in 64 bits.
|
||||
OPENSSL_EXPORT int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out);
|
||||
|
||||
// CBS_get_asn1_int64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1|
|
||||
// and sets |*out| to its value. It returns one on success and zero on error,
|
||||
// where error includes the integer being too large to represent in 64 bits.
|
||||
OPENSSL_EXPORT int CBS_get_asn1_int64(CBS *cbs, int64_t *out);
|
||||
|
||||
// CBS_get_asn1_bool gets an ASN.1 BOOLEAN from |cbs| and sets |*out| to zero
|
||||
// or one based on its value. It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int CBS_get_asn1_bool(CBS *cbs, int *out);
|
||||
|
||||
// CBS_get_optional_asn1 gets an optional explicitly-tagged element from |cbs|
|
||||
// tagged with |tag| and sets |*out| to its contents, or ignores it if |out| is
|
||||
// NULL. If present and if |out_present| is not NULL, it sets |*out_present| to
|
||||
// one, otherwise zero. It returns one on success, whether or not the element
|
||||
// was present, and zero on decode failure.
|
||||
OPENSSL_EXPORT int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
|
||||
CBS_ASN1_TAG tag);
|
||||
|
||||
// CBS_get_optional_asn1_octet_string gets an optional
|
||||
// explicitly-tagged OCTET STRING from |cbs|. If present, it sets
|
||||
// |*out| to the string and |*out_present| to one. Otherwise, it sets
|
||||
// |*out| to empty and |*out_present| to zero. |out_present| may be
|
||||
// NULL. It returns one on success, whether or not the element was
|
||||
// present, and zero on decode failure.
|
||||
OPENSSL_EXPORT int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out,
|
||||
int *out_present,
|
||||
CBS_ASN1_TAG tag);
|
||||
|
||||
// CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged
|
||||
// INTEGER from |cbs|. If present, it sets |*out| to the
|
||||
// value. Otherwise, it sets |*out| to |default_value|. It returns one
|
||||
// on success, whether or not the element was present, and zero on
|
||||
// decode failure.
|
||||
OPENSSL_EXPORT int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out,
|
||||
CBS_ASN1_TAG tag,
|
||||
uint64_t default_value);
|
||||
|
||||
// CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from
|
||||
// |cbs|. If present, it sets |*out| to either zero or one, based on the
|
||||
// boolean. Otherwise, it sets |*out| to |default_value|. It returns one on
|
||||
// success, whether or not the element was present, and zero on decode
|
||||
// failure.
|
||||
OPENSSL_EXPORT int CBS_get_optional_asn1_bool(CBS *cbs, int *out,
|
||||
CBS_ASN1_TAG tag,
|
||||
int default_value);
|
||||
|
||||
// CBS_is_valid_asn1_bitstring returns one if |cbs| is a valid ASN.1 BIT STRING
|
||||
// body and zero otherwise.
|
||||
OPENSSL_EXPORT int CBS_is_valid_asn1_bitstring(const CBS *cbs);
|
||||
|
||||
// CBS_asn1_bitstring_has_bit returns one if |cbs| is a valid ASN.1 BIT STRING
|
||||
// body and the specified bit is present and set. Otherwise, it returns zero.
|
||||
// |bit| is indexed starting from zero.
|
||||
OPENSSL_EXPORT int CBS_asn1_bitstring_has_bit(const CBS *cbs, unsigned bit);
|
||||
|
||||
// CBS_is_valid_asn1_integer returns one if |cbs| is a valid ASN.1 INTEGER,
|
||||
// body and zero otherwise. On success, if |out_is_negative| is non-NULL,
|
||||
// |*out_is_negative| will be set to one if |cbs| is negative and zero
|
||||
// otherwise.
|
||||
OPENSSL_EXPORT int CBS_is_valid_asn1_integer(const CBS *cbs,
|
||||
int *out_is_negative);
|
||||
|
||||
// CBS_is_unsigned_asn1_integer returns one if |cbs| is a valid non-negative
|
||||
// ASN.1 INTEGER body and zero otherwise.
|
||||
OPENSSL_EXPORT int CBS_is_unsigned_asn1_integer(const CBS *cbs);
|
||||
|
||||
// CBS_is_valid_asn1_oid returns one if |cbs| is a valid DER-encoded ASN.1
|
||||
// OBJECT IDENTIFIER contents (not including the element framing) and zero
|
||||
// otherwise. This function tolerates arbitrarily large OID components.
|
||||
OPENSSL_EXPORT int CBS_is_valid_asn1_oid(const CBS *cbs);
|
||||
|
||||
// CBS_asn1_oid_to_text interprets |cbs| as DER-encoded ASN.1 OBJECT IDENTIFIER
|
||||
// contents (not including the element framing) and returns the ASCII
|
||||
// representation (e.g., "1.2.840.113554.4.1.72585") in a newly-allocated
|
||||
// string, or NULL on failure. The caller must release the result with
|
||||
// |OPENSSL_free|.
|
||||
//
|
||||
// This function may fail if |cbs| is an invalid OBJECT IDENTIFIER, or if any
|
||||
// OID components are too large.
|
||||
OPENSSL_EXPORT char *CBS_asn1_oid_to_text(const CBS *cbs);
|
||||
|
||||
|
||||
// CBS_parse_generalized_time returns one if |cbs| is a valid DER-encoded, ASN.1
|
||||
// GeneralizedTime body within the limitations imposed by RFC 5280, or zero
|
||||
// otherwise. If |allow_timezone_offset| is non-zero, four-digit timezone
|
||||
// offsets, which would not be allowed by DER, are permitted. On success, if
|
||||
// |out_tm| is non-NULL, |*out_tm| will be zeroed, and then set to the
|
||||
// corresponding time in UTC. This function does not compute |out_tm->tm_wday|
|
||||
// or |out_tm->tm_yday|.
|
||||
OPENSSL_EXPORT int CBS_parse_generalized_time(const CBS *cbs, struct tm *out_tm,
|
||||
int allow_timezone_offset);
|
||||
|
||||
// CBS_parse_utc_time returns one if |cbs| is a valid DER-encoded, ASN.1
|
||||
// UTCTime body within the limitations imposed by RFC 5280, or zero otherwise.
|
||||
// If |allow_timezone_offset| is non-zero, four-digit timezone offsets, which
|
||||
// would not be allowed by DER, are permitted. On success, if |out_tm| is
|
||||
// non-NULL, |*out_tm| will be zeroed, and then set to the corresponding time
|
||||
// in UTC. This function does not compute |out_tm->tm_wday| or
|
||||
// |out_tm->tm_yday|.
|
||||
OPENSSL_EXPORT int CBS_parse_utc_time(const CBS *cbs, struct tm *out_tm,
|
||||
int allow_timezone_offset);
|
||||
|
||||
// CBS_get_optional_asn1_int64 gets an optional, explicitly-tagged INTEGER from
|
||||
// |cbs|. If present, it sets |*out| to the value. Otherwise, it sets |*out| to
|
||||
// |default_value|. It returns one on success and zero on error, where error
|
||||
// includes the integer being too large to represent in 64 bits.
|
||||
OPENSSL_EXPORT int CBS_get_optional_asn1_int64(CBS *cbs, int64_t *out,
|
||||
CBS_ASN1_TAG tag,
|
||||
int64_t default_value);
|
||||
|
||||
// CRYPTO ByteBuilder.
|
||||
//
|
||||
// |CBB| objects allow one to build length-prefixed serialisations. A |CBB|
|
||||
// object is associated with a buffer and new buffers are created with
|
||||
// |CBB_init|. Several |CBB| objects can point at the same buffer when a
|
||||
// length-prefix is pending, however only a single |CBB| can be 'current' at
|
||||
// any one time. For example, if one calls |CBB_add_u8_length_prefixed| then
|
||||
// the new |CBB| points at the same buffer as the original. But if the original
|
||||
// |CBB| is used then the length prefix is written out and the new |CBB| must
|
||||
// not be used again.
|
||||
//
|
||||
// If one needs to force a length prefix to be written out because a |CBB| is
|
||||
// going out of scope, use |CBB_flush|. If an operation on a |CBB| fails, it is
|
||||
// in an undefined state and must not be used except to call |CBB_cleanup|.
|
||||
|
||||
struct cbb_buffer_st {
|
||||
uint8_t *buf;
|
||||
// len is the number of valid bytes in |buf|.
|
||||
size_t len;
|
||||
// cap is the size of |buf|.
|
||||
size_t cap;
|
||||
// can_resize is one iff |buf| is owned by this object. If not then |buf|
|
||||
// cannot be resized.
|
||||
unsigned can_resize : 1;
|
||||
// error is one if there was an error writing to this CBB. All future
|
||||
// operations will fail.
|
||||
unsigned error : 1;
|
||||
};
|
||||
|
||||
struct cbb_child_st {
|
||||
// base is a pointer to the buffer this |CBB| writes to.
|
||||
struct cbb_buffer_st *base;
|
||||
// offset is the number of bytes from the start of |base->buf| to this |CBB|'s
|
||||
// pending length prefix.
|
||||
size_t offset;
|
||||
// pending_len_len contains the number of bytes in this |CBB|'s pending
|
||||
// length-prefix, or zero if no length-prefix is pending.
|
||||
uint8_t pending_len_len;
|
||||
unsigned pending_is_asn1 : 1;
|
||||
};
|
||||
|
||||
struct cbb_st {
|
||||
// child points to a child CBB if a length-prefix is pending.
|
||||
CBB *child;
|
||||
// is_child is one if this is a child |CBB| and zero if it is a top-level
|
||||
// |CBB|. This determines which arm of the union is valid.
|
||||
char is_child;
|
||||
union {
|
||||
struct cbb_buffer_st base;
|
||||
struct cbb_child_st child;
|
||||
} u;
|
||||
};
|
||||
|
||||
// CBB_zero sets an uninitialised |cbb| to the zero state. It must be
|
||||
// initialised with |CBB_init| or |CBB_init_fixed| before use, but it is safe to
|
||||
// call |CBB_cleanup| without a successful |CBB_init|. This may be used for more
|
||||
// uniform cleanup of a |CBB|.
|
||||
OPENSSL_EXPORT void CBB_zero(CBB *cbb);
|
||||
|
||||
// CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as
|
||||
// needed, the |initial_capacity| is just a hint. It returns one on success or
|
||||
// zero on allocation failure.
|
||||
OPENSSL_EXPORT int CBB_init(CBB *cbb, size_t initial_capacity);
|
||||
|
||||
// CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since
|
||||
// |buf| cannot grow, trying to write more than |len| bytes will cause CBB
|
||||
// functions to fail. This function is infallible and always returns one. It is
|
||||
// safe, but not necessary, to call |CBB_cleanup| on |cbb|.
|
||||
OPENSSL_EXPORT int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len);
|
||||
|
||||
// CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects
|
||||
// writing to the same buffer. This should be used in an error case where a
|
||||
// serialisation is abandoned.
|
||||
//
|
||||
// This function can only be called on a "top level" |CBB|, i.e. one initialised
|
||||
// with |CBB_init| or |CBB_init_fixed|, or a |CBB| set to the zero state with
|
||||
// |CBB_zero|.
|
||||
OPENSSL_EXPORT void CBB_cleanup(CBB *cbb);
|
||||
|
||||
// CBB_finish completes any pending length prefix and sets |*out_data| to a
|
||||
// malloced buffer and |*out_len| to the length of that buffer. The caller
|
||||
// takes ownership of the buffer and, unless the buffer was fixed with
|
||||
// |CBB_init_fixed|, must call |OPENSSL_free| when done.
|
||||
//
|
||||
// It can only be called on a "top level" |CBB|, i.e. one initialised with
|
||||
// |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on
|
||||
// error.
|
||||
OPENSSL_EXPORT int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len);
|
||||
|
||||
// CBB_flush causes any pending length prefixes to be written out and any child
|
||||
// |CBB| objects of |cbb| to be invalidated. This allows |cbb| to continue to be
|
||||
// used after the children go out of scope, e.g. when local |CBB| objects are
|
||||
// added as children to a |CBB| that persists after a function returns. This
|
||||
// function returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int CBB_flush(CBB *cbb);
|
||||
|
||||
// CBB_data returns a pointer to the bytes written to |cbb|. It does not flush
|
||||
// |cbb|. The pointer is valid until the next operation to |cbb|.
|
||||
//
|
||||
// To avoid unfinalized length prefixes, it is a fatal error to call this on a
|
||||
// CBB with any active children.
|
||||
OPENSSL_EXPORT const uint8_t *CBB_data(const CBB *cbb);
|
||||
|
||||
// CBB_len returns the number of bytes written to |cbb|. It does not flush
|
||||
// |cbb|.
|
||||
//
|
||||
// To avoid unfinalized length prefixes, it is a fatal error to call this on a
|
||||
// CBB with any active children.
|
||||
OPENSSL_EXPORT size_t CBB_len(const CBB *cbb);
|
||||
|
||||
// CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
|
||||
// data written to |*out_contents| will be prefixed in |cbb| with an 8-bit
|
||||
// length. It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents);
|
||||
|
||||
// CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|.
|
||||
// The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit,
|
||||
// big-endian length. It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents);
|
||||
|
||||
// CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|.
|
||||
// The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit,
|
||||
// big-endian length. It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents);
|
||||
|
||||
// CBB_add_asn1 sets |*out_contents| to a |CBB| into which the contents of an
|
||||
// ASN.1 object can be written. The |tag| argument will be used as the tag for
|
||||
// the object. It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, CBS_ASN1_TAG tag);
|
||||
|
||||
// CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on
|
||||
// success and zero otherwise.
|
||||
OPENSSL_EXPORT int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len);
|
||||
|
||||
// CBB_add_zeros append |len| bytes with value zero to |cbb|. It returns one on
|
||||
// success and zero otherwise.
|
||||
OPENSSL_EXPORT int CBB_add_zeros(CBB *cbb, size_t len);
|
||||
|
||||
// CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to
|
||||
// the beginning of that space. The caller must then write |len| bytes of
|
||||
// actual contents to |*out_data|. It returns one on success and zero
|
||||
// otherwise.
|
||||
OPENSSL_EXPORT int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len);
|
||||
|
||||
// CBB_reserve ensures |cbb| has room for |len| additional bytes and sets
|
||||
// |*out_data| to point to the beginning of that space. It returns one on
|
||||
// success and zero otherwise. The caller may write up to |len| bytes to
|
||||
// |*out_data| and call |CBB_did_write| to complete the write. |*out_data| is
|
||||
// valid until the next operation on |cbb| or an ancestor |CBB|.
|
||||
OPENSSL_EXPORT int CBB_reserve(CBB *cbb, uint8_t **out_data, size_t len);
|
||||
|
||||
// CBB_did_write advances |cbb| by |len| bytes, assuming the space has been
|
||||
// written to by the caller. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBB_did_write(CBB *cbb, size_t len);
|
||||
|
||||
// CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on
|
||||
// success and zero otherwise.
|
||||
OPENSSL_EXPORT int CBB_add_u8(CBB *cbb, uint8_t value);
|
||||
|
||||
// CBB_add_u16 appends a 16-bit, big-endian number from |value| to |cbb|. It
|
||||
// returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int CBB_add_u16(CBB *cbb, uint16_t value);
|
||||
|
||||
// CBB_add_u16le appends a 16-bit, little-endian number from |value| to |cbb|.
|
||||
// It returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int CBB_add_u16le(CBB *cbb, uint16_t value);
|
||||
|
||||
// CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It
|
||||
// returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int CBB_add_u24(CBB *cbb, uint32_t value);
|
||||
|
||||
// CBB_add_u32 appends a 32-bit, big-endian number from |value| to |cbb|. It
|
||||
// returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int CBB_add_u32(CBB *cbb, uint32_t value);
|
||||
|
||||
// CBB_add_u32le appends a 32-bit, little-endian number from |value| to |cbb|.
|
||||
// It returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int CBB_add_u32le(CBB *cbb, uint32_t value);
|
||||
|
||||
// CBB_add_u64 appends a 64-bit, big-endian number from |value| to |cbb|. It
|
||||
// returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int CBB_add_u64(CBB *cbb, uint64_t value);
|
||||
|
||||
// CBB_add_u64le appends a 64-bit, little-endian number from |value| to |cbb|.
|
||||
// It returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int CBB_add_u64le(CBB *cbb, uint64_t value);
|
||||
|
||||
// CBB_discard_child discards the current unflushed child of |cbb|. Neither the
|
||||
// child's contents nor the length prefix will be included in the output.
|
||||
OPENSSL_EXPORT void CBB_discard_child(CBB *cbb);
|
||||
|
||||
// CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1|
|
||||
// and writes |value| in its contents. It returns one on success and zero on
|
||||
// error.
|
||||
OPENSSL_EXPORT int CBB_add_asn1_uint64(CBB *cbb, uint64_t value);
|
||||
|
||||
// CBB_add_asn1_uint64_with_tag behaves like |CBB_add_asn1_uint64| but uses
|
||||
// |tag| as the tag instead of INTEGER. This is useful if the INTEGER type uses
|
||||
// implicit tagging.
|
||||
OPENSSL_EXPORT int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value,
|
||||
CBS_ASN1_TAG tag);
|
||||
|
||||
// CBB_add_asn1_int64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1|
|
||||
// and writes |value| in its contents. It returns one on success and zero on
|
||||
// error.
|
||||
OPENSSL_EXPORT int CBB_add_asn1_int64(CBB *cbb, int64_t value);
|
||||
|
||||
// CBB_add_asn1_int64_with_tag behaves like |CBB_add_asn1_int64| but uses |tag|
|
||||
// as the tag instead of INTEGER. This is useful if the INTEGER type uses
|
||||
// implicit tagging.
|
||||
OPENSSL_EXPORT int CBB_add_asn1_int64_with_tag(CBB *cbb, int64_t value,
|
||||
CBS_ASN1_TAG tag);
|
||||
|
||||
// CBB_add_asn1_octet_string writes an ASN.1 OCTET STRING into |cbb| with the
|
||||
// given contents. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data,
|
||||
size_t data_len);
|
||||
|
||||
// CBB_add_asn1_bool writes an ASN.1 BOOLEAN into |cbb| which is true iff
|
||||
// |value| is non-zero. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CBB_add_asn1_bool(CBB *cbb, int value);
|
||||
|
||||
// CBB_add_asn1_oid_from_text decodes |len| bytes from |text| as an ASCII OID
|
||||
// representation, e.g. "1.2.840.113554.4.1.72585", and writes the DER-encoded
|
||||
// contents to |cbb|. It returns one on success and zero on malloc failure or if
|
||||
// |text| was invalid. It does not include the OBJECT IDENTIFER framing, only
|
||||
// the element's contents.
|
||||
//
|
||||
// This function considers OID strings with components which do not fit in a
|
||||
// |uint64_t| to be invalid.
|
||||
OPENSSL_EXPORT int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text,
|
||||
size_t len);
|
||||
|
||||
// CBB_flush_asn1_set_of calls |CBB_flush| on |cbb| and then reorders the
|
||||
// contents for a DER-encoded ASN.1 SET OF type. It returns one on success and
|
||||
// zero on failure. DER canonicalizes SET OF contents by sorting
|
||||
// lexicographically by encoding. Call this function when encoding a SET OF
|
||||
// type in an order that is not already known to be canonical.
|
||||
//
|
||||
// Note a SET type has a slightly different ordering than a SET OF.
|
||||
OPENSSL_EXPORT int CBB_flush_asn1_set_of(CBB *cbb);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
using ScopedCBB = internal::StackAllocated<CBB, void, CBB_zero, CBB_cleanup>;
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_BYTESTRING_H
|
||||
+37
@@ -0,0 +1,37 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_CHACHA_H
|
||||
#define OPENSSL_HEADER_CHACHA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// ChaCha20.
|
||||
//
|
||||
// ChaCha20 is a stream cipher. See https://tools.ietf.org/html/rfc8439.
|
||||
|
||||
|
||||
// CRYPTO_chacha_20 encrypts |in_len| bytes from |in| with the given key and
|
||||
// nonce and writes the result to |out|. If |in| and |out| alias, they must be
|
||||
// equal. The initial block counter is specified by |counter|. |in| must be
|
||||
// aligned on a block boundary.
|
||||
//
|
||||
// This function implements a 32-bit block counter as in RFC 8439. On overflow,
|
||||
// the counter wraps. Reusing a key, nonce, and block counter combination is not
|
||||
// secure, so wrapping is usually a bug in the caller. While it is possible to
|
||||
// wrap without reuse with a large initial block counter, this is not
|
||||
// recommended and may not be portable to other ChaCha20 implementations.
|
||||
OPENSSL_EXPORT void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in,
|
||||
size_t in_len, const uint8_t key[32],
|
||||
const uint8_t nonce[12], uint32_t counter);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_CHACHA_H
|
||||
+692
@@ -0,0 +1,692 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_CIPHER_H
|
||||
#define OPENSSL_HEADER_CIPHER_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Ciphers.
|
||||
|
||||
|
||||
// Cipher primitives.
|
||||
//
|
||||
// The following functions return |EVP_CIPHER| objects that implement the named
|
||||
// cipher algorithm.
|
||||
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_rc4(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_cbc(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ecb(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede_cbc(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_cbc(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ecb(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cbc(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ctr(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ofb(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ecb(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ctr(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ofb(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_xts(void);
|
||||
|
||||
// EVP_aes_256_wrap implements AES-256 in Key Wrap mode. OpenSSL 1.1.1 required
|
||||
// |EVP_CIPHER_CTX_FLAG_WRAP_ALLOW| to be set with |EVP_CIPHER_CTX_set_flags|,
|
||||
// in order for |EVP_aes_256_wrap| to work. This is not required in AWS-LC and
|
||||
// they are no-op flags maintained for compatibility.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_wrap(void);
|
||||
|
||||
// EVP_enc_null returns a 'cipher' that passes plaintext through as
|
||||
// ciphertext.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_enc_null(void);
|
||||
|
||||
// EVP_rc2_cbc returns a cipher that implements 128-bit RC2 in CBC mode.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_rc2_cbc(void);
|
||||
|
||||
// EVP_rc2_40_cbc returns a cipher that implements 40-bit RC2 in CBC mode. This
|
||||
// is obviously very, very weak and is included only in order to read PKCS#12
|
||||
// files, which often encrypt the certificate chain using this cipher. It is
|
||||
// deliberately not exported.
|
||||
const EVP_CIPHER *EVP_rc2_40_cbc(void);
|
||||
|
||||
// EVP_chacha20_poly1305 returns a cipher that implements chacha20-poly1305 as
|
||||
// described in RFC 8439. This cipher implementation is added for
|
||||
// compatibility. Consumers should use |EVP_aead_chacha20_poly1305| instead.
|
||||
// Callers are advised that the maximum amount of data that can be encrypted
|
||||
// using chacha20-poly1305 is 256GB.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_chacha20_poly1305(void);
|
||||
|
||||
// EVP_get_cipherbynid returns the cipher corresponding to the given NID, or
|
||||
// NULL if no such cipher is known. Note using this function links almost every
|
||||
// cipher implemented by BoringSSL into the binary, whether the caller uses them
|
||||
// or not. Size-conscious callers, such as client software, should not use this
|
||||
// function.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbynid(int nid);
|
||||
|
||||
|
||||
// Cipher context allocation.
|
||||
//
|
||||
// An |EVP_CIPHER_CTX| represents the state of an encryption or decryption in
|
||||
// progress.
|
||||
|
||||
// EVP_CIPHER_CTX_init initialises an, already allocated, |EVP_CIPHER_CTX|.
|
||||
OPENSSL_EXPORT void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_new allocates a fresh |EVP_CIPHER_CTX|, calls
|
||||
// |EVP_CIPHER_CTX_init| and returns it, or NULL on allocation failure.
|
||||
OPENSSL_EXPORT EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
|
||||
|
||||
// EVP_CIPHER_CTX_cleanup frees any memory referenced by |ctx|. It returns
|
||||
// one.
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_free calls |EVP_CIPHER_CTX_cleanup| on |ctx| and then frees
|
||||
// |ctx| itself.
|
||||
OPENSSL_EXPORT void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_copy sets |out| to be a duplicate of the current state of
|
||||
// |in|. The |out| argument must have been previously initialised.
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out,
|
||||
const EVP_CIPHER_CTX *in);
|
||||
|
||||
// EVP_CIPHER_CTX_reset calls |EVP_CIPHER_CTX_cleanup| followed by
|
||||
// |EVP_CIPHER_CTX_init| and returns one.
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
|
||||
|
||||
|
||||
// Cipher context configuration.
|
||||
|
||||
// EVP_CipherInit_ex configures |ctx| for a fresh encryption (or decryption, if
|
||||
// |enc| is zero) operation using |cipher|. If |ctx| has been previously
|
||||
// configured with a cipher then |cipher|, |key| and |iv| may be |NULL| and
|
||||
// |enc| may be -1 to reuse the previous values. The operation will use |key|
|
||||
// as the key and |iv| as the IV (if any). These should have the correct
|
||||
// lengths given by |EVP_CIPHER_key_length| and |EVP_CIPHER_iv_length|. It
|
||||
// returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
|
||||
const EVP_CIPHER *cipher, ENGINE *engine,
|
||||
const uint8_t *key, const uint8_t *iv,
|
||||
int enc);
|
||||
|
||||
// EVP_EncryptInit_ex calls |EVP_CipherInit_ex| with |enc| equal to one.
|
||||
OPENSSL_EXPORT int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
|
||||
const EVP_CIPHER *cipher, ENGINE *impl,
|
||||
const uint8_t *key, const uint8_t *iv);
|
||||
|
||||
// EVP_DecryptInit_ex calls |EVP_CipherInit_ex| with |enc| equal to zero.
|
||||
OPENSSL_EXPORT int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
|
||||
const EVP_CIPHER *cipher, ENGINE *impl,
|
||||
const uint8_t *key, const uint8_t *iv);
|
||||
|
||||
|
||||
// Cipher operations.
|
||||
|
||||
// EVP_EncryptUpdate encrypts |in_len| bytes from |in| to |out|. The number
|
||||
// of output bytes may be up to |in_len| plus the block length minus one and
|
||||
// |out| must have sufficient space. The number of bytes actually output is
|
||||
// written to |*out_len|. It returns one on success and zero otherwise.
|
||||
//
|
||||
// If |ctx| is an AEAD cipher, e.g. |EVP_aes_128_gcm|, and |out| is NULL, this
|
||||
// function instead adds |in_len| bytes from |in| to the AAD and sets |*out_len|
|
||||
// to |in_len|. The AAD must be fully specified in this way before this function
|
||||
// is used to encrypt plaintext.
|
||||
OPENSSL_EXPORT int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len, const uint8_t *in,
|
||||
int in_len);
|
||||
|
||||
// EVP_EncryptFinal_ex writes at most a block of ciphertext to |out| and sets
|
||||
// |*out_len| to the number of bytes written. If padding is enabled (the
|
||||
// default) then standard padding is applied to create the final block. If
|
||||
// padding is disabled (with |EVP_CIPHER_CTX_set_padding|) then any partial
|
||||
// block remaining will cause an error. The function returns one on success and
|
||||
// zero otherwise.
|
||||
OPENSSL_EXPORT int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
// EVP_DecryptUpdate decrypts |in_len| bytes from |in| to |out|. The number of
|
||||
// output bytes may be up to |in_len| plus the block length minus one and |out|
|
||||
// must have sufficient space. The number of bytes actually output is written
|
||||
// to |*out_len|. It returns one on success and zero otherwise.
|
||||
//
|
||||
// If |ctx| is an AEAD cipher, e.g. |EVP_aes_128_gcm|, and |out| is NULL, this
|
||||
// function instead adds |in_len| bytes from |in| to the AAD and sets |*out_len|
|
||||
// to |in_len|. The AAD must be fully specified in this way before this function
|
||||
// is used to decrypt ciphertext.
|
||||
OPENSSL_EXPORT int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len, const uint8_t *in,
|
||||
int in_len);
|
||||
|
||||
// EVP_DecryptFinal_ex writes at most a block of ciphertext to |out| and sets
|
||||
// |*out_len| to the number of bytes written. If padding is enabled (the
|
||||
// default) then padding is removed from the final block.
|
||||
//
|
||||
// WARNING: it is unsafe to call this function with unauthenticated
|
||||
// ciphertext if padding is enabled.
|
||||
OPENSSL_EXPORT int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
// EVP_CipherUpdate calls either |EVP_EncryptUpdate| or |EVP_DecryptUpdate|
|
||||
// depending on how |ctx| has been setup.
|
||||
OPENSSL_EXPORT int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len, const uint8_t *in,
|
||||
int in_len);
|
||||
|
||||
// EVP_CipherFinal_ex calls either |EVP_EncryptFinal_ex| or
|
||||
// |EVP_DecryptFinal_ex| depending on how |ctx| has been setup.
|
||||
OPENSSL_EXPORT int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
|
||||
// Cipher context accessors.
|
||||
|
||||
// EVP_CIPHER_CTX_cipher returns the |EVP_CIPHER| underlying |ctx|, or NULL if
|
||||
// none has been set.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_CIPHER_CTX_cipher(
|
||||
const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_nid returns a NID identifying the |EVP_CIPHER| underlying
|
||||
// |ctx| (e.g. |NID_aes_128_gcm|). It will crash if no cipher has been
|
||||
// configured.
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_encrypting returns one if |ctx| is configured for encryption
|
||||
// and zero otherwise.
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_block_size returns the block size, in bytes, of the cipher
|
||||
// underlying |ctx|, or one if the cipher is a stream cipher. It will crash if
|
||||
// no cipher has been configured.
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_key_length returns the key size, in bytes, of the cipher
|
||||
// underlying |ctx| or zero if no cipher has been configured.
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_iv_length returns the IV size, in bytes, of the cipher
|
||||
// underlying |ctx|. It will crash if no cipher has been configured.
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_get_app_data returns the opaque, application data pointer for
|
||||
// |ctx|, or NULL if none has been set.
|
||||
OPENSSL_EXPORT void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_set_app_data sets the opaque, application data pointer for
|
||||
// |ctx| to |data|.
|
||||
OPENSSL_EXPORT void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx,
|
||||
void *data);
|
||||
|
||||
// EVP_CIPHER_CTX_flags returns a value which is the OR of zero or more
|
||||
// |EVP_CIPH_*| flags. It will crash if no cipher has been configured.
|
||||
OPENSSL_EXPORT uint32_t EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_mode returns one of the |EVP_CIPH_*| cipher mode values
|
||||
// enumerated below. It will crash if no cipher has been configured.
|
||||
OPENSSL_EXPORT uint32_t EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
|
||||
|
||||
// EVP_CIPHER_CTX_ctrl is an |ioctl| like function. The |command| argument
|
||||
// should be one of the |EVP_CTRL_*| values. The |arg| and |ptr| arguments are
|
||||
// specific to the command in question.
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int command,
|
||||
int arg, void *ptr);
|
||||
|
||||
// EVP_CIPHER_CTX_set_padding sets whether padding is enabled for |ctx| and
|
||||
// returns one. Pass a non-zero |pad| to enable padding (the default) or zero
|
||||
// to disable.
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad);
|
||||
|
||||
// EVP_CIPHER_CTX_set_key_length sets the key length for |ctx|. This is only
|
||||
// valid for ciphers that can take a variable length key. It returns one on
|
||||
// success and zero on error.
|
||||
OPENSSL_EXPORT int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *ctx,
|
||||
unsigned key_len);
|
||||
|
||||
|
||||
// Cipher accessors.
|
||||
|
||||
// EVP_CIPHER_nid returns a NID identifying |cipher|. (For example,
|
||||
// |NID_aes_128_gcm|.)
|
||||
OPENSSL_EXPORT int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
|
||||
|
||||
// EVP_CIPHER_name returns the short name of |cipher|.
|
||||
OPENSSL_EXPORT const char *EVP_CIPHER_name(const EVP_CIPHER *cipher);
|
||||
|
||||
// EVP_CIPHER_block_size returns the block size, in bytes, for |cipher|, or one
|
||||
// if |cipher| is a stream cipher.
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
|
||||
|
||||
// EVP_CIPHER_key_length returns the key size, in bytes, for |cipher|. If
|
||||
// |cipher| can take a variable key length then this function returns the
|
||||
// default key length and |EVP_CIPHER_flags| will return a value with
|
||||
// |EVP_CIPH_VARIABLE_LENGTH| set.
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
|
||||
|
||||
// EVP_CIPHER_iv_length returns the IV size, in bytes, of |cipher|, or zero if
|
||||
// |cipher| doesn't take an IV.
|
||||
OPENSSL_EXPORT unsigned EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
|
||||
|
||||
// EVP_CIPHER_flags returns a value which is the OR of zero or more
|
||||
// |EVP_CIPH_*| flags.
|
||||
OPENSSL_EXPORT uint32_t EVP_CIPHER_flags(const EVP_CIPHER *cipher);
|
||||
|
||||
// EVP_CIPHER_mode returns one of the cipher mode values enumerated below.
|
||||
OPENSSL_EXPORT uint32_t EVP_CIPHER_mode(const EVP_CIPHER *cipher);
|
||||
|
||||
|
||||
// Key derivation.
|
||||
|
||||
// EVP_BytesToKey generates a key and IV for the cipher |type| by iterating
|
||||
// |md| |count| times using |data| and |salt|. On entry, the |key| and |iv|
|
||||
// buffers must have enough space to hold a key and IV for |type|. It returns
|
||||
// the length of the key on success or zero on error.
|
||||
OPENSSL_EXPORT int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
|
||||
const uint8_t *salt, const uint8_t *data,
|
||||
size_t data_len, unsigned count, uint8_t *key,
|
||||
uint8_t *iv);
|
||||
|
||||
|
||||
// Cipher modes (for |EVP_CIPHER_mode|).
|
||||
|
||||
#define EVP_CIPH_STREAM_CIPHER 0x0
|
||||
#define EVP_CIPH_ECB_MODE 0x1
|
||||
#define EVP_CIPH_CBC_MODE 0x2
|
||||
#define EVP_CIPH_CFB_MODE 0x3
|
||||
#define EVP_CIPH_OFB_MODE 0x4
|
||||
#define EVP_CIPH_CTR_MODE 0x5
|
||||
#define EVP_CIPH_GCM_MODE 0x6
|
||||
#define EVP_CIPH_XTS_MODE 0x7
|
||||
#define EVP_CIPH_CCM_MODE 0x8
|
||||
|
||||
// EVP_CIPH_FLAG_LENGTH_BITS buffers length in bits not bytes: CFB1 mode only.
|
||||
#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
|
||||
// The following values are never returned from |EVP_CIPHER_mode| and are
|
||||
// included only to make it easier to compile code with BoringSSL.
|
||||
#define EVP_CIPH_OCB_MODE 0x9
|
||||
#define EVP_CIPH_WRAP_MODE 0xa
|
||||
|
||||
|
||||
// Cipher flags (for |EVP_CIPHER_flags|).
|
||||
|
||||
// EVP_CIPH_VARIABLE_LENGTH indicates that the cipher takes a variable length
|
||||
// key.
|
||||
#define EVP_CIPH_VARIABLE_LENGTH 0x40
|
||||
|
||||
// EVP_CIPH_ALWAYS_CALL_INIT indicates that the |init| function for the cipher
|
||||
// should always be called when initialising a new operation, even if the key
|
||||
// is NULL to indicate that the same key is being used.
|
||||
#define EVP_CIPH_ALWAYS_CALL_INIT 0x80
|
||||
|
||||
// EVP_CIPH_CUSTOM_IV indicates that the cipher manages the IV itself rather
|
||||
// than keeping it in the |iv| member of |EVP_CIPHER_CTX|.
|
||||
#define EVP_CIPH_CUSTOM_IV 0x100
|
||||
|
||||
// EVP_CIPH_CTRL_INIT indicates that EVP_CTRL_INIT should be used when
|
||||
// initialising an |EVP_CIPHER_CTX|.
|
||||
#define EVP_CIPH_CTRL_INIT 0x200
|
||||
|
||||
// EVP_CIPH_FLAG_CUSTOM_CIPHER indicates that the cipher manages blocking
|
||||
// itself. This causes EVP_(En|De)crypt_ex to be simple wrapper functions.
|
||||
#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x400
|
||||
|
||||
// EVP_CIPH_FLAG_AEAD_CIPHER specifies that the cipher is an AEAD. This is an
|
||||
// older version of the proper AEAD interface. See aead.h for the current
|
||||
// one.
|
||||
#define EVP_CIPH_FLAG_AEAD_CIPHER 0x800
|
||||
|
||||
// EVP_CIPH_CUSTOM_COPY indicates that the |ctrl| callback should be called
|
||||
// with |EVP_CTRL_COPY| at the end of normal |EVP_CIPHER_CTX_copy|
|
||||
// processing.
|
||||
#define EVP_CIPH_CUSTOM_COPY 0x1000
|
||||
|
||||
// EVP_CIPH_FLAG_NON_FIPS_ALLOW is meaningless. In OpenSSL it permits non-FIPS
|
||||
// algorithms in FIPS mode. But BoringSSL FIPS mode doesn't prohibit algorithms
|
||||
// (it's up the the caller to use the FIPS module in a fashion compliant with
|
||||
// their needs). Thus this exists only to allow code to compile.
|
||||
#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0
|
||||
|
||||
|
||||
// Deprecated functions
|
||||
|
||||
// EVP_aes_128/256_cbc_hmac_sha1/256 return |EVP_CIPHER| objects that implement
|
||||
// the named cipher algorithm. They are imported from OpenSSL to provide AES CBC
|
||||
// HMAC SHA stitch implementation. These methods are TLS specific.
|
||||
//
|
||||
// WARNING: these APIs usage can get wrong easily. Below functions include
|
||||
// details.
|
||||
// |aesni_cbc_hmac_sha1_cipher| and |aesni_cbc_hmac_sha256_cipher|.
|
||||
|
||||
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);
|
||||
|
||||
// EVP_CipherInit acts like EVP_CipherInit_ex except that |EVP_CIPHER_CTX_init|
|
||||
// is called on |cipher| first, if |cipher| is not NULL.
|
||||
OPENSSL_EXPORT int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
||||
const uint8_t *key, const uint8_t *iv,
|
||||
int enc);
|
||||
|
||||
// EVP_EncryptInit calls |EVP_CipherInit| with |enc| equal to one.
|
||||
OPENSSL_EXPORT int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,
|
||||
const EVP_CIPHER *cipher, const uint8_t *key,
|
||||
const uint8_t *iv);
|
||||
|
||||
// EVP_DecryptInit calls |EVP_CipherInit| with |enc| equal to zero.
|
||||
OPENSSL_EXPORT int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,
|
||||
const EVP_CIPHER *cipher, const uint8_t *key,
|
||||
const uint8_t *iv);
|
||||
|
||||
// EVP_CipherFinal calls |EVP_CipherFinal_ex|.
|
||||
OPENSSL_EXPORT int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
// EVP_EncryptFinal calls |EVP_EncryptFinal_ex|.
|
||||
OPENSSL_EXPORT int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
// EVP_DecryptFinal calls |EVP_DecryptFinal_ex|.
|
||||
OPENSSL_EXPORT int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
int *out_len);
|
||||
|
||||
// EVP_Cipher historically exposed an internal implementation detail of |ctx|
|
||||
// and should not be used. Use |EVP_CipherUpdate| and |EVP_CipherFinal_ex|
|
||||
// instead.
|
||||
//
|
||||
// If |ctx|'s cipher does not have the |EVP_CIPH_FLAG_CUSTOM_CIPHER| flag, it
|
||||
// encrypts or decrypts |in_len| bytes from |in| and writes the resulting
|
||||
// |in_len| bytes to |out|. It returns one on success and zero on error.
|
||||
// |in_len| must be a multiple of the cipher's block size, or the behavior is
|
||||
// undefined.
|
||||
//
|
||||
// TODO(davidben): Rather than being undefined (it'll often round the length up
|
||||
// and likely read past the buffer), just fail the operation.
|
||||
//
|
||||
// If |ctx|'s cipher has the |EVP_CIPH_FLAG_CUSTOM_CIPHER| flag, it runs in one
|
||||
// of two modes: If |in| is non-NULL, it behaves like |EVP_CipherUpdate|. If
|
||||
// |in| is NULL, it behaves like |EVP_CipherFinal_ex|. In both cases, it returns
|
||||
// |*out_len| on success and -1 on error.
|
||||
//
|
||||
// WARNING: The two possible calling conventions of this function signal errors
|
||||
// incompatibly. In the first, zero indicates an error. In the second, zero
|
||||
// indicates success with zero bytes of output.
|
||||
OPENSSL_EXPORT int EVP_Cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
|
||||
const uint8_t *in, size_t in_len);
|
||||
|
||||
// EVP_get_cipherbyname returns an |EVP_CIPHER| given a human readable name in
|
||||
// |name|, or NULL if the name is unknown. Note using this function links almost
|
||||
// every cipher implemented by BoringSSL into the binary, not just the ones the
|
||||
// caller requests. Size-conscious callers, such as client software, should not
|
||||
// use this function.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
|
||||
|
||||
// These AEADs are deprecated AES-GCM implementations that set
|
||||
// |EVP_CIPH_FLAG_CUSTOM_CIPHER|. Use |EVP_aead_aes_128_gcm| and
|
||||
// |EVP_aead_aes_256_gcm| instead.
|
||||
//
|
||||
// WARNING: Although these APIs allow streaming an individual AES-GCM operation,
|
||||
// this is not secure. Until calling |EVP_DecryptFinal_ex|, the tag has not yet
|
||||
// been checked and output released by |EVP_DecryptUpdate| is unauthenticated
|
||||
// and easily manipulated by attackers. Callers must buffer the output and may
|
||||
// not act on it until the entire operation is complete.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_gcm(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_gcm(void);
|
||||
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ccm(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ccm(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ccm(void);
|
||||
|
||||
// These are deprecated, 192-bit version of AES.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ctr(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_gcm(void);
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ofb(void);
|
||||
|
||||
// EVP_des_ede3_ecb is an alias for |EVP_des_ede3|. Use the former instead.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_ecb(void);
|
||||
|
||||
// EVP_aes_128_cfb128 is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void);
|
||||
|
||||
// EVP_aes_128_cfb is an alias for |EVP_aes_128_cfb128| and is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb(void);
|
||||
|
||||
// EVP_aes_128_cfb1 is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb1(void);
|
||||
|
||||
// EVP_aes_128_cfb8 is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb8(void);
|
||||
|
||||
// EVP_aes_192_cfb128 is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cfb128(void);
|
||||
|
||||
// EVP_aes_192_cfb is an alias for |EVP_aes_192_cfb128| and is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cfb(void);
|
||||
|
||||
// EVP_aes_192_cfb1 is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cfb1(void);
|
||||
|
||||
// EVP_aes_192_cfb8 is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cfb8(void);
|
||||
|
||||
// EVP_aes_256_cfb128 is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void);
|
||||
|
||||
// EVP_aes_256_cfb is an alias for |EVP_aes_256_cfb128| and is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb(void);
|
||||
|
||||
// EVP_aes_256_cfb1 is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb1(void);
|
||||
|
||||
// EVP_aes_256_cfb8 is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb8(void);
|
||||
|
||||
// EVP_bf_ecb is Blowfish in ECB mode and is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_ecb(void);
|
||||
|
||||
// EVP_bf_cbc is Blowfish in CBC mode and is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_cbc(void);
|
||||
|
||||
// EVP_bf_cfb is an alias for |EVP_bf_cfb64| and is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_cfb(void);
|
||||
|
||||
// EVP_bf_cfb64 is Blowfish in 64-bit CFB mode and is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_cfb64(void);
|
||||
|
||||
// EVP_bf_ofb is Blowfish in 64-bit OFB mode and is deprecated.
|
||||
OPENSSL_EXPORT const EVP_CIPHER *EVP_bf_ofb(void);
|
||||
|
||||
// EVP_cast5_ecb is CAST5 in ECB mode and is deprecated.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED const EVP_CIPHER *EVP_cast5_ecb(void);
|
||||
|
||||
// EVP_cast5_cbc is CAST5 in CBC mode and is deprecated.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED const EVP_CIPHER *EVP_cast5_cbc(void);
|
||||
|
||||
|
||||
// General No-op Functions [Deprecated].
|
||||
|
||||
// EVP_CIPHER_CTX_set_flags does nothing. We strongly discourage doing
|
||||
// any additional configurations when consuming |EVP_CIPHER_CTX|.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void EVP_CIPHER_CTX_set_flags(
|
||||
const EVP_CIPHER_CTX *ctx, uint32_t flags);
|
||||
|
||||
// The following flags are related to |EVP_CIPHER_CTX_set_flags|. They
|
||||
// do nothing and are included only to make it easier to compile code
|
||||
// with AWS-LC.
|
||||
#define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0
|
||||
|
||||
// EVP_add_cipher_alias does nothing and returns one.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_add_cipher_alias(const char *a,
|
||||
const char *b);
|
||||
|
||||
|
||||
// Private functions.
|
||||
|
||||
// EVP_CIPH_NO_PADDING disables padding in block ciphers.
|
||||
#define EVP_CIPH_NO_PADDING 0x800
|
||||
|
||||
// The following are |EVP_CIPHER_CTX_ctrl| commands.
|
||||
#define EVP_CTRL_INIT 0x0
|
||||
#define EVP_CTRL_SET_KEY_LENGTH 0x1
|
||||
#define EVP_CTRL_GET_RC2_KEY_BITS 0x2
|
||||
#define EVP_CTRL_SET_RC2_KEY_BITS 0x3
|
||||
#define EVP_CTRL_GET_RC5_ROUNDS 0x4
|
||||
#define EVP_CTRL_SET_RC5_ROUNDS 0x5
|
||||
#define EVP_CTRL_RAND_KEY 0x6
|
||||
#define EVP_CTRL_PBE_PRF_NID 0x7
|
||||
#define EVP_CTRL_COPY 0x8
|
||||
#define EVP_CTRL_AEAD_SET_IVLEN 0x9
|
||||
#define EVP_CTRL_AEAD_GET_TAG 0x10
|
||||
#define EVP_CTRL_AEAD_SET_TAG 0x11
|
||||
#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12
|
||||
#define EVP_CTRL_GCM_IV_GEN 0x13
|
||||
#define EVP_CTRL_CCM_SET_L 0x14
|
||||
#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
|
||||
// EVP_CTRL_GCM_SET_IV_INV sets the GCM invocation field, decrypt only
|
||||
#define EVP_CTRL_GCM_SET_IV_INV 0x18
|
||||
#define EVP_CTRL_GET_IVLEN 0x19
|
||||
|
||||
// The following constants are unused.
|
||||
#define EVP_GCM_TLS_FIXED_IV_LEN 4
|
||||
#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8
|
||||
#define EVP_GCM_TLS_TAG_LEN 16
|
||||
|
||||
// The following are legacy aliases for AEAD |EVP_CIPHER_CTX_ctrl| values.
|
||||
#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
|
||||
#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
|
||||
#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
|
||||
#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED
|
||||
|
||||
#define EVP_MAX_KEY_LENGTH 64
|
||||
#define EVP_MAX_IV_LENGTH 16
|
||||
#define EVP_MAX_BLOCK_LENGTH 32
|
||||
|
||||
struct evp_cipher_ctx_st {
|
||||
// cipher contains the underlying cipher for this context.
|
||||
const EVP_CIPHER *cipher;
|
||||
|
||||
// app_data is a pointer to opaque, user data.
|
||||
void *app_data; // application stuff
|
||||
|
||||
// cipher_data points to the |cipher| specific state.
|
||||
void *cipher_data;
|
||||
|
||||
// key_len contains the length of the key, which may differ from
|
||||
// |cipher->key_len| if the cipher can take a variable key length.
|
||||
unsigned key_len;
|
||||
|
||||
// encrypt is one if encrypting and zero if decrypting.
|
||||
int encrypt;
|
||||
|
||||
// flags contains the OR of zero or more |EVP_CIPH_*| flags, above.
|
||||
uint32_t flags;
|
||||
|
||||
// oiv contains the original IV value.
|
||||
uint8_t oiv[EVP_MAX_IV_LENGTH];
|
||||
|
||||
// iv contains the current IV value, which may have been updated.
|
||||
uint8_t iv[EVP_MAX_IV_LENGTH];
|
||||
|
||||
// buf contains a partial block which is used by, for example, CTR mode to
|
||||
// store unused keystream bytes.
|
||||
uint8_t buf[EVP_MAX_BLOCK_LENGTH];
|
||||
|
||||
// buf_len contains the number of bytes of a partial block contained in
|
||||
// |buf|.
|
||||
int buf_len;
|
||||
|
||||
// num contains the number of bytes of |iv| which are valid for modes that
|
||||
// manage partial blocks themselves.
|
||||
unsigned num;
|
||||
|
||||
// final_used is non-zero if the |final| buffer contains plaintext.
|
||||
int final_used;
|
||||
|
||||
uint8_t final[EVP_MAX_BLOCK_LENGTH]; // possible final block
|
||||
|
||||
// Has this structure been rendered unusable by a failure.
|
||||
int poisoned;
|
||||
} /* EVP_CIPHER_CTX */;
|
||||
|
||||
typedef struct evp_cipher_info_st {
|
||||
const EVP_CIPHER *cipher;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH];
|
||||
} EVP_CIPHER_INFO;
|
||||
|
||||
|
||||
// AES-CBC stitch ctrl method constants
|
||||
|
||||
// EVP_CTRL_AEAD_TLS1_AAD is a control command for |EVP_CIPHER_CTX_ctrl| to set
|
||||
// the length of the TLS additional authenticated data
|
||||
#define EVP_CTRL_AEAD_TLS1_AAD 0x16
|
||||
// EVP_AEAD_TLS1_AAD_LEN is the length of the additional authenticated data from
|
||||
// RFC 5246.
|
||||
#define EVP_AEAD_TLS1_AAD_LEN 13
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(EVP_CIPHER_CTX, EVP_CIPHER_CTX_free)
|
||||
|
||||
using ScopedEVP_CIPHER_CTX =
|
||||
internal::StackAllocated<EVP_CIPHER_CTX, int, EVP_CIPHER_CTX_init,
|
||||
EVP_CIPHER_CTX_cleanup>;
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#define CIPHER_R_AES_KEY_SETUP_FAILED 100
|
||||
#define CIPHER_R_BAD_DECRYPT 101
|
||||
#define CIPHER_R_BAD_KEY_LENGTH 102
|
||||
#define CIPHER_R_BUFFER_TOO_SMALL 103
|
||||
#define CIPHER_R_CTRL_NOT_IMPLEMENTED 104
|
||||
#define CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED 105
|
||||
#define CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 106
|
||||
#define CIPHER_R_INITIALIZATION_ERROR 107
|
||||
#define CIPHER_R_INPUT_NOT_INITIALIZED 108
|
||||
#define CIPHER_R_INVALID_AD_SIZE 109
|
||||
#define CIPHER_R_INVALID_KEY_LENGTH 110
|
||||
#define CIPHER_R_INVALID_NONCE_SIZE 111
|
||||
#define CIPHER_R_INVALID_OPERATION 112
|
||||
#define CIPHER_R_IV_TOO_LARGE 113
|
||||
#define CIPHER_R_NO_CIPHER_SET 114
|
||||
#define CIPHER_R_OUTPUT_ALIASES_INPUT 115
|
||||
#define CIPHER_R_TAG_TOO_LARGE 116
|
||||
#define CIPHER_R_TOO_LARGE 117
|
||||
#define CIPHER_R_UNSUPPORTED_AD_SIZE 118
|
||||
#define CIPHER_R_UNSUPPORTED_INPUT_SIZE 119
|
||||
#define CIPHER_R_UNSUPPORTED_KEY_SIZE 120
|
||||
#define CIPHER_R_UNSUPPORTED_NONCE_SIZE 121
|
||||
#define CIPHER_R_UNSUPPORTED_TAG_SIZE 122
|
||||
#define CIPHER_R_WRONG_FINAL_BLOCK_LENGTH 123
|
||||
#define CIPHER_R_NO_DIRECTION_SET 124
|
||||
#define CIPHER_R_INVALID_NONCE 125
|
||||
#define CIPHER_R_XTS_DUPLICATED_KEYS 138
|
||||
#define CIPHER_R_XTS_DATA_UNIT_IS_TOO_LARGE 139
|
||||
#define CIPHER_R_CTRL_OPERATION_NOT_PERFORMED 140
|
||||
#define CIPHER_R_SERIALIZATION_INVALID_EVP_AEAD_CTX 141
|
||||
#define CIPHER_R_ALIGNMENT_CHANGED 142
|
||||
#define CIPHER_R_SERIALIZATION_INVALID_SERDE_VERSION 143
|
||||
#define CIPHER_R_SERIALIZATION_INVALID_CIPHER_ID 144
|
||||
|
||||
#endif // OPENSSL_HEADER_CIPHER_H
|
||||
+86
@@ -0,0 +1,86 @@
|
||||
// Copyright (c) 2015, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_CMAC_H
|
||||
#define OPENSSL_HEADER_CMAC_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// CMAC.
|
||||
//
|
||||
// CMAC is a MAC based on AES-CBC and defined in
|
||||
// https://tools.ietf.org/html/rfc4493#section-2.3.
|
||||
|
||||
|
||||
// One-shot functions.
|
||||
|
||||
// AES_CMAC calculates the 16-byte, CMAC authenticator of |in_len| bytes of
|
||||
// |in| and writes it to |out|. The |key_len| may be 16 or 32 bytes to select
|
||||
// between AES-128 and AES-256. It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int AES_CMAC(uint8_t out[16], const uint8_t *key, size_t key_len,
|
||||
const uint8_t *in, size_t in_len);
|
||||
|
||||
|
||||
// Incremental interface.
|
||||
|
||||
// CMAC_CTX_new allocates a fresh |CMAC_CTX| and returns it, or NULL on
|
||||
// error.
|
||||
OPENSSL_EXPORT CMAC_CTX *CMAC_CTX_new(void);
|
||||
|
||||
// CMAC_CTX_free frees a |CMAC_CTX|.
|
||||
OPENSSL_EXPORT void CMAC_CTX_free(CMAC_CTX *ctx);
|
||||
|
||||
// CMAC_CTX_copy sets |out| to be a duplicate of the current state |in|. It
|
||||
// returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
|
||||
|
||||
// CMAC_Init configures |ctx| to use the given |key| and |cipher|. The CMAC RFC
|
||||
// only specifies the use of AES-128 thus |key_len| should be 16 and |cipher|
|
||||
// should be |EVP_aes_128_cbc()|. However, this implementation also supports
|
||||
// AES-256 by setting |key_len| to 32 and |cipher| to |EVP_aes_256_cbc()|. The
|
||||
// |engine| argument is ignored.
|
||||
//
|
||||
// It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t key_len,
|
||||
const EVP_CIPHER *cipher, ENGINE *engine);
|
||||
|
||||
|
||||
// CMAC_Reset resets |ctx| so that a fresh message can be authenticated.
|
||||
OPENSSL_EXPORT int CMAC_Reset(CMAC_CTX *ctx);
|
||||
|
||||
// CMAC_Update processes |in_len| bytes of message from |in|. It returns one on
|
||||
// success or zero on error.
|
||||
OPENSSL_EXPORT int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len);
|
||||
|
||||
// CMAC_Final sets |*out_len| to 16 and, if |out| is not NULL, writes 16 bytes
|
||||
// of authenticator to it. It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// CMAC_CTX_get0_cipher_ctx returns a pointer to the |EVP_CIPHER_CTX| from |ctx|.
|
||||
OPENSSL_EXPORT EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(CMAC_CTX, CMAC_CTX_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_CMAC_H
|
||||
+144
@@ -0,0 +1,144 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_CONF_H
|
||||
#define OPENSSL_HEADER_CONF_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/lhash.h>
|
||||
#include <openssl/stack.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Config files.
|
||||
//
|
||||
// This library handles OpenSSL's config files, which look like:
|
||||
//
|
||||
// # Comment
|
||||
//
|
||||
// # This key is in the default section.
|
||||
// key=value
|
||||
//
|
||||
// [section_name]
|
||||
// key2=value2
|
||||
//
|
||||
// Config files are represented by a |CONF|. Use of this module is strongly
|
||||
// discouraged. It is a remnant of the OpenSSL command-line tool. Parsing an
|
||||
// untrusted input as a config file risks string injection and denial of service
|
||||
// vulnerabilities.
|
||||
|
||||
|
||||
struct conf_value_st {
|
||||
char *section;
|
||||
char *name;
|
||||
char *value;
|
||||
};
|
||||
|
||||
DEFINE_STACK_OF(CONF_VALUE)
|
||||
DECLARE_LHASH_OF(CONF_VALUE)
|
||||
|
||||
struct conf_st {
|
||||
LHASH_OF(CONF_VALUE) *data;
|
||||
};
|
||||
|
||||
// NCONF_new returns a fresh, empty |CONF|, or NULL on error. The |method|
|
||||
// argument must be NULL.
|
||||
OPENSSL_EXPORT CONF *NCONF_new(void *method);
|
||||
|
||||
// NCONF_free frees all the data owned by |conf| and then |conf| itself.
|
||||
OPENSSL_EXPORT void NCONF_free(CONF *conf);
|
||||
|
||||
// NCONF_load parses the file named |filename| and adds the values found to
|
||||
// |conf|. It returns one on success and zero on error. In the event of an
|
||||
// error, if |out_error_line| is not NULL, |*out_error_line| is set to the
|
||||
// number of the line that contained the error.
|
||||
OPENSSL_EXPORT int NCONF_load(CONF *conf, const char *filename,
|
||||
long *out_error_line);
|
||||
|
||||
// NCONF_load_bio acts like |NCONF_load| but reads from |bio| rather than from
|
||||
// a named file.
|
||||
OPENSSL_EXPORT int NCONF_load_bio(CONF *conf, BIO *bio, long *out_error_line);
|
||||
|
||||
// NCONF_get_section returns a stack of values for a given section in |conf|.
|
||||
// If |section| is NULL, the default section is returned. It returns NULL on
|
||||
// error.
|
||||
OPENSSL_EXPORT const STACK_OF(CONF_VALUE) *NCONF_get_section(
|
||||
const CONF *conf, const char *section);
|
||||
|
||||
// NCONF_get_string returns the value of the key |name|, in section |section|.
|
||||
// The |section| argument may be NULL to indicate the default section. It
|
||||
// returns the value or NULL on error.
|
||||
OPENSSL_EXPORT const char *NCONF_get_string(const CONF *conf,
|
||||
const char *section,
|
||||
const char *name);
|
||||
|
||||
|
||||
// General No-op Functions [Deprecated].
|
||||
//
|
||||
// AWS-LC has no support for loading config files to configure AWS-LC, so
|
||||
// the following functions have been deprecated as no-ops.
|
||||
|
||||
// These defines do nothing but are provided to make old code easier to
|
||||
// compile.
|
||||
#define CONF_MFLAGS_DEFAULT_SECTION 0
|
||||
#define CONF_MFLAGS_IGNORE_MISSING_FILE 0
|
||||
|
||||
// CONF_modules_load_file returns one. AWS-LC is defined to have no config
|
||||
// file options, thus loading from |filename| always succeeds by doing nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int CONF_modules_load_file(
|
||||
const char *filename, const char *appname, unsigned long flags);
|
||||
|
||||
// CONF_get1_default_config_file returns a fixed dummy string. AWS-LC is defined
|
||||
// to have no config file options.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED char *CONF_get1_default_config_file(void);
|
||||
|
||||
// CONF_modules_free does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CONF_modules_free(void);
|
||||
|
||||
// CONF_modules_unload does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CONF_modules_unload(int all);
|
||||
|
||||
// CONF_modules_finish does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CONF_modules_finish(void);
|
||||
|
||||
// OPENSSL_config does nothing. This has been deprecated since OpenSSL 1.1.0.
|
||||
//
|
||||
// TODO (CryptoAlg-2398): Add |OPENSSL_DEPRECATED|. nginx defines -Werror and
|
||||
// depends on this.
|
||||
OPENSSL_EXPORT void OPENSSL_config(const char *config_name);
|
||||
|
||||
// OPENSSL_no_config does nothing. This has been deprecated since OpenSSL
|
||||
// 1.1.0.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void OPENSSL_no_config(void);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(CONF, NCONF_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#define CONF_R_LIST_CANNOT_BE_NULL 100
|
||||
#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 101
|
||||
#define CONF_R_MISSING_EQUAL_SIGN 102
|
||||
#define CONF_R_NO_CLOSE_BRACE 103
|
||||
#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 104
|
||||
#define CONF_R_VARIABLE_HAS_NO_VALUE 105
|
||||
#define CONF_R_VARIABLE_EXPANSION_TOO_LONG 106
|
||||
#define CONF_R_VARIABLE_EXPANSION_NOT_SUPPORTED 107
|
||||
#define CONF_R_NO_CLOSE_QUOTE 108
|
||||
|
||||
#endif // OPENSSL_HEADER_THREAD_H
|
||||
+7
@@ -0,0 +1,7 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
// This header is provided for compatibility with older revisions of BoringSSL.
|
||||
// TODO(davidben): Remove this header.
|
||||
|
||||
#include "crypto.h"
|
||||
+211
@@ -0,0 +1,211 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_CRYPTO_H
|
||||
#define OPENSSL_HEADER_CRYPTO_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/sha.h>
|
||||
|
||||
// Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than
|
||||
// mem.h.
|
||||
#include <openssl/mem.h>
|
||||
|
||||
// Upstream OpenSSL defines |CRYPTO_LOCK|, etc., in crypto.h rather than
|
||||
// thread.h.
|
||||
#include <openssl/thread.h>
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// crypto.h contains functions for initializing the crypto library.
|
||||
|
||||
|
||||
// CRYPTO_library_init initializes the crypto library. It must be called if the
|
||||
// library is built with BORINGSSL_NO_STATIC_INITIALIZER. Otherwise, it does
|
||||
// nothing and a static initializer is used instead. It is safe to call this
|
||||
// function multiple times and concurrently from multiple threads.
|
||||
//
|
||||
// On some ARM configurations, this function may require filesystem access and
|
||||
// should be called before entering a sandbox.
|
||||
OPENSSL_EXPORT void CRYPTO_library_init(void);
|
||||
|
||||
// CRYPTO_is_confidential_build returns one if the linked version of BoringSSL
|
||||
// has been built with the BORINGSSL_CONFIDENTIAL define and zero otherwise.
|
||||
//
|
||||
// This is used by some consumers to identify whether they are using an
|
||||
// internal version of BoringSSL.
|
||||
OPENSSL_EXPORT int CRYPTO_is_confidential_build(void);
|
||||
|
||||
// CRYPTO_has_asm returns one unless BoringSSL was built with OPENSSL_NO_ASM,
|
||||
// in which case it returns zero.
|
||||
OPENSSL_EXPORT int CRYPTO_has_asm(void);
|
||||
|
||||
// BORINGSSL_self_test triggers the FIPS KAT-based self tests. It returns one on
|
||||
// success and zero on error.
|
||||
OPENSSL_EXPORT int BORINGSSL_self_test(void);
|
||||
|
||||
// BORINGSSL_integrity_test triggers the module's integrity test where the code
|
||||
// and data of the module is matched against a hash injected at build time. It
|
||||
// returns one on success or zero if there's a mismatch. This function only
|
||||
// exists if the module was built in FIPS mode without ASAN.
|
||||
OPENSSL_EXPORT int BORINGSSL_integrity_test(void);
|
||||
|
||||
// CRYPTO_pre_sandbox_init initializes the crypto library, pre-acquiring some
|
||||
// unusual resources to aid running in sandboxed environments. It is safe to
|
||||
// call this function multiple times and concurrently from multiple threads.
|
||||
//
|
||||
// For more details on using BoringSSL in a sandboxed environment, see
|
||||
// SANDBOXING.md in the source tree.
|
||||
OPENSSL_EXPORT void CRYPTO_pre_sandbox_init(void);
|
||||
|
||||
#if defined(OPENSSL_ARM) && defined(OPENSSL_LINUX) && \
|
||||
!defined(OPENSSL_STATIC_ARMCAP)
|
||||
// CRYPTO_has_broken_NEON returns zero.
|
||||
OPENSSL_EXPORT int CRYPTO_has_broken_NEON(void);
|
||||
|
||||
// CRYPTO_needs_hwcap2_workaround returns one if the ARMv8 AArch32 AT_HWCAP2
|
||||
// workaround was needed. See https://crbug.com/boringssl/46.
|
||||
OPENSSL_EXPORT int CRYPTO_needs_hwcap2_workaround(void);
|
||||
#endif // OPENSSL_ARM && OPENSSL_LINUX && !OPENSSL_STATIC_ARMCAP
|
||||
|
||||
// Data-Independent Timing (DIT) on AArch64
|
||||
#if defined(OPENSSL_AARCH64) && (defined(OPENSSL_LINUX) || defined(OPENSSL_APPLE))
|
||||
// (TODO): See if we can detect the DIT capability in Windows environment
|
||||
#define AARCH64_DIT_SUPPORTED
|
||||
#endif
|
||||
|
||||
#if defined(AARCH64_DIT_SUPPORTED)
|
||||
|
||||
// armv8_disable_dit is a runtime disabler of the DIT capability.
|
||||
// It results in CRYPTO_is_ARMv8_DIT_capable() returning 0 even if the
|
||||
// capability exists.
|
||||
// Important: This runtime control is provided to users that would use
|
||||
// the build flag ENABLE_DATA_INDEPENDENT_TIMING, but would
|
||||
// then disable DIT capability at runtime. This is ideally done in
|
||||
// an initialization routine of AWS-LC before any threads are spawn.
|
||||
// Otherwise, there may be data races created because this function writes
|
||||
// to |OPENSSL_armcap_P|.
|
||||
OPENSSL_EXPORT void armv8_disable_dit(void);
|
||||
|
||||
// armv8_enable_dit is a runtime enabler of the DIT capability. If
|
||||
// |armv8_disable_dit| was used to disable the DIT capability, this function
|
||||
// makes it available again.
|
||||
// Important: See note in |armv8_disable_dit|.
|
||||
OPENSSL_EXPORT void armv8_enable_dit(void);
|
||||
|
||||
#endif // AARCH64_DIT_SUPPORTED
|
||||
|
||||
// FIPS monitoring
|
||||
|
||||
// FIPS_mode returns zero unless BoringSSL is built with BORINGSSL_FIPS, in
|
||||
// which case it returns one.
|
||||
OPENSSL_EXPORT int FIPS_mode(void);
|
||||
|
||||
// FIPS_is_entropy_cpu_jitter returns 1 if CPU jitter is used as the entropy source
|
||||
// for AWS-LC. Otherwise, returns 0;
|
||||
OPENSSL_EXPORT int FIPS_is_entropy_cpu_jitter(void);
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// OPENSSL_VERSION_TEXT contains a string the identifies the version of
|
||||
// “OpenSSL”. node.js requires a version number in this text.
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 (compatible; AWS-LC " AWSLC_VERSION_NUMBER_STRING ")"
|
||||
|
||||
#define OPENSSL_VERSION 0
|
||||
#define OPENSSL_CFLAGS 1
|
||||
#define OPENSSL_BUILT_ON 2
|
||||
#define OPENSSL_PLATFORM 3
|
||||
#define OPENSSL_DIR 4
|
||||
|
||||
// OpenSSL_version is a compatibility function that returns the string
|
||||
// "AWS-LC" with the AWS-LC version number appended if |which| is
|
||||
// |OPENSSL_VERSION| and placeholder strings otherwise.
|
||||
OPENSSL_EXPORT const char *OpenSSL_version(int which);
|
||||
|
||||
#define SSLEAY_VERSION OPENSSL_VERSION
|
||||
#define SSLEAY_CFLAGS OPENSSL_CFLAGS
|
||||
#define SSLEAY_BUILT_ON OPENSSL_BUILT_ON
|
||||
#define SSLEAY_PLATFORM OPENSSL_PLATFORM
|
||||
#define SSLEAY_DIR OPENSSL_DIR
|
||||
|
||||
// SSLeay_version calls |OpenSSL_version|.
|
||||
OPENSSL_EXPORT const char *SSLeay_version(int which);
|
||||
|
||||
// SSLeay is a compatibility function that returns OPENSSL_VERSION_NUMBER from
|
||||
// base.h.
|
||||
OPENSSL_EXPORT unsigned long SSLeay(void);
|
||||
|
||||
// OpenSSL_version_num is a compatibility function that returns
|
||||
// OPENSSL_VERSION_NUMBER from base.h.
|
||||
OPENSSL_EXPORT unsigned long OpenSSL_version_num(void);
|
||||
|
||||
OPENSSL_EXPORT unsigned long awslc_api_version_num(void);
|
||||
|
||||
// CRYPTO_malloc_init returns one.
|
||||
OPENSSL_EXPORT int CRYPTO_malloc_init(void);
|
||||
|
||||
// OPENSSL_malloc_init returns one.
|
||||
OPENSSL_EXPORT int OPENSSL_malloc_init(void);
|
||||
|
||||
// ENGINE_load_builtin_engines does nothing.
|
||||
OPENSSL_DEPRECATED OPENSSL_EXPORT void ENGINE_load_builtin_engines(void);
|
||||
|
||||
// ENGINE_register_all_ciphers does nothing.
|
||||
OPENSSL_DEPRECATED OPENSSL_EXPORT void ENGINE_register_all_ciphers(void);
|
||||
|
||||
// ENGINE_register_all_digests does nothing.
|
||||
OPENSSL_DEPRECATED OPENSSL_EXPORT void ENGINE_register_all_digests(void);
|
||||
|
||||
// ENGINE_register_all_complete returns one.
|
||||
OPENSSL_DEPRECATED OPENSSL_EXPORT int ENGINE_register_all_complete(void);
|
||||
|
||||
// OPENSSL_load_builtin_modules does nothing.
|
||||
OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);
|
||||
|
||||
// AWS-LC does not support custom flags when initializing the library, these
|
||||
// values are included to simplify building other software that expects them.
|
||||
|
||||
#define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0
|
||||
#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0
|
||||
#define OPENSSL_INIT_ADD_ALL_CIPHERS 0
|
||||
#define OPENSSL_INIT_ADD_ALL_DIGESTS 0
|
||||
#define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0
|
||||
#define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0
|
||||
#define OPENSSL_INIT_LOAD_CONFIG 0
|
||||
#define OPENSSL_INIT_NO_LOAD_CONFIG 0
|
||||
#define OPENSSL_INIT_ENGINE_ALL_BUILTIN 0
|
||||
#define OPENSSL_INIT_ATFORK 0
|
||||
|
||||
// OPENSSL_init_crypto calls |CRYPTO_library_init| and returns one.
|
||||
OPENSSL_EXPORT int OPENSSL_init_crypto(uint64_t opts,
|
||||
const OPENSSL_INIT_SETTINGS *settings);
|
||||
|
||||
// OPENSSL_init does nothing.
|
||||
OPENSSL_EXPORT void OPENSSL_init(void);
|
||||
|
||||
// OPENSSL_cleanup does nothing.
|
||||
OPENSSL_EXPORT void OPENSSL_cleanup(void);
|
||||
|
||||
// FIPS_mode_set returns one if |on| matches whether BoringSSL was built with
|
||||
// |BORINGSSL_FIPS| and zero otherwise.
|
||||
OPENSSL_EXPORT int FIPS_mode_set(int on);
|
||||
|
||||
// CRYPTO_mem_ctrl intentionally does nothing and returns 0.
|
||||
// AWS-LC defines |OPENSSL_NO_CRYPTO_MDEBUG| by default.
|
||||
// These are related to memory debugging functionalities provided by OpenSSL,
|
||||
// but are not supported in AWS-LC.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_mem_ctrl(int mode);
|
||||
|
||||
#define CRYPTO_MEM_CHECK_ON 0
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_CRYPTO_H
|
||||
+72
@@ -0,0 +1,72 @@
|
||||
// Copyright (c) 2022, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_CTRDRBG_H
|
||||
#define OPENSSL_HEADER_CTRDRBG_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// FIPS pseudo-random number generator.
|
||||
|
||||
|
||||
// CTR-DRBG state objects.
|
||||
//
|
||||
// CTR_DRBG_STATE contains the state of a FIPS AES-CTR-based pseudo-random
|
||||
// number generator. If BoringSSL was built in FIPS mode then this is a FIPS
|
||||
// Approved algorithm.
|
||||
|
||||
// CTR_DRBG_ENTROPY_LEN is the number of bytes of input entropy. See SP
|
||||
// 800-90Ar1, table 3.
|
||||
#define CTR_DRBG_ENTROPY_LEN 48
|
||||
|
||||
// CTR_DRBG_MAX_GENERATE_LENGTH is the maximum number of bytes that can be
|
||||
// generated in a single call to |CTR_DRBG_generate|.
|
||||
#define CTR_DRBG_MAX_GENERATE_LENGTH 65536
|
||||
|
||||
// CTR_DRBG_new returns an initialized |CTR_DRBG_STATE|, or NULL if either
|
||||
// allocation failed or if |personalization_len| is invalid.
|
||||
OPENSSL_EXPORT CTR_DRBG_STATE *CTR_DRBG_new(
|
||||
const uint8_t entropy[CTR_DRBG_ENTROPY_LEN], const uint8_t *personalization,
|
||||
size_t personalization_len);
|
||||
|
||||
// CTR_DRBG_free frees |state| if non-NULL, or else does nothing.
|
||||
OPENSSL_EXPORT void CTR_DRBG_free(CTR_DRBG_STATE* state);
|
||||
|
||||
// CTR_DRBG_reseed reseeds |drbg| given |CTR_DRBG_ENTROPY_LEN| bytes of entropy
|
||||
// in |entropy| and, optionally, up to |CTR_DRBG_ENTROPY_LEN| bytes of
|
||||
// additional data. It returns one on success or zero on error. |entropy| and
|
||||
// |additional_data| must not alias.
|
||||
OPENSSL_EXPORT int CTR_DRBG_reseed(CTR_DRBG_STATE *drbg,
|
||||
const uint8_t entropy[CTR_DRBG_ENTROPY_LEN],
|
||||
const uint8_t *additional_data,
|
||||
size_t additional_data_len);
|
||||
|
||||
// CTR_DRBG_generate processes to up |CTR_DRBG_ENTROPY_LEN| bytes of additional
|
||||
// data (if any) and then writes |out_len| random bytes to |out|, where
|
||||
// |out_len| <= |CTR_DRBG_MAX_GENERATE_LENGTH|. It returns one on success or
|
||||
// zero on error.
|
||||
OPENSSL_EXPORT int CTR_DRBG_generate(CTR_DRBG_STATE *drbg, uint8_t *out,
|
||||
size_t out_len,
|
||||
const uint8_t *additional_data,
|
||||
size_t additional_data_len);
|
||||
|
||||
// CTR_DRBG_clear zeroises the state of |drbg|.
|
||||
OPENSSL_EXPORT void CTR_DRBG_clear(CTR_DRBG_STATE *drbg);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
BORINGSSL_MAKE_DELETER(CTR_DRBG_STATE, CTR_DRBG_free)
|
||||
BSSL_NAMESPACE_END
|
||||
} // extern C++
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_CTRDRBG_H
|
||||
+253
@@ -0,0 +1,253 @@
|
||||
// Copyright (c) 2015, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_CURVE25519_H
|
||||
#define OPENSSL_HEADER_CURVE25519_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Curve25519.
|
||||
//
|
||||
// Curve25519 is an elliptic curve. See https://tools.ietf.org/html/rfc7748.
|
||||
|
||||
|
||||
// X25519.
|
||||
//
|
||||
// X25519 is the Diffie-Hellman primitive built from curve25519. It is
|
||||
// sometimes referred to as “curve25519”, but “X25519” is a more precise name.
|
||||
// See http://cr.yp.to/ecdh.html and https://tools.ietf.org/html/rfc7748.
|
||||
|
||||
#define X25519_PRIVATE_KEY_LEN 32
|
||||
#define X25519_PUBLIC_VALUE_LEN 32
|
||||
#define X25519_SHARED_KEY_LEN 32
|
||||
|
||||
// X25519_keypair sets |out_public_value| and |out_private_key| to a freshly
|
||||
// generated, public–private key pair.
|
||||
OPENSSL_EXPORT void X25519_keypair(
|
||||
uint8_t out_public_value[X25519_PUBLIC_VALUE_LEN],
|
||||
uint8_t out_private_key[X25519_PRIVATE_KEY_LEN]);
|
||||
|
||||
// X25519 writes a shared key to |out_shared_key| that is calculated from the
|
||||
// given private key and the peer's public value. It returns one on success and
|
||||
// zero on error.
|
||||
//
|
||||
// Don't use the shared key directly, rather use a KDF and also include the two
|
||||
// public values as inputs.
|
||||
OPENSSL_EXPORT int X25519(uint8_t out_shared_key[X25519_SHARED_KEY_LEN],
|
||||
const uint8_t private_key[X25519_PRIVATE_KEY_LEN],
|
||||
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN]);
|
||||
|
||||
// X25519_public_from_private calculates a Diffie-Hellman public value from the
|
||||
// given private key and writes it to |out_public_value|.
|
||||
OPENSSL_EXPORT void X25519_public_from_private(
|
||||
uint8_t out_public_value[X25519_PUBLIC_VALUE_LEN],
|
||||
const uint8_t private_key[X25519_PRIVATE_KEY_LEN]);
|
||||
|
||||
|
||||
// Ed25519.
|
||||
//
|
||||
// Ed25519 is a signature scheme using a twisted-Edwards curve that is
|
||||
// birationally equivalent to curve25519.
|
||||
//
|
||||
// Note that, unlike RFC 8032's formulation, our private key representation
|
||||
// includes a public key suffix to make multiple key signing operations with the
|
||||
// same key more efficient. The RFC 8032 private key is referred to in this
|
||||
// implementation as the "seed" and is the first 32 bytes of our private key.
|
||||
|
||||
#define ED25519_PRIVATE_KEY_LEN 64
|
||||
#define ED25519_PRIVATE_KEY_SEED_LEN 32
|
||||
#define ED25519_PUBLIC_KEY_LEN 32
|
||||
#define ED25519_SIGNATURE_LEN 64
|
||||
#define ED25519_SEED_LEN 32
|
||||
|
||||
// ED25519_keypair sets |out_public_key| and |out_private_key| to a freshly
|
||||
// generated, public–private key pair.
|
||||
OPENSSL_EXPORT void ED25519_keypair(uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN],
|
||||
uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN]);
|
||||
|
||||
// ED25519_sign sets |out_sig| to be a signature of |message_len| bytes from
|
||||
// |message| using |private_key|. It returns one on success or zero on
|
||||
// allocation failure.
|
||||
OPENSSL_EXPORT int ED25519_sign(uint8_t out_sig[ED25519_SIGNATURE_LEN],
|
||||
const uint8_t *message, size_t message_len,
|
||||
const uint8_t private_key[ED25519_PRIVATE_KEY_LEN]);
|
||||
|
||||
// ED25519_verify returns one iff |signature| is a valid signature, by
|
||||
// |public_key| of |message_len| bytes from |message|. It returns zero
|
||||
// otherwise.
|
||||
OPENSSL_EXPORT int ED25519_verify(const uint8_t *message, size_t message_len,
|
||||
const uint8_t signature[ED25519_SIGNATURE_LEN],
|
||||
const uint8_t public_key[ED25519_PUBLIC_KEY_LEN]);
|
||||
|
||||
// ED25519ctx_sign sets |out_sig| to be a Ed25519ctx (RFC 8032) pure signature
|
||||
// of |message_len| bytes from |message| using |private_key|, and the provided
|
||||
// |context_len| bytes for |context|. |context_len| must be greater than zero,
|
||||
// but no more than 255. It returns one on success or zero on failure.
|
||||
OPENSSL_EXPORT int ED25519ctx_sign(
|
||||
uint8_t out_sig[ED25519_SIGNATURE_LEN],
|
||||
const uint8_t *message, size_t message_len,
|
||||
const uint8_t private_key[ED25519_PRIVATE_KEY_LEN],
|
||||
const uint8_t *context, size_t context_len);
|
||||
|
||||
// ED25519ctx_verify returns one iff |signature| is a valid Ed25519ctx pure
|
||||
// signature, by |public_key| of |message_len| bytes from |message|, and
|
||||
// |context_len| bytes from |context|. |context_len| must be greater than zero,
|
||||
// but no more than 255. It returns zero otherwise.
|
||||
OPENSSL_EXPORT int ED25519ctx_verify(const uint8_t *message, size_t message_len,
|
||||
const uint8_t signature[ED25519_SIGNATURE_LEN],
|
||||
const uint8_t public_key[ED25519_PUBLIC_KEY_LEN],
|
||||
const uint8_t *context, size_t context_len);
|
||||
|
||||
// ED25519ph_sign sets |out_sig| to be a Ed25519ph (RFC 8032) / HashEdDSA
|
||||
// signature of |message_len| bytes from |message| using |private_key|, and the
|
||||
// provided |context_len| bytes for |context|. |context_len| may be zero, but no
|
||||
// more than 255. It returns one on success or zero on failure.
|
||||
OPENSSL_EXPORT int ED25519ph_sign(
|
||||
uint8_t out_sig[ED25519_SIGNATURE_LEN],
|
||||
const uint8_t *message, size_t message_len,
|
||||
const uint8_t private_key[ED25519_PRIVATE_KEY_LEN],
|
||||
const uint8_t *context, size_t context_len);
|
||||
|
||||
// ED25519ph_verify returns one iff |signature| is a valid Ed25519ph (RFC 8032)
|
||||
// / HashEdDSA signature, by |public_key| of |message_len| bytes from |message|,
|
||||
// and |context_len| bytes from |context|. |context_len| may be zero, but no
|
||||
// more than 255. It returns zero otherwise.
|
||||
OPENSSL_EXPORT int ED25519ph_verify(const uint8_t *message, size_t message_len,
|
||||
const uint8_t signature[ED25519_SIGNATURE_LEN],
|
||||
const uint8_t public_key[ED25519_PUBLIC_KEY_LEN],
|
||||
const uint8_t *context, size_t context_len);
|
||||
|
||||
// ED25519ph_sign_digest sets |out_sig| to be a Ed25519ph (RFC 8032) / HashEdDSA
|
||||
// signature of a pre-computed SHA-512 message digest |digest| using
|
||||
// |private_key|, and the provided |context_len| bytes for |context|.
|
||||
// |context_len| may be zero, but no more than 255.
|
||||
// It returns one on success or zero on failure.
|
||||
OPENSSL_EXPORT int ED25519ph_sign_digest(
|
||||
uint8_t out_sig[ED25519_SIGNATURE_LEN],
|
||||
const uint8_t digest[64],
|
||||
const uint8_t private_key[ED25519_PRIVATE_KEY_LEN],
|
||||
const uint8_t *context, size_t context_len);
|
||||
|
||||
// ED25519ph_verify_digest returns one iff |signature| is a valid Ed25519ph (RFC
|
||||
// 8032) / HashEdDSA signature, by |public_key| of a pre-computed SHA-512
|
||||
// message digest |digest|, and |context_len| bytes from |context|.
|
||||
// |context_len| may be zero, but no more than 255.
|
||||
// It returns zero otherwise.
|
||||
OPENSSL_EXPORT int ED25519ph_verify_digest(const uint8_t digest[64],
|
||||
const uint8_t signature[ED25519_SIGNATURE_LEN],
|
||||
const uint8_t public_key[ED25519_PUBLIC_KEY_LEN],
|
||||
const uint8_t *context, size_t context_len);
|
||||
|
||||
// ED25519_keypair_from_seed calculates a public and private key from an
|
||||
// Ed25519 “seed”. Seed values are not exposed by this API (although they
|
||||
// happen to be the first 32 bytes of a private key) so this function is for
|
||||
// interoperating with systems that may store just a seed instead of a full
|
||||
// private key.
|
||||
OPENSSL_EXPORT void ED25519_keypair_from_seed(uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN],
|
||||
uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN],
|
||||
const uint8_t seed[ED25519_SEED_LEN]);
|
||||
|
||||
|
||||
// SPAKE2.
|
||||
//
|
||||
// SPAKE2 is a password-authenticated key-exchange. It allows two parties,
|
||||
// who share a low-entropy secret (i.e. password), to agree on a shared key.
|
||||
// An attacker can only make one guess of the password per execution of the
|
||||
// protocol.
|
||||
//
|
||||
// See https://tools.ietf.org/html/draft-irtf-cfrg-spake2-02.
|
||||
|
||||
// spake2_role_t enumerates the different “roles” in SPAKE2. The protocol
|
||||
// requires that the symmetry of the two parties be broken so one participant
|
||||
// must be “Alice” and the other be “Bob”.
|
||||
enum spake2_role_t {
|
||||
spake2_role_alice,
|
||||
spake2_role_bob
|
||||
};
|
||||
|
||||
// SPAKE2_CTX_new creates a new |SPAKE2_CTX| (which can only be used for a
|
||||
// single execution of the protocol). SPAKE2 requires the symmetry of the two
|
||||
// parties to be broken which is indicated via |my_role| – each party must pass
|
||||
// a different value for this argument.
|
||||
//
|
||||
// The |my_name| and |their_name| arguments allow optional, opaque names to be
|
||||
// bound into the protocol. For example MAC addresses, hostnames, usernames
|
||||
// etc. These values are not exposed and can avoid context-confusion attacks
|
||||
// when a password is shared between several devices.
|
||||
OPENSSL_EXPORT SPAKE2_CTX *SPAKE2_CTX_new(
|
||||
enum spake2_role_t my_role,
|
||||
const uint8_t *my_name, size_t my_name_len,
|
||||
const uint8_t *their_name, size_t their_name_len);
|
||||
|
||||
// SPAKE2_CTX_free frees |ctx| and all the resources that it has allocated.
|
||||
OPENSSL_EXPORT void SPAKE2_CTX_free(SPAKE2_CTX *ctx);
|
||||
|
||||
// SPAKE2_MAX_MSG_SIZE is the maximum size of a SPAKE2 message.
|
||||
#define SPAKE2_MAX_MSG_SIZE 32
|
||||
|
||||
// SPAKE2_generate_msg generates a SPAKE2 message given |password|, writes
|
||||
// it to |out| and sets |*out_len| to the number of bytes written.
|
||||
//
|
||||
// At most |max_out_len| bytes are written to |out| and, in order to ensure
|
||||
// success, |max_out_len| should be at least |SPAKE2_MAX_MSG_SIZE| bytes.
|
||||
//
|
||||
// This function can only be called once for a given |SPAKE2_CTX|.
|
||||
//
|
||||
// It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, size_t max_out_len,
|
||||
const uint8_t *password,
|
||||
size_t password_len);
|
||||
|
||||
// SPAKE2_MAX_KEY_SIZE is the maximum amount of key material that SPAKE2 will
|
||||
// produce.
|
||||
#define SPAKE2_MAX_KEY_SIZE 64
|
||||
|
||||
// SPAKE2_process_msg completes the SPAKE2 exchange given the peer's message in
|
||||
// |their_msg|, writes at most |max_out_key_len| bytes to |out_key| and sets
|
||||
// |*out_key_len| to the number of bytes written.
|
||||
//
|
||||
// The resulting keying material is suitable for:
|
||||
// - Using directly in a key-confirmation step: i.e. each side could
|
||||
// transmit a hash of their role, a channel-binding value and the key
|
||||
// material to prove to the other side that they know the shared key.
|
||||
// - Using as input keying material to HKDF to generate a variety of subkeys
|
||||
// for encryption etc.
|
||||
//
|
||||
// If |max_out_key_key| is smaller than the amount of key material generated
|
||||
// then the key is silently truncated. If you want to ensure that no truncation
|
||||
// occurs then |max_out_key| should be at least |SPAKE2_MAX_KEY_SIZE|.
|
||||
//
|
||||
// You must call |SPAKE2_generate_msg| on a given |SPAKE2_CTX| before calling
|
||||
// this function. On successful return, |ctx| is complete and calling
|
||||
// |SPAKE2_CTX_free| is the only acceptable operation on it.
|
||||
//
|
||||
// Returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key,
|
||||
size_t *out_key_len,
|
||||
size_t max_out_key_len,
|
||||
const uint8_t *their_msg,
|
||||
size_t their_msg_len);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(SPAKE2_CTX, SPAKE2_CTX_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_CURVE25519_H
|
||||
+113
@@ -0,0 +1,113 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_DES_H
|
||||
#define OPENSSL_HEADER_DES_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// DES.
|
||||
//
|
||||
// This module is deprecated and retained for legacy reasons only. It is slow
|
||||
// and may leak key material with timing or cache side channels. Moreover,
|
||||
// single-keyed DES is broken and can be brute-forced in under a day.
|
||||
//
|
||||
// Use a modern cipher, such as AES-GCM or ChaCha20-Poly1305, instead.
|
||||
|
||||
|
||||
typedef struct DES_cblock_st {
|
||||
uint8_t bytes[8];
|
||||
} DES_cblock;
|
||||
|
||||
typedef struct DES_cblock_st const_DES_cblock;
|
||||
|
||||
typedef struct DES_ks {
|
||||
uint32_t subkeys[16][2];
|
||||
} DES_key_schedule;
|
||||
|
||||
|
||||
#define DES_KEY_SZ (sizeof(DES_cblock))
|
||||
#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
|
||||
|
||||
#define DES_ENCRYPT 1
|
||||
#define DES_DECRYPT 0
|
||||
|
||||
#define DES_CBC_MODE 0
|
||||
#define DES_PCBC_MODE 1
|
||||
|
||||
// DES_is_weak_key checks if |key| is a weak or semi-weak key, see SP 800-67r2
|
||||
// section 3.3.2
|
||||
OPENSSL_EXPORT int DES_is_weak_key(const DES_cblock *key);
|
||||
|
||||
// DES_set_key checks that |key| is not weak and the parity before calling
|
||||
// |DES_set_key_unchecked|. The key schedule is always initialized, the checks
|
||||
// only affect the return value:
|
||||
// 0: key is not weak and has odd parity
|
||||
// -1: key is not odd
|
||||
// -2: key is a weak key, the parity might also be even
|
||||
OPENSSL_EXPORT int DES_set_key(const DES_cblock *key, DES_key_schedule *schedule);
|
||||
|
||||
// DES_set_key_unchecked performs a key schedule and initialises |schedule| with |key|.
|
||||
OPENSSL_EXPORT void DES_set_key_unchecked(const DES_cblock *key, DES_key_schedule *schedule);
|
||||
|
||||
// DES_key_sched calls |DES_set_key|.
|
||||
OPENSSL_EXPORT int DES_key_sched(const DES_cblock *key, DES_key_schedule *schedule);
|
||||
|
||||
// DES_set_odd_parity sets the parity bits (the least-significant bits in each
|
||||
// byte) of |key| given the other bits in each byte.
|
||||
OPENSSL_EXPORT void DES_set_odd_parity(DES_cblock *key);
|
||||
|
||||
// DES_ecb_encrypt encrypts (or decrypts, if |is_encrypt| is |DES_DECRYPT|) a
|
||||
// single DES block (8 bytes) from in to out, using the key configured in
|
||||
// |schedule|.
|
||||
OPENSSL_EXPORT void DES_ecb_encrypt(const DES_cblock *in, DES_cblock *out,
|
||||
const DES_key_schedule *schedule,
|
||||
int is_encrypt);
|
||||
|
||||
// DES_ncbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
|
||||
// bytes from |in| to |out| with DES in CBC mode.
|
||||
OPENSSL_EXPORT void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len,
|
||||
const DES_key_schedule *schedule,
|
||||
DES_cblock *ivec, int enc);
|
||||
|
||||
// DES_ecb3_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) a single
|
||||
// block (8 bytes) of data from |input| to |output| using 3DES.
|
||||
OPENSSL_EXPORT void DES_ecb3_encrypt(const DES_cblock *input,
|
||||
DES_cblock *output,
|
||||
const DES_key_schedule *ks1,
|
||||
const DES_key_schedule *ks2,
|
||||
const DES_key_schedule *ks3,
|
||||
int enc);
|
||||
|
||||
// DES_ede3_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
|
||||
// bytes from |in| to |out| with 3DES in CBC mode. 3DES uses three keys, thus
|
||||
// the function takes three different |DES_key_schedule|s.
|
||||
OPENSSL_EXPORT void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len,
|
||||
const DES_key_schedule *ks1,
|
||||
const DES_key_schedule *ks2,
|
||||
const DES_key_schedule *ks3,
|
||||
DES_cblock *ivec, int enc);
|
||||
|
||||
// DES_ede2_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len|
|
||||
// bytes from |in| to |out| with 3DES in CBC mode. With this keying option, the
|
||||
// first and third 3DES keys are identical. Thus, this function takes only two
|
||||
// different |DES_key_schedule|s.
|
||||
OPENSSL_EXPORT void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out,
|
||||
size_t len,
|
||||
const DES_key_schedule *ks1,
|
||||
const DES_key_schedule *ks2,
|
||||
DES_cblock *ivec, int enc);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_DES_H
|
||||
+364
@@ -0,0 +1,364 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_DH_H
|
||||
#define OPENSSL_HEADER_DH_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/thread.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// DH contains functions for performing Diffie-Hellman key agreement in
|
||||
// multiplicative groups.
|
||||
//
|
||||
// This module is deprecated and retained for legacy reasons only. It is not
|
||||
// considered a priority for performance or hardening work. Do not use it in
|
||||
// new code. Use X25519 or ECDH with P-256 instead.
|
||||
|
||||
|
||||
// Allocation and destruction.
|
||||
//
|
||||
// A |DH| object represents a Diffie-Hellman key or group parameters. A given
|
||||
// object may be used concurrently on multiple threads by non-mutating
|
||||
// functions, provided no other thread is concurrently calling a mutating
|
||||
// function. Unless otherwise documented, functions which take a |const| pointer
|
||||
// are non-mutating and functions which take a non-|const| pointer are mutating.
|
||||
|
||||
// DH_new returns a new, empty DH object or NULL on error.
|
||||
OPENSSL_EXPORT DH *DH_new(void);
|
||||
|
||||
// DH_new_by_nid returns the DH specified by |nid|, only NID_ffdhe2048, and
|
||||
// NID_ffdhe4096 are supported. All other values will return null.
|
||||
OPENSSL_EXPORT DH *DH_new_by_nid(int nid);
|
||||
|
||||
// DH_free decrements the reference count of |dh| and frees it if the reference
|
||||
// count drops to zero.
|
||||
OPENSSL_EXPORT void DH_free(DH *dh);
|
||||
|
||||
// DH_up_ref increments the reference count of |dh| and returns one. It does not
|
||||
// mutate |dh| for thread-safety purposes and may be used concurrently.
|
||||
OPENSSL_EXPORT int DH_up_ref(DH *dh);
|
||||
|
||||
|
||||
// Properties.
|
||||
|
||||
// DH_bits returns the size of |dh|'s group modulus, in bits.
|
||||
OPENSSL_EXPORT unsigned DH_bits(const DH *dh);
|
||||
|
||||
// DH_get0_pub_key returns |dh|'s public key.
|
||||
OPENSSL_EXPORT const BIGNUM *DH_get0_pub_key(const DH *dh);
|
||||
|
||||
// DH_get0_priv_key returns |dh|'s private key, or NULL if |dh| is a public key.
|
||||
OPENSSL_EXPORT const BIGNUM *DH_get0_priv_key(const DH *dh);
|
||||
|
||||
// DH_get0_p returns |dh|'s group modulus.
|
||||
OPENSSL_EXPORT const BIGNUM *DH_get0_p(const DH *dh);
|
||||
|
||||
// DH_get0_q returns the size of |dh|'s subgroup, or NULL if it is unset.
|
||||
OPENSSL_EXPORT const BIGNUM *DH_get0_q(const DH *dh);
|
||||
|
||||
// DH_get0_g returns |dh|'s group generator.
|
||||
OPENSSL_EXPORT const BIGNUM *DH_get0_g(const DH *dh);
|
||||
|
||||
// DH_get0_key sets |*out_pub_key| and |*out_priv_key|, if non-NULL, to |dh|'s
|
||||
// public and private key, respectively. If |dh| is a public key, the private
|
||||
// key will be set to NULL.
|
||||
OPENSSL_EXPORT void DH_get0_key(const DH *dh, const BIGNUM **out_pub_key,
|
||||
const BIGNUM **out_priv_key);
|
||||
|
||||
// DH_set0_key sets |dh|'s public and private key to the specified values. If
|
||||
// NULL, the field is left unchanged. On success, it takes ownership of each
|
||||
// argument and returns one. Otherwise, it returns zero.
|
||||
OPENSSL_EXPORT int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
|
||||
|
||||
// DH_get0_pqg sets |*out_p|, |*out_q|, and |*out_g|, if non-NULL, to |dh|'s p,
|
||||
// q, and g parameters, respectively.
|
||||
OPENSSL_EXPORT void DH_get0_pqg(const DH *dh, const BIGNUM **out_p,
|
||||
const BIGNUM **out_q, const BIGNUM **out_g);
|
||||
|
||||
// DH_set0_pqg sets |dh|'s p, q, and g parameters to the specified values. If
|
||||
// NULL, the field is left unchanged. On success, it takes ownership of each
|
||||
// argument and returns one. Otherwise, it returns zero. |q| may be NULL, but
|
||||
// |p| and |g| must either be specified or already configured on |dh|.
|
||||
OPENSSL_EXPORT int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
|
||||
|
||||
// DH_set_length sets the number of bits to use for the secret exponent when
|
||||
// calling |DH_generate_key| on |dh| and returns one. If unset,
|
||||
// |DH_generate_key| will use the bit length of p.
|
||||
OPENSSL_EXPORT int DH_set_length(DH *dh, unsigned priv_length);
|
||||
|
||||
|
||||
// Standard parameters.
|
||||
|
||||
// DH_get_rfc7919_2048 returns the group `ffdhe2048` from
|
||||
// https://tools.ietf.org/html/rfc7919#appendix-A.1. It returns NULL if out
|
||||
// of memory.
|
||||
OPENSSL_EXPORT DH *DH_get_rfc7919_2048(void);
|
||||
|
||||
// DH_get_rfc7919_4096 returns the group `ffdhe4096` from
|
||||
// https://tools.ietf.org/html/rfc7919#appendix-A.3. It returns NULL if out
|
||||
// of memory.
|
||||
OPENSSL_EXPORT DH *DH_get_rfc7919_4096(void);
|
||||
|
||||
// BN_get_rfc3526_prime_1536 sets |*ret| to the 1536-bit MODP group from RFC
|
||||
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
|
||||
// and returned. It returns NULL on allocation failure. The generator for this
|
||||
// group is 2.
|
||||
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *ret);
|
||||
|
||||
// BN_get_rfc3526_prime_2048 sets |*ret| to the 2048-bit MODP group from RFC
|
||||
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
|
||||
// and returned. It returns NULL on allocation failure. The generator for this
|
||||
// group is 2.
|
||||
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *ret);
|
||||
|
||||
// BN_get_rfc3526_prime_3072 sets |*ret| to the 3072-bit MODP group from RFC
|
||||
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
|
||||
// and returned. It returns NULL on allocation failure. The generator for this
|
||||
// group is 2.
|
||||
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *ret);
|
||||
|
||||
// BN_get_rfc3526_prime_4096 sets |*ret| to the 4096-bit MODP group from RFC
|
||||
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
|
||||
// and returned. It returns NULL on allocation failure. The generator for this
|
||||
// group is 2.
|
||||
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *ret);
|
||||
|
||||
// BN_get_rfc3526_prime_6144 sets |*ret| to the 6144-bit MODP group from RFC
|
||||
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
|
||||
// and returned. It returns NULL on allocation failure. The generator for this
|
||||
// group is 2.
|
||||
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *ret);
|
||||
|
||||
// BN_get_rfc3526_prime_8192 sets |*ret| to the 8192-bit MODP group from RFC
|
||||
// 3526 and returns |ret|. If |ret| is NULL then a fresh |BIGNUM| is allocated
|
||||
// and returned. It returns NULL on allocation failure. The generator for this
|
||||
// group is 2.
|
||||
OPENSSL_EXPORT BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *ret);
|
||||
|
||||
|
||||
// Parameter generation.
|
||||
|
||||
#define DH_GENERATOR_2 2
|
||||
#define DH_GENERATOR_5 5
|
||||
|
||||
// DH_generate_parameters_ex generates a suitable Diffie-Hellman group with a
|
||||
// prime that is |prime_bits| long and stores it in |dh|. The generator of the
|
||||
// group will be |generator|, which should be |DH_GENERATOR_2| unless there's a
|
||||
// good reason to use a different value. The |cb| argument contains a callback
|
||||
// function that will be called during the generation. See the documentation in
|
||||
// |bn.h| about this. In addition to the callback invocations from |BN|, |cb|
|
||||
// will also be called with |event| equal to three when the generation is
|
||||
// complete.
|
||||
OPENSSL_EXPORT int DH_generate_parameters_ex(DH *dh, int prime_bits,
|
||||
int generator, BN_GENCB *cb);
|
||||
|
||||
|
||||
// Diffie-Hellman operations.
|
||||
|
||||
// DH_generate_key generates a new, random, private key and stores it in
|
||||
// |dh|, if |dh| does not already have a private key. Otherwise, it updates
|
||||
// |dh|'s public key to match the private key. It returns one on success and
|
||||
// zero on error.
|
||||
OPENSSL_EXPORT int DH_generate_key(DH *dh);
|
||||
|
||||
// DH_compute_key_padded calculates the shared key between |dh| and |peers_key|
|
||||
// and writes it as a big-endian integer into |out|, padded up to |DH_size|
|
||||
// bytes. It returns the number of bytes written, which is always |DH_size|, or
|
||||
// a negative number on error. |out| must have |DH_size| bytes of space.
|
||||
//
|
||||
// WARNING: this differs from the usual BoringSSL return-value convention.
|
||||
//
|
||||
// Note this function differs from |DH_compute_key| in that it preserves leading
|
||||
// zeros in the secret. This function is the preferred variant. It matches PKCS
|
||||
// #3 and avoids some side channel attacks. However, the two functions are not
|
||||
// drop-in replacements for each other. Using a different variant than the
|
||||
// application expects will result in sporadic key mismatches.
|
||||
//
|
||||
// Callers that expect a fixed-width secret should use this function over
|
||||
// |DH_compute_key|. Callers that use either function should migrate to a modern
|
||||
// primitive such as X25519 or ECDH with P-256 instead.
|
||||
//
|
||||
// This function does not mutate |dh| for thread-safety purposes and may be used
|
||||
// concurrently.
|
||||
OPENSSL_EXPORT int DH_compute_key_padded(uint8_t *out, const BIGNUM *peers_key,
|
||||
DH *dh);
|
||||
|
||||
// DH_compute_key_hashed calculates the shared key between |dh| and |peers_key|
|
||||
// and hashes it with the given |digest|. If the hash output is less than
|
||||
// |max_out_len| bytes then it writes the hash output to |out| and sets
|
||||
// |*out_len| to the number of bytes written. Otherwise it signals an error. It
|
||||
// returns one on success or zero on error.
|
||||
//
|
||||
// NOTE: this follows the usual BoringSSL return-value convention, but that's
|
||||
// different from |DH_compute_key| and |DH_compute_key_padded|.
|
||||
//
|
||||
// This function does not mutate |dh| for thread-safety purposes and may be used
|
||||
// concurrently.
|
||||
OPENSSL_EXPORT int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len,
|
||||
size_t max_out_len,
|
||||
const BIGNUM *peers_key,
|
||||
const EVP_MD *digest);
|
||||
|
||||
|
||||
// Utility functions.
|
||||
|
||||
// DH_size returns the number of bytes in the DH group's prime.
|
||||
OPENSSL_EXPORT int DH_size(const DH *dh);
|
||||
|
||||
// DH_num_bits returns the minimum number of bits needed to represent the
|
||||
// absolute value of the DH group's prime.
|
||||
OPENSSL_EXPORT unsigned DH_num_bits(const DH *dh);
|
||||
|
||||
#define DH_CHECK_P_NOT_PRIME 0x01
|
||||
#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
|
||||
#define DH_CHECK_UNABLE_TO_CHECK_GENERATOR 0x04
|
||||
#define DH_CHECK_NOT_SUITABLE_GENERATOR 0x08
|
||||
#define DH_CHECK_Q_NOT_PRIME 0x10
|
||||
#define DH_CHECK_INVALID_Q_VALUE 0x20
|
||||
|
||||
// These are compatibility defines.
|
||||
#define DH_NOT_SUITABLE_GENERATOR DH_CHECK_NOT_SUITABLE_GENERATOR
|
||||
#define DH_UNABLE_TO_CHECK_GENERATOR DH_CHECK_UNABLE_TO_CHECK_GENERATOR
|
||||
|
||||
// DH_check checks the suitability of |dh| as a Diffie-Hellman group. and sets
|
||||
// |DH_CHECK_*| flags in |*out_flags| if it finds any errors. It returns one if
|
||||
// |*out_flags| was successfully set and zero on error.
|
||||
//
|
||||
// Note: these checks may be quite computationally expensive.
|
||||
OPENSSL_EXPORT int DH_check(const DH *dh, int *out_flags);
|
||||
|
||||
#define DH_CHECK_PUBKEY_TOO_SMALL 0x1
|
||||
#define DH_CHECK_PUBKEY_TOO_LARGE 0x2
|
||||
#define DH_CHECK_PUBKEY_INVALID 0x4
|
||||
|
||||
// DH_check_pub_key checks the suitability of |pub_key| as a public key for the
|
||||
// DH group in |dh| and sets |DH_CHECK_PUBKEY_*| flags in |*out_flags| if it
|
||||
// finds any errors. It returns one if |*out_flags| was successfully set and
|
||||
// zero on error.
|
||||
OPENSSL_EXPORT int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key,
|
||||
int *out_flags);
|
||||
|
||||
// DHparams_dup allocates a fresh |DH| and copies the parameters from |dh| into
|
||||
// it. It returns the new |DH| or NULL on error.
|
||||
OPENSSL_EXPORT DH *DHparams_dup(const DH *dh);
|
||||
|
||||
|
||||
// ASN.1 functions.
|
||||
|
||||
// DH_parse_parameters decodes a DER-encoded DHParameter structure (PKCS #3)
|
||||
// from |cbs| and advances |cbs|. It returns a newly-allocated |DH| or NULL on
|
||||
// error.
|
||||
OPENSSL_EXPORT DH *DH_parse_parameters(CBS *cbs);
|
||||
|
||||
// DH_marshal_parameters marshals |dh| as a DER-encoded DHParameter structure
|
||||
// (PKCS #3) and appends the result to |cbb|. It returns one on success and zero
|
||||
// on error.
|
||||
OPENSSL_EXPORT int DH_marshal_parameters(CBB *cbb, const DH *dh);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// DH_generate_parameters behaves like |DH_generate_parameters_ex|, which is
|
||||
// what you should use instead. It returns NULL on error, or a newly-allocated
|
||||
// |DH| on success. This function is provided for compatibility only.
|
||||
OPENSSL_EXPORT DH *DH_generate_parameters(int prime_len, int generator,
|
||||
void (*callback)(int, int, void *),
|
||||
void *cb_arg);
|
||||
|
||||
// d2i_DHparams parses a DER-encoded DHParameter structure (PKCS #3) from |len|
|
||||
// bytes at |*inp|, as in |d2i_SAMPLE|.
|
||||
//
|
||||
// Use |DH_parse_parameters| instead.
|
||||
OPENSSL_EXPORT DH *d2i_DHparams(DH **ret, const unsigned char **inp, long len);
|
||||
|
||||
// i2d_DHparams marshals |in| to a DER-encoded DHParameter structure (PKCS #3),
|
||||
// as described in |i2d_SAMPLE|.
|
||||
//
|
||||
// Use |DH_marshal_parameters| instead.
|
||||
OPENSSL_EXPORT int i2d_DHparams(const DH *in, unsigned char **outp);
|
||||
|
||||
// DH_compute_key behaves like |DH_compute_key_padded| but, contrary to PKCS #3,
|
||||
// returns a variable-length shared key with leading zeros. It returns the
|
||||
// number of bytes written, or a negative number on error. |out| must have
|
||||
// |DH_size| bytes of space.
|
||||
//
|
||||
// WARNING: this differs from the usual BoringSSL return-value convention.
|
||||
//
|
||||
// Note this function's running time and memory access pattern leaks information
|
||||
// about the shared secret. Particularly if |dh| is reused, this may result in
|
||||
// side channel attacks such as https://raccoon-attack.com/.
|
||||
//
|
||||
// |DH_compute_key_padded| is the preferred variant and avoids the above
|
||||
// attacks. However, the two functions are not drop-in replacements for each
|
||||
// other. Using a different variant than the application expects will result in
|
||||
// sporadic key mismatches.
|
||||
//
|
||||
// Callers that expect a fixed-width secret should use |DH_compute_key_padded|
|
||||
// instead. Callers that use either function should migrate to a modern
|
||||
// primitive such as X25519 or ECDH with P-256 instead.
|
||||
//
|
||||
// This function does not mutate |dh| for thread-safety purposes and may be used
|
||||
// concurrently.
|
||||
OPENSSL_EXPORT int DH_compute_key(uint8_t *out, const BIGNUM *peers_key,
|
||||
DH *dh);
|
||||
|
||||
// DH_get_2048_256 returns the 2048-bit MODP Group with 256-bit Prime Order
|
||||
// Subgroup from RFC 5114. This function returns a new DH object with standard
|
||||
// parameters. It returns NULL on allocation failure.
|
||||
//
|
||||
// Warning: 2048-256 is no longer an optimal parameter for Diffie-Hellman. No
|
||||
// one should use finite field Diffie-Hellman anymore.
|
||||
// This function has been deprecated with no replacement.
|
||||
OPENSSL_EXPORT DH *DH_get_2048_256(void);
|
||||
|
||||
|
||||
// General No-op Functions [Deprecated].
|
||||
|
||||
// DH_clear_flags does nothing and is included to simplify compiling code that
|
||||
// expects it.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void DH_clear_flags(DH *dh, int flags);
|
||||
|
||||
// DH_FLAG_CACHE_MONT_P is not supported by AWS-LC and is included to simplify
|
||||
// compiling code that expects it. This flag controls if the DH APIs should
|
||||
// cache the montgomery form of the prime to speed up multiplication at the cost
|
||||
// of increasing memory storage. AWS-LC always does this and does not support
|
||||
// turning this option off.
|
||||
//
|
||||
// NOTE: This is also on by default in OpenSSL.
|
||||
#define DH_FLAG_CACHE_MONT_P 0
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(DH, DH_free)
|
||||
BORINGSSL_MAKE_UP_REF(DH, DH_up_ref)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#define DH_R_BAD_GENERATOR 100
|
||||
#define DH_R_INVALID_PUBKEY 101
|
||||
#define DH_R_MODULUS_TOO_LARGE 102
|
||||
#define DH_R_NO_PRIVATE_VALUE 103
|
||||
#define DH_R_DECODE_ERROR 104
|
||||
#define DH_R_ENCODE_ERROR 105
|
||||
#define DH_R_INVALID_NID 106
|
||||
#define DH_R_INVALID_PARAMETERS 107
|
||||
|
||||
#define DH_F_DH_BUILTIN_GENPARAMS 0
|
||||
|
||||
#endif // OPENSSL_HEADER_DH_H
|
||||
+375
@@ -0,0 +1,375 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_DIGEST_H
|
||||
#define OPENSSL_HEADER_DIGEST_H
|
||||
|
||||
#include <stdbool.h>
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// Digest functions.
|
||||
//
|
||||
// An EVP_MD abstracts the details of a specific hash function allowing code to
|
||||
// deal with the concept of a "hash function" without needing to know exactly
|
||||
// which hash function it is.
|
||||
|
||||
|
||||
// Hash algorithms.
|
||||
//
|
||||
// The following functions return |EVP_MD| objects that implement the named hash
|
||||
// function.
|
||||
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_md4(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_md5(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_ripemd160(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha1(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha224(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha256(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha384(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha512(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha512_224(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha512_256(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha3_224(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha3_256(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha3_384(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_sha3_512(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_shake128(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_shake256(void);
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_blake2b256(void);
|
||||
|
||||
// EVP_md5_sha1 is a TLS-specific |EVP_MD| which computes the concatenation of
|
||||
// MD5 and SHA-1, as used in TLS 1.1 and below.
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_md5_sha1(void);
|
||||
|
||||
// EVP_get_digestbynid returns an |EVP_MD| for the given NID, or NULL if no
|
||||
// such digest is known.
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_get_digestbynid(int nid);
|
||||
|
||||
// EVP_get_digestbyobj returns an |EVP_MD| for the given |ASN1_OBJECT|, or NULL
|
||||
// if no such digest is known.
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *obj);
|
||||
|
||||
|
||||
// Digest contexts.
|
||||
//
|
||||
// An EVP_MD_CTX represents the state of a specific digest operation in
|
||||
// progress.
|
||||
|
||||
// EVP_MD_CTX_init initialises an, already allocated, |EVP_MD_CTX|. This is the
|
||||
// same as setting the structure to zero.
|
||||
OPENSSL_EXPORT void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
|
||||
|
||||
// EVP_MD_CTX_new allocates and initialises a fresh |EVP_MD_CTX| and returns
|
||||
// it, or NULL on allocation failure. The caller must use |EVP_MD_CTX_free| to
|
||||
// release the resulting object.
|
||||
OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_new(void);
|
||||
|
||||
// EVP_MD_CTX_cleanup frees any resources owned by |ctx| and resets it to a
|
||||
// freshly initialised state. It does not free |ctx| itself. It returns one.
|
||||
OPENSSL_EXPORT int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
|
||||
|
||||
// EVP_MD_CTX_cleanse zeros the digest state in |ctx| and then performs the
|
||||
// actions of |EVP_MD_CTX_cleanup|. Note that some |EVP_MD_CTX| objects contain
|
||||
// more than just a digest (e.g. those resulting from |EVP_DigestSignInit|) but
|
||||
// this function does not zero out more than just the digest state even in that
|
||||
// case.
|
||||
OPENSSL_EXPORT void EVP_MD_CTX_cleanse(EVP_MD_CTX *ctx);
|
||||
|
||||
// EVP_MD_CTX_free calls |EVP_MD_CTX_cleanup| and then frees |ctx| itself.
|
||||
OPENSSL_EXPORT void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
|
||||
|
||||
// EVP_MD_CTX_copy_ex sets |out|, which must already be initialised, to be a
|
||||
// copy of |in|. It returns one on success and zero on allocation failure.
|
||||
OPENSSL_EXPORT int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
|
||||
|
||||
// EVP_MD_CTX_move sets |out|, which must already be initialised, to the hash
|
||||
// state in |in|. |in| is mutated and left in an empty state.
|
||||
OPENSSL_EXPORT void EVP_MD_CTX_move(EVP_MD_CTX *out, EVP_MD_CTX *in);
|
||||
|
||||
// EVP_MD_CTX_reset calls |EVP_MD_CTX_cleanup| followed by |EVP_MD_CTX_init|. It
|
||||
// returns one.
|
||||
OPENSSL_EXPORT int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
|
||||
|
||||
|
||||
// Digest operations.
|
||||
|
||||
// EVP_DigestInit_ex configures |ctx|, which must already have been
|
||||
// initialised, for a fresh hashing operation using |type|. It returns one on
|
||||
// success and zero on allocation failure.
|
||||
//
|
||||
// On failure, |ctx| must be released with |EVP_MD_CTX_[cleanup,free]|.
|
||||
OPENSSL_EXPORT int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
|
||||
ENGINE *engine);
|
||||
|
||||
// EVP_DigestInit acts like |EVP_DigestInit_ex| except that |ctx| is
|
||||
// initialised before use.
|
||||
OPENSSL_EXPORT int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
|
||||
|
||||
// EVP_DigestUpdate hashes |len| bytes from |data| into the hashing operation
|
||||
// in |ctx|. It returns one.
|
||||
OPENSSL_EXPORT int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
|
||||
size_t len);
|
||||
|
||||
// EVP_MAX_MD_SIZE is the largest digest size supported, in bytes.
|
||||
// Functions that output a digest generally require the buffer have
|
||||
// at least this much space.
|
||||
#define EVP_MAX_MD_SIZE 64 // SHA-512 is the longest so far.
|
||||
|
||||
// EVP_MAX_MD_CHAINING_LENGTH is the largest chaining length supported, in
|
||||
// bytes. This constant is only for Merkle-Damgard-based hashed functions
|
||||
// like SHA-1, SHA-2, and MD5. The chaining length is defined as the output
|
||||
// length of the hash in bytes, before any truncation (e.g., 32 for SHA-224 and
|
||||
// SHA-256, 64 for SHA-384 and SHA-512).
|
||||
// This constant is only used internally by HMAC.
|
||||
#define EVP_MAX_MD_CHAINING_LENGTH 64 // SHA-512 has the longest chaining length so far
|
||||
|
||||
// EVP_MAX_MD_BLOCK_SIZE is the largest digest block size supported, in
|
||||
// bytes.
|
||||
#define EVP_MAX_MD_BLOCK_SIZE 144 // SHA3-224 has the largest block size so far
|
||||
|
||||
// EVP_DigestFinal_ex finishes the digest in |ctx| and writes the output to
|
||||
// |md_out|. |EVP_MD_CTX_size| bytes are written, which is at most
|
||||
// |EVP_MAX_MD_SIZE|. If |out_size| is not NULL then |*out_size| is set to the
|
||||
// number of bytes written. It returns one. After this call, the hash cannot be
|
||||
// updated or finished again until |EVP_DigestInit_ex| is called to start
|
||||
// another hashing operation.
|
||||
OPENSSL_EXPORT int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, uint8_t *md_out,
|
||||
unsigned int *out_size);
|
||||
|
||||
// EVP_DigestFinal acts like |EVP_DigestFinal_ex| except that
|
||||
// |EVP_MD_CTX_cleanup| is called on |ctx| before returning.
|
||||
OPENSSL_EXPORT int EVP_DigestFinal(EVP_MD_CTX *ctx, uint8_t *md_out,
|
||||
unsigned int *out_size);
|
||||
|
||||
// EVP_Digest performs a complete hashing operation in one call. It hashes |len|
|
||||
// bytes from |data| and writes the digest to |md_out|. |EVP_MD_CTX_size| bytes
|
||||
// are written, which is at most |EVP_MAX_MD_SIZE|. If |out_size| is not NULL
|
||||
// then |*out_size| is set to the number of bytes written. It returns one on
|
||||
// success and zero otherwise. If |type| is an XOF, |out_size| must be set to
|
||||
// the desired output length.
|
||||
OPENSSL_EXPORT int EVP_Digest(const void *data, size_t len, uint8_t *md_out,
|
||||
unsigned int *out_size, const EVP_MD *type,
|
||||
ENGINE *impl);
|
||||
|
||||
|
||||
// Digest function accessors.
|
||||
//
|
||||
// These functions allow code to learn details about an abstract hash
|
||||
// function.
|
||||
|
||||
// EVP_MD_type returns a NID identifying |md|. (For example, |NID_sha256|.)
|
||||
OPENSSL_EXPORT int EVP_MD_type(const EVP_MD *md);
|
||||
|
||||
// EVP_MD_flags returns the flags for |md|, which is a set of |EVP_MD_FLAG_*|
|
||||
// values, ORed together.
|
||||
OPENSSL_EXPORT uint32_t EVP_MD_flags(const EVP_MD *md);
|
||||
|
||||
// EVP_MD_size returns the digest size of |md|, in bytes.
|
||||
OPENSSL_EXPORT size_t EVP_MD_size(const EVP_MD *md);
|
||||
|
||||
// EVP_MD_block_size returns the native block-size of |md|, in bytes.
|
||||
OPENSSL_EXPORT size_t EVP_MD_block_size(const EVP_MD *md);
|
||||
|
||||
// EVP_MD_FLAG_DIGALGID_ABSENT indicates that the parameter type in an X.509
|
||||
// DigestAlgorithmIdentifier representing this digest function should be
|
||||
// undefined rather than NULL.
|
||||
#define EVP_MD_FLAG_DIGALGID_ABSENT 2
|
||||
|
||||
// EVP_MD_FLAG_XOF indicates that the digest is an extensible-output function
|
||||
// (XOF).
|
||||
#define EVP_MD_FLAG_XOF 4
|
||||
|
||||
|
||||
// Digest operation accessors.
|
||||
|
||||
// EVP_MD_CTX_md returns the underlying digest function, or NULL if one has not
|
||||
// been set.
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
|
||||
|
||||
// EVP_MD_CTX_size returns the digest size of |ctx|, in bytes. It
|
||||
// will crash if a digest hasn't been set on |ctx|.
|
||||
OPENSSL_EXPORT size_t EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
|
||||
|
||||
// EVP_MD_CTX_block_size returns the block size of the digest function used by
|
||||
// |ctx|, in bytes. It will crash if a digest hasn't been set on |ctx|.
|
||||
OPENSSL_EXPORT size_t EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
|
||||
|
||||
// EVP_MD_CTX_type returns a NID describing the digest function used by |ctx|.
|
||||
// (For example, |NID_sha256|.) It will crash if a digest hasn't been set on
|
||||
// |ctx|.
|
||||
OPENSSL_EXPORT int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
|
||||
|
||||
|
||||
// ASN.1 functions.
|
||||
//
|
||||
// These functions allow code to parse and serialize AlgorithmIdentifiers for
|
||||
// hash functions.
|
||||
|
||||
// EVP_parse_digest_algorithm parses an AlgorithmIdentifier structure containing
|
||||
// a hash function OID (for example, 2.16.840.1.101.3.4.2.1 is SHA-256) and
|
||||
// advances |cbs|. The parameters field may either be omitted or a NULL. It
|
||||
// returns the digest function or NULL on error.
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_parse_digest_algorithm(CBS *cbs);
|
||||
|
||||
// EVP_marshal_digest_algorithm marshals |md| as an AlgorithmIdentifier
|
||||
// structure and appends the result to |cbb|. It returns one on success and zero
|
||||
// on error.
|
||||
OPENSSL_EXPORT int EVP_marshal_digest_algorithm(CBB *cbb, const EVP_MD *md);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// EVP_MD_CTX_copy sets |out|, which must /not/ be initialised, to be a copy of
|
||||
// |in|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
|
||||
|
||||
// EVP_get_digestbyname returns an |EVP_MD| given a human readable name in
|
||||
// |name|, or NULL if the name is unknown.
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyname(const char *);
|
||||
|
||||
// EVP_MD_CTX_create calls |EVP_MD_CTX_new|.
|
||||
OPENSSL_EXPORT EVP_MD_CTX *EVP_MD_CTX_create(void);
|
||||
|
||||
// EVP_MD_CTX_destroy calls |EVP_MD_CTX_free|.
|
||||
OPENSSL_EXPORT void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
|
||||
|
||||
// EVP_DigestFinalXOF behaves like |EVP_DigestFinal| for XOF digests, writing
|
||||
// |len| bytes of extended output to |out|.
|
||||
OPENSSL_EXPORT int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, uint8_t *out,
|
||||
size_t len);
|
||||
|
||||
// EVP_DigestSqueeze provides byte-wise streaming XOF output generation for
|
||||
// XOF digests, writing |len| bytes of extended output to |out|. It can be
|
||||
// called multiple times with arbitrary length |len| output requests.
|
||||
// It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int EVP_DigestSqueeze(EVP_MD_CTX *ctx, uint8_t *out,
|
||||
size_t len);
|
||||
|
||||
// EVP_MD_meth_get_flags calls |EVP_MD_flags|.
|
||||
OPENSSL_EXPORT uint32_t EVP_MD_meth_get_flags(const EVP_MD *md);
|
||||
|
||||
// EVP_MD_nid calls |EVP_MD_type|.
|
||||
OPENSSL_EXPORT int EVP_MD_nid(const EVP_MD *md);
|
||||
|
||||
// EVP_MD_CTX_set_pkey_ctx sets |ctx|'s |EVP_PKEY_CTX| reference to |pctx|.
|
||||
// The |EVP_PKEY_CTX| object |pctx| needs to have been initialised before
|
||||
// associating it with |ctx|. The hash functions associated to |ctx| and |pctx|
|
||||
// must be equal. Once |EVP_MD_CTX_set_pkey_ctx| is called, the caller is
|
||||
// responsible for freeing |pctx|. Calling |EVP_MD_CTX_cleanup| will not free
|
||||
// |pctx|.
|
||||
//
|
||||
// A NULL |pctx| pointer is also allowed to set the |EVP_PKEY_CTX| reference
|
||||
// inside |ctx| to NULL. However, even when doing so, the caller is still
|
||||
// responsible for freeing the |pctx| pointer that had originally been
|
||||
// associated.
|
||||
//
|
||||
// |EVP_MD_CTX_set_pkey_ctx| will overwrite any |EVP_PKEY_CTX| object associated
|
||||
// to |ctx|. If it was not associated through a previous
|
||||
// |EVP_MD_CTX_set_pkey_ctx| call, it will be freed first.
|
||||
OPENSSL_EXPORT void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx,
|
||||
EVP_PKEY_CTX *pctx);
|
||||
|
||||
// EVP_MD_CTX_get_pkey_ctx returns the pointer of |ctx|'s |EVP_PKEY_CTX|.
|
||||
OPENSSL_EXPORT EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx);
|
||||
|
||||
// EVP_MD_CTX_pkey_ctx is a legacy alias of |EVP_MD_CTX_get_pkey_ctx|.
|
||||
OPENSSL_EXPORT EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
|
||||
|
||||
struct evp_md_pctx_ops;
|
||||
|
||||
// env_md_ctx_st is typoed ("evp" -> "env"), but the typo comes from OpenSSL
|
||||
// and some consumers forward-declare these structures so we're leaving it
|
||||
// alone.
|
||||
struct env_md_ctx_st {
|
||||
// digest is the underlying digest function, or NULL if not set.
|
||||
const EVP_MD *digest;
|
||||
// md_data points to a block of memory that contains the hash-specific
|
||||
// context.
|
||||
void *md_data;
|
||||
|
||||
// update is usually copied from |digest->update|. This is only different
|
||||
// when consumed through |EVP_PKEY_HMAC|.
|
||||
// TODO: Look into untangling this, so that |EVP_PKEY_HMAC| can directly call
|
||||
// |digest->update|. |digest->update| operates against |md_data| above, but
|
||||
// |HMAC_CTX| maintains its own data state in |HMAC_CTX->md_ctx|.
|
||||
// |HMAC_Update| also has an additional state transition to handle.
|
||||
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
|
||||
|
||||
// pctx is an opaque (at this layer) pointer to additional context that
|
||||
// EVP_PKEY functions may store in this object.
|
||||
EVP_PKEY_CTX *pctx;
|
||||
|
||||
// pctx_ops, if not NULL, points to a vtable that contains functions to
|
||||
// manipulate |pctx|.
|
||||
const struct evp_md_pctx_ops *pctx_ops;
|
||||
|
||||
// flags is only used for two cases.
|
||||
// 1. Set flag |EVP_MD_CTX_FLAG_KEEP_PKEY_CTX|, so as to let |*pctx| refrain
|
||||
// from being freed when |*pctx| was set externally with
|
||||
// |EVP_MD_CTX_set_pkey_ctx|.
|
||||
// 2. Set flag |EVP_MD_CTX_HMAC| for |EVP_PKEY_HMAC|.
|
||||
unsigned long flags;
|
||||
} /* EVP_MD_CTX */;
|
||||
|
||||
|
||||
// General No-op Functions [Deprecated].
|
||||
|
||||
// EVP_MD_unstable_sha3_enable is a no-op as SHA3 is always enabled.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void EVP_MD_unstable_sha3_enable(bool enable);
|
||||
|
||||
// EVP_MD_unstable_sha3_is_enabled always returns true as SHA3 is always
|
||||
// enabled.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED bool EVP_MD_unstable_sha3_is_enabled(void);
|
||||
|
||||
// EVP_MD_CTX_set_flags does nothing. We strongly discourage doing any
|
||||
// additional configurations when consuming |EVP_MD_CTX|.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx,
|
||||
int flags);
|
||||
|
||||
// EVP_MD_CTX_FLAG_NON_FIPS_ALLOW is meaningless. In OpenSSL it permits non-FIPS
|
||||
// algorithms in FIPS mode. But BoringSSL FIPS mode doesn't prohibit algorithms
|
||||
// (it's up the the caller to use the FIPS module in a fashion compliant with
|
||||
// their needs). Thus this exists only to allow code to compile.
|
||||
#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0
|
||||
|
||||
// EVP_add_digest does nothing and returns one. It exists only for
|
||||
// compatibility with OpenSSL, which requires manually loading supported digests
|
||||
// when certain options are turned on.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_add_digest(const EVP_MD *digest);
|
||||
|
||||
// EVP_md_null is a "null" message digest that does nothing: i.e. the hash it
|
||||
// returns is of zero length. Included for OpenSSL compatibility
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED const EVP_MD *EVP_md_null(void);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free)
|
||||
|
||||
using ScopedEVP_MD_CTX =
|
||||
internal::StackAllocatedMovable<EVP_MD_CTX, int, EVP_MD_CTX_init,
|
||||
EVP_MD_CTX_cleanup, EVP_MD_CTX_move>;
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
#define DIGEST_R_INPUT_NOT_INITIALIZED 100
|
||||
#define DIGEST_R_DECODE_ERROR 101
|
||||
#define DIGEST_R_UNKNOWN_HASH 102
|
||||
|
||||
#endif // OPENSSL_HEADER_DIGEST_H
|
||||
+384
@@ -0,0 +1,384 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// The DSS routines are based on patches supplied by Steven Schoch <schoch@sheba.arc.nasa.gov>.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_DSA_H
|
||||
#define OPENSSL_HEADER_DSA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
#include <openssl/ex_data.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Digital Signature Algorithm (deprecated).
|
||||
|
||||
|
||||
#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
|
||||
|
||||
|
||||
// DSA contains functions for signing and verifying with the Digital Signature
|
||||
// Algorithm.
|
||||
//
|
||||
// This module is deprecated and retained for legacy reasons only. It is not
|
||||
// considered a priority for performance or hardening work. Do not use it in
|
||||
// new code. Use Ed25519, ECDSA with P-256, or RSA instead.
|
||||
|
||||
|
||||
// Allocation and destruction.
|
||||
//
|
||||
// A |DSA| object represents a DSA key or group parameters. A given object may
|
||||
// be used concurrently on multiple threads by non-mutating functions, provided
|
||||
// no other thread is concurrently calling a mutating function. Unless otherwise
|
||||
// documented, functions which take a |const| pointer are non-mutating and
|
||||
// functions which take a non-|const| pointer are mutating.
|
||||
|
||||
// DSA_new returns a new, empty DSA object or NULL on error.
|
||||
OPENSSL_EXPORT DSA *DSA_new(void);
|
||||
|
||||
// DSA_free decrements the reference count of |dsa| and frees it if the
|
||||
// reference count drops to zero.
|
||||
OPENSSL_EXPORT void DSA_free(DSA *dsa);
|
||||
|
||||
// DSA_up_ref increments the reference count of |dsa| and returns one. It does
|
||||
// not mutate |dsa| for thread-safety purposes and may be used concurrently.
|
||||
OPENSSL_EXPORT int DSA_up_ref(DSA *dsa);
|
||||
|
||||
// DSA_print prints a textual representation of |dsa| to |bio|. It returns one
|
||||
// on success or zero otherwise.
|
||||
OPENSSL_EXPORT int DSA_print(BIO *bio, const DSA *dsa, int indent);
|
||||
|
||||
// DSA_print_fp prints a textual representation of |dsa| to |fp|. It returns one
|
||||
// on success or zero otherwise.
|
||||
OPENSSL_EXPORT int DSA_print_fp(FILE *fp, const DSA *dsa, int indent);
|
||||
|
||||
// Properties.
|
||||
|
||||
// DSA_bits returns the size of |dsa|'s group modulus, in bits.
|
||||
OPENSSL_EXPORT unsigned DSA_bits(const DSA *dsa);
|
||||
|
||||
// DSA_get0_pub_key returns |dsa|'s public key.
|
||||
OPENSSL_EXPORT const BIGNUM *DSA_get0_pub_key(const DSA *dsa);
|
||||
|
||||
// DSA_get0_priv_key returns |dsa|'s private key, or NULL if |dsa| is a public
|
||||
// key.
|
||||
OPENSSL_EXPORT const BIGNUM *DSA_get0_priv_key(const DSA *dsa);
|
||||
|
||||
// DSA_get0_p returns |dsa|'s group modulus.
|
||||
OPENSSL_EXPORT const BIGNUM *DSA_get0_p(const DSA *dsa);
|
||||
|
||||
// DSA_get0_q returns the size of |dsa|'s subgroup.
|
||||
OPENSSL_EXPORT const BIGNUM *DSA_get0_q(const DSA *dsa);
|
||||
|
||||
// DSA_get0_g returns |dsa|'s group generator.
|
||||
OPENSSL_EXPORT const BIGNUM *DSA_get0_g(const DSA *dsa);
|
||||
|
||||
// DSA_get0_key sets |*out_pub_key| and |*out_priv_key|, if non-NULL, to |dsa|'s
|
||||
// public and private key, respectively. If |dsa| is a public key, the private
|
||||
// key will be set to NULL.
|
||||
OPENSSL_EXPORT void DSA_get0_key(const DSA *dsa, const BIGNUM **out_pub_key,
|
||||
const BIGNUM **out_priv_key);
|
||||
|
||||
// DSA_get0_pqg sets |*out_p|, |*out_q|, and |*out_g|, if non-NULL, to |dsa|'s
|
||||
// p, q, and g parameters, respectively.
|
||||
OPENSSL_EXPORT void DSA_get0_pqg(const DSA *dsa, const BIGNUM **out_p,
|
||||
const BIGNUM **out_q, const BIGNUM **out_g);
|
||||
|
||||
// DSA_set0_key sets |dsa|'s public and private key to |pub_key| and |priv_key|,
|
||||
// respectively, if non-NULL. On success, it takes ownership of each argument
|
||||
// and returns one. Otherwise, it returns zero.
|
||||
//
|
||||
// |priv_key| may be NULL, but |pub_key| must either be non-NULL or already
|
||||
// configured on |dsa|.
|
||||
OPENSSL_EXPORT int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key);
|
||||
|
||||
// DSA_set0_pqg sets |dsa|'s parameters to |p|, |q|, and |g|, if non-NULL, and
|
||||
// takes ownership of them. On success, it takes ownership of each argument and
|
||||
// returns one. Otherwise, it returns zero.
|
||||
//
|
||||
// Each argument must either be non-NULL or already configured on |dsa|.
|
||||
OPENSSL_EXPORT int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g);
|
||||
|
||||
|
||||
// Parameter generation.
|
||||
|
||||
// DSA_generate_parameters_ex generates a set of DSA parameters by following
|
||||
// the procedure given in FIPS 186-4, appendix A.
|
||||
// (http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf)
|
||||
//
|
||||
// The larger prime will have a length of |bits| (e.g. 2048). The |seed| value
|
||||
// allows others to generate and verify the same parameters and should be
|
||||
// random input which is kept for reference. If |out_counter| or |out_h| are
|
||||
// not NULL then the counter and h value used in the generation are written to
|
||||
// them.
|
||||
//
|
||||
// The |cb| argument is passed to |BN_generate_prime_ex| and is thus called
|
||||
// during the generation process in order to indicate progress. See the
|
||||
// comments for that function for details. In addition to the calls made by
|
||||
// |BN_generate_prime_ex|, |DSA_generate_parameters_ex| will call it with
|
||||
// |event| equal to 2 and 3 at different stages of the process.
|
||||
//
|
||||
// It returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int DSA_generate_parameters_ex(DSA *dsa, unsigned bits,
|
||||
const uint8_t *seed,
|
||||
size_t seed_len, int *out_counter,
|
||||
unsigned long *out_h,
|
||||
BN_GENCB *cb);
|
||||
|
||||
// DSAparams_dup returns a freshly allocated |DSA| that contains a copy of the
|
||||
// parameters from |dsa|. It returns NULL on error.
|
||||
OPENSSL_EXPORT DSA *DSAparams_dup(const DSA *dsa);
|
||||
|
||||
|
||||
// Key generation.
|
||||
|
||||
// DSA_generate_key generates a public/private key pair in |dsa|, which must
|
||||
// already have parameters setup. Only supports generating up to |OPENSSL_DSA_MAX_MODULUS_BITS|
|
||||
// bit keys. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int DSA_generate_key(DSA *dsa);
|
||||
|
||||
|
||||
// Signatures.
|
||||
|
||||
// DSA_SIG_st (aka |DSA_SIG|) contains a DSA signature as a pair of integers.
|
||||
struct DSA_SIG_st {
|
||||
BIGNUM *r, *s;
|
||||
};
|
||||
|
||||
// DSA_SIG_new returns a freshly allocated, DIG_SIG structure or NULL on error.
|
||||
// Both |r| and |s| in the signature will be NULL.
|
||||
OPENSSL_EXPORT DSA_SIG *DSA_SIG_new(void);
|
||||
|
||||
// DSA_SIG_free frees the contents of |sig| and then frees |sig| itself.
|
||||
OPENSSL_EXPORT void DSA_SIG_free(DSA_SIG *sig);
|
||||
|
||||
// DSA_SIG_get0 sets |*out_r| and |*out_s|, if non-NULL, to the two components
|
||||
// of |sig|.
|
||||
OPENSSL_EXPORT void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **out_r,
|
||||
const BIGNUM **out_s);
|
||||
|
||||
// DSA_SIG_set0 sets |sig|'s components to |r| and |s|, neither of which may be
|
||||
// NULL. On success, it takes ownership of each argument and returns one.
|
||||
// Otherwise, it returns zero.
|
||||
OPENSSL_EXPORT int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
|
||||
|
||||
// DSA_do_sign returns a signature of the hash in |digest| by the key in |dsa|
|
||||
// and returns an allocated, DSA_SIG structure, or NULL on error.
|
||||
OPENSSL_EXPORT DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len,
|
||||
const DSA *dsa);
|
||||
|
||||
// DSA_do_verify verifies that |sig| is a valid signature, by the public key in
|
||||
// |dsa|, of the hash in |digest|. It returns one if so, zero if invalid and -1
|
||||
// on error.
|
||||
//
|
||||
// WARNING: do not use. This function returns -1 for error, 0 for invalid and 1
|
||||
// for valid. However, this is dangerously different to the usual OpenSSL
|
||||
// convention and could be a disaster if a user did |if (DSA_do_verify(...))|.
|
||||
// Because of this, |DSA_check_signature| is a safer version of this.
|
||||
//
|
||||
// TODO(fork): deprecate.
|
||||
OPENSSL_EXPORT int DSA_do_verify(const uint8_t *digest, size_t digest_len,
|
||||
const DSA_SIG *sig, const DSA *dsa);
|
||||
|
||||
// DSA_do_check_signature sets |*out_valid| to zero. Then it verifies that |sig|
|
||||
// is a valid signature, by the public key in |dsa| of the hash in |digest|
|
||||
// and, if so, it sets |*out_valid| to one.
|
||||
//
|
||||
// It returns one if it was able to verify the signature as valid or invalid,
|
||||
// and zero on error.
|
||||
OPENSSL_EXPORT int DSA_do_check_signature(int *out_valid, const uint8_t *digest,
|
||||
size_t digest_len, const DSA_SIG *sig,
|
||||
const DSA *dsa);
|
||||
|
||||
|
||||
// ASN.1 signatures.
|
||||
//
|
||||
// These functions also perform DSA signature operations, but deal with ASN.1
|
||||
// encoded signatures as opposed to raw |BIGNUM|s. If you don't know what
|
||||
// encoding a DSA signature is in, it's probably ASN.1.
|
||||
|
||||
// DSA_sign signs |digest| with the key in |dsa| and writes the resulting
|
||||
// signature, in ASN.1 form, to |out_sig| and the length of the signature to
|
||||
// |*out_siglen|. There must be, at least, |DSA_size(dsa)| bytes of space in
|
||||
// |out_sig|. It returns one on success and zero otherwise.
|
||||
//
|
||||
// (The |type| argument is ignored.)
|
||||
OPENSSL_EXPORT int DSA_sign(int type, const uint8_t *digest, size_t digest_len,
|
||||
uint8_t *out_sig, unsigned int *out_siglen,
|
||||
const DSA *dsa);
|
||||
|
||||
// DSA_verify verifies that |sig| is a valid, ASN.1 signature, by the public
|
||||
// key in |dsa|, of the hash in |digest|. It returns one if so, zero if invalid
|
||||
// and -1 on error.
|
||||
//
|
||||
// (The |type| argument is ignored.)
|
||||
//
|
||||
// WARNING: do not use. This function returns -1 for error, 0 for invalid and 1
|
||||
// for valid. However, this is dangerously different to the usual OpenSSL
|
||||
// convention and could be a disaster if a user did |if (DSA_do_verify(...))|.
|
||||
// Because of this, |DSA_check_signature| is a safer version of this.
|
||||
//
|
||||
// TODO(fork): deprecate.
|
||||
OPENSSL_EXPORT int DSA_verify(int type, const uint8_t *digest,
|
||||
size_t digest_len, const uint8_t *sig,
|
||||
size_t sig_len, const DSA *dsa);
|
||||
|
||||
// DSA_check_signature sets |*out_valid| to zero. Then it verifies that |sig|
|
||||
// is a valid, ASN.1 signature, by the public key in |dsa|, of the hash in
|
||||
// |digest|. If so, it sets |*out_valid| to one.
|
||||
//
|
||||
// It returns one if it was able to verify the signature as valid or invalid,
|
||||
// and zero on error.
|
||||
OPENSSL_EXPORT int DSA_check_signature(int *out_valid, const uint8_t *digest,
|
||||
size_t digest_len, const uint8_t *sig,
|
||||
size_t sig_len, const DSA *dsa);
|
||||
|
||||
// DSA_size returns the size, in bytes, of an ASN.1 encoded, DSA signature
|
||||
// generated by |dsa|. Parameters must already have been setup in |dsa|.
|
||||
OPENSSL_EXPORT int DSA_size(const DSA *dsa);
|
||||
|
||||
|
||||
// ASN.1 encoding.
|
||||
|
||||
// DSA_SIG_parse parses a DER-encoded DSA-Sig-Value structure from |cbs| and
|
||||
// advances |cbs|. It returns a newly-allocated |DSA_SIG| or NULL on error.
|
||||
OPENSSL_EXPORT DSA_SIG *DSA_SIG_parse(CBS *cbs);
|
||||
|
||||
// DSA_SIG_marshal marshals |sig| as a DER-encoded DSA-Sig-Value and appends the
|
||||
// result to |cbb|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int DSA_SIG_marshal(CBB *cbb, const DSA_SIG *sig);
|
||||
|
||||
// DSA_parse_public_key parses a DER-encoded DSA public key from |cbs| and
|
||||
// advances |cbs|. It returns a newly-allocated |DSA| or NULL on error.
|
||||
OPENSSL_EXPORT DSA *DSA_parse_public_key(CBS *cbs);
|
||||
|
||||
// DSA_marshal_public_key marshals |dsa| as a DER-encoded DSA public key and
|
||||
// appends the result to |cbb|. It returns one on success and zero on
|
||||
// failure.
|
||||
OPENSSL_EXPORT int DSA_marshal_public_key(CBB *cbb, const DSA *dsa);
|
||||
|
||||
// DSA_parse_private_key parses a DER-encoded DSA private key from |cbs| and
|
||||
// advances |cbs|. It returns a newly-allocated |DSA| or NULL on error.
|
||||
OPENSSL_EXPORT DSA *DSA_parse_private_key(CBS *cbs);
|
||||
|
||||
// DSA_marshal_private_key marshals |dsa| as a DER-encoded DSA private key and
|
||||
// appends the result to |cbb|. It returns one on success and zero on
|
||||
// failure.
|
||||
OPENSSL_EXPORT int DSA_marshal_private_key(CBB *cbb, const DSA *dsa);
|
||||
|
||||
// DSA_parse_parameters parses a DER-encoded Dss-Parms structure (RFC 3279)
|
||||
// from |cbs| and advances |cbs|. It returns a newly-allocated |DSA| or NULL on
|
||||
// error.
|
||||
OPENSSL_EXPORT DSA *DSA_parse_parameters(CBS *cbs);
|
||||
|
||||
// DSA_marshal_parameters marshals |dsa| as a DER-encoded Dss-Parms structure
|
||||
// (RFC 3279) and appends the result to |cbb|. It returns one on success and
|
||||
// zero on failure.
|
||||
OPENSSL_EXPORT int DSA_marshal_parameters(CBB *cbb, const DSA *dsa);
|
||||
|
||||
|
||||
// Conversion.
|
||||
|
||||
// DSA_dup_DH returns a |DH| constructed from the parameters of |dsa|. This is
|
||||
// sometimes needed when Diffie-Hellman parameters are stored in the form of
|
||||
// DSA parameters. It returns an allocated |DH| on success or NULL on error.
|
||||
OPENSSL_EXPORT DH *DSA_dup_DH(const DSA *dsa);
|
||||
|
||||
|
||||
// ex_data functions.
|
||||
//
|
||||
// See |ex_data.h| for details.
|
||||
|
||||
OPENSSL_EXPORT int DSA_get_ex_new_index(long argl, void *argp,
|
||||
CRYPTO_EX_unused *unused,
|
||||
CRYPTO_EX_dup *dup_unused,
|
||||
CRYPTO_EX_free *free_func);
|
||||
OPENSSL_EXPORT int DSA_set_ex_data(DSA *dsa, int idx, void *arg);
|
||||
OPENSSL_EXPORT void *DSA_get_ex_data(const DSA *dsa, int idx);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// d2i_DSA_SIG parses a DER-encoded DSA-Sig-Value structure from |len| bytes at
|
||||
// |*inp|, as described in |d2i_SAMPLE|.
|
||||
//
|
||||
// Use |DSA_SIG_parse| instead.
|
||||
OPENSSL_EXPORT DSA_SIG *d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp,
|
||||
long len);
|
||||
|
||||
// i2d_DSA_SIG marshals |in| to a DER-encoded DSA-Sig-Value structure, as
|
||||
// described in |i2d_SAMPLE|.
|
||||
//
|
||||
// Use |DSA_SIG_marshal| instead.
|
||||
OPENSSL_EXPORT int i2d_DSA_SIG(const DSA_SIG *in, uint8_t **outp);
|
||||
|
||||
// d2i_DSAPublicKey parses a DER-encoded DSA public key from |len| bytes at
|
||||
// |*inp|, as described in |d2i_SAMPLE|.
|
||||
//
|
||||
// Use |DSA_parse_public_key| instead.
|
||||
OPENSSL_EXPORT DSA *d2i_DSAPublicKey(DSA **out, const uint8_t **inp, long len);
|
||||
|
||||
// i2d_DSAPublicKey marshals |in| as a DER-encoded DSA public key, as described
|
||||
// in |i2d_SAMPLE|.
|
||||
//
|
||||
// Use |DSA_marshal_public_key| instead.
|
||||
OPENSSL_EXPORT int i2d_DSAPublicKey(const DSA *in, uint8_t **outp);
|
||||
|
||||
// d2i_DSAPrivateKey parses a DER-encoded DSA private key from |len| bytes at
|
||||
// |*inp|, as described in |d2i_SAMPLE|.
|
||||
//
|
||||
// Use |DSA_parse_private_key| instead.
|
||||
OPENSSL_EXPORT DSA *d2i_DSAPrivateKey(DSA **out, const uint8_t **inp, long len);
|
||||
|
||||
// i2d_DSAPrivateKey marshals |in| as a DER-encoded DSA private key, as
|
||||
// described in |i2d_SAMPLE|.
|
||||
//
|
||||
// Use |DSA_marshal_private_key| instead.
|
||||
OPENSSL_EXPORT int i2d_DSAPrivateKey(const DSA *in, uint8_t **outp);
|
||||
|
||||
// d2i_DSAparams parses a DER-encoded Dss-Parms structure (RFC 3279) from |len|
|
||||
// bytes at |*inp|, as described in |d2i_SAMPLE|.
|
||||
//
|
||||
// Use |DSA_parse_parameters| instead.
|
||||
OPENSSL_EXPORT DSA *d2i_DSAparams(DSA **out, const uint8_t **inp, long len);
|
||||
|
||||
// i2d_DSAparams marshals |in|'s parameters as a DER-encoded Dss-Parms structure
|
||||
// (RFC 3279), as described in |i2d_SAMPLE|.
|
||||
//
|
||||
// Use |DSA_marshal_parameters| instead.
|
||||
OPENSSL_EXPORT int i2d_DSAparams(const DSA *in, uint8_t **outp);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(DSA, DSA_free)
|
||||
BORINGSSL_MAKE_UP_REF(DSA, DSA_up_ref)
|
||||
BORINGSSL_MAKE_DELETER(DSA_SIG, DSA_SIG_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#define DSA_R_BAD_Q_VALUE 100
|
||||
#define DSA_R_MISSING_PARAMETERS 101
|
||||
#define DSA_R_MODULUS_TOO_LARGE 102
|
||||
#define DSA_R_NEED_NEW_SETUP_VALUES 103
|
||||
#define DSA_R_BAD_VERSION 104
|
||||
#define DSA_R_DECODE_ERROR 105
|
||||
#define DSA_R_ENCODE_ERROR 106
|
||||
#define DSA_R_INVALID_PARAMETERS 107
|
||||
#define DSA_R_TOO_MANY_ITERATIONS 108
|
||||
|
||||
#endif // OPENSSL_HEADER_DSA_H
|
||||
+5
@@ -0,0 +1,5 @@
|
||||
// Copyright (c) 2015, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
+7
@@ -0,0 +1,7 @@
|
||||
// Copyright (c) 2018, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include <openssl/base.h>
|
||||
+573
@@ -0,0 +1,573 @@
|
||||
// Originally written by Bodo Moeller for the OpenSSL project.
|
||||
// Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
|
||||
// Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
//
|
||||
// The elliptic curve binary polynomial software is originally written by
|
||||
// Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
|
||||
// Laboratories.
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_EC_H
|
||||
#define OPENSSL_HEADER_EC_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Low-level operations on elliptic curves.
|
||||
|
||||
|
||||
// point_conversion_form_t enumerates forms, as defined in X9.62 (ECDSA), for
|
||||
// the encoding of a elliptic curve point (x,y)
|
||||
typedef enum {
|
||||
// POINT_CONVERSION_COMPRESSED indicates that the point is encoded as z||x,
|
||||
// where the octet z specifies which solution of the quadratic equation y
|
||||
// is.
|
||||
POINT_CONVERSION_COMPRESSED = 2,
|
||||
|
||||
// POINT_CONVERSION_UNCOMPRESSED indicates that the point is encoded as
|
||||
// z||x||y, where z is the octet 0x04.
|
||||
POINT_CONVERSION_UNCOMPRESSED = 4,
|
||||
|
||||
// POINT_CONVERSION_HYBRID indicates that the point is encoded as z||x||y,
|
||||
// where z specifies which solution of the quadratic equation y is.
|
||||
POINT_CONVERSION_HYBRID = 6
|
||||
} point_conversion_form_t;
|
||||
|
||||
|
||||
// Elliptic curve groups.
|
||||
//
|
||||
// Elliptic curve groups are represented by |EC_GROUP| objects. Unlike OpenSSL,
|
||||
// if limited to the APIs in this section, callers may treat |EC_GROUP|s as
|
||||
// static, immutable objects which do not need to be copied or released. In
|
||||
// BoringSSL, only custom |EC_GROUP|s created by |EC_GROUP_new_curve_GFp|
|
||||
// (deprecated) are dynamic.
|
||||
//
|
||||
// Callers may cast away |const| and use |EC_GROUP_dup| and |EC_GROUP_free| with
|
||||
// static groups, for compatibility with OpenSSL or dynamic groups, but it is
|
||||
// otherwise unnecessary.
|
||||
|
||||
// EC_group_p224 returns an |EC_GROUP| for P-224, also known as secp224r1.
|
||||
OPENSSL_EXPORT const EC_GROUP *EC_group_p224(void);
|
||||
|
||||
// EC_group_p256 returns an |EC_GROUP| for P-256, also known as secp256r1 or
|
||||
// prime256v1.
|
||||
OPENSSL_EXPORT const EC_GROUP *EC_group_p256(void);
|
||||
|
||||
// EC_group_p384 returns an |EC_GROUP| for P-384, also known as secp384r1.
|
||||
OPENSSL_EXPORT const EC_GROUP *EC_group_p384(void);
|
||||
|
||||
// EC_group_p521 returns an |EC_GROUP| for P-521, also known as secp521r1.
|
||||
OPENSSL_EXPORT const EC_GROUP *EC_group_p521(void);
|
||||
|
||||
// EC_group_secp256k1 returns an |EC_GROUP| for secp256k1.
|
||||
OPENSSL_EXPORT const EC_GROUP *EC_group_secp256k1(void);
|
||||
|
||||
// EC_GROUP_new_by_curve_name returns the |EC_GROUP| object for the elliptic
|
||||
// curve specified by |nid|, or NULL on unsupported NID. For OpenSSL
|
||||
// compatibility, this function returns a non-const pointer which may be passed
|
||||
// to |EC_GROUP_free|. However, the resulting object is actually static and
|
||||
// calling |EC_GROUP_free| is optional.
|
||||
//
|
||||
// The supported NIDs are (see crypto/fipsmodule/ec/ec.c):
|
||||
// - |NID_secp224r1| (NIST P-224)
|
||||
// - |NID_X9_62_prime256v1| (NIST P-256)
|
||||
// - |NID_secp384r1| (NIST P-384)
|
||||
// - |NID_secp521r1| (NIST P-521)
|
||||
// - |NID_secp256k1| (SEC/ANSI P-256 K1)
|
||||
//
|
||||
// Calling this function causes all four curves to be linked into the binary.
|
||||
// Prefer calling |EC_group_*| to allow the static linker to drop unused curves.
|
||||
//
|
||||
// If in doubt, use |NID_X9_62_prime256v1|, or see the curve25519.h header for
|
||||
// more modern primitives.
|
||||
OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
|
||||
|
||||
// EC_GROUP_new_by_curve_name_mutable is like |EC_GROUP_new_by_curve_name|, but
|
||||
// dynamically allocates a mutable |EC_GROUP| pointer for more OpenSSL
|
||||
// compatibility. Although |EC_GROUP_new_by_curve_name| returns a const pointer
|
||||
// under the hood, resulting objects returned by this function MUST be freed
|
||||
// by |EC_GROUP_free|.
|
||||
//
|
||||
// Note: Users should use |EC_GROUP_new_by_curve_name| when possible.
|
||||
OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_by_curve_name_mutable(int nid);
|
||||
|
||||
// EC_GROUP_cmp returns zero if |a| and |b| are the same group and non-zero
|
||||
// otherwise.
|
||||
OPENSSL_EXPORT int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b,
|
||||
BN_CTX *ignored);
|
||||
|
||||
// EC_GROUP_get0_generator returns a pointer to the internal |EC_POINT| object
|
||||
// in |group| that specifies the generator for the group.
|
||||
OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
|
||||
|
||||
// EC_GROUP_get0_order returns a pointer to the internal |BIGNUM| object in
|
||||
// |group| that specifies the order of the group.
|
||||
OPENSSL_EXPORT const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
|
||||
|
||||
// EC_GROUP_order_bits returns the number of bits of the order of |group|.
|
||||
OPENSSL_EXPORT int EC_GROUP_order_bits(const EC_GROUP *group);
|
||||
|
||||
// EC_GROUP_get_cofactor sets |*cofactor| to the cofactor of |group| using
|
||||
// |ctx|, if it's not NULL. It returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int EC_GROUP_get_cofactor(const EC_GROUP *group,
|
||||
BIGNUM *cofactor, BN_CTX *ctx);
|
||||
|
||||
// EC_GROUP_get_curve_GFp gets various parameters about a group. It sets
|
||||
// |*out_p| to the order of the coordinate field and |*out_a| and |*out_b| to
|
||||
// the parameters of the curve when expressed as y² = x³ + ax + b. Any of the
|
||||
// output parameters can be NULL. It returns one on success and zero on
|
||||
// error.
|
||||
OPENSSL_EXPORT int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *out_p,
|
||||
BIGNUM *out_a, BIGNUM *out_b,
|
||||
BN_CTX *ctx);
|
||||
|
||||
// EC_GROUP_get_curve_name returns a NID that identifies |group|.
|
||||
OPENSSL_EXPORT int EC_GROUP_get_curve_name(const EC_GROUP *group);
|
||||
|
||||
// EC_GROUP_get_degree returns the number of bits needed to represent an
|
||||
// element of the field underlying |group|.
|
||||
OPENSSL_EXPORT unsigned EC_GROUP_get_degree(const EC_GROUP *group);
|
||||
|
||||
// EC_curve_nid2nist returns the NIST name of the elliptic curve specified by
|
||||
// |nid|, or NULL if |nid| is not a NIST curve. For example, it returns "P-256"
|
||||
// for |NID_X9_62_prime256v1|.
|
||||
OPENSSL_EXPORT const char *EC_curve_nid2nist(int nid);
|
||||
|
||||
// EC_curve_nist2nid returns the NID of the elliptic curve specified by the NIST
|
||||
// name |name|, or |NID_undef| if |name| is not a recognized name. For example,
|
||||
// it returns |NID_X9_62_prime256v1| for "P-256".
|
||||
OPENSSL_EXPORT int EC_curve_nist2nid(const char *name);
|
||||
|
||||
// Points on elliptic curves.
|
||||
|
||||
// EC_POINT_new returns a fresh |EC_POINT| object in the given group, or NULL
|
||||
// on error.
|
||||
OPENSSL_EXPORT EC_POINT *EC_POINT_new(const EC_GROUP *group);
|
||||
|
||||
// EC_POINT_free frees |point| and the data that it points to.
|
||||
OPENSSL_EXPORT void EC_POINT_free(EC_POINT *point);
|
||||
|
||||
// EC_POINT_copy sets |*dest| equal to |*src|. It returns one on success and
|
||||
// zero otherwise.
|
||||
OPENSSL_EXPORT int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src);
|
||||
|
||||
// EC_POINT_dup returns a fresh |EC_POINT| that contains the same values as
|
||||
// |src|, or NULL on error.
|
||||
OPENSSL_EXPORT EC_POINT *EC_POINT_dup(const EC_POINT *src,
|
||||
const EC_GROUP *group);
|
||||
|
||||
// EC_POINT_set_to_infinity sets |point| to be the "point at infinity" for the
|
||||
// given group.
|
||||
OPENSSL_EXPORT int EC_POINT_set_to_infinity(const EC_GROUP *group,
|
||||
EC_POINT *point);
|
||||
|
||||
// EC_POINT_is_at_infinity returns one iff |point| is the point at infinity and
|
||||
// zero otherwise.
|
||||
OPENSSL_EXPORT int EC_POINT_is_at_infinity(const EC_GROUP *group,
|
||||
const EC_POINT *point);
|
||||
|
||||
// EC_POINT_is_on_curve returns one if |point| is an element of |group| and
|
||||
// and zero otherwise or when an error occurs. This is different from OpenSSL,
|
||||
// which returns -1 on error. If |ctx| is non-NULL, it may be used.
|
||||
OPENSSL_EXPORT int EC_POINT_is_on_curve(const EC_GROUP *group,
|
||||
const EC_POINT *point, BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_cmp returns zero if |a| is equal to |b|, greater than zero if
|
||||
// not equal and -1 on error. If |ctx| is not NULL, it may be used.
|
||||
OPENSSL_EXPORT int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a,
|
||||
const EC_POINT *b, BN_CTX *ctx);
|
||||
|
||||
|
||||
// Point conversion.
|
||||
|
||||
// EC_POINT_get_affine_coordinates_GFp sets |x| and |y| to the affine value of
|
||||
// |point| using |ctx|, if it's not NULL. It returns one on success and zero
|
||||
// otherwise.
|
||||
//
|
||||
// Either |x| or |y| may be NULL to skip computing that coordinate. This is
|
||||
// slightly faster in the common case where only the x-coordinate is needed.
|
||||
OPENSSL_EXPORT int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
|
||||
const EC_POINT *point,
|
||||
BIGNUM *x, BIGNUM *y,
|
||||
BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_get_affine_coordinates is an alias of
|
||||
// |EC_POINT_get_affine_coordinates_GFp|.
|
||||
OPENSSL_EXPORT int EC_POINT_get_affine_coordinates(const EC_GROUP *group,
|
||||
const EC_POINT *point,
|
||||
BIGNUM *x, BIGNUM *y,
|
||||
BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_set_affine_coordinates_GFp sets the value of |point| to be
|
||||
// (|x|, |y|). The |ctx| argument may be used if not NULL. It returns one
|
||||
// on success or zero on error. It's considered an error if the point is not on
|
||||
// the curve.
|
||||
//
|
||||
// Note that the corresponding function in OpenSSL versions prior to 1.0.2s does
|
||||
// not check if the point is on the curve. This is a security-critical check, so
|
||||
// code additionally supporting OpenSSL should repeat the check with
|
||||
// |EC_POINT_is_on_curve| or check for older OpenSSL versions with
|
||||
// |OPENSSL_VERSION_NUMBER|.
|
||||
OPENSSL_EXPORT int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
|
||||
EC_POINT *point,
|
||||
const BIGNUM *x,
|
||||
const BIGNUM *y,
|
||||
BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_set_affine_coordinates is an alias of
|
||||
// |EC_POINT_set_affine_coordinates_GFp|.
|
||||
OPENSSL_EXPORT int EC_POINT_set_affine_coordinates(const EC_GROUP *group,
|
||||
EC_POINT *point,
|
||||
const BIGNUM *x,
|
||||
const BIGNUM *y,
|
||||
BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_point2oct serialises |point| into the X9.62 form given by |form|
|
||||
// into, at most, |len| bytes at |buf|. It returns the number of bytes written
|
||||
// or zero on error if |buf| is non-NULL, else the number of bytes needed. The
|
||||
// |ctx| argument may be used if not NULL.
|
||||
OPENSSL_EXPORT size_t EC_POINT_point2oct(const EC_GROUP *group,
|
||||
const EC_POINT *point,
|
||||
point_conversion_form_t form,
|
||||
uint8_t *buf, size_t len, BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_point2cbb behaves like |EC_POINT_point2oct| but appends the
|
||||
// serialised point to |cbb|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int EC_POINT_point2cbb(CBB *out, const EC_GROUP *group,
|
||||
const EC_POINT *point,
|
||||
point_conversion_form_t form,
|
||||
BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_oct2point sets |point| from |len| bytes of X9.62 format
|
||||
// serialisation in |buf|. It returns one on success and zero on error. The
|
||||
// |ctx| argument may be used if not NULL. It's considered an error if |buf|
|
||||
// does not represent a point on the curve.
|
||||
OPENSSL_EXPORT int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
const uint8_t *buf, size_t len,
|
||||
BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_set_compressed_coordinates_GFp sets |point| to equal the point with
|
||||
// the given |x| coordinate and the y coordinate specified by |y_bit| (see
|
||||
// X9.62). It returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int EC_POINT_set_compressed_coordinates_GFp(
|
||||
const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit,
|
||||
BN_CTX *ctx);
|
||||
|
||||
|
||||
// Group operations.
|
||||
|
||||
// EC_POINT_add sets |r| equal to |a| plus |b|. It returns one on success and
|
||||
// zero otherwise. If |ctx| is not NULL, it may be used.
|
||||
OPENSSL_EXPORT int EC_POINT_add(const EC_GROUP *group, EC_POINT *r,
|
||||
const EC_POINT *a, const EC_POINT *b,
|
||||
BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_dbl sets |r| equal to |a| plus |a|. It returns one on success and
|
||||
// zero otherwise. If |ctx| is not NULL, it may be used.
|
||||
OPENSSL_EXPORT int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r,
|
||||
const EC_POINT *a, BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_invert sets |a| equal to minus |a|. It returns one on success and
|
||||
// zero otherwise. If |ctx| is not NULL, it may be used.
|
||||
OPENSSL_EXPORT int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a,
|
||||
BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_mul sets r = generator*n + q*m. It returns one on success and zero
|
||||
// otherwise. If |ctx| is not NULL, it may be used.
|
||||
OPENSSL_EXPORT int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
const BIGNUM *n, const EC_POINT *q,
|
||||
const BIGNUM *m, BN_CTX *ctx);
|
||||
|
||||
|
||||
// Hash-to-curve.
|
||||
//
|
||||
// The following functions implement primitives from RFC 9380. The |dst|
|
||||
// parameter in each function is the domain separation tag and must be unique
|
||||
// for each protocol and between the |hash_to_curve| and |hash_to_scalar|
|
||||
// variants. See section 3.1 of the spec for additional guidance on this
|
||||
// parameter.
|
||||
|
||||
// EC_hash_to_curve_p256_xmd_sha256_sswu hashes |msg| to a point on |group| and
|
||||
// writes the result to |out|, implementing the P256_XMD:SHA-256_SSWU_RO_ suite
|
||||
// from RFC 9380. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int EC_hash_to_curve_p256_xmd_sha256_sswu(
|
||||
const EC_GROUP *group, EC_POINT *out, const uint8_t *dst, size_t dst_len,
|
||||
const uint8_t *msg, size_t msg_len);
|
||||
|
||||
// EC_hash_to_curve_p384_xmd_sha384_sswu hashes |msg| to a point on |group| and
|
||||
// writes the result to |out|, implementing the P384_XMD:SHA-384_SSWU_RO_ suite
|
||||
// from RFC 9380. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int EC_hash_to_curve_p384_xmd_sha384_sswu(
|
||||
const EC_GROUP *group, EC_POINT *out, const uint8_t *dst, size_t dst_len,
|
||||
const uint8_t *msg, size_t msg_len);
|
||||
|
||||
// EC_GROUP_free releases a reference to |group|, if |group| was created by
|
||||
// |EC_GROUP_new_by_curve_name_mutable| or |EC_GROUP_new_curve_GFp|. If
|
||||
// |group| is static, it does nothing.
|
||||
//
|
||||
// This function exists for OpenSSL compatibility, and to manage dynamic
|
||||
// |EC_GROUP|s constructed by |EC_GROUP_new_by_curve_name_mutable| and
|
||||
// |EC_GROUP_new_curve_GFp|. Callers that do not need either may ignore this
|
||||
// function.
|
||||
OPENSSL_EXPORT void EC_GROUP_free(EC_GROUP *group);
|
||||
|
||||
// EC_GROUP_dup increments |group|'s reference count and returns it, if |group|
|
||||
// was created by |EC_GROUP_new_curve_GFp|. If |group| was created by
|
||||
// |EC_GROUP_new_by_curve_name_mutable|, it does a deep copy of |group|. If
|
||||
// |group| is static, it simply returns |group|.
|
||||
//
|
||||
// This function exists for OpenSSL compatibility, and to manage dynamic
|
||||
// |EC_GROUP|s constructed by |EC_GROUP_new_by_curve_name_mutable| and
|
||||
// |EC_GROUP_new_curve_GFp|. Callers that do not need either may ignore this
|
||||
// function.
|
||||
OPENSSL_EXPORT EC_GROUP *EC_GROUP_dup(const EC_GROUP *group);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// EC_GROUP_new_curve_GFp creates a new, arbitrary elliptic curve group based
|
||||
// on the equation y² = x³ + a·x + b. It returns the new group or NULL on
|
||||
// error. The lifetime of the resulting object must be managed with
|
||||
// |EC_GROUP_dup| and |EC_GROUP_free|.
|
||||
//
|
||||
// This new group has no generator. It is an error to use a generator-less group
|
||||
// with any functions except for |EC_GROUP_free|, |EC_POINT_new|,
|
||||
// |EC_POINT_set_affine_coordinates_GFp|, and |EC_GROUP_set_generator|.
|
||||
//
|
||||
// |EC_GROUP|s returned by this function will always compare as unequal via
|
||||
// |EC_GROUP_cmp| (even to themselves). |EC_GROUP_get_curve_name| will always
|
||||
// return |NID_undef|.
|
||||
//
|
||||
// This function is provided for compatibility with some legacy applications
|
||||
// only. Avoid using arbitrary curves and use |EC_GROUP_new_by_curve_name|
|
||||
// instead. This ensures the result meets preconditions necessary for
|
||||
// elliptic curve algorithms to function correctly and securely.
|
||||
//
|
||||
// Given invalid parameters, this function may fail or it may return an
|
||||
// |EC_GROUP| which breaks these preconditions. Subsequent operations may then
|
||||
// return arbitrary, incorrect values. Callers should not pass
|
||||
// attacker-controlled values to this function.
|
||||
OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p,
|
||||
const BIGNUM *a,
|
||||
const BIGNUM *b, BN_CTX *ctx);
|
||||
|
||||
// EC_GROUP_set_generator sets the generator for |group| to |generator|, which
|
||||
// must have the given order and cofactor. It may only be used with |EC_GROUP|
|
||||
// objects returned by |EC_GROUP_new_curve_GFp| and may only be used once on
|
||||
// each group. |generator| must have been created using |group|.
|
||||
OPENSSL_EXPORT int EC_GROUP_set_generator(EC_GROUP *group,
|
||||
const EC_POINT *generator,
|
||||
const BIGNUM *order,
|
||||
const BIGNUM *cofactor);
|
||||
|
||||
|
||||
// EC_POINT_point2bn calls |EC_POINT_point2oct| to serialize |point| into the
|
||||
// X9.62 form given by |form| and returns the serialized output as a |BIGNUM|.
|
||||
// The returned |BIGNUM| is a representation of serialized bytes. On success, it
|
||||
// returns the |BIGNUM| pointer supplied or, if |ret| is NULL, allocates and
|
||||
// returns a fresh |BIGNUM|. On error, it returns NULL. The |ctx| argument may
|
||||
// be used if not NULL.
|
||||
//
|
||||
// Note: |EC_POINT|s are not individual |BIGNUM| integers, so these aren't
|
||||
// particularly useful. Use |EC_POINT_point2oct| directly instead.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED BIGNUM *EC_POINT_point2bn(
|
||||
const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
|
||||
BIGNUM *ret, BN_CTX *ctx);
|
||||
|
||||
// EC_POINT_bn2point is like |EC_POINT_point2bn|, but calls |EC_POINT_oct2point|
|
||||
// to de-serialize the |BIGNUM| representation of bytes back to an |EC_POINT|.
|
||||
// On success, it returns the |EC_POINT| pointer supplied or, if |ret| is NULL,
|
||||
// allocates and returns a fresh |EC_POINT|. On error, it returns NULL. The
|
||||
// |ctx| argument may be used if not NULL.
|
||||
//
|
||||
// Note: |EC_POINT|s are not individual |BIGNUM| integers, so these aren't
|
||||
// particularly useful. Use |EC_POINT_oct2point| directly instead.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED EC_POINT *EC_POINT_bn2point(
|
||||
const EC_GROUP *group, const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx);
|
||||
|
||||
// EC_GROUP_get_order sets |*order| to the order of |group|, if it's not
|
||||
// NULL. It returns one on success and zero otherwise. |ctx| is ignored. Use
|
||||
// |EC_GROUP_get0_order| instead.
|
||||
OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order,
|
||||
BN_CTX *ctx);
|
||||
|
||||
// EC_builtin_curve describes a supported elliptic curve.
|
||||
typedef struct {
|
||||
int nid;
|
||||
const char *comment;
|
||||
} EC_builtin_curve;
|
||||
|
||||
// EC_get_builtin_curves writes at most |max_num_curves| elements to
|
||||
// |out_curves| and returns the total number that it would have written, had
|
||||
// |max_num_curves| been large enough.
|
||||
//
|
||||
// The |EC_builtin_curve| items describe the supported elliptic curves.
|
||||
OPENSSL_EXPORT size_t EC_get_builtin_curves(EC_builtin_curve *out_curves,
|
||||
size_t max_num_curves);
|
||||
|
||||
// EC_POINT_clear_free calls |EC_POINT_free|.
|
||||
OPENSSL_EXPORT void EC_POINT_clear_free(EC_POINT *point);
|
||||
|
||||
|
||||
// General No-op Functions [Deprecated].
|
||||
|
||||
// EC_GROUP_set_seed does nothing and returns 0.
|
||||
//
|
||||
// Like OpenSSL's EC documentations indicates, the value of the seed is not used
|
||||
// in any cryptographic methods. It is only used to indicate the original seed
|
||||
// used to generate the curve's parameters and is preserved during ASN.1
|
||||
// communications. Please refrain from creating your own custom curves.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED size_t
|
||||
EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len);
|
||||
|
||||
// EC_GROUP_get0_seed returns NULL.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED unsigned char *EC_GROUP_get0_seed(
|
||||
const EC_GROUP *group);
|
||||
|
||||
// EC_GROUP_get_seed_len returns 0.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED size_t
|
||||
EC_GROUP_get_seed_len(const EC_GROUP *group);
|
||||
|
||||
// ECPKParameters_print prints nothing and returns 1.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int ECPKParameters_print(
|
||||
BIO *bio, const EC_GROUP *group, int offset);
|
||||
|
||||
|
||||
// |EC_GROUP| No-op Functions [Deprecated].
|
||||
//
|
||||
// Unlike OpenSSL's |EC_GROUP| implementation, our |EC_GROUP|s for named
|
||||
// curves are static and immutable. The following functions pertain to
|
||||
// the mutable aspects of OpenSSL's |EC_GROUP| structure. Using these
|
||||
// functions undermines the assumption that our curves are static. Consider
|
||||
// using the listed alternatives.
|
||||
|
||||
// OPENSSL_EC_EXPLICIT_CURVE lets OpenSSL encode the curve as explicitly
|
||||
// encoded curve parameters. AWS-LC does not support this.
|
||||
//
|
||||
// Note: Sadly, this was the default prior to OpenSSL 1.1.0.
|
||||
#define OPENSSL_EC_EXPLICIT_CURVE 0
|
||||
|
||||
// OPENSSL_EC_NAMED_CURVE lets OpenSSL encode a named curve form with its
|
||||
// corresponding NID. This is the only ASN1 encoding method for |EC_GROUP| that
|
||||
// AWS-LC supports.
|
||||
#define OPENSSL_EC_NAMED_CURVE 1
|
||||
|
||||
// EC_GROUP_set_asn1_flag does nothing. In OpenSSL, |flag| is used to determine
|
||||
// whether the curve encoding uses explicit parameters or a named curve using an
|
||||
// ASN1 OID. AWS-LC does not support serialization of explicit curve parameters.
|
||||
// This behavior is only intended for custom curves. We encourage the use of
|
||||
// named curves instead.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void EC_GROUP_set_asn1_flag(EC_GROUP *group,
|
||||
int flag);
|
||||
|
||||
// EC_GROUP_get_asn1_flag returns |OPENSSL_EC_NAMED_CURVE|.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int EC_GROUP_get_asn1_flag(
|
||||
const EC_GROUP *group);
|
||||
|
||||
// EC_GROUP_set_point_conversion_form aborts the process if |form| is not
|
||||
// |POINT_CONVERSION_UNCOMPRESSED| or |POINT_CONVERSION_COMPRESSED|, and
|
||||
// otherwise does nothing. This DOES NOT change the encoding format for
|
||||
// |EC_GROUP| by default. |group| must be allocated by
|
||||
// |EC_GROUP_new_by_curve_name_mutable| for the encoding format to change.
|
||||
//
|
||||
// Note: Use |EC_KEY_set_conv_form| / |EC_KEY_get_conv_form| to set and return
|
||||
// the desired compression format.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void EC_GROUP_set_point_conversion_form(
|
||||
EC_GROUP *group, point_conversion_form_t form);
|
||||
|
||||
// EC_GROUP_get_point_conversion_form returns |POINT_CONVERSION_UNCOMPRESSED|
|
||||
// (the default compression format).
|
||||
//
|
||||
// Note: Use |EC_KEY_set_conv_form| / |EC_KEY_get_conv_form| to set and return
|
||||
// the desired compression format.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED point_conversion_form_t
|
||||
EC_GROUP_get_point_conversion_form(const EC_GROUP *group);
|
||||
|
||||
// EC_KEY_decoded_from_explicit_params returns 1 if the |EC_KEY| was constructed
|
||||
// from explicitly encoded parameters to determine the |EC_GROUP|, otherwise
|
||||
// returns 0.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
|
||||
|
||||
|
||||
// EC_METHOD No-ops [Deprecated].
|
||||
//
|
||||
// |EC_METHOD| is a low level implementation detail of the EC module, but
|
||||
// it’s exposed in traditionally public API. This should be an internal only
|
||||
// concept. Users should switch to a different suitable constructor like
|
||||
// |EC_GROUP_new_curve_GFp|, |EC_GROUP_new_curve_GF2m|, or
|
||||
// |EC_GROUP_new_by_curve_name|. The |EC_METHOD| APIs have also been
|
||||
// deprecated in OpenSSL 3.0.
|
||||
|
||||
typedef struct ec_method_st EC_METHOD;
|
||||
|
||||
// EC_GROUP_method_of returns a dummy non-NULL pointer.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED const EC_METHOD *EC_GROUP_method_of(
|
||||
const EC_GROUP *group);
|
||||
|
||||
// EC_METHOD_get_field_type returns NID_X9_62_prime_field.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int EC_METHOD_get_field_type(
|
||||
const EC_METHOD *meth);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
// Old code expects to get EC_KEY from ec.h.
|
||||
#include <openssl/ec_key.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(EC_POINT, EC_POINT_free)
|
||||
BORINGSSL_MAKE_DELETER(EC_GROUP, EC_GROUP_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#define EC_R_BUFFER_TOO_SMALL 100
|
||||
#define EC_R_COORDINATES_OUT_OF_RANGE 101
|
||||
#define EC_R_D2I_ECPKPARAMETERS_FAILURE 102
|
||||
#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 103
|
||||
#define EC_R_GROUP2PKPARAMETERS_FAILURE 104
|
||||
#define EC_R_I2D_ECPKPARAMETERS_FAILURE 105
|
||||
#define EC_R_INCOMPATIBLE_OBJECTS 106
|
||||
#define EC_R_INVALID_COMPRESSED_POINT 107
|
||||
#define EC_R_INVALID_COMPRESSION_BIT 108
|
||||
#define EC_R_INVALID_ENCODING 109
|
||||
#define EC_R_INVALID_FIELD 110
|
||||
#define EC_R_INVALID_FORM 111
|
||||
#define EC_R_INVALID_GROUP_ORDER 112
|
||||
#define EC_R_INVALID_PRIVATE_KEY 113
|
||||
#define EC_R_MISSING_PARAMETERS 114
|
||||
#define EC_R_MISSING_PRIVATE_KEY 115
|
||||
#define EC_R_NON_NAMED_CURVE 116
|
||||
#define EC_R_NOT_INITIALIZED 117
|
||||
#define EC_R_PKPARAMETERS2GROUP_FAILURE 118
|
||||
#define EC_R_POINT_AT_INFINITY 119
|
||||
#define EC_R_POINT_IS_NOT_ON_CURVE 120
|
||||
#define EC_R_SLOT_FULL 121
|
||||
#define EC_R_UNDEFINED_GENERATOR 122
|
||||
#define EC_R_UNKNOWN_GROUP 123
|
||||
#define EC_R_UNKNOWN_ORDER 124
|
||||
#define EC_R_WRONG_ORDER 125
|
||||
#define EC_R_BIGNUM_OUT_OF_RANGE 126
|
||||
#define EC_R_WRONG_CURVE_PARAMETERS 127
|
||||
#define EC_R_DECODE_ERROR 128
|
||||
#define EC_R_ENCODE_ERROR 129
|
||||
#define EC_R_GROUP_MISMATCH 130
|
||||
#define EC_R_INVALID_COFACTOR 131
|
||||
#define EC_R_PUBLIC_KEY_VALIDATION_FAILED 132
|
||||
#define EC_R_INVALID_SCALAR 133
|
||||
|
||||
#endif // OPENSSL_HEADER_EC_H
|
||||
+408
@@ -0,0 +1,408 @@
|
||||
// Originally written by Bodo Moeller for the OpenSSL project.
|
||||
// Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
|
||||
// Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
//
|
||||
// The elliptic curve binary polynomial software is originally written by
|
||||
// Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
|
||||
// Laboratories.
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_EC_KEY_H
|
||||
#define OPENSSL_HEADER_EC_KEY_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/ex_data.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// ec_key.h contains functions that handle elliptic-curve points that are
|
||||
// public/private keys.
|
||||
|
||||
|
||||
// EC key objects.
|
||||
//
|
||||
// An |EC_KEY| object represents a public or private EC key. A given object may
|
||||
// be used concurrently on multiple threads by non-mutating functions, provided
|
||||
// no other thread is concurrently calling a mutating function. Unless otherwise
|
||||
// documented, functions which take a |const| pointer are non-mutating and
|
||||
// functions which take a non-|const| pointer are mutating.
|
||||
|
||||
// EC_KEY_new returns a fresh |EC_KEY| object or NULL on error.
|
||||
OPENSSL_EXPORT EC_KEY *EC_KEY_new(void);
|
||||
|
||||
// EC_KEY_new_method acts the same as |EC_KEY_new|, but takes an explicit
|
||||
// |ENGINE|.
|
||||
OPENSSL_EXPORT EC_KEY *EC_KEY_new_method(const ENGINE *engine);
|
||||
|
||||
// EC_KEY_new_by_curve_name returns a fresh EC_KEY for group specified by |nid|
|
||||
// or NULL on error.
|
||||
OPENSSL_EXPORT EC_KEY *EC_KEY_new_by_curve_name(int nid);
|
||||
|
||||
// EC_KEY_free frees all the data owned by |key| and |key| itself.
|
||||
OPENSSL_EXPORT void EC_KEY_free(EC_KEY *key);
|
||||
|
||||
// EC_KEY_dup returns a fresh copy of |src| or NULL on error.
|
||||
OPENSSL_EXPORT EC_KEY *EC_KEY_dup(const EC_KEY *src);
|
||||
|
||||
// EC_KEY_up_ref increases the reference count of |key| and returns one. It does
|
||||
// not mutate |key| for thread-safety purposes and may be used concurrently.
|
||||
OPENSSL_EXPORT int EC_KEY_up_ref(EC_KEY *key);
|
||||
|
||||
// EC_KEY_is_opaque returns one if |key| is opaque and doesn't expose its key
|
||||
// material. Otherwise it return zero.
|
||||
OPENSSL_EXPORT int EC_KEY_is_opaque(const EC_KEY *key);
|
||||
|
||||
// EC_KEY_get0_group returns a pointer to the |EC_GROUP| object inside |key|.
|
||||
OPENSSL_EXPORT const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
|
||||
|
||||
// EC_KEY_set_group sets the |EC_GROUP| object that |key| will use to |group|.
|
||||
// It returns one on success and zero if |key| is already configured with a
|
||||
// different group.
|
||||
OPENSSL_EXPORT int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
|
||||
|
||||
// EC_KEY_get0_private_key returns a pointer to the private key inside |key|.
|
||||
OPENSSL_EXPORT const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
|
||||
|
||||
// EC_KEY_set_private_key sets the private key of |key| to |priv|. It returns
|
||||
// one on success and zero otherwise. |key| must already have had a group
|
||||
// configured (see |EC_KEY_set_group| and |EC_KEY_new_by_curve_name|).
|
||||
OPENSSL_EXPORT int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv);
|
||||
|
||||
// EC_KEY_get0_public_key returns a pointer to the public key point inside
|
||||
// |key|.
|
||||
OPENSSL_EXPORT const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
|
||||
|
||||
// EC_KEY_set_public_key sets the public key of |key| to |pub|, by copying it.
|
||||
// It returns one on success and zero otherwise. |key| must already have had a
|
||||
// group configured (see |EC_KEY_set_group| and |EC_KEY_new_by_curve_name|), and
|
||||
// |pub| must also belong to that group, and must not be the point at infinity.
|
||||
OPENSSL_EXPORT int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
|
||||
|
||||
#define EC_PKEY_NO_PARAMETERS 0x001
|
||||
#define EC_PKEY_NO_PUBKEY 0x002
|
||||
|
||||
// EC_KEY_get_enc_flags returns the encoding flags for |key|, which is a
|
||||
// bitwise-OR of |EC_PKEY_*| values.
|
||||
OPENSSL_EXPORT unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
|
||||
|
||||
// EC_KEY_set_enc_flags sets the encoding flags for |key|, which is a
|
||||
// bitwise-OR of |EC_PKEY_*| values.
|
||||
OPENSSL_EXPORT void EC_KEY_set_enc_flags(EC_KEY *key, unsigned flags);
|
||||
|
||||
// EC_KEY_get_conv_form returns the conversation form that will be used by
|
||||
// |key|.
|
||||
OPENSSL_EXPORT point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
|
||||
|
||||
// EC_KEY_set_conv_form sets the conversion form to be used by |key|.
|
||||
OPENSSL_EXPORT void EC_KEY_set_conv_form(EC_KEY *key,
|
||||
point_conversion_form_t cform);
|
||||
|
||||
// EC_KEY_check_key performs several checks on |key| including, if the
|
||||
// private is present, an expensive check that the public key
|
||||
// corresponds to it. It returns one if all checks pass and zero
|
||||
// otherwise. If it returns zero then detail about the problem can be
|
||||
// found on the error stack.
|
||||
OPENSSL_EXPORT int EC_KEY_check_key(const EC_KEY *key);
|
||||
|
||||
// EC_KEY_check_fips performs a signing pairwise consistency test (FIPS 140-2
|
||||
// 4.9.2) and the consistency test from SP 800-56Ar3 section 5.6.2.1.4.
|
||||
// If the public key contains an affine point, it also checks that its
|
||||
// coordinates are in the range [0, p-1]. That is in addition to the checks
|
||||
// performed by EC_KEY_check_key.
|
||||
// It returns one if it passes and zero otherwise.
|
||||
OPENSSL_EXPORT int EC_KEY_check_fips(const EC_KEY *key);
|
||||
|
||||
// EC_KEY_set_public_key_affine_coordinates sets the public key in |key| to
|
||||
// (|x|, |y|). It returns one on success and zero on error. It's considered an
|
||||
// error if |x| and |y| do not represent a point on |key|'s curve.
|
||||
OPENSSL_EXPORT int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key,
|
||||
const BIGNUM *x,
|
||||
const BIGNUM *y);
|
||||
|
||||
// EC_KEY_key2buf encodes the public key in |key| to an allocated octet string
|
||||
// and sets |*out_buf| to point to it. It returns the length of the encoded
|
||||
// octet string or zero if an error occurred.
|
||||
OPENSSL_EXPORT size_t EC_KEY_key2buf(const EC_KEY *key,
|
||||
point_conversion_form_t form,
|
||||
unsigned char **out_buf, BN_CTX *ctx);
|
||||
|
||||
|
||||
// Key generation.
|
||||
|
||||
// EC_KEY_generate_key generates a random, private key, calculates the
|
||||
// corresponding public key and stores both in |key|. It returns one on success
|
||||
// or zero otherwise.
|
||||
OPENSSL_EXPORT int EC_KEY_generate_key(EC_KEY *key);
|
||||
|
||||
// EC_KEY_generate_key_fips behaves like |EC_KEY_generate_key| but performs
|
||||
// additional checks for FIPS compliance. This function is applicable when
|
||||
// generating keys for either signing/verification or key agreement because
|
||||
// both types of consistency check (PCT) are performed.
|
||||
OPENSSL_EXPORT int EC_KEY_generate_key_fips(EC_KEY *key);
|
||||
|
||||
// EC_KEY_derive_from_secret deterministically derives a private key for |group|
|
||||
// from an input secret using HKDF-SHA256. It returns a newly-allocated |EC_KEY|
|
||||
// on success or NULL on error. |secret| must not be used in any other
|
||||
// algorithm. If using a base secret for multiple operations, derive separate
|
||||
// values with a KDF such as HKDF first.
|
||||
//
|
||||
// Note this function implements an arbitrary derivation scheme, rather than any
|
||||
// particular standard one. New protocols are recommended to use X25519 and
|
||||
// Ed25519, which have standard byte import functions. See
|
||||
// |X25519_public_from_private| and |ED25519_keypair_from_seed|.
|
||||
OPENSSL_EXPORT EC_KEY *EC_KEY_derive_from_secret(const EC_GROUP *group,
|
||||
const uint8_t *secret,
|
||||
size_t secret_len);
|
||||
|
||||
|
||||
// Serialisation.
|
||||
|
||||
// EC_KEY_parse_private_key parses a DER-encoded ECPrivateKey structure (RFC
|
||||
// 5915) from |cbs| and advances |cbs|. It returns a newly-allocated |EC_KEY| or
|
||||
// NULL on error. If |group| is non-null, the parameters field of the
|
||||
// ECPrivateKey may be omitted (but must match |group| if present). Otherwise,
|
||||
// the parameters field is required.
|
||||
OPENSSL_EXPORT EC_KEY *EC_KEY_parse_private_key(CBS *cbs,
|
||||
const EC_GROUP *group);
|
||||
|
||||
// EC_KEY_marshal_private_key marshals |key| as a DER-encoded ECPrivateKey
|
||||
// structure (RFC 5915) and appends the result to |cbb|. It returns one on
|
||||
// success and zero on failure. |enc_flags| is a combination of |EC_PKEY_*|
|
||||
// values and controls whether corresponding fields are omitted.
|
||||
OPENSSL_EXPORT int EC_KEY_marshal_private_key(CBB *cbb, const EC_KEY *key,
|
||||
unsigned enc_flags);
|
||||
|
||||
// EC_KEY_parse_curve_name parses a DER-encoded OBJECT IDENTIFIER as a curve
|
||||
// name from |cbs| and advances |cbs|. It returns the decoded |EC_GROUP| or NULL
|
||||
// on error.
|
||||
//
|
||||
// This function returns a non-const pointer which may be passed to
|
||||
// |EC_GROUP_free|. However, the resulting object is actually static and calling
|
||||
// |EC_GROUP_free| is optional.
|
||||
//
|
||||
// TODO(davidben): Make this return a const pointer, if it does not break too
|
||||
// many callers.
|
||||
OPENSSL_EXPORT EC_GROUP *EC_KEY_parse_curve_name(CBS *cbs);
|
||||
|
||||
// EC_KEY_marshal_curve_name marshals |group| as a DER-encoded OBJECT IDENTIFIER
|
||||
// and appends the result to |cbb|. It returns one on success and zero on
|
||||
// failure.
|
||||
OPENSSL_EXPORT int EC_KEY_marshal_curve_name(CBB *cbb, const EC_GROUP *group);
|
||||
|
||||
// EC_KEY_parse_parameters parses a DER-encoded ECParameters structure (RFC
|
||||
// 5480) from |cbs| and advances |cbs|. It returns the resulting |EC_GROUP| or
|
||||
// NULL on error. It supports the namedCurve and specifiedCurve options, but use
|
||||
// of specifiedCurve is deprecated. Use |EC_KEY_parse_curve_name| instead.
|
||||
//
|
||||
// This function returns a non-const pointer which may be passed to
|
||||
// |EC_GROUP_free|. However, the resulting object is actually static and calling
|
||||
// |EC_GROUP_free| is optional.
|
||||
//
|
||||
// TODO(davidben): Make this return a const pointer, if it does not break too
|
||||
// many callers.
|
||||
OPENSSL_EXPORT EC_GROUP *EC_KEY_parse_parameters(CBS *cbs);
|
||||
|
||||
|
||||
// ex_data functions.
|
||||
//
|
||||
// These functions are wrappers. See |ex_data.h| for details.
|
||||
|
||||
OPENSSL_EXPORT int EC_KEY_get_ex_new_index(long argl, void *argp,
|
||||
CRYPTO_EX_unused *unused,
|
||||
CRYPTO_EX_dup *dup_unused,
|
||||
CRYPTO_EX_free *free_func);
|
||||
OPENSSL_EXPORT int EC_KEY_set_ex_data(EC_KEY *r, int idx, void *arg);
|
||||
OPENSSL_EXPORT void *EC_KEY_get_ex_data(const EC_KEY *r, int idx);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// d2i_ECPrivateKey parses a DER-encoded ECPrivateKey structure (RFC 5915) from
|
||||
// |len| bytes at |*inp|, as described in |d2i_SAMPLE|. On input, if |*out_key|
|
||||
// is non-NULL and has a group configured, the parameters field may be omitted
|
||||
// but must match that group if present.
|
||||
//
|
||||
// Use |EC_KEY_parse_private_key| instead.
|
||||
OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey(EC_KEY **out_key, const uint8_t **inp,
|
||||
long len);
|
||||
|
||||
// i2d_ECPrivateKey marshals |key| as a DER-encoded ECPrivateKey structure (RFC
|
||||
// 5915), as described in |i2d_SAMPLE|.
|
||||
//
|
||||
// Use |EC_KEY_marshal_private_key| instead.
|
||||
OPENSSL_EXPORT int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp);
|
||||
|
||||
// d2i_ECParameters parses a DER-encoded ECParameters structure (RFC 5480) from
|
||||
// |len| bytes at |*inp|, as described in |d2i_SAMPLE|.
|
||||
//
|
||||
// Use |EC_KEY_parse_parameters| or |EC_KEY_parse_curve_name| instead. Only
|
||||
// deserialization of namedCurves or explicitly-encoded versions of named curves
|
||||
// are supported.
|
||||
OPENSSL_EXPORT EC_KEY *d2i_ECParameters(EC_KEY **out_key, const uint8_t **inp,
|
||||
long len);
|
||||
|
||||
// i2d_ECParameters marshals |key|'s parameters as a DER-encoded OBJECT
|
||||
// IDENTIFIER, as described in |i2d_SAMPLE|.
|
||||
//
|
||||
// Use |EC_KEY_marshal_curve_name| instead. Only serialization of namedCurves
|
||||
// are supported.
|
||||
OPENSSL_EXPORT int i2d_ECParameters(const EC_KEY *key, uint8_t **outp);
|
||||
|
||||
// d2i_ECPKParameters_bio deserializes the |ECPKParameters| specified in RFC
|
||||
// 3279 from |bio| and returns the corresponding |EC_GROUP|. If |*out_group| is
|
||||
// non-null, the original |*out_group| is freed and the returned |EC_GROUP| is
|
||||
// also written to |*out_group|. The user continues to maintain the memory
|
||||
// assigned to |*out_group| if non-null.
|
||||
//
|
||||
// Only deserialization of namedCurves or
|
||||
// explicitly-encoded versions of namedCurves are supported.
|
||||
OPENSSL_EXPORT EC_GROUP *d2i_ECPKParameters_bio(BIO *bio, EC_GROUP **out_group);
|
||||
|
||||
// i2d_ECPKParameters_bio serializes an |EC_GROUP| to |bio| according to the
|
||||
// |ECPKParameters| specified in RFC 3279. It returns 1 on success and 0 on
|
||||
// failure.
|
||||
// Only serialization of namedCurves are supported.
|
||||
OPENSSL_EXPORT int i2d_ECPKParameters_bio(BIO *bio, const EC_GROUP *group);
|
||||
|
||||
// o2i_ECPublicKey parses an EC point from |len| bytes at |*inp| into
|
||||
// |*out_key|. Note that this differs from the d2i format in that |*out_key|
|
||||
// must be non-NULL with a group set. The point must not be the point at
|
||||
// infinity. On successful exit, |*inp| is advanced by |len| bytes. It returns
|
||||
// |*out_key| or NULL on error.
|
||||
//
|
||||
// Use |EC_POINT_oct2point| instead.
|
||||
OPENSSL_EXPORT EC_KEY *o2i_ECPublicKey(EC_KEY **out_key, const uint8_t **inp,
|
||||
long len);
|
||||
|
||||
// i2o_ECPublicKey marshals an EC point from |key|, as described in
|
||||
// |i2d_SAMPLE|, except it returns zero on error instead of a negative value.
|
||||
//
|
||||
// Use |EC_POINT_point2cbb| instead.
|
||||
OPENSSL_EXPORT int i2o_ECPublicKey(const EC_KEY *key, unsigned char **outp);
|
||||
|
||||
|
||||
// EC_KEY_METHOD
|
||||
// This struct replaces the old |ECDSA_METHOD| struct.
|
||||
|
||||
// ECDSA_FLAG_OPAQUE specifies that this EC_KEY_METHOD does not expose its key
|
||||
// material. This may be set if, for instance, it is wrapping some other crypto
|
||||
// API, like a platform key store. Use |EC_KEY_METHOD_set_flag| to set
|
||||
// this flag on an |EC_KEY_METHOD|. It is not set by default.
|
||||
// This was supported in ECDSA_METHOD previously.
|
||||
#define ECDSA_FLAG_OPAQUE 1
|
||||
|
||||
// EC_KEY_get_default_method returns a reference to the default
|
||||
// |EC_KEY| implementation. All |EC_KEY| objects are initialized with the
|
||||
// returned struct. This function currently calls |EC_KEY_OpenSSL| since AWS-LC
|
||||
// does not support changing/setting the default method.
|
||||
OPENSSL_EXPORT const EC_KEY_METHOD *EC_KEY_get_default_method(void);
|
||||
|
||||
// EC_KEY_OpenSSL returns a reference to the default |EC_KEY| implementation.
|
||||
// The returned |EC_KEY_METHOD| object is statically allocated. The application
|
||||
// should not free this struct.
|
||||
//
|
||||
// This struct is also zero-initialized. This is different from OpenSSL which
|
||||
// returns function pointers to the default implementations within the
|
||||
// |EC_KEY_METHOD| struct. We do not do this to make it easier for the
|
||||
// compiler/linker to drop unused functions. The wrapper functions for a given
|
||||
// operation (e.g. |ECDSA_sign| corresponds to the |sign| field in
|
||||
// |EC_KEY_METHOD|) will select the appropriate default implementation.
|
||||
OPENSSL_EXPORT const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
|
||||
|
||||
// EC_KEY_METHOD_new returns a newly allocated |EC_KEY_METHOD| object. If the
|
||||
// input parameter |eckey_meth| is non-NULL, the function pointers within the
|
||||
// returned |EC_KEY_METHOD| object will be initialized to the values from
|
||||
// |eckey_meth|. If |eckey_meth| is NULL, the returned object will be
|
||||
// initialized using the value returned from |EC_KEY_get_default_method|.
|
||||
OPENSSL_EXPORT EC_KEY_METHOD *EC_KEY_METHOD_new(
|
||||
const EC_KEY_METHOD *eckey_meth);
|
||||
|
||||
// EC_KEY_METHOD_free frees the memory associated with |eckey_meth|
|
||||
OPENSSL_EXPORT void EC_KEY_METHOD_free(EC_KEY_METHOD *eckey_meth);
|
||||
|
||||
// EC_KEY_set_method sets |meth| on |ec|. We do not support setting the
|
||||
// |copy|, |set_group|, |set_private|, |set_public|, and |sign_setup|
|
||||
// fields in |ec| and these pointers should be set to NULL. We do not support
|
||||
// the |verify|, |verify_sig|, or |keygen| fields yet.
|
||||
//
|
||||
// Returns zero on failure and one on success.
|
||||
OPENSSL_EXPORT int EC_KEY_set_method(EC_KEY *ec, const EC_KEY_METHOD *meth);
|
||||
|
||||
// EC_KEY_get_method returns the |EC_KEY_METHOD| object associated with |ec|.
|
||||
OPENSSL_EXPORT const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *ec);
|
||||
|
||||
// EC_KEY_METHOD_set_sign_awslc sets the |sign| and |sign_sig| pointers on
|
||||
// |meth|.
|
||||
OPENSSL_EXPORT void EC_KEY_METHOD_set_sign_awslc(
|
||||
EC_KEY_METHOD *meth,
|
||||
int (*sign)(int type, const uint8_t *digest, int digest_len, uint8_t *sig,
|
||||
unsigned int *siglen, const BIGNUM *k_inv, const BIGNUM *r,
|
||||
EC_KEY *eckey),
|
||||
ECDSA_SIG *(*sign_sig)(const uint8_t *digest, int digest_len,
|
||||
const BIGNUM *in_kinv, const BIGNUM *in_r,
|
||||
EC_KEY *eckey));
|
||||
|
||||
|
||||
// EC_KEY_METHOD_set_sign sets function pointers on |meth|. AWS-LC currently
|
||||
// supports setting |sign| and |sign_sig|. |sign_setup| must be set to NULL in
|
||||
// order to compile with AWS-LC.
|
||||
#define EC_KEY_METHOD_set_sign(meth, sign, sign_setup, sign_sig) \
|
||||
OPENSSL_STATIC_ASSERT((sign_setup) == NULL, \
|
||||
EC_KEY_METHOD_sign_setup_field_must_be_NULL); \
|
||||
EC_KEY_METHOD_set_sign_awslc(meth, sign, sign_sig);
|
||||
|
||||
// EC_KEY_METHOD_set_init_awslc sets the |init| and |finish| pointers on |meth|.
|
||||
OPENSSL_EXPORT void EC_KEY_METHOD_set_init_awslc(EC_KEY_METHOD *meth,
|
||||
int (*init)(EC_KEY *key),
|
||||
void (*finish)(EC_KEY *key));
|
||||
|
||||
|
||||
// EC_KEY_METHOD_set_init sets function pointers on |meth|. AWS-LC
|
||||
// currently only supports setting the |init| and |finish| fields. |copy|,
|
||||
// |set_group|, |set_private|, and |set_public| cannot be set yet and must
|
||||
// be NULL.
|
||||
#define EC_KEY_METHOD_set_init(meth, init, finish, copy, set_group, \
|
||||
set_private, set_public) \
|
||||
OPENSSL_STATIC_ASSERT( \
|
||||
(copy) == NULL && (set_group) == NULL && (set_private) == NULL && \
|
||||
(set_public) == NULL, \
|
||||
EC_KEY_METHOD_copy_set_group_set_private_and_set_public_fields_must_be_NULL); \
|
||||
EC_KEY_METHOD_set_init_awslc(meth, init, finish);
|
||||
|
||||
// EC_KEY_METHOD_set_flags sets |flags| on |meth|. Currently, the only supported
|
||||
// flag is |ECDSA_FLAG_OPAQUE|. Returns zero on failure and one on success.
|
||||
OPENSSL_EXPORT int EC_KEY_METHOD_set_flags(EC_KEY_METHOD *meth, int flags);
|
||||
|
||||
|
||||
// General No-op Functions [Deprecated].
|
||||
|
||||
// EC_KEY_set_asn1_flag does nothing. AWS-LC only supports
|
||||
// |OPENSSL_EC_NAMED_CURVE|.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void EC_KEY_set_asn1_flag(EC_KEY *key,
|
||||
int flag);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(EC_KEY, EC_KEY_free)
|
||||
BORINGSSL_MAKE_UP_REF(EC_KEY, EC_KEY_up_ref)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_EC_KEY_H
|
||||
+64
@@ -0,0 +1,64 @@
|
||||
// Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
//
|
||||
// The Elliptic Curve Public-Key Crypto Library (ECC Code) included
|
||||
// herein is developed by SUN MICROSYSTEMS, INC., and is contributed
|
||||
// to the OpenSSL project.
|
||||
//
|
||||
// The ECDH software is originally written by Douglas Stebila of
|
||||
// Sun Microsystems Laboratories.
|
||||
//
|
||||
// Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_ECDH_H
|
||||
#define OPENSSL_HEADER_ECDH_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/ec_key.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Elliptic curve Diffie-Hellman.
|
||||
|
||||
|
||||
// ECDH_compute_key calculates the shared key between |pub_key| and |priv_key|.
|
||||
// If |kdf| is not NULL, then it is called with the bytes of the shared key and
|
||||
// the parameter |out|. When |kdf| returns, the value of |*outlen| becomes the
|
||||
// return value. Otherwise, as many bytes of the shared key as will fit are
|
||||
// copied directly to, at most, |outlen| bytes at |out|. It returns the number
|
||||
// of bytes written to |out|, or -1 on error.
|
||||
OPENSSL_EXPORT int ECDH_compute_key(
|
||||
void *out, size_t outlen, const EC_POINT *pub_key, const EC_KEY *priv_key,
|
||||
void *(*kdf)(const void *in, size_t inlen, void *out, size_t *outlen));
|
||||
|
||||
// ECDH_compute_key_fips calculates the shared key between |pub_key| and
|
||||
// |priv_key| and hashes it with the appropriate SHA function for |out_len|. The
|
||||
// only value values for |out_len| are thus 24 (SHA-224), 32 (SHA-256), 48
|
||||
// (SHA-384), and 64 (SHA-512). It returns one on success and zero on error.
|
||||
//
|
||||
// Note that the return value is different to |ECDH_compute_key|: it returns an
|
||||
// error flag (as is common for BoringSSL) rather than the number of bytes
|
||||
// written.
|
||||
//
|
||||
// This function allows the FIPS module to compute an ECDH and KDF within the
|
||||
// module boundary without taking an arbitrary function pointer for the KDF,
|
||||
// which isn't very FIPSy.
|
||||
OPENSSL_EXPORT int ECDH_compute_key_fips(uint8_t *out, size_t out_len,
|
||||
const EC_POINT *pub_key,
|
||||
const EC_KEY *priv_key);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#define ECDH_R_KDF_FAILED 100
|
||||
#define ECDH_R_NO_PRIVATE_VALUE 101
|
||||
#define ECDH_R_POINT_ARITHMETIC_FAILURE 102
|
||||
#define ECDH_R_UNKNOWN_DIGEST_LENGTH 103
|
||||
|
||||
#endif // OPENSSL_HEADER_ECDH_H
|
||||
+196
@@ -0,0 +1,196 @@
|
||||
// Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_ECDSA_H
|
||||
#define OPENSSL_HEADER_ECDSA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/ec_key.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// ECDSA contains functions for signing and verifying with the Digital Signature
|
||||
// Algorithm over elliptic curves.
|
||||
|
||||
|
||||
// Signing and verifying.
|
||||
|
||||
// ECDSA_sign signs |digest_len| bytes from |digest| with |key| and writes the
|
||||
// resulting signature to |sig|, which must have |ECDSA_size(key)| bytes of
|
||||
// space. On successful exit, |*sig_len| is set to the actual number of bytes
|
||||
// written. The |type| argument should be zero. It returns one on success and
|
||||
// zero otherwise.
|
||||
//
|
||||
// WARNING: |digest| must be the output of some hash function on the data to be
|
||||
// signed. Passing unhashed inputs will not result in a secure signature scheme.
|
||||
OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest,
|
||||
size_t digest_len, uint8_t *sig,
|
||||
unsigned int *sig_len, const EC_KEY *key);
|
||||
|
||||
// ECDSA_verify verifies that |sig_len| bytes from |sig| constitute a valid
|
||||
// signature by |key| of |digest|. (The |type| argument should be zero.) It
|
||||
// returns one on success or zero if the signature is invalid or an error
|
||||
// occurred.
|
||||
//
|
||||
// WARNING: |digest| must be the output of some hash function on the data to be
|
||||
// verified. Passing unhashed inputs will not result in a secure signature
|
||||
// scheme.
|
||||
OPENSSL_EXPORT int ECDSA_verify(int type, const uint8_t *digest,
|
||||
size_t digest_len, const uint8_t *sig,
|
||||
size_t sig_len, const EC_KEY *key);
|
||||
|
||||
// ECDSA_size returns the maximum size of an ECDSA signature using |key|. It
|
||||
// returns zero if |key| is NULL or if it doesn't have a group set.
|
||||
OPENSSL_EXPORT size_t ECDSA_size(const EC_KEY *key);
|
||||
|
||||
|
||||
// Low-level signing and verification.
|
||||
//
|
||||
// Low-level functions handle signatures as |ECDSA_SIG| structures which allow
|
||||
// the two values in an ECDSA signature to be handled separately.
|
||||
|
||||
struct ecdsa_sig_st {
|
||||
BIGNUM *r;
|
||||
BIGNUM *s;
|
||||
};
|
||||
|
||||
// ECDSA_SIG_new returns a fresh |ECDSA_SIG| structure or NULL on error.
|
||||
OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_new(void);
|
||||
|
||||
// ECDSA_SIG_free frees |sig| its member |BIGNUM|s.
|
||||
OPENSSL_EXPORT void ECDSA_SIG_free(ECDSA_SIG *sig);
|
||||
|
||||
// ECDSA_SIG_get0_r returns the r component of |sig|.
|
||||
OPENSSL_EXPORT const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
|
||||
|
||||
// ECDSA_SIG_get0_s returns the s component of |sig|.
|
||||
OPENSSL_EXPORT const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
|
||||
|
||||
// ECDSA_SIG_get0 sets |*out_r| and |*out_s|, if non-NULL, to the two
|
||||
// components of |sig|.
|
||||
OPENSSL_EXPORT void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **out_r,
|
||||
const BIGNUM **out_s);
|
||||
|
||||
// ECDSA_SIG_set0 sets |sig|'s components to |r| and |s|, neither of which may
|
||||
// be NULL. On success, it takes ownership of each argument and returns one.
|
||||
// Otherwise, it returns zero.
|
||||
OPENSSL_EXPORT int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
|
||||
|
||||
// ECDSA_do_sign signs |digest_len| bytes from |digest| with |key| and returns
|
||||
// the resulting signature structure, or NULL on error.
|
||||
//
|
||||
// WARNING: |digest| must be the output of some hash function on the data to be
|
||||
// signed. Passing unhashed inputs will not result in a secure signature scheme.
|
||||
OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest,
|
||||
size_t digest_len, const EC_KEY *key);
|
||||
|
||||
// ECDSA_do_verify verifies that |sig| constitutes a valid signature by |key|
|
||||
// of |digest|. It returns one on success or zero if the signature is invalid
|
||||
// or on error.
|
||||
//
|
||||
// We distinguish between a "mismatched" signature error and "bad" signature
|
||||
// error because of JCA expectations. Specifically:
|
||||
// * Error |ECDSA_R_BAD_SIGNATURE| is set if step (1) of SEC 1 v2 4.1.4 returns
|
||||
// "invalid".
|
||||
// * Error |ECDSA_R_MISMATCHED_SIGNATURE| is set if steps (5) and (8) of SEC 1
|
||||
// v2 4.1.4 returns "invalid".
|
||||
//
|
||||
// WARNING: |digest| must be the output of some hash function on the data to be
|
||||
// verified. Passing unhashed inputs will not result in a secure signature
|
||||
// scheme.
|
||||
OPENSSL_EXPORT int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
|
||||
const ECDSA_SIG *sig, const EC_KEY *key);
|
||||
|
||||
|
||||
// ASN.1 functions.
|
||||
|
||||
// ECDSA_SIG_parse parses a DER-encoded ECDSA-Sig-Value structure from |cbs| and
|
||||
// advances |cbs|. It returns a newly-allocated |ECDSA_SIG| or NULL on error.
|
||||
OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_parse(CBS *cbs);
|
||||
|
||||
// ECDSA_SIG_from_bytes parses |in| as a DER-encoded ECDSA-Sig-Value structure.
|
||||
// It returns a newly-allocated |ECDSA_SIG| structure or NULL on error.
|
||||
OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_from_bytes(const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
// ECDSA_SIG_marshal marshals |sig| as a DER-encoded ECDSA-Sig-Value and appends
|
||||
// the result to |cbb|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int ECDSA_SIG_marshal(CBB *cbb, const ECDSA_SIG *sig);
|
||||
|
||||
// ECDSA_SIG_to_bytes marshals |sig| as a DER-encoded ECDSA-Sig-Value and, on
|
||||
// success, sets |*out_bytes| to a newly allocated buffer containing the result
|
||||
// and returns one. Otherwise, it returns zero. The result should be freed with
|
||||
// |OPENSSL_free|.
|
||||
OPENSSL_EXPORT int ECDSA_SIG_to_bytes(uint8_t **out_bytes, size_t *out_len,
|
||||
const ECDSA_SIG *sig);
|
||||
|
||||
// ECDSA_SIG_max_len returns the maximum length of a DER-encoded ECDSA-Sig-Value
|
||||
// structure for a group whose order is represented in |order_len| bytes, or
|
||||
// zero on overflow.
|
||||
OPENSSL_EXPORT size_t ECDSA_SIG_max_len(size_t order_len);
|
||||
|
||||
|
||||
// Testing-only functions.
|
||||
|
||||
// ECDSA_sign_with_nonce_and_leak_private_key_for_testing behaves like
|
||||
// |ECDSA_do_sign| but uses |nonce| for the ECDSA nonce 'k', instead of a random
|
||||
// value. |nonce| is interpreted as a big-endian integer. It must be reduced
|
||||
// modulo the group order and padded with zeros up to |BN_num_bytes(order)|
|
||||
// bytes.
|
||||
//
|
||||
// WARNING: This function is only exported for testing purposes, when using test
|
||||
// vectors or fuzzing strategies. It must not be used outside tests and may leak
|
||||
// any private keys it is used with.
|
||||
OPENSSL_EXPORT ECDSA_SIG *
|
||||
ECDSA_sign_with_nonce_and_leak_private_key_for_testing(const uint8_t *digest,
|
||||
size_t digest_len,
|
||||
const EC_KEY *eckey,
|
||||
const uint8_t *nonce,
|
||||
size_t nonce_len);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// d2i_ECDSA_SIG parses aa DER-encoded ECDSA-Sig-Value structure from |len|
|
||||
// bytes at |*inp|, as described in |d2i_SAMPLE|.
|
||||
//
|
||||
// Use |ECDSA_SIG_parse| instead.
|
||||
OPENSSL_EXPORT ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp,
|
||||
long len);
|
||||
|
||||
// i2d_ECDSA_SIG marshals |sig| as a DER-encoded ECDSA-Sig-Value, as described
|
||||
// in |i2d_SAMPLE|.
|
||||
//
|
||||
// Use |ECDSA_SIG_marshal| instead.
|
||||
OPENSSL_EXPORT int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(ECDSA_SIG, ECDSA_SIG_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#define ECDSA_R_BAD_SIGNATURE 100
|
||||
#define ECDSA_R_MISSING_PARAMETERS 101
|
||||
#define ECDSA_R_NEED_NEW_SETUP_VALUES 102
|
||||
#define ECDSA_R_NOT_IMPLEMENTED 103
|
||||
#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104
|
||||
#define ECDSA_R_ENCODE_ERROR 105
|
||||
#define ECDSA_R_MISMATCHED_SIGNATURE 205
|
||||
#define ECDSA_R_TOO_MANY_ITERATIONS 106
|
||||
|
||||
#endif // OPENSSL_HEADER_ECDSA_H
|
||||
+82
@@ -0,0 +1,82 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_ENGINE_H
|
||||
#define OPENSSL_HEADER_ENGINE_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Engines are collections of methods. Methods are tables of function pointers,
|
||||
// defined for certain algorithms, that allow operations on those algorithms to
|
||||
// be overridden via a callback. This can be used, for example, to implement an
|
||||
// RSA* that forwards operations to a hardware module.
|
||||
//
|
||||
// Default Methods are zero initialized. You should set the function pointers
|
||||
// that you wish before setting it on an |ENGINE|. Any functions pointers that
|
||||
// are NULL indicate that the default behaviour should be used.
|
||||
|
||||
|
||||
// Allocation and destruction.
|
||||
|
||||
// ENGINE_new returns an empty ENGINE that uses the default method for all
|
||||
// algorithms.
|
||||
OPENSSL_EXPORT ENGINE *ENGINE_new(void);
|
||||
|
||||
// ENGINE_free decrements the reference counts for all methods linked from
|
||||
// |engine| and frees |engine| itself. It returns one.
|
||||
OPENSSL_EXPORT int ENGINE_free(ENGINE *engine);
|
||||
|
||||
|
||||
// Method accessors.
|
||||
//
|
||||
// The setter functions do not take ownership of the |method| pointer. The
|
||||
// consumer must free the |method| pointer after all objects referencing it are
|
||||
// freed.
|
||||
|
||||
// ENGINE_set_RSA takes a |method| pointer and sets it on the |ENGINE| object.
|
||||
// Returns one on success and zero for failure when |engine| is NULL.
|
||||
OPENSSL_EXPORT int ENGINE_set_RSA(ENGINE *engine, const RSA_METHOD *method);
|
||||
|
||||
// ENGINE_get_RSA returns the meth field of |engine|. If |engine| is NULL,
|
||||
// function returns NULL.
|
||||
OPENSSL_EXPORT const RSA_METHOD *ENGINE_get_RSA(const ENGINE *engine);
|
||||
|
||||
// ENGINE_set_EC takes a |method| pointer and sets it on the |ENGINE| object.
|
||||
// Returns one on success and zero for failure when |engine| is NULL.
|
||||
OPENSSL_EXPORT int ENGINE_set_EC(ENGINE *engine, const EC_KEY_METHOD *method);
|
||||
|
||||
// ENGINE_get_EC returns the meth field of |engine|. If |engine| is NULL,
|
||||
// function returns NULL.
|
||||
OPENSSL_EXPORT const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *engine);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// ENGINE_cleanup does nothing. This has been deprecated since OpenSSL 1.1.0 and
|
||||
// applications should not rely on it.
|
||||
OPENSSL_EXPORT void ENGINE_cleanup(void);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(ENGINE, ENGINE_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#define ENGINE_R_OPERATION_NOT_SUPPORTED 100
|
||||
|
||||
#endif // OPENSSL_HEADER_ENGINE_H
|
||||
+403
@@ -0,0 +1,403 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
// Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_ERR_H
|
||||
#define OPENSSL_HEADER_ERR_H
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <errno.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Error queue handling functions.
|
||||
//
|
||||
// Errors in OpenSSL are generally signaled by the return value of a function.
|
||||
// When a function fails it may add an entry to a per-thread error queue,
|
||||
// which is managed by the functions in this header.
|
||||
//
|
||||
// Each error contains:
|
||||
// 1) The library (i.e. ec, pem, rsa) which created it.
|
||||
// 2) The file and line number of the call that added the error.
|
||||
// 3) A pointer to some error specific data, which may be NULL.
|
||||
//
|
||||
// The library identifier and reason code are packed in a uint32_t and there
|
||||
// exist various functions for unpacking it.
|
||||
//
|
||||
// The typical behaviour is that an error will occur deep in a call queue and
|
||||
// that code will push an error onto the error queue. As the error queue
|
||||
// unwinds, other functions will push their own errors. Thus, the "least
|
||||
// recent" error is the most specific and the other errors will provide a
|
||||
// backtrace of sorts.
|
||||
|
||||
|
||||
// Startup and shutdown.
|
||||
|
||||
// ERR_load_BIO_strings does nothing.
|
||||
//
|
||||
// TODO(fork): remove. libjingle calls this.
|
||||
OPENSSL_EXPORT void ERR_load_BIO_strings(void);
|
||||
|
||||
// ERR_load_ERR_strings does nothing.
|
||||
OPENSSL_EXPORT void ERR_load_ERR_strings(void);
|
||||
|
||||
// ERR_load_CRYPTO_strings does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void ERR_load_CRYPTO_strings(void);
|
||||
|
||||
// ERR_load_crypto_strings does nothing.
|
||||
OPENSSL_EXPORT void ERR_load_crypto_strings(void);
|
||||
|
||||
// ERR_load_RAND_strings does nothing.
|
||||
OPENSSL_EXPORT void ERR_load_RAND_strings(void);
|
||||
|
||||
// ERR_free_strings does nothing.
|
||||
OPENSSL_EXPORT void ERR_free_strings(void);
|
||||
|
||||
|
||||
// Reading and formatting errors.
|
||||
|
||||
// ERR_GET_LIB returns the library code for the error. This is one of
|
||||
// the |ERR_LIB_*| values.
|
||||
OPENSSL_INLINE int ERR_GET_LIB(uint32_t packed_error) {
|
||||
return (int)((packed_error >> 24) & 0xff);
|
||||
}
|
||||
|
||||
// ERR_GET_REASON returns the reason code for the error. This is one of
|
||||
// library-specific |LIB_R_*| values where |LIB| is the library (see
|
||||
// |ERR_GET_LIB|). Note that reason codes are specific to the library.
|
||||
OPENSSL_INLINE int ERR_GET_REASON(uint32_t packed_error) {
|
||||
return (int)(packed_error & 0xfff);
|
||||
}
|
||||
|
||||
// ERR_get_error gets the packed error code for the least recent error and
|
||||
// removes that error from the queue. If there are no errors in the queue then
|
||||
// it returns zero.
|
||||
OPENSSL_EXPORT uint32_t ERR_get_error(void);
|
||||
|
||||
// ERR_get_error_line acts like |ERR_get_error|, except that the file and line
|
||||
// number of the call that added the error are also returned.
|
||||
OPENSSL_EXPORT uint32_t ERR_get_error_line(const char **file, int *line);
|
||||
|
||||
// ERR_FLAG_STRING means that the |data| member is a NUL-terminated string that
|
||||
// can be printed. This is always set if |data| is non-NULL.
|
||||
#define ERR_FLAG_STRING 1
|
||||
|
||||
// ERR_FLAG_MALLOCED is passed into |ERR_set_error_data| to indicate that |data|
|
||||
// was allocated with |OPENSSL_malloc|.
|
||||
//
|
||||
// It is, separately, returned in |*flags| from |ERR_get_error_line_data| to
|
||||
// indicate that |*data| has a non-static lifetime, but this lifetime is still
|
||||
// managed by the library. The caller must not call |OPENSSL_free| or |free| on
|
||||
// |data|.
|
||||
#define ERR_FLAG_MALLOCED 2
|
||||
|
||||
// ERR_get_error_line_data acts like |ERR_get_error_line|, but also returns the
|
||||
// error-specific data pointer and flags. The flags are a bitwise-OR of
|
||||
// |ERR_FLAG_*| values. The error-specific data is owned by the error queue
|
||||
// and the pointer becomes invalid after the next call that affects the same
|
||||
// thread's error queue. If |*flags| contains |ERR_FLAG_STRING| then |*data| is
|
||||
// human-readable.
|
||||
OPENSSL_EXPORT uint32_t ERR_get_error_line_data(const char **file, int *line,
|
||||
const char **data, int *flags);
|
||||
|
||||
// The "peek" functions act like the |ERR_get_error| functions, above, but they
|
||||
// do not remove the error from the queue.
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_error(void);
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_error_line(const char **file, int *line);
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_error_line_data(const char **file, int *line,
|
||||
const char **data, int *flags);
|
||||
|
||||
// The "peek last" functions act like the "peek" functions, above, except that
|
||||
// they return the most recent error.
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_last_error(void);
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_last_error_line(const char **file, int *line);
|
||||
OPENSSL_EXPORT uint32_t ERR_peek_last_error_line_data(const char **file,
|
||||
int *line,
|
||||
const char **data,
|
||||
int *flags);
|
||||
|
||||
// ERR_error_string_n generates a human-readable string representing
|
||||
// |packed_error|, places it at |buf|, and returns |buf|. It writes at most
|
||||
// |len| bytes (including the terminating NUL) and truncates the string if
|
||||
// necessary. If |len| is greater than zero then |buf| is always NUL terminated.
|
||||
//
|
||||
// The string will have the following format:
|
||||
//
|
||||
// error:[error code]:[library name]:OPENSSL_internal:[reason string]
|
||||
//
|
||||
// error code is an 8 digit hexadecimal number; library name and reason string
|
||||
// are ASCII text.
|
||||
OPENSSL_EXPORT char *ERR_error_string_n(uint32_t packed_error, char *buf,
|
||||
size_t len);
|
||||
|
||||
// ERR_lib_error_string returns a string representation of the library that
|
||||
// generated |packed_error|, or a placeholder string is the library is
|
||||
// unrecognized.
|
||||
OPENSSL_EXPORT const char *ERR_lib_error_string(uint32_t packed_error);
|
||||
|
||||
// ERR_reason_error_string returns a string representation of the reason for
|
||||
// |packed_error|, or a placeholder string if the reason is unrecognized.
|
||||
OPENSSL_EXPORT const char *ERR_reason_error_string(uint32_t packed_error);
|
||||
|
||||
// ERR_print_errors_callback_t is the type of a function used by
|
||||
// |ERR_print_errors_cb|. It takes a pointer to a human readable string (and
|
||||
// its length) that describes an entry in the error queue. The |ctx| argument
|
||||
// is an opaque pointer given to |ERR_print_errors_cb|.
|
||||
//
|
||||
// It should return one on success or zero on error, which will stop the
|
||||
// iteration over the error queue.
|
||||
typedef int (*ERR_print_errors_callback_t)(const char *str, size_t len,
|
||||
void *ctx);
|
||||
|
||||
// ERR_print_errors_cb clears the current thread's error queue, calling
|
||||
// |callback| with a string representation of each error, from the least recent
|
||||
// to the most recent error.
|
||||
//
|
||||
// The string will have the following format (which differs from
|
||||
// |ERR_error_string|):
|
||||
//
|
||||
// [thread id]:error:[error code]:[library name]:OPENSSL_internal:[reason string]:[file]:[line number]:[optional string data]
|
||||
//
|
||||
// The callback can return one to continue the iteration or zero to stop it.
|
||||
// The |ctx| argument is an opaque value that is passed through to the
|
||||
// callback.
|
||||
OPENSSL_EXPORT void ERR_print_errors_cb(ERR_print_errors_callback_t callback,
|
||||
void *ctx);
|
||||
|
||||
// ERR_print_errors_fp clears the current thread's error queue, printing each
|
||||
// error to |file|. See |ERR_print_errors_cb| for the format.
|
||||
OPENSSL_EXPORT void ERR_print_errors_fp(FILE *file);
|
||||
|
||||
|
||||
// Clearing errors.
|
||||
|
||||
// ERR_clear_error clears the error queue for the current thread.
|
||||
OPENSSL_EXPORT void ERR_clear_error(void);
|
||||
|
||||
// ERR_set_mark "marks" the most recent error for use with |ERR_pop_to_mark|.
|
||||
// It returns one if an error was marked and zero if there are no errors.
|
||||
OPENSSL_EXPORT int ERR_set_mark(void);
|
||||
|
||||
// ERR_pop_to_mark removes errors from the most recent to the least recent
|
||||
// until (and not including) a "marked" error. It returns zero if no marked
|
||||
// error was found (and thus all errors were removed) and one otherwise. Errors
|
||||
// are marked using |ERR_set_mark|.
|
||||
OPENSSL_EXPORT int ERR_pop_to_mark(void);
|
||||
|
||||
|
||||
// Custom errors.
|
||||
|
||||
// ERR_get_next_error_library returns a value suitable for passing as the
|
||||
// |library| argument to |ERR_put_error|. This is intended for code that wishes
|
||||
// to push its own, non-standard errors to the error queue.
|
||||
OPENSSL_EXPORT int ERR_get_next_error_library(void);
|
||||
|
||||
|
||||
// Built-in library and reason codes.
|
||||
|
||||
// The following values are built-in library codes.
|
||||
#define ERR_LIB_NONE 1
|
||||
#define ERR_LIB_SYS 2
|
||||
#define ERR_LIB_BN 3
|
||||
#define ERR_LIB_RSA 4
|
||||
#define ERR_LIB_DH 5
|
||||
#define ERR_LIB_EVP 6
|
||||
#define ERR_LIB_BUF 7
|
||||
#define ERR_LIB_OBJ 8
|
||||
#define ERR_LIB_PEM 9
|
||||
#define ERR_LIB_DSA 10
|
||||
#define ERR_LIB_X509 11
|
||||
#define ERR_LIB_ASN1 12
|
||||
#define ERR_LIB_CONF 13
|
||||
#define ERR_LIB_CRYPTO 14
|
||||
#define ERR_LIB_EC 15
|
||||
#define ERR_LIB_SSL 16
|
||||
#define ERR_LIB_BIO 17
|
||||
#define ERR_LIB_PKCS7 18
|
||||
#define ERR_LIB_PKCS8 19
|
||||
#define ERR_LIB_X509V3 20
|
||||
#define ERR_LIB_RAND 21
|
||||
#define ERR_LIB_ENGINE 22
|
||||
#define ERR_LIB_OCSP 23
|
||||
#define ERR_LIB_UI 24
|
||||
#define ERR_LIB_COMP 25
|
||||
#define ERR_LIB_ECDSA 26
|
||||
#define ERR_LIB_ECDH 27
|
||||
#define ERR_LIB_HMAC 28
|
||||
#define ERR_LIB_DIGEST 29
|
||||
#define ERR_LIB_CIPHER 30
|
||||
#define ERR_LIB_HKDF 31
|
||||
#define ERR_LIB_TRUST_TOKEN 32
|
||||
#define ERR_LIB_USER 33
|
||||
#define ERR_NUM_LIBS 34
|
||||
#define ERR_LIB_PKCS12 35
|
||||
#define ERR_LIB_DSO 36
|
||||
#define ERR_LIB_OSSL_STORE 37
|
||||
#define ERR_LIB_FIPS 38
|
||||
#define ERR_LIB_CMS 39
|
||||
#define ERR_LIB_TS 40
|
||||
#define ERR_LIB_CT 41
|
||||
#define ERR_LIB_ASYNC 42
|
||||
#define ERR_LIB_KDF 43
|
||||
#define ERR_LIB_SM2 44
|
||||
|
||||
// The following reason codes used to denote an error occuring in another
|
||||
// library. They are sometimes used for a stack trace.
|
||||
#define ERR_R_SYS_LIB ERR_LIB_SYS
|
||||
#define ERR_R_BN_LIB ERR_LIB_BN
|
||||
#define ERR_R_RSA_LIB ERR_LIB_RSA
|
||||
#define ERR_R_DH_LIB ERR_LIB_DH
|
||||
#define ERR_R_EVP_LIB ERR_LIB_EVP
|
||||
#define ERR_R_BUF_LIB ERR_LIB_BUF
|
||||
#define ERR_R_OBJ_LIB ERR_LIB_OBJ
|
||||
#define ERR_R_PEM_LIB ERR_LIB_PEM
|
||||
#define ERR_R_DSA_LIB ERR_LIB_DSA
|
||||
#define ERR_R_X509_LIB ERR_LIB_X509
|
||||
#define ERR_R_ASN1_LIB ERR_LIB_ASN1
|
||||
#define ERR_R_CONF_LIB ERR_LIB_CONF
|
||||
#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO
|
||||
#define ERR_R_EC_LIB ERR_LIB_EC
|
||||
#define ERR_R_SSL_LIB ERR_LIB_SSL
|
||||
#define ERR_R_BIO_LIB ERR_LIB_BIO
|
||||
#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7
|
||||
#define ERR_R_PKCS8_LIB ERR_LIB_PKCS8
|
||||
#define ERR_R_X509V3_LIB ERR_LIB_X509V3
|
||||
#define ERR_R_RAND_LIB ERR_LIB_RAND
|
||||
#define ERR_R_DSO_LIB ERR_LIB_DSO
|
||||
#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE
|
||||
#define ERR_R_OCSP_LIB ERR_LIB_OCSP
|
||||
#define ERR_R_UI_LIB ERR_LIB_UI
|
||||
#define ERR_R_COMP_LIB ERR_LIB_COMP
|
||||
#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA
|
||||
#define ERR_R_ECDH_LIB ERR_LIB_ECDH
|
||||
#define ERR_R_STORE_LIB ERR_LIB_STORE
|
||||
#define ERR_R_FIPS_LIB ERR_LIB_FIPS
|
||||
#define ERR_R_CMS_LIB ERR_LIB_CMS
|
||||
#define ERR_R_TS_LIB ERR_LIB_TS
|
||||
#define ERR_R_HMAC_LIB ERR_LIB_HMAC
|
||||
#define ERR_R_JPAKE_LIB ERR_LIB_JPAKE
|
||||
#define ERR_R_USER_LIB ERR_LIB_USER
|
||||
#define ERR_R_DIGEST_LIB ERR_LIB_DIGEST
|
||||
#define ERR_R_CIPHER_LIB ERR_LIB_CIPHER
|
||||
#define ERR_R_HKDF_LIB ERR_LIB_HKDF
|
||||
#define ERR_R_TRUST_TOKEN_LIB ERR_LIB_TRUST_TOKEN
|
||||
|
||||
// The following values are global reason codes. They may occur in any library.
|
||||
#define ERR_R_FATAL 64
|
||||
#define ERR_R_MALLOC_FAILURE (1 | ERR_R_FATAL)
|
||||
#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2 | ERR_R_FATAL)
|
||||
#define ERR_R_PASSED_NULL_PARAMETER (3 | ERR_R_FATAL)
|
||||
#define ERR_R_INTERNAL_ERROR (4 | ERR_R_FATAL)
|
||||
#define ERR_R_OVERFLOW (5 | ERR_R_FATAL)
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// ERR_remove_state calls |ERR_clear_error|.
|
||||
OPENSSL_EXPORT void ERR_remove_state(unsigned long pid);
|
||||
|
||||
// ERR_remove_thread_state clears the error queue for the current thread if
|
||||
// |tid| is NULL. Otherwise it calls |assert(0)|, because it's no longer
|
||||
// possible to delete the error queue for other threads.
|
||||
//
|
||||
// Use |ERR_clear_error| instead. Note error queues are deleted automatically on
|
||||
// thread exit. You do not need to call this function to release memory.
|
||||
OPENSSL_EXPORT void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
|
||||
|
||||
// ERR_func_error_string returns the string "OPENSSL_internal".
|
||||
OPENSSL_EXPORT const char *ERR_func_error_string(uint32_t packed_error);
|
||||
|
||||
// ERR_error_string behaves like |ERR_error_string_n| but |len| is implicitly
|
||||
// |ERR_ERROR_STRING_BUF_LEN|.
|
||||
//
|
||||
// Additionally, if |buf| is NULL, the error string is placed in a static buffer
|
||||
// which is returned. This is not thread-safe and only exists for backwards
|
||||
// compatibility with legacy callers. The static buffer will be overridden by
|
||||
// calls in other threads.
|
||||
//
|
||||
// Use |ERR_error_string_n| instead.
|
||||
//
|
||||
// TODO(fork): remove this function.
|
||||
OPENSSL_EXPORT char *ERR_error_string(uint32_t packed_error, char *buf);
|
||||
#define ERR_ERROR_STRING_BUF_LEN 120
|
||||
|
||||
// ERR_GET_FUNC returns zero. BoringSSL errors do not report a function code.
|
||||
OPENSSL_INLINE int ERR_GET_FUNC(uint32_t packed_error) {
|
||||
(void)packed_error;
|
||||
return 0;
|
||||
}
|
||||
|
||||
// ERR_TXT_* are provided for compatibility with code that assumes that it's
|
||||
// using OpenSSL.
|
||||
#define ERR_TXT_STRING ERR_FLAG_STRING
|
||||
#define ERR_TXT_MALLOCED ERR_FLAG_MALLOCED
|
||||
|
||||
|
||||
// Private functions.
|
||||
|
||||
// ERR_clear_system_error clears the system's error value (i.e. errno).
|
||||
OPENSSL_EXPORT void ERR_clear_system_error(void);
|
||||
|
||||
// OPENSSL_PUT_ERROR is used by OpenSSL code to add an error to the error
|
||||
// queue.
|
||||
#define OPENSSL_PUT_ERROR(library, reason) \
|
||||
ERR_put_error(ERR_LIB_##library, 0, reason, __FILE__, __LINE__)
|
||||
|
||||
// OPENSSL_PUT_SYSTEM_ERROR is used by OpenSSL code to add an error from the
|
||||
// operating system to the error queue.
|
||||
// TODO(fork): include errno.
|
||||
#define OPENSSL_PUT_SYSTEM_ERROR() \
|
||||
ERR_put_error(ERR_LIB_SYS, 0, 0, __FILE__, __LINE__);
|
||||
|
||||
// ERR_put_error adds an error to the error queue, dropping the least recent
|
||||
// error if necessary for space reasons.
|
||||
OPENSSL_EXPORT void ERR_put_error(int library, int unused, int reason,
|
||||
const char *file, unsigned line);
|
||||
|
||||
// ERR_add_error_data takes a variable number (|count|) of const char*
|
||||
// pointers, concatenates them and sets the result as the data on the most
|
||||
// recent error.
|
||||
OPENSSL_EXPORT void ERR_add_error_data(unsigned count, ...);
|
||||
|
||||
// ERR_add_error_dataf takes a printf-style format and arguments, and sets the
|
||||
// result as the data on the most recent error.
|
||||
OPENSSL_EXPORT void ERR_add_error_dataf(const char *format, ...)
|
||||
OPENSSL_PRINTF_FORMAT_FUNC(1, 2);
|
||||
|
||||
// ERR_set_error_data sets the data on the most recent error to |data|, which
|
||||
// must be a NUL-terminated string. |flags| must contain |ERR_FLAG_STRING|. If
|
||||
// |flags| contains |ERR_FLAG_MALLOCED|, this function takes ownership of
|
||||
// |data|, which must have been allocated with |OPENSSL_malloc|. Otherwise, it
|
||||
// saves a copy of |data|.
|
||||
//
|
||||
// Note this differs from OpenSSL which, when |ERR_FLAG_MALLOCED| is unset,
|
||||
// saves the pointer as-is and requires it remain valid for the lifetime of the
|
||||
// address space.
|
||||
OPENSSL_EXPORT void ERR_set_error_data(char *data, int flags);
|
||||
|
||||
// ERR_NUM_ERRORS is one more than the limit of the number of errors in the
|
||||
// queue.
|
||||
#define ERR_NUM_ERRORS 16
|
||||
|
||||
#define ERR_PACK(lib, reason) \
|
||||
(((((uint32_t)(lib)) & 0xff) << 24) | ((((uint32_t)(reason)) & 0xfff)))
|
||||
|
||||
// OPENSSL_DECLARE_ERROR_REASON is used by util/make_errors.h (which generates
|
||||
// the error defines) to recognise that an additional reason value is needed.
|
||||
// This is needed when the reason value is used outside of an
|
||||
// |OPENSSL_PUT_ERROR| macro. The resulting define will be
|
||||
// ${lib}_R_${reason}.
|
||||
#define OPENSSL_DECLARE_ERROR_REASON(lib, reason)
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_ERR_H
|
||||
+1477
File diff suppressed because it is too large
Load Diff
+53
@@ -0,0 +1,53 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_EVP_ERRORS_H
|
||||
#define OPENSSL_HEADER_EVP_ERRORS_H
|
||||
|
||||
#define EVP_R_BUFFER_TOO_SMALL 100
|
||||
#define EVP_R_COMMAND_NOT_SUPPORTED 101
|
||||
#define EVP_R_DECODE_ERROR 102
|
||||
#define EVP_R_DIFFERENT_KEY_TYPES 103
|
||||
#define EVP_R_DIFFERENT_PARAMETERS 104
|
||||
#define EVP_R_ENCODE_ERROR 105
|
||||
#define EVP_R_EXPECTING_A_EC_KEY_KEY 106
|
||||
#define EVP_R_EXPECTING_AN_RSA_KEY 107
|
||||
#define EVP_R_EXPECTING_A_DSA_KEY 108
|
||||
#define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 109
|
||||
#define EVP_R_INVALID_DIGEST_LENGTH 110
|
||||
#define EVP_R_INVALID_DIGEST_TYPE 111
|
||||
#define EVP_R_INVALID_KEYBITS 112
|
||||
#define EVP_R_INVALID_MGF1_MD 113
|
||||
#define EVP_R_INVALID_OPERATION 114
|
||||
#define EVP_R_INVALID_PADDING_MODE 115
|
||||
#define EVP_R_INVALID_PSS_SALTLEN 116
|
||||
#define EVP_R_KEYS_NOT_SET 117
|
||||
#define EVP_R_MISSING_PARAMETERS 118
|
||||
#define EVP_R_NO_DEFAULT_DIGEST 119
|
||||
#define EVP_R_NO_KEY_SET 120
|
||||
#define EVP_R_NO_MDC2_SUPPORT 121
|
||||
#define EVP_R_NO_NID_FOR_CURVE 122
|
||||
#define EVP_R_NO_OPERATION_SET 123
|
||||
#define EVP_R_NO_PARAMETERS_SET 124
|
||||
#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 125
|
||||
#define EVP_R_OPERATON_NOT_INITIALIZED 126
|
||||
#define EVP_R_UNKNOWN_PUBLIC_KEY_TYPE 127
|
||||
#define EVP_R_UNSUPPORTED_ALGORITHM 128
|
||||
#define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 129
|
||||
#define EVP_R_NOT_A_PRIVATE_KEY 130
|
||||
#define EVP_R_INVALID_SIGNATURE 131
|
||||
#define EVP_R_MEMORY_LIMIT_EXCEEDED 132
|
||||
#define EVP_R_INVALID_PARAMETERS 133
|
||||
#define EVP_R_INVALID_PEER_KEY 134
|
||||
#define EVP_R_NOT_XOF_OR_INVALID_LENGTH 135
|
||||
#define EVP_R_EMPTY_PSK 136
|
||||
#define EVP_R_INVALID_BUFFER_SIZE 137
|
||||
#define EVP_R_BAD_DECRYPT 138
|
||||
#define EVP_R_EXPECTING_A_DH_KEY 139
|
||||
#define EVP_R_EXPECTING_A_PQDSA_KEY 140
|
||||
#define EVP_R_EXPECTING_A_KEM_KEY 141
|
||||
#define EVP_R_INVALID_PSS_MD 500
|
||||
#define EVP_R_INVALID_PSS_SALT_LEN 501
|
||||
#define EVP_R_INVALID_PSS_TRAILER_FIELD 502
|
||||
|
||||
#endif // OPENSSL_HEADER_EVP_ERRORS_H
|
||||
+112
@@ -0,0 +1,112 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
// Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_EX_DATA_H
|
||||
#define OPENSSL_HEADER_EX_DATA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/stack.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// ex_data is a mechanism for associating arbitrary extra data with objects.
|
||||
// For each type of object that supports ex_data, different users can be
|
||||
// assigned indexes in which to store their data. Each index has callback
|
||||
// functions that are called when an object of that type is freed or
|
||||
// duplicated.
|
||||
|
||||
|
||||
typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
|
||||
|
||||
|
||||
// Type-specific functions.
|
||||
|
||||
#if 0 // Sample
|
||||
|
||||
// Each type that supports ex_data provides three functions:
|
||||
|
||||
// TYPE_get_ex_new_index allocates a new index for |TYPE|. An optional
|
||||
// |free_func| argument may be provided which is called when the owning object
|
||||
// is destroyed. See |CRYPTO_EX_free| for details. The |argl| and |argp|
|
||||
// arguments are opaque values that are passed to the callback. It returns the
|
||||
// new index or a negative number on error.
|
||||
OPENSSL_EXPORT int TYPE_get_ex_new_index(long argl, void *argp,
|
||||
CRYPTO_EX_unused *unused,
|
||||
CRYPTO_EX_dup *dup_unused,
|
||||
CRYPTO_EX_free *free_func);
|
||||
|
||||
// TYPE_set_ex_data sets an extra data pointer on |t|. The |index| argument
|
||||
// must have been returned from a previous call to |TYPE_get_ex_new_index|.
|
||||
OPENSSL_EXPORT int TYPE_set_ex_data(TYPE *t, int index, void *arg);
|
||||
|
||||
// TYPE_get_ex_data returns an extra data pointer for |t|, or NULL if no such
|
||||
// pointer exists. The |index| argument should have been returned from a
|
||||
// previous call to |TYPE_get_ex_new_index|.
|
||||
OPENSSL_EXPORT void *TYPE_get_ex_data(const TYPE *t, int index);
|
||||
|
||||
// Some types additionally preallocate index zero, with all callbacks set to
|
||||
// NULL. Applications that do not need the general ex_data machinery may use
|
||||
// this instead.
|
||||
|
||||
// TYPE_set_app_data sets |t|'s application data pointer to |arg|. It returns
|
||||
// one on success and zero on error.
|
||||
OPENSSL_EXPORT int TYPE_set_app_data(TYPE *t, void *arg);
|
||||
|
||||
// TYPE_get_app_data returns the application data pointer for |t|, or NULL if no
|
||||
// such pointer exists.
|
||||
OPENSSL_EXPORT void *TYPE_get_app_data(const TYPE *t);
|
||||
|
||||
#endif // Sample
|
||||
|
||||
|
||||
// Callback types.
|
||||
|
||||
// CRYPTO_EX_free is a callback function that is called when an object of the
|
||||
// class with extra data pointers is being destroyed. For example, if this
|
||||
// callback has been passed to |SSL_get_ex_new_index| then it may be called each
|
||||
// time an |SSL*| is destroyed.
|
||||
//
|
||||
// The callback is passed the to-be-destroyed object (i.e. the |SSL*|) in
|
||||
// |parent|. As |parent| will shortly be destroyed, callers must not perform
|
||||
// operations that would increment its reference count, pass ownership, or
|
||||
// assume the object outlives the function call. The arguments |argl| and |argp|
|
||||
// contain opaque values that were given to |CRYPTO_get_ex_new_index|.
|
||||
//
|
||||
// This callback may be called with a NULL value for |ptr| if |parent| has no
|
||||
// value set for this index. However, the callbacks may also be skipped entirely
|
||||
// if no extra data pointers are set on |parent| at all.
|
||||
typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
|
||||
int index, long argl, void *argp);
|
||||
|
||||
|
||||
// General No-op Functions [Deprecated].
|
||||
|
||||
// CRYPTO_cleanup_all_ex_data does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_cleanup_all_ex_data(void);
|
||||
|
||||
// CRYPTO_EX_dup is a legacy callback function type which is ignored.
|
||||
typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
|
||||
void **from_d, int index, long argl, void *argp);
|
||||
|
||||
|
||||
// Private structures.
|
||||
|
||||
// CRYPTO_EX_unused is a placeholder for an unused callback. It is aliased to
|
||||
// int to ensure non-NULL callers fail to compile rather than fail silently.
|
||||
typedef int CRYPTO_EX_unused;
|
||||
|
||||
struct crypto_ex_data_st {
|
||||
STACK_OF(void) *sk;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_EX_DATA_H
|
||||
+67
@@ -0,0 +1,67 @@
|
||||
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0 OR ISC
|
||||
|
||||
// These APIs are marked as experimental as the development and standardization
|
||||
// of KEMs (e.g., for FIPS 203) are being finalized.
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Deterministic Key Encapsulation Mechanism functions
|
||||
|
||||
|
||||
// EVP_PKEY_keygen_deterministic is an operation defined for a KEM (Key
|
||||
// Encapsulation Mechanism). For the KEM specified in |ctx|, the function
|
||||
// performs deterministic keygen based on the value specified in |seed| of
|
||||
// length |seed_len| bytes.
|
||||
//
|
||||
// If |out_pkey| and |seed| are set to NULL it is assumed that the caller is
|
||||
// doing a size check and the function will write the size of the required seed
|
||||
// in |seed_len| and return successfully.
|
||||
//
|
||||
// EVP_PKEY_keygen_deterministic performs a deterministic key generation
|
||||
// operation using the values from |ctx|, and the given |seed|. If |*out_pkey|
|
||||
// is non-NULL, it overwrites |*out_pkey| with the resulting key. Otherwise, it
|
||||
// sets |*out_pkey| to a newly-allocated |EVP_PKEY| containing the result.
|
||||
// It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int EVP_PKEY_keygen_deterministic(EVP_PKEY_CTX *ctx /* IN */,
|
||||
EVP_PKEY **out_pkey /* OUT */,
|
||||
const uint8_t *seed /* IN */,
|
||||
size_t *seed_len /* IN */);
|
||||
|
||||
// EVP_PKEY_encapsulate_deterministic is an operation defined for a KEM (Key
|
||||
// Encapsulation Mechanism). The function performs the same encapsulation
|
||||
// operations as EVP_PKEY_encapsulate, however, rather than generating a random
|
||||
// for the |shared_secret|, the value is derived from the provided |seed| of
|
||||
// |seed_len|.
|
||||
//
|
||||
// If |ciphertext|, |shared_secret|, and |seed| are NULL it is assumed that
|
||||
// the caller is doing a size check: the function will write the size of
|
||||
// the ciphertext, shared secret, and required seed in |ciphertext_len|,
|
||||
// |shared_secret_len|, |seed_len| and return successfully.
|
||||
//
|
||||
// If |ciphertext|, |shared_secret|, and |seed| are not NULL it is assumed that
|
||||
// the caller is performing the actual operation. The function will check
|
||||
// additionally if the lengths of the output buffers, |ciphertext_len|,
|
||||
// |shared_secret_len|, and |seed| are large enough for the KEM.
|
||||
//
|
||||
// Note that decapsulation is performed using the regular API, as a
|
||||
// seed is not required.
|
||||
//
|
||||
// It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int EVP_PKEY_encapsulate_deterministic(EVP_PKEY_CTX *ctx /* IN */,
|
||||
uint8_t *ciphertext /* OUT */,
|
||||
size_t *ciphertext_len /* OUT */,
|
||||
uint8_t *shared_secret /* OUT */,
|
||||
size_t *shared_secret_len /* OUT */,
|
||||
const uint8_t *seed /* IN */,
|
||||
size_t *seed_len /* IN */);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
+59
@@ -0,0 +1,59 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_HKDF_H
|
||||
#define OPENSSL_HEADER_HKDF_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/kdf.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// HKDF.
|
||||
|
||||
|
||||
// HKDF computes HKDF (as specified by RFC 5869) of initial keying material
|
||||
// |secret| with |salt| and |info| using |digest|, and outputs |out_len| bytes
|
||||
// to |out_key|. It returns one on success and zero on error.
|
||||
//
|
||||
// HKDF is an Extract-and-Expand algorithm. It does not do any key stretching,
|
||||
// and as such, is not suited to be used alone to generate a key from a
|
||||
// password.
|
||||
OPENSSL_EXPORT int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest,
|
||||
const uint8_t *secret, size_t secret_len,
|
||||
const uint8_t *salt, size_t salt_len,
|
||||
const uint8_t *info, size_t info_len);
|
||||
|
||||
// HKDF_extract computes a HKDF PRK (as specified by RFC 5869) from initial
|
||||
// keying material |secret| and salt |salt| using |digest|, and outputs
|
||||
// |out_len| bytes to |out_key|. The maximum output size is |EVP_MAX_MD_SIZE|.
|
||||
// It returns one on success and zero on error.
|
||||
//
|
||||
// WARNING: This function orders the inputs differently from RFC 5869
|
||||
// specification. Double-check which parameter is the secret/IKM and which is
|
||||
// the salt when using.
|
||||
OPENSSL_EXPORT int HKDF_extract(uint8_t *out_key, size_t *out_len,
|
||||
const EVP_MD *digest, const uint8_t *secret,
|
||||
size_t secret_len, const uint8_t *salt,
|
||||
size_t salt_len);
|
||||
|
||||
// HKDF_expand computes a HKDF OKM (as specified by RFC 5869) of length
|
||||
// |out_len| from the PRK |prk| and info |info| using |digest|, and outputs
|
||||
// the result to |out_key|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int HKDF_expand(uint8_t *out_key, size_t out_len,
|
||||
const EVP_MD *digest, const uint8_t *prk,
|
||||
size_t prk_len, const uint8_t *info,
|
||||
size_t info_len);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#define HKDF_R_OUTPUT_TOO_LARGE 100
|
||||
#define HKDF_R_UNSUPPORTED_DIGEST 101
|
||||
|
||||
#endif // OPENSSL_HEADER_HKDF_H
|
||||
+255
@@ -0,0 +1,255 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_HMAC_H
|
||||
#define OPENSSL_HEADER_HMAC_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/digest.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/md5.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// HMAC contains functions for constructing PRFs from Merkle–Damgård hash
|
||||
// functions using HMAC.
|
||||
|
||||
|
||||
// One-shot operation.
|
||||
|
||||
// HMAC calculates the HMAC of |data_len| bytes of |data|, using the given key
|
||||
// and hash function, and writes the result to |out|. On entry, |out| must
|
||||
// contain at least |EVP_MD_size| bytes of space. The actual length of the
|
||||
// result is written to |*out_len|. An output size of |EVP_MAX_MD_SIZE| will
|
||||
// always be large enough. It returns |out| or NULL on error.
|
||||
OPENSSL_EXPORT uint8_t *HMAC(const EVP_MD *evp_md, const void *key,
|
||||
size_t key_len, const uint8_t *data,
|
||||
size_t data_len, uint8_t *out,
|
||||
unsigned int *out_len);
|
||||
|
||||
|
||||
// Incremental operation.
|
||||
|
||||
// HMAC_CTX_init initialises |ctx| for use in an HMAC operation. It's assumed
|
||||
// that HMAC_CTX objects will be allocated on the stack thus no allocation
|
||||
// function is provided.
|
||||
OPENSSL_EXPORT void HMAC_CTX_init(HMAC_CTX *ctx);
|
||||
|
||||
// HMAC_CTX_new allocates and initialises a new |HMAC_CTX| and returns it, or
|
||||
// NULL on allocation failure. The caller must use |HMAC_CTX_free| to release
|
||||
// the resulting object.
|
||||
OPENSSL_EXPORT HMAC_CTX *HMAC_CTX_new(void);
|
||||
|
||||
// HMAC_CTX_cleanup zeroises |ctx| since it's allocated on the stack.
|
||||
// This brings the context to its initial state.
|
||||
OPENSSL_EXPORT void HMAC_CTX_cleanup(HMAC_CTX *ctx);
|
||||
|
||||
// HMAC_CTX_cleanse calls |HMAC_CTX_cleanup|.
|
||||
OPENSSL_EXPORT void HMAC_CTX_cleanse(HMAC_CTX *ctx);
|
||||
|
||||
// HMAC_CTX_free calls |HMAC_CTX_cleanup| and then frees |ctx| itself.
|
||||
OPENSSL_EXPORT void HMAC_CTX_free(HMAC_CTX *ctx);
|
||||
|
||||
// HMAC_Init_ex sets up an initialised |HMAC_CTX| to use |md| as the hash
|
||||
// function and |key| as the key. This function resets |HMAC_CTX| to a
|
||||
// fresh state, even if |HMAC_Update| or |HMAC_Final| have been called
|
||||
// previously. For a non-initial call, |md| may be NULL, in which case the
|
||||
// previous hash function will be used. If the hash function has not changed and
|
||||
// |key| is NULL, |ctx| reuses the previous key and resets to a clean state
|
||||
// ready for new data. It returns one on success or zero on allocation failure.
|
||||
//
|
||||
// WARNING: NULL and empty keys are ambiguous on non-initial calls. Passing NULL
|
||||
// |key| but repeating the previous |md| reuses the previous key rather than the
|
||||
// empty key.
|
||||
OPENSSL_EXPORT int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len,
|
||||
const EVP_MD *md, ENGINE *impl);
|
||||
|
||||
// HMAC_Update hashes |data_len| bytes from |data| into the current HMAC
|
||||
// operation in |ctx|. It returns one.
|
||||
OPENSSL_EXPORT int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data,
|
||||
size_t data_len);
|
||||
|
||||
// HMAC_Final completes the HMAC operation in |ctx| and writes the result to
|
||||
// |out| and then sets |*out_len| to the length of the result. On entry, |out|
|
||||
// must contain at least |HMAC_size| bytes of space. An output size of
|
||||
// |EVP_MAX_MD_SIZE| will always be large enough. It returns one on success or
|
||||
// zero on allocation failure.
|
||||
OPENSSL_EXPORT int HMAC_Final(HMAC_CTX *ctx, uint8_t *out,
|
||||
unsigned int *out_len);
|
||||
|
||||
|
||||
// Utility functions.
|
||||
|
||||
// HMAC_size returns the size, in bytes, of the HMAC that will be produced by
|
||||
// |ctx|. On entry, |ctx| must have been setup with |HMAC_Init_ex|.
|
||||
OPENSSL_EXPORT size_t HMAC_size(const HMAC_CTX *ctx);
|
||||
|
||||
// HMAC_CTX_get_md returns |ctx|'s hash function.
|
||||
OPENSSL_EXPORT const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
|
||||
|
||||
// HMAC_CTX_copy_ex sets |dest| equal to |src|. On entry, |dest| must have been
|
||||
// initialised by calling |HMAC_CTX_init|. It returns one on success and zero
|
||||
// on error.
|
||||
OPENSSL_EXPORT int HMAC_CTX_copy_ex(HMAC_CTX *dest, const HMAC_CTX *src);
|
||||
|
||||
// HMAC_CTX_reset calls |HMAC_CTX_cleanup| followed by |HMAC_CTX_init|.
|
||||
OPENSSL_EXPORT void HMAC_CTX_reset(HMAC_CTX *ctx);
|
||||
|
||||
|
||||
// Precomputed key functions
|
||||
|
||||
// HMAC_MD5_PRECOMPUTED_KEY_SIZE is the precomputed key size for MD5, in bytes
|
||||
#define HMAC_MD5_PRECOMPUTED_KEY_SIZE 32
|
||||
// HMAC_SHA1_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA1, in bytes
|
||||
#define HMAC_SHA1_PRECOMPUTED_KEY_SIZE 40
|
||||
// HMAC_SHA224_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA224, in bytes
|
||||
#define HMAC_SHA224_PRECOMPUTED_KEY_SIZE 64
|
||||
// HMAC_SHA256_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA256, in bytes
|
||||
#define HMAC_SHA256_PRECOMPUTED_KEY_SIZE 64
|
||||
// HMAC_SHA384_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA384, in bytes
|
||||
#define HMAC_SHA384_PRECOMPUTED_KEY_SIZE 128
|
||||
// HMAC_SHA512_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA512, in bytes
|
||||
#define HMAC_SHA512_PRECOMPUTED_KEY_SIZE 128
|
||||
// HMAC_SHA512_224_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA512_224, in bytes
|
||||
#define HMAC_SHA512_224_PRECOMPUTED_KEY_SIZE 128
|
||||
// HMAC_SHA512_256_PRECOMPUTED_KEY_SIZE is the precomputed key size for SHA512_256, in bytes
|
||||
#define HMAC_SHA512_256_PRECOMPUTED_KEY_SIZE 128
|
||||
|
||||
// HMAC_MAX_PRECOMPUTED_KEY_SIZE is the largest precomputed key size, in bytes.
|
||||
#define HMAC_MAX_PRECOMPUTED_KEY_SIZE (2 * (EVP_MAX_MD_CHAINING_LENGTH))
|
||||
|
||||
// HMAC_set_precomputed_key_export sets the context |ctx| to allow export of the
|
||||
// precomputed key using HMAC_get_precomputed_key. On entry, HMAC_CTX must have
|
||||
// been initialized via HMAC_Init_*, and neither HMAC_Update nor HMAC_Final
|
||||
// must have been called after the last HMAC_Init_ex. It returns one on success
|
||||
// and zero on error.
|
||||
// After a successful call to HMAC_set_precomputed_key_export, HMAC_Update and
|
||||
// HMAC_Final will fail.
|
||||
//
|
||||
// Note: The main reason for this function is to satisfy FIPS assertion AS09.16,
|
||||
// since HMAC_get_precomputed_key returns key material (i.e., a CSP in NIST
|
||||
// terminology).
|
||||
OPENSSL_EXPORT int HMAC_set_precomputed_key_export(HMAC_CTX *ctx);
|
||||
|
||||
// HMAC_get_precomputed_key exports the precomputed key. If |out| is NULL,
|
||||
// |out_len| is set to the size of the precomputed key. After such a call,
|
||||
// |HMAC_get_precomputed_key| can directly be called again with a non-null
|
||||
// |out|. But |HMAC_Update| and |HMAC_Final| will still fail.
|
||||
//
|
||||
// If |out| is not NULL, |*out_len| must contain the number of bytes of space
|
||||
// available at |out|. If sufficient, the precomputed key will be written in
|
||||
// |out| and |out_len| will be updated with the true length (which is
|
||||
// |HMAC_xxx_PRECOMPUTED_KEY_SIZE| for hash function xxx). An output size of
|
||||
// |HMAC_MAX_PRECOMPUTED_KEY_SIZE| will always be large enough. After a
|
||||
// successful call to |HMAC_get_precomputed_key| with a non-NULL |out|, the
|
||||
// context can be directly used for computing an HMAC using |HMAC_Update| and
|
||||
// |HMAC_Final|.
|
||||
//
|
||||
// The function returns one on success and zero on error.
|
||||
//
|
||||
// The precomputed key is the concatenation:
|
||||
// precomputed_key = key_ipad || key_opad
|
||||
// where:
|
||||
// key_ipad = Hash_Compression_Function(key' xor ipad)
|
||||
// key_opad = Hash_Compression_Function(key' xor opad)
|
||||
// key' = padding of key with 0 on the right to be of the block length
|
||||
// if length of key is at most the block length
|
||||
// or Hash(key)
|
||||
// otherwise
|
||||
//
|
||||
// Knowledge of precomputed_key is sufficient to compute HMAC. Use of the
|
||||
// precomputed key instead of the key reduces by 2 the number of hash
|
||||
// compression function calls (or more if key is larger than the block length)
|
||||
OPENSSL_EXPORT int HMAC_get_precomputed_key(HMAC_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len);
|
||||
|
||||
// HMAC_Init_from_precomputed_key sets up an initialised |HMAC_CTX| to use
|
||||
// |md| as the hash function and |precomputed_key| as the precomputed key
|
||||
// (see |HMAC_get_precomputed_key|).
|
||||
// For a non-initial call, |md| may be NULL, in which case the previous hash
|
||||
// function is used. If the hash function has not changed and |precomputed_key|
|
||||
// is NULL, the previous key is used. This non-initial call is interchangeable
|
||||
// with calling |HMAC_Init_ex| with the same parameters. It returns one on
|
||||
// success or zero on failure.
|
||||
//
|
||||
// Note: Contrary to input keys to |HMAC_Init_ex|, which can be the empty key,
|
||||
// an input precomputed key cannot be empty in an initial call to
|
||||
// |HMAC_Init_from_precomputed_key|. Otherwise, the call fails and returns zero.
|
||||
OPENSSL_EXPORT int HMAC_Init_from_precomputed_key(HMAC_CTX *ctx,
|
||||
const uint8_t *precomputed_key,
|
||||
size_t precompute_key_len,
|
||||
const EVP_MD *md);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
OPENSSL_EXPORT int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
|
||||
const EVP_MD *md);
|
||||
|
||||
// HMAC_CTX_copy calls |HMAC_CTX_init| on |dest| and then sets it equal to
|
||||
// |src|. On entry, |dest| must /not/ be initialised for an operation with
|
||||
// |HMAC_Init_ex|. It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int HMAC_CTX_copy(HMAC_CTX *dest, const HMAC_CTX *src);
|
||||
|
||||
|
||||
// Private functions
|
||||
typedef struct hmac_methods_st HmacMethods;
|
||||
|
||||
// We use a union to ensure that enough space is allocated and never actually
|
||||
// bother with the named members. We do not externalize SHA3 ctx definition,
|
||||
// so hard-code ctx size below and use a compile-time assertion where that ctx
|
||||
// is defined to ensure it does not exceed size bounded by |md_ctx_union|. This
|
||||
// is OK because union members are never referenced, they're only used for sizing.
|
||||
union md_ctx_union {
|
||||
MD5_CTX md5;
|
||||
SHA_CTX sha1;
|
||||
SHA256_CTX sha256;
|
||||
SHA512_CTX sha512;
|
||||
uint8_t sha3[400];
|
||||
};
|
||||
|
||||
struct hmac_ctx_st {
|
||||
const EVP_MD *md;
|
||||
const HmacMethods *methods;
|
||||
union md_ctx_union md_ctx;
|
||||
union md_ctx_union i_ctx;
|
||||
union md_ctx_union o_ctx;
|
||||
int8_t state;
|
||||
} /* HMAC_CTX */;
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(HMAC_CTX, HMAC_CTX_free)
|
||||
|
||||
using ScopedHMAC_CTX =
|
||||
internal::StackAllocated<HMAC_CTX, void, HMAC_CTX_init, HMAC_CTX_cleanup>;
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
// Errors
|
||||
|
||||
#define HMAC_R_MISSING_PARAMETERS 100
|
||||
#define HMAC_R_BUFFER_TOO_SMALL 102
|
||||
#define HMAC_R_SET_PRECOMPUTED_KEY_EXPORT_NOT_CALLED 103
|
||||
#define HMAC_R_NOT_CALLED_JUST_AFTER_INIT 104
|
||||
#define HMAC_R_PRECOMPUTED_KEY_NOT_SUPPORTED_FOR_DIGEST 105
|
||||
#define HMAC_R_UNSUPPORTED_DIGEST 106
|
||||
|
||||
#endif // OPENSSL_HEADER_HMAC_H
|
||||
+396
@@ -0,0 +1,396 @@
|
||||
// Copyright (c) 2020, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
||||
#define OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
||||
|
||||
#include <openssl/aead.h>
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/curve25519.h>
|
||||
#include <openssl/digest.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Hybrid Public Key Encryption.
|
||||
//
|
||||
// Hybrid Public Key Encryption (HPKE) enables a sender to encrypt messages to a
|
||||
// receiver with a public key.
|
||||
//
|
||||
// See RFC 9180.
|
||||
|
||||
|
||||
// Parameters.
|
||||
//
|
||||
// An HPKE context is parameterized by KEM, KDF, and AEAD algorithms,
|
||||
// represented by |EVP_HPKE_KEM|, |EVP_HPKE_KDF|, and |EVP_HPKE_AEAD| types,
|
||||
// respectively.
|
||||
|
||||
// The following constants are KEM identifiers.
|
||||
#define EVP_HPKE_DHKEM_X25519_HKDF_SHA256 0x0020
|
||||
|
||||
// The following functions are KEM algorithms which may be used with HPKE. Note
|
||||
// that, while some HPKE KEMs use KDFs internally, this is separate from the
|
||||
// |EVP_HPKE_KDF| selection.
|
||||
OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_hpke_x25519_hkdf_sha256(void);
|
||||
|
||||
// EVP_HPKE_KEM_id returns the HPKE KEM identifier for |kem|, which
|
||||
// will be one of the |EVP_HPKE_KEM_*| constants.
|
||||
OPENSSL_EXPORT uint16_t EVP_HPKE_KEM_id(const EVP_HPKE_KEM *kem);
|
||||
|
||||
// EVP_HPKE_MAX_PUBLIC_KEY_LENGTH is the maximum length of an encoded public key
|
||||
// for all KEMs currently supported by this library.
|
||||
#define EVP_HPKE_MAX_PUBLIC_KEY_LENGTH 32
|
||||
|
||||
// EVP_HPKE_KEM_public_key_len returns the length of a public key for |kem|.
|
||||
// This value will be at most |EVP_HPKE_MAX_PUBLIC_KEY_LENGTH|.
|
||||
OPENSSL_EXPORT size_t EVP_HPKE_KEM_public_key_len(const EVP_HPKE_KEM *kem);
|
||||
|
||||
// EVP_HPKE_MAX_PRIVATE_KEY_LENGTH is the maximum length of an encoded private
|
||||
// key for all KEMs currently supported by this library.
|
||||
#define EVP_HPKE_MAX_PRIVATE_KEY_LENGTH 32
|
||||
|
||||
// EVP_HPKE_KEM_private_key_len returns the length of a private key for |kem|.
|
||||
// This value will be at most |EVP_HPKE_MAX_PRIVATE_KEY_LENGTH|.
|
||||
OPENSSL_EXPORT size_t EVP_HPKE_KEM_private_key_len(const EVP_HPKE_KEM *kem);
|
||||
|
||||
// EVP_HPKE_MAX_ENC_LENGTH is the maximum length of "enc", the encapsulated
|
||||
// shared secret, for all KEMs currently supported by this library.
|
||||
#define EVP_HPKE_MAX_ENC_LENGTH 32
|
||||
|
||||
// EVP_HPKE_KEM_enc_len returns the length of the "enc", the encapsulated shared
|
||||
// secret, for |kem|. This value will be at most |EVP_HPKE_MAX_ENC_LENGTH|.
|
||||
OPENSSL_EXPORT size_t EVP_HPKE_KEM_enc_len(const EVP_HPKE_KEM *kem);
|
||||
|
||||
// The following constants are KDF identifiers.
|
||||
#define EVP_HPKE_HKDF_SHA256 0x0001
|
||||
|
||||
// The following functions are KDF algorithms which may be used with HPKE.
|
||||
OPENSSL_EXPORT const EVP_HPKE_KDF *EVP_hpke_hkdf_sha256(void);
|
||||
|
||||
// EVP_HPKE_KDF_id returns the HPKE KDF identifier for |kdf|.
|
||||
OPENSSL_EXPORT uint16_t EVP_HPKE_KDF_id(const EVP_HPKE_KDF *kdf);
|
||||
|
||||
// EVP_HPKE_KDF_hkdf_md returns the HKDF hash function corresponding to |kdf|,
|
||||
// or NULL if |kdf| is not an HKDF-based KDF. All currently supported KDFs are
|
||||
// HKDF-based.
|
||||
OPENSSL_EXPORT const EVP_MD *EVP_HPKE_KDF_hkdf_md(const EVP_HPKE_KDF *kdf);
|
||||
|
||||
// The following constants are AEAD identifiers.
|
||||
#define EVP_HPKE_AES_128_GCM 0x0001
|
||||
#define EVP_HPKE_AES_256_GCM 0x0002
|
||||
#define EVP_HPKE_CHACHA20_POLY1305 0x0003
|
||||
|
||||
// The following functions are AEAD algorithms which may be used with HPKE.
|
||||
OPENSSL_EXPORT const EVP_HPKE_AEAD *EVP_hpke_aes_128_gcm(void);
|
||||
OPENSSL_EXPORT const EVP_HPKE_AEAD *EVP_hpke_aes_256_gcm(void);
|
||||
OPENSSL_EXPORT const EVP_HPKE_AEAD *EVP_hpke_chacha20_poly1305(void);
|
||||
|
||||
// EVP_HPKE_AEAD_id returns the HPKE AEAD identifier for |aead|.
|
||||
OPENSSL_EXPORT uint16_t EVP_HPKE_AEAD_id(const EVP_HPKE_AEAD *aead);
|
||||
|
||||
// EVP_HPKE_AEAD_aead returns the |EVP_AEAD| corresponding to |aead|.
|
||||
OPENSSL_EXPORT const EVP_AEAD *EVP_HPKE_AEAD_aead(const EVP_HPKE_AEAD *aead);
|
||||
|
||||
|
||||
// Recipient keys.
|
||||
//
|
||||
// An HPKE recipient maintains a long-term KEM key. This library represents keys
|
||||
// with the |EVP_HPKE_KEY| type.
|
||||
|
||||
// EVP_HPKE_KEY_zero sets an uninitialized |EVP_HPKE_KEY| to the zero state. The
|
||||
// caller should then use |EVP_HPKE_KEY_init|, |EVP_HPKE_KEY_copy|, or
|
||||
// |EVP_HPKE_KEY_generate| to finish initializing |key|.
|
||||
//
|
||||
// It is safe, but not necessary to call |EVP_HPKE_KEY_cleanup| in this state.
|
||||
// This may be used for more uniform cleanup of |EVP_HPKE_KEY|.
|
||||
OPENSSL_EXPORT void EVP_HPKE_KEY_zero(EVP_HPKE_KEY *key);
|
||||
|
||||
// EVP_HPKE_KEY_cleanup releases memory referenced by |key|.
|
||||
OPENSSL_EXPORT void EVP_HPKE_KEY_cleanup(EVP_HPKE_KEY *key);
|
||||
|
||||
// EVP_HPKE_KEY_new returns a newly-allocated |EVP_HPKE_KEY|, or NULL on error.
|
||||
// The caller must call |EVP_HPKE_KEY_free| on the result to release it.
|
||||
//
|
||||
// This is a convenience function for callers that need a heap-allocated
|
||||
// |EVP_HPKE_KEY|.
|
||||
OPENSSL_EXPORT EVP_HPKE_KEY *EVP_HPKE_KEY_new(void);
|
||||
|
||||
// EVP_HPKE_KEY_free releases memory associated with |key|, which must have been
|
||||
// created with |EVP_HPKE_KEY_new|.
|
||||
OPENSSL_EXPORT void EVP_HPKE_KEY_free(EVP_HPKE_KEY *key);
|
||||
|
||||
// EVP_HPKE_KEY_copy sets |dst| to a copy of |src|. It returns one on success
|
||||
// and zero on error. On success, the caller must call |EVP_HPKE_KEY_cleanup| to
|
||||
// release |dst|. On failure, calling |EVP_HPKE_KEY_cleanup| is safe, but not
|
||||
// necessary.
|
||||
OPENSSL_EXPORT int EVP_HPKE_KEY_copy(EVP_HPKE_KEY *dst,
|
||||
const EVP_HPKE_KEY *src);
|
||||
|
||||
// EVP_HPKE_KEY_move sets |out|, which must be initialized or in the zero state,
|
||||
// to the key in |in|. |in| is mutated and left in the zero state.
|
||||
OPENSSL_EXPORT void EVP_HPKE_KEY_move(EVP_HPKE_KEY *out, EVP_HPKE_KEY *in);
|
||||
|
||||
// EVP_HPKE_KEY_init decodes |priv_key| as a private key for |kem| and
|
||||
// initializes |key| with the result. It returns one on success and zero if
|
||||
// |priv_key| was invalid. On success, the caller must call
|
||||
// |EVP_HPKE_KEY_cleanup| to release the key. On failure, calling
|
||||
// |EVP_HPKE_KEY_cleanup| is safe, but not necessary.
|
||||
OPENSSL_EXPORT int EVP_HPKE_KEY_init(EVP_HPKE_KEY *key, const EVP_HPKE_KEM *kem,
|
||||
const uint8_t *priv_key,
|
||||
size_t priv_key_len);
|
||||
|
||||
// EVP_HPKE_KEY_generate sets |key| to a newly-generated key using |kem|.
|
||||
OPENSSL_EXPORT int EVP_HPKE_KEY_generate(EVP_HPKE_KEY *key,
|
||||
const EVP_HPKE_KEM *kem);
|
||||
|
||||
// EVP_HPKE_KEY_kem returns the HPKE KEM used by |key|.
|
||||
OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_HPKE_KEY_kem(const EVP_HPKE_KEY *key);
|
||||
|
||||
// EVP_HPKE_KEY_public_key writes |key|'s public key to |out| and sets
|
||||
// |*out_len| to the number of bytes written. On success, it returns one and
|
||||
// writes at most |max_out| bytes. If |max_out| is too small, it returns zero.
|
||||
// Setting |max_out| to |EVP_HPKE_MAX_PUBLIC_KEY_LENGTH| will ensure the public
|
||||
// key fits. An exact size can also be determined by
|
||||
// |EVP_HPKE_KEM_public_key_len|.
|
||||
OPENSSL_EXPORT int EVP_HPKE_KEY_public_key(const EVP_HPKE_KEY *key,
|
||||
uint8_t *out, size_t *out_len,
|
||||
size_t max_out);
|
||||
|
||||
// EVP_HPKE_KEY_private_key writes |key|'s private key to |out| and sets
|
||||
// |*out_len| to the number of bytes written. On success, it returns one and
|
||||
// writes at most |max_out| bytes. If |max_out| is too small, it returns zero.
|
||||
// Setting |max_out| to |EVP_HPKE_MAX_PRIVATE_KEY_LENGTH| will ensure the
|
||||
// private key fits. An exact size can also be determined by
|
||||
// |EVP_HPKE_KEM_private_key_len|.
|
||||
OPENSSL_EXPORT int EVP_HPKE_KEY_private_key(const EVP_HPKE_KEY *key,
|
||||
uint8_t *out, size_t *out_len,
|
||||
size_t max_out);
|
||||
|
||||
|
||||
// Encryption contexts.
|
||||
//
|
||||
// An HPKE encryption context is represented by the |EVP_HPKE_CTX| type.
|
||||
|
||||
// EVP_HPKE_CTX_zero sets an uninitialized |EVP_HPKE_CTX| to the zero state. The
|
||||
// caller should then use one of the |EVP_HPKE_CTX_setup_*| functions to finish
|
||||
// setting up |ctx|.
|
||||
//
|
||||
// It is safe, but not necessary to call |EVP_HPKE_CTX_cleanup| in this state.
|
||||
// This may be used for more uniform cleanup of |EVP_HPKE_CTX|.
|
||||
OPENSSL_EXPORT void EVP_HPKE_CTX_zero(EVP_HPKE_CTX *ctx);
|
||||
|
||||
// EVP_HPKE_CTX_cleanup releases memory referenced by |ctx|. |ctx| must have
|
||||
// been initialized with |EVP_HPKE_CTX_zero| or one of the
|
||||
// |EVP_HPKE_CTX_setup_*| functions.
|
||||
OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx);
|
||||
|
||||
// EVP_HPKE_CTX_new returns a newly-allocated |EVP_HPKE_CTX|, or NULL on error.
|
||||
// The caller must call |EVP_HPKE_CTX_free| on the result to release it.
|
||||
//
|
||||
// This is a convenience function for callers that need a heap-allocated
|
||||
// |EVP_HPKE_CTX|.
|
||||
OPENSSL_EXPORT EVP_HPKE_CTX *EVP_HPKE_CTX_new(void);
|
||||
|
||||
// EVP_HPKE_CTX_free releases memory associated with |ctx|, which must have been
|
||||
// created with |EVP_HPKE_CTX_new|.
|
||||
OPENSSL_EXPORT void EVP_HPKE_CTX_free(EVP_HPKE_CTX *ctx);
|
||||
|
||||
// EVP_HPKE_CTX_setup_sender implements the SetupBaseS HPKE operation. It
|
||||
// encapsulates a shared secret for |peer_public_key| and sets up |ctx| as a
|
||||
// sender context. It writes the encapsulated shared secret to |out_enc| and
|
||||
// sets |*out_enc_len| to the number of bytes written. It writes at most
|
||||
// |max_enc| bytes and fails if the buffer is too small. Setting |max_enc| to at
|
||||
// least |EVP_HPKE_MAX_ENC_LENGTH| will ensure the buffer is large enough. An
|
||||
// exact size may also be determined by |EVP_PKEY_KEM_enc_len|.
|
||||
//
|
||||
// This function returns one on success and zero on error. Note that
|
||||
// |peer_public_key| may be invalid, in which case this function will return an
|
||||
// error.
|
||||
//
|
||||
// On success, callers may call |EVP_HPKE_CTX_seal| to encrypt messages for the
|
||||
// recipient. Callers must then call |EVP_HPKE_CTX_cleanup| when done. On
|
||||
// failure, calling |EVP_HPKE_CTX_cleanup| is safe, but not required.
|
||||
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_sender(
|
||||
EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
|
||||
const EVP_HPKE_KEM *kem, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
|
||||
const uint8_t *peer_public_key, size_t peer_public_key_len,
|
||||
const uint8_t *info, size_t info_len);
|
||||
|
||||
// EVP_HPKE_CTX_setup_sender_with_seed_for_testing behaves like
|
||||
// |EVP_HPKE_CTX_setup_sender|, but takes a seed to behave deterministically.
|
||||
// The seed's format depends on |kem|. For X25519, it is the sender's
|
||||
// ephemeral private key.
|
||||
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_sender_with_seed_for_testing(
|
||||
EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
|
||||
const EVP_HPKE_KEM *kem, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
|
||||
const uint8_t *peer_public_key, size_t peer_public_key_len,
|
||||
const uint8_t *info, size_t info_len, const uint8_t *seed, size_t seed_len);
|
||||
|
||||
// EVP_HPKE_CTX_setup_recipient implements the SetupBaseR HPKE operation. It
|
||||
// decapsulates the shared secret in |enc| with |key| and sets up |ctx| as a
|
||||
// recipient context. It returns one on success and zero on failure. Note that
|
||||
// |enc| may be invalid, in which case this function will return an error.
|
||||
//
|
||||
// On success, callers may call |EVP_HPKE_CTX_open| to decrypt messages from the
|
||||
// sender. Callers must then call |EVP_HPKE_CTX_cleanup| when done. On failure,
|
||||
// calling |EVP_HPKE_CTX_cleanup| is safe, but not required.
|
||||
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_recipient(
|
||||
EVP_HPKE_CTX *ctx, const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf,
|
||||
const EVP_HPKE_AEAD *aead, const uint8_t *enc, size_t enc_len,
|
||||
const uint8_t *info, size_t info_len);
|
||||
|
||||
// EVP_HPKE_CTX_setup_auth_sender implements the SetupAuthS HPKE operation. It
|
||||
// behaves like |EVP_HPKE_CTX_setup_sender| but authenticates the resulting
|
||||
// context with |key|.
|
||||
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_auth_sender(
|
||||
EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
|
||||
const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
|
||||
const uint8_t *peer_public_key, size_t peer_public_key_len,
|
||||
const uint8_t *info, size_t info_len);
|
||||
|
||||
// EVP_HPKE_CTX_setup_auth_sender_with_seed_for_testing behaves like
|
||||
// |EVP_HPKE_CTX_setup_auth_sender|, but takes a seed to behave
|
||||
// deterministically. The seed's format depends on |kem|. For X25519, it is the
|
||||
// sender's ephemeral private key.
|
||||
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_auth_sender_with_seed_for_testing(
|
||||
EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
|
||||
const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
|
||||
const uint8_t *peer_public_key, size_t peer_public_key_len,
|
||||
const uint8_t *info, size_t info_len, const uint8_t *seed, size_t seed_len);
|
||||
|
||||
// EVP_HPKE_CTX_setup_auth_recipient implements the SetupAuthR HPKE operation.
|
||||
// It behaves like |EVP_HPKE_CTX_setup_recipient| but checks the resulting
|
||||
// context was authenticated with |peer_public_key|.
|
||||
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_auth_recipient(
|
||||
EVP_HPKE_CTX *ctx, const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf,
|
||||
const EVP_HPKE_AEAD *aead, const uint8_t *enc, size_t enc_len,
|
||||
const uint8_t *info, size_t info_len, const uint8_t *peer_public_key,
|
||||
size_t peer_public_key_len);
|
||||
|
||||
|
||||
// Using an HPKE context.
|
||||
//
|
||||
// Once set up, callers may encrypt or decrypt with an |EVP_HPKE_CTX| using the
|
||||
// following functions.
|
||||
|
||||
// EVP_HPKE_CTX_open uses the HPKE context |ctx| to authenticate |in_len| bytes
|
||||
// from |in| and |ad_len| bytes from |ad| and to decrypt at most |in_len| bytes
|
||||
// into |out|. It returns one on success, and zero otherwise.
|
||||
//
|
||||
// This operation will fail if the |ctx| context is not set up as a receiver.
|
||||
//
|
||||
// Note that HPKE encryption is stateful and ordered. The sender's first call to
|
||||
// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
|
||||
// |EVP_HPKE_CTX_open|, etc.
|
||||
//
|
||||
// At most |in_len| bytes are written to |out|. In order to ensure success,
|
||||
// |max_out_len| should be at least |in_len|. On successful return, |*out_len|
|
||||
// is set to the actual number of bytes written.
|
||||
OPENSSL_EXPORT int EVP_HPKE_CTX_open(EVP_HPKE_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, size_t max_out_len,
|
||||
const uint8_t *in, size_t in_len,
|
||||
const uint8_t *ad, size_t ad_len);
|
||||
|
||||
// EVP_HPKE_CTX_seal uses the HPKE context |ctx| to encrypt and authenticate
|
||||
// |in_len| bytes of ciphertext |in| and authenticate |ad_len| bytes from |ad|,
|
||||
// writing the result to |out|. It returns one on success and zero otherwise.
|
||||
//
|
||||
// This operation will fail if the |ctx| context is not set up as a sender.
|
||||
//
|
||||
// Note that HPKE encryption is stateful and ordered. The sender's first call to
|
||||
// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
|
||||
// |EVP_HPKE_CTX_open|, etc.
|
||||
//
|
||||
// At most, |max_out_len| encrypted bytes are written to |out|. On successful
|
||||
// return, |*out_len| is set to the actual number of bytes written.
|
||||
//
|
||||
// To ensure success, |max_out_len| should be |in_len| plus the result of
|
||||
// |EVP_HPKE_CTX_max_overhead| or |EVP_HPKE_MAX_OVERHEAD|.
|
||||
OPENSSL_EXPORT int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *ctx, uint8_t *out,
|
||||
size_t *out_len, size_t max_out_len,
|
||||
const uint8_t *in, size_t in_len,
|
||||
const uint8_t *ad, size_t ad_len);
|
||||
|
||||
// EVP_HPKE_CTX_export uses the HPKE context |ctx| to export a secret of
|
||||
// |secret_len| bytes into |out|. This function uses |context_len| bytes from
|
||||
// |context| as a context string for the secret. This is necessary to separate
|
||||
// different uses of exported secrets and bind relevant caller-specific context
|
||||
// into the output. It returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *ctx, uint8_t *out,
|
||||
size_t secret_len,
|
||||
const uint8_t *context,
|
||||
size_t context_len);
|
||||
|
||||
// EVP_HPKE_MAX_OVERHEAD contains the largest value that
|
||||
// |EVP_HPKE_CTX_max_overhead| would ever return for any context.
|
||||
#define EVP_HPKE_MAX_OVERHEAD EVP_AEAD_MAX_OVERHEAD
|
||||
|
||||
// EVP_HPKE_CTX_max_overhead returns the maximum number of additional bytes
|
||||
// added by sealing data with |EVP_HPKE_CTX_seal|. The |ctx| context must be set
|
||||
// up as a sender.
|
||||
OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *ctx);
|
||||
|
||||
// EVP_HPKE_CTX_kem returns |ctx|'s configured KEM, or NULL if the context has
|
||||
// not been set up.
|
||||
OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_HPKE_CTX_kem(const EVP_HPKE_CTX *ctx);
|
||||
|
||||
// EVP_HPKE_CTX_aead returns |ctx|'s configured AEAD, or NULL if the context has
|
||||
// not been set up.
|
||||
OPENSSL_EXPORT const EVP_HPKE_AEAD *EVP_HPKE_CTX_aead(const EVP_HPKE_CTX *ctx);
|
||||
|
||||
// EVP_HPKE_CTX_kdf returns |ctx|'s configured KDF, or NULL if the context has
|
||||
// not been set up.
|
||||
OPENSSL_EXPORT const EVP_HPKE_KDF *EVP_HPKE_CTX_kdf(const EVP_HPKE_CTX *ctx);
|
||||
|
||||
|
||||
// Private structures.
|
||||
//
|
||||
// The following structures are exported so their types are stack-allocatable,
|
||||
// but accessing or modifying their fields is forbidden.
|
||||
|
||||
struct evp_hpke_ctx_st {
|
||||
const EVP_HPKE_KEM *kem;
|
||||
const EVP_HPKE_AEAD *aead;
|
||||
const EVP_HPKE_KDF *kdf;
|
||||
EVP_AEAD_CTX aead_ctx;
|
||||
uint8_t base_nonce[EVP_AEAD_MAX_NONCE_LENGTH];
|
||||
uint8_t exporter_secret[EVP_MAX_MD_SIZE];
|
||||
uint64_t seq;
|
||||
int is_sender;
|
||||
};
|
||||
|
||||
struct evp_hpke_key_st {
|
||||
const EVP_HPKE_KEM *kem;
|
||||
uint8_t private_key[X25519_PRIVATE_KEY_LEN];
|
||||
uint8_t public_key[X25519_PUBLIC_VALUE_LEN];
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
using ScopedEVP_HPKE_CTX =
|
||||
internal::StackAllocated<EVP_HPKE_CTX, void, EVP_HPKE_CTX_zero,
|
||||
EVP_HPKE_CTX_cleanup>;
|
||||
using ScopedEVP_HPKE_KEY =
|
||||
internal::StackAllocatedMovable<EVP_HPKE_KEY, void, EVP_HPKE_KEY_zero,
|
||||
EVP_HPKE_KEY_cleanup, EVP_HPKE_KEY_move>;
|
||||
|
||||
BORINGSSL_MAKE_DELETER(EVP_HPKE_CTX, EVP_HPKE_CTX_free)
|
||||
BORINGSSL_MAKE_DELETER(EVP_HPKE_KEY, EVP_HPKE_KEY_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
||||
+91
@@ -0,0 +1,91 @@
|
||||
// Copyright (c) 2018, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_HRSS_H
|
||||
#define OPENSSL_HEADER_HRSS_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// HRSS
|
||||
//
|
||||
// HRSS is a structured-lattice-based post-quantum key encapsulation mechanism.
|
||||
// The best exposition is https://eprint.iacr.org/2017/667.pdf although this
|
||||
// implementation uses a different KEM construction based on
|
||||
// https://eprint.iacr.org/2017/1005.pdf.
|
||||
|
||||
struct HRSS_private_key {
|
||||
uint8_t opaque[1808];
|
||||
};
|
||||
|
||||
struct HRSS_public_key {
|
||||
uint8_t opaque[1424];
|
||||
};
|
||||
|
||||
// HRSS_SAMPLE_BYTES is the number of bytes of entropy needed to generate a
|
||||
// short vector. There are 701 coefficients, but the final one is always set to
|
||||
// zero when sampling. Otherwise, we need one byte of input per coefficient.
|
||||
#define HRSS_SAMPLE_BYTES (701 - 1)
|
||||
// HRSS_GENERATE_KEY_BYTES is the number of bytes of entropy needed to generate
|
||||
// an HRSS key pair.
|
||||
#define HRSS_GENERATE_KEY_BYTES (HRSS_SAMPLE_BYTES + HRSS_SAMPLE_BYTES + 32)
|
||||
// HRSS_ENCAP_BYTES is the number of bytes of entropy needed to encapsulate a
|
||||
// session key.
|
||||
#define HRSS_ENCAP_BYTES (HRSS_SAMPLE_BYTES + HRSS_SAMPLE_BYTES)
|
||||
// HRSS_PUBLIC_KEY_BYTES is the number of bytes in a public key.
|
||||
#define HRSS_PUBLIC_KEY_BYTES 1138
|
||||
// HRSS_CIPHERTEXT_BYTES is the number of bytes in a ciphertext.
|
||||
#define HRSS_CIPHERTEXT_BYTES 1138
|
||||
// HRSS_KEY_BYTES is the number of bytes in a shared key.
|
||||
#define HRSS_KEY_BYTES 32
|
||||
// HRSS_POLY3_BYTES is the number of bytes needed to serialise a mod 3
|
||||
// polynomial.
|
||||
#define HRSS_POLY3_BYTES 140
|
||||
#define HRSS_PRIVATE_KEY_BYTES \
|
||||
(HRSS_POLY3_BYTES * 2 + HRSS_PUBLIC_KEY_BYTES + 2 + 32)
|
||||
|
||||
// HRSS_generate_key is a deterministic function that outputs a public and
|
||||
// private key based on the given entropy. It returns one on success or zero
|
||||
// on malloc failure.
|
||||
OPENSSL_EXPORT int HRSS_generate_key(
|
||||
struct HRSS_public_key *out_pub, struct HRSS_private_key *out_priv,
|
||||
const uint8_t input[HRSS_GENERATE_KEY_BYTES]);
|
||||
|
||||
// HRSS_encap is a deterministic function the generates and encrypts a random
|
||||
// session key from the given entropy, writing those values to |out_shared_key|
|
||||
// and |out_ciphertext|, respectively. It returns one on success or zero on
|
||||
// malloc failure.
|
||||
OPENSSL_EXPORT int HRSS_encap(uint8_t out_ciphertext[HRSS_CIPHERTEXT_BYTES],
|
||||
uint8_t out_shared_key[HRSS_KEY_BYTES],
|
||||
const struct HRSS_public_key *in_pub,
|
||||
const uint8_t in[HRSS_ENCAP_BYTES]);
|
||||
|
||||
// HRSS_decap decrypts a session key from |ciphertext_len| bytes of
|
||||
// |ciphertext|. If the ciphertext is valid, the decrypted key is written to
|
||||
// |out_shared_key|. Otherwise the HMAC of |ciphertext| under a secret key (kept
|
||||
// in |in_priv|) is written. If the ciphertext is the wrong length then it will
|
||||
// leak which was done via side-channels. Otherwise it should perform either
|
||||
// action in constant-time. It returns one on success (whether the ciphertext
|
||||
// was valid or not) and zero on malloc failure.
|
||||
OPENSSL_EXPORT int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES],
|
||||
const struct HRSS_private_key *in_priv,
|
||||
const uint8_t *ciphertext, size_t ciphertext_len);
|
||||
|
||||
// HRSS_marshal_public_key serialises |in_pub| to |out|.
|
||||
OPENSSL_EXPORT void HRSS_marshal_public_key(
|
||||
uint8_t out[HRSS_PUBLIC_KEY_BYTES], const struct HRSS_public_key *in_pub);
|
||||
|
||||
// HRSS_parse_public_key sets |*out| to the public-key encoded in |in|. It
|
||||
// returns true on success and zero on error.
|
||||
OPENSSL_EXPORT int HRSS_parse_public_key(
|
||||
struct HRSS_public_key *out, const uint8_t in[HRSS_PUBLIC_KEY_BYTES]);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_HRSS_H
|
||||
+5
@@ -0,0 +1,5 @@
|
||||
// Copyright (c) 2017, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
// This header is provided in order to catch include path errors in consuming
|
||||
// AWS-LC.
|
||||
+170
@@ -0,0 +1,170 @@
|
||||
// Copyright (c) 2022, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_KDF_H
|
||||
#define OPENSSL_HEADER_KDF_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Key derivation functions.
|
||||
|
||||
|
||||
// CRYPTO_tls1_prf calculates |out_len| bytes of the TLS PRF, using |digest|,
|
||||
// and writes them to |out|. It returns one on success and zero on error.
|
||||
// TLS 1.2: https://datatracker.ietf.org/doc/html/rfc5246#section-5
|
||||
// TLS 1.{0,1}: https://datatracker.ietf.org/doc/html/rfc4346#section-5
|
||||
OPENSSL_EXPORT int CRYPTO_tls1_prf(const EVP_MD *digest,
|
||||
uint8_t *out, size_t out_len,
|
||||
const uint8_t *secret, size_t secret_len,
|
||||
const char *label, size_t label_len,
|
||||
const uint8_t *seed1, size_t seed1_len,
|
||||
const uint8_t *seed2, size_t seed2_len);
|
||||
|
||||
// SSKDF_digest computes the One-step key derivation using the
|
||||
// provided digest algorithm as the backing PRF. This algorithm
|
||||
// may be referred to as "Single-Step KDF" or "NIST Concatenation KDF" by other
|
||||
// implementors. |info_len| may be zero length.
|
||||
//
|
||||
// Returns a 1 on success, otherwise returns 0.
|
||||
//
|
||||
// This implementation adheres to the algorithm specified in Section 4 of the
|
||||
// NIST Special Publication 800-56C Revision 2 published on August 2020. The
|
||||
// parameters relevant to the specification are as follows:
|
||||
// * Auxillary Function H is Option 1
|
||||
// * |out_len|, |secret_len|, and |info_len| are specified in bytes
|
||||
// * |out_len|, |secret_len|, |info_len| each must be <= 2^30
|
||||
// * |out_len| and |secret_len| > 0
|
||||
// * |out_len|, |secret_len| are analogous to |L| and |Z| respectively in the
|
||||
// specification.
|
||||
// * |info| and |info_len| refer to |FixedInfo| in the specification.
|
||||
//
|
||||
// Specification is available at https://doi.org/10.6028/NIST.SP.800-56Cr2
|
||||
OPENSSL_EXPORT int SSKDF_digest(uint8_t *out_key, size_t out_len,
|
||||
const EVP_MD *digest,
|
||||
const uint8_t *secret, size_t secret_len,
|
||||
const uint8_t *info, size_t info_len);
|
||||
|
||||
// SSKDF_hmac computes the One-step key derivation using the
|
||||
// provided digest algorithm with HMAC as the backing PRF. This algorithm
|
||||
// may be referred to as "Single-Step KDF" or "NIST Concatenation KDF" by other
|
||||
// implementors. |salt| is optional and may be |NULL| or zero-length. In
|
||||
// addition |info_len| may be zero length.
|
||||
//
|
||||
// Returns a 1 on success, otherwise returns 0.
|
||||
//
|
||||
// This implementation adheres to the algorithm specified in Section 4 of the
|
||||
// NIST Special Publication 800-56C Revision 2 published on August 2020. The
|
||||
// parameters relevant to the specification are as follows:
|
||||
// * Auxillary Function H is Option 2
|
||||
// * |out_len|, |secret_len|, |info_len|, and |salt_len| are specified in bytes
|
||||
// * |out_len|, |secret_len|, |info_len| each must be <= 2^30
|
||||
// * |out_len| and |secret_len| > 0
|
||||
// * |out_len|, |secret_len| are analogous to |L| and |Z| respectively in the
|
||||
// specification.
|
||||
// * |info| and |info_len| refer to |FixedInfo| in the specification.
|
||||
// * |salt| and |salt_len| refer to |salt| in the specification.
|
||||
// * |salt| or |salt_len| being |NULL| or |0| respectively will result in a
|
||||
// default salt being used which will be an all-zero byte string whose length
|
||||
// is equal to the length of the specified |digest| input block length in
|
||||
// bytes.
|
||||
OPENSSL_EXPORT int SSKDF_hmac(uint8_t *out_key, size_t out_len,
|
||||
const EVP_MD *digest,
|
||||
const uint8_t *secret, size_t secret_len,
|
||||
const uint8_t *info, size_t info_len,
|
||||
const uint8_t *salt, size_t salt_len);
|
||||
|
||||
// KBKDF_ctr_hmac derives keying material using the KDF counter mode algorithm,
|
||||
// using the provided key derivation key |secret| and fixed info |info|.
|
||||
// |info| or |info_len| may be zero-length. This algorithm
|
||||
// may be referred to as a "Key-Based Key Derivation Function in Counter Mode".
|
||||
//
|
||||
// This implementation adheres to the algorithm specified in Section 4.1 of the
|
||||
// NIST Special Publication 800-108 Revision 1 Update 1 published on August
|
||||
// 2022. The parameters relevant to the specification are as follows:
|
||||
// * |out_len|, |secret_len|, and |info_len| are specified in bytes
|
||||
// * |out_len| is analogous to |L| in the specification.
|
||||
// * |r| is the length of the binary representation of the counter |i|
|
||||
// referred to by the specification. |r| is 32 bits in this implementation.
|
||||
// * The 32-bit counter is big-endian in this implementation.
|
||||
// * The 32-bit counter location is placed before |info|.
|
||||
// * |K_IN| is analogous to |secret| and |secret_len|.
|
||||
// * |PRF| refers to HMAC in this implementation.
|
||||
//
|
||||
// Specification is available at https://doi.org/10.6028/NIST.SP.800-108r1-upd1
|
||||
OPENSSL_EXPORT int KBKDF_ctr_hmac(uint8_t *out_key, size_t out_len,
|
||||
const EVP_MD *digest, const uint8_t *secret,
|
||||
size_t secret_len, const uint8_t *info,
|
||||
size_t info_len);
|
||||
|
||||
// KDF support for EVP.
|
||||
|
||||
|
||||
// HKDF-specific functions.
|
||||
//
|
||||
// The following functions are provided for OpenSSL compatibility. Prefer the
|
||||
// HKDF functions in <openssl/hkdf.h>. In each, |ctx| must be created with
|
||||
// |EVP_PKEY_CTX_new_id| with |EVP_PKEY_HKDF| and then initialized with
|
||||
// |EVP_PKEY_derive_init|.
|
||||
|
||||
// EVP_PKEY_HKDEF_MODE_* define "modes" for use with |EVP_PKEY_CTX_hkdf_mode|.
|
||||
// The mispelling of "HKDF" as "HKDEF" is intentional for OpenSSL compatibility.
|
||||
#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
|
||||
#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
|
||||
#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
|
||||
|
||||
// EVP_PKEY_CTX_hkdf_mode configures which HKDF operation to run. It returns one
|
||||
// on success and zero on error. |mode| must be one of |EVP_PKEY_HKDEF_MODE_*|.
|
||||
// By default, the mode is |EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND|.
|
||||
//
|
||||
// If |mode| is |EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND| or
|
||||
// |EVP_PKEY_HKDEF_MODE_EXPAND_ONLY|, the output is variable-length.
|
||||
// |EVP_PKEY_derive| uses the size of the output buffer as the output length for
|
||||
// HKDF-Expand.
|
||||
//
|
||||
// WARNING: Although this API calls it a "mode", HKDF-Extract and HKDF-Expand
|
||||
// are distinct operations with distinct inputs and distinct kinds of keys.
|
||||
// Callers should not pass input secrets for one operation into the other.
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode);
|
||||
|
||||
// EVP_PKEY_CTX_set_hkdf_md sets |md| as the digest to use with HKDF. It returns
|
||||
// one on success and zero on error.
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx,
|
||||
const EVP_MD *md);
|
||||
|
||||
// EVP_PKEY_CTX_set1_hkdf_key configures HKDF to use |key_len| bytes from |key|
|
||||
// as the "key", described below. It returns one on success and zero on error.
|
||||
//
|
||||
// Which input is the key depends on the "mode" (see |EVP_PKEY_CTX_hkdf_mode|).
|
||||
// If |EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND| or
|
||||
// |EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY|, this function specifies the input keying
|
||||
// material (IKM) for HKDF-Extract. If |EVP_PKEY_HKDEF_MODE_EXPAND_ONLY|, it
|
||||
// instead specifies the pseudorandom key (PRK) for HKDF-Expand.
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx,
|
||||
const uint8_t *key,
|
||||
size_t key_len);
|
||||
|
||||
// EVP_PKEY_CTX_set1_hkdf_salt configures HKDF to use |salt_len| bytes from
|
||||
// |salt| as the salt parameter to HKDF-Extract. It returns one on success and
|
||||
// zero on error. If performing HKDF-Expand only, this parameter is ignored.
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx,
|
||||
const uint8_t *salt,
|
||||
size_t salt_len);
|
||||
|
||||
// EVP_PKEY_CTX_add1_hkdf_info appends |info_len| bytes from |info| to the info
|
||||
// parameter used with HKDF-Expand. It returns one on success and zero on error.
|
||||
// If performing HKDF-Extract only, this parameter is ignored.
|
||||
OPENSSL_EXPORT int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx,
|
||||
const uint8_t *info,
|
||||
size_t info_len);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_KDF_H
|
||||
+45
@@ -0,0 +1,45 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_LHASH_H
|
||||
#define OPENSSL_HEADER_LHASH_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Hash table implementation for internal use.
|
||||
|
||||
|
||||
typedef struct lhash_st _LHASH;
|
||||
|
||||
// lhash is an internal library and not exported for use outside BoringSSL. This
|
||||
// header is provided for compatibility with code that expects OpenSSL.
|
||||
|
||||
|
||||
// These two macros are exported for compatibility with existing callers of
|
||||
// |X509V3_EXT_conf_nid|. Do not use these symbols outside BoringSSL.
|
||||
#define LHASH_OF(type) struct lhash_st_##type
|
||||
#define DECLARE_LHASH_OF(type) LHASH_OF(type);
|
||||
|
||||
OPENSSL_EXPORT void lh_doall_arg(_LHASH *lh, void (*func)(void *, void *),
|
||||
void *arg);
|
||||
|
||||
// These two macros are the bare minimum of |LHASH| macros downstream consumers
|
||||
// use.
|
||||
#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
|
||||
void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
|
||||
o_type *a = arg1; \
|
||||
a_type *b = arg2; \
|
||||
name##_doall_arg(a, b); }
|
||||
#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_LHASH_H
|
||||
+55
@@ -0,0 +1,55 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_MD4_H
|
||||
#define OPENSSL_HEADER_MD4_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// MD4.
|
||||
|
||||
// MD4_CBLOCK is the block size of MD4.
|
||||
#define MD4_CBLOCK 64
|
||||
|
||||
// MD4_DIGEST_LENGTH is the length of an MD4 digest.
|
||||
#define MD4_DIGEST_LENGTH 16
|
||||
|
||||
// MD4_Init initialises |md4| and returns one.
|
||||
OPENSSL_EXPORT int MD4_Init(MD4_CTX *md4);
|
||||
|
||||
// MD4_Update adds |len| bytes from |data| to |md4| and returns one.
|
||||
OPENSSL_EXPORT int MD4_Update(MD4_CTX *md4, const void *data, size_t len);
|
||||
|
||||
// MD4_Final adds the final padding to |md4| and writes the resulting digest to
|
||||
// |out|, which must have at least |MD4_DIGEST_LENGTH| bytes of space. It
|
||||
// returns one.
|
||||
OPENSSL_EXPORT int MD4_Final(uint8_t out[MD4_DIGEST_LENGTH], MD4_CTX *md4);
|
||||
|
||||
// MD4 writes the digest of |len| bytes from |data| to |out| and returns |out|.
|
||||
// There must be at least |MD4_DIGEST_LENGTH| bytes of space in |out|.
|
||||
OPENSSL_EXPORT uint8_t *MD4(const uint8_t *data, size_t len,
|
||||
uint8_t out[MD4_DIGEST_LENGTH]);
|
||||
|
||||
// MD4_Transform is a low-level function that performs a single, MD4 block
|
||||
// transformation using the state from |md4| and 64 bytes from |block|.
|
||||
OPENSSL_EXPORT void MD4_Transform(MD4_CTX *md4,
|
||||
const uint8_t block[MD4_CBLOCK]);
|
||||
|
||||
struct md4_state_st {
|
||||
uint32_t h[4];
|
||||
uint32_t Nl, Nh;
|
||||
uint8_t data[MD4_CBLOCK];
|
||||
unsigned num;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_MD4_H
|
||||
+56
@@ -0,0 +1,56 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_MD5_H
|
||||
#define OPENSSL_HEADER_MD5_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// MD5.
|
||||
|
||||
|
||||
// MD5_CBLOCK is the block size of MD5.
|
||||
#define MD5_CBLOCK 64
|
||||
|
||||
// MD5_DIGEST_LENGTH is the length of an MD5 digest.
|
||||
#define MD5_DIGEST_LENGTH 16
|
||||
|
||||
// MD5_Init initialises |md5| and returns one.
|
||||
OPENSSL_EXPORT int MD5_Init(MD5_CTX *md5);
|
||||
|
||||
// MD5_Update adds |len| bytes from |data| to |md5| and returns one.
|
||||
OPENSSL_EXPORT int MD5_Update(MD5_CTX *md5, const void *data, size_t len);
|
||||
|
||||
// MD5_Final adds the final padding to |md5| and writes the resulting digest to
|
||||
// |out|, which must have at least |MD5_DIGEST_LENGTH| bytes of space. It
|
||||
// returns one.
|
||||
OPENSSL_EXPORT int MD5_Final(uint8_t out[MD5_DIGEST_LENGTH], MD5_CTX *md5);
|
||||
|
||||
// MD5 writes the digest of |len| bytes from |data| to |out| and returns |out|.
|
||||
// There must be at least |MD5_DIGEST_LENGTH| bytes of space in |out|.
|
||||
OPENSSL_EXPORT uint8_t *MD5(const uint8_t *data, size_t len,
|
||||
uint8_t out[MD5_DIGEST_LENGTH]);
|
||||
|
||||
// MD5_Transform is a low-level function that performs a single, MD5 block
|
||||
// transformation using the state from |md5| and 64 bytes from |block|.
|
||||
OPENSSL_EXPORT void MD5_Transform(MD5_CTX *md5,
|
||||
const uint8_t block[MD5_CBLOCK]);
|
||||
|
||||
struct md5_state_st {
|
||||
uint32_t h[4];
|
||||
uint32_t Nl, Nh;
|
||||
uint8_t data[MD5_CBLOCK];
|
||||
unsigned num;
|
||||
};
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_MD5_H
|
||||
+238
@@ -0,0 +1,238 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_MEM_H
|
||||
#define OPENSSL_HEADER_MEM_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Memory and string functions, see also buf.h.
|
||||
//
|
||||
// BoringSSL has its own set of allocation functions, which keep track of
|
||||
// allocation lengths and zero them out before freeing. All memory returned by
|
||||
// BoringSSL API calls must therefore generally be freed using |OPENSSL_free|
|
||||
// unless stated otherwise.
|
||||
|
||||
|
||||
#ifndef _BORINGSSL_PROHIBIT_OPENSSL_MALLOC
|
||||
// OPENSSL_malloc is similar to a regular |malloc|, but allocates additional
|
||||
// private data. The resulting pointer must be freed with |OPENSSL_free|. In
|
||||
// the case of a malloc failure, prior to returning NULL |OPENSSL_malloc| will
|
||||
// push |ERR_R_MALLOC_FAILURE| onto the openssl error stack.
|
||||
OPENSSL_EXPORT void *OPENSSL_malloc(size_t size) OPENSSL_WARN_UNUSED_RESULT;
|
||||
|
||||
// OPENSSL_zalloc behaves like |OPENSSL_malloc| except it also initializes the
|
||||
// resulting memory to zero.
|
||||
OPENSSL_EXPORT void *OPENSSL_zalloc(size_t size) OPENSSL_WARN_UNUSED_RESULT;
|
||||
|
||||
// OPENSSL_calloc is similar to a regular |calloc|, but allocates data with
|
||||
// |OPENSSL_malloc|. On overflow, it will push |ERR_R_OVERFLOW| onto the error
|
||||
// queue.
|
||||
OPENSSL_EXPORT void *OPENSSL_calloc(size_t num, size_t size) OPENSSL_WARN_UNUSED_RESULT;
|
||||
|
||||
// OPENSSL_realloc returns a pointer to a buffer of |new_size| bytes that
|
||||
// contains the contents of |ptr|. Unlike |realloc|, a new buffer is always
|
||||
// allocated and the data at |ptr| is always wiped and freed. Memory is
|
||||
// allocated with |OPENSSL_malloc| and must be freed with |OPENSSL_free|.
|
||||
// If |ptr| is null |OPENSSL_malloc| is called instead.
|
||||
OPENSSL_EXPORT void *OPENSSL_realloc(void *ptr, size_t new_size) OPENSSL_WARN_UNUSED_RESULT;
|
||||
#endif // !_BORINGSSL_PROHIBIT_OPENSSL_MALLOC
|
||||
|
||||
// OPENSSL_free does nothing if |ptr| is NULL. Otherwise it zeros out the
|
||||
// memory allocated at |ptr| and frees it along with the private data.
|
||||
// It must only be used on on |ptr| values obtained from |OPENSSL_malloc|
|
||||
OPENSSL_EXPORT void OPENSSL_free(void *ptr);
|
||||
|
||||
// OPENSSL_cleanse zeros out |len| bytes of memory at |ptr|. This is similar to
|
||||
// |memset_s| from C11.
|
||||
OPENSSL_EXPORT void OPENSSL_cleanse(void *ptr, size_t len);
|
||||
|
||||
// CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
|
||||
// takes an amount of time dependent on |len|, but independent of the contents
|
||||
// of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
|
||||
// defined order as the return value when a != b is undefined, other than to be
|
||||
// non-zero.
|
||||
OPENSSL_EXPORT int CRYPTO_memcmp(const void *a, const void *b, size_t len) OPENSSL_WARN_UNUSED_RESULT;
|
||||
|
||||
// OPENSSL_hash32 implements the 32 bit, FNV-1a hash.
|
||||
OPENSSL_EXPORT uint32_t OPENSSL_hash32(const void *ptr, size_t len);
|
||||
|
||||
// OPENSSL_strhash calls |OPENSSL_hash32| on the NUL-terminated string |s|.
|
||||
OPENSSL_EXPORT uint32_t OPENSSL_strhash(const char *s);
|
||||
|
||||
// OPENSSL_strdup has the same behaviour as strdup(3).
|
||||
OPENSSL_EXPORT char *OPENSSL_strdup(const char *s);
|
||||
|
||||
// OPENSSL_strnlen has the same behaviour as strnlen(3).
|
||||
OPENSSL_EXPORT size_t OPENSSL_strnlen(const char *s, size_t len);
|
||||
|
||||
// OPENSSL_isalpha is a locale-independent, ASCII-only version of isalpha(3), It
|
||||
// only recognizes 'a' through 'z' and 'A' through 'Z' as alphabetic.
|
||||
OPENSSL_EXPORT int OPENSSL_isalpha(int c);
|
||||
|
||||
// OPENSSL_isdigit is a locale-independent, ASCII-only version of isdigit(3), It
|
||||
// only recognizes '0' through '9' as digits.
|
||||
OPENSSL_EXPORT int OPENSSL_isdigit(int c);
|
||||
|
||||
// OPENSSL_isxdigit is a locale-independent, ASCII-only version of isxdigit(3),
|
||||
// It only recognizes '0' through '9', 'a' through 'f', and 'A through 'F' as
|
||||
// digits.
|
||||
OPENSSL_EXPORT int OPENSSL_isxdigit(int c);
|
||||
|
||||
// OPENSSL_fromxdigit returns one if |c| is a hexadecimal digit as recognized
|
||||
// by OPENSSL_isxdigit, and sets |out| to the corresponding value. Otherwise
|
||||
// zero is returned.
|
||||
OPENSSL_EXPORT int OPENSSL_fromxdigit(uint8_t *out, int c);
|
||||
|
||||
// OPENSSL_hexstr2buf allocates and returns a buffer containing the bytes
|
||||
// represented by the hexadecimal string |str|. |str| must be a NULL terminated
|
||||
// string of hex characters. The length of the buffer is stored in |*len|.
|
||||
// |len| must not be NULL. The caller must free the returned
|
||||
// buffer with |OPENSSL_free|. If |str| is malformed, NULL is returned.
|
||||
OPENSSL_EXPORT uint8_t *OPENSSL_hexstr2buf(const char *str, size_t *len);
|
||||
|
||||
// OPENSSL_isalnum is a locale-independent, ASCII-only version of isalnum(3), It
|
||||
// only recognizes what |OPENSSL_isalpha| and |OPENSSL_isdigit| recognize.
|
||||
OPENSSL_EXPORT int OPENSSL_isalnum(int c);
|
||||
|
||||
// OPENSSL_tolower is a locale-independent, ASCII-only version of tolower(3). It
|
||||
// only lowercases ASCII values. Other values are returned as-is.
|
||||
OPENSSL_EXPORT int OPENSSL_tolower(int c);
|
||||
|
||||
// OPENSSL_isspace is a locale-independent, ASCII-only version of isspace(3). It
|
||||
// only recognizes '\t', '\n', '\v', '\f', '\r', and ' '.
|
||||
OPENSSL_EXPORT int OPENSSL_isspace(int c);
|
||||
|
||||
// OPENSSL_strcasecmp is a locale-independent, ASCII-only version of
|
||||
// strcasecmp(3).
|
||||
OPENSSL_EXPORT int OPENSSL_strcasecmp(const char *a, const char *b);
|
||||
|
||||
// OPENSSL_strncasecmp is a locale-independent, ASCII-only version of
|
||||
// strncasecmp(3).
|
||||
OPENSSL_EXPORT int OPENSSL_strncasecmp(const char *a, const char *b, size_t n);
|
||||
|
||||
// DECIMAL_SIZE returns an upper bound for the length of the decimal
|
||||
// representation of the given type.
|
||||
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
|
||||
|
||||
// BIO_snprintf has the same behavior as snprintf(3).
|
||||
OPENSSL_EXPORT int BIO_snprintf(char *buf, size_t n, const char *format, ...)
|
||||
OPENSSL_PRINTF_FORMAT_FUNC(3, 4);
|
||||
|
||||
// BIO_vsnprintf has the same behavior as vsnprintf(3).
|
||||
OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format,
|
||||
va_list args) OPENSSL_PRINTF_FORMAT_FUNC(3, 0);
|
||||
|
||||
// OPENSSL_vasprintf has the same behavior as vasprintf(3), except that
|
||||
// memory allocated in a returned string must be freed with |OPENSSL_free|.
|
||||
OPENSSL_EXPORT int OPENSSL_vasprintf(char **str, const char *format,
|
||||
va_list args)
|
||||
OPENSSL_PRINTF_FORMAT_FUNC(2, 0);
|
||||
|
||||
// OPENSSL_asprintf has the same behavior as asprintf(3), except that
|
||||
// memory allocated in a returned string must be freed with |OPENSSL_free|.
|
||||
OPENSSL_EXPORT int OPENSSL_asprintf(char **str, const char *format, ...)
|
||||
OPENSSL_PRINTF_FORMAT_FUNC(2, 3);
|
||||
|
||||
// OPENSSL_strndup returns an allocated, duplicate of |str|, which is, at most,
|
||||
// |size| bytes. The result is always NUL terminated. The memory allocated
|
||||
// must be freed with |OPENSSL_free|.
|
||||
OPENSSL_EXPORT char *OPENSSL_strndup(const char *str, size_t size);
|
||||
|
||||
// OPENSSL_memdup returns an allocated, duplicate of |size| bytes from |data| or
|
||||
// NULL on allocation failure. The memory allocated must be freed with
|
||||
// |OPENSSL_free|.
|
||||
OPENSSL_EXPORT void *OPENSSL_memdup(const void *data, size_t size);
|
||||
|
||||
// OPENSSL_strlcpy acts like strlcpy(3).
|
||||
OPENSSL_EXPORT size_t OPENSSL_strlcpy(char *dst, const char *src,
|
||||
size_t dst_size);
|
||||
|
||||
// OPENSSL_strlcat acts like strlcat(3).
|
||||
OPENSSL_EXPORT size_t OPENSSL_strlcat(char *dst, const char *src,
|
||||
size_t dst_size);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// CRYPTO_malloc calls |OPENSSL_malloc|. |file| and |line| are ignored.
|
||||
OPENSSL_EXPORT void *CRYPTO_malloc(size_t size, const char *file, int line);
|
||||
|
||||
// CRYPTO_realloc calls |OPENSSL_realloc|. |file| and |line| are ignored.
|
||||
OPENSSL_EXPORT void *CRYPTO_realloc(void *ptr, size_t new_size,
|
||||
const char *file, int line);
|
||||
|
||||
// CRYPTO_free calls |OPENSSL_free|. |file| and |line| are ignored.
|
||||
OPENSSL_EXPORT void CRYPTO_free(void *ptr, const char *file, int line);
|
||||
|
||||
// OPENSSL_clear_free calls |OPENSSL_free|. BoringSSL automatically clears all
|
||||
// allocations on free, but we define |OPENSSL_clear_free| for compatibility.
|
||||
OPENSSL_EXPORT void OPENSSL_clear_free(void *ptr, size_t len);
|
||||
|
||||
// CRYPTO_set_mem_functions is used to override the implementation of |OPENSSL_malloc/free/realloc|.
|
||||
//
|
||||
// |OPENSSL_malloc/free/realloc| can be customized by implementing |OPENSSL_memory_alloc/free/realloc| or calling
|
||||
// CRYPTO_set_mem_functions. If |OPENSSL_memory_alloc/free/realloc| is defined CRYPTO_set_mem_functions will fail.
|
||||
// All of the warnings for |OPENSSL_malloc/free/realloc| apply to CRYPTO_set_mem_functions:
|
||||
// -- https://github.com/aws/aws-lc/blame/d164f5762b1ad5d4f2d1561fb85daa556fdff5ef/crypto/mem.c#L111-L127
|
||||
// This function is only recommended for debug purpose(e.g. track mem usage).
|
||||
// AWS-LC differs from OpenSSL's CRYPTO_set_mem_functions in that __FILE__ and __LINE__ are not supplied.
|
||||
//
|
||||
// It returns one on success and zero otherwise.
|
||||
OPENSSL_EXPORT int CRYPTO_set_mem_functions(
|
||||
void *(*m)(size_t, const char *, int),
|
||||
void *(*r)(void *, size_t, const char *, int),
|
||||
void (*f)(void *, const char *, int));
|
||||
|
||||
// OPENSSL supports the concept of secure heaps to help protect applications from pointer overruns or underruns that
|
||||
// could return arbitrary data from the program's dynamic memory area where sensitive information may be stored.
|
||||
// AWS-LC does not support secure heaps. The initialization functions intentionally return zero to indicate that secure
|
||||
// heaps aren't supported. We return the regular malloc and zalloc versions when the secure_* counterparts are called,
|
||||
// which is what OPENSSL does when secure heap is not enabled.
|
||||
// If there is any interest in utilizing "secure heaps" with AWS-LC, cut us an issue at
|
||||
// https://github.com/aws/aws-lc/issues/new/choose
|
||||
|
||||
// CRYPTO_secure_malloc_init returns zero.
|
||||
OPENSSL_EXPORT int CRYPTO_secure_malloc_init(size_t size, size_t min_size);
|
||||
|
||||
// CRYPTO_secure_malloc_initialized returns zero.
|
||||
OPENSSL_EXPORT int CRYPTO_secure_malloc_initialized(void);
|
||||
|
||||
// CRYPTO_secure_used returns zero.
|
||||
OPENSSL_EXPORT size_t CRYPTO_secure_used(void);
|
||||
|
||||
// OPENSSL_secure_malloc calls |OPENSSL_malloc|.
|
||||
OPENSSL_EXPORT void *OPENSSL_secure_malloc(size_t size);
|
||||
|
||||
// OPENSSL_secure_zalloc calls |OPENSSL_zalloc|.
|
||||
OPENSSL_EXPORT void *OPENSSL_secure_zalloc(size_t size);
|
||||
|
||||
// OPENSSL_secure_clear_free calls |OPENSSL_clear_free|.
|
||||
OPENSSL_EXPORT void OPENSSL_secure_clear_free(void *ptr, size_t len);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(char, OPENSSL_free)
|
||||
BORINGSSL_MAKE_DELETER(uint8_t, OPENSSL_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_MEM_H
|
||||
+4316
File diff suppressed because it is too large
Load Diff
+210
@@ -0,0 +1,210 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_OBJ_H
|
||||
#define OPENSSL_HEADER_OBJ_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/bytestring.h>
|
||||
#include <openssl/nid.h> // IWYU pragma: export
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// The objects library deals with the registration and indexing of ASN.1 object
|
||||
// identifiers. These values are often written as a dotted sequence of numbers,
|
||||
// e.g. 1.2.840.113549.1.9.16.3.9.
|
||||
//
|
||||
// Internally, OpenSSL likes to deal with these values by numbering them with
|
||||
// numbers called "nids". OpenSSL has a large, built-in database of common
|
||||
// object identifiers and also has both short and long names for them.
|
||||
//
|
||||
// This library provides functions for translating between object identifiers,
|
||||
// nids, short names and long names.
|
||||
//
|
||||
// The nid values should not be used outside of a single process: they are not
|
||||
// stable identifiers.
|
||||
|
||||
|
||||
// Basic operations.
|
||||
|
||||
// OBJ_dup returns a duplicate copy of |obj| or NULL on allocation failure. The
|
||||
// caller must call |ASN1_OBJECT_free| on the result to release it.
|
||||
OPENSSL_EXPORT ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *obj);
|
||||
|
||||
// OBJ_cmp returns a value less than, equal to or greater than zero if |a| is
|
||||
// less than, equal to or greater than |b|, respectively.
|
||||
OPENSSL_EXPORT int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
|
||||
|
||||
// OBJ_get0_data returns a pointer to the DER representation of |obj|. This is
|
||||
// the contents of the DER-encoded identifier, not including the tag and length.
|
||||
// If |obj| does not have an associated object identifier (i.e. it is a nid-only
|
||||
// value), this value is the empty string.
|
||||
OPENSSL_EXPORT const uint8_t *OBJ_get0_data(const ASN1_OBJECT *obj);
|
||||
|
||||
// OBJ_length returns the length of the DER representation of |obj|. This is the
|
||||
// contents of the DER-encoded identifier, not including the tag and length. If
|
||||
// |obj| does not have an associated object identifier (i.e. it is a nid-only
|
||||
// value), this value is the empty string.
|
||||
OPENSSL_EXPORT size_t OBJ_length(const ASN1_OBJECT *obj);
|
||||
|
||||
|
||||
// Looking up nids.
|
||||
|
||||
// OBJ_obj2nid returns the nid corresponding to |obj|, or |NID_undef| if no
|
||||
// such object is known.
|
||||
OPENSSL_EXPORT int OBJ_obj2nid(const ASN1_OBJECT *obj);
|
||||
|
||||
// OBJ_cbs2nid returns the nid corresponding to the DER data in |cbs|, or
|
||||
// |NID_undef| if no such object is known.
|
||||
OPENSSL_EXPORT int OBJ_cbs2nid(const CBS *cbs);
|
||||
|
||||
// OBJ_sn2nid returns the nid corresponding to |short_name|, or |NID_undef| if
|
||||
// no such short name is known.
|
||||
OPENSSL_EXPORT int OBJ_sn2nid(const char *short_name);
|
||||
|
||||
// OBJ_ln2nid returns the nid corresponding to |long_name|, or |NID_undef| if
|
||||
// no such long name is known.
|
||||
OPENSSL_EXPORT int OBJ_ln2nid(const char *long_name);
|
||||
|
||||
// OBJ_txt2nid returns the nid corresponding to |s|, which may be a short name,
|
||||
// long name, or an ASCII string containing a dotted sequence of numbers. It
|
||||
// returns the nid or NID_undef if unknown.
|
||||
OPENSSL_EXPORT int OBJ_txt2nid(const char *s);
|
||||
|
||||
|
||||
// Getting information about nids.
|
||||
|
||||
// OBJ_nid2obj returns the |ASN1_OBJECT| corresponding to |nid|, or NULL if
|
||||
// |nid| is unknown.
|
||||
//
|
||||
// Although the output is not const, this function returns a static, immutable
|
||||
// |ASN1_OBJECT|. It is not necessary to release the object with
|
||||
// |ASN1_OBJECT_free|.
|
||||
//
|
||||
// However, functions like |X509_ALGOR_set0| expect to take ownership of a
|
||||
// possibly dynamically-allocated |ASN1_OBJECT|. |ASN1_OBJECT_free| is a no-op
|
||||
// for static |ASN1_OBJECT|s, so |OBJ_nid2obj| is compatible with such
|
||||
// functions.
|
||||
//
|
||||
// Callers are encouraged to store the result of this function in a const
|
||||
// pointer. However, if using functions like |X509_ALGOR_set0|, callers may use
|
||||
// a non-const pointer and manage ownership.
|
||||
OPENSSL_EXPORT ASN1_OBJECT *OBJ_nid2obj(int nid);
|
||||
|
||||
// OBJ_get_undef returns the object for |NID_undef|. Prefer this function over
|
||||
// |OBJ_nid2obj| to avoid pulling in the full OID table.
|
||||
OPENSSL_EXPORT const ASN1_OBJECT *OBJ_get_undef(void);
|
||||
|
||||
// OBJ_nid2sn returns the short name for |nid|, or NULL if |nid| is unknown.
|
||||
OPENSSL_EXPORT const char *OBJ_nid2sn(int nid);
|
||||
|
||||
// OBJ_nid2ln returns the long name for |nid|, or NULL if |nid| is unknown.
|
||||
OPENSSL_EXPORT const char *OBJ_nid2ln(int nid);
|
||||
|
||||
// OBJ_nid2cbb writes |nid| as an ASN.1 OBJECT IDENTIFIER to |out|. It returns
|
||||
// one on success or zero otherwise.
|
||||
OPENSSL_EXPORT int OBJ_nid2cbb(CBB *out, int nid);
|
||||
|
||||
|
||||
// Dealing with textual representations of object identifiers.
|
||||
|
||||
// OBJ_txt2obj returns an ASN1_OBJECT for the textual representation in |s|.
|
||||
// If |dont_search_names| is zero, then |s| will be matched against the long
|
||||
// and short names of a known objects to find a match. Otherwise |s| must
|
||||
// contain an ASCII string with a dotted sequence of numbers. The resulting
|
||||
// object need not be previously known. It returns a freshly allocated
|
||||
// |ASN1_OBJECT| or NULL on error.
|
||||
OPENSSL_EXPORT ASN1_OBJECT *OBJ_txt2obj(const char *s, int dont_search_names);
|
||||
|
||||
// OBJ_obj2txt converts |obj| to a textual representation. If
|
||||
// |always_return_oid| is zero then |obj| will be matched against known objects
|
||||
// and the long (preferably) or short name will be used if found. Otherwise
|
||||
// |obj| will be converted into a dotted sequence of integers. If |out| is not
|
||||
// NULL, then at most |out_len| bytes of the textual form will be written
|
||||
// there. If |out_len| is at least one, then string written to |out| will
|
||||
// always be NUL terminated. It returns the number of characters that could
|
||||
// have been written, not including the final NUL, or -1 on error.
|
||||
OPENSSL_EXPORT int OBJ_obj2txt(char *out, int out_len, const ASN1_OBJECT *obj,
|
||||
int always_return_oid);
|
||||
|
||||
|
||||
// Adding objects at runtime.
|
||||
|
||||
// OBJ_create adds a known object and returns the NID of the new object, or
|
||||
// NID_undef on error.
|
||||
//
|
||||
// WARNING: This function modifies global state. The table cannot contain
|
||||
// duplicate OIDs, short names, or long names. If two callers in the same
|
||||
// address space add conflicting values, only one registration will take effect.
|
||||
// Avoid this function if possible. Instead, callers can process OIDs unknown to
|
||||
// BoringSSL by acting on the byte representation directly. See
|
||||
// |ASN1_OBJECT_create|, |OBJ_get0_data|, and |OBJ_length|.
|
||||
OPENSSL_EXPORT int OBJ_create(const char *oid, const char *short_name,
|
||||
const char *long_name);
|
||||
|
||||
|
||||
// Handling signature algorithm identifiers.
|
||||
//
|
||||
// Some NIDs (e.g. sha256WithRSAEncryption) specify both a digest algorithm and
|
||||
// a public key algorithm. The following functions map between pairs of digest
|
||||
// and public-key algorithms and the NIDs that specify their combination.
|
||||
//
|
||||
// Sometimes the combination NID leaves the digest unspecified (e.g.
|
||||
// rsassaPss). In these cases, the digest NID is |NID_undef|.
|
||||
|
||||
// OBJ_find_sigid_algs finds the digest and public-key NIDs that correspond to
|
||||
// the signing algorithm |sign_nid|. If successful, it sets |*out_digest_nid|
|
||||
// and |*out_pkey_nid| and returns one. Otherwise it returns zero. Any of
|
||||
// |out_digest_nid| or |out_pkey_nid| can be NULL if the caller doesn't need
|
||||
// that output value.
|
||||
OPENSSL_EXPORT int OBJ_find_sigid_algs(int sign_nid, int *out_digest_nid,
|
||||
int *out_pkey_nid);
|
||||
|
||||
// OBJ_find_sigid_by_algs finds the signature NID that corresponds to the
|
||||
// combination of |digest_nid| and |pkey_nid|. If success, it sets
|
||||
// |*out_sign_nid| and returns one. Otherwise it returns zero. The
|
||||
// |out_sign_nid| argument can be NULL if the caller only wishes to learn
|
||||
// whether the combination is valid.
|
||||
OPENSSL_EXPORT int OBJ_find_sigid_by_algs(int *out_sign_nid, int digest_nid,
|
||||
int pkey_nid);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
typedef struct obj_name_st {
|
||||
int type;
|
||||
int alias;
|
||||
const char *name;
|
||||
const char *data;
|
||||
} OBJ_NAME;
|
||||
|
||||
#define OBJ_NAME_TYPE_MD_METH 1
|
||||
#define OBJ_NAME_TYPE_CIPHER_METH 2
|
||||
|
||||
// OBJ_NAME_do_all_sorted calls |callback| zero or more times, each time with
|
||||
// the name of a different primitive. If |type| is |OBJ_NAME_TYPE_MD_METH| then
|
||||
// the primitives will be hash functions, alternatively if |type| is
|
||||
// |OBJ_NAME_TYPE_CIPHER_METH| then the primitives will be ciphers or cipher
|
||||
// modes.
|
||||
//
|
||||
// This function is ill-specified and should never be used.
|
||||
OPENSSL_EXPORT void OBJ_NAME_do_all_sorted(
|
||||
int type, void (*callback)(const OBJ_NAME *, void *arg), void *arg);
|
||||
|
||||
|
||||
// OBJ_cleanup does nothing.
|
||||
OPENSSL_EXPORT void OBJ_cleanup(void);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#define OBJ_R_UNKNOWN_NID 100
|
||||
#define OBJ_R_INVALID_OID_STRING 101
|
||||
|
||||
#endif // OPENSSL_HEADER_OBJ_H
|
||||
+7
@@ -0,0 +1,7 @@
|
||||
// Copyright (c) 2016, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "nid.h"
|
||||
+8
@@ -0,0 +1,8 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "obj.h"
|
||||
#include "asn1.h"
|
||||
+636
@@ -0,0 +1,636 @@
|
||||
// Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef AWSLC_OCSP_H
|
||||
#define AWSLC_OCSP_H
|
||||
|
||||
#include <openssl/asn1t.h>
|
||||
#include <openssl/safestack.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// Various OCSP flags and values
|
||||
|
||||
|
||||
// The following constants are OCSP reason codes identify the reason for the
|
||||
// certificate revocation.
|
||||
//
|
||||
// CRLReason ::= ENUMERATED {
|
||||
// unspecified (0),
|
||||
// keyCompromise (1),
|
||||
// cACompromise (2),
|
||||
// affiliationChanged (3),
|
||||
// superseded (4),
|
||||
// cessationOfOperation (5),
|
||||
// -- value 7 is not used
|
||||
// certificateHold (6),
|
||||
// removeFromCRL (8),
|
||||
// privilegeWithdrawn (9),
|
||||
// aACompromise (10) }
|
||||
//
|
||||
// Reason Code RFC: https://www.rfc-editor.org/rfc/rfc5280#section-5.3.1
|
||||
//
|
||||
// Note: OCSP_REVOKED_STATUS_NOSTATUS is defined by OpenSSL and is not defined
|
||||
// within the RFC.
|
||||
#define OCSP_REVOKED_STATUS_NOSTATUS -1
|
||||
#define OCSP_REVOKED_STATUS_UNSPECIFIED 0
|
||||
#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
|
||||
#define OCSP_REVOKED_STATUS_CACOMPROMISE 2
|
||||
#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
|
||||
#define OCSP_REVOKED_STATUS_SUPERSEDED 4
|
||||
#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
|
||||
#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
|
||||
#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
|
||||
#define OCSP_REVOKED_STATUS_PRIVILEGEWITHDRAWN 9
|
||||
#define OCSP_REVOKED_STATUS_AACOMPROMISE 10
|
||||
|
||||
// OCSP_NOCERTS is for |OCSP_request_sign| and |OCSP_basic_sign|. Setting
|
||||
// this excludes certificates request/response and ignores the |certs|
|
||||
// parameter. Certificates are optional.
|
||||
#define OCSP_NOCERTS 0x1
|
||||
// OCSP_NOINTERN is for |OCSP_basic_verify| and |OCSP_request_verify|.
|
||||
// Certificates included within |bs| or |req| will be included in the
|
||||
// search for the signing certificate by default, unless |OCSP_NOINTERN| is set.
|
||||
#define OCSP_NOINTERN 0x2
|
||||
// OCSP_NOCHAIN is for |OCSP_basic_verify| and |OCSP_request_verify|.
|
||||
// For |OCSP_basic_verify|, certificates in both |certs| and in |bs| are
|
||||
// considered as certificates for the construction of the validation path for
|
||||
// the signer certificate by default, unless |OCSP_NOCHAIN| is set.
|
||||
// For |OCSP_request_verify|, certificates in |req| are considered as
|
||||
// certificates for the construction of the validation path for the signer
|
||||
// certificate by default, unless |OCSP_NOCHAIN| is set.
|
||||
#define OCSP_NOCHAIN 0x8
|
||||
// OCSP_NOVERIFY is for |OCSP_basic_verify| and |OCSP_request_verify|. When
|
||||
// setting this flag, the signature on the OCSP response/request will still be
|
||||
// verified, but additionally verification of the signer certificate will be
|
||||
// skipped.
|
||||
#define OCSP_NOVERIFY 0x10
|
||||
// OCSP_NOEXPLICIT is for |OCSP_basic_verify|. We will check for explicit trust
|
||||
// for OCSP signing in the root CA certificate, unless the flags contain
|
||||
// |OCSP_NOEXPLICIT|.
|
||||
#define OCSP_NOEXPLICIT 0x20
|
||||
// OCSP_TRUSTOTHER is for |OCSP_basic_verify| and |OCSP_request_verify|. When
|
||||
// set, all certificates within |certs| are implicitly trusted.
|
||||
#define OCSP_TRUSTOTHER 0x200
|
||||
// OCSP_RESPID_KEY is for |OCSP_basic_sign|. By default, the OCSP responder is
|
||||
// identified by name and included in the response. Setting this changes the
|
||||
// default identifier to be the hash of the issuer's public key instead.
|
||||
#define OCSP_RESPID_KEY 0x400
|
||||
// OCSP_NOTIME is for |OCSP_basic_sign|. Setting this excludes the default
|
||||
// behavior of setting the |producedAt| time field in |resp| against the current
|
||||
// time and leaves it empty.
|
||||
#define OCSP_NOTIME 0x800
|
||||
|
||||
|
||||
typedef struct ocsp_cert_id_st OCSP_CERTID;
|
||||
typedef struct ocsp_one_request_st OCSP_ONEREQ;
|
||||
typedef struct ocsp_req_info_st OCSP_REQINFO;
|
||||
typedef struct ocsp_signature_st OCSP_SIGNATURE;
|
||||
typedef struct ocsp_request_st OCSP_REQUEST;
|
||||
typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
|
||||
typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
|
||||
typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
|
||||
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
|
||||
typedef struct ocsp_response_data_st OCSP_RESPDATA;
|
||||
typedef struct ocsp_response_st OCSP_RESPONSE;
|
||||
typedef struct ocsp_responder_id_st OCSP_RESPID;
|
||||
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
|
||||
|
||||
DEFINE_STACK_OF(OCSP_CERTID)
|
||||
DEFINE_STACK_OF(OCSP_ONEREQ)
|
||||
DEFINE_STACK_OF(OCSP_RESPID)
|
||||
DEFINE_STACK_OF(OCSP_SINGLERESP)
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
|
||||
DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
|
||||
DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
|
||||
DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
|
||||
DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
|
||||
DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
|
||||
|
||||
// d2i_OCSP_REQUEST_bio parses a DER-encoded OCSP request from |bp|, converts it
|
||||
// into an |OCSP_REQUEST|, and writes the result in |preq|.
|
||||
OPENSSL_EXPORT OCSP_REQUEST *d2i_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST **preq);
|
||||
|
||||
// d2i_OCSP_RESPONSE_bio parses a DER-encoded OCSP response from |bp|, converts
|
||||
// it into an |OCSP_RESPONSE|, and writes the result in |presp|.
|
||||
OPENSSL_EXPORT OCSP_RESPONSE *d2i_OCSP_RESPONSE_bio(BIO *bp,
|
||||
OCSP_RESPONSE **presp);
|
||||
|
||||
// i2d_OCSP_RESPONSE_bio marshals |presp| as a DER-encoded OCSP response and
|
||||
// writes the result to |bp|.
|
||||
OPENSSL_EXPORT int i2d_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE *presp);
|
||||
|
||||
// i2d_OCSP_REQUEST_bio marshals |preq| as a DER-encoded OCSP request and
|
||||
// writes the result to |bp|.
|
||||
OPENSSL_EXPORT int i2d_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST *preq);
|
||||
|
||||
// OCSP_CERTID_dup allocates a new |OCSP_CERTID| and sets it equal to the state
|
||||
// of |id|. It returns the new |OCSP_CERTID| or NULL on error.
|
||||
OPENSSL_EXPORT OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
|
||||
|
||||
// OCSP_sendreq_bio is a blocking OCSP request handler which is a special case
|
||||
// of non-blocking I/O.
|
||||
// |OCSP_sendreq_bio| combines |OCSP_sendreq_new| with as many calls of
|
||||
// |OCSP_sendreq_nbio| as needed and then |OCSP_REQ_CTX_free|, with a response
|
||||
// header maximum line length of 4k. It waits indefinitely on a response, if
|
||||
// |BIO_should_retry| is true and the |BIO| persists.
|
||||
//
|
||||
// WARNING: This is retained only for compatibility. This does not support
|
||||
// setting a timeout or adding your own HTTP headers.
|
||||
// Use |OCSP_sendreq_nbio| and handle the timeout accordingly to the |BIO| type.
|
||||
// You can also use |OCSP_REQ_CTX_add1_header| to add your own HTTP headers.
|
||||
OPENSSL_EXPORT OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path,
|
||||
OCSP_REQUEST *req);
|
||||
|
||||
// OCSP_sendreq_new returns an |OCSP_REQ_CTX| structure using the responder io,
|
||||
// the URL path, the |OCSP_REQUEST| req to be sent, and with a response header
|
||||
// maximum line length of maxline. If maxline is zero or less, a default value
|
||||
// of 4k is used. The |OCSP_REQUEST| req may be set to NULL and provided later
|
||||
// if required.
|
||||
OPENSSL_EXPORT OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
|
||||
OCSP_REQUEST *req, int maxline);
|
||||
|
||||
// OCSP_sendreq_nbio attempts to send the request prepared in |rctx| and to
|
||||
// gather the response via HTTP, using the |BIO| io and path that were given
|
||||
// when calling |OCSP_sendreq_new|.
|
||||
OPENSSL_EXPORT int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
|
||||
|
||||
// OCSP_REQ_CTX_new creates a new |OCSP_REQ_CTX|. |OCSP_REQ_CTX| is used to
|
||||
// contain the information to send the OCSP request and gather the response
|
||||
// over HTTP.
|
||||
OPENSSL_EXPORT OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline);
|
||||
|
||||
// OCSP_REQ_CTX_free frees the memory allocated by |OCSP_REQ_CTX|.
|
||||
OPENSSL_EXPORT void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
|
||||
|
||||
// OCSP_set_max_response_length sets the maximum response length for an OCSP
|
||||
// request over HTTP to |len|. If a custom max response length is needed, this
|
||||
// should be set before |OCSP_REQ_CTX| is sent out to retrieve the OCSP
|
||||
// response.
|
||||
OPENSSL_EXPORT void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx,
|
||||
unsigned long len);
|
||||
|
||||
// OCSP_REQ_CTX_http adds the HTTP request line to the context.
|
||||
OPENSSL_EXPORT int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op,
|
||||
const char *path);
|
||||
|
||||
// OCSP_REQ_CTX_set1_req finalizes the HTTP request context. It is needed if
|
||||
// an ASN.1-encoded request should be sent.
|
||||
OPENSSL_EXPORT int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
|
||||
|
||||
// OCSP_REQ_CTX_add1_header adds header name with value |value| to the
|
||||
// context |rctx|. It can be called more than once to add multiple header
|
||||
// lines.
|
||||
OPENSSL_EXPORT int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
|
||||
const char *name,
|
||||
const char *value);
|
||||
|
||||
// OCSP_REQ_CTX_i2d parses the ASN.1 contents of |rctx| into the der format.
|
||||
int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, ASN1_VALUE *val);
|
||||
|
||||
// OCSP_request_add0_id adds |cid| to |req|. Returns the new |OCSP_ONEREQ|
|
||||
// pointer allocated on the stack within |req|. This is useful if we want to
|
||||
// add extensions.
|
||||
// WARNING: This allocates a new |OCSP_ONEREQ| and assigns the pointer to |cid|
|
||||
// to it. It then adds the newly allocated |OCSP_ONEREQ| to the stack within
|
||||
// |req|. |req| now takes ownership of |cid|, and also maintains ownership of
|
||||
// the pointer to |OCSP_ONEREQ|.
|
||||
OPENSSL_EXPORT OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req,
|
||||
OCSP_CERTID *cid);
|
||||
|
||||
// OCSP_onereq_get0_id returns the certificate identifier
|
||||
// associated with an OCSP request
|
||||
OPENSSL_EXPORT OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
|
||||
|
||||
// OCSP_request_add1_nonce adds a nonce of value |val| and length |len| to
|
||||
// |req|. If |val| is NULL, a random nonce is generated and used. If |len| is
|
||||
// zero or negative, a default length of 16 bytes will be used.
|
||||
// If |val| is non-NULL, |len| must equal the length of |val|. This is different
|
||||
// from OpenSSL, which allows a default length for |len| to be used. Mis-usage
|
||||
// of the default length could result in a read overflow, so we disallow it.
|
||||
OPENSSL_EXPORT int OCSP_request_add1_nonce(OCSP_REQUEST *req,
|
||||
unsigned char *val, int len);
|
||||
|
||||
// OCSP_basic_add1_nonce is identical to |OCSP_request_add1_nonce|, but adds the
|
||||
// nonce to |resp| instead (the response).
|
||||
OPENSSL_EXPORT int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp,
|
||||
unsigned char *val, int len);
|
||||
|
||||
// OCSP_check_nonce checks nonce existence and equality in |req| and |bs|. If
|
||||
// there is parsing issue with |req| or |bs|, it will be determined that a
|
||||
// nonce does not exist within |req| or |bs|.
|
||||
//
|
||||
// Return value reflects result:
|
||||
// OCSP_NONCE_EQUAL (1: nonces present and equal.)
|
||||
// OCSP_NONCE_BOTH_ABSENT (2: nonces both absent.)
|
||||
// OCSP_NONCE_RESPONSE_ONLY (3: nonce present in |bs| only.)
|
||||
// OCSP_NONCE_NOT_EQUAL (0: parameters are NULL or nonces are both present
|
||||
// but not equal.)
|
||||
// OCSP_NONCE_REQUEST_ONLY (-1: nonce in |req| only.)
|
||||
//
|
||||
// For most responders, clients can check "return > 0".
|
||||
// If an OCSP responder doesn't handle nonces, "return != 0" may be necessary.
|
||||
// "return == 0" will always be an error. The error can mean that NULL
|
||||
// parameter was passed into the function, or that the nonces are both present,
|
||||
// but aren't equal.
|
||||
OPENSSL_EXPORT int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
|
||||
|
||||
// OCSP_copy_nonce copies the nonce value (if any) from |req| to |resp|. Returns
|
||||
// 1 on success and 0 on failure. If the optional nonce value does not exist in
|
||||
// |req|, we return 2 instead.
|
||||
//
|
||||
// Note: |OCSP_copy_nonce| allows for multiple OCSP nonces to exist and appends
|
||||
// the new nonce to the end of the extension list. This causes issues with
|
||||
// |OCSP_check_nonce|, since it looks for the first one in the list. The old
|
||||
// nonce extension should be deleted prior to calling |OCSP_copy_nonce|.
|
||||
OPENSSL_EXPORT int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
|
||||
|
||||
// OCSP_request_set1_name sets |requestorName| from an |X509_NAME| structure.
|
||||
OPENSSL_EXPORT int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
|
||||
|
||||
// OCSP_request_add1_cert adds a certificate to an |OCSP_REQUEST|.
|
||||
OPENSSL_EXPORT int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
|
||||
|
||||
// OCSP_request_is_signed checks if the optional signature exists for |req|.
|
||||
OPENSSL_EXPORT int OCSP_request_is_signed(OCSP_REQUEST *req);
|
||||
|
||||
// OCSP_request_onereq_count returns the number of |OCSP_ONEREQ|s in |req|.
|
||||
OPENSSL_EXPORT int OCSP_request_onereq_count(OCSP_REQUEST *req);
|
||||
|
||||
// OCSP_request_onereq_get0 returns the |OCSP_ONEREQ| in |req| at index |i| or
|
||||
// NULL if |i| is out of bounds.
|
||||
OPENSSL_EXPORT OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
|
||||
|
||||
// OCSP_request_sign signs the OCSP request |req| using |key| and |dgst|. |key|
|
||||
// MUST be the private key of |signer|. One or more optional certificates can be
|
||||
// added to |resp| with |certs|. This function will fail if a signature in |req|
|
||||
// already exists.
|
||||
//
|
||||
// Note: 1. The OCSP requester is identified by the subject name from |signer|
|
||||
// and included in |req|.
|
||||
// 2. All certificates in |certs| are added to |req| by default. Setting
|
||||
// |OCSP_NOCERTS| excludes certificates from being added in |req| and
|
||||
// ignores the |certs| parameter.
|
||||
OPENSSL_EXPORT int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer,
|
||||
EVP_PKEY *key, const EVP_MD *dgst,
|
||||
STACK_OF(X509) *certs,
|
||||
unsigned long flags);
|
||||
|
||||
// OCSP_response_status returns response status from |OCSP_RESPONSE|.
|
||||
OPENSSL_EXPORT int OCSP_response_status(OCSP_RESPONSE *resp);
|
||||
|
||||
// OCSP_response_get1_basic returns |OCSP_BASICRESP| from |OCSP_RESPONSE|.
|
||||
OPENSSL_EXPORT OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
|
||||
|
||||
// OCSP_resp_count returns the number of |OCSP_SINGLERESP| responses present
|
||||
// in |bs|.
|
||||
OPENSSL_EXPORT int OCSP_resp_count(OCSP_BASICRESP *bs);
|
||||
|
||||
// OCSP_resp_get0 returns the |OCSP_SINGLERESP| at the |idx| within |bs|.
|
||||
OPENSSL_EXPORT OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, size_t idx);
|
||||
|
||||
// OCSP_single_get0_status returns the status of |single|.
|
||||
//
|
||||
// Note: 1. |reason| value is allowed to be null.
|
||||
// 2. Time values passed into function are allowed to be NULL if
|
||||
// certificate fields are empty.
|
||||
// 3. |revtime| and |reason| values only set if the certificate status is
|
||||
// revoked.
|
||||
OPENSSL_EXPORT int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
|
||||
ASN1_GENERALIZEDTIME **revtime,
|
||||
ASN1_GENERALIZEDTIME **thisupd,
|
||||
ASN1_GENERALIZEDTIME **nextupd);
|
||||
|
||||
// OCSP_resp_find returns the index of the |OCSP_SINGLERESP| in |bs| which
|
||||
// matches |id| if found, or -1 if not found.
|
||||
OPENSSL_EXPORT int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id,
|
||||
int last);
|
||||
|
||||
// OCSP_resp_find_status looks up a cert id and extract the update time and
|
||||
// revocation status of certificate sent back from OCSP responder if found.
|
||||
// Returns 1 on success.
|
||||
//
|
||||
// Note: 1. Revocation status code is passed into |*status| parameter. Status
|
||||
// code will not be passed if |*status| is NULL.
|
||||
OPENSSL_EXPORT int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id,
|
||||
int *status, int *reason,
|
||||
ASN1_GENERALIZEDTIME **revtime,
|
||||
ASN1_GENERALIZEDTIME **thisupd,
|
||||
ASN1_GENERALIZEDTIME **nextupd);
|
||||
|
||||
// OCSP_check_validity checks the validity of |thisUpdate| and |nextUpdate|
|
||||
// fields from an |OCSP_SINGLERESP|.
|
||||
//
|
||||
// Note: 1. It is possible that the request will take a few seconds to process
|
||||
// and/or the local system time isn't exactly the same as the OCSP
|
||||
// responder's time. Therefore, to avoid rejecting otherwise valid time
|
||||
// we allow the times to be within |drift_num_seconds| of the current
|
||||
// time.
|
||||
// 2. Also, to avoid accepting very old responses without a
|
||||
// |nextUpdate| field, an optional |max_age_seconds| parameter
|
||||
// specifies the maximum age the |thisUpdate| field can be.
|
||||
// |max_age_seconds| should be the number of seconds relative to
|
||||
// |thisUpdate|. You can also set |max_age_seconds| to "-1", if the
|
||||
// maximum age should not be checked.
|
||||
// 3. |thisUpdate| should be within the range of: (current time -
|
||||
// max_age_seconds) < |thisUpdate| < (current time +
|
||||
// drift_num_seconds).
|
||||
// |nextUpdate| should be in the future: (current time +
|
||||
// drift_num_seconds) < |nextUpdate|.
|
||||
// 4. |thisUpdate| and |nextUpdate| are defined in the RFC:
|
||||
// https://datatracker.ietf.org/doc/html/rfc6960#section-2.4
|
||||
OPENSSL_EXPORT int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisUpdate,
|
||||
ASN1_GENERALIZEDTIME *nextUpdate,
|
||||
long drift_num_seconds,
|
||||
long max_age_seconds);
|
||||
|
||||
// OCSP_basic_verify verifies a basic response message. It checks that |bs| is
|
||||
// correctly signed and that the signer certificate can be validated.
|
||||
// Returns 1 if the response is valid, 0 if the signature cannot be verified,
|
||||
// or -1 on fatal errors such as malloc failure.
|
||||
//
|
||||
// Note: 1. Checks that OCSP response CAN be verified, but does not imply
|
||||
// anything about the corresponding certificate's revocation status.
|
||||
// 2. |OCSP_resp_find_status| should be used to check if the OCSP
|
||||
// response's cert status is |V_OCSP_CERTSTATUS_GOOD|.
|
||||
// |OCSP_check_validity| should also be used to validate that the OCSP
|
||||
// response's timestamps are correct.
|
||||
OPENSSL_EXPORT int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
|
||||
X509_STORE *st, unsigned long flags);
|
||||
|
||||
// OCSP_request_verify verifies the OCSP request message, |req|, with |st|.
|
||||
// OCSP request signatures are optional according to RFC6960, but one can check
|
||||
// that |req| is correctly signed and that the signer certificate can be
|
||||
// validated if a signature exists. This returns 1 if |req| is valid or returns
|
||||
// 0 if |req|'s signature is non-existent or cannot be verified.
|
||||
OPENSSL_EXPORT int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
|
||||
X509_STORE *st, unsigned long flags);
|
||||
|
||||
// OCSP_cert_id_new creates and returns a new |OCSP_CERTID| using |dgst|,
|
||||
// |issuerName|, |issuerKey|, and |serialNumber| as its contents.
|
||||
OPENSSL_EXPORT OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
|
||||
const X509_NAME *issuerName,
|
||||
const ASN1_BIT_STRING *issuerKey,
|
||||
const ASN1_INTEGER *serialNumber);
|
||||
|
||||
// OCSP_cert_to_id returns a |OCSP_CERTID| converted from a certificate and its
|
||||
// issuer.
|
||||
//
|
||||
// Note: 1. If |subject| is NULL, we get the subject name from the issuer and
|
||||
// set the serial number to NULL.
|
||||
// 2. OpenSSL's legacy OCSP code decided to make SHA-1 as default hash
|
||||
// algorithm when the |dgst| is set as NULL. We keep this to maintain
|
||||
// backwards compatibility, but strongly advise to set a digest when
|
||||
// using this function. Even though this is not used cryptographically,
|
||||
// there is the possibility of a response being returned with a forced
|
||||
// issuer name when using SHA-1 (assuming a preimage attack, which is
|
||||
// beyond the scope of how SHA-1 is currently vulnerable).
|
||||
OPENSSL_EXPORT OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst,
|
||||
const X509 *subject,
|
||||
const X509 *issuer);
|
||||
|
||||
// OCSP_parse_url parses an OCSP responder URL and returns its component parts.
|
||||
// |url| argument must be a null-terminated string containing the URL to be
|
||||
// parsed. The other arguments are pointers to variables that will be set to the
|
||||
// parsed components of the URL. When |OCSP_parse_url| returns 1, these
|
||||
// arguments will allocate new memory with a copy of value. It is the caller's
|
||||
// responsibility to free these.
|
||||
//
|
||||
// |phost|: A pointer to a char pointer that will be set to the host component
|
||||
// of the URL. If the URL does not contain a host component, this will
|
||||
// be set to an empty string.
|
||||
// |pport|: A pointer to an int that will be set to the port number specified
|
||||
// in the URL, or to the default port (80 for HTTP, 443 for HTTPS)
|
||||
// if no port number is specified.
|
||||
// |ppath|: A pointer to a char pointer that will be set to the path component
|
||||
// of the URL. If the URL does not contain a path component, this
|
||||
// will be set to "/".
|
||||
// |pssl|: A pointer to an int that will be set to 1 if the URL specifies the
|
||||
// HTTPS protocol, or 0 if HTTP.
|
||||
//
|
||||
// Note: |OCSP_parse_url| does not perform any validation of the URL or its
|
||||
// components beyond basic parsing. It is the responsibility of the
|
||||
// caller to ensure that the URL is well-formed and valid.
|
||||
OPENSSL_EXPORT int OCSP_parse_url(const char *url, char **phost, char **pport,
|
||||
char **ppath, int *pssl);
|
||||
|
||||
// OCSP_id_issuer_cmp compares the issuers' name and key hash of |a| and |b|. It
|
||||
// returns 0 on equal.
|
||||
OPENSSL_EXPORT int OCSP_id_issuer_cmp(const OCSP_CERTID *a,
|
||||
const OCSP_CERTID *b);
|
||||
|
||||
// OCSP_id_cmp calls |OCSP_id_issuer_cmp| and additionally compares the
|
||||
// |serialNumber| of |a| and |b|. It returns 0 on equal.
|
||||
OPENSSL_EXPORT int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
|
||||
|
||||
// OCSP_id_get0_info returns the issuer name hash, hash OID, issuer key hash,
|
||||
// and the serial number contained in |cid|. If any of the values are not
|
||||
// required, the corresponding parameter can be set to NULL.
|
||||
OPENSSL_EXPORT int OCSP_id_get0_info(ASN1_OCTET_STRING **nameHash,
|
||||
ASN1_OBJECT **algor,
|
||||
ASN1_OCTET_STRING **keyHash,
|
||||
ASN1_INTEGER **serial, OCSP_CERTID *cid);
|
||||
|
||||
// OCSP_basic_add1_cert adds |cert| to the |resp|.
|
||||
OPENSSL_EXPORT int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
|
||||
|
||||
// OCSP_basic_add1_status creates and returns an |OCSP_SINGLERESP| with |cid|,
|
||||
// |status|, |this_update| and |next_update|. The newly created
|
||||
// |OCSP_SINGLERESP| is pushed onto the internal |OCSP_SINGLERESP| stack in
|
||||
// |resp|. |status| should be a value defined by |V_OCSP_CERTSTATUS_*|.
|
||||
//
|
||||
// 1. If |status| has the value |V_OCSP_CERTSTATUS_REVOKED|, |revoked_reason|
|
||||
// should be a valid |OCSP_REVOKED_STATUS_*| value and |revoked_time| cannot be
|
||||
// empty.
|
||||
// 2. If |status| has the value of either |V_OCSP_CERTSTATUS_GOOD| or
|
||||
// |V_OCSP_CERTSTATUS_UNKNOWN|, |revoked_reason| and |revoked_time| are ignored.
|
||||
OPENSSL_EXPORT OCSP_SINGLERESP *OCSP_basic_add1_status(
|
||||
OCSP_BASICRESP *resp, OCSP_CERTID *cid, int status, int revoked_reason,
|
||||
ASN1_TIME *revoked_time, ASN1_TIME *this_update, ASN1_TIME *next_update);
|
||||
|
||||
// OCSP_basic_sign signs the OCSP response |resp| using |key| and |dgst|. |key|
|
||||
// MUST be the private key of |signer|. One or more optional certificates can be
|
||||
// added to |resp| with |certs|.
|
||||
//
|
||||
// Note: 1. By default, the OCSP responder is identified by the subject name
|
||||
// from |signer| and included in |resp|. Users can set
|
||||
// |OCSP_RESPID_KEY| with |flags|, if they wish for the responder to
|
||||
// be identified by the hash of |signer|'s public key instead.
|
||||
// 2. All certificates in |certs| are added to |resp| by default. Setting
|
||||
// |OCSP_NOCERTS| excludes certificates from being added in |resp| and
|
||||
// ignores the |certs| parameter.
|
||||
// 3. The |producedAt| time field is set to the current time by default.
|
||||
// Setting |OCSP_NOTIME| excludes setting the |producedAt| time field
|
||||
// in |resp| and leaves it empty.
|
||||
OPENSSL_EXPORT int OCSP_basic_sign(OCSP_BASICRESP *resp, X509 *signer,
|
||||
EVP_PKEY *key, const EVP_MD *dgst,
|
||||
STACK_OF(X509) *certs, unsigned long flags);
|
||||
|
||||
// OCSP_response_create creates an |OCSP_RESPONSE| and encodes an optional |bs|
|
||||
// within it.
|
||||
OPENSSL_EXPORT OCSP_RESPONSE *OCSP_response_create(int status,
|
||||
OCSP_BASICRESP *bs);
|
||||
|
||||
// OCSP_SINGLERESP_get0_id returns the |OCSP_CERTID| within |x|.
|
||||
OPENSSL_EXPORT const OCSP_CERTID *OCSP_SINGLERESP_get0_id(
|
||||
const OCSP_SINGLERESP *x);
|
||||
|
||||
// OCSP_response_status_str returns the OCSP response status of |status_code| as
|
||||
// a string.
|
||||
OPENSSL_EXPORT const char *OCSP_response_status_str(long status_code);
|
||||
|
||||
// OCSP_cert_status_str returns the OCSP cert status of |status_code| as
|
||||
// a string.
|
||||
OPENSSL_EXPORT const char *OCSP_cert_status_str(long status_code);
|
||||
|
||||
// OCSP_crl_reason_str returns the OCSP CRL reason of |status_code| as a string.
|
||||
// |OCSP_resp_find_status| can be used to retrieve the reason status code
|
||||
// if an OCSP response is revoked.
|
||||
OPENSSL_EXPORT const char *OCSP_crl_reason_str(long status_code);
|
||||
|
||||
// OCSP_REQUEST_print prints the contents of an OCSP request to |bp|. |flags| is
|
||||
// used to configure printing of the |req|'s extensions (See
|
||||
// |X509V3_extensions_print| for more information).
|
||||
// This is typically used for debugging or diagnostic purposes.
|
||||
OPENSSL_EXPORT int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *req,
|
||||
unsigned long flags);
|
||||
|
||||
// OCSP_RESPONSE_print prints the contents of an OCSP response to |bp|. |flags|
|
||||
// is used to configure printing of the |resp|'s extensions (See
|
||||
// |X509V3_extensions_print| for more information).
|
||||
// This is typically used for debugging or diagnostic purposes.
|
||||
OPENSSL_EXPORT int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *resp,
|
||||
unsigned long flags);
|
||||
|
||||
// OCSP_BASICRESP_get_ext_by_NID returns the index of an extension |bs| by its
|
||||
// NID. Returns -1 if not found.
|
||||
OPENSSL_EXPORT int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *bs, int nid,
|
||||
int lastpos);
|
||||
|
||||
// OCSP_BASICRESP_get_ext returns the |X509_EXTENSION| in |bs| at index |loc|,
|
||||
// or NULL if |loc| is out of bounds.
|
||||
OPENSSL_EXPORT X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *bs,
|
||||
int loc);
|
||||
|
||||
|
||||
// OCSP |X509_EXTENSION| Functions
|
||||
|
||||
// OCSP_BASICRESP_delete_ext removes the extension in |x| at index |loc| and
|
||||
// returns the removed extension, or NULL if |loc| was out of bounds. If an
|
||||
// extension was returned, the caller must release it with
|
||||
// |X509_EXTENSION_free|.
|
||||
OPENSSL_EXPORT X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x,
|
||||
int loc);
|
||||
|
||||
// OCSP_SINGLERESP_add_ext adds a copy of |ex| to the extension list in
|
||||
// |*sresp|. It returns 1 on success and 0 on error. The new extension is
|
||||
// inserted at index |loc|, shifting extensions to the right. If |loc| is -1 or
|
||||
// out of bounds, the new extension is appended to the list.
|
||||
OPENSSL_EXPORT int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *sresp,
|
||||
X509_EXTENSION *ex, int loc);
|
||||
|
||||
// OCSP_SINGLERESP_get_ext_count returns the number of |X509_EXTENSION|s in
|
||||
// |sresp|.
|
||||
OPENSSL_EXPORT int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *sresp);
|
||||
|
||||
// OCSP_SINGLERESP_get_ext returns the |X509_EXTENSION| in |sresp|
|
||||
// at index |loc|, or NULL if |loc| is out of bounds.
|
||||
OPENSSL_EXPORT X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *sresp,
|
||||
int loc);
|
||||
|
||||
|
||||
// OCSP no-op flags [Deprecated].
|
||||
|
||||
// OCSP_NOSIGS does nothing. In OpenSSL, this skips signature verification in
|
||||
// |OCSP_basic_verify| and |OCSP_request_verify|.
|
||||
#define OCSP_NOSIGS 0
|
||||
|
||||
// OCSP_NOCASIGN does nothing. It's a legacy OCSP flag deprecated since OpenSSL
|
||||
// 1.0.1g.
|
||||
#define OCSP_NOCASIGN 0
|
||||
|
||||
// OCSP_NODELEGATED does nothing. It's a legacy OCSP flag deprecated since
|
||||
// OpenSSL 1.0.1g.
|
||||
#define OCSP_NODELEGATED 0
|
||||
|
||||
// OCSP_NOCHECKS does nothing. In OpenSSL, this disables verifying that the
|
||||
// signer certificate has met the OCSP issuer criteria or any potential
|
||||
// delegation in |OCSP_basic_verify|.
|
||||
#define OCSP_NOCHECKS 0
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(OCSP_REQUEST, OCSP_REQUEST_free)
|
||||
BORINGSSL_MAKE_DELETER(OCSP_REQ_CTX, OCSP_REQ_CTX_free)
|
||||
BORINGSSL_MAKE_DELETER(OCSP_RESPONSE, OCSP_RESPONSE_free)
|
||||
BORINGSSL_MAKE_DELETER(OCSP_BASICRESP, OCSP_BASICRESP_free)
|
||||
BORINGSSL_MAKE_DELETER(OCSP_CERTID, OCSP_CERTID_free)
|
||||
BORINGSSL_MAKE_DELETER(OCSP_SINGLERESP, OCSP_SINGLERESP_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
#endif // !BORINGSSL_NO_CXX
|
||||
|
||||
#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
|
||||
#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
|
||||
#define OCSP_RESPONSE_STATUS_INTERNALERROR 2
|
||||
#define OCSP_RESPONSE_STATUS_TRYLATER 3
|
||||
#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
|
||||
#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
|
||||
|
||||
#define V_OCSP_RESPID_NAME 0
|
||||
#define V_OCSP_RESPID_KEY 1
|
||||
|
||||
#define V_OCSP_CERTSTATUS_GOOD 0
|
||||
#define V_OCSP_CERTSTATUS_REVOKED 1
|
||||
#define V_OCSP_CERTSTATUS_UNKNOWN 2
|
||||
|
||||
#define OCSP_NONCE_EQUAL 1
|
||||
#define OCSP_NONCE_BOTH_ABSENT 2
|
||||
#define OCSP_NONCE_RESPONSE_ONLY 3
|
||||
#define OCSP_NONCE_NOT_EQUAL 0
|
||||
#define OCSP_NONCE_REQUEST_ONLY -1
|
||||
|
||||
#define OCSP_R_CERTIFICATE_VERIFY_ERROR 101
|
||||
#define OCSP_R_DIGEST_ERR 102
|
||||
#define OCSP_R_MISSING_OCSPSIGNING_USAGE 103
|
||||
#define OCSP_R_NOT_BASIC_RESPONSE 104
|
||||
#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105
|
||||
#define OCSP_R_NO_RESPONSE_DATA 108
|
||||
#define OCSP_R_NO_REVOKED_TIME 109
|
||||
#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110
|
||||
#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111
|
||||
#define OCSP_R_ROOT_CA_NOT_TRUSTED 112
|
||||
#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115
|
||||
#define OCSP_R_SIGNATURE_FAILURE 117
|
||||
#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118
|
||||
#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119
|
||||
#define OCSP_R_UNKNOWN_NID 120
|
||||
#define OCSP_R_ERROR_PARSING_URL 121
|
||||
#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122
|
||||
#define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123
|
||||
#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124
|
||||
#define OCSP_R_STATUS_EXPIRED 125
|
||||
#define OCSP_R_STATUS_NOT_YET_VALID 126
|
||||
#define OCSP_R_STATUS_TOO_OLD 127
|
||||
#define OCSP_R_REQUEST_NOT_SIGNED 128
|
||||
#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129
|
||||
#define OCSP_R_NO_SIGNER_KEY 130
|
||||
#define OCSP_R_OCSP_REQUEST_DUPLICATE_SIGNATURE 131
|
||||
#define OCSP_R_UNKNOWN_FIELD_VALUE 132
|
||||
|
||||
#endif // AWSLC_OCSP_H
|
||||
+78
@@ -0,0 +1,78 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#ifndef OPENSSL_HEADER_OPENSSLCONF_H
|
||||
#define OPENSSL_HEADER_OPENSSLCONF_H
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// OpenSSL compatibility configuration flags.
|
||||
|
||||
|
||||
#define OPENSSL_NO_ASYNC
|
||||
#define OPENSSL_NO_BLAKE2
|
||||
#define OPENSSL_NO_BUF_FREELISTS
|
||||
#define OPENSSL_NO_CAMELLIA
|
||||
#define OPENSSL_NO_CAPIENG
|
||||
#define OPENSSL_NO_CAST
|
||||
#define OPENSSL_NO_CMS
|
||||
#define OPENSSL_NO_COMP
|
||||
#define OPENSSL_NO_CRYPTO_MDEBUG
|
||||
#define OPENSSL_NO_CT
|
||||
#define OPENSSL_NO_DANE
|
||||
#define OPENSSL_NO_DEPRECATED
|
||||
#define OPENSSL_NO_DGRAM
|
||||
#define OPENSSL_NO_DYNAMIC_ENGINE
|
||||
#define OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
#define OPENSSL_NO_EC2M
|
||||
#define OPENSSL_NO_EGD
|
||||
#define OPENSSL_NO_ENGINE
|
||||
#define OPENSSL_NO_GMP
|
||||
#define OPENSSL_NO_GOST
|
||||
#define OPENSSL_NO_HEARTBEATS
|
||||
#define OPENSSL_NO_HW
|
||||
#define OPENSSL_NO_IDEA
|
||||
#define OPENSSL_NO_JPAKE
|
||||
#define OPENSSL_NO_KRB5
|
||||
#define OPENSSL_NO_MD2
|
||||
#define OPENSSL_NO_MDC2
|
||||
#define OPENSSL_NO_OCB
|
||||
// OPENSSL_NO_EXTERNAL_PSK_TLS13 indicates lack of support for external
|
||||
// PSK authentication in TLS >= 1.3. AWS-LC intentionally omits support
|
||||
// for this due to security conerns outlined in RFC 9258.
|
||||
#define OPENSSL_NO_EXTERNAL_PSK_TLS13
|
||||
#define OPENSSL_NO_RC2
|
||||
#define OPENSSL_NO_RC5
|
||||
#define OPENSSL_NO_RFC3779
|
||||
#define OPENSSL_NO_RIPEMD
|
||||
#define OPENSSL_NO_RMD160
|
||||
#define OPENSSL_NO_SCTP
|
||||
#define OPENSSL_NO_SEED
|
||||
#define OPENSSL_NO_SM2
|
||||
#define OPENSSL_NO_SM3
|
||||
#define OPENSSL_NO_SM4
|
||||
#define OPENSSL_NO_SRP
|
||||
#define OPENSSL_NO_SSL_TRACE
|
||||
#define OPENSSL_NO_SSL2
|
||||
#define OPENSSL_NO_SSL3
|
||||
#define OPENSSL_NO_SSL3_METHOD
|
||||
#define OPENSSL_NO_STATIC_ENGINE
|
||||
#define OPENSSL_NO_STORE
|
||||
#define OPENSSL_NO_TS
|
||||
#define OPENSSL_NO_UI_CONSOLE
|
||||
#define OPENSSL_NO_WHIRLPOOL
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#endif // OPENSSL_HEADER_OPENSSLCONF_H
|
||||
+16
@@ -0,0 +1,16 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
// MySQL does regex parsing on the opensslv.h file directly.
|
||||
// https://github.com/mysql/mysql-server/blob/8.0/cmake/ssl.cmake#L208-L227
|
||||
// |OPENSSL_VERSION_NUMBER| is defined here again to comply to this. MySQL
|
||||
// only parses this to define version numbers in their CMake script.
|
||||
// It does not require it to be active.
|
||||
#if 0
|
||||
#define OPENSSL_VERSION_NUMBER 0x1010107f
|
||||
#endif
|
||||
+16
@@ -0,0 +1,16 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
// MySQL does regex parsing on the opensslv.h file directly.
|
||||
// https://github.com/mysql/mysql-server/blob/8.0/cmake/ssl.cmake#L208-L227
|
||||
// |OPENSSL_VERSION_NUMBER| is defined here again to comply to this. MySQL
|
||||
// only parses this to define version numbers in their CMake script.
|
||||
// It does not require it to be active.
|
||||
#if 0
|
||||
#define OPENSSL_VERSION_NUMBER @OPENSSL_VERSION_NUMBER@
|
||||
#endif
|
||||
+7
@@ -0,0 +1,7 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "base.h"
|
||||
+531
@@ -0,0 +1,531 @@
|
||||
// Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_PEM_H
|
||||
#define OPENSSL_HEADER_PEM_H
|
||||
|
||||
#include <openssl/base64.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/cipher.h>
|
||||
#include <openssl/digest.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
#include <openssl/stack.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
// For compatibility with open-iscsi, which assumes that it can get
|
||||
// |OPENSSL_malloc| from pem.h or err.h
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#define PEM_BUFSIZE 1024
|
||||
|
||||
#define PEM_STRING_X509_OLD "X509 CERTIFICATE"
|
||||
#define PEM_STRING_X509 "CERTIFICATE"
|
||||
#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR"
|
||||
#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
|
||||
#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
|
||||
#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST"
|
||||
#define PEM_STRING_X509_CRL "X509 CRL"
|
||||
#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY"
|
||||
#define PEM_STRING_PUBLIC "PUBLIC KEY"
|
||||
#define PEM_STRING_RSA "RSA PRIVATE KEY"
|
||||
#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"
|
||||
#define PEM_STRING_DSA "DSA PRIVATE KEY"
|
||||
#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
|
||||
#define PEM_STRING_EC "EC PRIVATE KEY"
|
||||
#define PEM_STRING_PKCS7 "PKCS7"
|
||||
#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
|
||||
#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
|
||||
#define PEM_STRING_PKCS8INF "PRIVATE KEY"
|
||||
#define PEM_STRING_DHPARAMS "DH PARAMETERS"
|
||||
#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
|
||||
#define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
|
||||
#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
|
||||
#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
|
||||
#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
|
||||
#define PEM_STRING_PARAMETERS "PARAMETERS"
|
||||
#define PEM_STRING_CMS "CMS"
|
||||
|
||||
// enc_type is one off
|
||||
#define PEM_TYPE_ENCRYPTED 10
|
||||
#define PEM_TYPE_MIC_ONLY 20
|
||||
#define PEM_TYPE_MIC_CLEAR 30
|
||||
#define PEM_TYPE_CLEAR 40
|
||||
|
||||
// For compatibility with OpenSSL. First argument ignored.
|
||||
#define PEMerr(f, r) OPENSSL_PUT_ERROR(PEM, (r))
|
||||
|
||||
// These macros make the PEM_read/PEM_write functions easier to maintain and
|
||||
// write. Now they are all implemented with either:
|
||||
// IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
|
||||
|
||||
|
||||
#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
|
||||
static void *pem_read_##name##_d2i(void **x, const unsigned char **inp, \
|
||||
long len) { \
|
||||
return d2i_##asn1((type **)x, inp, len); \
|
||||
} \
|
||||
OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, \
|
||||
pem_password_cb *cb, void *u) { \
|
||||
return (type *)PEM_ASN1_read(pem_read_##name##_d2i, str, fp, (void **)x, \
|
||||
cb, u); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
|
||||
static int pem_write_##name##_i2d(const void *x, unsigned char **outp) { \
|
||||
return i2d_##asn1((type *)x, outp); \
|
||||
} \
|
||||
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x) { \
|
||||
return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, NULL, NULL, 0, \
|
||||
NULL, NULL); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
|
||||
static int pem_write_##name##_i2d(const void *x, unsigned char **outp) { \
|
||||
return i2d_##asn1((const type *)x, outp); \
|
||||
} \
|
||||
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x) { \
|
||||
return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, (void *)x, NULL, \
|
||||
NULL, 0, NULL, NULL); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
|
||||
static int pem_write_##name##_i2d(const void *x, unsigned char **outp) { \
|
||||
return i2d_##asn1((type *)x, outp); \
|
||||
} \
|
||||
OPENSSL_EXPORT int PEM_write_##name( \
|
||||
FILE *fp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
|
||||
int pass_len, pem_password_cb *cb, void *u) { \
|
||||
return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, enc, pass, \
|
||||
pass_len, cb, u); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
|
||||
static int pem_write_##name##_i2d(const void *x, unsigned char **outp) { \
|
||||
return i2d_##asn1((const type *)x, outp); \
|
||||
} \
|
||||
OPENSSL_EXPORT int PEM_write_##name( \
|
||||
FILE *fp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
|
||||
int pass_len, pem_password_cb *cb, void *u) { \
|
||||
return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, enc, pass, \
|
||||
pass_len, cb, u); \
|
||||
}
|
||||
|
||||
|
||||
#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
|
||||
static void *pem_read_bio_##name##_d2i(void **x, const unsigned char **inp, \
|
||||
long len) { \
|
||||
return d2i_##asn1((type **)x, inp, len); \
|
||||
} \
|
||||
OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, \
|
||||
pem_password_cb *cb, void *u) { \
|
||||
return (type *)PEM_ASN1_read_bio(pem_read_bio_##name##_d2i, str, bp, \
|
||||
(void **)x, cb, u); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
|
||||
static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
|
||||
return i2d_##asn1((type *)x, outp); \
|
||||
} \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x) { \
|
||||
return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, x, NULL, \
|
||||
NULL, 0, NULL, NULL); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
|
||||
static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
|
||||
return i2d_##asn1((const type *)x, outp); \
|
||||
} \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x) { \
|
||||
return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, (void *)x, \
|
||||
NULL, NULL, 0, NULL, NULL); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
|
||||
static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
|
||||
return i2d_##asn1((type *)x, outp); \
|
||||
} \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name( \
|
||||
BIO *bp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
|
||||
int pass_len, pem_password_cb *cb, void *u) { \
|
||||
return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, x, enc, \
|
||||
pass, pass_len, cb, u); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
|
||||
static int pem_write_bio_##name##_i2d(const void *x, unsigned char **outp) { \
|
||||
return i2d_##asn1((const type *)x, outp); \
|
||||
} \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name( \
|
||||
BIO *bp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
|
||||
int pass_len, pem_password_cb *cb, void *u) { \
|
||||
return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, (void *)x, \
|
||||
enc, pass, pass_len, cb, u); \
|
||||
}
|
||||
|
||||
#define IMPLEMENT_PEM_write(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_fp(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_read(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_read_fp(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_read(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_read(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_const(name, type, str, asn1)
|
||||
|
||||
#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_read(name, type, str, asn1) \
|
||||
IMPLEMENT_PEM_write_cb(name, type, str, asn1)
|
||||
|
||||
// These are the same except they are for the declarations
|
||||
|
||||
#define DECLARE_PEM_read_fp(name, type) \
|
||||
OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, \
|
||||
pem_password_cb *cb, void *u);
|
||||
|
||||
#define DECLARE_PEM_write_fp(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x);
|
||||
|
||||
#define DECLARE_PEM_write_fp_const(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x);
|
||||
|
||||
#define DECLARE_PEM_write_cb_fp(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_##name( \
|
||||
FILE *fp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
|
||||
int pass_len, pem_password_cb *cb, void *u);
|
||||
|
||||
#define DECLARE_PEM_read_bio(name, type) \
|
||||
OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, \
|
||||
pem_password_cb *cb, void *u);
|
||||
|
||||
#define DECLARE_PEM_write_bio(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x);
|
||||
|
||||
#define DECLARE_PEM_write_bio_const(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x);
|
||||
|
||||
#define DECLARE_PEM_write_cb_bio(name, type) \
|
||||
OPENSSL_EXPORT int PEM_write_bio_##name( \
|
||||
BIO *bp, type *x, const EVP_CIPHER *enc, const unsigned char *pass, \
|
||||
int pass_len, pem_password_cb *cb, void *u);
|
||||
|
||||
|
||||
#define DECLARE_PEM_write(name, type) \
|
||||
DECLARE_PEM_write_bio(name, type) \
|
||||
DECLARE_PEM_write_fp(name, type)
|
||||
|
||||
#define DECLARE_PEM_write_const(name, type) \
|
||||
DECLARE_PEM_write_bio_const(name, type) \
|
||||
DECLARE_PEM_write_fp_const(name, type)
|
||||
|
||||
#define DECLARE_PEM_write_cb(name, type) \
|
||||
DECLARE_PEM_write_cb_bio(name, type) \
|
||||
DECLARE_PEM_write_cb_fp(name, type)
|
||||
|
||||
#define DECLARE_PEM_read(name, type) \
|
||||
DECLARE_PEM_read_bio(name, type) \
|
||||
DECLARE_PEM_read_fp(name, type)
|
||||
|
||||
#define DECLARE_PEM_rw(name, type) \
|
||||
DECLARE_PEM_read(name, type) \
|
||||
DECLARE_PEM_write(name, type)
|
||||
|
||||
#define DECLARE_PEM_rw_const(name, type) \
|
||||
DECLARE_PEM_read(name, type) \
|
||||
DECLARE_PEM_write_const(name, type)
|
||||
|
||||
#define DECLARE_PEM_rw_cb(name, type) \
|
||||
DECLARE_PEM_read(name, type) \
|
||||
DECLARE_PEM_write_cb(name, type)
|
||||
|
||||
// "userdata": new with OpenSSL 0.9.4
|
||||
typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
|
||||
|
||||
OPENSSL_EXPORT int PEM_get_EVP_CIPHER_INFO(char *header,
|
||||
EVP_CIPHER_INFO *cipher);
|
||||
|
||||
// PEM_do_header decrypts PEM-encoded data using the cipher info in |cipher|.
|
||||
// It processes |data| of length |len| using a password obtained via |callback|
|
||||
// (or the default callback provided via |PEM_def_callback| if NULL) with callback
|
||||
// data |u|. It then updates |len| with decrypted length.
|
||||
// Returns 1 on success or if |cipher| is NULL, 0 on failure.
|
||||
OPENSSL_EXPORT int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data,
|
||||
long *len, pem_password_cb *callback, void *u);
|
||||
|
||||
// PEM_read_bio reads from |bp|, until the next PEM block. If one is found, it
|
||||
// returns one and sets |*name|, |*header|, and |*data| to newly-allocated
|
||||
// buffers containing the PEM type, the header block, and the decoded data,
|
||||
// respectively. |*name| and |*header| are NUL-terminated C strings, while
|
||||
// |*data| has |*len| bytes. The caller must release each of |*name|, |*header|,
|
||||
// and |*data| with |OPENSSL_free| when done. If no PEM block is found, this
|
||||
// function returns zero and pushes |PEM_R_NO_START_LINE| to the error queue. If
|
||||
// one is found, but there is an error decoding it, it returns zero and pushes
|
||||
// some other error to the error queue.
|
||||
OPENSSL_EXPORT int PEM_read_bio(BIO *bp, char **name, char **header,
|
||||
unsigned char **data, long *len);
|
||||
|
||||
// PEM_write_bio writes a PEM block to |bp|, containing |len| bytes from |data|
|
||||
// as data. |name| and |hdr| are NUL-terminated C strings containing the PEM
|
||||
// type and header block, respectively. This function returns zero on error and
|
||||
// the number of bytes written on success.
|
||||
OPENSSL_EXPORT int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
|
||||
const unsigned char *data, long len);
|
||||
|
||||
// PEM_bytes_read_bio reads PEM-formatted data from |bp| for the data type given
|
||||
// in |name|. If a PEM block is found, it returns one and sets |*pnm| and
|
||||
// |*pdata| to newly-allocated buffers containing the PEM type and the decoded
|
||||
// data, respectively. |*pnm| is a NUL-terminated C string, while |*pdata| has
|
||||
// |*plen| bytes. The caller must release each of |*pnm| and |*pdata| with
|
||||
// |OPENSSL_free| when done. If no PEM block is found, this function returns
|
||||
// zero and pushes |PEM_R_NO_START_LINE| to the error queue. If one is found,
|
||||
// but there is an error decoding it, it returns zero and pushes some other
|
||||
// error to the error queue. |cb| is the callback to use when querying for
|
||||
// pass phrase used for encrypted PEM structures (normally only private keys)
|
||||
// and |u| is interpreted as the null terminated string to use as the
|
||||
// passphrase.
|
||||
OPENSSL_EXPORT int PEM_bytes_read_bio(unsigned char **pdata, long *plen,
|
||||
char **pnm, const char *name, BIO *bp,
|
||||
pem_password_cb *cb, void *u);
|
||||
|
||||
OPENSSL_EXPORT void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name,
|
||||
BIO *bp, void **x, pem_password_cb *cb,
|
||||
void *u);
|
||||
|
||||
// PEM_ASN1_write_bio writes ASN.1 structure |x| encoded by |i2d| to BIO |bp| in PEM format
|
||||
// with name |name|. If |enc| is non-NULL, encrypts data using cipher with password from
|
||||
// |pass| and |pass_len|, or via |callback| with user data |u| (uses PEM_def_callback if
|
||||
// callback is NULL). Returns 1 on success, 0 on failure.
|
||||
OPENSSL_EXPORT int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name,
|
||||
BIO *bp, void *x, const EVP_CIPHER *enc,
|
||||
const unsigned char *pass, int pass_len,
|
||||
pem_password_cb *cb, void *u);
|
||||
|
||||
// PEM_X509_INFO_read_bio reads PEM blocks from |bp| and decodes any
|
||||
// certificates, CRLs, and private keys found. It returns a
|
||||
// |STACK_OF(X509_INFO)| structure containing the results, or NULL on error.
|
||||
//
|
||||
// If |sk| is NULL, the result on success will be a newly-allocated
|
||||
// |STACK_OF(X509_INFO)| structure which should be released with
|
||||
// |sk_X509_INFO_pop_free| and |X509_INFO_free| when done.
|
||||
//
|
||||
// If |sk| is non-NULL, it appends the results to |sk| instead and returns |sk|
|
||||
// on success. In this case, the caller retains ownership of |sk| in both
|
||||
// success and failure.
|
||||
//
|
||||
// WARNING: If the input contains "TRUSTED CERTIFICATE" PEM blocks, this
|
||||
// function parses auxiliary properties as in |d2i_X509_AUX|. Passing untrusted
|
||||
// input to this function allows an attacker to influence those properties. See
|
||||
// |d2i_X509_AUX| for details.
|
||||
OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(
|
||||
BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
|
||||
|
||||
// PEM_X509_INFO_write_bio writes the contents of the |X509_INFO| structure |xi|
|
||||
// to the |BIO| object |bp| in PEM format. If the X509_INFO contains a
|
||||
// certificate (x509), it will be written after the private key (if any). Other
|
||||
// fields in X509_INFO (such as CRLs) are currently ignored.
|
||||
//
|
||||
// It returns 1 on success and 0 on failure.
|
||||
OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi,
|
||||
EVP_CIPHER *enc, unsigned char *kstr,
|
||||
int klen, pem_password_cb *cd,
|
||||
void *u);
|
||||
|
||||
// PEM_X509_INFO_read behaves like |PEM_X509_INFO_read_bio| but reads from a
|
||||
// |FILE|.
|
||||
OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp,
|
||||
STACK_OF(X509_INFO) *sk,
|
||||
pem_password_cb *cb,
|
||||
void *u);
|
||||
|
||||
OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header,
|
||||
unsigned char **data, long *len);
|
||||
OPENSSL_EXPORT int PEM_write(FILE *fp, const char *name, const char *hdr,
|
||||
const unsigned char *data, long len);
|
||||
OPENSSL_EXPORT void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp,
|
||||
void **x, pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
|
||||
void *x, const EVP_CIPHER *enc,
|
||||
const unsigned char *pass, int pass_len,
|
||||
pem_password_cb *callback, void *u);
|
||||
|
||||
// PEM_def_callback provides a password for PEM encryption/decryption operations.
|
||||
// This function is used as the default callback to provide a password for PEM
|
||||
// functions such as |PEM_do_header| and |PEM_ASN1_write_bio|.
|
||||
// If |userdata| is non-NULL, it treats |userdata| as a string and copies it
|
||||
// into |buf|, assuming |size| is sufficient. If |userdata| is NULL, it prompts
|
||||
// the user for a password using the prompt from EVP_get_pw_prompt() (or default
|
||||
// "Enter PEM pass phrase:"). For encryption (|rwflag|=1), a minimum password
|
||||
// length is enforced, while for decryption (|rwflag|=0) any password length is
|
||||
// accepted. Returns the length of the password (excluding null
|
||||
// terminator) on success, or 0 on error or if |buf| is null, if |buf| is too small,
|
||||
// or |size| is negative, or |size| is smaller than user input length.
|
||||
OPENSSL_EXPORT int PEM_def_callback(char *buf, int size, int rwflag,
|
||||
void *userdata);
|
||||
|
||||
|
||||
DECLARE_PEM_rw(X509, X509)
|
||||
|
||||
// TODO(crbug.com/boringssl/426): When documenting these, copy the warning
|
||||
// about auxiliary properties from |PEM_X509_INFO_read_bio|.
|
||||
DECLARE_PEM_rw(X509_AUX, X509)
|
||||
|
||||
DECLARE_PEM_rw(X509_REQ, X509_REQ)
|
||||
DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
|
||||
|
||||
DECLARE_PEM_rw(X509_CRL, X509_CRL)
|
||||
|
||||
DECLARE_PEM_rw(PKCS7, PKCS7)
|
||||
DECLARE_PEM_rw(PKCS8, X509_SIG)
|
||||
|
||||
DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
|
||||
|
||||
DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
|
||||
|
||||
DECLARE_PEM_rw_const(RSAPublicKey, RSA)
|
||||
DECLARE_PEM_rw(RSA_PUBKEY, RSA)
|
||||
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
|
||||
DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
|
||||
|
||||
DECLARE_PEM_rw(DSA_PUBKEY, DSA)
|
||||
|
||||
DECLARE_PEM_rw_const(DSAparams, DSA)
|
||||
|
||||
#endif
|
||||
|
||||
DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
|
||||
DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
|
||||
|
||||
|
||||
DECLARE_PEM_rw_const(DHparams, DH)
|
||||
|
||||
|
||||
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
|
||||
|
||||
DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
|
||||
|
||||
OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x,
|
||||
int nid, const char *pass,
|
||||
int pass_len,
|
||||
pem_password_cb *cb,
|
||||
void *u);
|
||||
OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey(BIO *bp, const EVP_PKEY *x,
|
||||
const EVP_CIPHER *enc,
|
||||
const char *pass, int pass_len,
|
||||
pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x,
|
||||
const EVP_CIPHER *enc,
|
||||
const char *pass, int pass_len,
|
||||
pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x,
|
||||
int nid, const char *pass,
|
||||
int pass_len,
|
||||
pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x,
|
||||
pem_password_cb *cb, void *u);
|
||||
|
||||
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x,
|
||||
const EVP_CIPHER *enc,
|
||||
const char *pass, int pass_len,
|
||||
pem_password_cb *cb, void *u);
|
||||
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x,
|
||||
int nid, const char *pass,
|
||||
int pass_len, pem_password_cb *cb,
|
||||
void *u);
|
||||
OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x,
|
||||
int nid, const char *pass,
|
||||
int pass_len,
|
||||
pem_password_cb *cb, void *u);
|
||||
|
||||
OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x,
|
||||
pem_password_cb *cb, void *u);
|
||||
|
||||
OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x,
|
||||
const EVP_CIPHER *enc,
|
||||
const char *pass, int pass_len,
|
||||
pem_password_cb *cd, void *u);
|
||||
|
||||
// PEM_read_bio_Parameters is a generic PEM deserialization function that
|
||||
// parses the public "parameters" in |bio| and returns a corresponding
|
||||
// |EVP_PKEY|. If |*pkey| is non-null, the original |*pkey| is freed and the
|
||||
// returned |EVP_PKEY| is also written to |*pkey|. |*pkey| must be either NULL
|
||||
// or an allocated value, passing in an uninitialized pointer is undefined
|
||||
// behavior. This is only supported with |EVP_PKEY_EC|, |EVP_PKEY_DH|, and
|
||||
// |EVP_PKEY_DSA|.
|
||||
OPENSSL_EXPORT EVP_PKEY *PEM_read_bio_Parameters(BIO *bio, EVP_PKEY **pkey);
|
||||
|
||||
// PEM_write_bio_Parameters is a generic PEM serialization function that parses
|
||||
// the public "parameters" of |pkey| to |bio|. It returns 1 on success or 0 on
|
||||
// failure. This is only supported with |EVP_PKEY_EC|, |EVP_PKEY_DH|, and
|
||||
// |EVP_PKEY_DSA|.
|
||||
OPENSSL_EXPORT int PEM_write_bio_Parameters(BIO *bio, EVP_PKEY *pkey);
|
||||
|
||||
// PEM_read_bio_ECPKParameters deserializes the PEM file written in |bio|
|
||||
// according to |ECPKParameters| in RFC 3279. It returns the |EC_GROUP|
|
||||
// corresponding to deserialized output and also writes it to |out_group|. Only
|
||||
// deserialization of namedCurves or explicitly-encoded versions of namedCurves
|
||||
// are supported.
|
||||
OPENSSL_EXPORT EC_GROUP *PEM_read_bio_ECPKParameters(BIO *bio,
|
||||
EC_GROUP **out_group,
|
||||
pem_password_cb *cb,
|
||||
void *u);
|
||||
|
||||
// PEM_write_bio_ECPKParameters serializes |group| as a PEM file to |out|
|
||||
// according to |ECPKParameters| in RFC 3279. Only serialization of namedCurves
|
||||
// are supported.
|
||||
OPENSSL_EXPORT int PEM_write_bio_ECPKParameters(BIO *out,
|
||||
const EC_GROUP *group);
|
||||
|
||||
// PEM_write_bio_PrivateKey_traditional calls |PEM_ASN1_write_bio| to write
|
||||
// out |x|'s private key in the "traditional" ASN1 format. Use
|
||||
// |PEM_write_bio_PrivateKey| instead.
|
||||
OPENSSL_EXPORT int PEM_write_bio_PrivateKey_traditional(
|
||||
BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen,
|
||||
pem_password_cb *cb, void *u);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
#define PEM_R_BAD_BASE64_DECODE 100
|
||||
#define PEM_R_BAD_DECRYPT 101
|
||||
#define PEM_R_BAD_END_LINE 102
|
||||
#define PEM_R_BAD_IV_CHARS 103
|
||||
#define PEM_R_BAD_PASSWORD_READ 104
|
||||
#define PEM_R_CIPHER_IS_NULL 105
|
||||
#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 106
|
||||
#define PEM_R_NOT_DEK_INFO 107
|
||||
#define PEM_R_NOT_ENCRYPTED 108
|
||||
#define PEM_R_NOT_PROC_TYPE 109
|
||||
#define PEM_R_NO_START_LINE 110
|
||||
#define PEM_R_READ_KEY 111
|
||||
#define PEM_R_SHORT_HEADER 112
|
||||
#define PEM_R_UNSUPPORTED_CIPHER 113
|
||||
#define PEM_R_UNSUPPORTED_ENCRYPTION 114
|
||||
#define PEM_R_PROBLEMS_GETTING_PASSWORD 115
|
||||
|
||||
#endif // OPENSSL_HEADER_PEM_H
|
||||
+7
@@ -0,0 +1,7 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "pkcs8.h"
|
||||
+585
@@ -0,0 +1,585 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_PKCS7_H
|
||||
#define OPENSSL_HEADER_PKCS7_H
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/stack.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// PKCS#7.
|
||||
//
|
||||
// This library contains functions for extracting information from PKCS#7
|
||||
// structures (RFC 2315).
|
||||
|
||||
DECLARE_STACK_OF(CRYPTO_BUFFER)
|
||||
DECLARE_STACK_OF(X509)
|
||||
DECLARE_STACK_OF(X509_CRL)
|
||||
|
||||
// PKCS7_get_raw_certificates parses a PKCS#7, SignedData structure from |cbs|
|
||||
// and appends the included certificates to |out_certs|. It returns one on
|
||||
// success and zero on error. |cbs| is advanced passed the structure.
|
||||
//
|
||||
// Note that a SignedData structure may contain no certificates, in which case
|
||||
// this function succeeds but does not append any certificates. Additionally,
|
||||
// certificates in SignedData structures are unordered. Callers should not
|
||||
// assume a particular order in |*out_certs| and may need to search for matches
|
||||
// or run path-building algorithms.
|
||||
OPENSSL_EXPORT int PKCS7_get_raw_certificates(
|
||||
STACK_OF(CRYPTO_BUFFER) *out_certs, CBS *cbs, CRYPTO_BUFFER_POOL *pool);
|
||||
|
||||
// PKCS7_get_certificates behaves like |PKCS7_get_raw_certificates| but parses
|
||||
// them into |X509| objects.
|
||||
OPENSSL_EXPORT int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs);
|
||||
|
||||
// PKCS7_bundle_raw_certificates appends a PKCS#7, SignedData structure
|
||||
// containing |certs| to |out|. It returns one on success and zero on error.
|
||||
// Note that certificates in SignedData structures are unordered. The order in
|
||||
// |certs| will not be preserved.
|
||||
OPENSSL_EXPORT int PKCS7_bundle_raw_certificates(
|
||||
CBB *out, const STACK_OF(CRYPTO_BUFFER) *certs);
|
||||
|
||||
// PKCS7_bundle_certificates behaves like |PKCS7_bundle_raw_certificates| but
|
||||
// takes |X509| objects as input.
|
||||
OPENSSL_EXPORT int PKCS7_bundle_certificates(CBB *out,
|
||||
const STACK_OF(X509) *certs);
|
||||
|
||||
// PKCS7_get_CRLs parses a PKCS#7, SignedData structure from |cbs| and appends
|
||||
// the included CRLs to |out_crls|. It returns one on success and zero on error.
|
||||
// |cbs| is advanced passed the structure.
|
||||
//
|
||||
// Note that a SignedData structure may contain no CRLs, in which case this
|
||||
// function succeeds but does not append any CRLs. Additionally, CRLs in
|
||||
// SignedData structures are unordered. Callers should not assume an order in
|
||||
// |*out_crls| and may need to search for matches.
|
||||
OPENSSL_EXPORT int PKCS7_get_CRLs(STACK_OF(X509_CRL) *out_crls, CBS *cbs);
|
||||
|
||||
// PKCS7_bundle_CRLs appends a PKCS#7, SignedData structure containing
|
||||
// |crls| to |out|. It returns one on success and zero on error. Note that CRLs
|
||||
// in SignedData structures are unordered. The order in |crls| will not be
|
||||
// preserved.
|
||||
OPENSSL_EXPORT int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls);
|
||||
|
||||
// PKCS7_get_PEM_certificates reads a PEM-encoded, PKCS#7, SignedData structure
|
||||
// from |pem_bio| and appends the included certificates to |out_certs|. It
|
||||
// returns one on success and zero on error.
|
||||
//
|
||||
// Note that a SignedData structure may contain no certificates, in which case
|
||||
// this function succeeds but does not append any certificates. Additionally,
|
||||
// certificates in SignedData structures are unordered. Callers should not
|
||||
// assume a particular order in |*out_certs| and may need to search for matches
|
||||
// or run path-building algorithms.
|
||||
OPENSSL_EXPORT int PKCS7_get_PEM_certificates(STACK_OF(X509) *out_certs,
|
||||
BIO *pem_bio);
|
||||
|
||||
// PKCS7_get_PEM_CRLs reads a PEM-encoded, PKCS#7, SignedData structure from
|
||||
// |pem_bio| and appends the included CRLs to |out_crls|. It returns one on
|
||||
// success and zero on error.
|
||||
//
|
||||
// Note that a SignedData structure may contain no CRLs, in which case this
|
||||
// function succeeds but does not append any CRLs. Additionally, CRLs in
|
||||
// SignedData structures are unordered. Callers should not assume an order in
|
||||
// |*out_crls| and may need to search for matches.
|
||||
OPENSSL_EXPORT int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls,
|
||||
BIO *pem_bio);
|
||||
|
||||
// d2i_PKCS7_bio behaves like |d2i_PKCS7| but reads the input from |bio|. If
|
||||
// the length of the object is indefinite the full contents of |bio| are read.
|
||||
//
|
||||
// If the function fails then some unknown amount of data may have been read
|
||||
// from |bio|.
|
||||
OPENSSL_EXPORT PKCS7 *d2i_PKCS7_bio(BIO *bio, PKCS7 **out);
|
||||
|
||||
// i2d_PKCS7_bio writes |p7| to |bio|. It returns one on success and zero on
|
||||
// error.
|
||||
OPENSSL_EXPORT int i2d_PKCS7_bio(BIO *bio, const PKCS7 *p7);
|
||||
|
||||
// PKCS7_type_is_data returns 1 if |p7| is of type data
|
||||
OPENSSL_EXPORT int PKCS7_type_is_data(const PKCS7 *p7);
|
||||
|
||||
// PKCS7_type_is_digest returns 1 if |p7| is of type digest
|
||||
OPENSSL_EXPORT int PKCS7_type_is_digest(const PKCS7 *p7);
|
||||
|
||||
// PKCS7_type_is_encrypted returns 1 if |p7| is of type encrypted
|
||||
OPENSSL_EXPORT int PKCS7_type_is_encrypted(const PKCS7 *p7);
|
||||
|
||||
// PKCS7_type_is_enveloped returns 1 if |p7| is of type enveloped
|
||||
OPENSSL_EXPORT int PKCS7_type_is_enveloped(const PKCS7 *p7);
|
||||
|
||||
// PKCS7_type_is_signed returns 1 if |p7| is of type signed
|
||||
OPENSSL_EXPORT int PKCS7_type_is_signed(const PKCS7 *p7);
|
||||
|
||||
// PKCS7_type_is_signedAndEnveloped returns 1 if |p7| is of type
|
||||
// signedAndEnveloped
|
||||
OPENSSL_EXPORT int PKCS7_type_is_signedAndEnveloped(const PKCS7 *p7);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
//
|
||||
// These functions are a compatibility layer over a subset of OpenSSL's PKCS#7
|
||||
// API. It intentionally does not implement the whole thing, only the minimum
|
||||
// needed to build cryptography.io and CRuby.
|
||||
|
||||
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-7
|
||||
//
|
||||
// ContentInfo ::= SEQUENCE {
|
||||
// contentType ContentType,
|
||||
// content
|
||||
// [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
|
||||
//
|
||||
// ContentType ::= OBJECT IDENTIFIER
|
||||
struct pkcs7_st {
|
||||
// Unlike OpenSSL, the following fields are immutable. They filled in when the
|
||||
// object is parsed and ignored in serialization.
|
||||
ASN1_OBJECT *type;
|
||||
union {
|
||||
char *ptr;
|
||||
ASN1_OCTET_STRING *data;
|
||||
PKCS7_SIGNED *sign;
|
||||
PKCS7_ENVELOPE *enveloped;
|
||||
PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
|
||||
PKCS7_DIGEST *digest;
|
||||
PKCS7_ENCRYPT *encrypted;
|
||||
// Other things provided by the user. Not specified in the RFC.
|
||||
ASN1_TYPE *other;
|
||||
} d;
|
||||
};
|
||||
|
||||
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-9.1
|
||||
//
|
||||
// SignedData ::= SEQUENCE {
|
||||
// version Version,
|
||||
// digestAlgorithms DigestAlgorithmIdentifiers,
|
||||
// contentInfo ContentInfo,
|
||||
// certificates
|
||||
// [0] IMPLICIT ExtendedCertificatesAndCertificates
|
||||
// OPTIONAL,
|
||||
// crls
|
||||
// [1] IMPLICIT CertificateRevocationLists OPTIONAL,
|
||||
// signerInfos SignerInfos }
|
||||
//
|
||||
// DigestAlgorithmIdentifiers ::=
|
||||
//
|
||||
// SET OF DigestAlgorithmIdentifier
|
||||
//
|
||||
// SignerInfos ::= SET OF SignerInfo
|
||||
struct pkcs7_signed_st {
|
||||
ASN1_INTEGER *version;
|
||||
STACK_OF(X509_ALGOR) *md_algs;
|
||||
PKCS7 *contents;
|
||||
STACK_OF(X509) *cert;
|
||||
STACK_OF(X509_CRL) *crl;
|
||||
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
|
||||
};
|
||||
|
||||
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-9.2
|
||||
//
|
||||
// SignerInfo ::= SEQUENCE {
|
||||
// version Version,
|
||||
// issuerAndSerialNumber IssuerAndSerialNumber,
|
||||
// digestAlgorithm DigestAlgorithmIdentifier,
|
||||
// authenticatedAttributes
|
||||
// [0] IMPLICIT Attributes OPTIONAL,
|
||||
// digestEncryptionAlgorithm
|
||||
// DigestEncryptionAlgorithmIdentifier,
|
||||
// encryptedDigest EncryptedDigest,
|
||||
// unauthenticatedAttributes
|
||||
// [1] IMPLICIT Attributes OPTIONAL }
|
||||
//
|
||||
// EncryptedDigest ::= OCTET STRING
|
||||
struct pkcs7_signer_info_st {
|
||||
ASN1_INTEGER *version;
|
||||
PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
|
||||
X509_ALGOR *digest_alg;
|
||||
STACK_OF(X509_ATTRIBUTE) *auth_attr;
|
||||
X509_ALGOR *digest_enc_alg;
|
||||
ASN1_OCTET_STRING *enc_digest;
|
||||
STACK_OF(X509_ATTRIBUTE) *unauth_attr;
|
||||
EVP_PKEY *pkey; // NOTE: |pkey| is not serialized.
|
||||
};
|
||||
|
||||
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-11.1
|
||||
//
|
||||
// SignedAndEnvelopedData ::= SEQUENCE {
|
||||
// version Version,
|
||||
// recipientInfos RecipientInfos,
|
||||
// digestAlgorithms DigestAlgorithmIdentifiers,
|
||||
// encryptedContentInfo EncryptedContentInfo,
|
||||
// certificates
|
||||
// [0] IMPLICIT ExtendedCertificatesAndCertificates
|
||||
// OPTIONAL,
|
||||
// crls
|
||||
// [1] IMPLICIT CertificateRevocationLists OPTIONAL,
|
||||
// signerInfos SignerInfos }
|
||||
struct pkcs7_sign_envelope_st {
|
||||
ASN1_INTEGER *version;
|
||||
STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
|
||||
STACK_OF(X509_ALGOR) *md_algs;
|
||||
PKCS7_ENC_CONTENT *enc_data;
|
||||
STACK_OF(X509) *cert;
|
||||
STACK_OF(X509_CRL) *crl;
|
||||
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
|
||||
};
|
||||
|
||||
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-10.1
|
||||
//
|
||||
// EnvelopedData ::= SEQUENCE {
|
||||
// version Version,
|
||||
// recipientInfos RecipientInfos,
|
||||
// encryptedContentInfo EncryptedContentInfo }
|
||||
//
|
||||
// RecipientInfos ::= SET OF RecipientInfo
|
||||
struct pkcs7_envelope_st {
|
||||
ASN1_INTEGER *version;
|
||||
PKCS7_ENC_CONTENT *enc_data;
|
||||
STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
|
||||
};
|
||||
|
||||
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-10.2
|
||||
//
|
||||
// RecipientInfo ::= SEQUENCE {
|
||||
// version Version,
|
||||
// issuerAndSerialNumber IssuerAndSerialNumber,
|
||||
// keyEncryptionAlgorithm
|
||||
//
|
||||
// KeyEncryptionAlgorithmIdentifier,
|
||||
// encryptedKey EncryptedKey }
|
||||
//
|
||||
// EncryptedKey ::= OCTET STRING
|
||||
struct pkcs7_recip_info_st {
|
||||
ASN1_INTEGER *version;
|
||||
PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
|
||||
X509_ALGOR *key_enc_algor;
|
||||
ASN1_OCTET_STRING *enc_key;
|
||||
X509 *cert; // NOTE: |cert| is not serialized
|
||||
};
|
||||
|
||||
// ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-6.7
|
||||
//
|
||||
// IssuerAndSerialNumber ::= SEQUENCE {
|
||||
// issuer Name,
|
||||
// serialNumber CertificateSerialNumber }
|
||||
struct pkcs7_issuer_and_serial_st {
|
||||
X509_NAME *issuer;
|
||||
ASN1_INTEGER *serial;
|
||||
};
|
||||
|
||||
// Only declare ASN1 functions or define stacks publibly if needed by supported
|
||||
// projects that depend on them.
|
||||
DECLARE_ASN1_FUNCTIONS(PKCS7)
|
||||
DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
|
||||
DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
|
||||
|
||||
DEFINE_STACK_OF(PKCS7_RECIP_INFO)
|
||||
DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
|
||||
|
||||
// PKCS7_dup returns a newly allocated copy of |p7| without deep-copying
|
||||
// internal references.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7 *PKCS7_dup(PKCS7 *p7);
|
||||
|
||||
// PKCS7_get_signed_attribute returns a pointer to the first signed attribute
|
||||
// from |si| with NID |nid| if one is present, else NULL.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED ASN1_TYPE *PKCS7_get_signed_attribute(
|
||||
const PKCS7_SIGNER_INFO *si, int nid);
|
||||
|
||||
// PKCS7_get_signer_info returns |p7|'s attached PKCS7_SIGNER_INFO if present
|
||||
// and |p7| is of a relevant type, else NULL. This function only pertains to
|
||||
// signedData and signedAndEnvelopedData.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED STACK_OF(PKCS7_SIGNER_INFO) *
|
||||
PKCS7_get_signer_info(PKCS7 *p7);
|
||||
|
||||
// PKCS7_RECIP_INFO_set attaches |x509| to |p7i| and increments |x509|'s
|
||||
// reference count. It returns 1 on success and 0 on failure or if |x509|'s
|
||||
// public key not usable for encryption.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_RECIP_INFO_set(
|
||||
PKCS7_RECIP_INFO *p7i, X509 *x509);
|
||||
|
||||
// PKCS7_SIGNER_INFO_set attaches the other parameters to |p7i|, returning 1 on
|
||||
// success and 0 on error or if specified parameters are inapplicable to
|
||||
// signing. Only EC, DH, and RSA |pkey|s are supported. |pkey|'s reference
|
||||
// count is incremented, but neither |x509|'s nor |dgst|'s is.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_SIGNER_INFO_set(
|
||||
PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst);
|
||||
|
||||
// PKCS7_add_certificate adds |x509| to |p7|'s certificate stack, incrementing
|
||||
// |x509|'s reference count. It returns 1 on success and 0 on failure or if
|
||||
// |p7| isn't of an applicable type: signedData and signedAndEnvelopedData.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_add_certificate(PKCS7 *p7,
|
||||
X509 *x509);
|
||||
|
||||
// PKCS7_add_crl adds |x509| to |p7|'s CRL stack, incrementing |x509|'s
|
||||
// reference count. It returns 1 on success and 0 on failure or if |p7| isn't
|
||||
// of an applicable type: signedData and signedAndEnvelopedData.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
|
||||
|
||||
// PKCS7_add_recipient_info adds |ri| to |p7|, returning 1 on succes or 0 if
|
||||
// |p7| is of an inapplicable type: envelopedData and signedAndEnvelopedData.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_add_recipient_info(
|
||||
PKCS7 *p7, PKCS7_RECIP_INFO *ri);
|
||||
|
||||
// PKCS7_add_signer adds |p7i| to |p7|, returning 1 on succes or 0 if
|
||||
// |p7| is of an inapplicable type: signedData and signedAndEnvelopedData.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_add_signer(PKCS7 *p7,
|
||||
PKCS7_SIGNER_INFO *p7i);
|
||||
|
||||
// PKCS7_content_new allocates a new PKCS7 and adds it to |p7| as content. It
|
||||
// returns 1 on success and 0 on failure.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_content_new(PKCS7 *p7, int nid);
|
||||
|
||||
// PKCS7_set_content sets |p7_data| as content on |p7| for applicable types of
|
||||
// |p7|. It frees any existing content on |p7|, returning 1 on success and 0 on
|
||||
// failure.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_set_content(PKCS7 *p7,
|
||||
PKCS7 *p7_data);
|
||||
|
||||
// PKCS7_set_content sets |p7_data| as content on |p7| for applicable types of
|
||||
// |p7|: signedData and digestData. |p7_data| may be NULL. It frees any
|
||||
// existing content on |p7|, returning 1 on success and 0 on failure.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_set_cipher(
|
||||
PKCS7 *p7, const EVP_CIPHER *cipher);
|
||||
|
||||
// PKCS7_set_type instantiates |p7| as type |type|. It returns 1 on success and
|
||||
// 0 on failure or if |type| is not a valid PKCS7 content type.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_set_type(PKCS7 *p7, int type);
|
||||
|
||||
// PKCS7_RECIP_INFO_get0_alg sets |*penc| to |ri|'s key encryption algorithm,
|
||||
// if present. Ownership of |*penc| is retained by |ri|.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void PKCS7_RECIP_INFO_get0_alg(
|
||||
PKCS7_RECIP_INFO *ri, X509_ALGOR **penc);
|
||||
|
||||
// PKCS7_SIGNER_INFO_get0_algs sets all of, if present: |*pk| to |si|'s key,
|
||||
// |*pdig| to |si|'s digest angorithm, and |*psig| to |si|'s signature
|
||||
// algorithm. Ownership of |*pk|, |*pdig|, and |*psig) is retained by |si|.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void PKCS7_SIGNER_INFO_get0_algs(
|
||||
PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, X509_ALGOR **pdig, X509_ALGOR **psig);
|
||||
|
||||
|
||||
// Deprecated flags
|
||||
//
|
||||
// Not all defined flags are acted upon, and the behavior associated with some
|
||||
// flags is performed unconditionally. See each |PKCS7_*| for details.
|
||||
|
||||
// PKCS7_DETACHED indicates that the PKCS#7 file specifies its data externally.
|
||||
#define PKCS7_DETACHED 0x40
|
||||
|
||||
// PKCS7_BINARY disables the default translation to MIME canonical format (as
|
||||
// required by the S/MIME specifications). It is assumed in |PKCS7_sign| unless
|
||||
// the caller is just bundling certs.
|
||||
#define PKCS7_BINARY 0x80
|
||||
|
||||
// PKCS7_NOINTERN disables verification against certificate public keys included
|
||||
// in a PKCS7 ContentInfo. If this flag is specified, the caller must supply a
|
||||
// stack of certificates to verify against.
|
||||
#define PKCS7_NOINTERN 0x10
|
||||
|
||||
// PKCS7_NOATTR disables usage of authenticatedAttributes. It is assumed in
|
||||
// |PKCS7_sign| unless the caller is just bundling certs.
|
||||
#define PKCS7_NOATTR 0x100
|
||||
|
||||
// PKCS7_NOCERTS excludes the signer's certificate and the extra certs defined
|
||||
// from the PKCS7 structure. Using this will fail |PKCS7_sign| unless used as
|
||||
// described in |PKCS7_sign|'s documentation.
|
||||
#define PKCS7_NOCERTS 0x2
|
||||
|
||||
// PKCS7_NOVERIFY will skip trust chain verification against the trust store.
|
||||
// It will still verify signatures against signer infos included in the PKCS7.
|
||||
#define PKCS7_NOVERIFY 0x20
|
||||
|
||||
// The following flags are used in OpenSSL, but are ignored by AWS-LC. They are
|
||||
// defined here solely for build compatibility.
|
||||
#define PKCS7_TEXT 0x1
|
||||
#define PKCS7_NOSIGS 0x4
|
||||
#define PKCS7_NOCHAIN 0x8
|
||||
#define PKCS7_NOSMIMECAP 0x200
|
||||
#define PKCS7_STREAM 0x1000
|
||||
#define PKCS7_PARTIAL 0x4000
|
||||
|
||||
// PKCS7_sign can operate in three modes to provide some backwards
|
||||
// compatibility:
|
||||
//
|
||||
// The first mode assembles |certs| into a PKCS#7 signed data ContentInfo with
|
||||
// external data and no signatures. It returns a newly-allocated |PKCS7| on
|
||||
// success or NULL on error. |sign_cert| and |pkey| must be NULL. |data| is
|
||||
// ignored. |flags| must be equal to |PKCS7_DETACHED|. Additionally,
|
||||
// certificates in SignedData structures are unordered. The order of |certs|
|
||||
// will not be preserved.
|
||||
//
|
||||
// The second mode generates a detached RSA SHA-256 signature of |data| using
|
||||
// |pkey| and produces a PKCS#7 SignedData structure containing it. |certs|
|
||||
// must be NULL and |flags| must be exactly |PKCS7_NOATTR | PKCS7_BINARY |
|
||||
// PKCS7_NOCERTS | PKCS7_DETACHED|.
|
||||
//
|
||||
// The third mode is used for more general signing and does not require the
|
||||
// specification of any flags, but does require |sign_cert|, |pkey|, and |data|
|
||||
// to be populated. This mode always behaves as if |PKCS7_NOATTR| and
|
||||
// |PKCS7_BINARY| are set. It honors the specification (or elision) of
|
||||
// |PKCS7_DETACHED|. It does not allow |PKCS7_NOCERTS|.
|
||||
//
|
||||
// Note this function only implements a subset of the corresponding OpenSSL
|
||||
// function. It is provided for backwards compatibility only.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7 *PKCS7_sign(X509 *sign_cert,
|
||||
EVP_PKEY *pkey,
|
||||
STACK_OF(X509) *certs,
|
||||
BIO *data, int flags);
|
||||
|
||||
// PKCS7_verify takes in a |p7| with signed ContentInfo and verifies its
|
||||
// signature against |certs| or |store|. If |certs| is specified, this function
|
||||
// will attempt to verify |p7|'s signature against those certificates' public
|
||||
// keys. If |store| is specified, its contents will be treated as certificate
|
||||
// authorities (CAs) for establishing trust of any certificates bundled in |p7|.
|
||||
//
|
||||
// If |p7| is detached, |indata| must contain the data over which |p7|'s
|
||||
// signature was computed. If verification succeeds, the verified content is
|
||||
// written to |out| and 1 is returned. On error or verification failure, 0 is
|
||||
// returned.
|
||||
//
|
||||
// Flags: If |PKCS7_NOVERIFY| is specified, trust chain validation is skipped.
|
||||
// This function also enforces the behavior of OpenSSL's |PKCS7_NO_DUAL_CONTENT|
|
||||
// meaning that |indata| may not be specified if |p7|'s signed data is attached.
|
||||
// If |PKCS7_NOINTERN| is set, this function will not verify against certificate
|
||||
// public keys included |p7|, instead relying solely on |certs|, which must be
|
||||
// specified.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_verify(PKCS7 *p7,
|
||||
STACK_OF(X509) *certs,
|
||||
X509_STORE *store,
|
||||
BIO *indata, BIO *outdata,
|
||||
int flags);
|
||||
|
||||
// PKCS7_is_detached returns 0 if |p7| has attached content and 1 otherwise.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_is_detached(PKCS7 *p7);
|
||||
|
||||
// PKCS7_set_detached frees the attached content of |p7| if |detach| is set to
|
||||
// 1. It returns 0 if otherwise or if |p7| is not of type signed.
|
||||
//
|
||||
// Note: |detach| is intended to be a boolean and MUST be set with either 1 or
|
||||
// 0.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_set_detached(PKCS7 *p7, int detach);
|
||||
|
||||
// PKCS7_get_detached returns 0 if |p7| has attached content and 1 otherwise.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_get_detached(PKCS7 *p7);
|
||||
|
||||
// PKCS7_dataInit creates or initializes a BIO chain for reading data from or
|
||||
// writing data to |p7|. If |bio| is non-null, it is added to the chain.
|
||||
// Otherwise, a new BIO is allocated and returned to anchor the chain.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
|
||||
|
||||
// PKCS7_dataFinal serializes data written to |bio|'s chain into |p7|. It should
|
||||
// only be called on BIO chains created by |PKCS7_dataInit|.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
|
||||
|
||||
// PKCS7_set_digest sets |p7|'s digest to |md|. It returns 1 on success and 0 if
|
||||
// |p7| is of the wrong content type.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_set_digest(PKCS7 *p7,
|
||||
const EVP_MD *md);
|
||||
|
||||
// PKCS7_get_recipient_info returns a pointer to a stack containing |p7|'s
|
||||
// |PKCS7_RECIP_INFO| or NULL if none are present.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED STACK_OF(PKCS7_RECIP_INFO) *
|
||||
PKCS7_get_recipient_info(PKCS7 *p7);
|
||||
|
||||
// PKCS7_add_recipient allocates a new |PCKS7_RECEPIENT_INFO|, adds |x509| to it
|
||||
// and returns that |PCKS7_RECEPIENT_INFO|.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7_RECIP_INFO *PKCS7_add_recipient(
|
||||
PKCS7 *p7, X509 *x509);
|
||||
|
||||
// PKCS7_get0_signers retrieves the signer's certificates from p7. It does not
|
||||
// check their validity or whether any signatures are valid. The caller owns the
|
||||
// returned X509 stack and is responsible for freeing it.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED STACK_OF(X509) *PKCS7_get0_signers(
|
||||
PKCS7 *p7, STACK_OF(X509) *certs, int flags);
|
||||
|
||||
// PKCS7_encrypt encrypts the contents of |in| with |cipher| and adds |certs| as
|
||||
// recipient infos and returns an encrypted |PKCS7| or NULL on failed
|
||||
// encryption. |flags| is ignored. We only perform key encryption using RSA, so
|
||||
// |certs| must use RSA public keys.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs,
|
||||
BIO *in,
|
||||
const EVP_CIPHER *cipher,
|
||||
int flags);
|
||||
|
||||
// PKCS7_decrypt decrypts |p7| with |pkey| and writes the plaintext to |data|.
|
||||
// If |cert| is present, it's public key is checked against |pkey| and |p7|'s
|
||||
// recipient infos. 1 is returned on success and 0 on failure. |flags| is
|
||||
// ignored. |pkey| must be an |EVP_PKEY_RSA|.
|
||||
//
|
||||
// NOTE: If |p7| was encrypted with a stream cipher, this operation may return 1
|
||||
// even on decryption failure. The reason for this is detailed in RFC 3218 and
|
||||
// comments in the |PKCS7_decrypt| source.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey,
|
||||
X509 *cert, BIO *data,
|
||||
int flags);
|
||||
|
||||
// No-ops
|
||||
//
|
||||
// These functions do nothing. They're provided solely for build compatibility
|
||||
|
||||
// SMIME_read_PKCS7 is a no-op and returns NULL
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
|
||||
|
||||
// SMIME_write_PKCS7 is a no-op and returns 0
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int SMIME_write_PKCS7(BIO *out, PKCS7 *p7,
|
||||
BIO *data, int flags);
|
||||
|
||||
// PKCS7_print_ctx prints "PKCS7 printing is not supported" and returns 1.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS7_print_ctx(BIO *bio, PKCS7 *pkcs7,
|
||||
int indent,
|
||||
const ASN1_PCTX *pctx);
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(PKCS7, PKCS7_free)
|
||||
BORINGSSL_MAKE_DELETER(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
} // extern C++
|
||||
#endif
|
||||
|
||||
#define PKCS7_R_BAD_PKCS7_VERSION 100
|
||||
#define PKCS7_R_NOT_PKCS7_SIGNED_DATA 101
|
||||
#define PKCS7_R_NO_CERTIFICATES_INCLUDED 102
|
||||
#define PKCS7_R_NO_CRLS_INCLUDED 103
|
||||
#define PKCS7_R_INVALID_NULL_POINTER 104
|
||||
#define PKCS7_R_NO_CONTENT 105
|
||||
#define PKCS7_R_CIPHER_NOT_INITIALIZED 106
|
||||
#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 107
|
||||
#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108
|
||||
#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 109
|
||||
#define PKCS7_R_WRONG_CONTENT_TYPE 110
|
||||
#define PKCS7_R_CONTENT_AND_DATA_PRESENT 111
|
||||
#define PKCS7_R_NO_SIGNATURES_ON_DATA 112
|
||||
#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 113
|
||||
#define PKCS7_R_SMIME_TEXT_ERROR 114
|
||||
#define PKCS7_R_SIGNATURE_FAILURE 115
|
||||
#define PKCS7_R_NO_SIGNERS 116
|
||||
#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 117
|
||||
#define PKCS7_R_ERROR_SETTING_CIPHER 118
|
||||
#define PKCS7_R_ERROR_ADDING_RECIPIENT 119
|
||||
#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120
|
||||
#define PKCS7_R_DECRYPT_ERROR 121
|
||||
#define PKCS7_R_PKCS7_DATASIGN 122
|
||||
#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 123
|
||||
#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 124
|
||||
#define PKCS7_R_UNKNOWN_DIGEST_TYPE 125
|
||||
#define PKCS7_R_INVALID_SIGNED_DATA_TYPE 126
|
||||
#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 127
|
||||
#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 128
|
||||
#define PKCS7_R_DIGEST_FAILURE 129
|
||||
#define PKCS7_R_WRONG_PKCS7_TYPE 130
|
||||
#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 131
|
||||
#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 132
|
||||
#define PKCS7_R_NO_DEFAULT_DIGEST 133
|
||||
#define PKCS7_R_CERT_MUST_BE_RSA 134
|
||||
#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 135
|
||||
|
||||
#endif // OPENSSL_HEADER_PKCS7_H
|
||||
+273
@@ -0,0 +1,273 @@
|
||||
// Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 1999.
|
||||
// Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
|
||||
#ifndef OPENSSL_HEADER_PKCS8_H
|
||||
#define OPENSSL_HEADER_PKCS8_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// PKCS#8 private key encryption and decryption.
|
||||
|
||||
|
||||
// PKCS8_encrypt serializes and encrypts a PKCS8_PRIV_KEY_INFO with PBES1 or
|
||||
// PBES2 as defined in PKCS #5. Only pbeWithSHAAnd128BitRC4,
|
||||
// pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHA1And40BitRC2, defined in PKCS
|
||||
// #12, and PBES2, are supported. PBES2 is selected by setting |cipher| and
|
||||
// passing -1 for |pbe_nid|. Otherwise, PBES1 is used and |cipher| is ignored.
|
||||
//
|
||||
// |pass| is used as the password. If a PBES1 scheme from PKCS #12 is used, this
|
||||
// will be converted to a raw byte string as specified in B.1 of PKCS #12. If
|
||||
// |pass| is NULL, it is treated as an empty password and |pass_len| is ignored.
|
||||
// This will be encoded as the empty byte string rather than two zero bytes, the
|
||||
// PKCS #12 encoding of the empty string. If |pass| is non-NULL and |pass_len|
|
||||
// is negative, |strlen(pass)| is used. If |pass| is non-NULL and |pass_len| is
|
||||
// non-negative, |pass_len| bytes are used as the password.
|
||||
//
|
||||
// If |salt| is NULL, a random salt of |salt_len| bytes is generated. If
|
||||
// |salt_len| is zero, a default salt length is used instead.
|
||||
//
|
||||
// The resulting structure is stored in an |X509_SIG| which must be freed by the
|
||||
// caller.
|
||||
OPENSSL_EXPORT X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
|
||||
const char *pass, int pass_len,
|
||||
const uint8_t *salt, size_t salt_len,
|
||||
int iterations,
|
||||
PKCS8_PRIV_KEY_INFO *p8inf);
|
||||
|
||||
// PKCS8_marshal_encrypted_private_key behaves like |PKCS8_encrypt| but encrypts
|
||||
// an |EVP_PKEY| and writes the serialized EncryptedPrivateKeyInfo to |out|. It
|
||||
// returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int PKCS8_marshal_encrypted_private_key(
|
||||
CBB *out, int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
|
||||
size_t pass_len, const uint8_t *salt, size_t salt_len, int iterations,
|
||||
const EVP_PKEY *pkey);
|
||||
|
||||
// PKCS8_decrypt decrypts and decodes a PKCS8_PRIV_KEY_INFO with PBES1 or PBES2
|
||||
// as defined in PKCS #5. Only pbeWithSHAAnd128BitRC4,
|
||||
// pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHA1And40BitRC2, and PBES2,
|
||||
// defined in PKCS #12, are supported.
|
||||
//
|
||||
// |pass| is used as the password. If a PBES1 scheme from PKCS #12 is used, this
|
||||
// will be converted to a raw byte string as specified in B.1 of PKCS #12. If
|
||||
// |pass| is NULL, it will be encoded as the empty byte string rather than two
|
||||
// zero bytes, the PKCS #12 encoding of the empty string. If |pass_len| is
|
||||
// negative and |pass| is non-NULL, |strlen(pass)| is used.
|
||||
//
|
||||
// The resulting structure must be freed by the caller.
|
||||
OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *pkcs8,
|
||||
const char *pass,
|
||||
int pass_len);
|
||||
|
||||
// PKCS8_parse_encrypted_private_key behaves like |PKCS8_decrypt| but it parses
|
||||
// the EncryptedPrivateKeyInfo structure from |cbs| and advances |cbs|. It
|
||||
// returns a newly-allocated |EVP_PKEY| on success and zero on error.
|
||||
OPENSSL_EXPORT EVP_PKEY *PKCS8_parse_encrypted_private_key(CBS *cbs,
|
||||
const char *pass,
|
||||
size_t pass_len);
|
||||
|
||||
// PKCS12_get_key_and_certs parses a PKCS#12 structure from |in|, authenticates
|
||||
// and decrypts it using |password|, sets |*out_key| to the included private
|
||||
// key and appends the included certificates to |out_certs|. It returns one on
|
||||
// success and zero on error. The caller takes ownership of the outputs.
|
||||
// Any friendlyName attributes (RFC 2985) in the PKCS#12 structure will be
|
||||
// returned on the |X509| objects as aliases. See also |X509_alias_get0|.
|
||||
OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key,
|
||||
STACK_OF(X509) *out_certs, CBS *in,
|
||||
const char *password);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// PKCS12_PBE_add does nothing. It exists for compatibility with OpenSSL.
|
||||
OPENSSL_EXPORT void PKCS12_PBE_add(void);
|
||||
|
||||
// d2i_PKCS12 is a dummy function that copies |*ber_bytes| into a
|
||||
// |PKCS12| structure. The |out_p12| argument should be NULL(✝). On exit,
|
||||
// |*ber_bytes| will be advanced by |ber_len|. It returns a fresh |PKCS12|
|
||||
// structure or NULL on error.
|
||||
//
|
||||
// Note: unlike other d2i functions, |d2i_PKCS12| will always consume |ber_len|
|
||||
// bytes.
|
||||
//
|
||||
// (✝) If |out_p12| is not NULL and the function is successful, |*out_p12| will
|
||||
// be freed if not NULL itself and the result will be written to |*out_p12|.
|
||||
// New code should not depend on this.
|
||||
OPENSSL_EXPORT PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes,
|
||||
size_t ber_len);
|
||||
|
||||
// d2i_PKCS12_bio acts like |d2i_PKCS12| but reads from a |BIO|.
|
||||
OPENSSL_EXPORT PKCS12 *d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12);
|
||||
|
||||
// d2i_PKCS12_fp acts like |d2i_PKCS12| but reads from a |FILE|.
|
||||
OPENSSL_EXPORT PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12);
|
||||
|
||||
// i2d_PKCS12 is a dummy function which copies the contents of |p12|. If |out|
|
||||
// is not NULL then the result is written to |*out| and |*out| is advanced just
|
||||
// past the output. It returns the number of bytes in the result, whether
|
||||
// written or not, or a negative value on error.
|
||||
OPENSSL_EXPORT int i2d_PKCS12(const PKCS12 *p12, uint8_t **out);
|
||||
|
||||
// i2d_PKCS12_bio writes the contents of |p12| to |bio|. It returns one on
|
||||
// success and zero on error.
|
||||
OPENSSL_EXPORT int i2d_PKCS12_bio(BIO *bio, const PKCS12 *p12);
|
||||
|
||||
// i2d_PKCS12_fp writes the contents of |p12| to |fp|. It returns one on
|
||||
// success and zero on error.
|
||||
OPENSSL_EXPORT int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12);
|
||||
|
||||
// PKCS12_parse calls |PKCS12_get_key_and_certs| on the ASN.1 data stored in
|
||||
// |p12|. The |out_pkey| and |out_cert| arguments must not be NULL and, on
|
||||
// successful exit, the private key and matching certificate will be stored in
|
||||
// them. The |out_ca_certs| argument may be NULL but, if not, then any extra
|
||||
// certificates will be appended to |*out_ca_certs|. If |*out_ca_certs| is NULL
|
||||
// then it will be set to a freshly allocated stack containing the extra certs.
|
||||
//
|
||||
// Note if |p12| does not contain a private key, both |*out_pkey| and
|
||||
// |*out_cert| will be set to NULL and all certificates will be returned via
|
||||
// |*out_ca_certs|. Also note this function differs from OpenSSL in that extra
|
||||
// certificates are returned in the order they appear in the file. OpenSSL 1.1.1
|
||||
// returns them in reverse order, but this will be fixed in OpenSSL 3.0.
|
||||
//
|
||||
// It returns one on success and zero on error.
|
||||
//
|
||||
// Use |PKCS12_get_key_and_certs| instead.
|
||||
OPENSSL_EXPORT int PKCS12_parse(const PKCS12 *p12, const char *password,
|
||||
EVP_PKEY **out_pkey, X509 **out_cert,
|
||||
STACK_OF(X509) **out_ca_certs);
|
||||
|
||||
// PKCS12_set_mac generates the MAC for |p12| with the designated |password|,
|
||||
// |salt|, |mac_iterations|, and |md| specified. |password| MUST be the same
|
||||
// password originally used to encrypt |p12|. Although OpenSSL will allow an
|
||||
// invalid state with a different |password|, AWS-LC will throw an error and
|
||||
// return 0.
|
||||
//
|
||||
// If |salt| is NULL, a random salt of |salt_len| bytes is generated. If
|
||||
// |salt_len| is zero, a default salt length is used instead.
|
||||
// If |md| is NULL, the default is use SHA1 to align with OpenSSL.
|
||||
//
|
||||
// TODO (CryptoAlg-2897): Update the default |md| to SHA-256 to align with
|
||||
// OpenSSL 3.x.
|
||||
OPENSSL_EXPORT int PKCS12_set_mac(PKCS12 *p12, const char *password,
|
||||
int password_len, unsigned char *salt,
|
||||
int salt_len, int mac_iterations,
|
||||
const EVP_MD *md);
|
||||
|
||||
// PKCS12_verify_mac returns one if |password| is a valid password for |p12|
|
||||
// and zero otherwise. Since |PKCS12_parse| doesn't take a length parameter,
|
||||
// it's not actually possible to use a non-NUL-terminated password to actually
|
||||
// get anything from a |PKCS12|. Thus |password| and |password_len| may be
|
||||
// |NULL| and zero, respectively, or else |password_len| may be -1 to indicate
|
||||
// that |password| is a NUL-terminated C string whose length is determined via
|
||||
// |strlen|, or else |password_len| must be non-negative,
|
||||
// |password[password_len]| must be zero, and no other NUL bytes may appear in
|
||||
// |password|. If the |password_len| checks fail, zero is returned
|
||||
// immediately.
|
||||
OPENSSL_EXPORT int PKCS12_verify_mac(const PKCS12 *p12, const char *password,
|
||||
int password_len);
|
||||
|
||||
// PKCS12_DEFAULT_ITER is the default number of KDF iterations used when
|
||||
// creating a |PKCS12| object.
|
||||
#define PKCS12_DEFAULT_ITER 2048
|
||||
|
||||
// PKCS12_create returns a newly-allocated |PKCS12| object containing |pkey|,
|
||||
// |cert|, and |chain|, encrypted with the specified password. |name|, if not
|
||||
// NULL, specifies a user-friendly name to encode with the key and
|
||||
// certificate. The key and certificates are encrypted with |key_nid| and
|
||||
// |cert_nid|, respectively, using |iterations| iterations in the
|
||||
// KDF. |mac_iterations| is the number of iterations when deriving the MAC
|
||||
// key. |key_type| must be zero. |pkey| and |cert| may be NULL to omit them.
|
||||
//
|
||||
// Each of |key_nid|, |cert_nid|, |iterations|, and |mac_iterations| may be zero
|
||||
// to use defaults, which are |NID_pbe_WithSHA1And3_Key_TripleDES_CBC|,
|
||||
// |NID_pbe_WithSHA1And40BitRC2_CBC|, |PKCS12_DEFAULT_ITER|, and one,
|
||||
// respectively.
|
||||
//
|
||||
// |key_nid| or |cert_nid| may also be -1 to disable encryption of the key or
|
||||
// certificate, respectively. This option is not recommended and is only
|
||||
// implemented for compatibility with external packages. Note the output still
|
||||
// requires a password for the MAC. Unencrypted keys in PKCS#12 are also not
|
||||
// widely supported and may not open in other implementations.
|
||||
//
|
||||
// If |cert| or |chain| have associated aliases (see |X509_alias_set1|), they
|
||||
// will be included in the output as friendlyName attributes (RFC 2985). It is
|
||||
// an error to specify both an alias on |cert| and a non-NULL |name|
|
||||
// parameter.
|
||||
OPENSSL_EXPORT PKCS12 *PKCS12_create(const char *password, const char *name,
|
||||
const EVP_PKEY *pkey, X509 *cert,
|
||||
const STACK_OF(X509) *chain, int key_nid,
|
||||
int cert_nid, int iterations,
|
||||
int mac_iterations, int key_type);
|
||||
|
||||
// PKCS12_new returns a newly-allocated |PKCS12| object.
|
||||
OPENSSL_EXPORT PKCS12 *PKCS12_new(void);
|
||||
|
||||
// PKCS12_free frees |p12| and its contents.
|
||||
OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(PKCS12, PKCS12_free)
|
||||
BORINGSSL_MAKE_DELETER(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#define PKCS8_R_BAD_PKCS12_DATA 100
|
||||
#define PKCS8_R_BAD_PKCS12_VERSION 101
|
||||
#define PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 102
|
||||
#define PKCS8_R_CRYPT_ERROR 103
|
||||
#define PKCS8_R_DECODE_ERROR 104
|
||||
#define PKCS8_R_ENCODE_ERROR 105
|
||||
#define PKCS8_R_ENCRYPT_ERROR 106
|
||||
#define PKCS8_R_ERROR_SETTING_CIPHER_PARAMS 107
|
||||
#define PKCS8_R_INCORRECT_PASSWORD 108
|
||||
#define PKCS8_R_KEYGEN_FAILURE 109
|
||||
#define PKCS8_R_KEY_GEN_ERROR 110
|
||||
#define PKCS8_R_METHOD_NOT_SUPPORTED 111
|
||||
#define PKCS8_R_MISSING_MAC 112
|
||||
#define PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12 113
|
||||
#define PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED 114
|
||||
#define PKCS8_R_PKCS12_TOO_DEEPLY_NESTED 115
|
||||
#define PKCS8_R_PRIVATE_KEY_DECODE_ERROR 116
|
||||
#define PKCS8_R_PRIVATE_KEY_ENCODE_ERROR 117
|
||||
#define PKCS8_R_TOO_LONG 118
|
||||
#define PKCS8_R_UNKNOWN_ALGORITHM 119
|
||||
#define PKCS8_R_UNKNOWN_CIPHER 120
|
||||
#define PKCS8_R_UNKNOWN_CIPHER_ALGORITHM 121
|
||||
#define PKCS8_R_UNKNOWN_DIGEST 122
|
||||
#define PKCS8_R_UNKNOWN_HASH 123
|
||||
#define PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 124
|
||||
#define PKCS8_R_UNSUPPORTED_KEYLENGTH 125
|
||||
#define PKCS8_R_UNSUPPORTED_SALT_TYPE 126
|
||||
#define PKCS8_R_UNSUPPORTED_CIPHER 127
|
||||
#define PKCS8_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 128
|
||||
#define PKCS8_R_BAD_ITERATION_COUNT 129
|
||||
#define PKCS8_R_UNSUPPORTED_PRF 130
|
||||
#define PKCS8_R_INVALID_CHARACTERS 131
|
||||
#define PKCS8_R_UNSUPPORTED_OPTIONS 132
|
||||
#define PKCS8_R_AMBIGUOUS_FRIENDLY_NAME 133
|
||||
|
||||
// PKCS12_R_MAC_VERIFY_FAILURE is an error code defined for
|
||||
// compatability. It points to our equivalent for this OpenSSL error,
|
||||
// |PKCS8_R_INCORRECT_PASSWORD|
|
||||
#define PKCS12_R_MAC_VERIFY_FAILURE PKCS8_R_INCORRECT_PASSWORD
|
||||
|
||||
#endif // OPENSSL_HEADER_PKCS8_H
|
||||
+38
@@ -0,0 +1,38 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_POLY1305_H
|
||||
#define OPENSSL_HEADER_POLY1305_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
typedef uint8_t poly1305_state[512];
|
||||
|
||||
// CRYPTO_poly1305_init sets up |state| so that it can be used to calculate an
|
||||
// authentication tag with the one-time key |key|. Note that |key| is a
|
||||
// one-time key and therefore there is no `reset' method because that would
|
||||
// enable several messages to be authenticated with the same key.
|
||||
OPENSSL_EXPORT void CRYPTO_poly1305_init(poly1305_state *state,
|
||||
const uint8_t key[32]);
|
||||
|
||||
// CRYPTO_poly1305_update processes |in_len| bytes from |in|. It can be called
|
||||
// zero or more times after poly1305_init.
|
||||
OPENSSL_EXPORT void CRYPTO_poly1305_update(poly1305_state *state,
|
||||
const uint8_t *in, size_t in_len);
|
||||
|
||||
// CRYPTO_poly1305_finish completes the poly1305 calculation and writes a 16
|
||||
// byte authentication tag to |mac|.
|
||||
OPENSSL_EXPORT void CRYPTO_poly1305_finish(poly1305_state *state,
|
||||
uint8_t mac[16]);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_POLY1305_H
|
||||
+97
@@ -0,0 +1,97 @@
|
||||
// Copyright (c) 2016, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_POOL_H
|
||||
#define OPENSSL_HEADER_POOL_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/stack.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Buffers and buffer pools.
|
||||
//
|
||||
// |CRYPTO_BUFFER|s are simply reference-counted blobs. A |CRYPTO_BUFFER_POOL|
|
||||
// is an intern table for |CRYPTO_BUFFER|s. This allows for a single copy of a
|
||||
// given blob to be kept in memory and referenced from multiple places.
|
||||
|
||||
|
||||
DEFINE_STACK_OF(CRYPTO_BUFFER)
|
||||
|
||||
// CRYPTO_BUFFER_POOL_new returns a freshly allocated |CRYPTO_BUFFER_POOL| or
|
||||
// NULL on error.
|
||||
OPENSSL_EXPORT CRYPTO_BUFFER_POOL* CRYPTO_BUFFER_POOL_new(void);
|
||||
|
||||
// CRYPTO_BUFFER_POOL_free frees |pool|, which must be empty.
|
||||
OPENSSL_EXPORT void CRYPTO_BUFFER_POOL_free(CRYPTO_BUFFER_POOL *pool);
|
||||
|
||||
// CRYPTO_BUFFER_new returns a |CRYPTO_BUFFER| containing a copy of |data|, or
|
||||
// else NULL on error. If |pool| is not NULL then the returned value may be a
|
||||
// reference to a previously existing |CRYPTO_BUFFER| that contained the same
|
||||
// data. Otherwise, the returned, fresh |CRYPTO_BUFFER| will be added to the
|
||||
// pool.
|
||||
OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_new(const uint8_t *data, size_t len,
|
||||
CRYPTO_BUFFER_POOL *pool);
|
||||
|
||||
// CRYPTO_BUFFER_alloc creates an unpooled |CRYPTO_BUFFER| of the given size and
|
||||
// writes the underlying data pointer to |*out_data|. It returns NULL on error.
|
||||
//
|
||||
// After calling this function, |len| bytes of contents must be written to
|
||||
// |out_data| before passing the returned pointer to any other BoringSSL
|
||||
// functions. Once initialized, the |CRYPTO_BUFFER| should be treated as
|
||||
// immutable.
|
||||
OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_alloc(uint8_t **out_data,
|
||||
size_t len);
|
||||
|
||||
// CRYPTO_BUFFER_new_from_CBS acts the same as |CRYPTO_BUFFER_new|.
|
||||
OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_new_from_CBS(
|
||||
const CBS *cbs, CRYPTO_BUFFER_POOL *pool);
|
||||
|
||||
// CRYPTO_BUFFER_new_from_static_data_unsafe behaves like |CRYPTO_BUFFER_new|
|
||||
// but does not copy |data|. |data| must be immutable and last for the lifetime
|
||||
// of the address space.
|
||||
OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_new_from_static_data_unsafe(
|
||||
const uint8_t *data, size_t len, CRYPTO_BUFFER_POOL *pool);
|
||||
|
||||
// CRYPTO_BUFFER_free decrements the reference count of |buf|. If there are no
|
||||
// other references, or if the only remaining reference is from a pool, then
|
||||
// |buf| will be freed.
|
||||
OPENSSL_EXPORT void CRYPTO_BUFFER_free(CRYPTO_BUFFER *buf);
|
||||
|
||||
// CRYPTO_BUFFER_up_ref increments the reference count of |buf| and returns
|
||||
// one.
|
||||
OPENSSL_EXPORT int CRYPTO_BUFFER_up_ref(CRYPTO_BUFFER *buf);
|
||||
|
||||
// CRYPTO_BUFFER_data returns a pointer to the data contained in |buf|.
|
||||
OPENSSL_EXPORT const uint8_t *CRYPTO_BUFFER_data(const CRYPTO_BUFFER *buf);
|
||||
|
||||
// CRYPTO_BUFFER_len returns the length, in bytes, of the data contained in
|
||||
// |buf|.
|
||||
OPENSSL_EXPORT size_t CRYPTO_BUFFER_len(const CRYPTO_BUFFER *buf);
|
||||
|
||||
// CRYPTO_BUFFER_init_CBS initialises |out| to point at the data from |buf|.
|
||||
OPENSSL_EXPORT void CRYPTO_BUFFER_init_CBS(const CRYPTO_BUFFER *buf, CBS *out);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER_POOL, CRYPTO_BUFFER_POOL_free)
|
||||
BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER, CRYPTO_BUFFER_free)
|
||||
BORINGSSL_MAKE_UP_REF(CRYPTO_BUFFER, CRYPTO_BUFFER_up_ref)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_POOL_H
|
||||
+40
@@ -0,0 +1,40 @@
|
||||
// Copyright (c) 2022, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_POSIX_TIME_H
|
||||
#define OPENSSL_HEADER_POSIX_TIME_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <time.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Time functions.
|
||||
|
||||
|
||||
// OPENSSL_posix_to_tm converts a int64_t POSIX time value in |time|, which must
|
||||
// be in the range of year 0000 to 9999, to a broken out time value in |tm|. It
|
||||
// returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm);
|
||||
|
||||
// OPENSSL_tm_to_posix converts a time value between the years 0 and 9999 in
|
||||
// |tm| to a POSIX time value in |out|. One is returned on success, zero is
|
||||
// returned on failure. It is a failure if |tm| contains out of range values.
|
||||
OPENSSL_EXPORT int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out);
|
||||
|
||||
// OPENSSL_timegm converts a time value between the years 0 and 9999 in |tm| to
|
||||
// a time_t value in |out|. One is returned on success, zero is returned on
|
||||
// failure. It is a failure if the converted time can not be represented in a
|
||||
// time_t, or if the tm contains out of range values.
|
||||
OPENSSL_EXPORT int OPENSSL_timegm(const struct tm *tm, time_t *out);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_POSIX_TIME_H
|
||||
+132
@@ -0,0 +1,132 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_RAND_H
|
||||
#define OPENSSL_HEADER_RAND_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Random number generation.
|
||||
|
||||
|
||||
#define RAND_PRED_RESISTANCE_LEN (32)
|
||||
|
||||
// RAND_bytes writes |len| bytes of random data to |buf| and returns one. In the
|
||||
// event that sufficient random data can not be obtained, |abort| is called.
|
||||
OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len);
|
||||
|
||||
// RAND_priv_bytes is a wrapper around |RAND_bytes| provided for compatibility.
|
||||
// Consumers should call |RAND_bytes| directly.
|
||||
OPENSSL_EXPORT int RAND_priv_bytes(uint8_t *buf, size_t len);
|
||||
|
||||
// RAND_public_bytes writes |len| bytes of random data to |buf| and returns one.
|
||||
// In the event that sufficient random data can not be obtained, |abort| is
|
||||
// called. |RAND_public_bytes| and |RAND_bytes| do not use the same state to
|
||||
// generate output.
|
||||
OPENSSL_EXPORT int RAND_public_bytes(uint8_t *out, size_t out_len);
|
||||
|
||||
// RAND_bytes_with_user_prediction_resistance is functionally equivalent to
|
||||
// |RAND_bytes| but also provides a way for the caller to inject prediction
|
||||
// resistance material using the argument |user_pred_resistance|.
|
||||
// |user_pred_resistance| must not be NULL and |user_pred_resistance| must be
|
||||
// filled with |RAND_PRED_RESISTANCE_LEN| bytes.
|
||||
OPENSSL_EXPORT int RAND_bytes_with_user_prediction_resistance(uint8_t *out,
|
||||
size_t out_len, const uint8_t user_pred_resistance[RAND_PRED_RESISTANCE_LEN]);
|
||||
|
||||
// Obscure functions.
|
||||
|
||||
#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
|
||||
// RAND_reset_for_fuzzing resets the fuzzer-only deterministic RNG. This
|
||||
// function is only defined in the fuzzer-only build configuration.
|
||||
OPENSSL_EXPORT void RAND_reset_for_fuzzing(void);
|
||||
#endif
|
||||
|
||||
|
||||
// Deprecated functions
|
||||
|
||||
// RAND_pseudo_bytes is a wrapper around |RAND_bytes|.
|
||||
OPENSSL_EXPORT int RAND_pseudo_bytes(uint8_t *buf, size_t len);
|
||||
|
||||
// RAND_seed reads a single byte of random data to ensure that any file
|
||||
// descriptors etc are opened.
|
||||
OPENSSL_EXPORT void RAND_seed(const void *buf, int num);
|
||||
|
||||
|
||||
// General No-op Functions [Deprecated].
|
||||
//
|
||||
// OpenSSL historically allowed applications to do various operations to gather
|
||||
// entropy and mix them into the entropy pool. AWS-LC sources entropy for the
|
||||
// consuming application and the following functions have been deprecated as
|
||||
// no-ops. Consumers should call |RAND_bytes| directly.
|
||||
//
|
||||
// TODO (CryptoAlg-2398): Add |OPENSSL_DEPRECATED| to the ones that are missing.
|
||||
// curl and tpm2-tss defines -Wnerror and depend on them.
|
||||
|
||||
// RAND_load_file returns a nonnegative number.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int RAND_load_file(const char *path,
|
||||
long num);
|
||||
|
||||
// RAND_write_file does nothing and returns negative 1.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int RAND_write_file(const char *file);
|
||||
|
||||
// RAND_file_name returns NULL.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED const char *RAND_file_name(char *buf,
|
||||
size_t num);
|
||||
|
||||
// RAND_add does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void RAND_add(const void *buf, int num,
|
||||
double entropy);
|
||||
|
||||
// RAND_egd returns 255.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int RAND_egd(const char *);
|
||||
|
||||
// RAND_egd_bytes returns |bytes|.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int RAND_egd_bytes(const char *, int bytes);
|
||||
|
||||
// RAND_poll returns one.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int RAND_poll(void);
|
||||
|
||||
// RAND_status returns one.
|
||||
OPENSSL_EXPORT int RAND_status(void);
|
||||
|
||||
// RAND_cleanup does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void RAND_cleanup(void);
|
||||
|
||||
// rand_meth_st is typedefed to |RAND_METHOD| in base.h. It isn't used; it
|
||||
// exists only to be the return type of |RAND_SSLeay|. It's
|
||||
// external so that variables of this type can be initialized.
|
||||
struct rand_meth_st {
|
||||
void (*seed)(const void *buf, int num);
|
||||
int (*bytes)(uint8_t *buf, size_t num);
|
||||
void (*cleanup)(void);
|
||||
void (*add)(const void *buf, int num, double entropy);
|
||||
int (*pseudorand)(uint8_t *buf, size_t num);
|
||||
int (*status)(void);
|
||||
};
|
||||
|
||||
// RAND_SSLeay returns a pointer to a dummy |RAND_METHOD|.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED RAND_METHOD *RAND_SSLeay(void);
|
||||
|
||||
// RAND_OpenSSL returns a pointer to a dummy |RAND_METHOD|.
|
||||
OPENSSL_EXPORT RAND_METHOD *RAND_OpenSSL(void);
|
||||
|
||||
// RAND_get_rand_method returns |RAND_SSLeay()|.
|
||||
OPENSSL_EXPORT const RAND_METHOD *RAND_get_rand_method(void);
|
||||
|
||||
// RAND_set_rand_method returns one.
|
||||
OPENSSL_EXPORT int RAND_set_rand_method(const RAND_METHOD *);
|
||||
|
||||
// RAND_keep_random_devices_open does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void RAND_keep_random_devices_open(int a);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_RAND_H
|
||||
+43
@@ -0,0 +1,43 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_RC4_H
|
||||
#define OPENSSL_HEADER_RC4_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// RC4.
|
||||
|
||||
|
||||
struct rc4_key_st {
|
||||
uint32_t x, y;
|
||||
uint32_t data[256];
|
||||
} /* RC4_KEY */;
|
||||
|
||||
// RC4_set_key performs an RC4 key schedule and initialises |rc4key| with |len|
|
||||
// bytes of key material from |key|.
|
||||
OPENSSL_EXPORT void RC4_set_key(RC4_KEY *rc4key, unsigned len,
|
||||
const uint8_t *key);
|
||||
|
||||
// RC4 encrypts (or decrypts, it's the same with RC4) |len| bytes from |in| to
|
||||
// |out|.
|
||||
OPENSSL_EXPORT void RC4(RC4_KEY *key, size_t len, const uint8_t *in,
|
||||
uint8_t *out);
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
// RC4_options returns the string "rc4(ptr,int)".
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED const char *RC4_options(void);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_RC4_H
|
||||
+48
@@ -0,0 +1,48 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_RIPEMD_H
|
||||
#define OPENSSL_HEADER_RIPEMD_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
# define RIPEMD160_CBLOCK 64
|
||||
# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4)
|
||||
# define RIPEMD160_DIGEST_LENGTH 20
|
||||
|
||||
struct RIPEMD160state_st {
|
||||
uint32_t h[5];
|
||||
uint32_t Nl, Nh;
|
||||
uint8_t data[RIPEMD160_CBLOCK];
|
||||
unsigned num;
|
||||
};
|
||||
|
||||
// RIPEMD160_Init initialises |ctx| and returns one.
|
||||
OPENSSL_EXPORT int RIPEMD160_Init(RIPEMD160_CTX *ctx);
|
||||
|
||||
// RIPEMD160_Update adds |len| bytes from |data| to |ctx| and returns one.
|
||||
OPENSSL_EXPORT int RIPEMD160_Update(RIPEMD160_CTX *ctx, const void *data,
|
||||
size_t len);
|
||||
|
||||
// RIPEMD160_Final adds the final padding to |ctx| and writes the resulting
|
||||
// digest to |out|, which must have at least |RIPEMD160_DIGEST_LENGTH| bytes of
|
||||
// space. It returns one.
|
||||
OPENSSL_EXPORT int RIPEMD160_Final(uint8_t out[RIPEMD160_DIGEST_LENGTH],
|
||||
RIPEMD160_CTX *ctx);
|
||||
|
||||
// RIPEMD160 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
// |out|. There must be at least |RIPEMD160_DIGEST_LENGTH| bytes of space in
|
||||
// |out|.
|
||||
OPENSSL_EXPORT uint8_t *RIPEMD160(const uint8_t *data, size_t len,
|
||||
uint8_t out[RIPEMD160_DIGEST_LENGTH]);
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_RIPEMD_H
|
||||
+966
@@ -0,0 +1,966 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_RSA_H
|
||||
#define OPENSSL_HEADER_RSA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/crypto.h>
|
||||
// OpenSSL includes BN in this header: https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/include/openssl/rsa.h#L21
|
||||
#include <openssl/bn.h>
|
||||
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/ex_data.h>
|
||||
#include <openssl/thread.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// rsa.h contains functions for handling encryption and signature using RSA.
|
||||
|
||||
|
||||
// Allocation and destruction.
|
||||
//
|
||||
// An |RSA| object represents a public or private RSA key. A given object may be
|
||||
// used concurrently on multiple threads by non-mutating functions, provided no
|
||||
// other thread is concurrently calling a mutating function. Unless otherwise
|
||||
// documented, functions which take a |const| pointer are non-mutating and
|
||||
// functions which take a non-|const| pointer are mutating.
|
||||
|
||||
// RSA_new_public_key returns a new |RSA| object containing a public key with
|
||||
// the specified parameters, or NULL on error or invalid input.
|
||||
OPENSSL_EXPORT RSA *RSA_new_public_key(const BIGNUM *n, const BIGNUM *e);
|
||||
|
||||
// RSA_new_private_key returns a new |RSA| object containing a private key with
|
||||
// the specified parameters, or NULL on error or invalid input. All parameters
|
||||
// are mandatory and may not be NULL.
|
||||
//
|
||||
// This function creates standard RSA private keys with CRT parameters.
|
||||
OPENSSL_EXPORT RSA *RSA_new_private_key(const BIGNUM *n, const BIGNUM *e,
|
||||
const BIGNUM *d, const BIGNUM *p,
|
||||
const BIGNUM *q, const BIGNUM *dmp1,
|
||||
const BIGNUM *dmq1, const BIGNUM *iqmp);
|
||||
|
||||
// RSA_new returns a new, empty |RSA| object or NULL on error. Prefer using
|
||||
// |RSA_new_public_key| or |RSA_new_private_key| to import an RSA key.
|
||||
OPENSSL_EXPORT RSA *RSA_new(void);
|
||||
|
||||
// RSA_new_method acts the same as |RSA_new| but takes an explicit |ENGINE|.
|
||||
OPENSSL_EXPORT RSA *RSA_new_method(const ENGINE *engine);
|
||||
|
||||
// RSA_free decrements the reference count of |rsa| and frees it if the
|
||||
// reference count drops to zero.
|
||||
OPENSSL_EXPORT void RSA_free(RSA *rsa);
|
||||
|
||||
// RSA_up_ref increments the reference count of |rsa| and returns one. It does
|
||||
// not mutate |rsa| for thread-safety purposes and may be used concurrently.
|
||||
OPENSSL_EXPORT int RSA_up_ref(RSA *rsa);
|
||||
|
||||
|
||||
// Properties.
|
||||
|
||||
// RSA_bits returns the size of |rsa|, in bits.
|
||||
OPENSSL_EXPORT unsigned RSA_bits(const RSA *rsa);
|
||||
|
||||
// RSA_get0_n returns |rsa|'s public modulus.
|
||||
OPENSSL_EXPORT const BIGNUM *RSA_get0_n(const RSA *rsa);
|
||||
|
||||
// RSA_get0_e returns |rsa|'s public exponent.
|
||||
OPENSSL_EXPORT const BIGNUM *RSA_get0_e(const RSA *rsa);
|
||||
|
||||
// RSA_get0_d returns |rsa|'s private exponent. If |rsa| is a public key, this
|
||||
// value will be NULL.
|
||||
OPENSSL_EXPORT const BIGNUM *RSA_get0_d(const RSA *rsa);
|
||||
|
||||
// RSA_get0_p returns |rsa|'s first private prime factor. If |rsa| is a public
|
||||
// key or lacks its prime factors, this value will be NULL.
|
||||
OPENSSL_EXPORT const BIGNUM *RSA_get0_p(const RSA *rsa);
|
||||
|
||||
// RSA_get0_q returns |rsa|'s second private prime factor. If |rsa| is a public
|
||||
// key or lacks its prime factors, this value will be NULL.
|
||||
OPENSSL_EXPORT const BIGNUM *RSA_get0_q(const RSA *rsa);
|
||||
|
||||
// RSA_get0_dmp1 returns d (mod p-1) for |rsa|. If |rsa| is a public key or
|
||||
// lacks CRT parameters, this value will be NULL.
|
||||
OPENSSL_EXPORT const BIGNUM *RSA_get0_dmp1(const RSA *rsa);
|
||||
|
||||
// RSA_get0_dmq1 returns d (mod q-1) for |rsa|. If |rsa| is a public key or
|
||||
// lacks CRT parameters, this value will be NULL.
|
||||
OPENSSL_EXPORT const BIGNUM *RSA_get0_dmq1(const RSA *rsa);
|
||||
|
||||
// RSA_get0_iqmp returns q^-1 (mod p). If |rsa| is a public key or lacks CRT
|
||||
// parameters, this value will be NULL.
|
||||
OPENSSL_EXPORT const BIGNUM *RSA_get0_iqmp(const RSA *rsa);
|
||||
|
||||
// RSA_get0_key sets |*out_n|, |*out_e|, and |*out_d|, if non-NULL, to |rsa|'s
|
||||
// modulus, public exponent, and private exponent, respectively. If |rsa| is a
|
||||
// public key, the private exponent will be set to NULL.
|
||||
OPENSSL_EXPORT void RSA_get0_key(const RSA *rsa, const BIGNUM **out_n,
|
||||
const BIGNUM **out_e, const BIGNUM **out_d);
|
||||
|
||||
// RSA_get0_factors sets |*out_p| and |*out_q|, if non-NULL, to |rsa|'s prime
|
||||
// factors. If |rsa| is a public key, they will be set to NULL.
|
||||
OPENSSL_EXPORT void RSA_get0_factors(const RSA *rsa, const BIGNUM **out_p,
|
||||
const BIGNUM **out_q);
|
||||
|
||||
// RSA_get0_crt_params sets |*out_dmp1|, |*out_dmq1|, and |*out_iqmp|, if
|
||||
// non-NULL, to |rsa|'s CRT parameters. These are d (mod p-1), d (mod q-1) and
|
||||
// q^-1 (mod p), respectively. If |rsa| is a public key, each parameter will be
|
||||
// set to NULL.
|
||||
OPENSSL_EXPORT void RSA_get0_crt_params(const RSA *rsa, const BIGNUM **out_dmp1,
|
||||
const BIGNUM **out_dmq1,
|
||||
const BIGNUM **out_iqmp);
|
||||
|
||||
|
||||
// Setting individual properties.
|
||||
//
|
||||
// These functions allow setting individual properties of an |RSA| object. This
|
||||
// is typically used with |RSA_new| to construct an RSA key field by field.
|
||||
// Prefer instead to use |RSA_new_public_key| and |RSA_new_private_key|. These
|
||||
// functions defer some initialization to the first use of an |RSA| object. This
|
||||
// means invalid inputs may be caught late.
|
||||
//
|
||||
// TODO(crbug.com/boringssl/316): This deferred initialization also causes
|
||||
// performance problems in multi-threaded applications. The preferred APIs
|
||||
// currently have the same issues, but they will initialize eagerly in the
|
||||
// future.
|
||||
|
||||
// RSA_set0_key sets |rsa|'s modulus, public exponent, and private exponent to
|
||||
// |n|, |e|, and |d| respectively, if non-NULL. On success, it takes ownership
|
||||
// of each argument and returns one. Otherwise, it returns zero.
|
||||
//
|
||||
// For a public key, |d| may be NULL, but |n| and |e| must either be non-NULL
|
||||
// or already configured on |rsa|. For a private key, |e| may be NULL, but |n|
|
||||
// and |d| must either be non-NULL or already configured on |rsa|. Private keys
|
||||
// missing |e| are often used by the JCA.
|
||||
//
|
||||
// It is an error to call this function after |rsa| has been used for a
|
||||
// cryptographic operation. Construct a new |RSA| object instead.
|
||||
OPENSSL_EXPORT int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d);
|
||||
|
||||
// RSA_set0_factors sets |rsa|'s prime factors to |p| and |q|, if non-NULL, and
|
||||
// takes ownership of them. On success, it takes ownership of each argument and
|
||||
// returns one. Otherwise, it returns zero.
|
||||
//
|
||||
// Each argument must either be non-NULL or already configured on |rsa|.
|
||||
//
|
||||
// It is an error to call this function after |rsa| has been used for a
|
||||
// cryptographic operation. Construct a new |RSA| object instead.
|
||||
OPENSSL_EXPORT int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q);
|
||||
|
||||
// RSA_set0_crt_params sets |rsa|'s CRT parameters to |dmp1|, |dmq1|, and
|
||||
// |iqmp|, if non-NULL, and takes ownership of them. On success, it takes
|
||||
// ownership of its parameters and returns one. Otherwise, it returns zero.
|
||||
//
|
||||
// Each argument must either be non-NULL or already configured on |rsa|.
|
||||
//
|
||||
// It is an error to call this function after |rsa| has been used for a
|
||||
// cryptographic operation. Construct a new |RSA| object instead.
|
||||
OPENSSL_EXPORT int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1,
|
||||
BIGNUM *iqmp);
|
||||
|
||||
// RSA_METHOD functions
|
||||
|
||||
// RSA_get_default_method returns a zero initialized |RSA_METHOD| object. The
|
||||
// wrapper functions will select the appropriate |rsa_default_*| implementation.
|
||||
OPENSSL_EXPORT const RSA_METHOD *RSA_get_default_method(void);
|
||||
|
||||
// RSA_meth_new returns a zero-initialized |RSA_METHOD| object. It sets
|
||||
// |flags| on the object. Currently, only |RSA_FLAG_OPAQUE| can be set on
|
||||
// the method structure. The |name| parameter is currently ignored and
|
||||
// is part of the function signature for OpenSSL compatibility.
|
||||
OPENSSL_EXPORT RSA_METHOD *RSA_meth_new(const char *name, int flags);
|
||||
|
||||
// RSA_set_method sets |meth| on |rsa|. Returns one on success and zero
|
||||
// on failure.
|
||||
OPENSSL_EXPORT int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
|
||||
|
||||
// RSA_get_method returns the |RSA_METHOD| object associated with |rsa|.
|
||||
OPENSSL_EXPORT const RSA_METHOD *RSA_get_method(const RSA *rsa);
|
||||
|
||||
// RSA_meth_free frees the memory associated with |meth|
|
||||
OPENSSL_EXPORT void RSA_meth_free(RSA_METHOD *meth);
|
||||
|
||||
// RSA_METHOD setters
|
||||
// The following functions set the corresponding fields on |meth|. They return
|
||||
// one on success and zero on failure.
|
||||
|
||||
// RSA_meth_set_init sets |init| on |meth|. |init| should return one on
|
||||
// success and zero on failure.
|
||||
OPENSSL_EXPORT int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa));
|
||||
|
||||
// RSA_meth_set_finish sets |finish| on |meth|. The |finish| function
|
||||
// is called in |RSA_free| before freeing the key. |finish| should return
|
||||
// one on success and zero on failure.
|
||||
OPENSSL_EXPORT int RSA_meth_set_finish(RSA_METHOD *meth,
|
||||
int (*finish) (RSA *rsa));
|
||||
|
||||
// RSA_meth_set_priv_dec sets |priv_dec| on |meth|. |priv_dec| should decrypt
|
||||
// |max_out| bytes at |from| using the private key |rsa| and store the plaintext
|
||||
// in |to|. |priv_dec| should return the size of the recovered plaintext or a
|
||||
// negative number on error.
|
||||
OPENSSL_EXPORT int RSA_meth_set_priv_dec(RSA_METHOD *meth,
|
||||
int (*priv_dec) (int max_out, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa,
|
||||
int padding));
|
||||
|
||||
// RSA_meth_set_priv_enc sets |priv_enc| on |meth|. |priv_enc| should sign
|
||||
// |max_out| bytes at |from| using the private key |rsa| and store the
|
||||
// signature in |to|. |priv_enc| should return the size of the signature or a
|
||||
// negative number for error.
|
||||
OPENSSL_EXPORT int RSA_meth_set_priv_enc(RSA_METHOD *meth,
|
||||
int (*priv_enc) (int max_out, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa,
|
||||
int padding));
|
||||
|
||||
// RSA_meth_set_pub_dec sets |pub_dec| on |meth|. |pub_dec| should recover the
|
||||
// |max_out| bytes of the message digest at |from| using the signer's public
|
||||
// key |rsa| and store it in |to|. |pub_dec| should return the size of the
|
||||
// recovered message digest or a negative number on error.
|
||||
OPENSSL_EXPORT int RSA_meth_set_pub_dec(RSA_METHOD *meth,
|
||||
int (*pub_dec) (int max_out, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa,
|
||||
int padding));
|
||||
|
||||
// RSA_meth_set_pub_enc sets |pub_enc| on |meth|. |pub_enc| should encrypt
|
||||
// |max_out| bytes at |from| using the public key |rsa| and stores the
|
||||
// ciphertext in |to|. |pub_enc| should return the size of the encrypted data
|
||||
// or a negative number on error.
|
||||
OPENSSL_EXPORT int RSA_meth_set_pub_enc(RSA_METHOD *meth,
|
||||
int (*pub_enc) (int max_out, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa,
|
||||
int padding));
|
||||
|
||||
// RSA_meth_set0_app_data sets |app_data| on |meth|. Although set0 functions
|
||||
// generally take ownership in AWS-LC, to maintain OpenSSL compatibility,
|
||||
// this function does not. It is the consumers responsibility to free
|
||||
// |app_data|.
|
||||
OPENSSL_EXPORT int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
|
||||
|
||||
|
||||
// RSA_meth_set_sign sets |sign| on |meth|. The function |sign| should return
|
||||
// one on success and zero on failure.
|
||||
OPENSSL_EXPORT int RSA_meth_set_sign(RSA_METHOD *meth,
|
||||
int (*sign) (int type,
|
||||
const unsigned char *m,
|
||||
unsigned int m_length,
|
||||
unsigned char *sigret,
|
||||
unsigned int *siglen, const RSA *rsa));
|
||||
|
||||
|
||||
// Key generation.
|
||||
|
||||
// RSA_generate_key_ex generates a new RSA key where the modulus has size
|
||||
// |bits| and the public exponent is |e|. If unsure, |RSA_F4| is a good value
|
||||
// for |e|. If |cb| is not NULL then it is called during the key generation
|
||||
// process. In addition to the calls documented for |BN_generate_prime_ex|, it
|
||||
// is called with event=2 when the n'th prime is rejected as unsuitable and
|
||||
// with event=3 when a suitable value for |p| is found.
|
||||
//
|
||||
// Note: |bits| is expected to be divisible by 128, and if not will be rounded
|
||||
// down to the nearest valid value. For example, requesting 3071 bits will
|
||||
// provide a key that is 2944 bits. |RSA_bits| can be used to verify the
|
||||
// RSA modulus size of the returned key.
|
||||
//
|
||||
// It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
|
||||
BN_GENCB *cb);
|
||||
|
||||
// RSA_generate_key_fips behaves like |RSA_generate_key_ex| but performs
|
||||
// additional checks for FIPS compliance. The public exponent is always 65537
|
||||
// and |bits| must be either 2048 or 3072.
|
||||
OPENSSL_EXPORT int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb);
|
||||
|
||||
|
||||
// Encryption / Decryption
|
||||
//
|
||||
// These functions are considered non-mutating for thread-safety purposes and
|
||||
// may be used concurrently.
|
||||
|
||||
// RSA_PKCS1_PADDING denotes PKCS#1 v1.5 padding. When used with encryption,
|
||||
// this is RSAES-PKCS1-v1_5. When used with signing, this is RSASSA-PKCS1-v1_5.
|
||||
//
|
||||
// WARNING: The RSAES-PKCS1-v1_5 encryption scheme is vulnerable to a
|
||||
// chosen-ciphertext attack. Decrypting attacker-supplied ciphertext with
|
||||
// RSAES-PKCS1-v1_5 may give the attacker control over your private key. This
|
||||
// does not impact the RSASSA-PKCS1-v1_5 signature scheme. See "Chosen
|
||||
// Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard
|
||||
// PKCS #1", Daniel Bleichenbacher, Advances in Cryptology (Crypto '98).
|
||||
#define RSA_PKCS1_PADDING 1
|
||||
|
||||
// RSA_NO_PADDING denotes a raw RSA operation.
|
||||
#define RSA_NO_PADDING 3
|
||||
|
||||
// RSA_PKCS1_OAEP_PADDING denotes the RSAES-OAEP encryption scheme.
|
||||
#define RSA_PKCS1_OAEP_PADDING 4
|
||||
|
||||
// RSA_X931_PADDING is not supported. It's included so consumer compilations can succeed.
|
||||
#define RSA_X931_PADDING 5
|
||||
|
||||
// RSA_PKCS1_PSS_PADDING denotes the RSASSA-PSS signature scheme. This value may
|
||||
// not be passed into |RSA_sign_raw|, only |EVP_PKEY_CTX_set_rsa_padding|. See
|
||||
// also |RSA_sign_pss_mgf1| and |RSA_verify_pss_mgf1|.
|
||||
#define RSA_PKCS1_PSS_PADDING 6
|
||||
|
||||
// RSA_encrypt encrypts |in_len| bytes from |in| to the public key from |rsa|
|
||||
// and writes, at most, |max_out| bytes of encrypted data to |out|. The
|
||||
// |max_out| argument must be, at least, |RSA_size| in order to ensure success.
|
||||
//
|
||||
// It returns 1 on success or zero on error.
|
||||
//
|
||||
// The |padding| argument must be one of the |RSA_*_PADDING| values. If in
|
||||
// doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols.
|
||||
OPENSSL_EXPORT int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out,
|
||||
size_t max_out, const uint8_t *in, size_t in_len,
|
||||
int padding);
|
||||
|
||||
// RSA_decrypt decrypts |in_len| bytes from |in| with the private key from
|
||||
// |rsa| and writes, at most, |max_out| bytes of plaintext to |out|. The
|
||||
// |max_out| argument must be, at least, |RSA_size| in order to ensure success.
|
||||
//
|
||||
// It returns 1 on success or zero on error.
|
||||
//
|
||||
// The |padding| argument must be one of the |RSA_*_PADDING| values. If in
|
||||
// doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols.
|
||||
//
|
||||
// WARNING: Passing |RSA_PKCS1_PADDING| into this function is deprecated and
|
||||
// insecure. RSAES-PKCS1-v1_5 is vulnerable to a chosen-ciphertext attack.
|
||||
// Decrypting attacker-supplied ciphertext with RSAES-PKCS1-v1_5 may give the
|
||||
// attacker control over your private key. See "Chosen Ciphertext Attacks
|
||||
// Against Protocols Based on the RSA Encryption Standard PKCS #1", Daniel
|
||||
// Bleichenbacher, Advances in Cryptology (Crypto '98).
|
||||
//
|
||||
// In some limited cases, such as TLS RSA key exchange, it is possible to
|
||||
// mitigate this flaw with custom, protocol-specific padding logic. This
|
||||
// should be implemented with |RSA_NO_PADDING|, not |RSA_PKCS1_PADDING|.
|
||||
OPENSSL_EXPORT int RSA_decrypt(RSA *rsa, size_t *out_len, uint8_t *out,
|
||||
size_t max_out, const uint8_t *in, size_t in_len,
|
||||
int padding);
|
||||
|
||||
// RSA_public_encrypt encrypts |flen| bytes from |from| to the public key in
|
||||
// |rsa| and writes the encrypted data to |to|. The |to| buffer must have at
|
||||
// least |RSA_size| bytes of space. It returns the number of bytes written, or
|
||||
// -1 on error. The |padding| argument must be one of the |RSA_*_PADDING|
|
||||
// values. If in doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols.
|
||||
//
|
||||
// WARNING: this function is dangerous because it breaks the usual return value
|
||||
// convention. Use |RSA_encrypt| instead.
|
||||
OPENSSL_EXPORT int RSA_public_encrypt(size_t flen, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa, int padding);
|
||||
|
||||
// RSA_private_decrypt decrypts |flen| bytes from |from| with the public key in
|
||||
// |rsa| and writes the plaintext to |to|. The |to| buffer must have at least
|
||||
// |RSA_size| bytes of space. It returns the number of bytes written, or -1 on
|
||||
// error. The |padding| argument must be one of the |RSA_*_PADDING| values. If
|
||||
// in doubt, use |RSA_PKCS1_OAEP_PADDING| for new protocols. Passing
|
||||
// |RSA_PKCS1_PADDING| into this function is deprecated and insecure. See
|
||||
// |RSA_decrypt|.
|
||||
//
|
||||
// WARNING: this function is dangerous because it breaks the usual return value
|
||||
// convention. Use |RSA_decrypt| instead.
|
||||
OPENSSL_EXPORT int RSA_private_decrypt(size_t flen, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa, int padding);
|
||||
|
||||
|
||||
// RSA_PSS_SALTLEN_DIGEST denotes the salt length matches the digest length
|
||||
#define RSA_PSS_SALTLEN_DIGEST -1
|
||||
|
||||
// Signing / Verification
|
||||
//
|
||||
// These functions are considered non-mutating for thread-safety purposes and
|
||||
// may be used concurrently.
|
||||
|
||||
// RSA_sign signs |digest_len| bytes of digest from |digest| with |rsa| using
|
||||
// RSASSA-PKCS1-v1_5. It writes, at most, |RSA_size(rsa)| bytes to |out|. On
|
||||
// successful return, the actual number of bytes written is written to
|
||||
// |*out_len|.
|
||||
//
|
||||
// The |hash_nid| argument identifies the hash function used to calculate
|
||||
// |digest| and is embedded in the resulting signature. For example, it might be
|
||||
// |NID_sha256|.
|
||||
//
|
||||
// It returns 1 on success and zero on error.
|
||||
//
|
||||
// WARNING: |digest| must be the result of hashing the data to be signed with
|
||||
// |hash_nid|. Passing unhashed inputs will not result in a secure signature
|
||||
// scheme.
|
||||
OPENSSL_EXPORT int RSA_sign(int hash_nid, const uint8_t *digest,
|
||||
size_t digest_len, uint8_t *out, unsigned *out_len,
|
||||
RSA *rsa);
|
||||
|
||||
// RSA_sign_pss_mgf1 signs |digest_len| bytes from |digest| with the public key
|
||||
// from |rsa| using RSASSA-PSS with MGF1 as the mask generation function. It
|
||||
// writes, at most, |max_out| bytes of signature data to |out|. The |max_out|
|
||||
// argument must be, at least, |RSA_size| in order to ensure success. It returns
|
||||
// 1 on success or zero on error.
|
||||
//
|
||||
// The |md| and |mgf1_md| arguments identify the hash used to calculate |digest|
|
||||
// and the MGF1 hash, respectively. If |mgf1_md| is NULL, |md| is
|
||||
// used.
|
||||
//
|
||||
// |salt_len| specifies the expected salt length in bytes. If |salt_len| is -1,
|
||||
// then the salt length is the same as the hash length. If -2, then the salt
|
||||
// length is maximal given the size of |rsa|. If unsure, use -1.
|
||||
//
|
||||
// WARNING: |digest| must be the result of hashing the data to be signed with
|
||||
// |md|. Passing unhashed inputs will not result in a secure signature scheme.
|
||||
OPENSSL_EXPORT int RSA_sign_pss_mgf1(RSA *rsa, size_t *out_len, uint8_t *out,
|
||||
size_t max_out, const uint8_t *digest,
|
||||
size_t digest_len, const EVP_MD *md,
|
||||
const EVP_MD *mgf1_md, int salt_len);
|
||||
|
||||
// RSA_sign_raw performs the private key portion of computing a signature with
|
||||
// |rsa|. It writes, at most, |max_out| bytes of signature data to |out|. The
|
||||
// |max_out| argument must be, at least, |RSA_size| in order to ensure the
|
||||
// output fits. It returns 1 on success or zero on error.
|
||||
//
|
||||
// If |padding| is |RSA_PKCS1_PADDING|, this function wraps |in| with the
|
||||
// padding portion of RSASSA-PKCS1-v1_5 and then performs the raw private key
|
||||
// operation. The caller is responsible for hashing the input and wrapping it in
|
||||
// a DigestInfo structure.
|
||||
//
|
||||
// If |padding| is |RSA_NO_PADDING|, this function only performs the raw private
|
||||
// key operation, interpreting |in| as a integer modulo n. The caller is
|
||||
// responsible for hashing the input and encoding it for the signature scheme
|
||||
// being implemented.
|
||||
//
|
||||
// WARNING: This function is a building block for a signature scheme, not a
|
||||
// complete one. |in| must be the result of hashing and encoding the data as
|
||||
// needed for the scheme being implemented. Passing in arbitrary inputs will not
|
||||
// result in a secure signature scheme.
|
||||
OPENSSL_EXPORT int RSA_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out,
|
||||
size_t max_out, const uint8_t *in,
|
||||
size_t in_len, int padding);
|
||||
|
||||
// RSA_verify verifies that |sig_len| bytes from |sig| are a valid,
|
||||
// RSASSA-PKCS1-v1_5 signature of |digest_len| bytes at |digest| by |rsa|.
|
||||
//
|
||||
// The |hash_nid| argument identifies the hash function used to calculate
|
||||
// |digest| and is embedded in the resulting signature in order to prevent hash
|
||||
// confusion attacks. For example, it might be |NID_sha256|.
|
||||
//
|
||||
// It returns one if the signature is valid and zero otherwise.
|
||||
//
|
||||
// We distinguish between a "mismatched" signature error and "bad" signature
|
||||
// error because of JCA expectations. Specifically:
|
||||
// * Error |RSA_R_BAD_SIGNATURE| is set if extra information is included beyond
|
||||
// the signature as forbidden by FIPS 186-4 section 5.5 item (f).
|
||||
// * Error |RSA_R_MISMATCHED_SIGNATURE| is set if step (4) of RFC-8017
|
||||
// section 8.2.2 detects a difference in the two encoded messages.
|
||||
//
|
||||
// WARNING: this differs from the original, OpenSSL function which additionally
|
||||
// returned -1 on error.
|
||||
//
|
||||
// WARNING: |digest| must be the result of hashing the data to be verified with
|
||||
// |hash_nid|. Passing unhashed input will not result in a secure signature
|
||||
// scheme.
|
||||
OPENSSL_EXPORT int RSA_verify(int hash_nid, const uint8_t *digest,
|
||||
size_t digest_len, const uint8_t *sig,
|
||||
size_t sig_len, RSA *rsa);
|
||||
|
||||
// RSA_verify_pss_mgf1 verifies that |sig_len| bytes from |sig| are a valid,
|
||||
// RSASSA-PSS signature of |digest_len| bytes at |digest| by |rsa|. It returns
|
||||
// one if the signature is valid and zero otherwise. MGF1 is used as the mask
|
||||
// generation function.
|
||||
//
|
||||
// The |md| and |mgf1_md| arguments identify the hash used to calculate |digest|
|
||||
// and the MGF1 hash, respectively. If |mgf1_md| is NULL, |md| is
|
||||
// used. |salt_len| specifies the expected salt length in bytes.
|
||||
//
|
||||
// If |salt_len| is -1, then the salt length is the same as the hash length. If
|
||||
// -2, then the salt length is recovered and all values accepted. If unsure, use
|
||||
// -1.
|
||||
//
|
||||
// WARNING: |digest| must be the result of hashing the data to be verified with
|
||||
// |md|. Passing unhashed input will not result in a secure signature scheme.
|
||||
OPENSSL_EXPORT int RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *digest,
|
||||
size_t digest_len, const EVP_MD *md,
|
||||
const EVP_MD *mgf1_md, int salt_len,
|
||||
const uint8_t *sig, size_t sig_len);
|
||||
|
||||
// RSA_verify_raw performs the public key portion of verifying |in_len| bytes of
|
||||
// signature from |in| using the public key from |rsa|. On success, it returns
|
||||
// one and writes, at most, |max_out| bytes of output to |out|. The |max_out|
|
||||
// argument must be, at least, |RSA_size| in order to ensure the output fits. On
|
||||
// failure or invalid input, it returns zero.
|
||||
//
|
||||
// If |padding| is |RSA_PKCS1_PADDING|, this function checks the padding portion
|
||||
// of RSASSA-PKCS1-v1_5 and outputs the remainder of the encoded digest. The
|
||||
// caller is responsible for checking the output is a DigestInfo-wrapped digest
|
||||
// of the message.
|
||||
//
|
||||
// If |padding| is |RSA_NO_PADDING|, this function only performs the raw public
|
||||
// key operation. The caller is responsible for checking the output is a valid
|
||||
// result for the signature scheme being implemented.
|
||||
//
|
||||
// WARNING: This function is a building block for a signature scheme, not a
|
||||
// complete one. Checking for arbitrary strings in |out| will not result in a
|
||||
// secure signature scheme.
|
||||
OPENSSL_EXPORT int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out,
|
||||
size_t max_out, const uint8_t *in,
|
||||
size_t in_len, int padding);
|
||||
|
||||
// RSA_private_encrypt performs the private key portion of computing a signature
|
||||
// with |rsa|. It takes |flen| bytes from |from| as input and writes the result
|
||||
// to |to|. The |to| buffer must have at least |RSA_size| bytes of space. It
|
||||
// returns the number of bytes written, or -1 on error.
|
||||
//
|
||||
// For the interpretation of |padding| and the input, see |RSA_sign_raw|.
|
||||
//
|
||||
// WARNING: This function is a building block for a signature scheme, not a
|
||||
// complete one. See |RSA_sign_raw| for details.
|
||||
//
|
||||
// WARNING: This function is dangerous because it breaks the usual return value
|
||||
// convention. Use |RSA_sign_raw| instead.
|
||||
OPENSSL_EXPORT int RSA_private_encrypt(size_t flen, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa, int padding);
|
||||
|
||||
// RSA_public_decrypt performs the public key portion of verifying |flen| bytes
|
||||
// of signature from |from| using the public key from |rsa|. It writes the
|
||||
// result to |to|, which must have at least |RSA_size| bytes of space. It
|
||||
// returns the number of bytes written, or -1 on error.
|
||||
//
|
||||
// For the interpretation of |padding| and the result, see |RSA_verify_raw|.
|
||||
//
|
||||
// WARNING: This function is a building block for a signature scheme, not a
|
||||
// complete one. See |RSA_verify_raw| for details.
|
||||
//
|
||||
// WARNING: This function is dangerous because it breaks the usual return value
|
||||
// convention. Use |RSA_verify_raw| instead.
|
||||
OPENSSL_EXPORT int RSA_public_decrypt(size_t flen, const uint8_t *from,
|
||||
uint8_t *to, RSA *rsa, int padding);
|
||||
|
||||
|
||||
// Utility functions.
|
||||
|
||||
// RSA_size returns the number of bytes in the modulus, which is also the size
|
||||
// of a signature or encrypted value using |rsa|.
|
||||
OPENSSL_EXPORT unsigned RSA_size(const RSA *rsa);
|
||||
|
||||
// RSA_is_opaque returns one if |rsa| is opaque and doesn't expose its key
|
||||
// material. Otherwise it returns zero.
|
||||
OPENSSL_EXPORT int RSA_is_opaque(const RSA *rsa);
|
||||
|
||||
// RSAPublicKey_dup allocates a fresh |RSA| and copies the public key from
|
||||
// |rsa| into it. It returns the fresh |RSA| object, or NULL on error.
|
||||
OPENSSL_EXPORT RSA *RSAPublicKey_dup(const RSA *rsa);
|
||||
|
||||
// RSAPrivateKey_dup allocates a fresh |RSA| and copies the private key from
|
||||
// |rsa| into it. It returns the fresh |RSA| object, or NULL on error.
|
||||
OPENSSL_EXPORT RSA *RSAPrivateKey_dup(const RSA *rsa);
|
||||
|
||||
// RSA_check_key performs basic validity tests on |rsa|. It returns one if
|
||||
// they pass and zero otherwise. If it returns zero then a more detailed error
|
||||
// is available on the error queue.
|
||||
OPENSSL_EXPORT int RSA_check_key(const RSA *rsa);
|
||||
|
||||
// RSA_check_fips performs two FIPS related checks in addition to basic
|
||||
// validity tests from RSA_check_key:
|
||||
// - partial public key validation (SP 800-89),
|
||||
// - pair-wise consistency test.
|
||||
// This function does not mutate |rsa| for thread-safety purposes and
|
||||
// may be used concurrently.
|
||||
OPENSSL_EXPORT int RSA_check_fips(RSA *key);
|
||||
|
||||
// RSA_verify_PKCS1_PSS_mgf1 verifies that |EM| is a correct PSS padding of
|
||||
// |mHash|, where |mHash| is a digest produced by |Hash|. |EM| must point to
|
||||
// exactly |RSA_size(rsa)| bytes of data. The |mgf1Hash| argument specifies the
|
||||
// hash function for generating the mask. If NULL, |Hash| is used. The |sLen|
|
||||
// argument specifies the expected salt length in bytes. If |sLen| is RSA_PSS_SALTLEN_DIGEST then
|
||||
// the salt length is the same as the hash length. If -2, then the salt length
|
||||
// is recovered and all values accepted.
|
||||
//
|
||||
// If unsure, use RSA_PSS_SALTLEN_DIGEST.
|
||||
//
|
||||
// It returns one on success or zero on error.
|
||||
//
|
||||
// This function implements only the low-level padding logic. Use
|
||||
// |RSA_verify_pss_mgf1| instead.
|
||||
OPENSSL_EXPORT int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa,
|
||||
const uint8_t *mHash,
|
||||
const EVP_MD *Hash,
|
||||
const EVP_MD *mgf1Hash,
|
||||
const uint8_t *EM, int sLen);
|
||||
|
||||
// RSA_padding_add_PKCS1_PSS_mgf1 writes a PSS padding of |mHash| to |EM|,
|
||||
// where |mHash| is a digest produced by |Hash|. |RSA_size(rsa)| bytes of
|
||||
// output will be written to |EM|. The |mgf1Hash| argument specifies the hash
|
||||
// function for generating the mask. If NULL, |Hash| is used. The |sLen|
|
||||
// argument specifies the expected salt length in bytes.
|
||||
// If |sLen| is RSA_PSS_SALTLEN_DIGEST then the salt length is the same as
|
||||
// the hash length. If -2, then the salt length is maximal given the space in |EM|.
|
||||
//
|
||||
// It returns one on success or zero on error.
|
||||
//
|
||||
// This function implements only the low-level padding logic. Use
|
||||
// |RSA_sign_pss_mgf1| instead.
|
||||
OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(const RSA *rsa, uint8_t *EM,
|
||||
const uint8_t *mHash,
|
||||
const EVP_MD *Hash,
|
||||
const EVP_MD *mgf1Hash,
|
||||
int sLen);
|
||||
|
||||
// RSA_padding_add_PKCS1_OAEP_mgf1 writes an OAEP padding of |from| to |to|
|
||||
// with the given parameters and hash functions. If |md| is NULL then SHA-1 is
|
||||
// used. If |mgf1md| is NULL then the value of |md| is used (which means SHA-1
|
||||
// if that, in turn, is NULL).
|
||||
//
|
||||
// It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int RSA_padding_add_PKCS1_OAEP_mgf1(
|
||||
uint8_t *to, size_t to_len, const uint8_t *from, size_t from_len,
|
||||
const uint8_t *param, size_t param_len, const EVP_MD *md,
|
||||
const EVP_MD *mgf1md);
|
||||
|
||||
// PKCS1_MGF1 masks a seed using MGF1 as defined in RFC 8017 (B.2.1).
|
||||
// It writes the masked output to |out|, using |len| bytes. |seed| and
|
||||
// |seed_len| are the seed input. |md| is the message digest to use.
|
||||
//
|
||||
// It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int PKCS1_MGF1(uint8_t *out, size_t len,
|
||||
const uint8_t *seed, size_t seed_len, const EVP_MD *md);
|
||||
|
||||
// RSA_add_pkcs1_prefix builds a version of |digest| prefixed with the
|
||||
// DigestInfo header for the given hash function and sets |out_msg| to point to
|
||||
// it. On successful return, if |*is_alloced| is one, the caller must release
|
||||
// |*out_msg| with |OPENSSL_free|.
|
||||
OPENSSL_EXPORT int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
|
||||
int *is_alloced, int hash_nid,
|
||||
const uint8_t *digest,
|
||||
size_t digest_len);
|
||||
|
||||
|
||||
// ASN.1 functions.
|
||||
|
||||
// RSA_parse_public_key parses a DER-encoded RSAPublicKey structure (RFC 8017)
|
||||
// from |cbs| and advances |cbs|. It returns a newly-allocated |RSA| or NULL on
|
||||
// error.
|
||||
OPENSSL_EXPORT RSA *RSA_parse_public_key(CBS *cbs);
|
||||
|
||||
// RSA_public_key_from_bytes parses |in| as a DER-encoded RSAPublicKey structure
|
||||
// (RFC 8017). It returns a newly-allocated |RSA| or NULL on error.
|
||||
OPENSSL_EXPORT RSA *RSA_public_key_from_bytes(const uint8_t *in, size_t in_len);
|
||||
|
||||
// RSA_marshal_public_key marshals |rsa| as a DER-encoded RSAPublicKey structure
|
||||
// (RFC 8017) and appends the result to |cbb|. It returns one on success and
|
||||
// zero on failure.
|
||||
OPENSSL_EXPORT int RSA_marshal_public_key(CBB *cbb, const RSA *rsa);
|
||||
|
||||
// RSA_public_key_to_bytes marshals |rsa| as a DER-encoded RSAPublicKey
|
||||
// structure (RFC 8017) and, on success, sets |*out_bytes| to a newly allocated
|
||||
// buffer containing the result and returns one. Otherwise, it returns zero. The
|
||||
// result should be freed with |OPENSSL_free|.
|
||||
OPENSSL_EXPORT int RSA_public_key_to_bytes(uint8_t **out_bytes, size_t *out_len,
|
||||
const RSA *rsa);
|
||||
|
||||
// RSA_parse_private_key parses a DER-encoded RSAPrivateKey structure (RFC 8017)
|
||||
// from |cbs| and advances |cbs|. It returns a newly-allocated |RSA| or NULL on
|
||||
// error.
|
||||
OPENSSL_EXPORT RSA *RSA_parse_private_key(CBS *cbs);
|
||||
|
||||
// RSA_private_key_from_bytes parses |in| as a DER-encoded RSAPrivateKey
|
||||
// structure (RFC 8017). It returns a newly-allocated |RSA| or NULL on error.
|
||||
OPENSSL_EXPORT RSA *RSA_private_key_from_bytes(const uint8_t *in,
|
||||
size_t in_len);
|
||||
|
||||
// RSA_marshal_private_key marshals |rsa| as a DER-encoded RSAPrivateKey
|
||||
// structure (RFC 8017) and appends the result to |cbb|. It returns one on
|
||||
// success and zero on failure.
|
||||
OPENSSL_EXPORT int RSA_marshal_private_key(CBB *cbb, const RSA *rsa);
|
||||
|
||||
// RSA_private_key_to_bytes marshals |rsa| as a DER-encoded RSAPrivateKey
|
||||
// structure (RFC 8017) and, on success, sets |*out_bytes| to a newly allocated
|
||||
// buffer containing the result and returns one. Otherwise, it returns zero. The
|
||||
// result should be freed with |OPENSSL_free|.
|
||||
OPENSSL_EXPORT int RSA_private_key_to_bytes(uint8_t **out_bytes,
|
||||
size_t *out_len, const RSA *rsa);
|
||||
|
||||
|
||||
// Obscure RSA variants.
|
||||
//
|
||||
// These functions allow creating RSA keys with obscure combinations of
|
||||
// parameters.
|
||||
|
||||
// RSA_new_private_key_no_crt behaves like |RSA_new_private_key| but constructs
|
||||
// an RSA key without CRT coefficients.
|
||||
//
|
||||
// Keys created by this function will be less performant and cannot be
|
||||
// serialized.
|
||||
OPENSSL_EXPORT RSA *RSA_new_private_key_no_crt(const BIGNUM *n, const BIGNUM *e,
|
||||
const BIGNUM *d);
|
||||
|
||||
// RSA_new_private_key_no_e behaves like |RSA_new_private_key| but constructs an
|
||||
// RSA key without CRT parameters or public exponent.
|
||||
//
|
||||
// Keys created by this function will be less performant, cannot be serialized,
|
||||
// and lack hardening measures that protect against side channels and fault
|
||||
// attacks.
|
||||
OPENSSL_EXPORT RSA *RSA_new_private_key_no_e(const BIGNUM *n, const BIGNUM *d);
|
||||
|
||||
// RSA_new_public_key_large_e behaves like |RSA_new_public_key| but allows any
|
||||
// |e| up to |n|.
|
||||
//
|
||||
// BoringSSL typically bounds public exponents as a denial-of-service
|
||||
// mitigation. Keys created by this function may perform worse than those
|
||||
// created by |RSA_new_public_key|.
|
||||
OPENSSL_EXPORT RSA *RSA_new_public_key_large_e(const BIGNUM *n,
|
||||
const BIGNUM *e);
|
||||
|
||||
// RSA_new_private_key_large_e behaves like |RSA_new_private_key| but allows any
|
||||
// |e| up to |n|.
|
||||
//
|
||||
// BoringSSL typically bounds public exponents as a denial-of-service
|
||||
// mitigation. Keys created by this function may perform worse than those
|
||||
// created by |RSA_new_private_key|.
|
||||
OPENSSL_EXPORT RSA *RSA_new_private_key_large_e(
|
||||
const BIGNUM *n, const BIGNUM *e, const BIGNUM *d, const BIGNUM *p,
|
||||
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
|
||||
const BIGNUM *iqmp);
|
||||
|
||||
|
||||
// ex_data functions.
|
||||
//
|
||||
// See |ex_data.h| for details.
|
||||
|
||||
OPENSSL_EXPORT int RSA_get_ex_new_index(long argl, void *argp,
|
||||
CRYPTO_EX_unused *unused,
|
||||
CRYPTO_EX_dup *dup_unused,
|
||||
CRYPTO_EX_free *free_func);
|
||||
OPENSSL_EXPORT int RSA_set_ex_data(RSA *rsa, int idx, void *arg);
|
||||
OPENSSL_EXPORT void *RSA_get_ex_data(const RSA *rsa, int idx);
|
||||
|
||||
// Flags.
|
||||
|
||||
// RSA_FLAG_OPAQUE specifies that this RSA_METHOD does not expose its key
|
||||
// material. This may be set if, for instance, it is wrapping some other crypto
|
||||
// API, like a platform key store.
|
||||
#define RSA_FLAG_OPAQUE 1
|
||||
|
||||
// RSA_FLAG_NO_BLINDING disables blinding of private operations, which is a
|
||||
// dangerous thing to do. It is deprecated and should not be used. It will
|
||||
// be ignored whenever possible.
|
||||
//
|
||||
// This flag must be used if a key without the public exponent |e| is used for
|
||||
// private key operations; avoid using such keys whenever possible.
|
||||
#define RSA_FLAG_NO_BLINDING 8
|
||||
|
||||
// RSA_FLAG_EXT_PKEY is deprecated and ignored.
|
||||
#define RSA_FLAG_EXT_PKEY 0x20
|
||||
|
||||
// RSA_FLAG_NO_PUBLIC_EXPONENT indicates that private keys without a public
|
||||
// exponent are allowed. This is an internal constant. Use
|
||||
// |RSA_new_private_key_no_e| to construct such keys.
|
||||
#define RSA_FLAG_NO_PUBLIC_EXPONENT 0x40
|
||||
|
||||
// RSA_FLAG_LARGE_PUBLIC_EXPONENT indicates that keys with a large public
|
||||
// exponent are allowed. This is an internal constant. Use
|
||||
// |RSA_new_public_key_large_e| and |RSA_new_private_key_large_e| to construct
|
||||
// such keys.
|
||||
#define RSA_FLAG_LARGE_PUBLIC_EXPONENT 0x80
|
||||
|
||||
|
||||
// RSA public exponent values.
|
||||
|
||||
#define RSA_3 0x3
|
||||
#define RSA_F4 0x10001
|
||||
|
||||
|
||||
// Deprecated functions.
|
||||
|
||||
#define RSA_METHOD_FLAG_NO_CHECK RSA_FLAG_OPAQUE
|
||||
|
||||
// RSAerr allows consumers to add an error for a given function |f| and reason
|
||||
// |r|. This macro is added in for OpenSSL compatibility. To avoid exposing
|
||||
// internals, we ignore the |f| parameter. The |r| parameter is passed into
|
||||
// |OPENSSL_PUT_ERROR|.
|
||||
#define RSAerr(f,r) OPENSSL_PUT_ERROR(RSA, r);
|
||||
|
||||
// RSA_flags returns the flags for |rsa|. These are a bitwise OR of |RSA_FLAG_*|
|
||||
// constants.
|
||||
OPENSSL_EXPORT int RSA_flags(const RSA *rsa);
|
||||
|
||||
// RSA_set_flags sets the flags in the |flags| parameter on the |RSA|
|
||||
// object. Multiple flags can be passed in one go (bitwise ORed together).
|
||||
// Any flags that are already set are left set.
|
||||
OPENSSL_EXPORT void RSA_set_flags(RSA *rsa, int flags);
|
||||
|
||||
// RSA_test_flags returns the subset of flags in |flags| which are set in |rsa|.
|
||||
OPENSSL_EXPORT int RSA_test_flags(const RSA *rsa, int flags);
|
||||
|
||||
// RSA_blinding_on returns one in case blinding is on, otherwise 0.
|
||||
OPENSSL_EXPORT int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
|
||||
|
||||
// RSA_blinding_off_temp_for_accp_compatibility sets |rsa|'s RSA_FLAG_NO_BLINDING.
|
||||
//
|
||||
// Private keys missing |e| are often used by the JCA. In order to use such keys
|
||||
// for signing/decryption, one can use RSA_blinding_off_temp_for_accp_compatibility
|
||||
// to disable blinding. In general, we strongly advise against disabling blinding.
|
||||
// This method is temporarily provided to support ACCP. It will be replaced
|
||||
// by a method that would allow creating an RSA private key from a modulus and
|
||||
// a private exponent having blinding disabled.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void RSA_blinding_off_temp_for_accp_compatibility(RSA *rsa);
|
||||
|
||||
// RSA_pkey_ctx_ctrl is a vestigial OpenSSL function that has been obsoleted by
|
||||
// the EVP interface. External callers should not use this. Internal callers
|
||||
// should use |EVP_PKEY_CTX_ctrl| instead.
|
||||
//
|
||||
// This function directly calls |EVP_PKEY_CTX_ctrl| with some guards around the
|
||||
// key's type. The key type must either be RSA or RSA-PSS, otherwise -1 is
|
||||
// returned.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd,
|
||||
int p1, void *p2);
|
||||
|
||||
// RSA_generate_key behaves like |RSA_generate_key_ex|, which is what you
|
||||
// should use instead. It returns NULL on error, or a newly-allocated |RSA| on
|
||||
// success. This function is provided for compatibility only. The |callback|
|
||||
// and |cb_arg| parameters must be NULL.
|
||||
OPENSSL_EXPORT RSA *RSA_generate_key(int bits, uint64_t e, void *callback,
|
||||
void *cb_arg);
|
||||
|
||||
// d2i_RSAPublicKey parses a DER-encoded RSAPublicKey structure (RFC 8017) from
|
||||
// |len| bytes at |*inp|, as described in |d2i_SAMPLE|.
|
||||
//
|
||||
// Use |RSA_parse_public_key| instead.
|
||||
OPENSSL_EXPORT RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len);
|
||||
|
||||
// i2d_RSAPublicKey marshals |in| to a DER-encoded RSAPublicKey structure (RFC
|
||||
// 8017), as described in |i2d_SAMPLE|.
|
||||
//
|
||||
// Use |RSA_marshal_public_key| instead.
|
||||
OPENSSL_EXPORT int i2d_RSAPublicKey(const RSA *in, uint8_t **outp);
|
||||
|
||||
// d2i_RSAPrivateKey parses a DER-encoded RSAPrivateKey structure (RFC 8017)
|
||||
// from |len| bytes at |*inp|, as described in |d2i_SAMPLE|.
|
||||
//
|
||||
// Use |RSA_parse_private_key| instead.
|
||||
OPENSSL_EXPORT RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len);
|
||||
|
||||
// i2d_RSAPrivateKey marshals |in| to a DER-encoded RSAPrivateKey structure (RFC
|
||||
// 8017), as described in |i2d_SAMPLE|.
|
||||
//
|
||||
// Use |RSA_marshal_private_key| instead.
|
||||
OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp);
|
||||
|
||||
// RSA_padding_add_PKCS1_PSS acts like |RSA_padding_add_PKCS1_PSS_mgf1| but the
|
||||
// |mgf1Hash| parameter of the latter is implicitly set to |Hash|.
|
||||
//
|
||||
// This function implements only the low-level padding logic. Use
|
||||
// |RSA_sign_pss_mgf1| instead.
|
||||
OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS(const RSA *rsa, uint8_t *EM,
|
||||
const uint8_t *mHash,
|
||||
const EVP_MD *Hash, int sLen);
|
||||
|
||||
// RSA_verify_PKCS1_PSS acts like |RSA_verify_PKCS1_PSS_mgf1| but the
|
||||
// |mgf1Hash| parameter of the latter is implicitly set to |Hash|.
|
||||
//
|
||||
// This function implements only the low-level padding logic. Use
|
||||
// |RSA_verify_pss_mgf1| instead.
|
||||
OPENSSL_EXPORT int RSA_verify_PKCS1_PSS(const RSA *rsa, const uint8_t *mHash,
|
||||
const EVP_MD *Hash, const uint8_t *EM,
|
||||
int sLen);
|
||||
|
||||
// RSA_padding_add_PKCS1_OAEP acts like |RSA_padding_add_PKCS1_OAEP_mgf1| but
|
||||
// the |md| and |mgf1md| parameters of the latter are implicitly set to NULL,
|
||||
// which means SHA-1.
|
||||
OPENSSL_EXPORT int RSA_padding_add_PKCS1_OAEP(uint8_t *to, size_t to_len,
|
||||
const uint8_t *from,
|
||||
size_t from_len,
|
||||
const uint8_t *param,
|
||||
size_t param_len);
|
||||
|
||||
// RSA_print prints a textual representation of |rsa| to |bio|. It returns one
|
||||
// on success or zero otherwise.
|
||||
OPENSSL_EXPORT int RSA_print(BIO *bio, const RSA *rsa, int indent);
|
||||
|
||||
// RSA_print_fp prints a textual representation of |rsa| to |fp|. It returns one
|
||||
// on success or zero otherwise.
|
||||
OPENSSL_EXPORT int RSA_print_fp(FILE *fp, const RSA *rsa, int indent);
|
||||
|
||||
// RSA_get0_pss_params returns NULL. In OpenSSL, this function retries RSA-PSS
|
||||
// parameters associated with |RSA| objects, but BoringSSL does not support
|
||||
// the id-RSASSA-PSS key encoding.
|
||||
OPENSSL_EXPORT const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *rsa);
|
||||
|
||||
// RSA_new_method_no_e returns a newly-allocated |RSA| object backed by
|
||||
// |engine|, with a public modulus of |n| and no known public exponent.
|
||||
//
|
||||
// Do not use this function. It exists only to support Conscrypt, whose use
|
||||
// should be replaced with a more sound mechanism. See
|
||||
// https://crbug.com/boringssl/602.
|
||||
OPENSSL_EXPORT RSA *RSA_new_method_no_e(const ENGINE *engine, const BIGNUM *n);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(RSA, RSA_free)
|
||||
BORINGSSL_MAKE_UP_REF(RSA, RSA_up_ref)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif
|
||||
|
||||
#define RSA_R_BAD_ENCODING 100
|
||||
#define RSA_R_BAD_E_VALUE 101
|
||||
#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102
|
||||
#define RSA_R_BAD_PAD_BYTE_COUNT 103
|
||||
#define RSA_R_BAD_RSA_PARAMETERS 104
|
||||
#define RSA_R_BAD_SIGNATURE 105
|
||||
#define RSA_R_BAD_VERSION 106
|
||||
#define RSA_R_BLOCK_TYPE_IS_NOT_01 107
|
||||
#define RSA_R_BN_NOT_INITIALIZED 108
|
||||
#define RSA_R_CANNOT_RECOVER_MULTI_PRIME_KEY 109
|
||||
#define RSA_R_CRT_PARAMS_ALREADY_GIVEN 110
|
||||
#define RSA_R_CRT_VALUES_INCORRECT 111
|
||||
#define RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN 112
|
||||
#define RSA_R_DATA_TOO_LARGE 113
|
||||
#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 114
|
||||
#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 115
|
||||
#define RSA_R_DATA_TOO_SMALL 116
|
||||
#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 117
|
||||
#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 118
|
||||
#define RSA_R_D_E_NOT_CONGRUENT_TO_1 119
|
||||
#define RSA_R_EMPTY_PUBLIC_KEY 120
|
||||
#define RSA_R_ENCODE_ERROR 121
|
||||
#define RSA_R_FIRST_OCTET_INVALID 122
|
||||
#define RSA_R_INCONSISTENT_SET_OF_CRT_VALUES 123
|
||||
#define RSA_R_INTERNAL_ERROR 124
|
||||
#define RSA_R_INVALID_MESSAGE_LENGTH 125
|
||||
#define RSA_R_KEY_SIZE_TOO_SMALL 126
|
||||
#define RSA_R_LAST_OCTET_INVALID 127
|
||||
#define RSA_R_MODULUS_TOO_LARGE 128
|
||||
#define RSA_R_MUST_HAVE_AT_LEAST_TWO_PRIMES 129
|
||||
#define RSA_R_NO_PUBLIC_EXPONENT 130
|
||||
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 131
|
||||
#define RSA_R_N_NOT_EQUAL_P_Q 132
|
||||
#define RSA_R_OAEP_DECODING_ERROR 133
|
||||
#define RSA_R_ONLY_ONE_OF_P_Q_GIVEN 134
|
||||
#define RSA_R_OUTPUT_BUFFER_TOO_SMALL 135
|
||||
#define RSA_R_PADDING_CHECK_FAILED 136
|
||||
#define RSA_R_PKCS_DECODING_ERROR 137
|
||||
#define RSA_R_SLEN_CHECK_FAILED 138
|
||||
#define RSA_R_SLEN_RECOVERY_FAILED 139
|
||||
#define RSA_R_TOO_LONG 140
|
||||
#define RSA_R_TOO_MANY_ITERATIONS 141
|
||||
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 142
|
||||
#define RSA_R_UNKNOWN_PADDING_TYPE 143
|
||||
#define RSA_R_VALUE_MISSING 144
|
||||
#define RSA_R_WRONG_SIGNATURE_LENGTH 145
|
||||
#define RSA_R_PUBLIC_KEY_VALIDATION_FAILED 146
|
||||
#define RSA_R_D_OUT_OF_RANGE 147
|
||||
#define RSA_R_BLOCK_TYPE_IS_NOT_02 148
|
||||
#define RSA_R_MISMATCHED_SIGNATURE 248
|
||||
|
||||
// RSA_F_RSA_OSSL_PRIVATE_ENCRYPT is a function code defined
|
||||
// for compatibility. AWS-LC does not support function codes
|
||||
#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 0
|
||||
|
||||
#endif // OPENSSL_HEADER_RSA_H
|
||||
+5
@@ -0,0 +1,5 @@
|
||||
// Copyright (c) 2014, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
+88
@@ -0,0 +1,88 @@
|
||||
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0 OR ISC
|
||||
|
||||
#ifndef AWSLC_HEADER_SERVICE_INDICATOR_H
|
||||
#define AWSLC_HEADER_SERVICE_INDICATOR_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// FIPS 140-3 Approved Security Service Indicator
|
||||
|
||||
|
||||
// |FIPS_service_indicator_before_call| and |FIPS_service_indicator_after_call|
|
||||
// both currently return the same local thread counter which is slowly
|
||||
// incremented whenever approved services are called.
|
||||
//
|
||||
// |FIPS_service_indicator_before_call| is intended to be called right before
|
||||
// an approved service, while |FIPS_service_indicator_after_call| should be
|
||||
// called immediately after. If the values returned from these two functions are
|
||||
// not equal, this means that the service called in between is deemed to be
|
||||
// approved. If the values are still the same, this means the counter has not
|
||||
// been incremented, and the service called is otherwise not approved for FIPS.
|
||||
|
||||
|
||||
OPENSSL_EXPORT uint64_t FIPS_service_indicator_before_call(void);
|
||||
OPENSSL_EXPORT uint64_t FIPS_service_indicator_after_call(void);
|
||||
|
||||
OPENSSL_EXPORT const char* awslc_version_string(void);
|
||||
|
||||
enum FIPSStatus {
|
||||
AWSLC_NOT_APPROVED = 0,
|
||||
AWSLC_APPROVED = 1
|
||||
};
|
||||
|
||||
#if defined(AWSLC_FIPS)
|
||||
|
||||
#define AWSLC_MODE_STRING "AWS-LC FIPS "
|
||||
|
||||
// CALL_SERVICE_AND_CHECK_APPROVED performs an approval check and runs the service.
|
||||
// The |approved| value passed in will change to |AWSLC_APPROVED| and
|
||||
// |AWSLC_NOT_APPROVED| accordingly to the approved state of the service ran.
|
||||
// It is highly recommended that users of the service indicator use this macro
|
||||
// when interacting with the service indicator.
|
||||
//
|
||||
// This macro tests before != after to handle potential uint64_t rollover in
|
||||
// long-running applications that use the release build of AWS-LC. Debug builds
|
||||
// use an assert before + 1 == after to ensure in testing the service indicator
|
||||
// is operating as expected.
|
||||
#define CALL_SERVICE_AND_CHECK_APPROVED(approved, func) \
|
||||
do { \
|
||||
(approved) = AWSLC_NOT_APPROVED; \
|
||||
int before = FIPS_service_indicator_before_call(); \
|
||||
func; \
|
||||
int after = FIPS_service_indicator_after_call(); \
|
||||
if (before != after) { \
|
||||
assert(before + 1 == after); \
|
||||
(approved) = AWSLC_APPROVED; \
|
||||
} \
|
||||
} \
|
||||
while(0)
|
||||
|
||||
#else
|
||||
|
||||
#define AWSLC_MODE_STRING "AWS-LC "
|
||||
|
||||
// CALL_SERVICE_AND_CHECK_APPROVED always returns |AWSLC_APPROVED| when AWS-LC
|
||||
// is not built in FIPS mode for easier consumer compatibility that have both
|
||||
// FIPS and non-FIPS libraries.
|
||||
#define CALL_SERVICE_AND_CHECK_APPROVED(approved, func) \
|
||||
do { \
|
||||
(approved) = AWSLC_APPROVED; \
|
||||
func; \
|
||||
} \
|
||||
while(0) \
|
||||
|
||||
#endif // AWSLC_FIPS
|
||||
|
||||
#define AWSLC_VERSION_STRING AWSLC_MODE_STRING AWSLC_VERSION_NUMBER_STRING
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // AWSLC_SERVICE_INDICATOR_H
|
||||
+247
@@ -0,0 +1,247 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_SHA_H
|
||||
#define OPENSSL_HEADER_SHA_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// The SHA family of hash functions (SHA-1 and SHA-2).
|
||||
|
||||
|
||||
// SHA_CBLOCK is the block size of SHA-1.
|
||||
#define SHA_CBLOCK 64
|
||||
|
||||
// SHA_DIGEST_LENGTH is the length of a SHA-1 digest.
|
||||
#define SHA_DIGEST_LENGTH 20
|
||||
|
||||
// SHA1_Init initialises |sha| and returns one.
|
||||
OPENSSL_EXPORT int SHA1_Init(SHA_CTX *sha);
|
||||
|
||||
// SHA1_Update adds |len| bytes from |data| to |sha| and returns one.
|
||||
OPENSSL_EXPORT int SHA1_Update(SHA_CTX *sha, const void *data, size_t len);
|
||||
|
||||
// SHA1_Final adds the final padding to |sha| and writes the resulting digest to
|
||||
// |out|, which must have at least |SHA_DIGEST_LENGTH| bytes of space. It
|
||||
// returns one.
|
||||
OPENSSL_EXPORT int SHA1_Final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *sha);
|
||||
|
||||
// SHA1 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
// |out|. There must be at least |SHA_DIGEST_LENGTH| bytes of space in
|
||||
// |out|.
|
||||
OPENSSL_EXPORT uint8_t *SHA1(const uint8_t *data, size_t len,
|
||||
uint8_t out[SHA_DIGEST_LENGTH]);
|
||||
|
||||
// SHA1_Transform is a low-level function that performs a single, SHA-1 block
|
||||
// transformation using the state from |sha| and |SHA_CBLOCK| bytes from
|
||||
// |block|.
|
||||
OPENSSL_EXPORT void SHA1_Transform(SHA_CTX *sha,
|
||||
const uint8_t block[SHA_CBLOCK]);
|
||||
|
||||
struct sha_state_st {
|
||||
uint32_t h[5];
|
||||
uint32_t Nl, Nh;
|
||||
uint8_t data[SHA_CBLOCK];
|
||||
unsigned num;
|
||||
};
|
||||
|
||||
|
||||
// SHA-224.
|
||||
|
||||
// SHA224_CBLOCK is the block size of SHA-224.
|
||||
#define SHA224_CBLOCK 64
|
||||
|
||||
// SHA224_DIGEST_LENGTH is the length of a SHA-224 digest.
|
||||
#define SHA224_DIGEST_LENGTH 28
|
||||
|
||||
// SHA224_Init initialises |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA224_Init(SHA256_CTX *sha);
|
||||
|
||||
// SHA224_Update adds |len| bytes from |data| to |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA224_Update(SHA256_CTX *sha, const void *data, size_t len);
|
||||
|
||||
// SHA224_Final adds the final padding to |sha| and writes the resulting digest
|
||||
// to |out|, which must have at least |SHA224_DIGEST_LENGTH| bytes of space. It
|
||||
// returns one on success and zero on programmer error.
|
||||
OPENSSL_EXPORT int SHA224_Final(uint8_t out[SHA224_DIGEST_LENGTH],
|
||||
SHA256_CTX *sha);
|
||||
|
||||
// SHA224 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
// |out|. There must be at least |SHA224_DIGEST_LENGTH| bytes of space in
|
||||
// |out|.
|
||||
OPENSSL_EXPORT uint8_t *SHA224(const uint8_t *data, size_t len,
|
||||
uint8_t out[SHA224_DIGEST_LENGTH]);
|
||||
|
||||
|
||||
// SHA-256.
|
||||
|
||||
// SHA256_CBLOCK is the block size of SHA-256.
|
||||
#define SHA256_CBLOCK 64
|
||||
|
||||
// SHA256_DIGEST_LENGTH is the length of a SHA-256 digest.
|
||||
#define SHA256_DIGEST_LENGTH 32
|
||||
|
||||
// SHA256_Init initialises |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA256_Init(SHA256_CTX *sha);
|
||||
|
||||
// SHA256_Update adds |len| bytes from |data| to |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA256_Update(SHA256_CTX *sha, const void *data, size_t len);
|
||||
|
||||
// SHA256_Final adds the final padding to |sha| and writes the resulting digest
|
||||
// to |out|, which must have at least |SHA256_DIGEST_LENGTH| bytes of space. It
|
||||
// returns one on success and zero on programmer error.
|
||||
OPENSSL_EXPORT int SHA256_Final(uint8_t out[SHA256_DIGEST_LENGTH],
|
||||
SHA256_CTX *sha);
|
||||
|
||||
// SHA256 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
// |out|. There must be at least |SHA256_DIGEST_LENGTH| bytes of space in
|
||||
// |out|.
|
||||
OPENSSL_EXPORT uint8_t *SHA256(const uint8_t *data, size_t len,
|
||||
uint8_t out[SHA256_DIGEST_LENGTH]);
|
||||
|
||||
// SHA256_Transform is a low-level function that performs a single, SHA-256
|
||||
// block transformation using the state from |sha| and |SHA256_CBLOCK| bytes
|
||||
// from |block|.
|
||||
OPENSSL_EXPORT void SHA256_Transform(SHA256_CTX *sha,
|
||||
const uint8_t block[SHA256_CBLOCK]);
|
||||
|
||||
// SHA256_TransformBlocks is a low-level function that takes |num_blocks| *
|
||||
// |SHA256_CBLOCK| bytes of data and performs SHA-256 transforms on it to update
|
||||
// |state|. You should not use this function unless you are implementing a
|
||||
// derivative of SHA-256.
|
||||
OPENSSL_EXPORT void SHA256_TransformBlocks(uint32_t state[8],
|
||||
const uint8_t *data,
|
||||
size_t num_blocks);
|
||||
|
||||
struct sha256_state_st {
|
||||
uint32_t h[8];
|
||||
uint32_t Nl, Nh;
|
||||
uint8_t data[SHA256_CBLOCK];
|
||||
unsigned num, md_len;
|
||||
};
|
||||
|
||||
|
||||
// SHA-384.
|
||||
|
||||
// SHA384_CBLOCK is the block size of SHA-384.
|
||||
#define SHA384_CBLOCK 128
|
||||
|
||||
// SHA384_DIGEST_LENGTH is the length of a SHA-384 digest.
|
||||
#define SHA384_DIGEST_LENGTH 48
|
||||
|
||||
// SHA384_Init initialises |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA384_Init(SHA512_CTX *sha);
|
||||
|
||||
// SHA384_Update adds |len| bytes from |data| to |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len);
|
||||
|
||||
// SHA384_Final adds the final padding to |sha| and writes the resulting digest
|
||||
// to |out|, which must have at least |SHA384_DIGEST_LENGTH| bytes of space. It
|
||||
// returns one on success and zero on programmer error.
|
||||
OPENSSL_EXPORT int SHA384_Final(uint8_t out[SHA384_DIGEST_LENGTH],
|
||||
SHA512_CTX *sha);
|
||||
|
||||
// SHA384 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
// |out|. There must be at least |SHA384_DIGEST_LENGTH| bytes of space in
|
||||
// |out|.
|
||||
OPENSSL_EXPORT uint8_t *SHA384(const uint8_t *data, size_t len,
|
||||
uint8_t out[SHA384_DIGEST_LENGTH]);
|
||||
|
||||
|
||||
// SHA-512.
|
||||
|
||||
// SHA512_CBLOCK is the block size of SHA-512.
|
||||
#define SHA512_CBLOCK 128
|
||||
|
||||
// SHA512_DIGEST_LENGTH is the length of a SHA-512 digest.
|
||||
#define SHA512_DIGEST_LENGTH 64
|
||||
|
||||
// SHA512_Init initialises |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA512_Init(SHA512_CTX *sha);
|
||||
|
||||
// SHA512_Update adds |len| bytes from |data| to |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA512_Update(SHA512_CTX *sha, const void *data, size_t len);
|
||||
|
||||
// SHA512_Final adds the final padding to |sha| and writes the resulting digest
|
||||
// to |out|, which must have at least |SHA512_DIGEST_LENGTH| bytes of space. It
|
||||
// returns one on success and zero on programmer error.
|
||||
OPENSSL_EXPORT int SHA512_Final(uint8_t out[SHA512_DIGEST_LENGTH],
|
||||
SHA512_CTX *sha);
|
||||
|
||||
// SHA512 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
// |out|. There must be at least |SHA512_DIGEST_LENGTH| bytes of space in
|
||||
// |out|.
|
||||
OPENSSL_EXPORT uint8_t *SHA512(const uint8_t *data, size_t len,
|
||||
uint8_t out[SHA512_DIGEST_LENGTH]);
|
||||
|
||||
// SHA512_Transform is a low-level function that performs a single, SHA-512
|
||||
// block transformation using the state from |sha| and |SHA512_CBLOCK| bytes
|
||||
// from |block|.
|
||||
OPENSSL_EXPORT void SHA512_Transform(SHA512_CTX *sha,
|
||||
const uint8_t block[SHA512_CBLOCK]);
|
||||
|
||||
struct sha512_state_st {
|
||||
uint64_t h[8];
|
||||
uint64_t Nl, Nh;
|
||||
uint8_t p[128];
|
||||
unsigned num, md_len;
|
||||
};
|
||||
|
||||
|
||||
// SHA-512-224 and SHA-512-256
|
||||
//
|
||||
// See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf section 5.3.6
|
||||
|
||||
#define SHA512_224_DIGEST_LENGTH 28
|
||||
|
||||
// SHA512_224_Init initialises |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA512_224_Init(SHA512_CTX *sha);
|
||||
|
||||
// SHA512_224_Update adds |len| bytes from |data| to |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA512_224_Update(SHA512_CTX *sha, const void *data,
|
||||
size_t len);
|
||||
|
||||
// SHA512_224_Final adds the final padding to |sha| and writes the resulting
|
||||
// digest to |out|, which must have at least |SHA512_224_DIGEST_LENGTH| bytes of
|
||||
// space. It returns one on success and zero on programmer error.
|
||||
OPENSSL_EXPORT int SHA512_224_Final(uint8_t out[SHA512_224_DIGEST_LENGTH],
|
||||
SHA512_CTX *sha);
|
||||
|
||||
// SHA512_224 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
// |out|. There must be at least |SHA512_224_DIGEST_LENGTH| bytes of space in
|
||||
// |out|.
|
||||
OPENSSL_EXPORT uint8_t *SHA512_224(const uint8_t *data, size_t len,
|
||||
uint8_t out[SHA512_224_DIGEST_LENGTH]);
|
||||
|
||||
#define SHA512_256_DIGEST_LENGTH 32
|
||||
|
||||
// SHA512_256_Init initialises |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA512_256_Init(SHA512_CTX *sha);
|
||||
|
||||
// SHA512_256_Update adds |len| bytes from |data| to |sha| and returns 1.
|
||||
OPENSSL_EXPORT int SHA512_256_Update(SHA512_CTX *sha, const void *data,
|
||||
size_t len);
|
||||
|
||||
// SHA512_256_Final adds the final padding to |sha| and writes the resulting
|
||||
// digest to |out|, which must have at least |SHA512_256_DIGEST_LENGTH| bytes of
|
||||
// space. It returns one on success and zero on programmer error.
|
||||
OPENSSL_EXPORT int SHA512_256_Final(uint8_t out[SHA512_256_DIGEST_LENGTH],
|
||||
SHA512_CTX *sha);
|
||||
|
||||
// SHA512_256 writes the digest of |len| bytes from |data| to |out| and returns
|
||||
// |out|. There must be at least |SHA512_256_DIGEST_LENGTH| bytes of space in
|
||||
// |out|.
|
||||
OPENSSL_EXPORT uint8_t *SHA512_256(const uint8_t *data, size_t len,
|
||||
uint8_t out[SHA512_256_DIGEST_LENGTH]);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_SHA_H
|
||||
+26
@@ -0,0 +1,26 @@
|
||||
// Copyright (c) 2019, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_SIPHASH_H
|
||||
#define OPENSSL_HEADER_SIPHASH_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// SipHash is a fast, secure PRF that is often used for hash tables.
|
||||
|
||||
|
||||
// SIPHASH_24 implements SipHash-2-4. See https://131002.net/siphash/siphash.pdf
|
||||
OPENSSL_EXPORT uint64_t SIPHASH_24(const uint64_t key[2], const uint8_t *input,
|
||||
size_t input_len);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_SIPHASH_H
|
||||
+216
@@ -0,0 +1,216 @@
|
||||
// Copyright (c) 2017, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_SSL_SPAN_H
|
||||
#define OPENSSL_HEADER_SSL_SPAN_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
|
||||
extern "C++" {
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <algorithm>
|
||||
#include <type_traits>
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
template <typename T>
|
||||
class Span;
|
||||
|
||||
namespace internal {
|
||||
template <typename T>
|
||||
class SpanBase {
|
||||
// Put comparison operator implementations into a base class with const T, so
|
||||
// they can be used with any type that implicitly converts into a Span.
|
||||
static_assert(std::is_const<T>::value,
|
||||
"Span<T> must be derived from SpanBase<const T>");
|
||||
|
||||
friend bool operator==(Span<T> lhs, Span<T> rhs) {
|
||||
// MSVC issues warning C4996 because std::equal is unsafe. The pragma to
|
||||
// suppress the warning mysteriously has no effect, hence this
|
||||
// implementation. See
|
||||
// https://msdn.microsoft.com/en-us/library/aa985974.aspx.
|
||||
if (lhs.size() != rhs.size()) {
|
||||
return false;
|
||||
}
|
||||
for (T *l = lhs.begin(), *r = rhs.begin(); l != lhs.end() && r != rhs.end();
|
||||
++l, ++r) {
|
||||
if (*l != *r) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
friend bool operator!=(Span<T> lhs, Span<T> rhs) { return !(lhs == rhs); }
|
||||
};
|
||||
} // namespace internal
|
||||
|
||||
// A Span<T> is a non-owning reference to a contiguous array of objects of type
|
||||
// |T|. Conceptually, a Span is a simple a pointer to |T| and a count of
|
||||
// elements accessible via that pointer. The elements referenced by the Span can
|
||||
// be mutated if |T| is mutable.
|
||||
//
|
||||
// A Span can be constructed from container types implementing |data()| and
|
||||
// |size()| methods. If |T| is constant, construction from a container type is
|
||||
// implicit. This allows writing methods that accept data from some unspecified
|
||||
// container type:
|
||||
//
|
||||
// // Foo views data referenced by v.
|
||||
// void Foo(bssl::Span<const uint8_t> v) { ... }
|
||||
//
|
||||
// std::vector<uint8_t> vec;
|
||||
// Foo(vec);
|
||||
//
|
||||
// For mutable Spans, conversion is explicit:
|
||||
//
|
||||
// // FooMutate mutates data referenced by v.
|
||||
// void FooMutate(bssl::Span<uint8_t> v) { ... }
|
||||
//
|
||||
// FooMutate(bssl::Span<uint8_t>(vec));
|
||||
//
|
||||
// You can also use the |MakeSpan| and |MakeConstSpan| factory methods to
|
||||
// construct Spans in order to deduce the type of the Span automatically.
|
||||
//
|
||||
// FooMutate(bssl::MakeSpan(vec));
|
||||
//
|
||||
// Note that Spans have value type sematics. They are cheap to construct and
|
||||
// copy, and should be passed by value whenever a method would otherwise accept
|
||||
// a reference or pointer to a container or array.
|
||||
template <typename T>
|
||||
class Span : private internal::SpanBase<const T> {
|
||||
private:
|
||||
static const size_t npos = static_cast<size_t>(-1);
|
||||
|
||||
public:
|
||||
constexpr Span() : Span(nullptr, 0) {}
|
||||
constexpr Span(T *ptr, size_t len) : data_(ptr), size_(len) {}
|
||||
|
||||
template <size_t N>
|
||||
constexpr Span(T (&array)[N]) : Span(array, N) {}
|
||||
|
||||
template <
|
||||
typename C,
|
||||
// TODO(davidben): Switch everything to std::enable_if_t when we remove
|
||||
// support for MSVC 2015. Although we could write our own enable_if_t and
|
||||
// MSVC 2015 has std::enable_if_t anyway, MSVC 2015's SFINAE
|
||||
// implementation is problematic and does not work below unless we write
|
||||
// the ::type at use.
|
||||
//
|
||||
// TODO(davidben): Move this and the identical copy below into an
|
||||
// EnableIfContainer alias when we drop MSVC 2015 support. MSVC 2015's
|
||||
// SFINAE support cannot handle type aliases.
|
||||
typename = typename std::enable_if<
|
||||
std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
|
||||
std::is_integral<decltype(std::declval<C>().size())>::value>::type,
|
||||
typename = typename std::enable_if<std::is_const<T>::value, C>::type>
|
||||
Span(const C &container) : data_(container.data()), size_(container.size()) {}
|
||||
|
||||
template <
|
||||
typename C,
|
||||
typename = typename std::enable_if<
|
||||
std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
|
||||
std::is_integral<decltype(std::declval<C>().size())>::value>::type,
|
||||
typename = typename std::enable_if<!std::is_const<T>::value, C>::type>
|
||||
explicit Span(C &container)
|
||||
: data_(container.data()), size_(container.size()) {}
|
||||
|
||||
T *data() const { return data_; }
|
||||
size_t size() const { return size_; }
|
||||
bool empty() const { return size_ == 0; }
|
||||
|
||||
T *begin() const { return data_; }
|
||||
const T *cbegin() const { return data_; }
|
||||
T *end() const { return data_ + size_; }
|
||||
const T *cend() const { return end(); }
|
||||
|
||||
T &front() const {
|
||||
if (size_ == 0) {
|
||||
abort();
|
||||
}
|
||||
return data_[0];
|
||||
}
|
||||
T &back() const {
|
||||
if (size_ == 0) {
|
||||
abort();
|
||||
}
|
||||
return data_[size_ - 1];
|
||||
}
|
||||
|
||||
T &operator[](size_t i) const {
|
||||
if (i >= size_) {
|
||||
abort();
|
||||
}
|
||||
return data_[i];
|
||||
}
|
||||
T &at(size_t i) const { return (*this)[i]; }
|
||||
|
||||
Span subspan(size_t pos = 0, size_t len = npos) const {
|
||||
if (pos > size_) {
|
||||
// absl::Span throws an exception here. Note std::span and Chromium
|
||||
// base::span additionally forbid pos + len being out of range, with a
|
||||
// special case at npos/dynamic_extent, while absl::Span::subspan clips
|
||||
// the span. For now, we align with absl::Span in case we switch to it in
|
||||
// the future.
|
||||
abort();
|
||||
}
|
||||
return Span(data_ + pos, std::min(size_ - pos, len));
|
||||
}
|
||||
|
||||
Span first(size_t len) {
|
||||
if (len > size_) {
|
||||
abort();
|
||||
}
|
||||
return Span(data_, len);
|
||||
}
|
||||
|
||||
Span last(size_t len) {
|
||||
if (len > size_) {
|
||||
abort();
|
||||
}
|
||||
return Span(data_ + size_ - len, len);
|
||||
}
|
||||
|
||||
private:
|
||||
T *data_;
|
||||
size_t size_;
|
||||
};
|
||||
|
||||
template <typename T>
|
||||
const size_t Span<T>::npos;
|
||||
|
||||
template <typename T>
|
||||
Span<T> MakeSpan(T *ptr, size_t size) {
|
||||
return Span<T>(ptr, size);
|
||||
}
|
||||
|
||||
template <typename C>
|
||||
auto MakeSpan(C &c) -> decltype(MakeSpan(c.data(), c.size())) {
|
||||
return MakeSpan(c.data(), c.size());
|
||||
}
|
||||
|
||||
template <typename T>
|
||||
Span<const T> MakeConstSpan(T *ptr, size_t size) {
|
||||
return Span<const T>(ptr, size);
|
||||
}
|
||||
|
||||
template <typename C>
|
||||
auto MakeConstSpan(const C &c) -> decltype(MakeConstSpan(c.data(), c.size())) {
|
||||
return MakeConstSpan(c.data(), c.size());
|
||||
}
|
||||
|
||||
template <typename T, size_t size>
|
||||
Span<const T> MakeConstSpan(T (&array)[size]) {
|
||||
return Span<const T>(array, size);
|
||||
}
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
|
||||
#endif // !defined(BORINGSSL_NO_CXX)
|
||||
|
||||
#endif // OPENSSL_HEADER_SSL_SPAN_H
|
||||
+51
@@ -0,0 +1,51 @@
|
||||
// Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_SSHKDF_H
|
||||
#define OPENSSL_HEADER_SSHKDF_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// SSH-specific KDF
|
||||
//
|
||||
// This KDF should only be called from SSH client/server code; it's not a
|
||||
// general-purpose KDF and is only Approved for FIPS 140-3 use specifically
|
||||
// in SSH.
|
||||
|
||||
|
||||
// The following defines are the valid |type| values for SSHKDF().
|
||||
|
||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
|
||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
|
||||
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
|
||||
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI 68
|
||||
#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV 69
|
||||
#define EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI 70
|
||||
|
||||
// SSHKDF is a key derivation function used in the SSH Transport Layer Protocol
|
||||
// defined in Section 7.2 of RFC 4253. It calculates a derived key |out| of
|
||||
// length |out_len| bytes using |evp_md| hash algorithm from the supplied
|
||||
// shared secret |key|, hash value |xcghash| and session identifier
|
||||
// |session_id|. It returns one on success and zero on error.
|
||||
//
|
||||
// |xcghash| is produced during the SSH Diffie-Hellman exchange.
|
||||
//
|
||||
// SSHKDF is only FIPS 140-3 Approved for use in SSH.
|
||||
OPENSSL_EXPORT int SSHKDF(const EVP_MD *evp_md,
|
||||
const uint8_t *key, size_t key_len,
|
||||
const uint8_t *xcghash, size_t xcghash_len,
|
||||
const uint8_t *session_id, size_t session_id_len,
|
||||
char type,
|
||||
uint8_t *out, size_t out_len);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_SSHKDF_H
|
||||
+6603
File diff suppressed because it is too large
Load Diff
+227
@@ -0,0 +1,227 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
// Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
// Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
//
|
||||
// ECC cipher suite support in OpenSSL originally developed by
|
||||
// SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_SSL3_H
|
||||
#define OPENSSL_HEADER_SSL3_H
|
||||
|
||||
#include <openssl/aead.h>
|
||||
#include <openssl/type_check.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// These are kept to support clients that negotiates higher protocol versions
|
||||
// using SSLv2 client hello records.
|
||||
#define SSL2_MT_CLIENT_HELLO 1
|
||||
#define SSL2_VERSION 0x0002
|
||||
|
||||
// Signalling cipher suite value from RFC 5746.
|
||||
#define SSL3_CK_SCSV 0x030000FF
|
||||
// Fallback signalling cipher suite value from RFC 7507.
|
||||
#define SSL3_CK_FALLBACK_SCSV 0x03005600
|
||||
|
||||
#define SSL3_CK_RSA_NULL_MD5 0x03000001
|
||||
#define SSL3_CK_RSA_NULL_SHA 0x03000002
|
||||
#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
|
||||
#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
|
||||
#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
|
||||
#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
|
||||
#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
|
||||
#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
|
||||
#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
|
||||
#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
|
||||
|
||||
#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
|
||||
#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
|
||||
#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
|
||||
#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
|
||||
#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
|
||||
#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
|
||||
|
||||
#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
|
||||
#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
|
||||
#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
|
||||
#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
|
||||
#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
|
||||
#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
|
||||
|
||||
#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
|
||||
#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
|
||||
#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
|
||||
#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
|
||||
#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
|
||||
|
||||
#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
|
||||
#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
|
||||
#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
|
||||
#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
|
||||
#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
|
||||
#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
|
||||
#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
|
||||
#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
|
||||
#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
|
||||
#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
|
||||
|
||||
#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
|
||||
#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
|
||||
#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
|
||||
#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
|
||||
#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
|
||||
#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
|
||||
|
||||
#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
|
||||
#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
|
||||
#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
|
||||
#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
|
||||
#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
|
||||
#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
|
||||
|
||||
#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
|
||||
#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
|
||||
#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
|
||||
#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
|
||||
#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
|
||||
|
||||
#define SSL3_SSL_SESSION_ID_LENGTH 32
|
||||
#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
|
||||
|
||||
#define SSL3_MASTER_SECRET_SIZE 48
|
||||
#define SSL3_RANDOM_SIZE 32
|
||||
#define SSL3_SESSION_ID_SIZE 32
|
||||
#define SSL3_RT_HEADER_LENGTH 5
|
||||
|
||||
#define SSL3_HM_HEADER_LENGTH 4
|
||||
|
||||
#ifndef SSL3_ALIGN_PAYLOAD
|
||||
// Some will argue that this increases memory footprint, but it's not actually
|
||||
// true. Point is that malloc has to return at least 64-bit aligned pointers,
|
||||
// meaning that allocating 5 bytes wastes 3 bytes in either case. Suggested
|
||||
// pre-gaping simply moves these wasted bytes from the end of allocated region
|
||||
// to its front, but makes data payload aligned, which improves performance.
|
||||
#define SSL3_ALIGN_PAYLOAD 8
|
||||
#else
|
||||
#if (SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) != 0
|
||||
#error "insane SSL3_ALIGN_PAYLOAD"
|
||||
#undef SSL3_ALIGN_PAYLOAD
|
||||
#endif
|
||||
#endif
|
||||
|
||||
// This is the maximum MAC (digest) size used by the SSL library. Currently
|
||||
// maximum of 20 is used by SHA1, but we reserve for future extension for
|
||||
// 512-bit hashes.
|
||||
|
||||
#define SSL3_RT_MAX_MD_SIZE 64
|
||||
|
||||
// Maximum block size used in all ciphersuites. Currently 16 for AES.
|
||||
|
||||
#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
|
||||
|
||||
// Maximum plaintext length: defined by SSL/TLS standards
|
||||
#define SSL3_RT_MAX_PLAIN_LENGTH 16384
|
||||
// Maximum compression overhead: defined by SSL/TLS standards
|
||||
#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
|
||||
|
||||
// The standards give a maximum encryption overhead of 1024 bytes. In practice
|
||||
// the value is lower than this. The overhead is the maximum number of padding
|
||||
// bytes (256) plus the mac size.
|
||||
//
|
||||
// TODO(davidben): This derivation doesn't take AEADs into account, or TLS 1.1
|
||||
// explicit nonces. It happens to work because |SSL3_RT_MAX_MD_SIZE| is larger
|
||||
// than necessary and no true AEAD has variable overhead in TLS 1.2.
|
||||
#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
|
||||
|
||||
// SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD is the maximum overhead in encrypting a
|
||||
// record. This does not include the record header. Some ciphers use explicit
|
||||
// nonces, so it includes both the AEAD overhead as well as the nonce.
|
||||
#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
|
||||
(EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH)
|
||||
|
||||
OPENSSL_STATIC_ASSERT(SSL3_RT_MAX_ENCRYPTED_OVERHEAD >=
|
||||
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD,
|
||||
max_overheads_are_inconsistent)
|
||||
|
||||
// SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for
|
||||
// |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the
|
||||
// compression overhead.
|
||||
#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
|
||||
|
||||
#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
|
||||
(SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH)
|
||||
#define SSL3_RT_MAX_PACKET_SIZE \
|
||||
(SSL3_RT_MAX_ENCRYPTED_LENGTH + SSL3_RT_HEADER_LENGTH)
|
||||
|
||||
#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
|
||||
#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
|
||||
|
||||
#define SSL3_RT_CHANGE_CIPHER_SPEC 20
|
||||
#define SSL3_RT_ALERT 21
|
||||
#define SSL3_RT_HANDSHAKE 22
|
||||
#define SSL3_RT_APPLICATION_DATA 23
|
||||
|
||||
// Pseudo content type for SSL/TLS header info
|
||||
#define SSL3_RT_HEADER 0x100
|
||||
#define SSL3_RT_CLIENT_HELLO_INNER 0x101
|
||||
|
||||
#define SSL3_AL_WARNING 1
|
||||
#define SSL3_AL_FATAL 2
|
||||
|
||||
#define SSL3_AD_CLOSE_NOTIFY 0
|
||||
#define SSL3_AD_UNEXPECTED_MESSAGE 10 // fatal
|
||||
#define SSL3_AD_BAD_RECORD_MAC 20 // fatal
|
||||
#define SSL3_AD_DECOMPRESSION_FAILURE 30 // fatal
|
||||
#define SSL3_AD_HANDSHAKE_FAILURE 40 // fatal
|
||||
#define SSL3_AD_NO_CERTIFICATE 41
|
||||
#define SSL3_AD_BAD_CERTIFICATE 42
|
||||
#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
|
||||
#define SSL3_AD_CERTIFICATE_REVOKED 44
|
||||
#define SSL3_AD_CERTIFICATE_EXPIRED 45
|
||||
#define SSL3_AD_CERTIFICATE_UNKNOWN 46
|
||||
#define SSL3_AD_ILLEGAL_PARAMETER 47 // fatal
|
||||
#define SSL3_AD_INAPPROPRIATE_FALLBACK 86 // fatal
|
||||
|
||||
#define SSL3_CT_RSA_SIGN 1
|
||||
|
||||
#define SSL3_MT_HELLO_REQUEST 0
|
||||
#define SSL3_MT_CLIENT_HELLO 1
|
||||
#define SSL3_MT_SERVER_HELLO 2
|
||||
#define SSL3_MT_NEW_SESSION_TICKET 4
|
||||
#define SSL3_MT_END_OF_EARLY_DATA 5
|
||||
#define SSL3_MT_ENCRYPTED_EXTENSIONS 8
|
||||
#define SSL3_MT_CERTIFICATE 11
|
||||
#define SSL3_MT_SERVER_KEY_EXCHANGE 12
|
||||
#define SSL3_MT_CERTIFICATE_REQUEST 13
|
||||
#define SSL3_MT_SERVER_HELLO_DONE 14
|
||||
#define SSL3_MT_CERTIFICATE_VERIFY 15
|
||||
#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
|
||||
#define SSL3_MT_FINISHED 20
|
||||
#define SSL3_MT_CERTIFICATE_STATUS 22
|
||||
#define SSL3_MT_SUPPLEMENTAL_DATA 23
|
||||
#define SSL3_MT_KEY_UPDATE 24
|
||||
#define SSL3_MT_COMPRESSED_CERTIFICATE 25
|
||||
#define SSL3_MT_NEXT_PROTO 67
|
||||
#define SSL3_MT_CHANNEL_ID 203
|
||||
#define SSL3_MT_MESSAGE_HASH 254
|
||||
#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
|
||||
|
||||
// The following are legacy aliases for consumers which use
|
||||
// |SSL_CTX_set_msg_callback|.
|
||||
#define SSL3_MT_SERVER_DONE SSL3_MT_SERVER_HELLO_DONE
|
||||
#define SSL3_MT_NEWSESSION_TICKET SSL3_MT_NEW_SESSION_TICKET
|
||||
|
||||
|
||||
#define SSL3_MT_CCS 1
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_SSL3_H
|
||||
+646
@@ -0,0 +1,646 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_STACK_H
|
||||
#define OPENSSL_HEADER_STACK_H
|
||||
|
||||
#include <limits.h>
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#include <openssl/type_check.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// A stack, in OpenSSL, is an array of pointers. They are the most commonly
|
||||
// used collection object.
|
||||
//
|
||||
// This file defines macros for type-safe use of the stack functions. A stack
|
||||
// type is named like |STACK_OF(FOO)| and is accessed with functions named
|
||||
// like |sk_FOO_*|. Note the stack will typically contain /pointers/ to |FOO|.
|
||||
//
|
||||
// The |DECLARE_STACK_OF| macro makes |STACK_OF(FOO)| available, and
|
||||
// |DEFINE_STACK_OF| makes the corresponding functions available.
|
||||
|
||||
|
||||
// Defining stacks.
|
||||
|
||||
// STACK_OF expands to the stack type for |type|.
|
||||
#define STACK_OF(type) struct stack_st_##type
|
||||
|
||||
// DECLARE_STACK_OF declares the |STACK_OF(type)| type. It does not make the
|
||||
// corresponding |sk_type_*| functions available. This macro should be used in
|
||||
// files which only need the type.
|
||||
#define DECLARE_STACK_OF(type) STACK_OF(type);
|
||||
|
||||
// DEFINE_NAMED_STACK_OF defines |STACK_OF(name)| to be a stack whose elements
|
||||
// are |type| *. This macro makes the |sk_name_*| functions available.
|
||||
//
|
||||
// It is not necessary to use |DECLARE_STACK_OF| in files which use this macro.
|
||||
#define DEFINE_NAMED_STACK_OF(name, type) \
|
||||
BORINGSSL_DEFINE_STACK_OF_IMPL(name, type *, const type *) \
|
||||
BORINGSSL_DEFINE_STACK_TRAITS(name, type, false)
|
||||
|
||||
// DEFINE_STACK_OF defines |STACK_OF(type)| to be a stack whose elements are
|
||||
// |type| *. This macro makes the |sk_type_*| functions available.
|
||||
//
|
||||
// It is not necessary to use |DECLARE_STACK_OF| in files which use this macro.
|
||||
#define DEFINE_STACK_OF(type) DEFINE_NAMED_STACK_OF(type, type)
|
||||
|
||||
// DEFINE_CONST_STACK_OF defines |STACK_OF(type)| to be a stack whose elements
|
||||
// are const |type| *. This macro makes the |sk_type_*| functions available.
|
||||
//
|
||||
// It is not necessary to use |DECLARE_STACK_OF| in files which use this macro.
|
||||
#define DEFINE_CONST_STACK_OF(type) \
|
||||
BORINGSSL_DEFINE_STACK_OF_IMPL(type, const type *, const type *) \
|
||||
BORINGSSL_DEFINE_STACK_TRAITS(type, const type, true)
|
||||
|
||||
|
||||
// Using stacks.
|
||||
//
|
||||
// After the |DEFINE_STACK_OF| macro is used, the following functions are
|
||||
// available.
|
||||
|
||||
#if 0 // Sample
|
||||
|
||||
// sk_SAMPLE_free_func is a callback to free an element in a stack.
|
||||
typedef void (*sk_SAMPLE_free_func)(SAMPLE *);
|
||||
|
||||
// sk_SAMPLE_copy_func is a callback to copy an element in a stack. It should
|
||||
// return the copy or NULL on error.
|
||||
typedef SAMPLE *(*sk_SAMPLE_copy_func)(const SAMPLE *);
|
||||
|
||||
// sk_SAMPLE_cmp_func is a callback to compare |*a| to |*b|. It should return a
|
||||
// value < 0, 0, or > 0 if |*a| is less than, equal to, or greater than |*b|,
|
||||
// respectively. Note the extra indirection - the function is given a pointer
|
||||
// to a pointer to the element. This is the |qsort|/|bsearch| comparison
|
||||
// function applied to an array of |SAMPLE*|.
|
||||
typedef int (*sk_SAMPLE_cmp_func)(const SAMPLE *const *a,
|
||||
const SAMPLE *const *b);
|
||||
|
||||
// sk_SAMPLE_new creates a new, empty stack with the given comparison function,
|
||||
// which may be NULL. It returns the new stack or NULL on allocation failure.
|
||||
STACK_OF(SAMPLE) *sk_SAMPLE_new(sk_SAMPLE_cmp_func comp);
|
||||
|
||||
// sk_SAMPLE_new_null creates a new, empty stack. It returns the new stack or
|
||||
// NULL on allocation failure.
|
||||
STACK_OF(SAMPLE) *sk_SAMPLE_new_null(void);
|
||||
|
||||
// sk_SAMPLE_num returns the number of elements in |sk|. It is safe to cast this
|
||||
// value to |int|. |sk| is guaranteed to have at most |INT_MAX| elements. If
|
||||
// |sk| is NULL, it is treated as the empty list and this function returns zero.
|
||||
size_t sk_SAMPLE_num(const STACK_OF(SAMPLE) *sk);
|
||||
|
||||
// sk_SAMPLE_zero resets |sk| to the empty state but does nothing to free the
|
||||
// individual elements themselves.
|
||||
void sk_SAMPLE_zero(STACK_OF(SAMPLE) *sk);
|
||||
|
||||
// sk_SAMPLE_value returns the |i|th pointer in |sk|, or NULL if |i| is out of
|
||||
// range. If |sk| is NULL, it is treated as an empty list and the function
|
||||
// returns NULL.
|
||||
SAMPLE *sk_SAMPLE_value(const STACK_OF(SAMPLE) *sk, size_t i);
|
||||
|
||||
// sk_SAMPLE_set sets the |i|th pointer in |sk| to |p| and returns |p|. If |i|
|
||||
// is out of range, it returns NULL.
|
||||
SAMPLE *sk_SAMPLE_set(STACK_OF(SAMPLE) *sk, size_t i, SAMPLE *p);
|
||||
|
||||
// sk_SAMPLE_free frees |sk|, but does nothing to free the individual elements.
|
||||
// Use |sk_SAMPLE_pop_free| to also free the elements.
|
||||
void sk_SAMPLE_free(STACK_OF(SAMPLE) *sk);
|
||||
|
||||
// sk_SAMPLE_pop_free calls |free_func| on each element in |sk| and then
|
||||
// frees the stack itself.
|
||||
void sk_SAMPLE_pop_free(STACK_OF(SAMPLE) *sk, sk_SAMPLE_free_func free_func);
|
||||
|
||||
// sk_SAMPLE_insert inserts |p| into the stack at index |where|, moving existing
|
||||
// elements if needed. It returns the length of the new stack, or zero on
|
||||
// error. Ownership of |p| is taken by |sk|.
|
||||
size_t sk_SAMPLE_insert(STACK_OF(SAMPLE) *sk, SAMPLE *p, size_t where);
|
||||
|
||||
// sk_SAMPLE_delete removes the pointer at index |where|, moving other elements
|
||||
// down if needed. It returns the removed pointer, or NULL if |where| is out of
|
||||
// range.
|
||||
SAMPLE *sk_SAMPLE_delete(STACK_OF(SAMPLE) *sk, size_t where);
|
||||
|
||||
// sk_SAMPLE_delete_ptr removes, at most, one instance of |p| from |sk| based on
|
||||
// pointer equality. If an instance of |p| is found then |p| is returned,
|
||||
// otherwise it returns NULL.
|
||||
SAMPLE *sk_SAMPLE_delete_ptr(STACK_OF(SAMPLE) *sk, const SAMPLE *p);
|
||||
|
||||
// sk_SAMPLE_delete_if_func is the callback function for |sk_SAMPLE_delete_if|.
|
||||
// It should return one to remove |p| and zero to keep it.
|
||||
typedef int (*sk_SAMPLE_delete_if_func)(SAMPLE *p, void *data);
|
||||
|
||||
// sk_SAMPLE_delete_if calls |func| with each element of |sk| and removes the
|
||||
// entries where |func| returned one. This function does not free or return
|
||||
// removed pointers so, if |sk| owns its contents, |func| should release the
|
||||
// pointers prior to returning one.
|
||||
void sk_SAMPLE_delete_if(STACK_OF(SAMPLE) *sk, sk_SAMPLE_delete_if_func func,
|
||||
void *data);
|
||||
|
||||
// sk_SAMPLE_find find the first value in |sk| equal to |p|. |sk|'s comparison
|
||||
// function determines equality, or pointer equality if |sk| has no comparison
|
||||
// function.
|
||||
//
|
||||
// If the stack is sorted (see |sk_SAMPLE_sort|), this function uses a binary
|
||||
// search. Otherwise it performs a linear search. If it finds a matching
|
||||
// element, it returns the index of that element. Otherwise, it returns -1.
|
||||
// If |sk| is NULL, it is treated as the empty list and the function returns
|
||||
// zero.
|
||||
//
|
||||
// Note this differs from OpenSSL in that OpenSSL's version will implicitly
|
||||
// sort |sk| if it has a comparison function defined.
|
||||
int sk_SAMPLE_find(const STACK_OF(SAMPLE) *sk, const SAMPLE *p);
|
||||
|
||||
// sk_SAMPLE_find_awslc is like |sk_SAMPLE_find|, but if it finds a matching
|
||||
// element, it writes the index to |*out_index| (if |out_index| is not NULL)
|
||||
// and returns one. Otherwise, it returns zero.
|
||||
int sk_SAMPLE_find_awslc(const STACK_OF(SAMPLE) *sk, size_t *out_index,
|
||||
const SAMPLE *p);
|
||||
|
||||
// sk_SAMPLE_unshift inserts |p| as the first element of |sk| and takes
|
||||
// ownership of |p|. It is equivalent to "sk_SAMPLE_insert(sk, p, 0)".
|
||||
SAMPLE *sk_SAMPLE_unshift(STACK_OF(SAMPLE) *sk, SAMPLE *p);
|
||||
|
||||
// sk_SAMPLE_shift removes and returns the first element in |sk|, or NULL if
|
||||
// |sk| is empty.
|
||||
SAMPLE *sk_SAMPLE_shift(STACK_OF(SAMPLE) *sk);
|
||||
|
||||
// sk_SAMPLE_push appends |p| to |sk| and returns the length of the new stack,
|
||||
// or 0 on allocation failure.
|
||||
size_t sk_SAMPLE_push(STACK_OF(SAMPLE) *sk, SAMPLE *p);
|
||||
|
||||
// sk_SAMPLE_pop removes and returns the last element of |sk|, or NULL if |sk|
|
||||
// is empty.
|
||||
SAMPLE *sk_SAMPLE_pop(STACK_OF(SAMPLE) *sk);
|
||||
|
||||
// sk_SAMPLE_dup performs a shallow copy of a stack and returns the new stack,
|
||||
// or NULL on error. Use |sk_SAMPLE_deep_copy| to also copy the elements.
|
||||
STACK_OF(SAMPLE) *sk_SAMPLE_dup(const STACK_OF(SAMPLE) *sk);
|
||||
|
||||
// sk_SAMPLE_sort sorts the elements of |sk| into ascending order based on the
|
||||
// comparison function. The stack maintains a "sorted" flag and sorting an
|
||||
// already sorted stack is a no-op.
|
||||
void sk_SAMPLE_sort(STACK_OF(SAMPLE) *sk);
|
||||
|
||||
// sk_SAMPLE_is_sorted returns one if |sk| is known to be sorted and zero
|
||||
// otherwise.
|
||||
int sk_SAMPLE_is_sorted(const STACK_OF(SAMPLE) *sk);
|
||||
|
||||
// sk_SAMPLE_set_cmp_func sets the comparison function to be used by |sk| and
|
||||
// returns the previous one.
|
||||
sk_SAMPLE_cmp_func sk_SAMPLE_set_cmp_func(STACK_OF(SAMPLE) *sk,
|
||||
sk_SAMPLE_cmp_func comp);
|
||||
|
||||
// sk_SAMPLE_deep_copy performs a copy of |sk| and of each of the non-NULL
|
||||
// elements in |sk| by using |copy_func|. If an error occurs, it calls
|
||||
// |free_func| to free any copies already made and returns NULL.
|
||||
STACK_OF(SAMPLE) *sk_SAMPLE_deep_copy(const STACK_OF(SAMPLE) *sk,
|
||||
sk_SAMPLE_copy_func copy_func,
|
||||
sk_SAMPLE_free_func free_func);
|
||||
|
||||
#endif // Sample
|
||||
|
||||
|
||||
// Private functions.
|
||||
//
|
||||
// The |sk_*| functions generated above are implemented internally using the
|
||||
// type-erased functions below. Callers should use the typed wrappers instead.
|
||||
// When using the type-erased functions, callers are responsible for ensuring
|
||||
// the underlying types are correct. Casting pointers to the wrong types will
|
||||
// result in memory errors.
|
||||
|
||||
// OPENSSL_sk_free_func is a function that frees an element in a stack. Note its
|
||||
// actual type is void (*)(T *) for some T. Low-level |sk_*| functions will be
|
||||
// passed a type-specific wrapper to call it correctly.
|
||||
typedef void (*OPENSSL_sk_free_func)(void *ptr);
|
||||
|
||||
// OPENSSL_sk_copy_func is a function that copies an element in a stack. Note
|
||||
// its actual type is T *(*)(const T *) for some T. Low-level |sk_*| functions
|
||||
// will be passed a type-specific wrapper to call it correctly.
|
||||
typedef void *(*OPENSSL_sk_copy_func)(const void *ptr);
|
||||
|
||||
// OPENSSL_sk_cmp_func is a comparison function that returns a value < 0, 0 or >
|
||||
// 0 if |*a| is less than, equal to or greater than |*b|, respectively. Note
|
||||
// the extra indirection - the function is given a pointer to a pointer to the
|
||||
// element. This differs from the usual qsort/bsearch comparison function.
|
||||
//
|
||||
// Note its actual type is |int (*)(const T *const *a, const T *const *b)|.
|
||||
// Low-level |sk_*| functions will be passed a type-specific wrapper to call it
|
||||
// correctly.
|
||||
typedef int (*OPENSSL_sk_cmp_func)(const void *const *a, const void *const *b);
|
||||
|
||||
// OPENSSL_sk_delete_if_func is the generic version of
|
||||
// |sk_SAMPLE_delete_if_func|.
|
||||
typedef int (*OPENSSL_sk_delete_if_func)(void *obj, void *data);
|
||||
|
||||
// The following function types call the above type-erased signatures with the
|
||||
// true types.
|
||||
typedef void (*OPENSSL_sk_call_free_func)(OPENSSL_sk_free_func, void *);
|
||||
typedef void *(*OPENSSL_sk_call_copy_func)(OPENSSL_sk_copy_func, const void *);
|
||||
typedef int (*OPENSSL_sk_call_cmp_func)(OPENSSL_sk_cmp_func, const void *,
|
||||
const void *);
|
||||
typedef int (*OPENSSL_sk_call_delete_if_func)(OPENSSL_sk_delete_if_func, void *,
|
||||
void *);
|
||||
|
||||
// An OPENSSL_STACK contains an array of pointers. It is not designed to be used
|
||||
// directly, rather the wrapper macros should be used.
|
||||
typedef struct stack_st OPENSSL_STACK;
|
||||
|
||||
// The following are raw stack functions. They implement the corresponding typed
|
||||
// |sk_SAMPLE_*| functions generated by |DEFINE_STACK_OF|. Callers shouldn't be
|
||||
// using them. Rather, callers should use the typed functions.
|
||||
OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_cmp_func comp);
|
||||
OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_new_null(void);
|
||||
OPENSSL_EXPORT size_t OPENSSL_sk_num(const OPENSSL_STACK *sk);
|
||||
OPENSSL_EXPORT void OPENSSL_sk_zero(OPENSSL_STACK *sk);
|
||||
OPENSSL_EXPORT void *OPENSSL_sk_value(const OPENSSL_STACK *sk, size_t i);
|
||||
OPENSSL_EXPORT void *OPENSSL_sk_set(OPENSSL_STACK *sk, size_t i, void *p);
|
||||
OPENSSL_EXPORT void OPENSSL_sk_free(OPENSSL_STACK *sk);
|
||||
OPENSSL_EXPORT void OPENSSL_sk_pop_free_ex(
|
||||
OPENSSL_STACK *sk, OPENSSL_sk_call_free_func call_free_func,
|
||||
OPENSSL_sk_free_func free_func);
|
||||
OPENSSL_EXPORT size_t OPENSSL_sk_insert(OPENSSL_STACK *sk, void *p,
|
||||
size_t where);
|
||||
OPENSSL_EXPORT void *OPENSSL_sk_delete(OPENSSL_STACK *sk, size_t where);
|
||||
OPENSSL_EXPORT void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *sk, const void *p);
|
||||
OPENSSL_EXPORT void OPENSSL_sk_delete_if(
|
||||
OPENSSL_STACK *sk, OPENSSL_sk_call_delete_if_func call_func,
|
||||
OPENSSL_sk_delete_if_func func, void *data);
|
||||
OPENSSL_EXPORT int OPENSSL_sk_find(const OPENSSL_STACK *sk, size_t *out_index,
|
||||
const void *p,
|
||||
OPENSSL_sk_call_cmp_func call_cmp_func);
|
||||
OPENSSL_EXPORT int OPENSSL_sk_unshift(OPENSSL_STACK *sk, void *data);
|
||||
OPENSSL_EXPORT void *OPENSSL_sk_shift(OPENSSL_STACK *sk);
|
||||
OPENSSL_EXPORT size_t OPENSSL_sk_push(OPENSSL_STACK *sk, void *p);
|
||||
OPENSSL_EXPORT void *OPENSSL_sk_pop(OPENSSL_STACK *sk);
|
||||
OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk);
|
||||
OPENSSL_EXPORT void OPENSSL_sk_sort(OPENSSL_STACK *sk,
|
||||
OPENSSL_sk_call_cmp_func call_cmp_func);
|
||||
OPENSSL_EXPORT int OPENSSL_sk_is_sorted(const OPENSSL_STACK *sk);
|
||||
OPENSSL_EXPORT OPENSSL_sk_cmp_func
|
||||
OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_cmp_func comp);
|
||||
OPENSSL_EXPORT OPENSSL_STACK *OPENSSL_sk_deep_copy(
|
||||
const OPENSSL_STACK *sk, OPENSSL_sk_call_copy_func call_copy_func,
|
||||
OPENSSL_sk_copy_func copy_func, OPENSSL_sk_call_free_func call_free_func,
|
||||
OPENSSL_sk_free_func free_func);
|
||||
|
||||
|
||||
// Deprecated private functions (hidden).
|
||||
//
|
||||
// TODO(crbug.com/boringssl/499): Migrate callers to the typed wrappers, or at
|
||||
// least the new names and remove the old ones.
|
||||
|
||||
typedef OPENSSL_STACK _STACK;
|
||||
|
||||
OPENSSL_INLINE OPENSSL_STACK *sk_new_null(void) {
|
||||
return OPENSSL_sk_new_null();
|
||||
}
|
||||
|
||||
OPENSSL_INLINE size_t sk_num(const OPENSSL_STACK *sk) {
|
||||
return OPENSSL_sk_num(sk);
|
||||
}
|
||||
|
||||
OPENSSL_INLINE void *sk_value(const OPENSSL_STACK *sk, size_t i) {
|
||||
return OPENSSL_sk_value(sk, i);
|
||||
}
|
||||
|
||||
OPENSSL_INLINE void sk_free(OPENSSL_STACK *sk) { OPENSSL_sk_free(sk); }
|
||||
|
||||
OPENSSL_INLINE size_t sk_push(OPENSSL_STACK *sk, void *p) {
|
||||
return OPENSSL_sk_push(sk, p);
|
||||
}
|
||||
|
||||
OPENSSL_INLINE void *sk_pop(OPENSSL_STACK *sk) { return OPENSSL_sk_pop(sk); }
|
||||
|
||||
// sk_pop_free behaves like |sk_pop_free_ex| but performs an invalid function
|
||||
// pointer cast. It exists because some existing callers called |sk_pop_free|
|
||||
// directly.
|
||||
//
|
||||
// TODO(davidben): Migrate callers to bssl::UniquePtr and remove this.
|
||||
OPENSSL_EXPORT void sk_pop_free(OPENSSL_STACK *sk,
|
||||
OPENSSL_sk_free_func free_func);
|
||||
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
extern "C++" {
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
namespace internal {
|
||||
template <typename T>
|
||||
struct StackTraits {};
|
||||
}
|
||||
BSSL_NAMESPACE_END
|
||||
}
|
||||
|
||||
#define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const) \
|
||||
extern "C++" { \
|
||||
BSSL_NAMESPACE_BEGIN \
|
||||
namespace internal { \
|
||||
template <> \
|
||||
struct StackTraits<STACK_OF(name)> { \
|
||||
static constexpr bool kIsStack = true; \
|
||||
using Type = type; \
|
||||
static constexpr bool kIsConst = is_const; \
|
||||
}; \
|
||||
} \
|
||||
BSSL_NAMESPACE_END \
|
||||
}
|
||||
|
||||
#else
|
||||
#define BORINGSSL_DEFINE_STACK_TRAITS(name, type, is_const)
|
||||
#endif
|
||||
|
||||
#define BORINGSSL_DEFINE_STACK_OF_IMPL(name, ptrtype, constptrtype) \
|
||||
/* We disable MSVC C4191 in this macro, which warns when pointers are cast \
|
||||
* to the wrong type. While the cast itself is valid, it is often a bug \
|
||||
* because calling it through the cast is UB. However, we never actually \
|
||||
* call functions as |OPENSSL_sk_cmp_func|. The type is just a type-erased \
|
||||
* function pointer. (C does not guarantee function pointers fit in \
|
||||
* |void*|, and GCC will warn on this.) Thus we just disable the false \
|
||||
* positive warning. */ \
|
||||
OPENSSL_MSVC_PRAGMA(warning(push)) \
|
||||
OPENSSL_MSVC_PRAGMA(warning(disable : 4191)) \
|
||||
OPENSSL_CLANG_PRAGMA("clang diagnostic push") \
|
||||
OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wunknown-warning-option\"") \
|
||||
OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wcast-function-type-strict\"") \
|
||||
\
|
||||
DECLARE_STACK_OF(name) \
|
||||
\
|
||||
typedef void (*sk_##name##_free_func)(ptrtype); \
|
||||
typedef ptrtype (*sk_##name##_copy_func)(constptrtype); \
|
||||
typedef int (*sk_##name##_cmp_func)(constptrtype const *, \
|
||||
constptrtype const *); \
|
||||
typedef int (*sk_##name##_delete_if_func)(ptrtype, void *); \
|
||||
\
|
||||
OPENSSL_INLINE void sk_##name##_call_free_func( \
|
||||
OPENSSL_sk_free_func free_func, void *ptr) { \
|
||||
((sk_##name##_free_func)free_func)((ptrtype)ptr); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE void *sk_##name##_call_copy_func( \
|
||||
OPENSSL_sk_copy_func copy_func, const void *ptr) { \
|
||||
return (void *)((sk_##name##_copy_func)copy_func)((constptrtype)ptr); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE int sk_##name##_call_cmp_func(OPENSSL_sk_cmp_func cmp_func, \
|
||||
const void *a, const void *b) { \
|
||||
constptrtype a_ptr = (constptrtype)a; \
|
||||
constptrtype b_ptr = (constptrtype)b; \
|
||||
/* |cmp_func| expects an extra layer of pointers to match qsort. */ \
|
||||
return ((sk_##name##_cmp_func)cmp_func)(&a_ptr, &b_ptr); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE int sk_##name##_call_delete_if_func( \
|
||||
OPENSSL_sk_delete_if_func func, void *obj, void *data) { \
|
||||
return ((sk_##name##_delete_if_func)func)((ptrtype)obj, data); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE STACK_OF(name) *sk_##name##_new(sk_##name##_cmp_func comp) { \
|
||||
return (STACK_OF(name) *)OPENSSL_sk_new((OPENSSL_sk_cmp_func)comp); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE STACK_OF(name) *sk_##name##_new_null(void) { \
|
||||
return (STACK_OF(name) *)OPENSSL_sk_new_null(); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE size_t sk_##name##_num(const STACK_OF(name) *sk) { \
|
||||
return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE void sk_##name##_zero(STACK_OF(name) *sk) { \
|
||||
OPENSSL_sk_zero((OPENSSL_STACK *)sk); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE ptrtype sk_##name##_value(const STACK_OF(name) *sk, \
|
||||
size_t i) { \
|
||||
return (ptrtype)OPENSSL_sk_value((const OPENSSL_STACK *)sk, i); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE ptrtype sk_##name##_set(STACK_OF(name) *sk, size_t i, \
|
||||
ptrtype p) { \
|
||||
return (ptrtype)OPENSSL_sk_set((OPENSSL_STACK *)sk, i, (void *)p); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE void sk_##name##_free(STACK_OF(name) *sk) { \
|
||||
OPENSSL_sk_free((OPENSSL_STACK *)sk); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE void sk_##name##_pop_free(STACK_OF(name) *sk, \
|
||||
sk_##name##_free_func free_func) { \
|
||||
OPENSSL_sk_pop_free_ex((OPENSSL_STACK *)sk, sk_##name##_call_free_func, \
|
||||
(OPENSSL_sk_free_func)free_func); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE size_t sk_##name##_insert(STACK_OF(name) *sk, ptrtype p, \
|
||||
size_t where) { \
|
||||
return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (void *)p, where); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE ptrtype sk_##name##_delete(STACK_OF(name) *sk, \
|
||||
size_t where) { \
|
||||
return (ptrtype)OPENSSL_sk_delete((OPENSSL_STACK *)sk, where); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE ptrtype sk_##name##_delete_ptr(STACK_OF(name) *sk, \
|
||||
constptrtype p) { \
|
||||
return (ptrtype)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \
|
||||
(const void *)p); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE void sk_##name##_delete_if( \
|
||||
STACK_OF(name) *sk, sk_##name##_delete_if_func func, void *data) { \
|
||||
OPENSSL_sk_delete_if((OPENSSL_STACK *)sk, sk_##name##_call_delete_if_func, \
|
||||
(OPENSSL_sk_delete_if_func)func, data); \
|
||||
} \
|
||||
\
|
||||
/* use 3-arg sk_*_find_awslc when size_t-sized |out_index| needed */ \
|
||||
OPENSSL_INLINE int sk_##name##_find_awslc(const STACK_OF(name) *sk, \
|
||||
size_t *out_index, constptrtype p) { \
|
||||
return OPENSSL_sk_find((const OPENSSL_STACK *)sk, out_index, \
|
||||
(const void *)p, sk_##name##_call_cmp_func); \
|
||||
} \
|
||||
\
|
||||
/* use 2-arg sk_*_find for OpenSSL compatibility */ \
|
||||
OPENSSL_INLINE int sk_##name##_find(const STACK_OF(name) *sk, \
|
||||
constptrtype p) { \
|
||||
size_t out_index = 0; \
|
||||
int ok = OPENSSL_sk_find((const OPENSSL_STACK *)sk, &out_index, \
|
||||
(const void *)p, sk_##name##_call_cmp_func); \
|
||||
/* return -1 if elt not found or elt index is invalid */ \
|
||||
if (ok == 0 || out_index > INT_MAX) { \
|
||||
return -1; \
|
||||
} \
|
||||
return (int) out_index; \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE int sk_##name##_unshift(STACK_OF(name) *sk, ptrtype p) { \
|
||||
return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (void *)p); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE ptrtype sk_##name##_shift(STACK_OF(name) *sk) { \
|
||||
return (ptrtype)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE size_t sk_##name##_push(STACK_OF(name) *sk, ptrtype p) { \
|
||||
return OPENSSL_sk_push((OPENSSL_STACK *)sk, (void *)p); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE ptrtype sk_##name##_pop(STACK_OF(name) *sk) { \
|
||||
return (ptrtype)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE STACK_OF(name) *sk_##name##_dup(const STACK_OF(name) *sk) { \
|
||||
return (STACK_OF(name) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE void sk_##name##_sort(STACK_OF(name) *sk) { \
|
||||
OPENSSL_sk_sort((OPENSSL_STACK *)sk, sk_##name##_call_cmp_func); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE int sk_##name##_is_sorted(const STACK_OF(name) *sk) { \
|
||||
return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE sk_##name##_cmp_func sk_##name##_set_cmp_func( \
|
||||
STACK_OF(name) *sk, sk_##name##_cmp_func comp) { \
|
||||
return (sk_##name##_cmp_func)OPENSSL_sk_set_cmp_func( \
|
||||
(OPENSSL_STACK *)sk, (OPENSSL_sk_cmp_func)comp); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_INLINE STACK_OF(name) *sk_##name##_deep_copy( \
|
||||
const STACK_OF(name) *sk, sk_##name##_copy_func copy_func, \
|
||||
sk_##name##_free_func free_func) { \
|
||||
return (STACK_OF(name) *)OPENSSL_sk_deep_copy( \
|
||||
(const OPENSSL_STACK *)sk, sk_##name##_call_copy_func, \
|
||||
(OPENSSL_sk_copy_func)copy_func, sk_##name##_call_free_func, \
|
||||
(OPENSSL_sk_free_func)free_func); \
|
||||
} \
|
||||
\
|
||||
OPENSSL_CLANG_PRAGMA("clang diagnostic pop") \
|
||||
OPENSSL_MSVC_PRAGMA(warning(pop))
|
||||
|
||||
|
||||
// Built-in stacks.
|
||||
|
||||
typedef char *OPENSSL_STRING;
|
||||
|
||||
DEFINE_STACK_OF(void)
|
||||
DEFINE_NAMED_STACK_OF(OPENSSL_STRING, char)
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#if !defined(BORINGSSL_NO_CXX)
|
||||
extern "C++" {
|
||||
|
||||
#include <type_traits>
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
namespace internal {
|
||||
|
||||
// Stacks defined with |DEFINE_CONST_STACK_OF| are freed with |sk_free|.
|
||||
template <typename Stack>
|
||||
struct DeleterImpl<
|
||||
Stack, typename std::enable_if<StackTraits<Stack>::kIsConst>::type> {
|
||||
static void Free(Stack *sk) { OPENSSL_sk_free(reinterpret_cast<OPENSSL_STACK *>(sk)); }
|
||||
};
|
||||
|
||||
// Stacks defined with |DEFINE_STACK_OF| are freed with |sk_pop_free| and the
|
||||
// corresponding type's deleter.
|
||||
template <typename Stack>
|
||||
struct DeleterImpl<
|
||||
Stack, typename std::enable_if<!StackTraits<Stack>::kIsConst>::type> {
|
||||
static void Free(Stack *sk) {
|
||||
// sk_FOO_pop_free is defined by macros and bound by name, so we cannot
|
||||
// access it from C++ here.
|
||||
using Type = typename StackTraits<Stack>::Type;
|
||||
OPENSSL_sk_pop_free_ex(
|
||||
reinterpret_cast<OPENSSL_STACK *>(sk),
|
||||
[](OPENSSL_sk_free_func /* unused */, void *ptr) {
|
||||
DeleterImpl<Type>::Free(reinterpret_cast<Type *>(ptr));
|
||||
},
|
||||
nullptr);
|
||||
}
|
||||
};
|
||||
|
||||
template <typename Stack>
|
||||
class StackIteratorImpl {
|
||||
public:
|
||||
using Type = typename StackTraits<Stack>::Type;
|
||||
// Iterators must be default-constructable.
|
||||
StackIteratorImpl() : sk_(nullptr), idx_(0) {}
|
||||
StackIteratorImpl(const Stack *sk, size_t idx) : sk_(sk), idx_(idx) {}
|
||||
|
||||
bool operator==(StackIteratorImpl other) const {
|
||||
return sk_ == other.sk_ && idx_ == other.idx_;
|
||||
}
|
||||
bool operator!=(StackIteratorImpl other) const {
|
||||
return !(*this == other);
|
||||
}
|
||||
|
||||
Type *operator*() const {
|
||||
return reinterpret_cast<Type *>(
|
||||
OPENSSL_sk_value(reinterpret_cast<const OPENSSL_STACK *>(sk_), idx_));
|
||||
}
|
||||
|
||||
StackIteratorImpl &operator++(/* prefix */) {
|
||||
idx_++;
|
||||
return *this;
|
||||
}
|
||||
|
||||
StackIteratorImpl operator++(int /* postfix */) {
|
||||
StackIteratorImpl copy(*this);
|
||||
++(*this);
|
||||
return copy;
|
||||
}
|
||||
|
||||
private:
|
||||
const Stack *sk_;
|
||||
size_t idx_;
|
||||
};
|
||||
|
||||
template <typename Stack>
|
||||
using StackIterator = typename std::enable_if<StackTraits<Stack>::kIsStack,
|
||||
StackIteratorImpl<Stack>>::type;
|
||||
|
||||
} // namespace internal
|
||||
|
||||
// PushToStack pushes |elem| to |sk|. It returns true on success and false on
|
||||
// allocation failure.
|
||||
template <typename Stack>
|
||||
inline
|
||||
typename std::enable_if<!internal::StackTraits<Stack>::kIsConst, bool>::type
|
||||
PushToStack(Stack *sk,
|
||||
UniquePtr<typename internal::StackTraits<Stack>::Type> elem) {
|
||||
if (!OPENSSL_sk_push(reinterpret_cast<OPENSSL_STACK *>(sk), elem.get())) {
|
||||
return false;
|
||||
}
|
||||
// OPENSSL_sk_push takes ownership on success.
|
||||
elem.release();
|
||||
return true;
|
||||
}
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
// Define begin() and end() for stack types so C++ range for loops work.
|
||||
template <typename Stack>
|
||||
inline bssl::internal::StackIterator<Stack> begin(const Stack *sk) {
|
||||
return bssl::internal::StackIterator<Stack>(sk, 0);
|
||||
}
|
||||
|
||||
template <typename Stack>
|
||||
inline bssl::internal::StackIterator<Stack> end(const Stack *sk) {
|
||||
return bssl::internal::StackIterator<Stack>(
|
||||
sk, OPENSSL_sk_num(reinterpret_cast<const OPENSSL_STACK *>(sk)));
|
||||
}
|
||||
|
||||
} // extern C++
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_STACK_H
|
||||
+241
@@ -0,0 +1,241 @@
|
||||
// Copyright (c) 2023, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_TARGET_H
|
||||
#define OPENSSL_HEADER_TARGET_H
|
||||
|
||||
// Preprocessor symbols that define the target platform.
|
||||
//
|
||||
// This file may be included in C, C++, and assembler and must be compatible
|
||||
// with each environment. It is separated out only to share code between
|
||||
// <openssl/base.h> and <openssl/asm_base.h>. Prefer to include those headers
|
||||
// instead.
|
||||
|
||||
#if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__)
|
||||
# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
|
||||
# define OPENSSL_BIG_ENDIAN
|
||||
# endif
|
||||
#elif !defined(_MSC_VER) && defined(__has_include)
|
||||
# if __has_include(<endian.h>)
|
||||
# include <endian.h>
|
||||
# elif __has_include(<sys/param.h>)
|
||||
# include <sys/param.h>
|
||||
# endif
|
||||
# if (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && __BYTE_ORDER == __BIG_ENDIAN) || \
|
||||
(defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && _BYTE_ORDER == _BIG_ENDIAN) || \
|
||||
(defined(BYTE_ORDER) && defined(BIG_ENDIAN) && BYTE_ORDER == BIG_ENDIAN)
|
||||
# define OPENSSL_BIG_ENDIAN
|
||||
# endif
|
||||
#elif defined(_M_PPC)
|
||||
# define OPENSSL_BIG_ENDIAN
|
||||
#endif
|
||||
|
||||
#if (defined(__SIZEOF_POINTER__) && __SIZEOF_POINTER__ == 8) || defined(__LP64__) || defined(_WIN64)
|
||||
#define OPENSSL_64_BIT
|
||||
#else
|
||||
#define OPENSSL_32_BIT
|
||||
#endif
|
||||
|
||||
#if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64)
|
||||
#define OPENSSL_X86_64
|
||||
#elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86)
|
||||
#define OPENSSL_X86
|
||||
#elif defined(__AARCH64EL__) || defined(_M_ARM64)
|
||||
#define OPENSSL_AARCH64
|
||||
#elif defined(__ARMEL__) || defined(_M_ARM)
|
||||
#define OPENSSL_ARM
|
||||
#elif defined(OPENSSL_64_BIT) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC) || \
|
||||
defined(__PPC__) || defined(__ppc64__) || defined(__PPC64__) || defined(_ARCH_PPC64) || \
|
||||
defined(__ppc64le__) || defined(__powerpc64__) || defined(_M_PPC))
|
||||
# if defined(OPENSSL_BIG_ENDIAN)
|
||||
# define OPENSSL_PPC64BE
|
||||
# else
|
||||
# define OPENSSL_PPC64LE
|
||||
# endif
|
||||
#elif defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC) || defined(__PPC__) || defined(_M_PPC)
|
||||
# if defined(OPENSSL_BIG_ENDIAN)
|
||||
# define OPENSSL_PPC32BE
|
||||
# else
|
||||
# define OPENSSL_PPC32LE
|
||||
# endif
|
||||
#elif defined(__s390x__)
|
||||
#define OPENSSL_S390X
|
||||
#elif defined(__sparc__)
|
||||
#define OPENSSL_SPARCV9
|
||||
#elif defined(__MIPSEL__) || defined(__MIPSEB__)
|
||||
# if defined(OPENSSL_64_BIT)
|
||||
# define OPENSSL_MIPS64
|
||||
# else
|
||||
# define OPENSSL_MIPS
|
||||
# endif
|
||||
#elif defined(__riscv)
|
||||
# if defined(OPENSSL_64_BIT)
|
||||
# define OPENSSL_RISCV64
|
||||
# endif
|
||||
#elif defined(__loongarch_lp64) || \
|
||||
(defined(__loongarch__) && defined(OPENSSL_64_BIT))
|
||||
#define OPENSSL_LOONGARCH64
|
||||
#elif defined(__pnacl__)
|
||||
#define OPENSSL_PNACL
|
||||
#elif defined(__wasm__)
|
||||
#define OPENSSL_WASM
|
||||
#elif defined(__asmjs__) // Allowed but no macro defined
|
||||
#elif defined(__myriad2__) // Allowed but no macro defined
|
||||
#else
|
||||
// Run the crypto_test binary, notably crypto/compiler_test.cc, before adding
|
||||
// a new architecture.
|
||||
#error "Unknown target CPU"
|
||||
#endif
|
||||
|
||||
#if defined(__APPLE__)
|
||||
#define OPENSSL_APPLE
|
||||
// Note |TARGET_OS_MAC| is set for all Apple OS variants. |TARGET_OS_OSX|
|
||||
// targets macOS specifically.
|
||||
#if defined(TARGET_OS_OSX) && TARGET_OS_OSX
|
||||
#define OPENSSL_MACOS
|
||||
#endif
|
||||
#if defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE
|
||||
#define OPENSSL_IOS
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32)
|
||||
#define OPENSSL_WINDOWS
|
||||
#endif
|
||||
|
||||
// Android baremetal aren't Linux but currently define __linux__.
|
||||
// As a workaround, we exclude them here.
|
||||
// We also exclude nanolibc/CrOS EC/Zephyr. nanolibc/CrOS EC/Zephyr
|
||||
// sometimes build for a non-Linux target (which should not define __linux__),
|
||||
// but also sometimes build for Linux. Although technically running in Linux
|
||||
// userspace, this lacks all the libc APIs we'd normally expect on Linux, so we
|
||||
// treat it as a non-Linux target.
|
||||
//
|
||||
// TODO(b/291101350): Remove this workaround once Android baremetal no longer
|
||||
// defines it.
|
||||
#if defined(__linux__) && \
|
||||
!defined(ANDROID_BAREMETAL) && !defined(OPENSSL_NANOLIBC) && \
|
||||
!defined(CROS_EC) && !defined(CROS_ZEPHYR)
|
||||
#define OPENSSL_LINUX
|
||||
#endif
|
||||
|
||||
// nanolibc is a particular minimal libc implementation. Defining this on any
|
||||
// other platform is not supported. Other embedded platforms must introduce
|
||||
// their own defines.
|
||||
#if defined(OPENSSL_NANOLIBC)
|
||||
#define OPENSSL_NO_FILESYSTEM
|
||||
#define OPENSSL_NO_POSIX_IO
|
||||
#define OPENSSL_NO_SOCK
|
||||
#define OPENSSL_NO_TTY
|
||||
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
|
||||
#endif
|
||||
|
||||
// Android baremetal is an embedded target that uses a subset of bionic.
|
||||
// Defining this on any other platform is not supported. Other embedded
|
||||
// platforms must introduce their own defines.
|
||||
#if defined(ANDROID_BAREMETAL)
|
||||
#define OPENSSL_NO_FILESYSTEM
|
||||
#define OPENSSL_NO_POSIX_IO
|
||||
#define OPENSSL_NO_SOCK
|
||||
#define OPENSSL_NO_TTY
|
||||
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
|
||||
#endif
|
||||
|
||||
// CROS_EC is an embedded target for ChromeOS Embedded Controller. Defining
|
||||
// this on any other platform is not supported. Other embedded platforms must
|
||||
// introduce their own defines.
|
||||
//
|
||||
// https://chromium.googlesource.com/chromiumos/platform/ec/+/HEAD/README.md
|
||||
#if defined(CROS_EC)
|
||||
#define OPENSSL_NO_FILESYSTEM
|
||||
#define OPENSSL_NO_POSIX_IO
|
||||
#define OPENSSL_NO_SOCK
|
||||
#define OPENSSL_NO_TTY
|
||||
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
|
||||
#endif
|
||||
|
||||
// CROS_ZEPHYR is an embedded target for ChromeOS Zephyr Embedded Controller.
|
||||
// Defining this on any other platform is not supported. Other embedded
|
||||
// platforms must introduce their own defines.
|
||||
//
|
||||
// https://chromium.googlesource.com/chromiumos/platform/ec/+/HEAD/docs/zephyr/README.md
|
||||
#if defined(CROS_ZEPHYR)
|
||||
#define OPENSSL_NO_FILESYSTEM
|
||||
#define OPENSSL_NO_POSIX_IO
|
||||
#define OPENSSL_NO_SOCK
|
||||
#define OPENSSL_NO_TTY
|
||||
#define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
|
||||
#endif
|
||||
|
||||
#if defined(__ANDROID_API__)
|
||||
#define OPENSSL_ANDROID
|
||||
#endif
|
||||
|
||||
#if defined(__FreeBSD__)
|
||||
#define OPENSSL_FREEBSD
|
||||
#endif
|
||||
|
||||
#if defined(__OpenBSD__)
|
||||
#define OPENSSL_OPENBSD
|
||||
#endif
|
||||
|
||||
#if defined(__NetBSD__)
|
||||
#define OPENSSL_NETBSD
|
||||
#endif
|
||||
|
||||
#if defined(__illumos__) || (defined(__sun) && defined(__SVR4))
|
||||
#define OPENSSL_SOLARIS
|
||||
#endif
|
||||
|
||||
// BoringSSL requires platform's locking APIs to make internal global state
|
||||
// thread-safe, including the PRNG. On some single-threaded embedded platforms,
|
||||
// locking APIs may not exist, so this dependency may be disabled with the
|
||||
// following build flag.
|
||||
//
|
||||
// IMPORTANT: Doing so means the consumer promises the library will never be
|
||||
// used in any multi-threaded context. It causes BoringSSL to be globally
|
||||
// thread-unsafe. Setting it inappropriately will subtly and unpredictably
|
||||
// corrupt memory and leak secret keys.
|
||||
//
|
||||
// Do not set this flag on any platform where threads are possible. BoringSSL
|
||||
// maintainers will not provide support for any consumers that do so. Changes
|
||||
// which break such unsupported configurations will not be reverted.
|
||||
#if !defined(OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED)
|
||||
#define OPENSSL_THREADS
|
||||
#endif
|
||||
|
||||
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE) && \
|
||||
!defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
|
||||
#define BORINGSSL_UNSAFE_DETERMINISTIC_MODE
|
||||
#endif
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(address_sanitizer)
|
||||
#define OPENSSL_ASAN
|
||||
#endif
|
||||
#if __has_feature(thread_sanitizer)
|
||||
#define OPENSSL_TSAN
|
||||
#endif
|
||||
#if __has_feature(memory_sanitizer)
|
||||
#define OPENSSL_MSAN
|
||||
#define OPENSSL_ASM_INCOMPATIBLE
|
||||
#endif
|
||||
#if __has_feature(hwaddress_sanitizer)
|
||||
#define OPENSSL_HWASAN
|
||||
#endif
|
||||
#endif
|
||||
|
||||
// Disable 32-bit Arm assembly on Apple platforms. The last iOS version that
|
||||
// supported 32-bit Arm was iOS 10.
|
||||
#if defined(OPENSSL_APPLE) && defined(OPENSSL_ARM)
|
||||
#define OPENSSL_ASM_INCOMPATIBLE
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_ASM_INCOMPATIBLE)
|
||||
#undef OPENSSL_ASM_INCOMPATIBLE
|
||||
#if !defined(OPENSSL_NO_ASM)
|
||||
#define OPENSSL_NO_ASM
|
||||
#endif
|
||||
#endif // OPENSSL_ASM_INCOMPATIBLE
|
||||
|
||||
#endif // OPENSSL_HEADER_TARGET_H
|
||||
+158
@@ -0,0 +1,158 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_THREAD_H
|
||||
#define OPENSSL_HEADER_THREAD_H
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#if !defined(OPENSSL_THREADS)
|
||||
typedef struct crypto_mutex_st {
|
||||
char padding; // Empty structs have different sizes in C and C++.
|
||||
} CRYPTO_MUTEX;
|
||||
#elif defined(OPENSSL_WINDOWS)
|
||||
// CRYPTO_MUTEX can appear in public header files so we really don't want to
|
||||
// pull in windows.h. It's statically asserted that this structure is large
|
||||
// enough to contain a Windows SRWLOCK by thread_win.c.
|
||||
typedef union crypto_mutex_st {
|
||||
void *handle;
|
||||
} CRYPTO_MUTEX;
|
||||
#elif !defined(__GLIBC__)
|
||||
#if defined(OPENSSL_OPENBSD)
|
||||
#include <pthread.h>
|
||||
#endif
|
||||
typedef pthread_rwlock_t CRYPTO_MUTEX;
|
||||
#else
|
||||
// On glibc, |pthread_rwlock_t| is hidden under feature flags, and we can't
|
||||
// ensure that we'll be able to get it from a public header. It's statically
|
||||
// asserted that this structure is large enough to contain a |pthread_rwlock_t|
|
||||
// by thread_pthread.c.
|
||||
typedef union crypto_mutex_st {
|
||||
double alignment;
|
||||
uint8_t padding[3 * sizeof(int) + 5 * sizeof(unsigned) + 16 + 8];
|
||||
} CRYPTO_MUTEX;
|
||||
#endif
|
||||
|
||||
// CRYPTO_refcount_t is the type of a reference count.
|
||||
//
|
||||
// Since some platforms use C11 atomics to access this, it should have the
|
||||
// _Atomic qualifier. However, this header is included by C++ programs as well
|
||||
// as C code that might not set -std=c11. So, in practice, it's not possible to
|
||||
// do that. Instead we statically assert that the size and native alignment of
|
||||
// a plain uint32_t and an _Atomic uint32_t are equal in refcount_c11.c.
|
||||
typedef uint32_t CRYPTO_refcount_t;
|
||||
|
||||
// AWSLC_thread_local_clear destructs AWS-LC-related thread-local data.
|
||||
// If no other AWS-LC function is subsequently called on this thread prior to
|
||||
// its termination, our internal thread-local destructor function will not be
|
||||
// invoked. If performed on all active threads, this may allow a shared
|
||||
// AWS-LC library to be unloaded safely via |dlclose|.
|
||||
OPENSSL_EXPORT int AWSLC_thread_local_clear(void);
|
||||
|
||||
// AWSLC_thread_local_shutdown deletes the key used to track thread-local data.
|
||||
// This function is not thread-safe. It is needed to avoid leaking resources in
|
||||
// consumers that use |dlopen|/|dlclose| to access the AWS-LC shared library.
|
||||
// It should be called prior to |dlclose| after all other threads have completed
|
||||
// calls to |AWSLC_thread_local_clear|.
|
||||
OPENSSL_EXPORT int AWSLC_thread_local_shutdown(void);
|
||||
|
||||
// General No-op Functions [Deprecated].
|
||||
//
|
||||
// Historically, OpenSSL required callers to provide locking callbacks.
|
||||
// BoringSSL is thread-safe by default, but some old code calls these functions
|
||||
// and so no-op implementations are provided.
|
||||
|
||||
// These defines do nothing but are provided to make old code easier to
|
||||
// compile.
|
||||
#define CRYPTO_LOCK 1
|
||||
#define CRYPTO_UNLOCK 2
|
||||
#define CRYPTO_READ 4
|
||||
#define CRYPTO_WRITE 8
|
||||
|
||||
// CRYPTO_num_locks returns one. (This is non-zero that callers who allocate
|
||||
// sizeof(lock) times this value don't get zero and then fail because malloc(0)
|
||||
// returned NULL.)
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_num_locks(void);
|
||||
|
||||
// CRYPTO_set_locking_callback does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_locking_callback(
|
||||
void (*func)(int mode, int lock_num, const char *file, int line));
|
||||
|
||||
// CRYPTO_set_add_lock_callback does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_add_lock_callback(int (*func)(
|
||||
int *num, int amount, int lock_num, const char *file, int line));
|
||||
|
||||
// CRYPTO_get_locking_callback returns NULL.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void (*CRYPTO_get_locking_callback(void))(
|
||||
int mode, int lock_num, const char *file, int line);
|
||||
|
||||
// CRYPTO_get_lock_name returns a fixed, dummy string.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED const char *CRYPTO_get_lock_name(
|
||||
int lock_num);
|
||||
|
||||
// CRYPTO_THREADID_set_callback returns one.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_THREADID_set_callback(
|
||||
void (*threadid_func)(CRYPTO_THREADID *threadid));
|
||||
|
||||
// CRYPTO_THREADID_set_numeric does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_THREADID_set_numeric(
|
||||
CRYPTO_THREADID *id, unsigned long val);
|
||||
|
||||
// CRYPTO_THREADID_set_pointer does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_THREADID_set_pointer(
|
||||
CRYPTO_THREADID *id, void *ptr);
|
||||
|
||||
// CRYPTO_THREADID_current does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_THREADID_current(
|
||||
CRYPTO_THREADID *id);
|
||||
|
||||
// CRYPTO_set_id_callback does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_id_callback(
|
||||
unsigned long (*func)(void));
|
||||
|
||||
typedef struct {
|
||||
int references;
|
||||
struct CRYPTO_dynlock_value *data;
|
||||
} CRYPTO_dynlock;
|
||||
|
||||
// CRYPTO_set_dynlock_create_callback does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_dynlock_create_callback(
|
||||
struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file,
|
||||
int line));
|
||||
|
||||
// CRYPTO_set_dynlock_lock_callback does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_dynlock_lock_callback(
|
||||
void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l,
|
||||
const char *file, int line));
|
||||
|
||||
// CRYPTO_set_dynlock_destroy_callback does nothing.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void CRYPTO_set_dynlock_destroy_callback(
|
||||
void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l,
|
||||
const char *file, int line));
|
||||
|
||||
// CRYPTO_get_dynlock_create_callback returns NULL.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED struct CRYPTO_dynlock_value *(
|
||||
*CRYPTO_get_dynlock_create_callback(void))(const char *file, int line);
|
||||
|
||||
// CRYPTO_get_dynlock_lock_callback returns NULL.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void (*CRYPTO_get_dynlock_lock_callback(
|
||||
void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,
|
||||
int line);
|
||||
|
||||
// CRYPTO_get_dynlock_destroy_callback returns NULL.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void (*CRYPTO_get_dynlock_destroy_callback(
|
||||
void))(struct CRYPTO_dynlock_value *l, const char *file, int line);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_THREAD_H
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
// Copyright (c) 2024, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_TIME_H
|
||||
#define OPENSSL_HEADER_TIME_H
|
||||
|
||||
// Compatibility header, to be deprecated. use <openssl/posix_time.h> instead.
|
||||
|
||||
#include <openssl/posix_time.h>
|
||||
|
||||
#endif // OPENSSL_HEADER_TIME_H
|
||||
+524
@@ -0,0 +1,524 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
// Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
// Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
// Copyright 2005 Nokia. All rights reserved.
|
||||
//
|
||||
// ECC cipher suite support in OpenSSL originally written by
|
||||
// Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories
|
||||
//
|
||||
// The Contribution, originally written by Mika Kousa and Pasi Eronen of
|
||||
// Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
|
||||
// support (see RFC 4279) to OpenSSL.
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_TLS1_H
|
||||
#define OPENSSL_HEADER_TLS1_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#define TLS1_AD_END_OF_EARLY_DATA 1
|
||||
#define TLS1_AD_DECRYPTION_FAILED 21
|
||||
#define TLS1_AD_RECORD_OVERFLOW 22
|
||||
#define TLS1_AD_UNKNOWN_CA 48
|
||||
#define TLS1_AD_ACCESS_DENIED 49
|
||||
#define TLS1_AD_DECODE_ERROR 50
|
||||
#define TLS1_AD_DECRYPT_ERROR 51
|
||||
#define TLS1_AD_EXPORT_RESTRICTION 60
|
||||
#define TLS1_AD_PROTOCOL_VERSION 70
|
||||
#define TLS1_AD_INSUFFICIENT_SECURITY 71
|
||||
#define TLS1_AD_INTERNAL_ERROR 80
|
||||
#define TLS1_AD_USER_CANCELLED 90
|
||||
#define TLS1_AD_NO_RENEGOTIATION 100
|
||||
#define TLS1_AD_MISSING_EXTENSION 109
|
||||
#define TLS1_AD_UNSUPPORTED_EXTENSION 110
|
||||
#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
|
||||
#define TLS1_AD_UNRECOGNIZED_NAME 112
|
||||
#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
|
||||
#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
|
||||
#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115
|
||||
#define TLS1_AD_CERTIFICATE_REQUIRED 116
|
||||
#define TLS1_AD_NO_APPLICATION_PROTOCOL 120
|
||||
#define TLS1_AD_ECH_REQUIRED 121 // draft-ietf-tls-esni-13
|
||||
|
||||
// ExtensionType values from RFC 6066
|
||||
#define TLSEXT_TYPE_server_name 0
|
||||
#define TLSEXT_TYPE_status_request 5
|
||||
|
||||
// ExtensionType values from RFC 4492
|
||||
#define TLSEXT_TYPE_ec_point_formats 11
|
||||
|
||||
// ExtensionType values from RFC 5246
|
||||
#define TLSEXT_TYPE_signature_algorithms 13
|
||||
|
||||
// ExtensionType value from RFC 5764
|
||||
#define TLSEXT_TYPE_srtp 14
|
||||
|
||||
// ExtensionType value from RFC 7301
|
||||
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
|
||||
|
||||
// ExtensionType value from RFC 7685
|
||||
#define TLSEXT_TYPE_padding 21
|
||||
|
||||
// ExtensionType value from RFC 7627
|
||||
#define TLSEXT_TYPE_extended_master_secret 23
|
||||
|
||||
// ExtensionType value from draft-ietf-quic-tls. Drafts 00 through 32 use
|
||||
// 0xffa5 which is part of the Private Use section of the registry, and it
|
||||
// collides with TLS-LTS and, based on scans, something else too (though this
|
||||
// hasn't been a problem in practice since it's QUIC-only). Drafts 33 onward
|
||||
// use the value 57 which was officially registered with IANA.
|
||||
#define TLSEXT_TYPE_quic_transport_parameters_legacy 0xffa5
|
||||
|
||||
// ExtensionType value from RFC 9000
|
||||
#define TLSEXT_TYPE_quic_transport_parameters 57
|
||||
|
||||
// TLSEXT_TYPE_quic_transport_parameters_standard is an alias for
|
||||
// |TLSEXT_TYPE_quic_transport_parameters|. Use
|
||||
// |TLSEXT_TYPE_quic_transport_parameters| instead.
|
||||
#define TLSEXT_TYPE_quic_transport_parameters_standard \
|
||||
TLSEXT_TYPE_quic_transport_parameters
|
||||
|
||||
// ExtensionType value from RFC 8879
|
||||
#define TLSEXT_TYPE_cert_compression 27
|
||||
|
||||
// ExtensionType value from RFC 4507
|
||||
#define TLSEXT_TYPE_session_ticket 35
|
||||
|
||||
// ExtensionType values from RFC 8446
|
||||
#define TLSEXT_TYPE_supported_groups 10
|
||||
#define TLSEXT_TYPE_pre_shared_key 41
|
||||
#define TLSEXT_TYPE_early_data 42
|
||||
#define TLSEXT_TYPE_supported_versions 43
|
||||
#define TLSEXT_TYPE_cookie 44
|
||||
#define TLSEXT_TYPE_psk_key_exchange_modes 45
|
||||
#define TLSEXT_TYPE_certificate_authorities 47
|
||||
#define TLSEXT_TYPE_signature_algorithms_cert 50
|
||||
#define TLSEXT_TYPE_key_share 51
|
||||
|
||||
// ExtensionType value from RFC 5746
|
||||
#define TLSEXT_TYPE_renegotiate 0xff01
|
||||
|
||||
// ExtensionType value from RFC 9345
|
||||
#define TLSEXT_TYPE_delegated_credential 34
|
||||
|
||||
// ExtensionType value from draft-vvv-tls-alps. This is not an IANA defined
|
||||
// extension number.
|
||||
#define TLSEXT_TYPE_application_settings_old 17513
|
||||
#define TLSEXT_TYPE_application_settings 17613
|
||||
|
||||
// ExtensionType values from draft-ietf-tls-esni-13. This is not an IANA defined
|
||||
// extension number.
|
||||
#define TLSEXT_TYPE_encrypted_client_hello 0xfe0d
|
||||
#define TLSEXT_TYPE_ech_outer_extensions 0xfd00
|
||||
|
||||
// ExtensionType value from RFC 6962
|
||||
#define TLSEXT_TYPE_certificate_timestamp 18
|
||||
|
||||
// This is not an IANA defined extension number
|
||||
#define TLSEXT_TYPE_next_proto_neg 13172
|
||||
|
||||
// This is not an IANA defined extension number
|
||||
#define TLSEXT_TYPE_channel_id 30032
|
||||
|
||||
// status request value from RFC 3546
|
||||
#define TLSEXT_STATUSTYPE_nothing (-1)
|
||||
#define TLSEXT_STATUSTYPE_ocsp 1
|
||||
|
||||
// ECPointFormat values from RFC 4492
|
||||
#define TLSEXT_ECPOINTFORMAT_uncompressed 0
|
||||
#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
|
||||
|
||||
// Signature and hash algorithms from RFC 5246
|
||||
|
||||
#define TLSEXT_signature_anonymous 0
|
||||
#define TLSEXT_signature_rsa 1
|
||||
#define TLSEXT_signature_dsa 2
|
||||
#define TLSEXT_signature_ecdsa 3
|
||||
|
||||
#define TLSEXT_hash_none 0
|
||||
#define TLSEXT_hash_md5 1
|
||||
#define TLSEXT_hash_sha1 2
|
||||
#define TLSEXT_hash_sha224 3
|
||||
#define TLSEXT_hash_sha256 4
|
||||
#define TLSEXT_hash_sha384 5
|
||||
#define TLSEXT_hash_sha512 6
|
||||
|
||||
// From https://www.rfc-editor.org/rfc/rfc8879.html#section-3
|
||||
#define TLSEXT_cert_compression_zlib 1
|
||||
#define TLSEXT_cert_compression_brotli 2
|
||||
|
||||
#define TLSEXT_MAXLEN_host_name 255
|
||||
|
||||
// PSK ciphersuites from 4279
|
||||
#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
|
||||
#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B
|
||||
#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
|
||||
#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
|
||||
|
||||
// PSK ciphersuites from RFC 5489
|
||||
#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035
|
||||
#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036
|
||||
|
||||
// Additional TLS ciphersuites from expired Internet Draft
|
||||
// draft-ietf-tls-56-bit-ciphersuites-01.txt
|
||||
// (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
|
||||
// s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
|
||||
// shouldn't. Note that the first two are actually not in the IDs.
|
||||
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 // not in ID
|
||||
#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 // not in ID
|
||||
#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
|
||||
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
|
||||
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
|
||||
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
|
||||
#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
|
||||
|
||||
// AES ciphersuites from RFC 3268
|
||||
|
||||
#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
|
||||
#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
|
||||
|
||||
#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
|
||||
#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
|
||||
|
||||
// TLS v1.2 ciphersuites
|
||||
#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B
|
||||
#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C
|
||||
#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
|
||||
|
||||
// Camellia ciphersuites from RFC 4132
|
||||
#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
|
||||
#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
|
||||
#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
|
||||
#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
|
||||
#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
|
||||
#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
|
||||
|
||||
// TLS v1.2 ciphersuites
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B
|
||||
#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
|
||||
#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
|
||||
|
||||
// Camellia ciphersuites from RFC 4132
|
||||
#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
|
||||
#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
|
||||
#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
|
||||
#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
|
||||
#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
|
||||
#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
|
||||
|
||||
// SEED ciphersuites from RFC 4162
|
||||
#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
|
||||
#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
|
||||
#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
|
||||
#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
|
||||
#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
|
||||
#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
|
||||
|
||||
// TLS v1.2 GCM ciphersuites from RFC 5288
|
||||
#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
|
||||
#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
|
||||
#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0
|
||||
#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2
|
||||
#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4
|
||||
#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5
|
||||
#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
|
||||
#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
|
||||
|
||||
// ECC ciphersuites from RFC 4492
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
|
||||
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
|
||||
|
||||
#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
|
||||
#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
|
||||
#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
|
||||
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
|
||||
|
||||
#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
|
||||
#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
|
||||
#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
|
||||
#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
|
||||
#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
|
||||
|
||||
// SRP ciphersuites from RFC 5054
|
||||
#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A
|
||||
#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B
|
||||
#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C
|
||||
#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D
|
||||
#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E
|
||||
#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F
|
||||
#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020
|
||||
#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
|
||||
#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
|
||||
|
||||
// ECDH HMAC based ciphersuites from RFC 5289
|
||||
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
|
||||
|
||||
// ECDH GCM based ciphersuites from RFC 5289
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
|
||||
|
||||
// ChaCha20-Poly1305 cipher suites from RFC 7905.
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA8
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA9
|
||||
#define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0x0300CCAC
|
||||
|
||||
// TLS 1.3 ciphersuites from RFC 8446.
|
||||
#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
|
||||
#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302
|
||||
#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
|
||||
|
||||
// The following constants are legacy aliases of |TLS1_3_CK_*|.
|
||||
// TODO(davidben): Migrate callers to the new name and remove these.
|
||||
#define TLS1_CK_AES_128_GCM_SHA256 TLS1_3_CK_AES_128_GCM_SHA256
|
||||
#define TLS1_CK_AES_256_GCM_SHA384 TLS1_3_CK_AES_256_GCM_SHA384
|
||||
#define TLS1_CK_CHACHA20_POLY1305_SHA256 TLS1_3_CK_CHACHA20_POLY1305_SHA256
|
||||
|
||||
// XXX
|
||||
// Inconsistency alert:
|
||||
// The OpenSSL names of ciphers with ephemeral DH here include the string
|
||||
// "DHE", while elsewhere it has always been "EDH".
|
||||
// (The alias for the list of all such ciphers also is "EDH".)
|
||||
// The specifications speak of "EDH"; maybe we should allow both forms
|
||||
// for everything.
|
||||
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
|
||||
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
|
||||
#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA \
|
||||
"EXP1024-DHE-DSS-DES-CBC-SHA"
|
||||
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
|
||||
|
||||
// AES ciphersuites from RFC 3268
|
||||
#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
|
||||
#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
|
||||
|
||||
#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
|
||||
#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
|
||||
|
||||
// ECC ciphersuites from RFC 4492
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
|
||||
|
||||
// PSK ciphersuites from RFC 4279
|
||||
#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
|
||||
#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
|
||||
#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
|
||||
#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
|
||||
|
||||
// PSK ciphersuites from RFC 5489
|
||||
#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA"
|
||||
#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA"
|
||||
|
||||
// SRP ciphersuite from RFC 5054
|
||||
#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
|
||||
#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
|
||||
|
||||
// Camellia ciphersuites from RFC 4132
|
||||
#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
|
||||
#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
|
||||
#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
|
||||
#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
|
||||
|
||||
#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
|
||||
#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
|
||||
#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
|
||||
#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
|
||||
|
||||
// SEED ciphersuites from RFC 4162
|
||||
#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
|
||||
#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
|
||||
#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
|
||||
#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
|
||||
|
||||
// TLS v1.2 ciphersuites
|
||||
#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"
|
||||
#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"
|
||||
#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"
|
||||
#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
|
||||
#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
|
||||
|
||||
// TLS v1.2 GCM ciphersuites from RFC 5288
|
||||
#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
|
||||
|
||||
// ECDH HMAC based ciphersuites from RFC 5289
|
||||
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
|
||||
|
||||
// ECDH GCM based ciphersuites from RFC 5289
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \
|
||||
"ECDHE-ECDSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \
|
||||
"ECDH-ECDSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \
|
||||
"ECDH-ECDSA-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
|
||||
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
|
||||
"ECDHE-RSA-CHACHA20-POLY1305"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \
|
||||
"ECDHE-ECDSA-CHACHA20-POLY1305"
|
||||
#define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
|
||||
"ECDHE-PSK-CHACHA20-POLY1305"
|
||||
|
||||
// TLS 1.3 ciphersuites from RFC 8446.
|
||||
#define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256"
|
||||
#define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384"
|
||||
#define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256"
|
||||
|
||||
// The following constants are legacy aliases of |TLS1_3_CK_*|.
|
||||
// TODO(bbe): Migrate callers to the new name and remove these.
|
||||
#define TLS1_TXT_AES_128_GCM_SHA256 TLS1_3_RFC_AES_128_GCM_SHA256
|
||||
#define TLS1_TXT_AES_256_GCM_SHA384 TLS1_3_RFC_AES_256_GCM_SHA384
|
||||
#define TLS1_TXT_CHACHA20_POLY1305_SHA256 TLS1_3_RFC_CHACHA20_POLY1305_SHA256
|
||||
|
||||
#define TLS_CT_RSA_SIGN 1
|
||||
#define TLS_CT_DSS_SIGN 2
|
||||
#define TLS_CT_RSA_FIXED_DH 3
|
||||
#define TLS_CT_DSS_FIXED_DH 4
|
||||
#define TLS_CT_ECDSA_SIGN 64
|
||||
#define TLS_CT_RSA_FIXED_ECDH 65
|
||||
#define TLS_CT_ECDSA_FIXED_ECDH 66
|
||||
|
||||
#define TLS_MD_MAX_CONST_SIZE 20
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_TLS1_H
|
||||
+333
@@ -0,0 +1,333 @@
|
||||
// Copyright (c) 2020, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_TRUST_TOKEN_H
|
||||
#define OPENSSL_HEADER_TRUST_TOKEN_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
#include <openssl/stack.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
// Trust Token implementation.
|
||||
//
|
||||
// Trust Token is an implementation of an experimental mechanism similar to
|
||||
// Privacy Pass which allows issuance and redemption of anonymized tokens with
|
||||
// limited private metadata.
|
||||
//
|
||||
// References:
|
||||
// https://eprint.iacr.org/2020/072.pdf
|
||||
// https://github.com/alxdavids/privacy-pass-ietf/tree/master/drafts
|
||||
// https://github.com/WICG/trust-token-api/blob/master/README.md
|
||||
//
|
||||
// WARNING: This API is unstable and subject to change.
|
||||
|
||||
// TRUST_TOKEN_experiment_v1 is an experimental Trust Tokens protocol using
|
||||
// PMBTokens and P-384.
|
||||
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void);
|
||||
|
||||
// TRUST_TOKEN_experiment_v2_voprf is an experimental Trust Tokens protocol
|
||||
// using VOPRFs and P-384 with up to 6 keys, without RR verification.
|
||||
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_voprf(void);
|
||||
|
||||
// TRUST_TOKEN_experiment_v2_pmb is an experimental Trust Tokens protocol using
|
||||
// PMBTokens and P-384 with up to 3 keys, without RR verification.
|
||||
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pmb(void);
|
||||
|
||||
// TRUST_TOKEN_pst_v1_voprf is an experimental Trust Tokens protocol
|
||||
// using VOPRFs and P-384 with up to 6 keys, without RR verification.
|
||||
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_pst_v1_voprf(void);
|
||||
|
||||
// TRUST_TOKEN_pst_v1_pmb is an experimental Trust Tokens protocol using
|
||||
// PMBTokens and P-384 with up to 3 keys, without RR verification.
|
||||
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_pst_v1_pmb(void);
|
||||
|
||||
// trust_token_st represents a single-use token for the Trust Token protocol.
|
||||
// For the client, this is the token and its corresponding signature. For the
|
||||
// issuer, this is the token itself.
|
||||
struct trust_token_st {
|
||||
uint8_t *data;
|
||||
size_t len;
|
||||
};
|
||||
|
||||
DEFINE_STACK_OF(TRUST_TOKEN)
|
||||
|
||||
// TRUST_TOKEN_new creates a newly-allocated |TRUST_TOKEN| with value |data| or
|
||||
// NULL on allocation failure.
|
||||
OPENSSL_EXPORT TRUST_TOKEN *TRUST_TOKEN_new(const uint8_t *data, size_t len);
|
||||
|
||||
// TRUST_TOKEN_free releases memory associated with |token|.
|
||||
OPENSSL_EXPORT void TRUST_TOKEN_free(TRUST_TOKEN *token);
|
||||
|
||||
#define TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE 512
|
||||
#define TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE 512
|
||||
|
||||
// TRUST_TOKEN_generate_key creates a new Trust Token keypair labeled with |id|
|
||||
// and serializes the private and public keys, writing the private key to
|
||||
// |out_priv_key| and setting |*out_priv_key_len| to the number of bytes
|
||||
// written, and writing the public key to |out_pub_key| and setting
|
||||
// |*out_pub_key_len| to the number of bytes written.
|
||||
//
|
||||
// At most |max_priv_key_len| and |max_pub_key_len| bytes are written. In order
|
||||
// to ensure success, these should be at least
|
||||
// |TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE| and |TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE|.
|
||||
//
|
||||
// This function returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_generate_key(
|
||||
const TRUST_TOKEN_METHOD *method, uint8_t *out_priv_key,
|
||||
size_t *out_priv_key_len, size_t max_priv_key_len, uint8_t *out_pub_key,
|
||||
size_t *out_pub_key_len, size_t max_pub_key_len, uint32_t id);
|
||||
|
||||
// TRUST_TOKEN_derive_key_from_secret deterministically derives a new Trust
|
||||
// Token keypair labeled with |id| from an input |secret| and serializes the
|
||||
// private and public keys, writing the private key to |out_priv_key| and
|
||||
// setting |*out_priv_key_len| to the number of bytes written, and writing the
|
||||
// public key to |out_pub_key| and setting |*out_pub_key_len| to the number of
|
||||
// bytes written.
|
||||
//
|
||||
// At most |max_priv_key_len| and |max_pub_key_len| bytes are written. In order
|
||||
// to ensure success, these should be at least
|
||||
// |TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE| and |TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE|.
|
||||
//
|
||||
// This function returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_derive_key_from_secret(
|
||||
const TRUST_TOKEN_METHOD *method, uint8_t *out_priv_key,
|
||||
size_t *out_priv_key_len, size_t max_priv_key_len, uint8_t *out_pub_key,
|
||||
size_t *out_pub_key_len, size_t max_pub_key_len, uint32_t id,
|
||||
const uint8_t *secret, size_t secret_len);
|
||||
|
||||
|
||||
// Trust Token client implementation.
|
||||
//
|
||||
// These functions implements the client half of the Trust Token protocol. A
|
||||
// single |TRUST_TOKEN_CLIENT| can perform a single protocol operation.
|
||||
|
||||
// TRUST_TOKEN_CLIENT_new returns a newly-allocated |TRUST_TOKEN_CLIENT|
|
||||
// configured to use a max batchsize of |max_batchsize| or NULL on error.
|
||||
// Issuance requests must be made in batches smaller than |max_batchsize|. This
|
||||
// function will return an error if |max_batchsize| is too large for Trust
|
||||
// Tokens.
|
||||
OPENSSL_EXPORT TRUST_TOKEN_CLIENT *TRUST_TOKEN_CLIENT_new(
|
||||
const TRUST_TOKEN_METHOD *method, size_t max_batchsize);
|
||||
|
||||
// TRUST_TOKEN_CLIENT_free releases memory associated with |ctx|.
|
||||
OPENSSL_EXPORT void TRUST_TOKEN_CLIENT_free(TRUST_TOKEN_CLIENT *ctx);
|
||||
|
||||
// TRUST_TOKEN_CLIENT_add_key configures the |ctx| to support the public key
|
||||
// |key|. It sets |*out_key_index| to the index this key has been configured to.
|
||||
// It returns one on success or zero on error if the |key| can't be parsed or
|
||||
// too many keys have been configured.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_add_key(TRUST_TOKEN_CLIENT *ctx,
|
||||
size_t *out_key_index,
|
||||
const uint8_t *key,
|
||||
size_t key_len);
|
||||
|
||||
// TRUST_TOKEN_CLIENT_set_srr_key sets the public key used to verify the SRR. It
|
||||
// returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_set_srr_key(TRUST_TOKEN_CLIENT *ctx,
|
||||
EVP_PKEY *key);
|
||||
|
||||
// TRUST_TOKEN_CLIENT_begin_issuance produces a request for |count| trust tokens
|
||||
// and serializes the request into a newly-allocated buffer, setting |*out| to
|
||||
// that buffer and |*out_len| to its length. The caller takes ownership of the
|
||||
// buffer and must call |OPENSSL_free| when done. It returns one on success and
|
||||
// zero on error.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_issuance(TRUST_TOKEN_CLIENT *ctx,
|
||||
uint8_t **out,
|
||||
size_t *out_len,
|
||||
size_t count);
|
||||
|
||||
// TRUST_TOKEN_CLIENT_begin_issuance_over_message produces a request for a trust
|
||||
// token derived from |msg| and serializes the request into a newly-allocated
|
||||
// buffer, setting |*out| to that buffer and |*out_len| to its length. The
|
||||
// caller takes ownership of the buffer and must call |OPENSSL_free| when done.
|
||||
// It returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_issuance_over_message(
|
||||
TRUST_TOKEN_CLIENT *ctx, uint8_t **out, size_t *out_len, size_t count,
|
||||
const uint8_t *msg, size_t msg_len);
|
||||
|
||||
// TRUST_TOKEN_CLIENT_finish_issuance consumes |response| from the issuer and
|
||||
// extracts the tokens, returning a list of tokens and the index of the key used
|
||||
// to sign the tokens in |*out_key_index|. The caller can use this to determine
|
||||
// what key was used in an issuance and to drop tokens if a new key commitment
|
||||
// arrives without the specified key present. The caller takes ownership of the
|
||||
// list and must call |sk_TRUST_TOKEN_pop_free| when done. The list is empty if
|
||||
// issuance fails.
|
||||
OPENSSL_EXPORT STACK_OF(TRUST_TOKEN) *
|
||||
TRUST_TOKEN_CLIENT_finish_issuance(TRUST_TOKEN_CLIENT *ctx,
|
||||
size_t *out_key_index,
|
||||
const uint8_t *response,
|
||||
size_t response_len);
|
||||
|
||||
|
||||
// TRUST_TOKEN_CLIENT_begin_redemption produces a request to redeem a token
|
||||
// |token| and receive a signature over |data| and serializes the request into
|
||||
// a newly-allocated buffer, setting |*out| to that buffer and |*out_len| to
|
||||
// its length. |time| is the number of seconds since the UNIX epoch and used to
|
||||
// verify the validity of the issuer's response in TrustTokenV1 and ignored in
|
||||
// other versions. The caller takes ownership of the buffer and must call
|
||||
// |OPENSSL_free| when done. It returns one on success or zero on error.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_redemption(
|
||||
TRUST_TOKEN_CLIENT *ctx, uint8_t **out, size_t *out_len,
|
||||
const TRUST_TOKEN *token, const uint8_t *data, size_t data_len,
|
||||
uint64_t time);
|
||||
|
||||
// TRUST_TOKEN_CLIENT_finish_redemption consumes |response| from the issuer. In
|
||||
// |TRUST_TOKEN_experiment_v1|, it then verifies the SRR and if valid sets
|
||||
// |*out_rr| and |*out_rr_len| (respectively, |*out_sig| and |*out_sig_len|)
|
||||
// to a newly-allocated buffer containing the SRR (respectively, the SRR
|
||||
// signature). In other versions, it sets |*out_rr| and |*out_rr_len|
|
||||
// to a newly-allocated buffer containing |response| and leaves all validation
|
||||
// to the caller. It returns one on success or zero on failure.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_finish_redemption(
|
||||
TRUST_TOKEN_CLIENT *ctx, uint8_t **out_rr, size_t *out_rr_len,
|
||||
uint8_t **out_sig, size_t *out_sig_len, const uint8_t *response,
|
||||
size_t response_len);
|
||||
|
||||
|
||||
// Trust Token issuer implementation.
|
||||
//
|
||||
// These functions implement the issuer half of the Trust Token protocol. A
|
||||
// |TRUST_TOKEN_ISSUER| can be reused across multiple protocol operations. It
|
||||
// may be used concurrently on multiple threads by non-mutating functions,
|
||||
// provided no other thread is concurrently calling a mutating function.
|
||||
// Functions which take a |const| pointer are non-mutating and functions which
|
||||
// take a non-|const| pointer are mutating.
|
||||
|
||||
// TRUST_TOKEN_ISSUER_new returns a newly-allocated |TRUST_TOKEN_ISSUER|
|
||||
// configured to use a max batchsize of |max_batchsize| or NULL on error.
|
||||
// Issuance requests must be made in batches smaller than |max_batchsize|. This
|
||||
// function will return an error if |max_batchsize| is too large for Trust
|
||||
// Tokens.
|
||||
OPENSSL_EXPORT TRUST_TOKEN_ISSUER *TRUST_TOKEN_ISSUER_new(
|
||||
const TRUST_TOKEN_METHOD *method, size_t max_batchsize);
|
||||
|
||||
// TRUST_TOKEN_ISSUER_free releases memory associated with |ctx|.
|
||||
OPENSSL_EXPORT void TRUST_TOKEN_ISSUER_free(TRUST_TOKEN_ISSUER *ctx);
|
||||
|
||||
// TRUST_TOKEN_ISSUER_add_key configures the |ctx| to support the private key
|
||||
// |key|. It must be a private key returned by |TRUST_TOKEN_generate_key|. It
|
||||
// returns one on success or zero on error. This function may fail if the |key|
|
||||
// can't be parsed or too many keys have been configured.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_add_key(TRUST_TOKEN_ISSUER *ctx,
|
||||
const uint8_t *key,
|
||||
size_t key_len);
|
||||
|
||||
// TRUST_TOKEN_ISSUER_set_srr_key sets the private key used to sign the SRR. It
|
||||
// returns one on success and zero on error.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_set_srr_key(TRUST_TOKEN_ISSUER *ctx,
|
||||
EVP_PKEY *key);
|
||||
|
||||
// TRUST_TOKEN_ISSUER_set_metadata_key sets the key used to encrypt the private
|
||||
// metadata. The key is a randomly generated bytestring of at least 32 bytes
|
||||
// used to encode the private metadata bit in the SRR. It returns one on success
|
||||
// and zero on error.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_set_metadata_key(TRUST_TOKEN_ISSUER *ctx,
|
||||
const uint8_t *key,
|
||||
size_t len);
|
||||
|
||||
// TRUST_TOKEN_ISSUER_issue ingests |request| for token issuance
|
||||
// and generates up to |max_issuance| valid tokens, producing a list of blinded
|
||||
// tokens and storing the response into a newly-allocated buffer and setting
|
||||
// |*out| to that buffer, |*out_len| to its length, and |*out_tokens_issued| to
|
||||
// the number of tokens issued. The tokens are issued with public metadata of
|
||||
// |public_metadata| and a private metadata value of |private_metadata|.
|
||||
// |public_metadata| must be one of the previously configured key IDs.
|
||||
// |private_metadata| must be 0 or 1. The caller takes ownership of the buffer
|
||||
// and must call |OPENSSL_free| when done. It returns one on success or zero on
|
||||
// error.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_issue(
|
||||
const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, size_t *out_len,
|
||||
size_t *out_tokens_issued, const uint8_t *request, size_t request_len,
|
||||
uint32_t public_metadata, uint8_t private_metadata, size_t max_issuance);
|
||||
|
||||
// TRUST_TOKEN_ISSUER_redeem ingests a |request| for token redemption and
|
||||
// verifies the token. The public metadata is stored in |*out_public|. The
|
||||
// private metadata (if any) is stored in |*out_private|. The extracted
|
||||
// |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in
|
||||
// |*out_token|. The extracted client data is stored into a newly-allocated
|
||||
// buffer and stored in |*out_client_data|. The caller takes ownership of each
|
||||
// output buffer and must call |OPENSSL_free| when done. It returns one on
|
||||
// success or zero on error.
|
||||
//
|
||||
// The caller must keep track of all values of |*out_token| seen globally before
|
||||
// returning a response to the client. If the value has been reused, the caller
|
||||
// must report an error to the client. Returning a response with replayed values
|
||||
// allows an attacker to double-spend tokens.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem(
|
||||
const TRUST_TOKEN_ISSUER *ctx, uint32_t *out_public, uint8_t *out_private,
|
||||
TRUST_TOKEN **out_token, uint8_t **out_client_data,
|
||||
size_t *out_client_data_len, const uint8_t *request, size_t request_len);
|
||||
|
||||
// TRUST_TOKEN_ISSUER_redeem_raw is a legacy alias for
|
||||
// |TRUST_TOKEN_ISSUER_redeem|.
|
||||
#define TRUST_TOKEN_ISSUER_redeem_raw TRUST_TOKEN_ISSUER_redeem
|
||||
|
||||
// TRUST_TOKEN_ISSUER_redeem_over_message ingests a |request| for token
|
||||
// redemption and a message and verifies the token and that it is derived from
|
||||
// the provided |msg|. The public metadata is stored in
|
||||
// |*out_public|. The private metadata (if any) is stored in |*out_private|. The
|
||||
// extracted |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in
|
||||
// |*out_token|. The extracted client data is stored into a newly-allocated
|
||||
// buffer and stored in |*out_client_data|. The caller takes ownership of each
|
||||
// output buffer and must call |OPENSSL_free| when done. It returns one on
|
||||
// success or zero on error.
|
||||
//
|
||||
// The caller must keep track of all values of |*out_token| seen globally before
|
||||
// returning a response to the client. If the value has been reused, the caller
|
||||
// must report an error to the client. Returning a response with replayed values
|
||||
// allows an attacker to double-spend tokens.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem_over_message(
|
||||
const TRUST_TOKEN_ISSUER *ctx, uint32_t *out_public, uint8_t *out_private,
|
||||
TRUST_TOKEN **out_token, uint8_t **out_client_data,
|
||||
size_t *out_client_data_len, const uint8_t *request, size_t request_len,
|
||||
const uint8_t *msg, size_t msg_len);
|
||||
|
||||
// TRUST_TOKEN_decode_private_metadata decodes |encrypted_bit| using the
|
||||
// private metadata key specified by a |key| buffer of length |key_len| and the
|
||||
// nonce by a |nonce| buffer of length |nonce_len|. The nonce in
|
||||
// |TRUST_TOKEN_experiment_v1| is the token-hash field of the SRR. |*out_value|
|
||||
// is set to the decrypted value, either zero or one. It returns one on success
|
||||
// and zero on error.
|
||||
OPENSSL_EXPORT int TRUST_TOKEN_decode_private_metadata(
|
||||
const TRUST_TOKEN_METHOD *method, uint8_t *out_value, const uint8_t *key,
|
||||
size_t key_len, const uint8_t *nonce, size_t nonce_len,
|
||||
uint8_t encrypted_bit);
|
||||
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
|
||||
extern "C++" {
|
||||
|
||||
BSSL_NAMESPACE_BEGIN
|
||||
|
||||
BORINGSSL_MAKE_DELETER(TRUST_TOKEN, TRUST_TOKEN_free)
|
||||
BORINGSSL_MAKE_DELETER(TRUST_TOKEN_CLIENT, TRUST_TOKEN_CLIENT_free)
|
||||
BORINGSSL_MAKE_DELETER(TRUST_TOKEN_ISSUER, TRUST_TOKEN_ISSUER_free)
|
||||
|
||||
BSSL_NAMESPACE_END
|
||||
|
||||
} // extern C++
|
||||
#endif
|
||||
|
||||
#define TRUST_TOKEN_R_KEYGEN_FAILURE 100
|
||||
#define TRUST_TOKEN_R_BUFFER_TOO_SMALL 101
|
||||
#define TRUST_TOKEN_R_OVER_BATCHSIZE 102
|
||||
#define TRUST_TOKEN_R_DECODE_ERROR 103
|
||||
#define TRUST_TOKEN_R_SRR_SIGNATURE_ERROR 104
|
||||
#define TRUST_TOKEN_R_DECODE_FAILURE 105
|
||||
#define TRUST_TOKEN_R_INVALID_METADATA 106
|
||||
#define TRUST_TOKEN_R_TOO_MANY_KEYS 107
|
||||
#define TRUST_TOKEN_R_NO_KEYS_CONFIGURED 108
|
||||
#define TRUST_TOKEN_R_INVALID_KEY_ID 109
|
||||
#define TRUST_TOKEN_R_INVALID_TOKEN 110
|
||||
#define TRUST_TOKEN_R_BAD_VALIDITY_CHECK 111
|
||||
#define TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED 112
|
||||
#define TRUST_TOKEN_R_INVALID_METADATA_KEY 113
|
||||
#define TRUST_TOKEN_R_INVALID_PROOF 114
|
||||
|
||||
#endif // OPENSSL_HEADER_TRUST_TOKEN_H
|
||||
+28
@@ -0,0 +1,28 @@
|
||||
// Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_TYPE_CHECK_H
|
||||
#define OPENSSL_HEADER_TYPE_CHECK_H
|
||||
|
||||
#include <openssl/base.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
// CHECKED_CAST casts |p| from type |from| to type |to|.
|
||||
//
|
||||
// TODO(davidben): Although this macro is not public API and is unused in
|
||||
// BoringSSL, wpa_supplicant uses it to define its own stacks. Remove this once
|
||||
// wpa_supplicant has been fixed.
|
||||
#define CHECKED_CAST(to, from, p) ((to) (1 ? (p) : (from)0))
|
||||
|
||||
// CHECKED_PTR_OF casts a given pointer to void* and statically checks that it
|
||||
// was a pointer to |type|.
|
||||
#define CHECKED_PTR_OF(type, p) CHECKED_CAST(void*, type*, (p))
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern C
|
||||
#endif
|
||||
|
||||
#endif // OPENSSL_HEADER_TYPE_CHECK_H
|
||||
+39
@@ -0,0 +1,39 @@
|
||||
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0 OR ISC
|
||||
|
||||
#ifndef UI_H
|
||||
#define UI_H
|
||||
|
||||
#include "openssl/base.h"
|
||||
struct ui_st {
|
||||
char _unused;
|
||||
};
|
||||
|
||||
struct ui_method_st {
|
||||
char _unused;
|
||||
};
|
||||
|
||||
typedef struct ui_st UI;
|
||||
typedef struct ui_method_st UI_METHOD;
|
||||
|
||||
/// UI_new does nothing, always returns NULL.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED UI *UI_new(void);
|
||||
|
||||
/// UI_free invokes OPENSSL_free on its parameter.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED void UI_free(UI *ui);
|
||||
|
||||
/// UI_add_input_string does nothing, always returns -1 for failure.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int UI_add_input_string(UI *ui, const char *prompt, int flags,
|
||||
char *result_buf, int minsize, int maxsize);
|
||||
|
||||
/// UI_add_verify_string does nothing, always returns -1 for failure.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int UI_add_verify_string(UI *ui, const char *prompt, int flags,
|
||||
char *result_buf, int minsize, int maxsize, const char *test_buf);
|
||||
|
||||
/// UI_add_info_string does nothing, always returns -1 for failure.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int UI_add_info_string(UI *ui, const char *text);
|
||||
|
||||
/// UI_process does nothing, always returns -1 for failure.
|
||||
OPENSSL_EXPORT OPENSSL_DEPRECATED int UI_process(UI *ui);
|
||||
|
||||
#endif //UI_H
|
||||
+5679
File diff suppressed because it is too large
Load Diff
+7
@@ -0,0 +1,7 @@
|
||||
// Copyright (c) 2021, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
/* This header is provided in order to make compiling against code that expects
|
||||
OpenSSL easier. */
|
||||
|
||||
#include "x509.h"
|
||||
+52
@@ -0,0 +1,52 @@
|
||||
// Copyright (c) 2023, Google Inc.
|
||||
// SPDX-License-Identifier: ISC
|
||||
|
||||
#ifndef OPENSSL_HEADER_X509V3_H
|
||||
#define OPENSSL_HEADER_X509V3_H
|
||||
|
||||
// This header primarily exists in order to make compiling against code that
|
||||
// expects OpenSSL easier. We have merged this header into <openssl/x509.h>.
|
||||
// However, due to conflicts, some deprecated symbols are defined here.
|
||||
#include <openssl/x509.h>
|
||||
|
||||
|
||||
// CRL reason constants.
|
||||
|
||||
// TODO(davidben): These constants live here because strongswan defines
|
||||
// conflicting symbols and has been relying on them only being defined in
|
||||
// <openssl/x509v3.h>. Defining the constants in <openssl/x509.h> would break
|
||||
// strongswan, but we would also like for new code to only need
|
||||
// <openssl/x509.h>. Introduce properly namespaced versions of these constants
|
||||
// and, separately, see if we can fix strongswan to similarly avoid the
|
||||
// conflict. Between OpenSSL, strongswan, and wincrypt.h all defining these
|
||||
// constants, it seems best for everyone to just avoid them going forward.
|
||||
#define CRL_REASON_NONE (-1)
|
||||
#define CRL_REASON_UNSPECIFIED 0
|
||||
#define CRL_REASON_KEY_COMPROMISE 1
|
||||
#define CRL_REASON_CA_COMPROMISE 2
|
||||
#define CRL_REASON_AFFILIATION_CHANGED 3
|
||||
#define CRL_REASON_SUPERSEDED 4
|
||||
#define CRL_REASON_CESSATION_OF_OPERATION 5
|
||||
#define CRL_REASON_CERTIFICATE_HOLD 6
|
||||
#define CRL_REASON_REMOVE_FROM_CRL 8
|
||||
#define CRL_REASON_PRIVILEGE_WITHDRAWN 9
|
||||
#define CRL_REASON_AA_COMPROMISE 10
|
||||
|
||||
|
||||
// Deprecated constants.
|
||||
|
||||
// The following constants are legacy aliases for |X509v3_KU_*|. They are
|
||||
// defined here instead of in <openssl/x509.h> because NSS's public headers use
|
||||
// the same symbols. Some callers have inadvertently relied on the conflicts
|
||||
// only being defined in this header.
|
||||
#define KU_DIGITAL_SIGNATURE X509v3_KU_DIGITAL_SIGNATURE
|
||||
#define KU_NON_REPUDIATION X509v3_KU_NON_REPUDIATION
|
||||
#define KU_KEY_ENCIPHERMENT X509v3_KU_KEY_ENCIPHERMENT
|
||||
#define KU_DATA_ENCIPHERMENT X509v3_KU_DATA_ENCIPHERMENT
|
||||
#define KU_KEY_AGREEMENT X509v3_KU_KEY_AGREEMENT
|
||||
#define KU_KEY_CERT_SIGN X509v3_KU_KEY_CERT_SIGN
|
||||
#define KU_CRL_SIGN X509v3_KU_CRL_SIGN
|
||||
#define KU_ENCIPHER_ONLY X509v3_KU_ENCIPHER_ONLY
|
||||
#define KU_DECIPHER_ONLY X509v3_KU_DECIPHER_ONLY
|
||||
|
||||
#endif // OPENSSL_HEADER_X509V3_H
|
||||
+74
@@ -0,0 +1,74 @@
|
||||
// Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 1999
|
||||
// Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
#ifndef OPENSSL_HEADER_X509V3_ERRORS_H
|
||||
#define OPENSSL_HEADER_X509V3_ERRORS_H
|
||||
|
||||
#define X509V3_R_BAD_IP_ADDRESS 100
|
||||
#define X509V3_R_BAD_OBJECT 101
|
||||
#define X509V3_R_BN_DEC2BN_ERROR 102
|
||||
#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 103
|
||||
#define X509V3_R_CANNOT_FIND_FREE_FUNCTION 104
|
||||
#define X509V3_R_DIRNAME_ERROR 105
|
||||
#define X509V3_R_DISTPOINT_ALREADY_SET 106
|
||||
#define X509V3_R_DUPLICATE_ZONE_ID 107
|
||||
#define X509V3_R_ERROR_CONVERTING_ZONE 108
|
||||
#define X509V3_R_ERROR_CREATING_EXTENSION 109
|
||||
#define X509V3_R_ERROR_IN_EXTENSION 110
|
||||
#define X509V3_R_EXPECTED_A_SECTION_NAME 111
|
||||
#define X509V3_R_EXTENSION_EXISTS 112
|
||||
#define X509V3_R_EXTENSION_NAME_ERROR 113
|
||||
#define X509V3_R_EXTENSION_NOT_FOUND 114
|
||||
#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 115
|
||||
#define X509V3_R_EXTENSION_VALUE_ERROR 116
|
||||
#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 117
|
||||
#define X509V3_R_ILLEGAL_HEX_DIGIT 118
|
||||
#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 119
|
||||
#define X509V3_R_INVALID_BOOLEAN_STRING 120
|
||||
#define X509V3_R_INVALID_EXTENSION_STRING 121
|
||||
#define X509V3_R_INVALID_MULTIPLE_RDNS 122
|
||||
#define X509V3_R_INVALID_NAME 123
|
||||
#define X509V3_R_INVALID_NULL_ARGUMENT 124
|
||||
#define X509V3_R_INVALID_NULL_NAME 125
|
||||
#define X509V3_R_INVALID_NULL_VALUE 126
|
||||
#define X509V3_R_INVALID_NUMBER 127
|
||||
#define X509V3_R_INVALID_NUMBERS 128
|
||||
#define X509V3_R_INVALID_OBJECT_IDENTIFIER 129
|
||||
#define X509V3_R_INVALID_OPTION 130
|
||||
#define X509V3_R_INVALID_POLICY_IDENTIFIER 131
|
||||
#define X509V3_R_INVALID_PROXY_POLICY_SETTING 132
|
||||
#define X509V3_R_INVALID_PURPOSE 133
|
||||
#define X509V3_R_INVALID_SECTION 134
|
||||
#define X509V3_R_INVALID_SYNTAX 135
|
||||
#define X509V3_R_ISSUER_DECODE_ERROR 136
|
||||
#define X509V3_R_MISSING_VALUE 137
|
||||
#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 138
|
||||
#define X509V3_R_NO_CONFIG_DATABASE 139
|
||||
#define X509V3_R_NO_ISSUER_CERTIFICATE 140
|
||||
#define X509V3_R_NO_ISSUER_DETAILS 141
|
||||
#define X509V3_R_NO_POLICY_IDENTIFIER 142
|
||||
#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 143
|
||||
#define X509V3_R_NO_PUBLIC_KEY 144
|
||||
#define X509V3_R_NO_SUBJECT_DETAILS 145
|
||||
#define X509V3_R_ODD_NUMBER_OF_DIGITS 146
|
||||
#define X509V3_R_OPERATION_NOT_DEFINED 147
|
||||
#define X509V3_R_OTHERNAME_ERROR 148
|
||||
#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 149
|
||||
#define X509V3_R_POLICY_PATH_LENGTH 150
|
||||
#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 151
|
||||
#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 152
|
||||
#define X509V3_R_SECTION_NOT_FOUND 153
|
||||
#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 154
|
||||
#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 155
|
||||
#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 156
|
||||
#define X509V3_R_UNKNOWN_EXTENSION 157
|
||||
#define X509V3_R_UNKNOWN_EXTENSION_NAME 158
|
||||
#define X509V3_R_UNKNOWN_OPTION 159
|
||||
#define X509V3_R_UNSUPPORTED_OPTION 160
|
||||
#define X509V3_R_UNSUPPORTED_TYPE 161
|
||||
#define X509V3_R_USER_TOO_LONG 162
|
||||
#define X509V3_R_INVALID_VALUE 163
|
||||
#define X509V3_R_TRAILING_DATA_IN_EXTENSION 164
|
||||
|
||||
#endif // OPENSSL_HEADER_X509V3_ERRORS_H
|
||||
Reference in New Issue
Block a user