diff options
Diffstat (limited to 'Cryptlib/Include')
72 files changed, 9235 insertions, 3070 deletions
diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index b77838db..e5e1adc0 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -133,6 +133,11 @@ struct tm { char *tm_zone; /* timezone abbreviation */
};
+struct timeval {
+ long tv_sec; /* time value, in seconds */
+ long tv_usec; /* time value, in microseconds */
+} timeval;
+
struct dirent {
UINT32 d_fileno; /* file number of entry */
UINT16 d_reclen; /* length of this record */
@@ -267,5 +272,6 @@ extern FILE *stdout; #define assert(expression)
#define localtime(timer) NULL
#define gmtime_r(timer,result) (result = NULL)
+#define atoi(nptr) Atoi(nptr)
#endif
diff --git a/Cryptlib/Include/memory.h b/Cryptlib/Include/memory.h new file mode 100644 index 00000000..092b3cde --- /dev/null +++ b/Cryptlib/Include/memory.h @@ -0,0 +1,16 @@ +/** @file
+ Include file to support building OpenSSL Crypto Library.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <OpenSslSupport.h>
+
diff --git a/Cryptlib/Include/openssl/aes.h b/Cryptlib/Include/openssl/aes.h index 83c13c93..87bf60f6 100644 --- a/Cryptlib/Include/openssl/aes.h +++ b/Cryptlib/Include/openssl/aes.h @@ -58,6 +58,8 @@ # error AES is disabled. # endif +# include <stddef.h> + # define AES_ENCRYPT 1 # define AES_DECRYPT 0 @@ -68,10 +70,6 @@ # define AES_MAXNR 14 # define AES_BLOCK_SIZE 16 -# ifdef OPENSSL_FIPS -# define FIPS_AES_SIZE_T int -# endif - #ifdef __cplusplus extern "C" { #endif @@ -94,6 +92,11 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, int AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); +int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + void AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key); void AES_decrypt(const unsigned char *in, unsigned char *out, @@ -102,37 +105,32 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key, const int enc); void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, const int enc); void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc); void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc); void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc); -void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out, - const int nbits, const AES_KEY *key, - unsigned char *ivec, const int enc); void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num); void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num); - -/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */ /* NB: the IV is _two_ blocks long */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, const int enc); /* NB: the IV is _four_ blocks long */ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, const AES_KEY *key2, const unsigned char *ivec, const int enc); @@ -143,6 +141,7 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inlen); + #ifdef __cplusplus } #endif diff --git a/Cryptlib/Include/openssl/asn1.h b/Cryptlib/Include/openssl/asn1.h index 47e3e02a..68e791fc 100644 --- a/Cryptlib/Include/openssl/asn1.h +++ b/Cryptlib/Include/openssl/asn1.h @@ -207,13 +207,13 @@ typedef struct asn1_const_ctx_st { # define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ # define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ # define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ -typedef struct asn1_object_st { +struct asn1_object_st { const char *sn, *ln; int nid; int length; - unsigned char *data; + const unsigned char *data; /* data remains const after init */ int flags; /* Should we free this one */ -} ASN1_OBJECT; +}; # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ /* @@ -228,10 +228,15 @@ typedef struct asn1_object_st { * complete and is a place holder for content when it had all been accessed. * The flag will be reset when content has been written to it. */ -# define ASN1_STRING_FLAG_CONT 0x020 +# define ASN1_STRING_FLAG_CONT 0x020 +/* + * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +# define ASN1_STRING_FLAG_MSTRING 0x040 /* This is the base type that holds just about everything :-) */ -typedef struct asn1_string_st { +struct asn1_string_st { int length; int type; unsigned char *data; @@ -241,7 +246,7 @@ typedef struct asn1_string_st { * non-zero 'unused bits' value, it will be handled correctly */ long flags; -} ASN1_STRING; +}; /* * ASN1_ENCODING structure: this is used to save the received encoding of an @@ -289,7 +294,6 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE) * Declarations for template structures: for full definitions see asn1t.h */ typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; -typedef struct ASN1_ITEM_st ASN1_ITEM; typedef struct ASN1_TLC_st ASN1_TLC; /* This is just an opaque pointer */ typedef struct ASN1_VALUE_st ASN1_VALUE; @@ -330,6 +334,13 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; type *name##_new(void); \ void name##_free(type *a); +# define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); + # define D2I_OF(type) type *(*)(type **,const unsigned char **,long) # define I2D_OF(type) int (*)(type *,unsigned char **) # define I2D_OF_const(type) int (*)(const type *,unsigned char **) @@ -344,8 +355,6 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; ((void*) (1 ? p : (type*)0)) # define CHECKED_PPTR_OF(type, p) \ ((void**) (1 ? p : (type**)0)) -# define CHECKED_PTR_OF_TO_CHAR(type, p) \ - ((char*) (1 ? p : (type*)0)) # define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) # define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) @@ -546,19 +555,15 @@ typedef struct asn1_type_st { DECLARE_STACK_OF(ASN1_TYPE) DECLARE_ASN1_SET_OF(ASN1_TYPE) -typedef struct asn1_method_st { - i2d_of_void *i2d; - d2i_of_void *d2i; - void *(*create) (void); - void (*destroy) (void *); -} ASN1_METHOD; +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) -/* This is used when parsing some Netscape objects */ -typedef struct asn1_header_st { +typedef struct NETSCAPE_X509_st { ASN1_OCTET_STRING *header; - void *data; - ASN1_METHOD *meth; -} ASN1_HEADER; + X509 *cert; +} NETSCAPE_X509; /* This is used to contain a list of bit names */ typedef struct BIT_STRING_BITNAME_st { @@ -577,32 +582,34 @@ typedef struct BIT_STRING_BITNAME_st { ASN1_STRING_type_new(V_ASN1_BIT_STRING) # define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) # define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ - ASN1_STRING_dup((ASN1_STRING *)a) + ASN1_STRING_dup((const ASN1_STRING *)a) # define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) + (const ASN1_STRING *)a,(const ASN1_STRING *)b) # define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) # define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ ASN1_STRING_type_new(V_ASN1_INTEGER) # define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) +# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) # define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) + (const ASN1_STRING *)a,(const ASN1_STRING *)b) # define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ ASN1_STRING_type_new(V_ASN1_ENUMERATED) # define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a) +# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) # define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) + (const ASN1_STRING *)a,(const ASN1_STRING *)b) # define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ ASN1_STRING_type_new(V_ASN1_OCTET_STRING) # define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) # define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ - ASN1_STRING_dup((ASN1_STRING *)a) + ASN1_STRING_dup((const ASN1_STRING *)a) # define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) + (const ASN1_STRING *)a,(const ASN1_STRING *)b) # define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) # define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) # define M_i2d_ASN1_OCTET_STRING(a,pp) \ @@ -686,7 +693,7 @@ typedef struct BIT_STRING_BITNAME_st { ASN1_STRING_type_new(V_ASN1_IA5STRING) # define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) # define M_ASN1_IA5STRING_dup(a) \ - (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a) + (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) # define M_i2d_ASN1_IA5STRING(a,pp) \ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ V_ASN1_UNIVERSAL) @@ -697,18 +704,20 @@ typedef struct BIT_STRING_BITNAME_st { # define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ ASN1_STRING_type_new(V_ASN1_UTCTIME) # define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) +# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) # define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) # define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) # define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ - (ASN1_STRING *)a) + (const ASN1_STRING *)a) # define M_ASN1_TIME_new() (ASN1_TIME *)\ ASN1_STRING_type_new(V_ASN1_UTCTIME) # define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a) +# define M_ASN1_TIME_dup(a) (ASN1_TIME *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) # define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ ASN1_STRING_type_new(V_ASN1_GENERALSTRING) @@ -786,16 +795,18 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT) ASN1_STRING *ASN1_STRING_new(void); void ASN1_STRING_free(ASN1_STRING *a); -ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); ASN1_STRING *ASN1_STRING_type_new(int type); -int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); /* * Since this is used to store all sorts of things, via macros, for now, * make its data void * */ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); -int ASN1_STRING_length(ASN1_STRING *x); +int ASN1_STRING_length(const ASN1_STRING *x); void ASN1_STRING_length_set(ASN1_STRING *x, int n); int ASN1_STRING_type(ASN1_STRING *x); unsigned char *ASN1_STRING_data(ASN1_STRING *x); @@ -807,6 +818,8 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, + unsigned char *flags, int flags_len); # ifndef OPENSSL_NO_BIO int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, @@ -825,27 +838,35 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length); ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length); -ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x); -int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); +ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) -int ASN1_UTCTIME_check(ASN1_UTCTIME *a); +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); # if 0 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); # endif -int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, + long offset_sec); int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); +int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) -ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); -int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); +ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len); @@ -873,15 +894,20 @@ DECLARE_ASN1_FUNCTIONS(ASN1_TIME) DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); int ASN1_TIME_check(ASN1_TIME *t); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); -int i2d_ASN1_SET(STACK * a, unsigned char **pp, +int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); -STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length, - d2i_of_void *d2i, void (*free_func) (void *), - int ex_tag, int ex_class); +STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, + const unsigned char **pp, + long length, d2i_of_void *d2i, + void (*free_func) (OPENSSL_BLOCK), + int ex_tag, int ex_class); # ifndef OPENSSL_NO_BIO int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); @@ -899,9 +925,9 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, const char *sn, const char *ln); int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); -long ASN1_INTEGER_get(ASN1_INTEGER *a); -ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai); -BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); @@ -935,17 +961,17 @@ int ASN1_put_eoc(unsigned char **pp); int ASN1_object_size(int constructed, int length, int tag); /* Used to implement other functions */ -void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); # define ASN1_dup_of(type,i2d,d2i,x) \ ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ CHECKED_D2I_OF(type, d2i), \ - CHECKED_PTR_OF_TO_CHAR(type, x))) + CHECKED_PTR_OF(type, x))) # define ASN1_dup_of_const(type,i2d,d2i,x) \ ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ CHECKED_D2I_OF(type, d2i), \ - CHECKED_PTR_OF_TO_CHAR(const type, x))) + CHECKED_PTR_OF(const type, x))) void *ASN1_item_dup(const ASN1_ITEM *it, void *x); @@ -1006,31 +1032,24 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); CHECKED_PTR_OF(const type, x))) int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); -int ASN1_UTCTIME_print(BIO *fp, ASN1_UTCTIME *a); -int ASN1_GENERALIZEDTIME_print(BIO *fp, ASN1_GENERALIZEDTIME *a); -int ASN1_TIME_print(BIO *fp, ASN1_TIME *a); -int ASN1_STRING_print(BIO *bp, ASN1_STRING *v); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump); # endif const char *ASN1_tag2str(int tag); -/* Used to load and write netscape format cert/key */ -int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp); -ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp, - long length); -ASN1_HEADER *ASN1_HEADER_new(void); -void ASN1_HEADER_free(ASN1_HEADER * a); +/* Used to load and write netscape format cert */ -int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); +DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509) -/* Not used that much at this point, except for the first two */ -ASN1_METHOD *X509_asn1_meth(void); -ASN1_METHOD *RSAPrivateKey_asn1_meth(void); -ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void); -ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void); +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len); @@ -1039,9 +1058,10 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data, int max_len); -STACK *ASN1_seq_unpack(const unsigned char *buf, int len, - d2i_of_void *d2i, void (*free_func) (void *)); -unsigned char *ASN1_seq_pack(STACK * safes, i2d_of_void *i2d, +STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, + d2i_of_void *d2i, + void (*free_func) (OPENSSL_BLOCK)); +unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, unsigned char **buf, int *len); void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); @@ -1088,14 +1108,56 @@ void ASN1_add_oid_module(void); ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); -typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, - int flags, const ASN1_ITEM *it); - -int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, - int ctype_nid, int econt_nid, - STACK_OF(X509_ALGOR) *mdalgs, - asn1_output_data_fn * data_fn, const ASN1_ITEM *it); +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +BIO_METHOD *BIO_f_asn1(void); + +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it); +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it); ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); /* BEGIN ERROR CODES */ /* @@ -1127,6 +1189,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_ENUMERATED_TO_BN 113 # define ASN1_F_ASN1_EX_C2I 204 # define ASN1_F_ASN1_FIND_END 190 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 # define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 # define ASN1_F_ASN1_GENERATE_V3 178 # define ASN1_F_ASN1_GET_OBJECT 114 @@ -1143,11 +1206,12 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_ITEM_I2D_FP 193 # define ASN1_F_ASN1_ITEM_PACK 198 # define ASN1_F_ASN1_ITEM_SIGN 195 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 220 # define ASN1_F_ASN1_ITEM_UNPACK 199 # define ASN1_F_ASN1_ITEM_VERIFY 197 # define ASN1_F_ASN1_MBSTRING_NCOPY 122 # define ASN1_F_ASN1_OBJECT_NEW 123 -# define ASN1_F_ASN1_OUTPUT_DATA 207 +# define ASN1_F_ASN1_OUTPUT_DATA 214 # define ASN1_F_ASN1_PACK_STRING 124 # define ASN1_F_ASN1_PCTX_NEW 205 # define ASN1_F_ASN1_PKCS5_PBE_SET 125 @@ -1161,14 +1225,17 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 # define ASN1_F_ASN1_TEMPLATE_NEW 133 # define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +# define ASN1_F_ASN1_TIME_ADJ 217 # define ASN1_F_ASN1_TIME_SET 175 # define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 # define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 # define ASN1_F_ASN1_UNPACK_STRING 136 +# define ASN1_F_ASN1_UTCTIME_ADJ 218 # define ASN1_F_ASN1_UTCTIME_SET 187 # define ASN1_F_ASN1_VERIFY 137 -# define ASN1_F_B64_READ_ASN1 208 -# define ASN1_F_B64_WRITE_ASN1 209 +# define ASN1_F_B64_READ_ASN1 209 +# define ASN1_F_B64_WRITE_ASN1 210 +# define ASN1_F_BIO_NEW_NDEF 208 # define ASN1_F_BITSTR_CB 180 # define ASN1_F_BN_TO_ASN1_ENUMERATED 138 # define ASN1_F_BN_TO_ASN1_INTEGER 139 @@ -1187,6 +1254,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_D2I_ASN1_TYPE_BYTES 149 # define ASN1_F_D2I_ASN1_UINTEGER 150 # define ASN1_F_D2I_ASN1_UTCTIME 151 +# define ASN1_F_D2I_AUTOPRIVATEKEY 207 # define ASN1_F_D2I_NETSCAPE_RSA 152 # define ASN1_F_D2I_NETSCAPE_RSA_2 153 # define ASN1_F_D2I_PRIVATEKEY 154 @@ -1196,6 +1264,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_D2I_X509 156 # define ASN1_F_D2I_X509_CINF 157 # define ASN1_F_D2I_X509_PKEY 159 +# define ASN1_F_I2D_ASN1_BIO_STREAM 211 # define ASN1_F_I2D_ASN1_SET 188 # define ASN1_F_I2D_ASN1_TIME 160 # define ASN1_F_I2D_DSA_PUBKEY 161 @@ -1207,10 +1276,12 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_LONG_C2I 166 # define ASN1_F_OID_MODULE_INIT 174 # define ASN1_F_PARSE_TAGGING 182 -# define ASN1_F_PKCS5_PBE2_SET 167 +# define ASN1_F_PKCS5_PBE2_SET_IV 167 # define ASN1_F_PKCS5_PBE_SET 202 -# define ASN1_F_SMIME_READ_ASN1 210 -# define ASN1_F_SMIME_TEXT 211 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +# define ASN1_F_PKCS5_PBKDF2_SET 219 +# define ASN1_F_SMIME_READ_ASN1 212 +# define ASN1_F_SMIME_TEXT 213 # define ASN1_F_X509_CINF_NEW 168 # define ASN1_F_X509_CRL_ADD0_REVOKED 169 # define ASN1_F_X509_INFO_NEW 170 @@ -1222,22 +1293,24 @@ void ERR_load_ASN1_strings(void); /* Reason codes. */ # define ASN1_R_ADDING_OBJECT 171 -# define ASN1_R_ASN1_PARSE_ERROR 198 -# define ASN1_R_ASN1_SIG_PARSE_ERROR 199 +# define ASN1_R_ASN1_PARSE_ERROR 203 +# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 # define ASN1_R_AUX_ERROR 100 # define ASN1_R_BAD_CLASS 101 # define ASN1_R_BAD_OBJECT_HEADER 102 # define ASN1_R_BAD_PASSWORD_READ 103 # define ASN1_R_BAD_TAG 104 -# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 +# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 # define ASN1_R_BN_LIB 105 # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 # define ASN1_R_BUFFER_TOO_SMALL 107 # define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +# define ASN1_R_CONTEXT_NOT_INITIALISED 217 # define ASN1_R_DATA_IS_WRONG 109 # define ASN1_R_DECODE_ERROR 110 # define ASN1_R_DECODING_ERROR 111 # define ASN1_R_DEPTH_EXCEEDED 174 +# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 # define ASN1_R_ENCODE_ERROR 112 # define ASN1_R_ERROR_GETTING_TIME 173 # define ASN1_R_ERROR_LOADING_SECTION 172 @@ -1272,10 +1345,10 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 # define ASN1_R_INVALID_BMPSTRING_LENGTH 129 # define ASN1_R_INVALID_DIGIT 130 -# define ASN1_R_INVALID_MIME_TYPE 200 +# define ASN1_R_INVALID_MIME_TYPE 205 # define ASN1_R_INVALID_MODIFIER 186 # define ASN1_R_INVALID_NUMBER 187 -# define ASN1_R_INVALID_OBJECT_ENCODING 212 +# define ASN1_R_INVALID_OBJECT_ENCODING 216 # define ASN1_R_INVALID_SEPARATOR 131 # define ASN1_R_INVALID_TIME_FORMAT 132 # define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 @@ -1283,9 +1356,9 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_IV_TOO_LARGE 135 # define ASN1_R_LENGTH_ERROR 136 # define ASN1_R_LIST_ERROR 188 -# define ASN1_R_MIME_NO_CONTENT_TYPE 201 -# define ASN1_R_MIME_PARSE_ERROR 202 -# define ASN1_R_MIME_SIG_PARSE_ERROR 203 +# define ASN1_R_MIME_NO_CONTENT_TYPE 206 +# define ASN1_R_MIME_PARSE_ERROR 207 +# define ASN1_R_MIME_SIG_PARSE_ERROR 208 # define ASN1_R_MISSING_EOC 137 # define ASN1_R_MISSING_SECOND_NUMBER 138 # define ASN1_R_MISSING_VALUE 189 @@ -1295,11 +1368,12 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_NON_HEX_CHARACTERS 141 # define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ENOUGH_DATA 142 -# define ASN1_R_NO_CONTENT_TYPE 204 +# define ASN1_R_NO_CONTENT_TYPE 209 +# define ASN1_R_NO_DEFAULT_DIGEST 201 # define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 -# define ASN1_R_NO_MULTIPART_BODY_FAILURE 205 -# define ASN1_R_NO_MULTIPART_BOUNDARY 206 -# define ASN1_R_NO_SIG_CONTENT_TYPE 207 +# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +# define ASN1_R_NO_MULTIPART_BOUNDARY 211 +# define ASN1_R_NO_SIG_CONTENT_TYPE 212 # define ASN1_R_NULL_IS_WRONG_LENGTH 144 # define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 # define ASN1_R_ODD_NUMBER_OF_CHARS 145 @@ -1309,8 +1383,8 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 # define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 # define ASN1_R_SHORT_LINE 150 -# define ASN1_R_SIG_INVALID_MIME_TYPE 208 -# define ASN1_R_STREAMING_NOT_SUPPORTED 209 +# define ASN1_R_SIG_INVALID_MIME_TYPE 213 +# define ASN1_R_STREAMING_NOT_SUPPORTED 202 # define ASN1_R_STRING_TOO_LONG 151 # define ASN1_R_STRING_TOO_SHORT 152 # define ASN1_R_TAG_VALUE_TOO_HIGH 153 @@ -1322,11 +1396,12 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 # define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 # define ASN1_R_UNEXPECTED_EOC 159 -# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 +# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 # define ASN1_R_UNKNOWN_FORMAT 160 # define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 # define ASN1_R_UNKNOWN_OBJECT_TYPE 162 # define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 # define ASN1_R_UNKNOWN_TAG 194 # define ASN1_R_UNKOWN_FORMAT 195 # define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 @@ -1334,6 +1409,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 # define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 # define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 # define ASN1_R_WRONG_TAG 168 # define ASN1_R_WRONG_TYPE 169 diff --git a/Cryptlib/Include/openssl/asn1_mac.h b/Cryptlib/Include/openssl/asn1_mac.h index 4aa6af8a..abc6dc35 100644 --- a/Cryptlib/Include/openssl/asn1_mac.h +++ b/Cryptlib/Include/openssl/asn1_mac.h @@ -153,6 +153,13 @@ err:\ M_ASN1_D2I_get(b,func); \ } +# define M_ASN1_D2I_get_int_opt(b,func,type) \ + if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ + == (V_ASN1_UNIVERSAL|(type)))) \ + { \ + M_ASN1_D2I_get_int(b,func); \ + } + # define M_ASN1_D2I_get_imp(b,func, type) \ M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ c.q=c.p; \ diff --git a/Cryptlib/Include/openssl/asn1t.h b/Cryptlib/Include/openssl/asn1t.h index 0a868ace..99bc0eec 100644 --- a/Cryptlib/Include/openssl/asn1t.h +++ b/Cryptlib/Include/openssl/asn1t.h @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -215,6 +215,18 @@ extern "C" { #stname \ ASN1_ITEM_end(tname) +# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + /*- * This pair helps declare a CHOICE type. We can do: * @@ -652,11 +664,18 @@ typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); typedef struct ASN1_COMPAT_FUNCS_st { ASN1_new_func *asn1_new; @@ -672,6 +691,7 @@ typedef struct ASN1_EXTERN_FUNCS_st { ASN1_ex_free_func *asn1_ex_clear; ASN1_ex_d2i *asn1_ex_d2i; ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; } ASN1_EXTERN_FUNCS; typedef struct ASN1_PRIMITIVE_FUNCS_st { @@ -682,6 +702,7 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st { ASN1_ex_free_func *prim_clear; ASN1_primitive_c2i *prim_c2i; ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; } ASN1_PRIMITIVE_FUNCS; /* @@ -697,7 +718,8 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st { * more appropriate. */ -typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it); +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); typedef struct ASN1_AUX_st { void *app_data; @@ -708,6 +730,23 @@ typedef struct ASN1_AUX_st { int enc_offset; /* Offset of ASN1_ENCODING structure */ } ASN1_AUX; +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + /* Flags in ASN1_AUX */ /* Use a reference count */ @@ -727,6 +766,12 @@ typedef struct ASN1_AUX_st { # define ASN1_OP_D2I_POST 5 # define ASN1_OP_I2D_PRE 6 # define ASN1_OP_I2D_POST 7 +# define ASN1_OP_PRINT_PRE 8 +# define ASN1_OP_PRINT_POST 9 +# define ASN1_OP_STREAM_PRE 10 +# define ASN1_OP_STREAM_POST 11 +# define ASN1_OP_DETACHED_PRE 12 +# define ASN1_OP_DETACHED_POST 13 /* Macro to implement a primitive type */ # define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) @@ -782,9 +827,22 @@ typedef struct ASN1_AUX_st { # define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) +# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + # define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) +# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + # define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ stname *fname##_new(void) \ { \ @@ -835,6 +893,17 @@ typedef struct ASN1_AUX_st { return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ } +# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + # define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) diff --git a/Cryptlib/Include/openssl/bio.h b/Cryptlib/Include/openssl/bio.h index 9d29b365..561ae2f0 100644 --- a/Cryptlib/Include/openssl/bio.h +++ b/Cryptlib/Include/openssl/bio.h @@ -68,6 +68,14 @@ # include <openssl/crypto.h> +# ifndef OPENSSL_NO_SCTP +# ifndef OPENSSL_SYS_VMS +# include <stdint.h> +# else +# include <inttypes.h> +# endif +# endif + #ifdef __cplusplus extern "C" { #endif @@ -95,6 +103,10 @@ extern "C" { # define BIO_TYPE_BIO (19|0x0400)/* (half a) BIO pair */ # define BIO_TYPE_LINEBUFFER (20|0x0200)/* filter */ # define BIO_TYPE_DGRAM (21|0x0400|0x0100) +# ifndef OPENSSL_NO_SCTP +# define BIO_TYPE_DGRAM_SCTP (24|0x0400|0x0100) +# endif +# define BIO_TYPE_ASN1 (22|0x0200)/* filter */ # define BIO_TYPE_COMP (23|0x0200)/* filter */ # define BIO_TYPE_DESCRIPTOR 0x0100/* socket, fd, connect or accept */ @@ -161,7 +173,25 @@ extern "C" { # define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ # define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout - * to * adjust socket timeouts */ + * to adjust socket timeouts */ +# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48 + +# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +# ifndef OPENSSL_NO_SCTP +/* SCTP stuff */ +# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 +# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 +# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 +# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60 +# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61 +# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62 +# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63 +# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64 +# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65 +# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 +# endif /* modifiers */ # define BIO_FP_READ 0x02 @@ -261,7 +291,7 @@ void BIO_clear_flags(BIO *b, int flags); * BIO_CB_RETURN flag indicates if it is after the call */ # define BIO_CB_RETURN 0x80 -# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) +# define BIO_CB_return(a) ((a)|BIO_CB_RETURN) # define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) # define BIO_cb_post(a) ((a)&BIO_CB_RETURN) @@ -279,7 +309,6 @@ int BIO_method_type(const BIO *b); typedef void bio_info_cb (struct bio_st *, int, const char *, int, long, long); -# ifndef OPENSSL_SYS_WIN16 typedef struct bio_method_st { int type; const char *name; @@ -292,20 +321,6 @@ typedef struct bio_method_st { int (*destroy) (BIO *); long (*callback_ctrl) (BIO *, int, bio_info_cb *); } BIO_METHOD; -# else -typedef struct bio_method_st { - int type; - const char *name; - int (_far * bwrite) (); - int (_far * bread) (); - int (_far * bputs) (); - int (_far * bgets) (); - long (_far * ctrl) (); - int (_far * create) (); - int (_far * destroy) (); - long (_far * callback_ctrl) (); -} BIO_METHOD; -# endif struct bio_st { BIO_METHOD *method; @@ -351,6 +366,35 @@ typedef struct bio_f_buffer_ctx_struct { int obuf_off; /* write/read offset */ } BIO_F_BUFFER_CTX; +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, + void *parg); + +# ifndef OPENSSL_NO_SCTP +/* SCTP parameter structs */ +struct bio_dgram_sctp_sndinfo { + uint16_t snd_sid; + uint16_t snd_flags; + uint32_t snd_ppid; + uint32_t snd_context; +}; + +struct bio_dgram_sctp_rcvinfo { + uint16_t rcv_sid; + uint16_t rcv_ssn; + uint16_t rcv_flags; + uint32_t rcv_ppid; + uint32_t rcv_tsn; + uint32_t rcv_cumtsn; + uint32_t rcv_context; +}; + +struct bio_dgram_sctp_prinfo { + uint16_t pr_policy; + uint32_t pr_value; +}; +# endif + /* connect BIO stuff */ # define BIO_CONN_S_BEFORE 1 # define BIO_CONN_S_GET_IP 2 @@ -416,6 +460,14 @@ typedef struct bio_f_buffer_ctx_struct { # define BIO_C_RESET_READ_REQUEST 147 # define BIO_C_SET_MD_CTX 148 +# define BIO_C_SET_PREFIX 149 +# define BIO_C_GET_PREFIX 150 +# define BIO_C_SET_SUFFIX 151 +# define BIO_C_GET_SUFFIX 152 + +# define BIO_C_SET_EX_ARG 153 +# define BIO_C_GET_EX_ARG 154 + # define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) # define BIO_get_app_data(s) BIO_get_ex_data(s,0) @@ -571,6 +623,8 @@ int BIO_ctrl_reset_read_request(BIO *b); (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) # define BIO_dgram_set_peer(b,peer) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) +# define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) /* These two aren't currently implemented */ /* int BIO_get_ex_num(BIO *bio); */ @@ -582,22 +636,21 @@ int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, unsigned long BIO_number_read(BIO *bio); unsigned long BIO_number_written(BIO *bio); -# ifndef OPENSSL_NO_FP_API -# if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL) -BIO_METHOD *BIO_s_file_internal(void); -BIO *BIO_new_file_internal(char *filename, char *mode); -BIO *BIO_new_fp_internal(FILE *stream, int close_flag); -# define BIO_s_file BIO_s_file_internal -# define BIO_new_file BIO_new_file_internal -# define BIO_new_fp BIO_new_fp_internal -# else /* FP_API */ +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + BIO_METHOD *BIO_s_file(void); BIO *BIO_new_file(const char *filename, const char *mode); BIO *BIO_new_fp(FILE *stream, int close_flag); -# define BIO_s_file_internal BIO_s_file -# define BIO_new_file_internal BIO_new_file -# define BIO_new_fp_internal BIO_s_file -# endif /* FP_API */ +# ifndef OPENSSL_NO_FP_API +# define BIO_s_file_internal BIO_s_file # endif BIO *BIO_new(BIO_METHOD *type); int BIO_set(BIO *a, BIO_METHOD *type); @@ -628,13 +681,8 @@ int BIO_nread(BIO *bio, char **buf, int num); int BIO_nwrite0(BIO *bio, char **buf); int BIO_nwrite(BIO *bio, char **buf, int num); -# ifndef OPENSSL_SYS_WIN16 long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); -# else -long _far _loadds BIO_debug_callback(BIO *bio, int cmd, const char *argp, - int argi, long argl, long ret); -# endif BIO_METHOD *BIO_s_mem(void); BIO *BIO_new_mem_buf(void *buf, int len); @@ -655,6 +703,9 @@ BIO_METHOD *BIO_f_linebuffer(void); BIO_METHOD *BIO_f_nbio_test(void); # ifndef OPENSSL_NO_DGRAM BIO_METHOD *BIO_s_datagram(void); +# ifndef OPENSSL_NO_SCTP +BIO_METHOD *BIO_s_datagram_sctp(void); +# endif # endif /* BIO_METHOD *BIO_f_ber(void); */ @@ -675,6 +726,9 @@ int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); int BIO_dump_fp(FILE *fp, const char *s, int len); int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); # endif +int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, + int datalen); + struct hostent *BIO_gethostbyname(const char *name); /*- * We might want a thread-safe interface too: @@ -698,9 +752,21 @@ int BIO_set_tcp_ndelay(int sock, int turn_on); BIO *BIO_new_socket(int sock, int close_flag); BIO *BIO_new_dgram(int fd, int close_flag); +# ifndef OPENSSL_NO_SCTP +BIO *BIO_new_dgram_sctp(int fd, int close_flag); +int BIO_dgram_is_sctp(BIO *bio); +int BIO_dgram_sctp_notification_cb(BIO *b, + void (*handle_notifications) (BIO *bio, + void + *context, + void *buf), + void *context); +int BIO_dgram_sctp_wait_for_dry(BIO *b); +int BIO_dgram_sctp_msg_waiting(BIO *b); +# endif BIO *BIO_new_fd(int fd, int close_flag); -BIO *BIO_new_connect(char *host_port); -BIO *BIO_new_accept(char *host_port); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); @@ -766,6 +832,8 @@ void ERR_load_BIO_strings(void); # define BIO_F_BUFFER_CTRL 114 # define BIO_F_CONN_CTRL 127 # define BIO_F_CONN_STATE 115 +# define BIO_F_DGRAM_SCTP_READ 132 +# define BIO_F_DGRAM_SCTP_WRITE 133 # define BIO_F_FILE_CTRL 116 # define BIO_F_FILE_READ 130 # define BIO_F_LINEBUFFER_CTRL 129 diff --git a/Cryptlib/Include/openssl/blowfish.h b/Cryptlib/Include/openssl/blowfish.h index db19b9ac..83293027 100644 --- a/Cryptlib/Include/openssl/blowfish.h +++ b/Cryptlib/Include/openssl/blowfish.h @@ -79,7 +79,7 @@ extern "C" { * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +# if defined(__LP32__) # define BF_LONG unsigned long # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) # define BF_LONG unsigned long diff --git a/Cryptlib/Include/openssl/bn.h b/Cryptlib/Include/openssl/bn.h index 6dc2d754..5696965e 100644 --- a/Cryptlib/Include/openssl/bn.h +++ b/Cryptlib/Include/openssl/bn.h @@ -56,6 +56,59 @@ * [including the GNU Public Licence.] */ /* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * * Portions of the attached software ("Contribution") are developed by @@ -77,6 +130,7 @@ # include <stdio.h> /* FILE */ # endif # include <openssl/ossl_typ.h> +# include <openssl/crypto.h> #ifdef __cplusplus extern "C" { @@ -94,9 +148,11 @@ extern "C" { /* #define BN_DEBUG */ /* #define BN_DEBUG_RAND */ -# define BN_MUL_COMBA -# define BN_SQR_COMBA -# define BN_RECURSION +# ifndef OPENSSL_SMALL_FOOTPRINT +# define BN_MUL_COMBA +# define BN_SQR_COMBA +# define BN_RECURSION +# endif /* * This next option uses the C libraries (2 word)/(1 word) function. If it is @@ -139,6 +195,8 @@ extern "C" { # define BN_DEC_FMT1 "%lu" # define BN_DEC_FMT2 "%019lu" # define BN_DEC_NUM 19 +# define BN_HEX_FMT1 "%lX" +# define BN_HEX_FMT2 "%016lX" # endif /* @@ -165,83 +223,37 @@ extern "C" { # define BN_DEC_FMT1 "%llu" # define BN_DEC_FMT2 "%019llu" # define BN_DEC_NUM 19 +# define BN_HEX_FMT1 "%llX" +# define BN_HEX_FMT2 "%016llX" # endif # ifdef THIRTY_TWO_BIT # ifdef BN_LLONG -# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) +# if defined(_WIN32) && !defined(__GNUC__) # define BN_ULLONG unsigned __int64 +# define BN_MASK (0xffffffffffffffffI64) # else # define BN_ULLONG unsigned long long +# define BN_MASK (0xffffffffffffffffLL) # endif # endif -# define BN_ULONG unsigned long -# define BN_LONG long +# define BN_ULONG unsigned int +# define BN_LONG int # define BN_BITS 64 # define BN_BYTES 4 # define BN_BITS2 32 # define BN_BITS4 16 -# ifdef OPENSSL_SYS_WIN32 -/* VC++ doesn't like the LL suffix */ -# define BN_MASK (0xffffffffffffffffL) -# else -# define BN_MASK (0xffffffffffffffffLL) -# endif # define BN_MASK2 (0xffffffffL) # define BN_MASK2l (0xffff) # define BN_MASK2h1 (0xffff8000L) # define BN_MASK2h (0xffff0000L) # define BN_TBIT (0x80000000L) # define BN_DEC_CONV (1000000000L) -# define BN_DEC_FMT1 "%lu" -# define BN_DEC_FMT2 "%09lu" -# define BN_DEC_NUM 9 -# endif - -# ifdef SIXTEEN_BIT -# ifndef BN_DIV2W -# define BN_DIV2W -# endif -# define BN_ULLONG unsigned long -# define BN_ULONG unsigned short -# define BN_LONG short -# define BN_BITS 32 -# define BN_BYTES 2 -# define BN_BITS2 16 -# define BN_BITS4 8 -# define BN_MASK (0xffffffff) -# define BN_MASK2 (0xffff) -# define BN_MASK2l (0xff) -# define BN_MASK2h1 (0xff80) -# define BN_MASK2h (0xff00) -# define BN_TBIT (0x8000) -# define BN_DEC_CONV (100000) -# define BN_DEC_FMT1 "%u" -# define BN_DEC_FMT2 "%05u" -# define BN_DEC_NUM 5 -# endif - -# ifdef EIGHT_BIT -# ifndef BN_DIV2W -# define BN_DIV2W -# endif -# define BN_ULLONG unsigned short -# define BN_ULONG unsigned char -# define BN_LONG char -# define BN_BITS 16 -# define BN_BYTES 1 -# define BN_BITS2 8 -# define BN_BITS4 4 -# define BN_MASK (0xffff) -# define BN_MASK2 (0xff) -# define BN_MASK2l (0xf) -# define BN_MASK2h1 (0xf8) -# define BN_MASK2h (0xf0) -# define BN_TBIT (0x80) -# define BN_DEC_CONV (100) # define BN_DEC_FMT1 "%u" -# define BN_DEC_FMT2 "%02u" -# define BN_DEC_NUM 2 +# define BN_DEC_FMT2 "%09u" +# define BN_DEC_NUM 9 +# define BN_HEX_FMT1 "%X" +# define BN_HEX_FMT2 "%08X" # endif # define BN_DEFAULT_BITS 1280 @@ -314,12 +326,9 @@ struct bn_mont_ctx_st { BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only * stored for bignum algorithm) */ -# if 0 - /* OpenSSL 0.9.9 preview: */ - BN_ULONG n0[2]; /* least significant word(s) of Ni */ -# else - BN_ULONG n0; /* least significant word of Ni */ -# endif + BN_ULONG n0[2]; /* least significant word(s) of Ni; (type + * changed with 0.9.9, was "BN_ULONG n0;" + * before) */ int flags; }; @@ -522,6 +531,7 @@ char *BN_bn2hex(const BIGNUM *a); char *BN_bn2dec(const BIGNUM *a); int BN_hex2bn(BIGNUM **a, const char *str); int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns * -2 for @@ -589,8 +599,11 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); +# ifndef OPENSSL_NO_DEPRECATED unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); +# endif +CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, @@ -619,6 +632,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M + /* * Functions for arithmetic over binary polynomials represented by BIGNUMs. * The BIGNUM::neg property of BIGNUMs representing binary polynomials is @@ -630,7 +645,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, * r = a + b */ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) /* * r=a mod p */ @@ -654,7 +669,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, /* r^2 + r = a mod p */ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) /*- * Some functions allow for representation of the irreducible polynomials * as an unsigned int[], say p. The irreducible f(t) is then of the form: @@ -662,30 +677,32 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, * where m = p[0] > p[1] > ... > p[k] = 0. */ /* r = a mod p */ -int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); /* r = (a * b) mod p */ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const unsigned int p[], BN_CTX *ctx); + const int p[], BN_CTX *ctx); /* r = (a * a) mod p */ -int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx); /* r = (1 / b) mod p */ -int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], BN_CTX *ctx); /* r = (a / b) mod p */ int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const unsigned int p[], BN_CTX *ctx); + const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const unsigned int p[], BN_CTX *ctx); + const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, - const unsigned int p[], BN_CTX *ctx); + const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, - const unsigned int p[], BN_CTX *ctx); -int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); -int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); + const int p[], BN_CTX *ctx); +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + +# endif /* * faster mod functions for the 'NIST primes' 0 <= a < p^2 @@ -762,6 +779,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); * wouldn't be constructed with top!=dmax. */ \ BN_ULONG *_not_const; \ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + /* Debug only - safe to ignore error return */ \ RAND_pseudo_bytes(&_tmp_char, 1); \ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ @@ -789,7 +807,9 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); # define bn_wcheck_size(bn, words) \ do { \ const BIGNUM *_bnum2 = (bn); \ - assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ + /* avoid unused variable warning with NDEBUG */ \ + (void)(_bnum2); \ } while(0) # else /* !BN_DEBUG */ @@ -805,10 +825,12 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); # define bn_correct_top(a) \ { \ BN_ULONG *ftl; \ - if ((a)->top > 0) \ + int tmp_top = (a)->top; \ + if (tmp_top > 0) \ { \ - for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ - if (*(ftl--)) break; \ + for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ + if (*(ftl--)) break; \ + (a)->top = tmp_top; \ } \ bn_pollute(a); \ } @@ -871,6 +893,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -886,12 +909,14 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_USUB 115 /* Reason codes. */ # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 @@ -899,6 +924,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 diff --git a/Cryptlib/Include/openssl/buffer.h b/Cryptlib/Include/openssl/buffer.h index 910832fa..c343dd77 100644 --- a/Cryptlib/Include/openssl/buffer.h +++ b/Cryptlib/Include/openssl/buffer.h @@ -75,18 +75,20 @@ extern "C" { /* typedef struct buf_mem_st BUF_MEM; */ struct buf_mem_st { - int length; /* current number of bytes */ + size_t length; /* current number of bytes */ char *data; - int max; /* size of buffer */ + size_t max; /* size of buffer */ }; BUF_MEM *BUF_MEM_new(void); void BUF_MEM_free(BUF_MEM *a); -int BUF_MEM_grow(BUF_MEM *str, int len); -int BUF_MEM_grow_clean(BUF_MEM *str, int len); +int BUF_MEM_grow(BUF_MEM *str, size_t len); +int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +size_t BUF_strnlen(const char *str, size_t maxlen); char *BUF_strdup(const char *str); char *BUF_strndup(const char *str, size_t siz); void *BUF_memdup(const void *data, size_t siz); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); /* safe string functions */ size_t BUF_strlcpy(char *dst, const char *src, size_t siz); diff --git a/Cryptlib/Include/openssl/camellia.h b/Cryptlib/Include/openssl/camellia.h new file mode 100644 index 00000000..9be7c0fd --- /dev/null +++ b/Cryptlib/Include/openssl/camellia.h @@ -0,0 +1,132 @@ +/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#ifndef HEADER_CAMELLIA_H +# define HEADER_CAMELLIA_H + +# include <openssl/opensslconf.h> + +# ifdef OPENSSL_NO_CAMELLIA +# error CAMELLIA is disabled. +# endif + +# include <stddef.h> + +# define CAMELLIA_ENCRYPT 1 +# define CAMELLIA_DECRYPT 0 + +/* + * Because array size can't be a const in C, the following two are macros. + * Both sizes are in bytes. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* This should be a hidden type, but EVP requires that the size be known */ + +# define CAMELLIA_BLOCK_SIZE 16 +# define CAMELLIA_TABLE_BYTE_LEN 272 +# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match + * with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +# ifdef OPENSSL_FIPS +int private_Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); +# endif +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc); +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc); +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num); +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); + +#ifdef __cplusplus +} +#endif + +#endif /* !HEADER_Camellia_H */ diff --git a/Cryptlib/Include/openssl/cast.h b/Cryptlib/Include/openssl/cast.h index 46c97cd1..0003ec9c 100644 --- a/Cryptlib/Include/openssl/cast.h +++ b/Cryptlib/Include/openssl/cast.h @@ -72,7 +72,7 @@ extern "C" { # define CAST_ENCRYPT 1 # define CAST_DECRYPT 0 -# define CAST_LONG unsigned long +# define CAST_LONG unsigned int # define CAST_BLOCK 8 # define CAST_KEY_LENGTH 16 diff --git a/Cryptlib/Include/openssl/cmac.h b/Cryptlib/Include/openssl/cmac.h new file mode 100644 index 00000000..175be834 --- /dev/null +++ b/Cryptlib/Include/openssl/cmac.h @@ -0,0 +1,82 @@ +/* crypto/cmac/cmac.h */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_CMAC_H +# define HEADER_CMAC_H + +#ifdef __cplusplus +extern "C" { +#endif + +# include <openssl/evp.h> + +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; + +CMAC_CTX *CMAC_CTX_new(void); +void CMAC_CTX_cleanup(CMAC_CTX *ctx); +void CMAC_CTX_free(CMAC_CTX *ctx); +EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); +int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); + +int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); +int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); +int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); +int CMAC_resume(CMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/Cryptlib/Include/openssl/cms.h b/Cryptlib/Include/openssl/cms.h new file mode 100644 index 00000000..e6c7f964 --- /dev/null +++ b/Cryptlib/Include/openssl/cms.h @@ -0,0 +1,555 @@ +/* crypto/cms/cms.h */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_CMS_H +# define HEADER_CMS_H + +# include <openssl/x509.h> + +# ifdef OPENSSL_NO_CMS +# error CMS is disabled. +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +DECLARE_STACK_OF(CMS_SignerInfo) +DECLARE_STACK_OF(GENERAL_NAMES) +DECLARE_STACK_OF(CMS_RecipientEncryptedKey) +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) +DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) +DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + +# define CMS_SIGNERINFO_ISSUER_SERIAL 0 +# define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +# define CMS_RECIPINFO_NONE -1 +# define CMS_RECIPINFO_TRANS 0 +# define CMS_RECIPINFO_AGREE 1 +# define CMS_RECIPINFO_KEK 2 +# define CMS_RECIPINFO_PASS 3 +# define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +# define CMS_TEXT 0x1 +# define CMS_NOCERTS 0x2 +# define CMS_NO_CONTENT_VERIFY 0x4 +# define CMS_NO_ATTR_VERIFY 0x8 +# define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +# define CMS_NOINTERN 0x10 +# define CMS_NO_SIGNER_CERT_VERIFY 0x20 +# define CMS_NOVERIFY 0x20 +# define CMS_DETACHED 0x40 +# define CMS_BINARY 0x80 +# define CMS_NOATTR 0x100 +# define CMS_NOSMIMECAP 0x200 +# define CMS_NOOLDMIMETYPE 0x400 +# define CMS_CRLFEOL 0x800 +# define CMS_STREAM 0x1000 +# define CMS_NOCRL 0x2000 +# define CMS_PARTIAL 0x4000 +# define CMS_REUSE_DIGEST 0x8000 +# define CMS_USE_KEYID 0x10000 +# define CMS_DEBUG_DECRYPT 0x20000 +# define CMS_KEY_PARAM 0x40000 + +const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +# ifdef HEADER_PEM_H +DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) +# endif +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, + unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, + unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, + X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, + const unsigned char *key, size_t keylen, + BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, + size_t keylen, unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, + X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, + X509 *recip, unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, + EVP_PKEY **pk, X509 **recip, + X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, + ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, + ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, + unsigned char *key, size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, + unsigned char *pass, + ossl_ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, + int iter, int wrap_nid, + int pbe_nid, + unsigned char *pass, + ossl_ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags); +EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); +EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig); +ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, + int algnid, int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +# ifdef HEADER_X509V3_H + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, + STACK_OF(GENERAL_NAMES) + *receiptList, STACK_OF(GENERAL_NAMES) + *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, + ASN1_STRING **pcid, + int *pallorfirst, + STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); +# endif +int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, + X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); +STACK_OF(CMS_RecipientEncryptedKey) +*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); + +int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, + X509_ALGOR **pubalg, + ASN1_BIT_STRING **pubkey, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); + +int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); + +int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, + ASN1_OCTET_STRING **keyid, + ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, + X509 *cert); +int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); +EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); +int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, + CMS_RecipientEncryptedKey *rek); + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CMS_strings(void); + +/* Error codes for the CMS functions. */ + +/* Function codes. */ +# define CMS_F_CHECK_CONTENT 99 +# define CMS_F_CMS_ADD0_CERT 164 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +# define CMS_F_CMS_ADD1_SIGNER 102 +# define CMS_F_CMS_ADD1_SIGNINGTIME 103 +# define CMS_F_CMS_COMPRESS 104 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +# define CMS_F_CMS_COPY_CONTENT 107 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +# define CMS_F_CMS_DATA 109 +# define CMS_F_CMS_DATAFINAL 110 +# define CMS_F_CMS_DATAINIT 111 +# define CMS_F_CMS_DECRYPT 112 +# define CMS_F_CMS_DECRYPT_SET1_KEY 113 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +# define CMS_F_CMS_DIGEST_VERIFY 118 +# define CMS_F_CMS_ENCODE_RECEIPT 161 +# define CMS_F_CMS_ENCRYPT 119 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +# define CMS_F_CMS_ENV_ASN1_CTRL 171 +# define CMS_F_CMS_FINAL 127 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +# define CMS_F_CMS_GET0_CONTENT 129 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +# define CMS_F_CMS_GET0_ENVELOPED 131 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +# define CMS_F_CMS_GET0_SIGNED 133 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +# define CMS_F_CMS_RECEIPT_VERIFY 160 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +# define CMS_F_CMS_SD_ASN1_CTRL 170 +# define CMS_F_CMS_SET1_IAS 176 +# define CMS_F_CMS_SET1_KEYID 177 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +# define CMS_F_CMS_SET_DETACHED 147 +# define CMS_F_CMS_SIGN 148 +# define CMS_F_CMS_SIGNED_DATA_INIT 149 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +# define CMS_F_CMS_SIGNERINFO_SIGN 151 +# define CMS_F_CMS_SIGNERINFO_VERIFY 152 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +# define CMS_F_CMS_SIGN_RECEIPT 163 +# define CMS_F_CMS_STREAM 155 +# define CMS_F_CMS_UNCOMPRESS 156 +# define CMS_F_CMS_VERIFY 157 + +/* Reason codes. */ +# define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_INITIALISATION_ERROR 101 +# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +# define CMS_R_CMS_DATAFINAL_ERROR 103 +# define CMS_R_CMS_LIB 104 +# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +# define CMS_R_CONTENT_NOT_FOUND 105 +# define CMS_R_CONTENT_TYPE_MISMATCH 171 +# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +# define CMS_R_CONTENT_VERIFY_ERROR 109 +# define CMS_R_CTRL_ERROR 110 +# define CMS_R_CTRL_FAILURE 111 +# define CMS_R_DECRYPT_ERROR 112 +# define CMS_R_DIGEST_ERROR 161 +# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +# define CMS_R_ERROR_SETTING_KEY 115 +# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +# define CMS_R_INVALID_KEY_LENGTH 118 +# define CMS_R_MD_BIO_INIT_ERROR 119 +# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +# define CMS_R_MSGSIGDIGEST_ERROR 172 +# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +# define CMS_R_NEED_ONE_SIGNER 164 +# define CMS_R_NOT_A_SIGNED_RECEIPT 165 +# define CMS_R_NOT_ENCRYPTED_DATA 122 +# define CMS_R_NOT_KEK 123 +# define CMS_R_NOT_KEY_AGREEMENT 181 +# define CMS_R_NOT_KEY_TRANSPORT 124 +# define CMS_R_NOT_PWRI 177 +# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +# define CMS_R_NO_CIPHER 126 +# define CMS_R_NO_CONTENT 127 +# define CMS_R_NO_CONTENT_TYPE 173 +# define CMS_R_NO_DEFAULT_DIGEST 128 +# define CMS_R_NO_DIGEST_SET 129 +# define CMS_R_NO_KEY 130 +# define CMS_R_NO_KEY_OR_CERT 174 +# define CMS_R_NO_MATCHING_DIGEST 131 +# define CMS_R_NO_MATCHING_RECIPIENT 132 +# define CMS_R_NO_MATCHING_SIGNATURE 166 +# define CMS_R_NO_MSGSIGDIGEST 167 +# define CMS_R_NO_PASSWORD 178 +# define CMS_R_NO_PRIVATE_KEY 133 +# define CMS_R_NO_PUBLIC_KEY 134 +# define CMS_R_NO_RECEIPT_REQUEST 168 +# define CMS_R_NO_SIGNERS 135 +# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +# define CMS_R_RECEIPT_DECODE_ERROR 169 +# define CMS_R_RECIPIENT_ERROR 137 +# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +# define CMS_R_SIGNFINAL_ERROR 139 +# define CMS_R_SMIME_TEXT_ERROR 140 +# define CMS_R_STORE_INIT_ERROR 141 +# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +# define CMS_R_TYPE_NOT_DATA 143 +# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +# define CMS_R_UNKNOWN_CIPHER 148 +# define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149 +# define CMS_R_UNKNOWN_ID 150 +# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155 +# define CMS_R_UNSUPPORTED_TYPE 156 +# define CMS_R_UNWRAP_ERROR 157 +# define CMS_R_UNWRAP_FAILURE 180 +# define CMS_R_VERIFICATION_FAILURE 158 +# define CMS_R_WRAP_ERROR 159 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/Cryptlib/Include/openssl/conf.h b/Cryptlib/Include/openssl/conf.h index 0cdadaf1..8d926d5d 100644 --- a/Cryptlib/Include/openssl/conf.h +++ b/Cryptlib/Include/openssl/conf.h @@ -78,8 +78,7 @@ typedef struct { } CONF_VALUE; DECLARE_STACK_OF(CONF_VALUE) -DECLARE_STACK_OF(CONF_MODULE) -DECLARE_STACK_OF(CONF_IMODULE) +DECLARE_LHASH_OF(CONF_VALUE); struct conf_st; struct conf_method_st; @@ -103,6 +102,9 @@ struct conf_method_st { typedef struct conf_imodule_st CONF_IMODULE; typedef struct conf_module_st CONF_MODULE; +DECLARE_STACK_OF(CONF_MODULE) +DECLARE_STACK_OF(CONF_IMODULE) + /* DSO module function typedefs */ typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); typedef void conf_finish_func (CONF_IMODULE *md); @@ -115,18 +117,24 @@ typedef void conf_finish_func (CONF_IMODULE *md); # define CONF_MFLAGS_DEFAULT_SECTION 0x20 int CONF_set_default_method(CONF_METHOD *meth); -void CONF_set_nconf(CONF *conf, LHASH *hash); -LHASH *CONF_load(LHASH *conf, const char *file, long *eline); +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); # ifndef OPENSSL_NO_FP_API -LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline); +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); # endif -LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline); -STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section); -char *CONF_get_string(LHASH *conf, const char *group, const char *name); -long CONF_get_number(LHASH *conf, const char *group, const char *name); -void CONF_free(LHASH *conf); -int CONF_dump_fp(LHASH *conf, FILE *out); -int CONF_dump_bio(LHASH *conf, BIO *out); +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); void OPENSSL_config(const char *config_name); void OPENSSL_no_config(void); @@ -139,7 +147,7 @@ void OPENSSL_no_config(void); struct conf_st { CONF_METHOD *meth; void *meth_data; - LHASH *data; + LHASH_OF(CONF_VALUE) *data; }; CONF *NCONF_new(CONF_METHOD *meth); @@ -217,6 +225,7 @@ void ERR_load_CONF_strings(void); # define CONF_F_CONF_LOAD_BIO 102 # define CONF_F_CONF_LOAD_FP 103 # define CONF_F_CONF_MODULES_LOAD 116 +# define CONF_F_CONF_PARSE_LIST 119 # define CONF_F_DEF_LOAD 120 # define CONF_F_DEF_LOAD_BIO 121 # define CONF_F_MODULE_INIT 115 @@ -236,6 +245,7 @@ void ERR_load_CONF_strings(void); /* Reason codes. */ # define CONF_R_ERROR_LOADING_DSO 110 +# define CONF_R_LIST_CANNOT_BE_NULL 115 # define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 # define CONF_R_MISSING_EQUAL_SIGN 101 # define CONF_R_MISSING_FINISH_FUNCTION 111 diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h index 748330f8..d6e804e0 100644 --- a/Cryptlib/Include/openssl/crypto.h +++ b/Cryptlib/Include/openssl/crypto.h @@ -1,6 +1,6 @@ /* crypto/crypto.h */ /* ==================================================================== - * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -223,13 +223,9 @@ typedef struct openssl_item_st { # define CRYPTO_LOCK_EC_PRE_COMP 36 # define CRYPTO_LOCK_STORE 37 # define CRYPTO_LOCK_COMP 38 -# ifndef OPENSSL_FIPS -# define CRYPTO_NUM_LOCKS 39 -# else -# define CRYPTO_LOCK_FIPS 39 -# define CRYPTO_LOCK_FIPS2 40 -# define CRYPTO_NUM_LOCKS 41 -# endif +# define CRYPTO_LOCK_FIPS 39 +# define CRYPTO_LOCK_FIPS2 40 +# define CRYPTO_NUM_LOCKS 41 # define CRYPTO_LOCK 1 # define CRYPTO_UNLOCK 2 @@ -294,10 +290,11 @@ typedef struct { typedef struct bio_st BIO_dummy; struct crypto_ex_data_st { - STACK *sk; + STACK_OF(void) *sk; /* gcc is screwing up this data structure :-( */ int dummy; }; +DECLARE_STACK_OF(void) /* * This stuff is basically class callback functions The current classes are @@ -360,7 +357,14 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) * Set standard debugging functions (not done by default unless CRYPTO_MDEBUG * is defined) */ -void CRYPTO_malloc_debug_init(void); +# define CRYPTO_malloc_debug_init() do {\ + CRYPTO_set_mem_debug_functions(\ + CRYPTO_dbg_malloc,\ + CRYPTO_dbg_realloc,\ + CRYPTO_dbg_free,\ + CRYPTO_dbg_set_options,\ + CRYPTO_dbg_get_options);\ + } while(0) int CRYPTO_mem_ctrl(int mode); int CRYPTO_is_mem_check_on(void); @@ -439,17 +443,31 @@ void CRYPTO_set_add_lock_callback(int (*func) const char *file, int line)); int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, const char *file, int line); + +/* Don't use this structure directly. */ +typedef struct crypto_threadid_st { + void *ptr; + unsigned long val; +} CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); +void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); +int CRYPTO_THREADID_set_callback(void (*threadid_func) (CRYPTO_THREADID *)); +void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *); +void CRYPTO_THREADID_current(CRYPTO_THREADID *id); +int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); +void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); +unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); +# ifndef OPENSSL_NO_DEPRECATED void CRYPTO_set_id_callback(unsigned long (*func) (void)); unsigned long (*CRYPTO_get_id_callback(void)) (void); unsigned long CRYPTO_thread_id(void); +# endif + const char *CRYPTO_get_lock_name(int type); int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, int line); -void int_CRYPTO_set_do_dynlock_callback(void (*do_dynlock_cb) - (int mode, int type, - const char *file, int line)); - int CRYPTO_get_new_dynlockid(void); void CRYPTO_destroy_dynlockid(int i); struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); @@ -493,10 +511,6 @@ int CRYPTO_set_mem_debug_functions(void (*m) const char *, int, int), void (*f) (void *, int), void (*so) (long), long (*go) (void)); -void CRYPTO_set_mem_info_functions(int (*push_info_fn) - (const char *info, const char *file, - int line), int (*pop_info_fn) (void), - int (*remove_all_info_fn) (void)); void CRYPTO_get_mem_functions(void *(**m) (size_t), void *(**r) (void *, size_t), void (**f) (void *)); @@ -516,10 +530,10 @@ void CRYPTO_get_mem_debug_functions(void (**m) void (**so) (long), long (**go) (void)); void *CRYPTO_malloc_locked(int num, const char *file, int line); -void CRYPTO_free_locked(void *); +void CRYPTO_free_locked(void *ptr); void *CRYPTO_malloc(int num, const char *file, int line); char *CRYPTO_strdup(const char *str, const char *file, int line); -void CRYPTO_free(void *); +void CRYPTO_free(void *ptr); void *CRYPTO_realloc(void *addr, int num, const char *file, int line); void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file, int line); @@ -563,10 +577,6 @@ void CRYPTO_dbg_free(void *addr, int before_p); void CRYPTO_dbg_set_options(long bits); long CRYPTO_dbg_get_options(void); -int CRYPTO_dbg_push_info(const char *info, const char *file, int line); -int CRYPTO_dbg_pop_info(void); -int CRYPTO_dbg_remove_all_info(void); - # ifndef OPENSSL_NO_FP_API void CRYPTO_mem_leaks_fp(FILE *); # endif @@ -584,63 +594,32 @@ unsigned long *OPENSSL_ia32cap_loc(void); # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) int OPENSSL_isservice(void); -# ifdef OPENSSL_FIPS -# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ - alg " previous FIPS forbidden algorithm error ignored"); - -# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ - #alg " Algorithm forbidden in FIPS mode"); - -# ifdef OPENSSL_FIPS_STRICT -# define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) -# else -# define FIPS_BAD_ALGORITHM(alg) \ - { \ - FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ - ERR_add_error_data(2, "Algorithm=", #alg); \ - return 0; \ - } -# endif +int FIPS_mode(void); +int FIPS_mode_set(int r); -/* Low level digest API blocking macro */ +void OPENSSL_init(void); -# define FIPS_NON_FIPS_MD_Init(alg) \ - int alg##_Init(alg##_CTX *c) \ - { \ - if (FIPS_mode()) \ - FIPS_BAD_ALGORITHM(alg) \ - return private_##alg##_Init(c); \ - } \ - int private_##alg##_Init(alg##_CTX *c) +# define fips_md_init(alg) fips_md_init_ctx(alg, alg) -/* - * For ciphers the API often varies from cipher to cipher and each needs to - * be treated as a special case. Variable key length ciphers (Blowfish, RC4, - * CAST) however are very similar and can use a blocking macro. - */ +# ifdef OPENSSL_FIPS +# define fips_md_init_ctx(alg, cx) \ + int alg##_Init(cx##_CTX *c) \ + { \ + if (FIPS_mode()) OpenSSLDie(NULL, 0, \ + "Low level API call to digest " #alg " forbidden in FIPS mode!"); \ + return private_##alg##_Init(c); \ + } \ + int private_##alg##_Init(cx##_CTX *c) -# define FIPS_NON_FIPS_VCIPHER_Init(alg) \ - void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ - { \ - if (FIPS_mode()) \ - FIPS_BAD_ABORT(alg) \ - private_##alg##_set_key(key, len, data); \ - } \ - void private_##alg##_set_key(alg##_KEY *key, int len, \ - const unsigned char *data) +# define fips_cipher_abort(alg) \ + if (FIPS_mode()) OpenSSLDie(NULL, 0, \ + "Low level API call to cipher " #alg " forbidden in FIPS mode!") # else - -# define FIPS_NON_FIPS_VCIPHER_Init(alg) \ - void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) - -# define FIPS_NON_FIPS_MD_Init(alg) \ - int alg##_Init(alg##_CTX *c) - -# endif /* def OPENSSL_FIPS */ - -# define OPENSSL_HAVE_INIT 1 -void OPENSSL_init(void); +# define fips_md_init_ctx(alg, cx) \ + int alg##_Init(cx##_CTX *c) +# define fips_cipher_abort(alg) while(0) +# endif /* * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. @@ -667,11 +646,13 @@ void ERR_load_CRYPTO_strings(void); # define CRYPTO_F_CRYPTO_SET_EX_DATA 102 # define CRYPTO_F_DEF_ADD_INDEX 104 # define CRYPTO_F_DEF_GET_CLASS 105 +# define CRYPTO_F_FIPS_MODE_SET 109 # define CRYPTO_F_INT_DUP_EX_DATA 106 # define CRYPTO_F_INT_FREE_EX_DATA 107 # define CRYPTO_F_INT_NEW_EX_DATA 108 /* Reason codes. */ +# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 #ifdef __cplusplus diff --git a/Cryptlib/Include/openssl/des.h b/Cryptlib/Include/openssl/des.h index fe02e343..1b40144e 100644 --- a/Cryptlib/Include/openssl/des.h +++ b/Cryptlib/Include/openssl/des.h @@ -231,6 +231,10 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +# ifdef OPENSSL_FIPS +void private_DES_set_key_unchecked(const_DES_cblock *key, + DES_key_schedule *schedule); +# endif void DES_string_to_key(const char *str, DES_cblock *key); void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, diff --git a/Cryptlib/Include/openssl/dh.h b/Cryptlib/Include/openssl/dh.h index 10d9f787..0502f1a9 100644 --- a/Cryptlib/Include/openssl/dh.h +++ b/Cryptlib/Include/openssl/dh.h @@ -77,8 +77,6 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 # endif -# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 - # define DH_FLAG_CACHE_MONT_P 0x01 /* @@ -91,6 +89,23 @@ */ # define DH_FLAG_NO_EXP_CONSTTIME 0x02 +/* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its reposibility to ensure the + * result is compliant. + */ + +# define DH_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define DH_FLAG_NON_FIPS_ALLOW 0x0400 + #ifdef __cplusplus extern "C" { #endif @@ -152,6 +167,9 @@ struct dh_st { # define DH_CHECK_P_NOT_SAFE_PRIME 0x02 # define DH_UNABLE_TO_CHECK_GENERATOR 0x04 # define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_Q_NOT_PRIME 0x10 +# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_J_VALUE 0x40 /* DH_check_pub_key error codes */ # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 @@ -163,7 +181,6 @@ struct dh_st { */ # define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -# define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) # define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) # define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ @@ -171,12 +188,9 @@ struct dh_st { # define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) # define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) -const DH_METHOD *DH_OpenSSL(void); +DH *DHparams_dup(DH *); -# ifdef OPENSSL_FIPS -DH *FIPS_dh_new(void); -void FIPS_dh_free(DH *dh); -# endif +const DH_METHOD *DH_OpenSSL(void); void DH_set_default_method(const DH_METHOD *meth); const DH_METHOD *DH_get_default_method(void); @@ -206,8 +220,11 @@ int DH_check(const DH *dh, int *codes); int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); int DH_generate_key(DH *dh); int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); int i2d_DHparams(const DH *a, unsigned char **pp); +DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); +int i2d_DHxparams(const DH *a, unsigned char **pp); # ifndef OPENSSL_NO_FP_API int DHparams_print_fp(FILE *fp, const DH *x); # endif @@ -217,6 +234,110 @@ int DHparams_print(BIO *bp, const DH *x); int DHparams_print(char *bp, const DH *x); # endif +/* RFC 5114 parameters */ +DH *DH_get_1024_160(void); +DH *DH_get_2048_224(void); +DH *DH_get_2048_256(void); + +/* RFC2631 KDF */ +int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); + +# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid) + +# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid) + +# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd) + +# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen) + +# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p) + +# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p) + +# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) + +/* KDF types */ +# define EVP_PKEY_DH_KDF_NONE 1 +# define EVP_PKEY_DH_KDF_X9_42 2 + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -228,22 +349,42 @@ void ERR_load_DH_strings(void); /* Function codes. */ # define DH_F_COMPUTE_KEY 102 -# define DH_F_DHPARAMS_PRINT 100 # define DH_F_DHPARAMS_PRINT_FP 101 # define DH_F_DH_BUILTIN_GENPARAMS 106 -# define DH_F_DH_COMPUTE_KEY 107 -# define DH_F_DH_GENERATE_KEY 108 -# define DH_F_DH_GENERATE_PARAMETERS 109 +# define DH_F_DH_CMS_DECRYPT 117 +# define DH_F_DH_CMS_SET_PEERKEY 118 +# define DH_F_DH_CMS_SET_SHARED_INFO 119 +# define DH_F_DH_COMPUTE_KEY 114 +# define DH_F_DH_GENERATE_KEY 115 +# define DH_F_DH_GENERATE_PARAMETERS_EX 116 # define DH_F_DH_NEW_METHOD 105 +# define DH_F_DH_PARAM_DECODE 107 +# define DH_F_DH_PRIV_DECODE 110 +# define DH_F_DH_PRIV_ENCODE 111 +# define DH_F_DH_PUB_DECODE 108 +# define DH_F_DH_PUB_ENCODE 109 +# define DH_F_DO_DH_PRINT 100 # define DH_F_GENERATE_KEY 103 # define DH_F_GENERATE_PARAMETERS 104 +# define DH_F_PKEY_DH_DERIVE 112 +# define DH_F_PKEY_DH_KEYGEN 113 /* Reason codes. */ # define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_DECODE_ERROR 104 # define DH_R_INVALID_PUBKEY 102 -# define DH_R_KEY_SIZE_TOO_SMALL 104 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_KEY_SIZE_TOO_SMALL 110 # define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_NON_FIPS_METHOD 111 +# define DH_R_NO_PARAMETERS_SET 107 # define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 113 +# define DH_R_SHARED_INFO_ERROR 114 #ifdef __cplusplus } diff --git a/Cryptlib/Include/openssl/dsa.h b/Cryptlib/Include/openssl/dsa.h index 8f7b5de7..545358fd 100644 --- a/Cryptlib/Include/openssl/dsa.h +++ b/Cryptlib/Include/openssl/dsa.h @@ -88,8 +88,6 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 # endif -# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 - # define DSA_FLAG_CACHE_MONT_P 0x01 /* * new with 0.9.7h; the built-in DSA implementation now uses constant time @@ -115,10 +113,6 @@ # define DSA_FLAG_NON_FIPS_ALLOW 0x0400 -# ifdef OPENSSL_FIPS -# define FIPS_DSA_SIZE_T int -# endif - #ifdef __cplusplus extern "C" { #endif @@ -151,7 +145,7 @@ struct dsa_method { char *app_data; /* If this is non-NULL, it is used to generate DSA parameters */ int (*dsa_paramgen) (DSA *dsa, int bits, - unsigned char *seed, int seed_len, + const unsigned char *seed, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); /* If this is non-NULL, it is used to generate DSA keys */ @@ -183,7 +177,6 @@ struct dsa_st { ENGINE *engine; }; -# define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x) # define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) # define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ @@ -191,6 +184,7 @@ struct dsa_st { # define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) # define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) +DSA *DSAparams_dup(DSA *x); DSA_SIG *DSA_SIG_new(void); void DSA_SIG_free(DSA_SIG *a); int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); @@ -206,11 +200,6 @@ void DSA_set_default_method(const DSA_METHOD *); const DSA_METHOD *DSA_get_default_method(void); int DSA_set_method(DSA *dsa, const DSA_METHOD *); -# ifdef OPENSSL_FIPS -DSA *FIPS_dsa_new(void); -void FIPS_dsa_free(DSA *r); -# endif - DSA *DSA_new(void); DSA *DSA_new_method(ENGINE *engine); void DSA_free(DSA *r); @@ -242,7 +231,7 @@ DSA *DSA_generate_parameters(int bits, /* New version */ int DSA_generate_parameters_ex(DSA *dsa, int bits, - unsigned char *seed, int seed_len, + const unsigned char *seed, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); @@ -276,10 +265,13 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off); DH *DSA_dup_DH(const DSA *r); # endif -# ifdef OPENSSL_FIPS -int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig); -int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen); -# endif +# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) + +# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) /* BEGIN ERROR CODES */ /* @@ -292,33 +284,47 @@ void ERR_load_DSA_strings(void); /* Function codes. */ # define DSA_F_D2I_DSA_SIG 110 +# define DSA_F_DO_DSA_PRINT 104 # define DSA_F_DSAPARAMS_PRINT 100 # define DSA_F_DSAPARAMS_PRINT_FP 101 -# define DSA_F_DSA_BUILTIN_KEYGEN 119 -# define DSA_F_DSA_BUILTIN_PARAMGEN 118 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 # define DSA_F_DSA_DO_SIGN 112 # define DSA_F_DSA_DO_VERIFY 113 -# define DSA_F_DSA_GENERATE_PARAMETERS 117 +# define DSA_F_DSA_GENERATE_KEY 124 +# define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 # define DSA_F_DSA_NEW_METHOD 103 -# define DSA_F_DSA_PRINT 104 +# define DSA_F_DSA_PARAM_DECODE 119 # define DSA_F_DSA_PRINT_FP 105 -# define DSA_F_DSA_SET_DEFAULT_METHOD 115 -# define DSA_F_DSA_SET_METHOD 116 +# define DSA_F_DSA_PRIV_DECODE 115 +# define DSA_F_DSA_PRIV_ENCODE 116 +# define DSA_F_DSA_PUB_DECODE 117 +# define DSA_F_DSA_PUB_ENCODE 118 # define DSA_F_DSA_SIGN 106 # define DSA_F_DSA_SIGN_SETUP 107 # define DSA_F_DSA_SIG_NEW 109 +# define DSA_F_DSA_SIG_PRINT 125 # define DSA_F_DSA_VERIFY 108 # define DSA_F_I2D_DSA_SIG 111 +# define DSA_F_OLD_DSA_PRIV_DECODE 122 +# define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_KEYGEN 121 # define DSA_F_SIG_CB 114 /* Reason codes. */ # define DSA_R_BAD_Q_VALUE 102 +# define DSA_R_BN_DECODE_ERROR 108 +# define DSA_R_BN_ERROR 109 # define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 -# define DSA_R_KEY_SIZE_TOO_SMALL 106 +# define DSA_R_DECODE_ERROR 104 +# define DSA_R_INVALID_DIGEST_TYPE 106 +# define DSA_R_INVALID_PARAMETERS 112 # define DSA_R_MISSING_PARAMETERS 101 # define DSA_R_MODULUS_TOO_LARGE 103 -# define DSA_R_NON_FIPS_METHOD 104 -# define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 +# define DSA_R_NEED_NEW_SETUP_VALUES 110 +# define DSA_R_NON_FIPS_DSA_METHOD 111 +# define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_Q_NOT_PRIME 113 #ifdef __cplusplus } diff --git a/Cryptlib/Include/openssl/dso.h b/Cryptlib/Include/openssl/dso.h index 277427d6..7c4a1dc4 100644 --- a/Cryptlib/Include/openssl/dso.h +++ b/Cryptlib/Include/openssl/dso.h @@ -182,6 +182,10 @@ typedef struct dso_meth_st { /* [De]Initialisation handlers. */ int (*init) (DSO *dso); int (*finish) (DSO *dso); + /* Return pathname of the module containing location */ + int (*pathbyaddr) (void *addr, char *path, int sz); + /* Perform global symbol lookup, i.e. among *all* modules */ + void *(*globallookup) (const char *symname); } DSO_METHOD; /**********************************************************************/ @@ -195,7 +199,7 @@ struct dso_st { * handler. All in all, let each method control its own destiny. * "Handles" and such go in a STACK. */ - STACK *meth_data; + STACK_OF(void) *meth_data; int references; int flags; /* @@ -337,6 +341,31 @@ DSO_METHOD *DSO_METHOD_win32(void); /* If VMS is defined, use shared images. If not, return NULL. */ DSO_METHOD *DSO_METHOD_vms(void); +/* + * This function writes null-terminated pathname of DSO module containing + * 'addr' into 'sz' large caller-provided 'path' and returns the number of + * characters [including trailing zero] written to it. If 'sz' is 0 or + * negative, 'path' is ignored and required amount of charachers [including + * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then + * pathname of cryptolib itself is returned. Negative or zero return value + * denotes error. + */ +int DSO_pathbyaddr(void *addr, char *path, int sz); + +/* + * This function should be used with caution! It looks up symbols in *all* + * loaded modules and if module gets unloaded by somebody else attempt to + * dereference the pointer is doomed to have fatal consequences. Primary + * usage for this function is to probe *core* system functionality, e.g. + * check if getnameinfo(3) is available at run-time without bothering about + * OS-specific details such as libc.so.versioning or where does it actually + * reside: in libc itself or libsocket. + */ +void *DSO_global_lookup(const char *name); + +/* If BeOS is defined, use shared images. If not, return NULL. */ +DSO_METHOD *DSO_METHOD_beos(void); + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -347,6 +376,11 @@ void ERR_load_DSO_strings(void); /* Error codes for the DSO functions. */ /* Function codes. */ +# define DSO_F_BEOS_BIND_FUNC 144 +# define DSO_F_BEOS_BIND_VAR 145 +# define DSO_F_BEOS_LOAD 146 +# define DSO_F_BEOS_NAME_CONVERTER 147 +# define DSO_F_BEOS_UNLOAD 148 # define DSO_F_DLFCN_BIND_FUNC 100 # define DSO_F_DLFCN_BIND_VAR 101 # define DSO_F_DLFCN_LOAD 102 @@ -366,22 +400,29 @@ void ERR_load_DSO_strings(void); # define DSO_F_DSO_FREE 111 # define DSO_F_DSO_GET_FILENAME 127 # define DSO_F_DSO_GET_LOADED_FILENAME 128 +# define DSO_F_DSO_GLOBAL_LOOKUP 139 # define DSO_F_DSO_LOAD 112 # define DSO_F_DSO_MERGE 132 # define DSO_F_DSO_NEW_METHOD 113 +# define DSO_F_DSO_PATHBYADDR 140 # define DSO_F_DSO_SET_FILENAME 129 # define DSO_F_DSO_SET_NAME_CONVERTER 122 # define DSO_F_DSO_UP_REF 114 +# define DSO_F_GLOBAL_LOOKUP_FUNC 138 +# define DSO_F_PATHBYADDR 137 # define DSO_F_VMS_BIND_SYM 115 # define DSO_F_VMS_LOAD 116 # define DSO_F_VMS_MERGER 133 # define DSO_F_VMS_UNLOAD 117 # define DSO_F_WIN32_BIND_FUNC 118 # define DSO_F_WIN32_BIND_VAR 119 +# define DSO_F_WIN32_GLOBALLOOKUP 142 +# define DSO_F_WIN32_GLOBALLOOKUP_FUNC 143 # define DSO_F_WIN32_JOINER 135 # define DSO_F_WIN32_LOAD 120 # define DSO_F_WIN32_MERGER 134 # define DSO_F_WIN32_NAME_CONVERTER 125 +# define DSO_F_WIN32_PATHBYADDR 141 # define DSO_F_WIN32_SPLITTER 136 # define DSO_F_WIN32_UNLOAD 121 diff --git a/Cryptlib/Include/openssl/dtls1.h b/Cryptlib/Include/openssl/dtls1.h index 7d6e6db0..30bbcf27 100644 --- a/Cryptlib/Include/openssl/dtls1.h +++ b/Cryptlib/Include/openssl/dtls1.h @@ -72,7 +72,11 @@ # elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) # include <sys/timeval.h> # else -# include <sys/time.h> +# if defined(OPENSSL_SYS_VXWORKS) +# include <sys/times.h> +# else +# include <sys/time.h> +# endif # endif #ifdef __cplusplus @@ -80,10 +84,15 @@ extern "C" { #endif # define DTLS1_VERSION 0xFEFF -# define DTLS_MAX_VERSION DTLS1_VERSION +# define DTLS1_2_VERSION 0xFEFD +# define DTLS_MAX_VERSION DTLS1_2_VERSION +# define DTLS1_VERSION_MAJOR 0xFE # define DTLS1_BAD_VER 0x0100 +/* Special value for method supporting multiple versions */ +# define DTLS_ANY_VERSION 0x1FFFF + # if 0 /* this alert description is not specified anywhere... */ # define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 @@ -107,20 +116,30 @@ extern "C" { # define DTLS1_AL_HEADER_LENGTH 2 # endif +# ifndef OPENSSL_NO_SSL_INTERN + +# ifndef OPENSSL_NO_SCTP +# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" +# endif + +/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ +# define DTLS1_MAX_MTU_OVERHEAD 48 + typedef struct dtls1_bitmap_st { - PQ_64BIT map; - unsigned long length; /* sizeof the bitmap in bits */ - PQ_64BIT max_seq_num; /* max record number seen so far */ + unsigned long map; /* track 32 packets on 32-bit systems and 64 + * - on 64-bit systems */ + unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit + * value in big-endian encoding */ } DTLS1_BITMAP; struct dtls1_retransmit_state { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - const EVP_MD *write_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP + EVP_MD_CTX *write_hash; /* used for mac generation */ +# ifndef OPENSSL_NO_COMP COMP_CTX *compress; /* compression */ -# else +# else char *compress; -# endif +# endif SSL_SESSION *session; unsigned short epoch; }; @@ -197,11 +216,14 @@ typedef struct dtls1_state_st { record_pqueue buffered_app_data; /* Is set when listening for new connections with dtls1_listen() */ unsigned int listen; + unsigned int link_mtu; /* max on-the-wire DTLS packet size */ unsigned int mtu; /* max DTLS packet size */ struct hm_header_st w_msg_hdr; struct hm_header_st r_msg_hdr; struct dtls1_timeout_st timeout; - /* Indicates when the last handshake msg sent will timeout */ + /* + * Indicates when the last handshake msg or heartbeat sent will timeout + */ struct timeval next_timeout; /* Timeout duration */ unsigned short timeout_duration; @@ -214,7 +236,16 @@ typedef struct dtls1_state_st { unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; unsigned int handshake_fragment_len; unsigned int retransmitting; + /* + * Set when the handshake is ready to process peer's ChangeCipherSpec message. + * Cleared after the message has been processed. + */ unsigned int change_cipher_spec_ok; +# ifndef OPENSSL_NO_SCTP + /* used when SSL_ST_XX_FLUSH is entered */ + int next_state; + int shutdown_received; +# endif } DTLS1_STATE; typedef struct dtls1_record_data_st { @@ -222,8 +253,13 @@ typedef struct dtls1_record_data_st { unsigned int packet_length; SSL3_BUFFER rbuf; SSL3_RECORD rrec; +# ifndef OPENSSL_NO_SCTP + struct bio_dgram_sctp_rcvinfo recordinfo; +# endif } DTLS1_RECORD_DATA; +# endif + /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ # define DTLS1_TMO_READ_COUNT 2 # define DTLS1_TMO_WRITE_COUNT 2 diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h index c9f2543e..7be9989a 100644 --- a/Cryptlib/Include/openssl/e_os2.h +++ b/Cryptlib/Include/openssl/e_os2.h @@ -101,7 +101,7 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_UWIN # else -# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32) +# if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_CYGWIN # else @@ -109,6 +109,12 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32 # endif +# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif # if defined(OPENSSL_SYSNAME_WINNT) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINNT @@ -121,7 +127,7 @@ extern "C" { # endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS @@ -199,8 +205,14 @@ extern "C" { # endif /* -------------------------------- VOS ----------------------------------- */ -# ifdef OPENSSL_SYSNAME_VOS +# if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS) # define OPENSSL_SYS_VOS +# ifdef __HPPA__ +# define OPENSSL_SYS_VOS_HPPA +# endif +# ifdef __IA32__ +# define OPENSSL_SYS_VOS_IA32 +# endif # endif /* ------------------------------ VxWorks --------------------------------- */ @@ -208,6 +220,17 @@ extern "C" { # define OPENSSL_SYS_VXWORKS # endif +/* -------------------------------- BeOS ---------------------------------- */ +# if defined(__BEOS__) +# define OPENSSL_SYS_BEOS +# include <sys/socket.h> +# if defined(BONE_VERSION) +# define OPENSSL_SYS_BEOS_BONE +# else +# define OPENSSL_SYS_BEOS_R5 +# endif +# endif + /** * That's it for OS-specific stuff *****************************************************************************/ @@ -268,18 +291,37 @@ extern "C" { * #define foobar OPENSSL_GLOBAL_REF(foobar) */ # ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION -# define OPENSSL_IMPLEMENT_GLOBAL(type,name) \ - extern type _hide_##name; \ - type *_shadow_##name(void) { return &_hide_##name; } \ - static type _hide_##name +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \ + type *_shadow_##name(void) \ + { static type _hide_##name=value; return &_hide_##name; } # define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) # define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) # else -# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value; # define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name # define OPENSSL_GLOBAL_REF(name) _shadow_##name # endif +# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE) +# define ossl_ssize_t long +# endif + +# ifdef OPENSSL_SYS_MSDOS +# define ossl_ssize_t long +# endif + +# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) +# define ssize_t int +# endif + +# if defined(__ultrix) && !defined(ssize_t) +# define ossl_ssize_t int +# endif + +# ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +# endif + #ifdef __cplusplus } #endif diff --git a/Cryptlib/Include/openssl/ebcdic.h b/Cryptlib/Include/openssl/ebcdic.h index fc72ecf4..4cbdfeb7 100644 --- a/Cryptlib/Include/openssl/ebcdic.h +++ b/Cryptlib/Include/openssl/ebcdic.h @@ -5,6 +5,10 @@ # include <sys/types.h> +#ifdef __cplusplus +extern "C" { +#endif + /* Avoid name clashes with other applications */ # define os_toascii _openssl_os_toascii # define os_toebcdic _openssl_os_toebcdic @@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256]; void *ebcdic2ascii(void *dest, const void *srce, size_t count); void *ascii2ebcdic(void *dest, const void *srce, size_t count); +#ifdef __cplusplus +} +#endif #endif diff --git a/Cryptlib/Include/openssl/ec.h b/Cryptlib/Include/openssl/ec.h index 08adf1fe..6d3178f6 100644 --- a/Cryptlib/Include/openssl/ec.h +++ b/Cryptlib/Include/openssl/ec.h @@ -2,8 +2,12 @@ /* * Originally written by Bodo Moeller for the OpenSSL project. */ +/** + * \file crypto/ec/ec.h Include file for the OpenSSL EC functions + * \author Originally written by Bodo Moeller for the OpenSSL project + */ /* ==================================================================== - * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -96,10 +100,16 @@ extern "C" { # define OPENSSL_ECC_MAX_FIELD_BITS 661 # endif +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ typedef enum { - /* values as defined in X9.62 (ECDSA) and elsewhere */ + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x02 */ POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ POINT_CONVERSION_HYBRID = 6 } point_conversion_form_t; @@ -118,89 +128,280 @@ typedef struct ec_group_st typedef struct ec_point_st EC_POINT; -/* - * EC_METHODs for curves over GF(p). EC_GFp_simple_method provides the basis - * for the optimized methods. +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object */ const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ const EC_METHOD *EC_GFp_nist_method(void); -/* - * EC_METHOD for curves over GF(2^m). +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp521_method(void); +# endif + +# ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object */ const EC_METHOD *EC_GF2m_simple_method(void); -EC_GROUP *EC_GROUP_new(const EC_METHOD *); -void EC_GROUP_free(EC_GROUP *); -void EC_GROUP_clear_free(EC_GROUP *); -int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *); -EC_GROUP *EC_GROUP_dup(const EC_GROUP *); +# endif + +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ -const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); -int EC_METHOD_get_field_type(const EC_METHOD *); +/** Creates a new EC_GROUP object + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); -int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +void EC_GROUP_clear_free(EC_GROUP *group); + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and it's order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); -const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); -int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); -int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); -void EC_GROUP_set_curve_name(EC_GROUP *, int nid); -int EC_GROUP_get_curve_name(const EC_GROUP *); +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). +*/ +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); -void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag); -int EC_GROUP_get_asn1_flag(const EC_GROUP *); +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); -void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t); +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, + BN_CTX *ctx); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form); point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); -unsigned char *EC_GROUP_get0_seed(const EC_GROUP *); +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); size_t EC_GROUP_get_seed_len(const EC_GROUP *); size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); -int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, - BN_CTX *); -int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, - BN_CTX *); +/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b + * \param group EC_GROUP object + * \param p BIGNUM with the prime number + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); -/* returns the number of bits needed to represent a field element */ -int EC_GROUP_get_degree(const EC_GROUP *); +/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b + * \param group EC_GROUP object + * \param p BIGNUM for the prime number + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx); -/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ +# ifndef OPENSSL_NO_EC2M +/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b + * \param group EC_GROUP object + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b + * \param group EC_GROUP object + * \param p BIGNUM for the polynomial defining the underlying field + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx); +# endif +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); + +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); -/* - * EC_GROUP_check_discriminant() returns 1 if the discriminant of the - * elliptic curve is not zero, 0 otherwise + +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise */ -int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); -/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ -int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if both groups are equal and 1 otherwise + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); /* * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after * choosing an appropriate EC_METHOD */ + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); + const BIGNUM *b, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); - -/* - * EC_GROUP_new_by_curve_name() creates a EC_GROUP structure specified by a - * curve name (in form of a NID) + const BIGNUM *b, BN_CTX *ctx); +# endif +/** Creates a EC_GROUP object with a curve specified by a NID + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred */ EC_GROUP *EC_GROUP_new_by_curve_name(int nid); -/* handling of internal curves */ + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + typedef struct { int nid; const char *comment; } EC_builtin_curve; + /* * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all * available curves or zero if a error occurred. In case r ist not zero @@ -209,46 +410,181 @@ typedef struct { */ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); -/* EC_POINT functions */ +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); -EC_POINT *EC_POINT_new(const EC_GROUP *); -void EC_POINT_free(EC_POINT *); -void EC_POINT_clear_free(EC_POINT *); -int EC_POINT_copy(EC_POINT *, const EC_POINT *); -EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *); +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + const BIGNUM *y, const BIGNUM *z, + BN_CTX *ctx); -const EC_METHOD *EC_POINT_method_of(const EC_POINT *); +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BIGNUM *z, + BN_CTX *ctx); -int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *); -int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, const BIGNUM *y, - const BIGNUM *z, BN_CTX *); -int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, - const EC_POINT *, BIGNUM *x, - BIGNUM *y, BIGNUM *z, BN_CTX *); -int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, +/** Sets the affine coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, const BIGNUM *y, - BN_CTX *); -int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, - BIGNUM *x, BIGNUM *y, BN_CTX *); -int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, - BN_CTX *); - -int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *, + BN_CTX *ctx); + +/** Gets the affine coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + int y_bit, BN_CTX *ctx); +# ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, const BIGNUM *y, - BN_CTX *); -int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *, - BIGNUM *x, BIGNUM *y, BN_CTX *); -int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, - BN_CTX *); - -size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, unsigned char *buf, - size_t len, BN_CTX *); -int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, const unsigned char *buf, - size_t len, BN_CTX *); + BN_CTX *ctx); + +/** Gets the affine coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, + BIGNUM *y, BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, + int y_bit, BN_CTX *ctx); +# endif +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); /* other interfaces to point2oct/oct2point: */ BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, @@ -260,46 +596,122 @@ char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, EC_POINT *, BN_CTX *); -int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); -int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); -int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ -int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *); -int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); -int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, - BN_CTX *); +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); -int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); -int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], - BN_CTX *); +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); -int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, - const EC_POINT *[], const BIGNUM *[], BN_CTX *); -int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, - const EC_POINT *, const BIGNUM *, BN_CTX *); +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); -/* - * EC_GROUP_precompute_mult() stores multiples of generator for faster point - * multiplication +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise */ -int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); -/* - * EC_GROUP_have_precompute_mult() reports whether such precomputation has - * been done +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if point if on the curve and 0 otherwise + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 0 if both points are equal and a value != 0 otherwise */ -int EC_GROUP_have_precompute_mult(const EC_GROUP *); +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); -/* ASN1 stuff */ +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number futher summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + size_t num, const EC_POINT *p[], const BIGNUM *m[], + BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ /* * EC_GROUP_get_basis_type() returns the NID of the basis type used to * represent the field elements */ int EC_GROUP_get_basis_type(const EC_GROUP *); +# ifndef OPENSSL_NO_EC2M int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, unsigned int *k2, unsigned int *k3); +# endif # define OPENSSL_EC_NAMED_CURVE 0x001 @@ -322,33 +734,110 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); # endif -/* the EC_KEY stuff */ +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + typedef struct ec_key_st EC_KEY; /* some values for the encoding_flag */ # define EC_PKEY_NO_PARAMETERS 0x001 # define EC_PKEY_NO_PUBKEY 0x002 +/* some values for the flags field */ +# define EC_FLAG_NON_FIPS_ALLOW 0x1 +# define EC_FLAG_FIPS_CHECKED 0x2 + +/** Creates a new EC_KEY object. + * \return EC_KEY object or NULL if an error occurred. + */ EC_KEY *EC_KEY_new(void); + +int EC_KEY_get_flags(const EC_KEY *key); + +void EC_KEY_set_flags(EC_KEY *key, int flags); + +void EC_KEY_clear_flags(EC_KEY *key, int flags); + +/** Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ EC_KEY *EC_KEY_new_by_curve_name(int nid); -void EC_KEY_free(EC_KEY *); -EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *); -EC_KEY *EC_KEY_dup(const EC_KEY *); - -int EC_KEY_up_ref(EC_KEY *); - -const EC_GROUP *EC_KEY_get0_group(const EC_KEY *); -int EC_KEY_set_group(EC_KEY *, const EC_GROUP *); -const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *); -int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *); -const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); -int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); -unsigned EC_KEY_get_enc_flags(const EC_KEY *); -void EC_KEY_set_enc_flags(EC_KEY *, unsigned int); -point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *); -void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); /* functions to set/get method specific data */ -void *EC_KEY_get_key_method_data(EC_KEY *, +void *EC_KEY_get_key_method_data(EC_KEY *key, void *(*dup_func) (void *), void (*free_func) (void *), void (*clear_free_func) (void *)); @@ -365,34 +854,134 @@ void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, void (*free_func) (void *), void (*clear_free_func) (void *)); /* wrapper functions for the underlying EC_GROUP object */ -void EC_KEY_set_asn1_flag(EC_KEY *, int); -int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx); - -/* EC_KEY_generate_key() creates a ec private (public) key */ -int EC_KEY_generate_key(EC_KEY *); -/* EC_KEY_check_key() */ -int EC_KEY_check_key(const EC_KEY *); - -/* de- and encoding functions for SEC1 ECPrivateKey */ -EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len); -int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); -/* de- and encoding functions for EC parameters */ -EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); -int i2d_ECParameters(EC_KEY *a, unsigned char **out); -/* - * de- and encoding functions for EC public key (octet string, not DER -- - * hence 'o2i' and 'i2o') +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + +/** Sets a public key from affine coordindates performing + * neccessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, + BIGNUM *y); + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec paramters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(EC_KEY *key, unsigned char **out); + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. */ -EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); -int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); # ifndef OPENSSL_NO_BIO -int ECParameters_print(BIO *bp, const EC_KEY *x); -int EC_KEY_print(BIO *bp, const EC_KEY *x, int off); +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + # endif # ifndef OPENSSL_NO_FP_API -int ECParameters_print_fp(FILE *fp, const EC_KEY *x); -int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + # endif # define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) @@ -405,6 +994,80 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); # endif # endif +# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) + +# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) + +# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)pmd) + +# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, (void *)plen) + +# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)p) + +# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)p) + +# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +/* KDF types */ +# define EVP_PKEY_ECDH_KDF_NONE 1 +# define EVP_PKEY_ECDH_KDF_X9_62 2 + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -415,14 +1078,31 @@ void ERR_load_EC_strings(void); /* Error codes for the EC functions. */ /* Function codes. */ +# define EC_F_BN_TO_FELEM 224 # define EC_F_COMPUTE_WNAF 143 # define EC_F_D2I_ECPARAMETERS 144 # define EC_F_D2I_ECPKPARAMETERS 145 # define EC_F_D2I_ECPRIVATEKEY 146 +# define EC_F_DO_EC_KEY_PRINT 221 +# define EC_F_ECDH_CMS_DECRYPT 238 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 239 +# define EC_F_ECKEY_PARAM2TYPE 223 +# define EC_F_ECKEY_PARAM_DECODE 212 +# define EC_F_ECKEY_PRIV_DECODE 213 +# define EC_F_ECKEY_PRIV_ENCODE 214 +# define EC_F_ECKEY_PUB_DECODE 215 +# define EC_F_ECKEY_PUB_ENCODE 216 +# define EC_F_ECKEY_TYPE2PARAM 220 # define EC_F_ECPARAMETERS_PRINT 147 # define EC_F_ECPARAMETERS_PRINT_FP 148 # define EC_F_ECPKPARAMETERS_PRINT 149 # define EC_F_ECPKPARAMETERS_PRINT_FP 150 +# define EC_F_ECP_NISTZ256_GET_AFFINE 240 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +# define EC_F_ECP_NISTZ256_POINTS_MUL 241 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +# define EC_F_ECP_NISTZ256_SET_WORDS 245 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 # define EC_F_ECP_NIST_MOD_192 203 # define EC_F_ECP_NIST_MOD_224 204 # define EC_F_ECP_NIST_MOD_256 205 @@ -449,6 +1129,15 @@ void ERR_load_EC_strings(void); # define EC_F_EC_GFP_MONT_FIELD_SQR 132 # define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 # define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 # define EC_F_EC_GFP_NIST_FIELD_MUL 200 # define EC_F_EC_GFP_NIST_FIELD_SQR 201 # define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 @@ -491,8 +1180,8 @@ void ERR_load_EC_strings(void); # define EC_F_EC_KEY_NEW 182 # define EC_F_EC_KEY_PRINT 180 # define EC_F_EC_KEY_PRINT_FP 181 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 # define EC_F_EC_POINTS_MAKE_AFFINE 136 -# define EC_F_EC_POINTS_MUL 138 # define EC_F_EC_POINT_ADD 112 # define EC_F_EC_POINT_CMP 113 # define EC_F_EC_POINT_COPY 114 @@ -522,22 +1211,39 @@ void ERR_load_EC_strings(void); # define EC_F_I2D_ECPKPARAMETERS 191 # define EC_F_I2D_ECPRIVATEKEY 192 # define EC_F_I2O_ECPUBLICKEY 151 +# define EC_F_NISTP224_PRE_COMP_NEW 227 +# define EC_F_NISTP256_PRE_COMP_NEW 236 +# define EC_F_NISTP521_PRE_COMP_NEW 237 # define EC_F_O2I_ECPUBLICKEY 152 +# define EC_F_OLD_EC_PRIV_DECODE 222 +# define EC_F_PKEY_EC_CTRL 197 +# define EC_F_PKEY_EC_CTRL_STR 198 +# define EC_F_PKEY_EC_DERIVE 217 +# define EC_F_PKEY_EC_KEYGEN 199 +# define EC_F_PKEY_EC_PARAMGEN 219 +# define EC_F_PKEY_EC_SIGN 218 /* Reason codes. */ # define EC_R_ASN1_ERROR 115 # define EC_R_ASN1_UNKNOWN_FIELD 116 +# define EC_R_BIGNUM_OUT_OF_RANGE 144 # define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_COORDINATES_OUT_OF_RANGE 146 # define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +# define EC_R_DECODE_ERROR 142 # define EC_R_DISCRIMINANT_IS_ZERO 118 # define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 -# define EC_R_FIELD_TOO_LARGE 138 +# define EC_R_FIELD_TOO_LARGE 143 +# define EC_R_GF2M_NOT_SUPPORTED 147 # define EC_R_GROUP2PKPARAMETERS_FAILURE 120 # define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 # define EC_R_INCOMPATIBLE_OBJECTS 101 # define EC_R_INVALID_ARGUMENT 112 # define EC_R_INVALID_COMPRESSED_POINT 110 # define EC_R_INVALID_COMPRESSION_BIT 109 +# define EC_R_INVALID_CURVE 141 +# define EC_R_INVALID_DIGEST 151 +# define EC_R_INVALID_DIGEST_TYPE 138 # define EC_R_INVALID_ENCODING 102 # define EC_R_INVALID_FIELD 103 # define EC_R_INVALID_FORM 104 @@ -545,6 +1251,8 @@ void ERR_load_EC_strings(void); # define EC_R_INVALID_PENTANOMIAL_BASIS 132 # define EC_R_INVALID_PRIVATE_KEY 123 # define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_PARAMETER_ERROR 148 +# define EC_R_KEYS_NOT_SET 140 # define EC_R_MISSING_PARAMETERS 124 # define EC_R_MISSING_PRIVATE_KEY 125 # define EC_R_NOT_A_NIST_PRIME 135 @@ -552,16 +1260,20 @@ void ERR_load_EC_strings(void); # define EC_R_NOT_IMPLEMENTED 126 # define EC_R_NOT_INITIALIZED 111 # define EC_R_NO_FIELD_MOD 133 +# define EC_R_NO_PARAMETERS_SET 139 # define EC_R_PASSED_NULL_PARAMETER 134 +# define EC_R_PEER_KEY_ERROR 149 # define EC_R_PKPARAMETERS2GROUP_FAILURE 127 # define EC_R_POINT_AT_INFINITY 106 # define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_SHARED_INFO_ERROR 150 # define EC_R_SLOT_FULL 108 # define EC_R_UNDEFINED_GENERATOR 113 # define EC_R_UNDEFINED_ORDER 128 # define EC_R_UNKNOWN_GROUP 129 # define EC_R_UNKNOWN_ORDER 114 # define EC_R_UNSUPPORTED_FIELD 131 +# define EC_R_WRONG_CURVE_PARAMETERS 145 # define EC_R_WRONG_ORDER 130 #ifdef __cplusplus diff --git a/Cryptlib/Include/openssl/ecdh.h b/Cryptlib/Include/openssl/ecdh.h index eb4047d7..25348b30 100644 --- a/Cryptlib/Include/openssl/ecdh.h +++ b/Cryptlib/Include/openssl/ecdh.h @@ -85,6 +85,8 @@ extern "C" { #endif +# define EC_FLAG_COFACTOR_ECDH 0x1000 + const ECDH_METHOD *ECDH_OpenSSL(void); void ECDH_set_default_method(const ECDH_METHOD *); @@ -101,6 +103,11 @@ int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); void *ECDH_get_ex_data(EC_KEY *d, int idx); +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -111,11 +118,13 @@ void ERR_load_ECDH_strings(void); /* Error codes for the ECDH functions. */ /* Function codes. */ +# define ECDH_F_ECDH_CHECK 102 # define ECDH_F_ECDH_COMPUTE_KEY 100 # define ECDH_F_ECDH_DATA_NEW_METHOD 101 /* Reason codes. */ # define ECDH_R_KDF_FAILED 102 +# define ECDH_R_NON_FIPS_METHOD 103 # define ECDH_R_NO_PRIVATE_VALUE 100 # define ECDH_R_POINT_ARITHMETIC_FAILURE 101 diff --git a/Cryptlib/Include/openssl/ecdsa.h b/Cryptlib/Include/openssl/ecdsa.h index 48dd9888..c4016ac3 100644 --- a/Cryptlib/Include/openssl/ecdsa.h +++ b/Cryptlib/Include/openssl/ecdsa.h @@ -4,7 +4,7 @@ * \author Written by Nils Larsch for the OpenSSL project */ /* ==================================================================== - * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -80,156 +80,143 @@ typedef struct ECDSA_SIG_st { BIGNUM *s; } ECDSA_SIG; -/** ECDSA_SIG *ECDSA_SIG_new(void) - * allocates and initialize a ECDSA_SIG structure - * \return pointer to a ECDSA_SIG structure or NULL if an error occurred +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ ECDSA_SIG *ECDSA_SIG_new(void); -/** ECDSA_SIG_free - * frees a ECDSA_SIG structure - * \param a pointer to the ECDSA_SIG structure +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure */ -void ECDSA_SIG_free(ECDSA_SIG *a); - -/** i2d_ECDSA_SIG - * DER encode content of ECDSA_SIG object (note: this function modifies *pp - * (*pp += length of the DER encoded signature)). - * \param a pointer to the ECDSA_SIG object - * \param pp pointer to a unsigned char pointer for the output or NULL - * \return the length of the DER encoded ECDSA_SIG object or 0 +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or 0 */ -int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); - -/** d2i_ECDSA_SIG - * decodes a DER encoded ECDSA signature (note: this function changes *pp - * (*pp += len)). - * \param v pointer to ECDSA_SIG pointer (may be NULL) - * \param pp buffer with the DER encoded signature - * \param len bufferlength - * \return pointer to the decoded ECDSA_SIG structure (or NULL) +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); + +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) */ -ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len); - -/** ECDSA_do_sign - * computes the ECDSA signature of the given hash value using - * the supplied private key and returns the created signature. - * \param dgst pointer to the hash value - * \param dgst_len length of the hash value - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, EC_KEY *eckey); -/** ECDSA_do_sign_ex - * computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param kinv optional pointer to a pre-computed inverse k - * \param rp optional pointer to the pre-computed rp value (see - * ECDSA_sign_setup - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); -/** ECDSA_do_verify - * verifies that the supplied signature is a valid ECDSA - * signature of the supplied hash value using the supplied public key. - * \param dgst pointer to the hash value - * \param dgst_len length of the hash value - * \param sig pointer to the ECDSA_SIG structure - * \param eckey pointer to the EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error */ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey); const ECDSA_METHOD *ECDSA_OpenSSL(void); -/** ECDSA_set_default_method - * sets the default ECDSA method - * \param meth the new default ECDSA_METHOD +/** Sets the default ECDSA method + * \param meth new default ECDSA_METHOD */ void ECDSA_set_default_method(const ECDSA_METHOD *meth); -/** ECDSA_get_default_method - * returns the default ECDSA method - * \return pointer to ECDSA_METHOD structure containing the default method +/** Returns the default ECDSA method + * \return pointer to ECDSA_METHOD structure containing the default method */ const ECDSA_METHOD *ECDSA_get_default_method(void); -/** ECDSA_set_method - * sets method to be used for the ECDSA operations - * \param eckey pointer to the EC_KEY object - * \param meth pointer to the new method - * \return 1 on success and 0 otherwise +/** Sets method to be used for the ECDSA operations + * \param eckey EC_KEY object + * \param meth new method + * \return 1 on success and 0 otherwise */ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); -/** ECDSA_size - * returns the maximum length of the DER encoded signature - * \param eckey pointer to a EC_KEY object - * \return numbers of bytes required for the DER encoded signature +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature */ int ECDSA_size(const EC_KEY *eckey); -/** ECDSA_sign_setup - * precompute parts of the signing operation. - * \param eckey pointer to the EC_KEY object containing a private EC key - * \param ctx pointer to a BN_CTX object (may be NULL) - * \param kinv pointer to a BIGNUM pointer for the inverse of k - * \param rp pointer to a BIGNUM pointer for x coordinate of k * generator - * \return 1 on success and 0 otherwise +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise */ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); -/** ECDSA_sign - * computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig buffer to hold the DER encoded signature - * \param siglen pointer to the length of the returned signature - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise */ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); -/** ECDSA_sign_ex - * computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig buffer to hold the DER encoded signature - * \param siglen pointer to the length of the returned signature - * \param kinv optional pointer to a pre-computed inverse k - * \param rp optional pointer to the pre-computed rp value (see - * ECDSA_sign_setup - * \param eckey pointer to the EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise */ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); -/** ECDSA_verify - * verifies that the given signature is valid ECDSA signature - * of the supplied hash value using the specified public key. - * \param type this parameter is ignored - * \param dgst pointer to the hash value - * \param dgstlen length of the hash value - * \param sig pointer to the DER encoded signature - * \param siglen length of the DER encoded signature - * \param eckey pointer to the EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error */ int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, const unsigned char *sig, int siglen, EC_KEY *eckey); @@ -241,6 +228,80 @@ int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); void *ECDSA_get_ex_data(EC_KEY *d, int idx); +/** Allocates and initialize a ECDSA_METHOD structure + * \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL) + * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred + */ + +ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method); + +/** frees a ECDSA_METHOD structure + * \param ecdsa_method pointer to the ECDSA_METHOD structure + */ +void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method); + +/** Sets application specific data in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param app application specific data to set + */ + +void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app); + +/** Returns application specific data from a ECDSA_METHOD structure + * \param ecdsa_method pointer to ECDSA_METHOD structure + * \return pointer to application specific data. + */ + +void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method); + +/** Set the ECDSA_do_sign function in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param ecdsa_do_sign a funtion of type ECDSA_do_sign + */ + +void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method, + ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char + *dgst, int dgst_len, + const BIGNUM *inv, + const BIGNUM *rp, + EC_KEY *eckey)); + +/** Set the ECDSA_sign_setup function in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param ecdsa_sign_setup a funtion of type ECDSA_sign_setup + */ + +void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method, + int (*ecdsa_sign_setup) (EC_KEY *eckey, + BN_CTX *ctx, + BIGNUM **kinv, + BIGNUM **r)); + +/** Set the ECDSA_do_verify function in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param ecdsa_do_verify a funtion of type ECDSA_do_verify + */ + +void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, + int (*ecdsa_do_verify) (const unsigned char + *dgst, int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); + +/** Set the flags field in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param flags flags value to set + */ + +void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); + +/** Set the name field in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param name name to set + */ + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -251,9 +312,11 @@ void ERR_load_ECDSA_strings(void); /* Error codes for the ECDSA functions. */ /* Function codes. */ +# define ECDSA_F_ECDSA_CHECK 104 # define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 # define ECDSA_F_ECDSA_DO_SIGN 101 # define ECDSA_F_ECDSA_DO_VERIFY 102 +# define ECDSA_F_ECDSA_METHOD_NEW 105 # define ECDSA_F_ECDSA_SIGN_SETUP 103 /* Reason codes. */ @@ -262,6 +325,7 @@ void ERR_load_ECDSA_strings(void); # define ECDSA_R_ERR_EC_LIB 102 # define ECDSA_R_MISSING_PARAMETERS 103 # define ECDSA_R_NEED_NEW_SETUP_VALUES 106 +# define ECDSA_R_NON_FIPS_METHOD 107 # define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 # define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 diff --git a/Cryptlib/Include/openssl/engine.h b/Cryptlib/Include/openssl/engine.h index 335b78f6..bd7b5914 100644 --- a/Cryptlib/Include/openssl/engine.h +++ b/Cryptlib/Include/openssl/engine.h @@ -89,16 +89,15 @@ # include <openssl/ecdsa.h> # endif # include <openssl/rand.h> -# include <openssl/store.h> # include <openssl/ui.h> # include <openssl/err.h> # endif -# include <openssl/x509.h> - # include <openssl/ossl_typ.h> # include <openssl/symhacks.h> +# include <openssl/x509.h> + #ifdef __cplusplus extern "C" { #endif @@ -116,6 +115,8 @@ extern "C" { # define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 # define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 # define ENGINE_METHOD_STORE (unsigned int)0x0100 +# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 /* Obvious all-or-nothing cases. */ # define ENGINE_METHOD_ALL (unsigned int)0xFFFF # define ENGINE_METHOD_NONE (unsigned int)0x0000 @@ -153,6 +154,14 @@ extern "C" { # define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 /* + * This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are not + * usable as default methods. + */ + +# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + +/* * ENGINEs can support their own command types, and these flags are used in * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input * each command expects. Currently only numeric and string input is @@ -354,7 +363,10 @@ typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, const int **, int); typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, int); - +typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); /* * STRUCTURE functions ... all of these functions deal with pointers to * ENGINE structures where the pointers have a "structural reference". This @@ -388,20 +400,20 @@ void ENGINE_load_aep(void); void ENGINE_load_atalla(void); void ENGINE_load_chil(void); void ENGINE_load_cswift(void); -# ifndef OPENSSL_NO_GMP -void ENGINE_load_gmp(void); -# endif void ENGINE_load_nuron(void); void ENGINE_load_sureware(void); void ENGINE_load_ubsec(void); -# ifdef OPENSSL_SYS_WIN32 -# ifndef OPENSSL_NO_CAPIENG +void ENGINE_load_padlock(void); void ENGINE_load_capi(void); -# endif +# ifndef OPENSSL_NO_GMP +void ENGINE_load_gmp(void); +# endif +# ifndef OPENSSL_NO_GOST +void ENGINE_load_gost(void); # endif # endif void ENGINE_load_cryptodev(void); -void ENGINE_load_padlock(void); +void ENGINE_load_rdrand(void); void ENGINE_load_builtin_engines(void); /* @@ -456,6 +468,14 @@ int ENGINE_register_digests(ENGINE *e); void ENGINE_unregister_digests(ENGINE *e); void ENGINE_register_all_digests(void); +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + /* * These functions register all support from the above categories. Note, use * of these functions can result in static linkage of code your application @@ -551,6 +571,8 @@ int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, loadssl_f); int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); int ENGINE_set_flags(ENGINE *e, int flags); int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); /* These functions allow control over any per-structure ENGINE data. */ @@ -593,8 +615,18 @@ ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, + int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, + int len); const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); int ENGINE_get_flags(const ENGINE *e); @@ -657,6 +689,8 @@ ENGINE *ENGINE_get_default_RAND(void); */ ENGINE *ENGINE_get_cipher_engine(int nid); ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); /* * This sets a new default ENGINE structure for performing RSA operations. If @@ -674,6 +708,8 @@ int ENGINE_set_default_DH(ENGINE *e); int ENGINE_set_default_RAND(ENGINE *e); int ENGINE_set_default_ciphers(ENGINE *e); int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); /* * The combination "set" - the flags are bitwise "OR"d from the @@ -762,6 +798,7 @@ typedef struct st_dynamic_fns { */ typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); # define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ return 0; } @@ -788,6 +825,8 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, const dynamic_fns *fns); # define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ @@ -818,7 +857,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, */ void *ENGINE_get_static_state(void); -# if defined(__OpenBSD__) || defined(__FreeBSD__) +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) void ENGINE_setup_bsd_cryptodev(void); # endif @@ -848,13 +887,15 @@ void ERR_load_ENGINE_strings(void); # define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 # define ENGINE_F_ENGINE_GET_DIGEST 186 # define ENGINE_F_ENGINE_GET_NEXT 115 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +# define ENGINE_F_ENGINE_GET_PKEY_METH 192 # define ENGINE_F_ENGINE_GET_PREV 116 # define ENGINE_F_ENGINE_INIT 119 # define ENGINE_F_ENGINE_LIST_ADD 120 # define ENGINE_F_ENGINE_LIST_REMOVE 121 # define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 # define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 -# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 # define ENGINE_F_ENGINE_NEW 122 # define ENGINE_F_ENGINE_REMOVE 123 # define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 @@ -883,7 +924,7 @@ void ERR_load_ENGINE_strings(void); # define ENGINE_R_DSO_FAILURE 104 # define ENGINE_R_DSO_NOT_FOUND 132 # define ENGINE_R_ENGINES_SECTION_ERROR 148 -# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 # define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 # define ENGINE_R_ENGINE_SECTION_ERROR 149 # define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 @@ -910,6 +951,7 @@ void ERR_load_ENGINE_strings(void); # define ENGINE_R_RSA_NOT_IMPLEMENTED 141 # define ENGINE_R_UNIMPLEMENTED_CIPHER 146 # define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 # define ENGINE_R_VERSION_INCOMPATIBILITY 145 #ifdef __cplusplus diff --git a/Cryptlib/Include/openssl/err.h b/Cryptlib/Include/openssl/err.h index 2a2ecc81..bbfdb959 100644 --- a/Cryptlib/Include/openssl/err.h +++ b/Cryptlib/Include/openssl/err.h @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #ifndef HEADER_ERR_H # define HEADER_ERR_H @@ -93,7 +146,7 @@ extern "C" { # define ERR_NUM_ERRORS 16 typedef struct err_state_st { - unsigned long pid; + CRYPTO_THREADID tid; int err_flags[ERR_NUM_ERRORS]; unsigned long err_buffer[ERR_NUM_ERRORS]; char *err_data[ERR_NUM_ERRORS]; @@ -141,7 +194,9 @@ typedef struct err_state_st { # define ERR_LIB_STORE 44 # define ERR_LIB_FIPS 45 # define ERR_LIB_CMS 46 -# define ERR_LIB_JPAKE 47 +# define ERR_LIB_TS 47 +# define ERR_LIB_HMAC 48 +# define ERR_LIB_JPAKE 49 # define ERR_LIB_USER 128 @@ -175,6 +230,8 @@ typedef struct err_state_st { # define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) # define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) # define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__) +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) # define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) /* @@ -231,6 +288,7 @@ typedef struct err_state_st { # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ # define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */ # define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */ +# define ERR_R_TS_LIB ERR_LIB_TS/* 45 */ # define ERR_R_NESTED_ASN1_ERROR 58 # define ERR_R_BAD_ASN1_OBJECT_HEADER 59 @@ -285,6 +343,7 @@ void ERR_print_errors_fp(FILE *fp); # endif # ifndef OPENSSL_NO_BIO void ERR_print_errors(BIO *bp); +# endif /* Add EFIAPI for UEFI version. */ #if defined(OPENSSL_SYS_UEFI) @@ -292,20 +351,24 @@ void EFIAPI ERR_add_error_data(int num, ...); #else void ERR_add_error_data(int num, ...); #endif -# endif + +void ERR_add_error_vdata(int num, va_list args); void ERR_load_strings(int lib, ERR_STRING_DATA str[]); void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); void ERR_load_ERR_strings(void); void ERR_load_crypto_strings(void); void ERR_free_strings(void); +void ERR_remove_thread_state(const CRYPTO_THREADID *tid); +# ifndef OPENSSL_NO_DEPRECATED void ERR_remove_state(unsigned long pid); /* if zero we look it up */ +# endif ERR_STATE *ERR_get_state(void); # ifndef OPENSSL_NO_LHASH -LHASH *ERR_get_string_table(void); -LHASH *ERR_get_err_state_table(void); -void ERR_release_err_state_table(LHASH **hash); +LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void); +LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void); +void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash); # endif int ERR_get_next_error_library(void); @@ -313,12 +376,6 @@ int ERR_get_next_error_library(void); int ERR_set_mark(void); int ERR_pop_to_mark(void); -# ifdef OPENSSL_FIPS -void int_ERR_set_state_func(ERR_STATE *(*get_func) (void), - void (*remove_func) (unsigned long pid)); -void int_ERR_lib_init(void); -# endif - /* Already defined in ossl_typ.h */ /* typedef struct st_ERR_FNS ERR_FNS; */ /* diff --git a/Cryptlib/Include/openssl/evp.h b/Cryptlib/Include/openssl/evp.h index df838d0b..39ab7937 100644 --- a/Cryptlib/Include/openssl/evp.h +++ b/Cryptlib/Include/openssl/evp.h @@ -75,10 +75,6 @@ # include <openssl/bio.h> # endif -# ifdef OPENSSL_FIPS -# include <openssl/fips.h> -# endif - /*- #define EVP_RC2_KEY_SIZE 16 #define EVP_RC4_KEY_SIZE 16 @@ -87,7 +83,7 @@ #define EVP_RC5_32_12_16_KEY_SIZE 16 */ # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ -# define EVP_MAX_KEY_LENGTH 32 +# define EVP_MAX_KEY_LENGTH 64 # define EVP_MAX_IV_LENGTH 16 # define EVP_MAX_BLOCK_LENGTH 32 @@ -107,7 +103,6 @@ # define EVP_PKS_RSA 0x0100 # define EVP_PKS_DSA 0x0200 # define EVP_PKS_EC 0x0400 -# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ # define EVP_PKEY_NONE NID_undef # define EVP_PKEY_RSA NID_rsaEncryption @@ -118,7 +113,10 @@ # define EVP_PKEY_DSA3 NID_dsaWithSHA1 # define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 # define EVP_PKEY_DH NID_dhKeyAgreement +# define EVP_PKEY_DHX NID_dhpublicnumber # define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +# define EVP_PKEY_HMAC NID_hmac +# define EVP_PKEY_CMAC NID_cmac #ifdef __cplusplus extern "C" { @@ -132,6 +130,8 @@ struct evp_pkey_st { int type; int save_type; int references; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *engine; union { char *ptr; # ifndef OPENSSL_NO_RSA @@ -156,70 +156,6 @@ struct evp_pkey_st { # define EVP_PKEY_MO_ENCRYPT 0x0004 # define EVP_PKEY_MO_DECRYPT 0x0008 -# if 0 -/* - * This structure is required to tie the message digest and signing together. - * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or oid, md - * and pkey. This is required because for various smart-card perform the - * digest and signing/verification on-board. To handle this case, the - * specific EVP_MD and EVP_PKEY_METHODs need to be closely associated. When a - * PKEY is created, it will have a EVP_PKEY_METHOD associated with it. This - * can either be software or a token to provide the required low level - * routines. - */ -typedef struct evp_pkey_md_st { - int oid; - EVP_MD *md; - EVP_PKEY_METHOD *pkey; -} EVP_PKEY_MD; - -# define EVP_rsa_md2() \ - EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_md2()) -# define EVP_rsa_md5() \ - EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_md5()) -# define EVP_rsa_sha0() \ - EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_sha()) -# define EVP_rsa_sha1() \ - EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_sha1()) -# define EVP_rsa_ripemd160() \ - EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ - EVP_rsa_pkcs1(),EVP_ripemd160()) -# define EVP_rsa_mdc2() \ - EVP_PKEY_MD_add(NID_mdc2WithRSA,\ - EVP_rsa_octet_string(),EVP_mdc2()) -# define EVP_dsa_sha() \ - EVP_PKEY_MD_add(NID_dsaWithSHA,\ - EVP_dsa(),EVP_sha()) -# define EVP_dsa_sha1() \ - EVP_PKEY_MD_add(NID_dsaWithSHA1,\ - EVP_dsa(),EVP_sha1()) - -typedef struct evp_pkey_method_st { - char *name; - int flags; - int type; /* RSA, DSA, an SSLeay specific constant */ - int oid; /* For the pub-key type */ - int encrypt_oid; /* pub/priv key encryption */ - int (*sign) (); - int (*verify) (); - struct { - int (*set) (); /* get and/or set the underlying type */ - int (*get) (); - int (*encrypt) (); - int (*decrypt) (); - int (*i2d) (); - int (*d2i) (); - int (*dup) (); - } pub, priv; - int (*set_asn1_parameters) (); - int (*get_asn1_parameters) (); -} EVP_PKEY_METHOD; -# endif - # ifndef EVP_MD struct env_md_st { int type; @@ -240,6 +176,8 @@ struct env_md_st { int required_pkey_type[5]; /* EVP_PKEY_xxx */ int block_size; int ctx_size; /* how big does the ctx->md_data need to be */ + /* control function */ + int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); } /* EVP_MD */ ; typedef int evp_sign_method(int type, const unsigned char *m, @@ -250,19 +188,48 @@ typedef int evp_verify_method(int type, const unsigned char *m, const unsigned char *sigbuf, unsigned int siglen, void *key); -typedef struct { - EVP_MD_CTX *mctx; - void *key; -} EVP_MD_SVCTX; - /* digest can only handle a single block */ # define EVP_MD_FLAG_ONESHOT 0x0001 +/* + * digest is a "clone" digest used + * which is a copy of an existing + * one for a specific public key type. + * EVP_dss1() etc + */ +# define EVP_MD_FLAG_PKEY_DIGEST 0x0002 + +/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ + +# define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 + +/* DigestAlgorithmIdentifier flags... */ + +# define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +# define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +# define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +# define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + /* Note if suitable for use in FIPS mode */ # define EVP_MD_FLAG_FIPS 0x0400 -# define EVP_MD_FLAG_SVCTX 0x0800 - /* pass EVP_MD_SVCTX to sign/verify */ +/* Digest ctrls */ + +# define EVP_MD_CTRL_DIGALGID 0x1 +# define EVP_MD_CTRL_MICALG 0x2 + +/* Minimum Algorithm specific ctrl value */ + +# define EVP_MD_CTRL_ALG_CTRL 0x1000 # define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} @@ -304,6 +271,10 @@ struct env_md_ctx_st { * ENGINE-provided */ unsigned long flags; void *md_data; + /* Public key context for sign/verify */ + EVP_PKEY_CTX *pctx; + /* Update function: usually copied from EVP_MD */ + int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); } /* EVP_MD_CTX */ ; /* values for EVP_MD_CTX flags */ @@ -314,17 +285,25 @@ struct env_md_ctx_st { * cleaned */ # define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data * in EVP_MD_CTX_cleanup */ +/* + * FIPS and pad options are ignored in 1.0.0, definitions are here so we + * don't accidentally reuse the values for other purposes. + */ + # define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS * digest in FIPS mode */ +/* + * The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ # define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ # define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ # define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ # define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ -# define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ - ((ctx->flags>>16) &0xFFFF) /* seed length */ -# define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF/* salt len same as digest */ -# define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE/* salt max or auto recovered */ + +# define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ struct evp_cipher_st { int nid; @@ -339,7 +318,7 @@ struct evp_cipher_st { const unsigned char *iv, int enc); /* encrypt/decrypt data */ int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); + const unsigned char *in, size_t inl); /* cleanup ctx */ int (*cleanup) (EVP_CIPHER_CTX *); /* how big ctx->cipher_data needs to be */ @@ -363,7 +342,12 @@ struct evp_cipher_st { # define EVP_CIPH_CBC_MODE 0x2 # define EVP_CIPH_CFB_MODE 0x3 # define EVP_CIPH_OFB_MODE 0x4 -# define EVP_CIPH_MODE 0x7 +# define EVP_CIPH_CTR_MODE 0x5 +# define EVP_CIPH_GCM_MODE 0x6 +# define EVP_CIPH_CCM_MODE 0x7 +# define EVP_CIPH_XTS_MODE 0x10001 +# define EVP_CIPH_WRAP_MODE 0x10002 +# define EVP_CIPH_MODE 0xF0007 /* Set if variable length cipher */ # define EVP_CIPH_VARIABLE_LENGTH 0x8 /* Set if the iv handling should be done by the cipher itself */ @@ -378,14 +362,29 @@ struct evp_cipher_st { # define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ # define EVP_CIPH_RAND_KEY 0x200 -/* Note if suitable for use in FIPS mode */ -# define EVP_CIPH_FLAG_FIPS 0x400 -/* Allow non FIPS cipher in FIPS mode */ -# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 +/* cipher has its own additional copying logic */ +# define EVP_CIPH_CUSTOM_COPY 0x400 /* Allow use default ASN1 get/set iv */ # define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 /* Buffer length in bits not bytes: CFB1 mode only */ # define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +# define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* + * Cipher handles any and all padding logic as well as finalisation. + */ +# define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 + +/* + * Cipher context flag to indicate we can handle wrap mode: if allowed in + * older applications it could overflow buffers. + */ + +# define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 /* ctrl() values */ @@ -396,6 +395,51 @@ struct evp_cipher_st { # define EVP_CTRL_GET_RC5_ROUNDS 0x4 # define EVP_CTRL_SET_RC5_ROUNDS 0x5 # define EVP_CTRL_RAND_KEY 0x6 +# define EVP_CTRL_PBE_PRF_NID 0x7 +# define EVP_CTRL_COPY 0x8 +# define EVP_CTRL_GCM_SET_IVLEN 0x9 +# define EVP_CTRL_GCM_GET_TAG 0x10 +# define EVP_CTRL_GCM_SET_TAG 0x11 +# define EVP_CTRL_GCM_SET_IV_FIXED 0x12 +# define EVP_CTRL_GCM_IV_GEN 0x13 +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG +# define EVP_CTRL_CCM_SET_L 0x14 +# define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* + * AEAD cipher deduces payload length and returns number of bytes required to + * store MAC and eventual padding. Subsequent call to EVP_Cipher even + * appends/verifies MAC. + */ +# define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +# define EVP_CTRL_GCM_SET_IV_INV 0x18 + +# define EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 0x19 +# define EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 0x1a +# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b +# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + +typedef struct { + unsigned char *out; + const unsigned char *inp; + size_t len; + unsigned int interleave; +} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +# define EVP_GCM_TLS_TAG_LEN 16 typedef struct evp_cipher_info_st { const EVP_CIPHER *cipher; @@ -411,7 +455,7 @@ struct evp_cipher_ctx_st { unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ - int num; /* used by cfb/ofb mode */ + int num; /* used by cfb/ofb/ctr mode */ void *app_data; /* application stuff */ int key_len; /* May change for variable length cipher */ unsigned long flags; /* Various flags */ @@ -469,24 +513,13 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, # define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) # define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) -/* Macros to reduce FIPS dependencies: do NOT use in applications */ -# define M_EVP_MD_size(e) ((e)->md_size) -# define M_EVP_MD_block_size(e) ((e)->block_size) -# define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) -# define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) -# define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) -# define M_EVP_MD_type(e) ((e)->type) -# define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) -# define M_EVP_MD_CTX_md(e) ((e)->digest) - -# define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) - int EVP_MD_type(const EVP_MD *md); # define EVP_MD_nid(e) EVP_MD_type(e) # define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) int EVP_MD_pkey_type(const EVP_MD *md); int EVP_MD_size(const EVP_MD *md); int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); # define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) @@ -506,6 +539,7 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); # define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) @@ -523,6 +557,8 @@ unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); # define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) # define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) # define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +# define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +# define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) # ifdef CONST_STRICT void BIO_set_md(BIO *, const EVP_MD *md); @@ -567,6 +603,8 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); void EVP_set_pw_prompt(const char *prompt); char *EVP_get_pw_prompt(void); @@ -616,6 +654,16 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey); +int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestSignFinal(EVP_MD_CTX *ctx, + unsigned char *sigret, size_t *siglen); + +int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, + const unsigned char *sig, size_t siglen); + int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv); @@ -688,6 +736,9 @@ const EVP_MD *EVP_mdc2(void); # ifndef OPENSSL_NO_RIPEMD const EVP_MD *EVP_ripemd160(void); # endif +# ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +# endif const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ # ifndef OPENSSL_NO_DES const EVP_CIPHER *EVP_des_ecb(void); @@ -716,6 +767,7 @@ const EVP_CIPHER *EVP_des_cbc(void); const EVP_CIPHER *EVP_des_ede_cbc(void); const EVP_CIPHER *EVP_des_ede3_cbc(void); const EVP_CIPHER *EVP_desx_cbc(void); +const EVP_CIPHER *EVP_des_ede3_wrap(void); /* * This should now be supported through the dev_crypto ENGINE. But also, why * are rc4 and md5 declarations made here inside a "NO_DES" precompiler @@ -732,6 +784,9 @@ const EVP_MD *EVP_dev_crypto_md5(void); # ifndef OPENSSL_NO_RC4 const EVP_CIPHER *EVP_rc4(void); const EVP_CIPHER *EVP_rc4_40(void); +# ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +# endif # endif # ifndef OPENSSL_NO_IDEA const EVP_CIPHER *EVP_idea_ecb(void); @@ -778,9 +833,11 @@ const EVP_CIPHER *EVP_aes_128_cfb8(void); const EVP_CIPHER *EVP_aes_128_cfb128(void); # define EVP_aes_128_cfb EVP_aes_128_cfb128 const EVP_CIPHER *EVP_aes_128_ofb(void); -# if 0 const EVP_CIPHER *EVP_aes_128_ctr(void); -# endif +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); const EVP_CIPHER *EVP_aes_192_ecb(void); const EVP_CIPHER *EVP_aes_192_cbc(void); const EVP_CIPHER *EVP_aes_192_cfb1(void); @@ -788,9 +845,10 @@ const EVP_CIPHER *EVP_aes_192_cfb8(void); const EVP_CIPHER *EVP_aes_192_cfb128(void); # define EVP_aes_192_cfb EVP_aes_192_cfb128 const EVP_CIPHER *EVP_aes_192_ofb(void); -# if 0 const EVP_CIPHER *EVP_aes_192_ctr(void); -# endif +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); const EVP_CIPHER *EVP_aes_256_cfb1(void); @@ -798,8 +856,18 @@ const EVP_CIPHER *EVP_aes_256_cfb8(void); const EVP_CIPHER *EVP_aes_256_cfb128(void); # define EVP_aes_256_cfb EVP_aes_256_cfb128 const EVP_CIPHER *EVP_aes_256_ofb(void); -# if 0 const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +# endif +# ifndef OPENSSL_NO_SHA256 +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); # endif # endif # ifndef OPENSSL_NO_CAMELLIA @@ -858,16 +926,35 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_MD *EVP_get_digestbyname(const char *name); void EVP_cleanup(void); -int EVP_PKEY_decrypt(unsigned char *dec_key, - const unsigned char *enc_key, int enc_key_len, - EVP_PKEY *private_key); -int EVP_PKEY_encrypt(unsigned char *enc_key, - const unsigned char *key, int key_len, - EVP_PKEY *pub_key); +void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn) + (const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); + +void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph, + const char *from, const char *to, void *x), + void *arg); +void EVP_MD_do_all_sorted(void (*fn) + (const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); + +int EVP_PKEY_decrypt_old(unsigned char *dec_key, + const unsigned char *enc_key, int enc_key_len, + EVP_PKEY *private_key); +int EVP_PKEY_encrypt_old(unsigned char *enc_key, + const unsigned char *key, int key_len, + EVP_PKEY *pub_key); int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_bits(EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); -int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +void *EVP_PKEY_get0(EVP_PKEY *pkey); # ifndef OPENSSL_NO_RSA struct rsa_st; @@ -910,6 +997,15 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + int EVP_CIPHER_type(const EVP_CIPHER *ctx); /* calls methods */ @@ -927,6 +1023,9 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out); int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); @@ -935,26 +1034,334 @@ void PKCS5_PBE_add(void); int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +# define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +# define EVP_PBE_TYPE_PRF 0x1 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); void EVP_PBE_cleanup(void); -# ifdef OPENSSL_FIPS -# ifndef OPENSSL_NO_ENGINE -void int_EVP_MD_set_engine_callbacks(int (*eng_md_init) (ENGINE *impl), - int (*eng_md_fin) (ENGINE *impl), - int (*eng_md_evp) - (EVP_MD_CTX *ctx, const EVP_MD **ptype, - ENGINE *impl)); -void int_EVP_MD_init_engine_callbacks(void); -void int_EVP_CIPHER_set_engine_callbacks(int (*eng_ciph_fin) (ENGINE *impl), - int (*eng_ciph_evp) - (EVP_CIPHER_CTX *ctx, - const EVP_CIPHER **pciph, - ENGINE *impl)); -void int_EVP_CIPHER_init_engine_callbacks(void); -# endif -# endif +# define ASN1_PKEY_ALIAS 0x1 +# define ASN1_PKEY_DYNAMIC 0x2 +# define ASN1_PKEY_SIGPARAM_NULL 0x4 + +# define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +# define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +# define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +# define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +# define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode) (EVP_PKEY *pk, + X509_PUBKEY *pub), + int (*pub_encode) (X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size) (const EVP_PKEY *pk), + int (*pkey_bits) (const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, + PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode) (const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing) (const EVP_PKEY *pk), + int (*param_copy) (EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free) (EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, + long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + +# define EVP_PKEY_OP_UNDEFINED 0 +# define EVP_PKEY_OP_PARAMGEN (1<<1) +# define EVP_PKEY_OP_KEYGEN (1<<2) +# define EVP_PKEY_OP_SIGN (1<<3) +# define EVP_PKEY_OP_VERIFY (1<<4) +# define EVP_PKEY_OP_VERIFYRECOVER (1<<5) +# define EVP_PKEY_OP_SIGNCTX (1<<6) +# define EVP_PKEY_OP_VERIFYCTX (1<<7) +# define EVP_PKEY_OP_ENCRYPT (1<<8) +# define EVP_PKEY_OP_DECRYPT (1<<9) +# define EVP_PKEY_OP_DERIVE (1<<10) + +# define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +# define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +# define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) + +# define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +# define EVP_PKEY_CTX_set_signature_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd) + +# define EVP_PKEY_CTRL_MD 1 +# define EVP_PKEY_CTRL_PEER_KEY 2 + +# define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +# define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +# define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +# define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +# define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +# define EVP_PKEY_CTRL_SET_IV 8 + +# define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +# define EVP_PKEY_CTRL_CMS_DECRYPT 10 +# define EVP_PKEY_CTRL_CMS_SIGN 11 + +# define EVP_PKEY_CTRL_CIPHER 12 + +# define EVP_PKEY_CTRL_GET_MD 13 + +# define EVP_PKEY_ALG_CTRL 0x1000 + +# define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* + * Method handles all operations: don't assume any digest related defaults. + */ +# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + const unsigned char *key, int keylen); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb (EVP_PKEY_CTX *ctx); + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); void EVP_add_alg_module(void); @@ -968,51 +1375,88 @@ void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ /* Function codes. */ +# define EVP_F_AESNI_INIT_KEY 165 +# define EVP_F_AESNI_XTS_CIPHER 176 # define EVP_F_AES_INIT_KEY 133 -# define EVP_F_ALG_MODULE_INIT 138 +# define EVP_F_AES_T4_INIT_KEY 178 +# define EVP_F_AES_XTS 172 +# define EVP_F_AES_XTS_CIPHER 175 +# define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_CAMELLIA_INIT_KEY 159 +# define EVP_F_CMAC_INIT 173 +# define EVP_F_CMLL_T4_INIT_KEY 179 # define EVP_F_D2I_PKEY 100 -# define EVP_F_DO_EVP_ENC_ENGINE 140 -# define EVP_F_DO_EVP_ENC_ENGINE_FULL 141 -# define EVP_F_DO_EVP_MD_ENGINE 139 -# define EVP_F_DO_EVP_MD_ENGINE_FULL 142 +# define EVP_F_DO_SIGVER_INIT 161 # define EVP_F_DSAPKEY2PKCS8 134 # define EVP_F_DSA_PKEY2PKCS8 135 # define EVP_F_ECDSA_PKEY2PKCS8 129 # define EVP_F_ECKEY_PKEY2PKCS8 132 -# define EVP_F_EVP_CIPHERINIT 137 # define EVP_F_EVP_CIPHERINIT_EX 123 +# define EVP_F_EVP_CIPHER_CTX_COPY 163 # define EVP_F_EVP_CIPHER_CTX_CTRL 124 # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 # define EVP_F_EVP_DECRYPTFINAL_EX 101 -# define EVP_F_EVP_DIGESTINIT 136 # define EVP_F_EVP_DIGESTINIT_EX 128 # define EVP_F_EVP_ENCRYPTFINAL_EX 127 # define EVP_F_EVP_MD_CTX_COPY_EX 110 +# define EVP_F_EVP_MD_SIZE 162 # define EVP_F_EVP_OPENINIT 102 # define EVP_F_EVP_PBE_ALG_ADD 115 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 # define EVP_F_EVP_PBE_CIPHERINIT 116 # define EVP_F_EVP_PKCS82PKEY 111 +# define EVP_F_EVP_PKCS82PKEY_BROKEN 136 # define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 # define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +# define EVP_F_EVP_PKEY_CTX_CTRL 137 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +# define EVP_F_EVP_PKEY_CTX_DUP 156 # define EVP_F_EVP_PKEY_DECRYPT 104 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +# define EVP_F_EVP_PKEY_DERIVE 153 +# define EVP_F_EVP_PKEY_DERIVE_INIT 154 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 # define EVP_F_EVP_PKEY_ENCRYPT 105 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 # define EVP_F_EVP_PKEY_GET1_DH 119 # define EVP_F_EVP_PKEY_GET1_DSA 120 # define EVP_F_EVP_PKEY_GET1_ECDSA 130 # define EVP_F_EVP_PKEY_GET1_EC_KEY 131 # define EVP_F_EVP_PKEY_GET1_RSA 121 +# define EVP_F_EVP_PKEY_KEYGEN 146 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 # define EVP_F_EVP_PKEY_NEW 106 +# define EVP_F_EVP_PKEY_PARAMGEN 148 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +# define EVP_F_EVP_PKEY_SIGN 140 +# define EVP_F_EVP_PKEY_SIGN_INIT 141 +# define EVP_F_EVP_PKEY_VERIFY 142 +# define EVP_F_EVP_PKEY_VERIFY_INIT 143 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 # define EVP_F_EVP_RIJNDAEL 126 # define EVP_F_EVP_SIGNFINAL 107 # define EVP_F_EVP_VERIFYFINAL 108 +# define EVP_F_FIPS_CIPHERINIT 166 +# define EVP_F_FIPS_CIPHER_CTX_COPY 170 +# define EVP_F_FIPS_CIPHER_CTX_CTRL 167 +# define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 +# define EVP_F_FIPS_DIGESTINIT 168 +# define EVP_F_FIPS_MD_CTX_COPY 169 +# define EVP_F_HMAC_INIT_EX 174 +# define EVP_F_INT_CTX_NEW 157 # define EVP_F_PKCS5_PBE_KEYIVGEN 117 # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 # define EVP_F_PKCS8_SET_BROKEN 112 +# define EVP_F_PKEY_SET_TYPE 158 # define EVP_F_RC2_MAGIC_TO_METH 109 # define EVP_F_RC5_CTRL 125 /* Reason codes. */ +# define EVP_R_AES_IV_SETUP_FAILED 162 # define EVP_R_AES_KEY_SETUP_FAILED 143 # define EVP_R_ASN1_LIB 140 # define EVP_R_BAD_BLOCK_LENGTH 136 @@ -1020,41 +1464,59 @@ void ERR_load_EVP_strings(void); # define EVP_R_BAD_KEY_LENGTH 137 # define EVP_R_BN_DECODE_ERROR 112 # define EVP_R_BN_PUBKEY_ERROR 113 +# define EVP_R_BUFFER_TOO_SMALL 155 # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 # define EVP_R_CIPHER_PARAMETER_ERROR 122 +# define EVP_R_COMMAND_NOT_SUPPORTED 147 # define EVP_R_CTRL_NOT_IMPLEMENTED 132 # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 # define EVP_R_DECODE_ERROR 114 # define EVP_R_DIFFERENT_KEY_TYPES 101 -# define EVP_R_DISABLED_FOR_FIPS 144 +# define EVP_R_DIFFERENT_PARAMETERS 153 +# define EVP_R_DISABLED_FOR_FIPS 163 # define EVP_R_ENCODE_ERROR 115 -# define EVP_R_ERROR_LOADING_SECTION 145 -# define EVP_R_ERROR_SETTING_FIPS_MODE 146 +# define EVP_R_ERROR_LOADING_SECTION 165 +# define EVP_R_ERROR_SETTING_FIPS_MODE 166 # define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 # define EVP_R_EXPECTING_AN_RSA_KEY 127 # define EVP_R_EXPECTING_A_DH_KEY 128 # define EVP_R_EXPECTING_A_DSA_KEY 129 # define EVP_R_EXPECTING_A_ECDSA_KEY 141 # define EVP_R_EXPECTING_A_EC_KEY 142 -# define EVP_R_FIPS_MODE_NOT_SUPPORTED 147 +# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 # define EVP_R_INITIALIZATION_ERROR 134 # define EVP_R_INPUT_NOT_INITIALIZED 111 -# define EVP_R_INVALID_FIPS_MODE 148 +# define EVP_R_INVALID_DIGEST 152 +# define EVP_R_INVALID_FIPS_MODE 168 # define EVP_R_INVALID_KEY_LENGTH 130 +# define EVP_R_INVALID_OPERATION 148 # define EVP_R_IV_TOO_LARGE 102 # define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +# define EVP_R_METHOD_NOT_SUPPORTED 144 # define EVP_R_MISSING_PARAMETERS 103 # define EVP_R_NO_CIPHER_SET 131 +# define EVP_R_NO_DEFAULT_DIGEST 158 # define EVP_R_NO_DIGEST_SET 139 # define EVP_R_NO_DSA_PARAMETERS 116 +# define EVP_R_NO_KEY_SET 154 +# define EVP_R_NO_OPERATION_SET 149 # define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 # define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OPERATON_NOT_INITIALIZED 151 # define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 +# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 -# define EVP_R_UNKNOWN_OPTION 149 +# define EVP_R_TOO_LARGE 164 +# define EVP_R_UNKNOWN_CIPHER 160 +# define EVP_R_UNKNOWN_DIGEST 161 +# define EVP_R_UNKNOWN_OPTION 169 # define EVP_R_UNKNOWN_PBE_ALGORITHM 121 # define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 +# define EVP_R_UNSUPPORTED_ALGORITHM 156 # define EVP_R_UNSUPPORTED_CIPHER 107 # define EVP_R_UNSUPPORTED_KEYLENGTH 123 # define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 @@ -1062,9 +1524,9 @@ void ERR_load_EVP_strings(void); # define EVP_R_UNSUPPORTED_PRF 125 # define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 # define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 # define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 -# define EVP_R_SEED_KEY_SETUP_FAILED 162 #ifdef __cplusplus } diff --git a/Cryptlib/Include/openssl/hmac.h b/Cryptlib/Include/openssl/hmac.h index fcc2d0fe..b8b55cda 100644 --- a/Cryptlib/Include/openssl/hmac.h +++ b/Cryptlib/Include/openssl/hmac.h @@ -90,14 +90,15 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx); # define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ -void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); -void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl); -void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); -void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); +int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl); +int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); +int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len); +int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); diff --git a/Cryptlib/Include/openssl/idea.h b/Cryptlib/Include/openssl/idea.h index 60d2d95f..60759840 100644 --- a/Cryptlib/Include/openssl/idea.h +++ b/Cryptlib/Include/openssl/idea.h @@ -87,7 +87,7 @@ void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); # endif void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); -void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int enc); diff --git a/Cryptlib/Include/openssl/kssl.h b/Cryptlib/Include/openssl/kssl.h index 931b4a75..9a576728 100644 --- a/Cryptlib/Include/openssl/kssl.h +++ b/Cryptlib/Include/openssl/kssl.h @@ -71,6 +71,16 @@ # include <stdio.h> # include <ctype.h> # include <krb5.h> +# ifdef OPENSSL_SYS_WIN32 +/* + * These can sometimes get redefined indirectly by krb5 header files after + * they get undefed in ossl_typ.h + */ +# undef X509_NAME +# undef X509_EXTENSIONS +# undef OCSP_REQUEST +# undef OCSP_RESPONSE +# endif #ifdef __cplusplus extern "C" { @@ -176,6 +186,10 @@ krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, KSSL_ERR *kssl_err); unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); +void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); +KSSL_CTX *SSL_get0_kssl_ctx(SSL *s); +char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); + #ifdef __cplusplus } #endif diff --git a/Cryptlib/Include/openssl/lhash.h b/Cryptlib/Include/openssl/lhash.h index 4374be28..b6c328bf 100644 --- a/Cryptlib/Include/openssl/lhash.h +++ b/Cryptlib/Include/openssl/lhash.h @@ -99,42 +99,42 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *); */ /* First: "hash" functions */ -# define DECLARE_LHASH_HASH_FN(f_name,o_type) \ - unsigned long f_name##_LHASH_HASH(const void *); -# define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \ - unsigned long f_name##_LHASH_HASH(const void *arg) { \ - o_type a = (o_type)arg; \ - return f_name(a); } -# define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH +# define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +# define LHASH_HASH_FN(name) name##_LHASH_HASH /* Second: "compare" functions */ -# define DECLARE_LHASH_COMP_FN(f_name,o_type) \ - int f_name##_LHASH_COMP(const void *, const void *); -# define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \ - int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \ - o_type a = (o_type)arg1; \ - o_type b = (o_type)arg2; \ - return f_name(a,b); } -# define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP +# define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +# define LHASH_COMP_FN(name) name##_LHASH_COMP /* Third: "doall" functions */ -# define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(void *); -# define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(void *arg) { \ - o_type a = (o_type)arg; \ - f_name(a); } -# define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL +# define DECLARE_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *); +# define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *arg) { \ + o_type *a = arg; \ + name##_doall(a); } +# define LHASH_DOALL_FN(name) name##_LHASH_DOALL /* Fourth: "doall_arg" functions */ -# define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(void *, void *); -# define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ - o_type a = (o_type)arg1; \ - a_type b = (a_type)arg2; \ - f_name(a,b); } -# define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG +# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG typedef struct lhash_st { LHASH_NODE **b; @@ -161,7 +161,8 @@ typedef struct lhash_st { unsigned long num_retrieve_miss; unsigned long num_hash_comps; int error; -} LHASH; +} _LHASH; /* Do not use _LHASH directly, use LHASH_OF + * and friends */ # define LH_LOAD_MULT 256 @@ -171,27 +172,67 @@ typedef struct lhash_st { */ # define lh_error(lh) ((lh)->error) -LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); -void lh_free(LHASH *lh); -void *lh_insert(LHASH *lh, void *data); -void *lh_delete(LHASH *lh, const void *data); -void *lh_retrieve(LHASH *lh, const void *data); -void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); -void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); +_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); +void lh_free(_LHASH *lh); +void *lh_insert(_LHASH *lh, void *data); +void *lh_delete(_LHASH *lh, const void *data); +void *lh_retrieve(_LHASH *lh, const void *data); +void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func); +void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); unsigned long lh_strhash(const char *c); -unsigned long lh_num_items(const LHASH *lh); +unsigned long lh_num_items(const _LHASH *lh); # ifndef OPENSSL_NO_FP_API -void lh_stats(const LHASH *lh, FILE *out); -void lh_node_stats(const LHASH *lh, FILE *out); -void lh_node_usage_stats(const LHASH *lh, FILE *out); +void lh_stats(const _LHASH *lh, FILE *out); +void lh_node_stats(const _LHASH *lh, FILE *out); +void lh_node_usage_stats(const _LHASH *lh, FILE *out); # endif # ifndef OPENSSL_NO_BIO -void lh_stats_bio(const LHASH *lh, BIO *out); -void lh_node_stats_bio(const LHASH *lh, BIO *out); -void lh_node_usage_stats_bio(const LHASH *lh, BIO *out); +void lh_stats_bio(const _LHASH *lh, BIO *out); +void lh_node_stats_bio(const _LHASH *lh, BIO *out); +void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); # endif + +/* Type checking... */ + +# define LHASH_OF(type) struct lhash_st_##type + +# define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; } + +# define CHECKED_LHASH_OF(type,lh) \ + ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh)) + +/* Define wrapper functions. */ +# define LHM_lh_new(type, name) \ + ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name))) +# define LHM_lh_error(type, lh) \ + lh_error(CHECKED_LHASH_OF(type,lh)) +# define LHM_lh_insert(type, lh, inst) \ + ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +# define LHM_lh_retrieve(type, lh, inst) \ + ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +# define LHM_lh_delete(type, lh, inst) \ + ((type *)lh_delete(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +# define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) +# define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ + lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) +# define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) +# define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) +# define LHM_lh_node_stats_bio(type, lh, out) \ + lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) +# define LHM_lh_node_usage_stats_bio(type, lh, out) \ + lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) +# define LHM_lh_stats_bio(type, lh, out) \ + lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) +# define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) + +DECLARE_LHASH_OF(OPENSSL_STRING); +DECLARE_LHASH_OF(OPENSSL_CSTRING); + #ifdef __cplusplus } #endif diff --git a/Cryptlib/Include/openssl/md4.h b/Cryptlib/Include/openssl/md4.h index a99d20a8..11fd7129 100644 --- a/Cryptlib/Include/openssl/md4.h +++ b/Cryptlib/Include/openssl/md4.h @@ -77,7 +77,7 @@ extern "C" { * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +# if defined(__LP32__) # define MD4_LONG unsigned long # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) # define MD4_LONG unsigned long diff --git a/Cryptlib/Include/openssl/md5.h b/Cryptlib/Include/openssl/md5.h index 87a9c9ec..2659038a 100644 --- a/Cryptlib/Include/openssl/md5.h +++ b/Cryptlib/Include/openssl/md5.h @@ -77,7 +77,7 @@ extern "C" { * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +# if defined(__LP32__) # define MD5_LONG unsigned long # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) # define MD5_LONG unsigned long diff --git a/Cryptlib/Include/openssl/md2.h b/Cryptlib/Include/openssl/mdc2.h index b568d3f9..7efe53bc 100644 --- a/Cryptlib/Include/openssl/md2.h +++ b/Cryptlib/Include/openssl/mdc2.h @@ -1,5 +1,5 @@ -/* crypto/md/md2.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* crypto/mdc2/mdc2.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -56,37 +56,37 @@ * [including the GNU Public Licence.] */ -#ifndef HEADER_MD2_H -# define HEADER_MD2_H +#ifndef HEADER_MDC2_H +# define HEADER_MDC2_H -# include <openssl/opensslconf.h>/* OPENSSL_NO_MD2, MD2_INT */ -# ifdef OPENSSL_NO_MD2 -# error MD2 is disabled. -# endif -# include <stddef.h> - -# define MD2_DIGEST_LENGTH 16 -# define MD2_BLOCK 16 +# include <openssl/des.h> #ifdef __cplusplus extern "C" { #endif -typedef struct MD2state_st { +# ifdef OPENSSL_NO_MDC2 +# error MDC2 is disabled. +# endif + +# define MDC2_BLOCK 8 +# define MDC2_DIGEST_LENGTH 16 + +typedef struct mdc2_ctx_st { unsigned int num; - unsigned char data[MD2_BLOCK]; - MD2_INT cksm[MD2_BLOCK]; - MD2_INT state[MD2_BLOCK]; -} MD2_CTX; + unsigned char data[MDC2_BLOCK]; + DES_cblock h, hh; + int pad_type; /* either 1 or 2, default 1 */ +} MDC2_CTX; -const char *MD2_options(void); # ifdef OPENSSL_FIPS -int private_MD2_Init(MD2_CTX *c); +int private_MDC2_Init(MDC2_CTX *c); # endif -int MD2_Init(MD2_CTX *c); -int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); -int MD2_Final(unsigned char *md, MD2_CTX *c); -unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); +int MDC2_Init(MDC2_CTX *c); +int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); +int MDC2_Final(unsigned char *md, MDC2_CTX *c); +unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); + #ifdef __cplusplus } #endif diff --git a/Cryptlib/Include/openssl/modes.h b/Cryptlib/Include/openssl/modes.h new file mode 100644 index 00000000..fd488499 --- /dev/null +++ b/Cryptlib/Include/openssl/modes.h @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Rights for redistribution and usage in source and binary + * forms are granted according to the OpenSSL license. + */ + +#include <stddef.h> + +#ifdef __cplusplus +extern "C" { +#endif +typedef void (*block128_f) (const unsigned char in[16], + unsigned char out[16], const void *key); + +typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], unsigned int *num, + block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], + unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, unsigned char ivec[16], + block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, + unsigned char *out, size_t len, + const void *key, + unsigned char ivec[16], + block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key, + block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce, + size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad, + size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp, + unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc); + +size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); + +#ifdef __cplusplus +} +#endif diff --git a/Cryptlib/Include/openssl/obj_mac.h b/Cryptlib/Include/openssl/obj_mac.h index ec6c8ea9..779c309b 100644 --- a/Cryptlib/Include/openssl/obj_mac.h +++ b/Cryptlib/Include/openssl/obj_mac.h @@ -580,6 +580,26 @@ #define NID_sha1WithRSAEncryption 65 #define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 935 +#define OBJ_pSpecified OBJ_pkcs1,9L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + #define SN_sha256WithRSAEncryption "RSA-SHA256" #define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" #define NID_sha256WithRSAEncryption 668 @@ -981,6 +1001,10 @@ #define NID_id_smime_alg_CMSRC2wrap 247 #define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + #define SN_id_smime_cd_ldap "id-smime-cd-ldap" #define NID_id_smime_cd_ldap 248 #define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L @@ -2399,6 +2423,11 @@ #define NID_no_rev_avail 403 #define OBJ_no_rev_avail OBJ_id_ce,56L +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + #define SN_netscape "Netscape" #define LN_netscape "Netscape Communications Corp." #define NID_netscape 57 @@ -2586,6 +2615,24 @@ #define NID_aes_128_cfb128 421 #define OBJ_aes_128_cfb128 OBJ_aes,4L +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + #define SN_aes_192_ecb "AES-192-ECB" #define LN_aes_192_ecb "aes-192-ecb" #define NID_aes_192_ecb 422 @@ -2606,6 +2653,24 @@ #define NID_aes_192_cfb128 425 #define OBJ_aes_192_cfb128 OBJ_aes,24L +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + #define SN_aes_256_ecb "AES-256-ECB" #define LN_aes_256_ecb "aes-256-ecb" #define NID_aes_256_ecb 426 @@ -2626,6 +2691,24 @@ #define NID_aes_256_cfb128 429 #define OBJ_aes_256_cfb128 OBJ_aes,44L +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + #define SN_aes_128_cfb1 "AES-128-CFB1" #define LN_aes_128_cfb1 "aes-128-cfb1" #define NID_aes_128_cfb1 650 @@ -2650,6 +2733,26 @@ #define LN_aes_256_cfb8 "aes-256-cfb8" #define NID_aes_256_cfb8 655 +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 + #define SN_des_cfb1 "DES-CFB1" #define LN_des_cfb1 "des-cfb1" #define NID_des_cfb1 656 @@ -2666,18 +2769,6 @@ #define LN_des_ede3_cfb8 "des-ede3-cfb8" #define NID_des_ede3_cfb8 659 -#define SN_id_aes128_wrap "id-aes128-wrap" -#define NID_id_aes128_wrap 788 -#define OBJ_id_aes128_wrap OBJ_aes,5L - -#define SN_id_aes192_wrap "id-aes192-wrap" -#define NID_id_aes192_wrap 789 -#define OBJ_id_aes192_wrap OBJ_aes,25L - -#define SN_id_aes256_wrap "id-aes256-wrap" -#define NID_id_aes256_wrap 790 -#define OBJ_id_aes256_wrap OBJ_aes,45L - #define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L #define SN_sha256 "SHA256" @@ -3810,6 +3901,18 @@ #define NID_camellia_256_cbc 753 #define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + #define OBJ_ntt_ds 0L,3L,4401L,5L #define OBJ_camellia OBJ_ntt_ds,3L,1L,9L @@ -3911,3 +4014,181 @@ #define SN_hmac "HMAC" #define LN_hmac "hmac" #define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + +#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256" +#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256" +#define NID_aes_128_cbc_hmac_sha256 948 + +#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256" +#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256" +#define NID_aes_192_cbc_hmac_sha256 949 + +#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256" +#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" +#define NID_aes_256_cbc_hmac_sha256 950 + +#define SN_dhpublicnumber "dhpublicnumber" +#define LN_dhpublicnumber "X9.42 DH" +#define NID_dhpublicnumber 920 +#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L + +#define SN_brainpoolP160r1 "brainpoolP160r1" +#define NID_brainpoolP160r1 921 +#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L + +#define SN_brainpoolP160t1 "brainpoolP160t1" +#define NID_brainpoolP160t1 922 +#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L + +#define SN_brainpoolP192r1 "brainpoolP192r1" +#define NID_brainpoolP192r1 923 +#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L + +#define SN_brainpoolP192t1 "brainpoolP192t1" +#define NID_brainpoolP192t1 924 +#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L + +#define SN_brainpoolP224r1 "brainpoolP224r1" +#define NID_brainpoolP224r1 925 +#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L + +#define SN_brainpoolP224t1 "brainpoolP224t1" +#define NID_brainpoolP224t1 926 +#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L + +#define SN_brainpoolP256r1 "brainpoolP256r1" +#define NID_brainpoolP256r1 927 +#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L + +#define SN_brainpoolP256t1 "brainpoolP256t1" +#define NID_brainpoolP256t1 928 +#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L + +#define SN_brainpoolP320r1 "brainpoolP320r1" +#define NID_brainpoolP320r1 929 +#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L + +#define SN_brainpoolP320t1 "brainpoolP320t1" +#define NID_brainpoolP320t1 930 +#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L + +#define SN_brainpoolP384r1 "brainpoolP384r1" +#define NID_brainpoolP384r1 931 +#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L + +#define SN_brainpoolP384t1 "brainpoolP384t1" +#define NID_brainpoolP384t1 932 +#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L + +#define SN_brainpoolP512r1 "brainpoolP512r1" +#define NID_brainpoolP512r1 933 +#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L + +#define SN_brainpoolP512t1 "brainpoolP512t1" +#define NID_brainpoolP512t1 934 +#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L + +#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L + +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936 +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L + +#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937 +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L + +#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938 +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L + +#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939 +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L + +#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940 +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L + +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941 +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L + +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942 +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L + +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943 +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L + +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944 +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L + +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945 +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L + +#define SN_dh_std_kdf "dh-std-kdf" +#define NID_dh_std_kdf 946 + +#define SN_dh_cofactor_kdf "dh-cofactor-kdf" +#define NID_dh_cofactor_kdf 947 + +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 951 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 952 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 953 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 954 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_jurisdictionLocalityName "jurisdictionL" +#define LN_jurisdictionLocalityName "jurisdictionLocalityName" +#define NID_jurisdictionLocalityName 955 +#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L + +#define SN_jurisdictionStateOrProvinceName "jurisdictionST" +#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define NID_jurisdictionStateOrProvinceName 956 +#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L + +#define SN_jurisdictionCountryName "jurisdictionC" +#define LN_jurisdictionCountryName "jurisdictionCountryName" +#define NID_jurisdictionCountryName 957 +#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L diff --git a/Cryptlib/Include/openssl/objects.h b/Cryptlib/Include/openssl/objects.h index 79587544..b8dafa89 100644 --- a/Cryptlib/Include/openssl/objects.h +++ b/Cryptlib/Include/openssl/objects.h @@ -1015,11 +1015,91 @@ int OBJ_txt2nid(const char *s); int OBJ_ln2nid(const char *s); int OBJ_sn2nid(const char *s); int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); -const char *OBJ_bsearch(const char *key, const char *base, int num, int size, - int (*cmp) (const void *, const void *)); -const char *OBJ_bsearch_ex(const char *key, const char *base, int num, - int size, int (*cmp) (const void *, const void *), - int flags); +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp) (const void *, const void *)); +const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, + int size, + int (*cmp) (const void *, const void *), + int flags); + +# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/*- + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignement discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, delcare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +# define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); @@ -1027,6 +1107,14 @@ int OBJ_create(const char *oid, const char *sn, const char *ln); void OBJ_cleanup(void); int OBJ_create_objects(BIO *in); +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + +extern int obj_cleanup_defer; +void check_defer(int nid); + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/Cryptlib/Include/openssl/ocsp.h b/Cryptlib/Include/openssl/ocsp.h index 026725dc..ca2ee76d 100644 --- a/Cryptlib/Include/openssl/ocsp.h +++ b/Cryptlib/Include/openssl/ocsp.h @@ -67,6 +67,7 @@ #ifndef HEADER_OCSP_H # define HEADER_OCSP_H +# include <openssl/ossl_typ.h> # include <openssl/x509.h> # include <openssl/x509v3.h> # include <openssl/safestack.h> @@ -387,17 +388,31 @@ typedef struct ocsp_service_locator_st { # define ASN1_BIT_STRING_digest(data,type,md,len) \ ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) -# define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid) - # define OCSP_CERTSTATUS_dup(cs)\ (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) -OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); -OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, +OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, int maxline); +int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx); int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline); void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, + ASN1_VALUE *val); +int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval, + const ASN1_ITEM *it); +BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, + ASN1_VALUE *val); +int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path); +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); @@ -443,7 +458,7 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags); -int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, +int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, int *pssl); int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); @@ -468,11 +483,6 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags); -ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, - void *data, STACK_OF(ASN1_OBJECT) *sk); -# define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ - ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk) - X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); X509_EXTENSION *OCSP_accept_responses_new(char **oids); @@ -549,9 +559,9 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) -char *OCSP_response_status_str(long s); -char *OCSP_cert_status_str(long s); -char *OCSP_crl_reason_str(long s); +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); @@ -585,7 +595,8 @@ void ERR_load_OCSP_strings(void); # define OCSP_F_OCSP_REQUEST_VERIFY 116 # define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 # define OCSP_F_OCSP_SENDREQ_BIO 112 -# define OCSP_F_PARSE_HTTP_LINE1 117 +# define OCSP_F_OCSP_SENDREQ_NBIO 117 +# define OCSP_F_PARSE_HTTP_LINE1 118 # define OCSP_F_REQUEST_VERIFY 113 /* Reason codes. */ diff --git a/Cryptlib/Include/openssl/opensslconf.h b/Cryptlib/Include/openssl/opensslconf.h index fdc2cc3c..90a4d2c8 100644 --- a/Cryptlib/Include/openssl/opensslconf.h +++ b/Cryptlib/Include/openssl/opensslconf.h @@ -1,18 +1,15 @@ /* opensslconf.h */ /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ +#ifdef __cplusplus +extern "C" { +#endif /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND -#ifndef OPENSSL_NO_CAMELLIA -# define OPENSSL_NO_CAMELLIA -#endif -#ifndef OPENSSL_NO_CAPIENG -# define OPENSSL_NO_CAPIENG -#endif -#ifndef OPENSSL_NO_CMS -# define OPENSSL_NO_CMS +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 #endif #ifndef OPENSSL_NO_GMP # define OPENSSL_NO_GMP @@ -23,8 +20,11 @@ #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif -#ifndef OPENSSL_NO_MDC2 -# define OPENSSL_NO_MDC2 +#ifndef OPENSSL_NO_LIBUNBOUND +# define OPENSSL_NO_LIBUNBOUND +#endif +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 #endif #ifndef OPENSSL_NO_RC5 # define OPENSSL_NO_RC5 @@ -32,8 +32,17 @@ #ifndef OPENSSL_NO_RFC3779 # define OPENSSL_NO_RFC3779 #endif -#ifndef OPENSSL_NO_SEED -# define OPENSSL_NO_SEED +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_STORE +# define OPENSSL_NO_STORE +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST #endif #endif /* OPENSSL_DOING_MAKEDEPEND */ @@ -47,14 +56,8 @@ who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) -# define NO_CAMELLIA -# endif -# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG) -# define NO_CAPIENG -# endif -# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) -# define NO_CMS +# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128) +# define NO_EC_NISTP_64_GCC_128 # endif # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) # define NO_GMP @@ -65,8 +68,11 @@ # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif -# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) -# define NO_MDC2 +# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND) +# define NO_LIBUNBOUND +# endif +# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) +# define NO_MD2 # endif # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) # define NO_RC5 @@ -74,28 +80,22 @@ # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) # define NO_RFC3779 # endif -# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) -# define NO_SEED +# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) +# define NO_SCTP +# endif +# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) +# define NO_SSL_TRACE +# endif +# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) +# define NO_STORE +# endif +# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) +# define NO_UNIT_TEST # endif #endif /* crypto/opensslconf.h.in */ -#ifdef OPENSSL_DOING_MAKEDEPEND - -/* Include any symbols here that have to be explicitly set to enable a feature - * that should be visible to makedepend. - * - * [Our "make depend" doesn't actually look at this, we use actual build settings - * instead; we want to make it easy to remove subdirectories with disabled algorithms.] - */ - -#ifndef OPENSSL_FIPS -#define OPENSSL_FIPS -#endif - -#endif - /* Generate 80386 code? */ #undef I386_ONLY @@ -159,19 +159,12 @@ /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ - -/* Bypass following definition for UEFI version. */ +/* Bypass the following definitions for UEFI version. */ #if !defined(OPENSSL_SYS_UEFI) #undef SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT #define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT #endif - #endif #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) @@ -207,7 +200,7 @@ #endif #if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* Unroll the inner loop, this sometimes helps, sometimes hinders. @@ -258,3 +251,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h index 1c671fdb..c06b13ac 100644 --- a/Cryptlib/Include/openssl/opensslv.h +++ b/Cryptlib/Include/openssl/opensslv.h @@ -1,6 +1,10 @@ #ifndef HEADER_OPENSSLV_H # define HEADER_OPENSSLV_H +#ifdef __cplusplus +extern "C" { +#endif + /*- * Numeric release version identifier: * MNNFFPPS: major minor fix patch status @@ -26,11 +30,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x009081ffL +# define OPENSSL_VERSION_NUMBER 0x1000204fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-fips 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d-fips 9 Jul 2015" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d 9 Jul 2015" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT @@ -84,6 +88,10 @@ * should only keep the versions that are binary compatible with the current. */ # define SHLIB_VERSION_HISTORY "" -# define SHLIB_VERSION_NUMBER "0.9.8" +# define SHLIB_VERSION_NUMBER "1.0.0" + +#ifdef __cplusplus +} +#endif #endif /* HEADER_OPENSSLV_H */ diff --git a/Cryptlib/Include/openssl/ossl_typ.h b/Cryptlib/Include/openssl/ossl_typ.h index bfcb201f..9144ea2c 100644 --- a/Cryptlib/Include/openssl/ossl_typ.h +++ b/Cryptlib/Include/openssl/ossl_typ.h @@ -55,6 +55,10 @@ #ifndef HEADER_OPENSSL_TYPES_H # define HEADER_OPENSSL_TYPES_H +#ifdef __cplusplus +extern "C" { +#endif + # include <openssl/e_os2.h> # ifdef NO_ASN1_TYPEDEFS @@ -91,10 +95,16 @@ typedef struct asn1_string_st ASN1_TIME; typedef struct asn1_string_st ASN1_GENERALIZEDTIME; typedef struct asn1_string_st ASN1_VISIBLESTRING; typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; typedef int ASN1_BOOLEAN; typedef int ASN1_NULL; # endif +typedef struct asn1_object_st ASN1_OBJECT; + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; + # ifdef OPENSSL_SYS_WIN32 # undef X509_NAME # undef X509_EXTENSIONS @@ -122,6 +132,11 @@ typedef struct env_md_st EVP_MD; typedef struct env_md_ctx_st EVP_MD_CTX; typedef struct evp_pkey_st EVP_PKEY; +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + typedef struct dh_st DH; typedef struct dh_method DH_METHOD; @@ -139,11 +154,14 @@ typedef struct ecdsa_method ECDSA_METHOD; typedef struct x509_st X509; typedef struct X509_algor_st X509_ALGOR; typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; typedef struct x509_store_st X509_STORE; typedef struct x509_store_ctx_st X509_STORE_CTX; -typedef struct ssl_st SSL; -typedef struct ssl_ctx_st SSL_CTX; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; typedef struct v3_ext_ctx X509V3_CTX; typedef struct conf_st CONF; @@ -157,12 +175,19 @@ typedef struct ui_method_st UI_METHOD; typedef struct st_ERR_FNS ERR_FNS; typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ # define DECLARE_PKCS12_STACK_OF(type)/* Nothing */ # define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */ @@ -180,4 +205,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; typedef struct ocsp_response_st OCSP_RESPONSE; typedef struct ocsp_responder_id_st OCSP_RESPID; +#ifdef __cplusplus +} +#endif #endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/Cryptlib/Include/openssl/pem.h b/Cryptlib/Include/openssl/pem.h index 5fad903f..d61605b9 100644 --- a/Cryptlib/Include/openssl/pem.h +++ b/Cryptlib/Include/openssl/pem.h @@ -129,11 +129,13 @@ extern "C" { # define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" # define PEM_STRING_PKCS8INF "PRIVATE KEY" # define PEM_STRING_DHPARAMS "DH PARAMETERS" +# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" # define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" # define PEM_STRING_DSAPARAMS "DSA PARAMETERS" # define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" # define PEM_STRING_ECPARAMETERS "EC PARAMETERS" # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +# define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" /* @@ -180,12 +182,9 @@ typedef struct pem_ctx_st { int num_recipient; PEM_USER **recipient; - -# ifndef OPENSSL_NO_STACK - STACK *x509_chain; /* certificate chain */ -# else - char *x509_chain; /* certificate chain */ -# endif +/*- + XXX(ben): don#t think this is used! + STACK *x509_chain; / * certificate chain */ EVP_MD *md; /* signature type */ int md_enc; /* is the md encrypted or not? */ @@ -222,28 +221,19 @@ typedef struct pem_ctx_st { # define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ { \ - return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ - str, fp, \ - CHECKED_PPTR_OF(type, x), \ - cb, u); \ +return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ } # define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, type *x) \ { \ - return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ - str, fp, \ - CHECKED_PTR_OF(type, x), \ - NULL, NULL, 0, NULL, NULL); \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ } # define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, const type *x) \ { \ - return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ - str, fp, \ - CHECKED_PTR_OF(const type, x), \ - NULL, NULL, 0, NULL, NULL); \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ } # define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ @@ -251,10 +241,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, \ void *u) \ { \ - return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ - str, fp, \ - CHECKED_PTR_OF(type, x), \ - enc, kstr, klen, cb, u); \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ } # define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ @@ -262,10 +249,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, \ void *u) \ { \ - return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ - str, fp, \ - CHECKED_PTR_OF(const type, x), \ - enc, kstr, klen, cb, u); \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ } # endif @@ -273,48 +257,33 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ # define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ { \ - return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ - str, bp, \ - CHECKED_PPTR_OF(type, x), \ - cb, u); \ +return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ } # define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x) \ { \ - return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ - str, bp, \ - CHECKED_PTR_OF(type, x), \ - NULL, NULL, 0, NULL, NULL); \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ } # define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, const type *x) \ { \ - return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ - str, bp, \ - CHECKED_PTR_OF(const type, x), \ - NULL, NULL, 0, NULL, NULL); \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ } # define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ { \ - return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ - str, bp, \ - CHECKED_PTR_OF(type, x), \ - enc, kstr, klen, cb, u); \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ } # define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ { \ - return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ - str, bp, \ - CHECKED_PTR_OF(const type, x), \ - enc, kstr, klen, cb, u); \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ } # define IMPLEMENT_PEM_write(name, type, str, asn1) \ @@ -351,7 +320,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ /* These are the same except they are for the declarations */ -# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API) +# if defined(OPENSSL_NO_FP_API) # define DECLARE_PEM_read_fp(name, type) /**/ # define DECLARE_PEM_write_fp(name, type) /**/ @@ -416,127 +385,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ # define DECLARE_PEM_rw_cb(name, type) \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write_cb(name, type) -# ifdef SSLEAY_MACROS -# define PEM_write_SSL_SESSION(fp,x) \ - PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ - PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) -# define PEM_write_X509(fp,x) \ - PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -# define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ - (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ - NULL,NULL,0,NULL,NULL) -# define PEM_write_X509_CRL(fp,x) \ - PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ - fp,(char *)x, NULL,NULL,0,NULL,NULL) -# define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ - (char *)x,enc,kstr,klen,cb,u) -# define PEM_write_RSAPublicKey(fp,x) \ - PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ - PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL) -# define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ - (char *)x,enc,kstr,klen,cb,u) -# define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write((int (*)())i2d_PrivateKey,\ - (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ - bp,(char *)x,enc,kstr,klen,cb,u) -# define PEM_write_PKCS7(fp,x) \ - PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -# define PEM_write_DHparams(fp,x) \ - PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ - (char *)x,NULL,NULL,0,NULL,NULL) -# define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \ - PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ - PEM_STRING_X509,fp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -# define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ - (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) -# define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \ - (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u) -# define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \ - (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u) -# define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \ - (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u) -# define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ - (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u) -# define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ - (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u) -# define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \ - (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u) -# define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ - (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) -# define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \ - (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u) -# define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \ - (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u) -# define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \ - (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \ - (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ - (char **)x,cb,u) -# define PEM_write_bio_X509(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -# define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ - (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ - NULL,NULL,0,NULL,NULL) -# define PEM_write_bio_X509_CRL(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ - bp,(char *)x, NULL,NULL,0,NULL,NULL) -# define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ - bp,(char *)x,enc,kstr,klen,cb,u) -# define PEM_write_bio_RSAPublicKey(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ - PEM_STRING_RSA_PUBLIC,\ - bp,(char *)x,NULL,NULL,0,NULL,NULL) -# define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ - bp,(char *)x,enc,kstr,klen,cb,u) -# define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ - (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ - bp,(char *)x,enc,kstr,klen,cb,u) -# define PEM_write_bio_PKCS7(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -# define PEM_write_bio_DHparams(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ - bp,(char *)x,NULL,NULL,0,NULL,NULL) -# define PEM_write_bio_DSAparams(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ - PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL) -# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ - PEM_STRING_X509,bp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -# define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) -# define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u) -# define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u) -# define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u) -# define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u) -# define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u) -# define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u) -# define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u) -# define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u) -# define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u) -# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \ - (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\ - (char **)x,cb,u) -# endif # if 1 /* "userdata": new with OpenSSL 0.9.4 */ typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); @@ -552,30 +400,17 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, # ifndef OPENSSL_NO_BIO int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, long *len); -int PEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data, - long len); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, pem_password_cb *cb, void *u); void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, pem_password_cb *cb, void *u); - -# define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ - ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \ - name, bp, \ - CHECKED_PPTR_OF(type, x), \ - cb, u)) - -int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, char *x, +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, void *u); -# define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ - (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \ - name, bp, \ - CHECKED_PTR_OF(type, x), \ - enc, kstr, klen, cb, u)) - STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, @@ -583,18 +418,17 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, pem_password_cb *cd, void *u); # endif -# ifndef OPENSSL_SYS_WIN16 int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len); -int PEM_write(FILE *fp, char *name, char *hdr, unsigned char *data, long len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, pem_password_cb *cb, void *u); int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, - char *x, const EVP_CIPHER *enc, unsigned char *kstr, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *callback, void *u); STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); -# endif int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, unsigned char **ek, int *ekl, @@ -613,9 +447,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key); void PEM_proc_type(char *buf, int type); void PEM_dek_info(char *buf, const char *type, int len, char *str); -# ifndef SSLEAY_MACROS - -# include <openssl/symhacks.h> +# include <openssl/symhacks.h> DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) @@ -627,24 +459,25 @@ DECLARE_PEM_rw(PKCS7, PKCS7) DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) DECLARE_PEM_rw(PKCS8, X509_SIG) DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) -# ifndef OPENSSL_NO_RSA +# ifndef OPENSSL_NO_RSA DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA) -# endif -# ifndef OPENSSL_NO_DSA +# endif +# ifndef OPENSSL_NO_DSA DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw_const(DSAparams, DSA) -# endif -# ifndef OPENSSL_NO_EC +# endif +# ifndef OPENSSL_NO_EC DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) -# endif -# ifndef OPENSSL_NO_DH +# endif +# ifndef OPENSSL_NO_DH DECLARE_PEM_rw_const(DHparams, DH) -# endif +DECLARE_PEM_write_const(DHxparams, DH) +# endif DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY) @@ -679,7 +512,20 @@ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cd, void *u); -# endif /* SSLEAY_MACROS */ +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +# ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +# endif /* BEGIN ERROR CODES */ /* @@ -691,10 +537,22 @@ void ERR_load_PEM_strings(void); /* Error codes for the PEM functions. */ /* Function codes. */ +# define PEM_F_B2I_DSS 127 +# define PEM_F_B2I_PVK_BIO 128 +# define PEM_F_B2I_RSA 129 +# define PEM_F_CHECK_BITLEN_DSA 130 +# define PEM_F_CHECK_BITLEN_RSA 131 # define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 # define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +# define PEM_F_DO_B2I 132 +# define PEM_F_DO_B2I_BIO 133 +# define PEM_F_DO_BLOB_HEADER 134 # define PEM_F_DO_PK8PKEY 126 # define PEM_F_DO_PK8PKEY_FP 125 +# define PEM_F_DO_PVK_BODY 135 +# define PEM_F_DO_PVK_HEADER 136 +# define PEM_F_I2B_PVK 137 +# define PEM_F_I2B_PVK_BIO 138 # define PEM_F_LOAD_IV 101 # define PEM_F_PEM_ASN1_READ 102 # define PEM_F_PEM_ASN1_READ_BIO 103 @@ -707,13 +565,17 @@ void ERR_load_PEM_strings(void); # define PEM_F_PEM_PK8PKEY 119 # define PEM_F_PEM_READ 108 # define PEM_F_PEM_READ_BIO 109 +# define PEM_F_PEM_READ_BIO_DHPARAMS 141 +# define PEM_F_PEM_READ_BIO_PARAMETERS 140 # define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +# define PEM_F_PEM_READ_DHPARAMS 142 # define PEM_F_PEM_READ_PRIVATEKEY 124 # define PEM_F_PEM_SEALFINAL 110 # define PEM_F_PEM_SEALINIT 111 # define PEM_F_PEM_SIGNFINAL 112 # define PEM_F_PEM_WRITE 113 # define PEM_F_PEM_WRITE_BIO 114 +# define PEM_F_PEM_WRITE_PRIVATEKEY 139 # define PEM_F_PEM_X509_INFO_READ 115 # define PEM_F_PEM_X509_INFO_READ_BIO 116 # define PEM_F_PEM_X509_INFO_WRITE_BIO 117 @@ -723,18 +585,30 @@ void ERR_load_PEM_strings(void); # define PEM_R_BAD_DECRYPT 101 # define PEM_R_BAD_END_LINE 102 # define PEM_R_BAD_IV_CHARS 103 +# define PEM_R_BAD_MAGIC_NUMBER 116 # define PEM_R_BAD_PASSWORD_READ 104 +# define PEM_R_BAD_VERSION_NUMBER 117 +# define PEM_R_BIO_WRITE_FAILURE 118 +# define PEM_R_CIPHER_IS_NULL 127 # define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_INCONSISTENT_HEADER 121 +# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +# define PEM_R_KEYBLOB_TOO_SHORT 123 # define PEM_R_NOT_DEK_INFO 105 # define PEM_R_NOT_ENCRYPTED 106 # define PEM_R_NOT_PROC_TYPE 107 # define PEM_R_NO_START_LINE 108 # define PEM_R_PROBLEMS_GETTING_PASSWORD 109 # define PEM_R_PUBLIC_KEY_NO_RSA 110 +# define PEM_R_PVK_DATA_TOO_SHORT 124 +# define PEM_R_PVK_TOO_SHORT 125 # define PEM_R_READ_KEY 111 # define PEM_R_SHORT_HEADER 112 # define PEM_R_UNSUPPORTED_CIPHER 113 # define PEM_R_UNSUPPORTED_ENCRYPTION 114 +# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 #ifdef __cplusplus } diff --git a/Cryptlib/Include/openssl/pkcs12.h b/Cryptlib/Include/openssl/pkcs12.h index 90959f65..a39adf5e 100644 --- a/Cryptlib/Include/openssl/pkcs12.h +++ b/Cryptlib/Include/openssl/pkcs12.h @@ -111,7 +111,7 @@ typedef struct { PKCS7 *authsafes; } PKCS12; -PREDECLARE_STACK_OF(PKCS12_SAFEBAG) typedef struct { +typedef struct { ASN1_OBJECT *type; union { struct pkcs12_bag_st *bag; /* secret, crl and certbag */ @@ -239,16 +239,10 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, const EVP_MD *md_type); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type); -# if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE) -/* Rename these functions to avoid name clashes on NetWare OS */ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); char *OPENSSL_uni2asc(unsigned char *uni, int unilen); -# else -unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, - int *unilen); -char *uni2asc(unsigned char *uni, int unilen); -# endif + DECLARE_ASN1_FUNCTIONS(PKCS12) DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) diff --git a/Cryptlib/Include/openssl/pkcs7.h b/Cryptlib/Include/openssl/pkcs7.h index 201f2890..b51b3863 100644 --- a/Cryptlib/Include/openssl/pkcs7.h +++ b/Cryptlib/Include/openssl/pkcs7.h @@ -215,7 +215,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7) # define PKCS7_type_is_signedAndEnveloped(a) \ (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) # define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) - # define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) # define PKCS7_set_detached(p,v) \ @@ -225,14 +224,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7) # define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) -# ifdef SSLEAY_MACROS -# ifndef PKCS7_ISSUER_AND_SERIAL_digest -# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ - (char *)data,md,len) -# endif -# endif - /* S/MIME related flags */ # define PKCS7_TEXT 0x1 @@ -249,6 +240,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) # define PKCS7_CRLFEOL 0x800 # define PKCS7_STREAM 0x1000 # define PKCS7_NOCRL 0x2000 +# define PKCS7_PARTIAL 0x4000 +# define PKCS7_REUSE_DIGEST 0x8000 /* Flags: for compatibility with older code */ @@ -264,18 +257,18 @@ DECLARE_PKCS12_STACK_OF(PKCS7) DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) -# ifndef SSLEAY_MACROS int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, unsigned char *md, unsigned int *len); -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_FP_API PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); -# endif +# endif PKCS7 *PKCS7_dup(PKCS7 *p7); PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); -# endif +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) @@ -291,6 +284,7 @@ DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); @@ -299,6 +293,7 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); @@ -319,9 +314,13 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); @@ -338,6 +337,12 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, @@ -352,10 +357,15 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); -int SMIME_crlf_copy(BIO *in, BIO *out, int flags); -int SMIME_text(BIO *in, BIO *out); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); /* BEGIN ERROR CODES */ /* @@ -369,12 +379,17 @@ void ERR_load_PKCS7_strings(void); /* Function codes. */ # define PKCS7_F_B64_READ_PKCS7 120 # define PKCS7_F_B64_WRITE_PKCS7 121 +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +# define PKCS7_F_I2D_PKCS7_BIO_STREAM 140 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 # define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 # define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 # define PKCS7_F_PKCS7_ADD_CRL 101 # define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 # define PKCS7_F_PKCS7_ADD_SIGNER 103 # define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 # define PKCS7_F_PKCS7_CTRL 104 # define PKCS7_F_PKCS7_DATADECODE 112 # define PKCS7_F_PKCS7_DATAFINAL 128 @@ -382,15 +397,22 @@ void ERR_load_PKCS7_strings(void); # define PKCS7_F_PKCS7_DATASIGN 106 # define PKCS7_F_PKCS7_DATAVERIFY 107 # define PKCS7_F_PKCS7_DECRYPT 114 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +# define PKCS7_F_PKCS7_ENCODE_RINFO 132 # define PKCS7_F_PKCS7_ENCRYPT 115 +# define PKCS7_F_PKCS7_FINAL 134 # define PKCS7_F_PKCS7_FIND_DIGEST 127 # define PKCS7_F_PKCS7_GET0_SIGNERS 124 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 # define PKCS7_F_PKCS7_SET_CIPHER 108 # define PKCS7_F_PKCS7_SET_CONTENT 109 # define PKCS7_F_PKCS7_SET_DIGEST 126 # define PKCS7_F_PKCS7_SET_TYPE 110 # define PKCS7_F_PKCS7_SIGN 116 # define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 # define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 # define PKCS7_F_PKCS7_VERIFY 117 # define PKCS7_F_SMIME_READ_PKCS7 122 @@ -401,20 +423,26 @@ void ERR_load_PKCS7_strings(void); # define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 # define PKCS7_R_CIPHER_NOT_INITIALIZED 116 # define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 # define PKCS7_R_DECODE_ERROR 130 # define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 # define PKCS7_R_DECRYPT_ERROR 119 # define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 # define PKCS7_R_ERROR_ADDING_RECIPIENT 120 # define PKCS7_R_ERROR_SETTING_CIPHER 121 # define PKCS7_R_INVALID_MIME_TYPE 131 # define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 # define PKCS7_R_MIME_NO_CONTENT_TYPE 132 # define PKCS7_R_MIME_PARSE_ERROR 133 # define PKCS7_R_MIME_SIG_PARSE_ERROR 134 # define PKCS7_R_MISSING_CERIPEND_INFO 103 # define PKCS7_R_NO_CONTENT 122 # define PKCS7_R_NO_CONTENT_TYPE 135 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 # define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 # define PKCS7_R_NO_MULTIPART_BOUNDARY 137 # define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 @@ -424,6 +452,7 @@ void ERR_load_PKCS7_strings(void); # define PKCS7_R_NO_SIG_CONTENT_TYPE 138 # define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 # define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 # define PKCS7_R_PKCS7_DATAFINAL 126 # define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 # define PKCS7_R_PKCS7_DATASIGN 145 @@ -432,6 +461,8 @@ void ERR_load_PKCS7_strings(void); # define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 # define PKCS7_R_SIGNATURE_FAILURE 105 # define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 # define PKCS7_R_SIG_INVALID_MIME_TYPE 141 # define PKCS7_R_SMIME_TEXT_ERROR 129 # define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 diff --git a/Cryptlib/Include/openssl/pq_compat.h b/Cryptlib/Include/openssl/pq_compat.h deleted file mode 100644 index 974cd051..00000000 --- a/Cryptlib/Include/openssl/pq_compat.h +++ /dev/null @@ -1,152 +0,0 @@ -/* crypto/pqueue/pqueue_compat.h */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_PQ_COMPAT_H -# define HEADER_PQ_COMPAT_H - -# include <openssl/opensslconf.h> -# include <openssl/bn.h> - -/* - * The purpose of this header file is for supporting 64-bit integer - * manipulation on 32-bit (and lower) machines. Currently the only - * such environment is VMS, Utrix and those with smaller default integer - * sizes than 32 bits. For all such environment, we fall back to using - * BIGNUM. We may need to fine tune the conditions for systems that - * are incorrectly configured. - * - * The only clients of this code are (1) pqueue for priority, and - * (2) DTLS, for sequence number manipulation. - */ - -# if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT) - -# define PQ_64BIT_IS_INTEGER 0 -# define PQ_64BIT_IS_BIGNUM 1 - -# define PQ_64BIT BIGNUM -# define PQ_64BIT_CTX BN_CTX - -# define pq_64bit_init(x) BN_init(x) -# define pq_64bit_free(x) BN_free(x) - -# define pq_64bit_ctx_new(ctx) BN_CTX_new() -# define pq_64bit_ctx_free(x) BN_CTX_free(x) - -# define pq_64bit_assign(x, y) BN_copy(x, y) -# define pq_64bit_assign_word(x, y) BN_set_word(x, y) -# define pq_64bit_gt(x, y) BN_ucmp(x, y) >= 1 ? 1 : 0 -# define pq_64bit_eq(x, y) BN_ucmp(x, y) == 0 ? 1 : 0 -# define pq_64bit_add_word(x, w) BN_add_word(x, w) -# define pq_64bit_sub(r, x, y) BN_sub(r, x, y) -# define pq_64bit_sub_word(x, w) BN_sub_word(x, w) -# define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx) - -# define pq_64bit_bin2num(bn, bytes, len) BN_bin2bn(bytes, len, bn) -# define pq_64bit_num2bin(bn, bytes) BN_bn2bin(bn, bytes) -# define pq_64bit_get_word(x) BN_get_word(x) -# define pq_64bit_is_bit_set(x, offset) BN_is_bit_set(x, offset) -# define pq_64bit_lshift(r, x, shift) BN_lshift(r, x, shift) -# define pq_64bit_set_bit(x, num) BN_set_bit(x, num) -# define pq_64bit_get_length(x) BN_num_bits((x)) - -# else - -# define PQ_64BIT_IS_INTEGER 1 -# define PQ_64BIT_IS_BIGNUM 0 - -# if defined(SIXTY_FOUR_BIT) -# define PQ_64BIT BN_ULONG -# define PQ_64BIT_PRINT "%lld" -# elif defined(SIXTY_FOUR_BIT_LONG) -# define PQ_64BIT BN_ULONG -# define PQ_64BIT_PRINT "%ld" -# elif defined(THIRTY_TWO_BIT) -# define PQ_64BIT BN_ULLONG -# define PQ_64BIT_PRINT "%lld" -# endif - -# define PQ_64BIT_CTX void - -# define pq_64bit_init(x) -# define pq_64bit_free(x) -# define pq_64bit_ctx_new(ctx) (ctx) -# define pq_64bit_ctx_free(x) - -# define pq_64bit_assign(x, y) (*(x) = *(y)) -# define pq_64bit_assign_word(x, y) (*(x) = y) -# define pq_64bit_gt(x, y) (*(x) > *(y)) -# define pq_64bit_eq(x, y) (*(x) == *(y)) -# define pq_64bit_add_word(x, w) (*(x) = (*(x) + (w))) -# define pq_64bit_sub(r, x, y) (*(r) = (*(x) - *(y))) -# define pq_64bit_sub_word(x, w) (*(x) = (*(x) - (w))) -# define pq_64bit_mod(r, x, n, ctx) - -# define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num) -# define pq_64bit_num2bin(num, bytes) long_long_to_bytes(num, bytes) -# define pq_64bit_get_word(x) *(x) -# define pq_64bit_lshift(r, x, shift) (*(r) = (*(x) << (shift))) -# define pq_64bit_set_bit(x, num) do { \ - PQ_64BIT mask = 1; \ - mask = mask << (num); \ - *(x) |= mask; \ - } while(0) -# endif /* OPENSSL_SYS_VMS */ - -#endif diff --git a/Cryptlib/Include/openssl/pqueue.h b/Cryptlib/Include/openssl/pqueue.h index 7b235801..d40d9c7d 100644 --- a/Cryptlib/Include/openssl/pqueue.h +++ b/Cryptlib/Include/openssl/pqueue.h @@ -64,19 +64,20 @@ # include <stdlib.h> # include <string.h> -# include <openssl/pq_compat.h> - +#ifdef __cplusplus +extern "C" { +#endif typedef struct _pqueue *pqueue; typedef struct _pitem { - PQ_64BIT priority; + unsigned char priority[8]; /* 64-bit value in big-endian encoding */ void *data; struct _pitem *next; } pitem; typedef struct _pitem *piterator; -pitem *pitem_new(PQ_64BIT priority, void *data); +pitem *pitem_new(unsigned char *prio64be, void *data); void pitem_free(pitem *item); pqueue pqueue_new(void); @@ -85,11 +86,14 @@ void pqueue_free(pqueue pq); pitem *pqueue_insert(pqueue pq, pitem *item); pitem *pqueue_peek(pqueue pq); pitem *pqueue_pop(pqueue pq); -pitem *pqueue_find(pqueue pq, PQ_64BIT priority); +pitem *pqueue_find(pqueue pq, unsigned char *prio64be); pitem *pqueue_iterator(pqueue pq); pitem *pqueue_next(piterator *iter); void pqueue_print(pqueue pq); int pqueue_size(pqueue pq); +#ifdef __cplusplus +} +#endif #endif /* ! HEADER_PQUEUE_H */ diff --git a/Cryptlib/Include/openssl/rand.h b/Cryptlib/Include/openssl/rand.h index ed1f2768..2553afda 100644 --- a/Cryptlib/Include/openssl/rand.h +++ b/Cryptlib/Include/openssl/rand.h @@ -72,7 +72,7 @@ extern "C" { #endif # if defined(OPENSSL_FIPS) -# define FIPS_RAND_SIZE_T int +# define FIPS_RAND_SIZE_T size_t # endif /* Already defined in ossl_typ.h */ @@ -110,16 +110,6 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); int RAND_egd(const char *path); int RAND_egd_bytes(const char *path, int bytes); int RAND_poll(void); -# ifndef OPENSSL_NO_ENGINE -# ifdef OPENSSL_FIPS -void int_RAND_init_engine_callbacks(void); -void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth, - const RAND_METHOD **pmeth), - const RAND_METHOD *(*get_rand_func) (const - RAND_METHOD - **pmeth)); -# endif -# endif # if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) @@ -128,6 +118,11 @@ int RAND_event(UINT, WPARAM, LPARAM); # endif +# ifdef OPENSSL_FIPS +void RAND_set_fips_drbg_type(int type, int flags); +int RAND_init_fips(void); +# endif + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -138,29 +133,16 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ -# define RAND_F_ENG_RAND_GET_RAND_METHOD 108 -# define RAND_F_FIPS_RAND 103 -# define RAND_F_FIPS_RAND_BYTES 102 -# define RAND_F_FIPS_RAND_GET_RAND_METHOD 109 -# define RAND_F_FIPS_RAND_SET_DT 106 -# define RAND_F_FIPS_SET_DT 104 -# define RAND_F_FIPS_SET_PRNG_SEED 107 -# define RAND_F_FIPS_SET_TEST_MODE 105 # define RAND_F_RAND_GET_RAND_METHOD 101 +# define RAND_F_RAND_INIT_FIPS 102 # define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ -# define RAND_R_NON_FIPS_METHOD 105 -# define RAND_R_NOT_IN_TEST_MODE 106 -# define RAND_R_NO_KEY_SET 107 -# define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 -# define RAND_R_PRNG_ERROR 108 -# define RAND_R_PRNG_KEYED 109 -# define RAND_R_PRNG_NOT_REKEYED 102 -# define RAND_R_PRNG_NOT_RESEEDED 103 +# define RAND_R_DUAL_EC_DRBG_DISABLED 104 +# define RAND_R_ERROR_INITIALISING_DRBG 102 +# define RAND_R_ERROR_INSTANTIATING_DRBG 103 +# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 # define RAND_R_PRNG_NOT_SEEDED 100 -# define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 -# define RAND_R_PRNG_STUCK 104 #ifdef __cplusplus } diff --git a/Cryptlib/Include/openssl/rc4.h b/Cryptlib/Include/openssl/rc4.h index 006f8397..39162b16 100644 --- a/Cryptlib/Include/openssl/rc4.h +++ b/Cryptlib/Include/openssl/rc4.h @@ -64,6 +64,8 @@ # error RC4 is disabled. # endif +# include <stddef.h> + #ifdef __cplusplus extern "C" { #endif @@ -74,11 +76,9 @@ typedef struct rc4_key_st { } RC4_KEY; const char *RC4_options(void); -# ifdef OPENSSL_FIPS -void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -# endif void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, +void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); #ifdef __cplusplus diff --git a/Cryptlib/Include/openssl/ripemd.h b/Cryptlib/Include/openssl/ripemd.h index 6cf74b38..b88ef25e 100644 --- a/Cryptlib/Include/openssl/ripemd.h +++ b/Cryptlib/Include/openssl/ripemd.h @@ -70,7 +70,7 @@ extern "C" { # error RIPEMD is disabled. # endif -# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +# if defined(__LP32__) # define RIPEMD160_LONG unsigned long # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) # define RIPEMD160_LONG unsigned long @@ -89,6 +89,7 @@ typedef struct RIPEMD160state_st { RIPEMD160_LONG data[RIPEMD160_LBLOCK]; unsigned int num; } RIPEMD160_CTX; + # ifdef OPENSSL_FIPS int private_RIPEMD160_Init(RIPEMD160_CTX *c); # endif diff --git a/Cryptlib/Include/openssl/rsa.h b/Cryptlib/Include/openssl/rsa.h index 4af5e353..d2ee3740 100644 --- a/Cryptlib/Include/openssl/rsa.h +++ b/Cryptlib/Include/openssl/rsa.h @@ -74,27 +74,6 @@ # error RSA is disabled. # endif -/* - * If this flag is set the RSA method is FIPS compliant and can be used in - * FIPS mode. This is set in the validated module method. If an application - * sets this flag in its own methods it is its reposibility to ensure the - * result is compliant. - */ - -# define RSA_FLAG_FIPS_METHOD 0x0400 - -/* - * If this flag is set the operations normally disabled in FIPS mode are - * permitted it is then the applications responsibility to ensure that the - * usage is compliant. - */ - -# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 - -# ifdef OPENSSL_FIPS -# define FIPS_RSA_SIZE_T int -# endif - #ifdef __cplusplus extern "C" { #endif @@ -139,7 +118,7 @@ struct rsa_meth_st { unsigned char *sigret, unsigned int *siglen, const RSA *rsa); int (*rsa_verify) (int dtype, const unsigned char *m, - unsigned int m_length, unsigned char *sigbuf, + unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); /* * If this callback is NULL, the builtin software RSA key-gen will be @@ -189,8 +168,6 @@ struct rsa_st { # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif -# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 - # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 # endif @@ -256,11 +233,84 @@ struct rsa_st { # define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME # endif +# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \ + pad, NULL) + +# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \ + EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + +# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \ + len, NULL) + +# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \ + 0, plen) + +# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +# define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd) + +# define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)pmd) + +# define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)l) + +# define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)l) + +# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) + +# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) + # define RSA_PKCS1_PADDING 1 # define RSA_SSLV23_PADDING 2 # define RSA_NO_PADDING 3 # define RSA_PKCS1_OAEP_PADDING 4 # define RSA_X931_PADDING 5 +/* EVP_PKEY_ only */ +# define RSA_PKCS1_PSS_PADDING 6 # define RSA_PKCS1_PADDING_SIZE 11 @@ -269,7 +319,7 @@ struct rsa_st { RSA *RSA_new(void); RSA *RSA_new_method(ENGINE *engine); -int RSA_size(const RSA *); +int RSA_size(const RSA *rsa); /* Deprecated version */ # ifndef OPENSSL_NO_DEPRECATED @@ -279,12 +329,6 @@ RSA *RSA_generate_key(int bits, unsigned long e, void /* New version */ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, - BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, - const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, - const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); -int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, - BN_GENCB *cb); int RSA_check_key(const RSA *); /* next 4 return -1 on error */ @@ -302,11 +346,6 @@ int RSA_up_ref(RSA *r); int RSA_flags(const RSA *r); -# ifdef OPENSSL_FIPS -RSA *FIPS_rsa_new(void); -void FIPS_rsa_free(RSA *r); -# endif - void RSA_set_default_method(const RSA_METHOD *meth); const RSA_METHOD *RSA_get_default_method(void); const RSA_METHOD *RSA_get_method(const RSA *rsa); @@ -323,6 +362,23 @@ const RSA_METHOD *RSA_null_method(void); DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) +typedef struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; +} RSA_PSS_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) + +typedef struct rsa_oaep_params_st { + X509_ALGOR *hashFunc; + X509_ALGOR *maskGenFunc; + X509_ALGOR *pSourceFunc; +} RSA_OAEP_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) + # ifndef OPENSSL_NO_FP_API int RSA_print_fp(FILE *fp, const RSA *r, int offset); # endif @@ -354,7 +410,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int RSA_sign(int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, RSA *rsa); int RSA_verify(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); /* * The following 2 function sign and verify a ASN1_OCTET_STRING object inside @@ -390,6 +446,15 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, const unsigned char *f, int fl, int rsa_len, const unsigned char *p, int pl); +int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, + int num, const unsigned char *param, + int plen, const EVP_MD *md, + const EVP_MD *mgf1md); int RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *f, int fl); int RSA_padding_check_SSLv23(unsigned char *to, int tlen, @@ -411,6 +476,15 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, const unsigned char *mHash, const EVP_MD *Hash, int sLen); +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + const unsigned char *EM, int sLen); + +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); + int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int RSA_set_ex_data(RSA *r, int idx, void *arg); @@ -419,6 +493,28 @@ void *RSA_get_ex_data(const RSA *r, int idx); RSA *RSAPublicKey_dup(RSA *rsa); RSA *RSAPrivateKey_dup(RSA *rsa); +/* + * If this flag is set the RSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. + */ + +# define RSA_FLAG_FIPS_METHOD 0x0400 + +/* + * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* + * Application has decided PRNG is good enough to generate a key: don't + * check. + */ +# define RSA_FLAG_CHECKED 0x0800 + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -429,17 +525,29 @@ void ERR_load_RSA_strings(void); /* Error codes for the RSA functions. */ /* Function codes. */ -# define RSA_F_FIPS_RSA_SIGN 140 -# define RSA_F_FIPS_RSA_VERIFY 141 +# define RSA_F_CHECK_PADDING_MD 140 +# define RSA_F_DO_RSA_PRINT 146 +# define RSA_F_INT_RSA_VERIFY 145 # define RSA_F_MEMORY_LOCK 100 +# define RSA_F_OLD_RSA_PRIV_DECODE 147 +# define RSA_F_PKEY_RSA_CTRL 143 +# define RSA_F_PKEY_RSA_CTRL_STR 144 +# define RSA_F_PKEY_RSA_SIGN 142 +# define RSA_F_PKEY_RSA_VERIFY 154 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +# define RSA_F_RSA_ALGOR_TO_MD 157 # define RSA_F_RSA_BUILTIN_KEYGEN 129 # define RSA_F_RSA_CHECK_KEY 123 +# define RSA_F_RSA_CMS_DECRYPT 158 # define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 # define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 # define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 # define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 # define RSA_F_RSA_GENERATE_KEY 105 +# define RSA_F_RSA_GENERATE_KEY_EX 155 +# define RSA_F_RSA_ITEM_VERIFY 156 # define RSA_F_RSA_MEMORY_LOCK 130 +# define RSA_F_RSA_MGF1_TO_MD 159 # define RSA_F_RSA_NEW_METHOD 106 # define RSA_F_RSA_NULL 124 # define RSA_F_RSA_NULL_MOD_EXP 131 @@ -449,29 +557,37 @@ void ERR_load_RSA_strings(void); # define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 # define RSA_F_RSA_PADDING_ADD_NONE 107 # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 160 # define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 # define RSA_F_RSA_PADDING_ADD_SSLV23 110 # define RSA_F_RSA_PADDING_ADD_X931 127 # define RSA_F_RSA_PADDING_CHECK_NONE 111 # define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 161 # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 # define RSA_F_RSA_PADDING_CHECK_SSLV23 114 # define RSA_F_RSA_PADDING_CHECK_X931 128 # define RSA_F_RSA_PRINT 115 # define RSA_F_RSA_PRINT_FP 116 -# define RSA_F_RSA_PRIVATE_ENCRYPT 137 -# define RSA_F_RSA_PUBLIC_DECRYPT 138 +# define RSA_F_RSA_PRIVATE_DECRYPT 150 +# define RSA_F_RSA_PRIVATE_ENCRYPT 151 +# define RSA_F_RSA_PRIV_DECODE 137 +# define RSA_F_RSA_PRIV_ENCODE 138 +# define RSA_F_RSA_PSS_TO_CTX 162 +# define RSA_F_RSA_PUBLIC_DECRYPT 152 +# define RSA_F_RSA_PUBLIC_ENCRYPT 153 +# define RSA_F_RSA_PUB_DECODE 139 # define RSA_F_RSA_SETUP_BLINDING 136 -# define RSA_F_RSA_SET_DEFAULT_METHOD 139 -# define RSA_F_RSA_SET_METHOD 142 # define RSA_F_RSA_SIGN 117 # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 # define RSA_F_RSA_VERIFY 119 # define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 # define RSA_F_RSA_VERIFY_PKCS1_PSS 126 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 /* Reason codes. */ # define RSA_R_ALGORITHM_MISMATCH 100 @@ -487,25 +603,39 @@ void ERR_load_RSA_strings(void); # define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 # define RSA_R_DATA_TOO_SMALL 111 # define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +# define RSA_R_DIGEST_DOES_NOT_MATCH 166 # define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 # define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 # define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 # define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 # define RSA_R_FIRST_OCTET_INVALID 133 +# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +# define RSA_R_INVALID_DIGEST 160 +# define RSA_R_INVALID_DIGEST_LENGTH 143 # define RSA_R_INVALID_HEADER 137 +# define RSA_R_INVALID_KEYBITS 145 +# define RSA_R_INVALID_LABEL 161 # define RSA_R_INVALID_MESSAGE_LENGTH 131 +# define RSA_R_INVALID_MGF1_MD 156 +# define RSA_R_INVALID_OAEP_PARAMETERS 162 # define RSA_R_INVALID_PADDING 138 +# define RSA_R_INVALID_PADDING_MODE 141 +# define RSA_R_INVALID_PSS_PARAMETERS 149 +# define RSA_R_INVALID_PSS_SALTLEN 146 +# define RSA_R_INVALID_SALT_LENGTH 150 # define RSA_R_INVALID_TRAILER 139 +# define RSA_R_INVALID_X931_DIGEST 142 # define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 # define RSA_R_KEY_SIZE_TOO_SMALL 120 # define RSA_R_LAST_OCTET_INVALID 134 # define RSA_R_MODULUS_TOO_LARGE 105 -# define RSA_R_NON_FIPS_METHOD 141 +# define RSA_R_NON_FIPS_RSA_METHOD 157 # define RSA_R_NO_PUBLIC_EXPONENT 140 # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 # define RSA_R_OAEP_DECODING_ERROR 121 -# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 +# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 +# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 # define RSA_R_P_NOT_PRIME 128 @@ -516,7 +646,16 @@ void ERR_load_RSA_strings(void); # define RSA_R_SSLV3_ROLLBACK_ATTACK 115 # define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 # define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +# define RSA_R_UNKNOWN_DIGEST 163 +# define RSA_R_UNKNOWN_MASK_DIGEST 151 # define RSA_R_UNKNOWN_PADDING_TYPE 118 +# define RSA_R_UNKNOWN_PSS_DIGEST 152 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 164 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 165 +# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +# define RSA_R_VALUE_MISSING 147 # define RSA_R_WRONG_SIGNATURE_LENGTH 119 #ifdef __cplusplus diff --git a/Cryptlib/Include/openssl/safestack.h b/Cryptlib/Include/openssl/safestack.h index 334ce9ee..1d4f87ea 100644 --- a/Cryptlib/Include/openssl/safestack.h +++ b/Cryptlib/Include/openssl/safestack.h @@ -57,173 +57,161 @@ # include <openssl/stack.h> -# ifdef DEBUG_SAFESTACK +#ifdef __cplusplus +extern "C" { +#endif -# ifndef CHECKED_PTR_OF -# define CHECKED_PTR_OF(type, p) \ +# ifndef CHECKED_PTR_OF +# define CHECKED_PTR_OF(type, p) \ ((void*) (1 ? p : (type*)0)) -# endif +# endif + +/* + * In C++ we get problems because an explicit cast is needed from (void *) we + * use CHECKED_STACK_OF to ensure the correct type is passed in the macros + * below. + */ + +# define CHECKED_STACK_OF(type, p) \ + ((_STACK*) (1 ? p : (STACK_OF(type)*)0)) -# define CHECKED_SK_FREE_FUNC(type, p) \ +# define CHECKED_SK_COPY_FUNC(type, p) \ + ((void *(*)(void *)) ((1 ? p : (type *(*)(const type *))0))) + +# define CHECKED_SK_FREE_FUNC(type, p) \ ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) -# define CHECKED_SK_CMP_FUNC(type, p) \ - ((int (*)(const char * const *, const char * const *)) \ +# define CHECKED_SK_CMP_FUNC(type, p) \ + ((int (*)(const void *, const void *)) \ ((1 ? p : (int (*)(const type * const *, const type * const *))0))) -# define STACK_OF(type) struct stack_st_##type -# define PREDECLARE_STACK_OF(type) STACK_OF(type); +# define STACK_OF(type) struct stack_st_##type +# define PREDECLARE_STACK_OF(type) STACK_OF(type); -# define DECLARE_STACK_OF(type) \ +# define DECLARE_STACK_OF(type) \ +STACK_OF(type) \ + { \ + _STACK stack; \ + }; +# define DECLARE_SPECIAL_STACK_OF(type, type2) \ STACK_OF(type) \ { \ - STACK stack; \ + _STACK stack; \ }; /* nada (obsolete in new safestack approach)*/ -# define IMPLEMENT_STACK_OF(type) +# define IMPLEMENT_STACK_OF(type) + +/*- + * Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * + * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; + +typedef const char *OPENSSL_CSTRING; + +/* + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ + +DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) + +/* + * Similarly, we sometimes use a block of characters, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ +typedef void *OPENSSL_BLOCK; +DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) /* * SKM_sk_... stack macros are internal to safestack.h: never use them * directly, use sk_<type>_... instead */ -# define SKM_sk_new(type, cmp) \ +# define SKM_sk_new(type, cmp) \ ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) -# define SKM_sk_new_null(type) \ +# define SKM_sk_new_null(type) \ ((STACK_OF(type) *)sk_new_null()) -# define SKM_sk_free(type, st) \ - sk_free(CHECKED_PTR_OF(STACK_OF(type), st)) -# define SKM_sk_num(type, st) \ - sk_num(CHECKED_PTR_OF(STACK_OF(type), st)) -# define SKM_sk_value(type, st,i) \ - ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i)) -# define SKM_sk_set(type, st,i,val) \ - sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val)) -# define SKM_sk_zero(type, st) \ - sk_zero(CHECKED_PTR_OF(STACK_OF(type), st)) -# define SKM_sk_push(type, st,val) \ - sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) -# define SKM_sk_unshift(type, st,val) \ - sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) -# define SKM_sk_find(type, st,val) \ - sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) -# define SKM_sk_delete(type, st,i) \ - (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i) -# define SKM_sk_delete_ptr(type, st,ptr) \ - (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr)) -# define SKM_sk_insert(type, st,val,i) \ - sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i) -# define SKM_sk_set_cmp_func(type, st,cmp) \ +# define SKM_sk_free(type, st) \ + sk_free(CHECKED_STACK_OF(type, st)) +# define SKM_sk_num(type, st) \ + sk_num(CHECKED_STACK_OF(type, st)) +# define SKM_sk_value(type, st,i) \ + ((type *)sk_value(CHECKED_STACK_OF(type, st), i)) +# define SKM_sk_set(type, st,i,val) \ + sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val)) +# define SKM_sk_zero(type, st) \ + sk_zero(CHECKED_STACK_OF(type, st)) +# define SKM_sk_push(type, st, val) \ + sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +# define SKM_sk_unshift(type, st, val) \ + sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +# define SKM_sk_find(type, st, val) \ + sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +# define SKM_sk_find_ex(type, st, val) \ + sk_find_ex(CHECKED_STACK_OF(type, st), \ + CHECKED_PTR_OF(type, val)) +# define SKM_sk_delete(type, st, i) \ + (type *)sk_delete(CHECKED_STACK_OF(type, st), i) +# define SKM_sk_delete_ptr(type, st, ptr) \ + (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr)) +# define SKM_sk_insert(type, st,val, i) \ + sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i) +# define SKM_sk_set_cmp_func(type, st, cmp) \ ((int (*)(const type * const *,const type * const *)) \ - sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp))) -# define SKM_sk_dup(type, st) \ - (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st)) -# define SKM_sk_pop_free(type, st,free_func) \ - sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func)) -# define SKM_sk_shift(type, st) \ - (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st)) -# define SKM_sk_pop(type, st) \ - (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st)) -# define SKM_sk_sort(type, st) \ - sk_sort(CHECKED_PTR_OF(STACK_OF(type), st)) -# define SKM_sk_is_sorted(type, st) \ - sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st)) - -# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type)*, st), \ + sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp))) +# define SKM_sk_dup(type, st) \ + (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st)) +# define SKM_sk_pop_free(type, st, free_func) \ + sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) +# define SKM_sk_deep_copy(type, st, copy_func, free_func) \ + (STACK_OF(type) *)sk_deep_copy(CHECKED_STACK_OF(type, st), CHECKED_SK_COPY_FUNC(type, copy_func), CHECKED_SK_FREE_FUNC(type, free_func)) +# define SKM_sk_shift(type, st) \ + (type *)sk_shift(CHECKED_STACK_OF(type, st)) +# define SKM_sk_pop(type, st) \ + (type *)sk_pop(CHECKED_STACK_OF(type, st)) +# define SKM_sk_sort(type, st) \ + sk_sort(CHECKED_STACK_OF(type, st)) +# define SKM_sk_is_sorted(type, st) \ + sk_is_sorted(CHECKED_STACK_OF(type, st)) +# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + (STACK_OF(type) *)d2i_ASN1_SET( \ + (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ pp, length, \ CHECKED_D2I_OF(type, d2i_func), \ CHECKED_SK_FREE_FUNC(type, free_func), \ ex_tag, ex_class) - -# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ - i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \ +# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ + i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \ CHECKED_I2D_OF(type, i2d_func), \ ex_tag, ex_class, is_set) - -# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ +# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ CHECKED_I2D_OF(type, i2d_func), buf, len) - -# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ +# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) - -# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ +# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ CHECKED_D2I_OF(type, d2i_func), \ CHECKED_SK_FREE_FUNC(type, free_func), \ pass, passlen, oct, seq) - -# else - -# define STACK_OF(type) STACK -# define PREDECLARE_STACK_OF(type) - /* nada */ -# define DECLARE_STACK_OF(type)/* nada */ -# define IMPLEMENT_STACK_OF(type) - /* nada */ - -# define SKM_sk_new(type, cmp) \ - sk_new((int (*)(const char * const *, const char * const *))(cmp)) -# define SKM_sk_new_null(type) \ - sk_new_null() -# define SKM_sk_free(type, st) \ - sk_free(st) -# define SKM_sk_num(type, st) \ - sk_num(st) -# define SKM_sk_value(type, st,i) \ - ((type *)sk_value(st, i)) -# define SKM_sk_set(type, st,i,val) \ - ((type *)sk_set(st, i,(char *)val)) -# define SKM_sk_zero(type, st) \ - sk_zero(st) -# define SKM_sk_push(type, st,val) \ - sk_push(st, (char *)val) -# define SKM_sk_unshift(type, st,val) \ - sk_unshift(st, (char *)val) -# define SKM_sk_find(type, st,val) \ - sk_find(st, (char *)val) -# define SKM_sk_delete(type, st,i) \ - ((type *)sk_delete(st, i)) -# define SKM_sk_delete_ptr(type, st,ptr) \ - ((type *)sk_delete_ptr(st,(char *)ptr)) -# define SKM_sk_insert(type, st,val,i) \ - sk_insert(st, (char *)val, i) -# define SKM_sk_set_cmp_func(type, st,cmp) \ - ((int (*)(const type * const *,const type * const *)) \ - sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp))) -# define SKM_sk_dup(type, st) \ - sk_dup(st) -# define SKM_sk_pop_free(type, st,free_func) \ - sk_pop_free(st, (void (*)(void *))free_func) -# define SKM_sk_shift(type, st) \ - ((type *)sk_shift(st)) -# define SKM_sk_pop(type, st) \ - ((type *)sk_pop(st)) -# define SKM_sk_sort(type, st) \ - sk_sort(st) -# define SKM_sk_is_sorted(type, st) \ - sk_is_sorted(st) - -# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) -# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ - i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set) - -# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ - ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len) -# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ - ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func) - -# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ - ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) - -# endif - /* * This block of defines is updated by util/mkstack.pl, please do not touch! */ -# define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st)) +# define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp)) # define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) # define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) # define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) @@ -240,12 +228,12 @@ STACK_OF(type) \ # define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) # define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) # define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) +# define sk_ACCESS_DESCRIPTION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ACCESS_DESCRIPTION, (st), (copy_func), (free_func)) # define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) # define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) # define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) # define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) - -# define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st)) +# define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp)) # define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) # define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) # define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) @@ -262,12 +250,12 @@ STACK_OF(type) \ # define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) # define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) # define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) +# define sk_ASIdOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASIdOrRange, (st), (copy_func), (free_func)) # define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) # define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) # define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) # define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) - -# define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) +# define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp)) # define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) # define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) # define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) @@ -284,12 +272,12 @@ STACK_OF(type) \ # define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) # define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) # define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) +# define sk_ASN1_GENERALSTRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_GENERALSTRING, (st), (copy_func), (free_func)) # define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) # define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) # define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) # define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) - -# define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) +# define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp)) # define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) # define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) # define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) @@ -306,12 +294,12 @@ STACK_OF(type) \ # define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) # define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) # define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) +# define sk_ASN1_INTEGER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_INTEGER, (st), (copy_func), (free_func)) # define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) # define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) # define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) # define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) - -# define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) +# define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp)) # define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) # define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) # define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) @@ -328,12 +316,12 @@ STACK_OF(type) \ # define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) # define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) # define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) +# define sk_ASN1_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_OBJECT, (st), (copy_func), (free_func)) # define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) # define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) # define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) # define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) - -# define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) +# define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp)) # define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) # define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) # define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) @@ -350,12 +338,12 @@ STACK_OF(type) \ # define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) # define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) # define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) +# define sk_ASN1_STRING_TABLE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_STRING_TABLE, (st), (copy_func), (free_func)) # define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) # define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) # define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) # define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) - -# define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) +# define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) # define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) # define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) # define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) @@ -372,12 +360,34 @@ STACK_OF(type) \ # define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) # define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) # define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) +# define sk_ASN1_TYPE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_TYPE, (st), (copy_func), (free_func)) # define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) # define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) # define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) # define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) - -# define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) +# define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp)) +# define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING) +# define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i)) +# define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val)) +# define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val)) +# define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val)) +# define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val)) +# define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val)) +# define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i)) +# define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr)) +# define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i)) +# define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp)) +# define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st) +# define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func)) +# define sk_ASN1_UTF8STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_UTF8STRING, (st), (copy_func), (free_func)) +# define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st)) +# define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st)) +# define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp)) # define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) # define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) # define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) @@ -394,12 +404,12 @@ STACK_OF(type) \ # define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) # define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) # define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) +# define sk_ASN1_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_VALUE, (st), (copy_func), (free_func)) # define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) # define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) # define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) # define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) - -# define sk_BIO_new(st) SKM_sk_new(BIO, (st)) +# define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp)) # define sk_BIO_new_null() SKM_sk_new_null(BIO) # define sk_BIO_free(st) SKM_sk_free(BIO, (st)) # define sk_BIO_num(st) SKM_sk_num(BIO, (st)) @@ -416,12 +426,56 @@ STACK_OF(type) \ # define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) # define sk_BIO_dup(st) SKM_sk_dup(BIO, st) # define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) +# define sk_BIO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BIO, (st), (copy_func), (free_func)) # define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) # define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) # define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) # define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) - -# define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st)) +# define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp)) +# define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) +# define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) +# define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) +# define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) +# define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) +# define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) +# define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) +# define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) +# define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) +# define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) +# define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) +# define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) +# define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) +# define sk_BY_DIR_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_ENTRY, (st), (copy_func), (free_func)) +# define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) +# define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp)) +# define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) +# define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) +# define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) +# define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) +# define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) +# define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) +# define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) +# define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) +# define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) +# define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) +# define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) +# define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) +# define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) +# define sk_BY_DIR_HASH_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_HASH, (st), (copy_func), (free_func)) +# define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) +# define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) +# define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp)) # define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) # define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) # define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) @@ -438,12 +492,34 @@ STACK_OF(type) \ # define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) # define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) # define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) +# define sk_CMS_CertificateChoices_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_CertificateChoices, (st), (copy_func), (free_func)) # define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) # define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) # define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) # define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) - -# define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st)) +# define sk_CMS_RecipientEncryptedKey_new(cmp) SKM_sk_new(CMS_RecipientEncryptedKey, (cmp)) +# define sk_CMS_RecipientEncryptedKey_new_null() SKM_sk_new_null(CMS_RecipientEncryptedKey) +# define sk_CMS_RecipientEncryptedKey_free(st) SKM_sk_free(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_num(st) SKM_sk_num(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_value(st, i) SKM_sk_value(CMS_RecipientEncryptedKey, (st), (i)) +# define sk_CMS_RecipientEncryptedKey_set(st, i, val) SKM_sk_set(CMS_RecipientEncryptedKey, (st), (i), (val)) +# define sk_CMS_RecipientEncryptedKey_zero(st) SKM_sk_zero(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_push(st, val) SKM_sk_push(CMS_RecipientEncryptedKey, (st), (val)) +# define sk_CMS_RecipientEncryptedKey_unshift(st, val) SKM_sk_unshift(CMS_RecipientEncryptedKey, (st), (val)) +# define sk_CMS_RecipientEncryptedKey_find(st, val) SKM_sk_find(CMS_RecipientEncryptedKey, (st), (val)) +# define sk_CMS_RecipientEncryptedKey_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientEncryptedKey, (st), (val)) +# define sk_CMS_RecipientEncryptedKey_delete(st, i) SKM_sk_delete(CMS_RecipientEncryptedKey, (st), (i)) +# define sk_CMS_RecipientEncryptedKey_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientEncryptedKey, (st), (ptr)) +# define sk_CMS_RecipientEncryptedKey_insert(st, val, i) SKM_sk_insert(CMS_RecipientEncryptedKey, (st), (val), (i)) +# define sk_CMS_RecipientEncryptedKey_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientEncryptedKey, (st), (cmp)) +# define sk_CMS_RecipientEncryptedKey_dup(st) SKM_sk_dup(CMS_RecipientEncryptedKey, st) +# define sk_CMS_RecipientEncryptedKey_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientEncryptedKey, (st), (free_func)) +# define sk_CMS_RecipientEncryptedKey_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientEncryptedKey, (st), (copy_func), (free_func)) +# define sk_CMS_RecipientEncryptedKey_shift(st) SKM_sk_shift(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_pop(st) SKM_sk_pop(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_sort(st) SKM_sk_sort(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientEncryptedKey_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientEncryptedKey, (st)) +# define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp)) # define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) # define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) # define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) @@ -460,12 +536,12 @@ STACK_OF(type) \ # define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) # define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) # define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) +# define sk_CMS_RecipientInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientInfo, (st), (copy_func), (free_func)) # define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) # define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) # define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) # define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) - -# define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st)) +# define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp)) # define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) # define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) # define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) @@ -482,12 +558,12 @@ STACK_OF(type) \ # define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) # define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) # define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) +# define sk_CMS_RevocationInfoChoice_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RevocationInfoChoice, (st), (copy_func), (free_func)) # define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) # define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) # define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) # define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) - -# define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st)) +# define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp)) # define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) # define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) # define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) @@ -504,12 +580,12 @@ STACK_OF(type) \ # define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) # define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) # define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) +# define sk_CMS_SignerInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_SignerInfo, (st), (copy_func), (free_func)) # define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) # define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) # define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) # define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) - -# define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) +# define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp)) # define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) # define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) # define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) @@ -526,12 +602,12 @@ STACK_OF(type) \ # define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) # define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) # define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) +# define sk_CONF_IMODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_IMODULE, (st), (copy_func), (free_func)) # define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) # define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) # define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) # define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) - -# define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) +# define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp)) # define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) # define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) # define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) @@ -548,12 +624,12 @@ STACK_OF(type) \ # define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) # define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) # define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) +# define sk_CONF_MODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_MODULE, (st), (copy_func), (free_func)) # define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) # define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) # define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) # define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) - -# define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) +# define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp)) # define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) # define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) # define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) @@ -570,12 +646,12 @@ STACK_OF(type) \ # define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) # define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) # define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) +# define sk_CONF_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_VALUE, (st), (copy_func), (free_func)) # define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) # define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) # define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) # define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) - -# define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) +# define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) # define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) # define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) # define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) @@ -592,12 +668,12 @@ STACK_OF(type) \ # define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) # define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) # define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) +# define sk_CRYPTO_EX_DATA_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_EX_DATA_FUNCS, (st), (copy_func), (free_func)) # define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) # define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) # define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) # define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) - -# define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) +# define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) # define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) # define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) # define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) @@ -614,12 +690,12 @@ STACK_OF(type) \ # define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) # define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) # define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) +# define sk_CRYPTO_dynlock_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_dynlock, (st), (copy_func), (free_func)) # define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) # define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) # define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) # define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) - -# define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) +# define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) # define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) # define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) # define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) @@ -636,12 +712,12 @@ STACK_OF(type) \ # define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) # define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) # define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) +# define sk_DIST_POINT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(DIST_POINT, (st), (copy_func), (free_func)) # define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) # define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) # define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) # define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) - -# define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) +# define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp)) # define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) # define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) # define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) @@ -658,12 +734,12 @@ STACK_OF(type) \ # define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) # define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) # define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) +# define sk_ENGINE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE, (st), (copy_func), (free_func)) # define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) # define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) # define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) # define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) - -# define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) +# define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp)) # define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) # define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) # define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) @@ -680,12 +756,122 @@ STACK_OF(type) \ # define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) # define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) # define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) +# define sk_ENGINE_CLEANUP_ITEM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE_CLEANUP_ITEM, (st), (copy_func), (free_func)) # define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) # define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) # define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) # define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) - -# define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) +# define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp)) +# define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID) +# define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i)) +# define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val)) +# define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val)) +# define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val)) +# define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val)) +# define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val)) +# define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i)) +# define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr)) +# define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i)) +# define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp)) +# define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st) +# define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func)) +# define sk_ESS_CERT_ID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ESS_CERT_ID, (st), (copy_func), (free_func)) +# define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) +# define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) +# define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) +# define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) +# define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) +# define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st)) +# define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i)) +# define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val)) +# define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st)) +# define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val)) +# define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val)) +# define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val)) +# define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val)) +# define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i)) +# define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr)) +# define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i)) +# define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp)) +# define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st) +# define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func)) +# define sk_EVP_MD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_MD, (st), (copy_func), (free_func)) +# define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st)) +# define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st)) +# define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) +# define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) +# define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp)) +# define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL) +# define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i)) +# define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val)) +# define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val)) +# define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val)) +# define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val)) +# define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val)) +# define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i)) +# define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr)) +# define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i)) +# define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp)) +# define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st) +# define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func)) +# define sk_EVP_PBE_CTL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PBE_CTL, (st), (copy_func), (free_func)) +# define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st)) +# define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) +# define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) +# define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) +# define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) +# define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) +# define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) +# define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) +# define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) +# define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) +# define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) +# define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) +# define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) +# define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) +# define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) +# define sk_EVP_PKEY_ASN1_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_ASN1_METHOD, (st), (copy_func), (free_func)) +# define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp)) +# define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD) +# define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i)) +# define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val)) +# define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val)) +# define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val)) +# define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val)) +# define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val)) +# define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i)) +# define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr)) +# define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i)) +# define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp)) +# define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st) +# define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func)) +# define sk_EVP_PKEY_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_METHOD, (st), (copy_func), (free_func)) +# define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) +# define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) +# define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) # define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) # define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) # define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) @@ -702,12 +888,12 @@ STACK_OF(type) \ # define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) # define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) # define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) +# define sk_GENERAL_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAME, (st), (copy_func), (free_func)) # define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) # define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) # define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) # define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) - -# define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st)) +# define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp)) # define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) # define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) # define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) @@ -724,12 +910,12 @@ STACK_OF(type) \ # define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) # define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) # define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) +# define sk_GENERAL_NAMES_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAMES, (st), (copy_func), (free_func)) # define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) # define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) # define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) # define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) - -# define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) +# define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp)) # define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) # define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) # define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) @@ -746,12 +932,12 @@ STACK_OF(type) \ # define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) # define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) # define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) +# define sk_GENERAL_SUBTREE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_SUBTREE, (st), (copy_func), (free_func)) # define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) # define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) # define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) # define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) - -# define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st)) +# define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp)) # define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) # define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) # define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) @@ -768,12 +954,12 @@ STACK_OF(type) \ # define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) # define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) # define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) +# define sk_IPAddressFamily_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressFamily, (st), (copy_func), (free_func)) # define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) # define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) # define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) # define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) - -# define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st)) +# define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp)) # define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) # define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) # define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) @@ -790,12 +976,12 @@ STACK_OF(type) \ # define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) # define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) # define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) +# define sk_IPAddressOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressOrRange, (st), (copy_func), (free_func)) # define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) # define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) # define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) # define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) - -# define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) +# define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp)) # define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) # define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) # define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) @@ -812,12 +998,12 @@ STACK_OF(type) \ # define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) # define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) # define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) +# define sk_KRB5_APREQBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_APREQBODY, (st), (copy_func), (free_func)) # define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) # define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) # define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) # define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) - -# define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) +# define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp)) # define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) # define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) # define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) @@ -834,12 +1020,12 @@ STACK_OF(type) \ # define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) # define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) # define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) +# define sk_KRB5_AUTHDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHDATA, (st), (copy_func), (free_func)) # define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) # define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) # define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) # define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) - -# define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) +# define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp)) # define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) # define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) # define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) @@ -856,12 +1042,12 @@ STACK_OF(type) \ # define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) # define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) # define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) +# define sk_KRB5_AUTHENTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHENTBODY, (st), (copy_func), (free_func)) # define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) # define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) # define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) # define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) - -# define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) +# define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp)) # define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) # define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) # define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) @@ -878,12 +1064,12 @@ STACK_OF(type) \ # define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) # define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) # define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) +# define sk_KRB5_CHECKSUM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_CHECKSUM, (st), (copy_func), (free_func)) # define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) # define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) # define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) # define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) - -# define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) +# define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp)) # define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) # define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) # define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) @@ -900,12 +1086,12 @@ STACK_OF(type) \ # define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) # define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) # define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) +# define sk_KRB5_ENCDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCDATA, (st), (copy_func), (free_func)) # define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) # define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) # define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) # define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) - -# define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) +# define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp)) # define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) # define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) # define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) @@ -922,12 +1108,12 @@ STACK_OF(type) \ # define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) # define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) # define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) +# define sk_KRB5_ENCKEY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCKEY, (st), (copy_func), (free_func)) # define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) # define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) # define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) # define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) - -# define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) +# define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp)) # define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) # define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) # define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) @@ -944,12 +1130,12 @@ STACK_OF(type) \ # define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) # define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) # define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) +# define sk_KRB5_PRINCNAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_PRINCNAME, (st), (copy_func), (free_func)) # define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) # define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) # define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) # define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) - -# define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) +# define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp)) # define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) # define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) # define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) @@ -966,12 +1152,34 @@ STACK_OF(type) \ # define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) # define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) # define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) +# define sk_KRB5_TKTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_TKTBODY, (st), (copy_func), (free_func)) # define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) # define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) # define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) # define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) - -# define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) +# define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp)) +# define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA) +# define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i)) +# define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val)) +# define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val)) +# define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val)) +# define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val)) +# define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val)) +# define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i)) +# define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr)) +# define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i)) +# define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp)) +# define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st) +# define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func)) +# define sk_MEM_OBJECT_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MEM_OBJECT_DATA, (st), (copy_func), (free_func)) +# define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st)) +# define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st)) +# define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp)) # define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) # define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) # define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) @@ -988,12 +1196,12 @@ STACK_OF(type) \ # define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) # define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) # define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) +# define sk_MIME_HEADER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_HEADER, (st), (copy_func), (free_func)) # define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) # define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) # define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) # define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) - -# define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) +# define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp)) # define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) # define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) # define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) @@ -1010,12 +1218,12 @@ STACK_OF(type) \ # define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) # define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) # define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) +# define sk_MIME_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_PARAM, (st), (copy_func), (free_func)) # define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) # define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) # define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) # define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) - -# define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) +# define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp)) # define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) # define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) # define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) @@ -1032,12 +1240,12 @@ STACK_OF(type) \ # define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) # define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) # define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) +# define sk_NAME_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(NAME_FUNCS, (st), (copy_func), (free_func)) # define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) # define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) # define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) # define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) - -# define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) +# define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp)) # define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) # define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) # define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) @@ -1054,12 +1262,12 @@ STACK_OF(type) \ # define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) # define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) # define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) +# define sk_OCSP_CERTID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_CERTID, (st), (copy_func), (free_func)) # define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) # define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) # define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) # define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) - -# define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) +# define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp)) # define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) # define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) # define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) @@ -1076,12 +1284,12 @@ STACK_OF(type) \ # define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) # define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) # define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) +# define sk_OCSP_ONEREQ_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_ONEREQ, (st), (copy_func), (free_func)) # define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) # define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) # define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) # define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) - -# define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st)) +# define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp)) # define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) # define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) # define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) @@ -1098,12 +1306,12 @@ STACK_OF(type) \ # define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) # define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) # define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) +# define sk_OCSP_RESPID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_RESPID, (st), (copy_func), (free_func)) # define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) # define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) # define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) # define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) - -# define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) +# define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp)) # define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) # define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) # define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) @@ -1120,12 +1328,12 @@ STACK_OF(type) \ # define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) # define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) # define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) +# define sk_OCSP_SINGLERESP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_SINGLERESP, (st), (copy_func), (free_func)) # define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) # define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) # define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) # define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) - -# define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) +# define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp)) # define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) # define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) # define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) @@ -1142,12 +1350,12 @@ STACK_OF(type) \ # define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) # define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) # define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) +# define sk_PKCS12_SAFEBAG_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS12_SAFEBAG, (st), (copy_func), (free_func)) # define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) # define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) # define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) # define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) - -# define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) +# define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp)) # define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) # define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) # define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) @@ -1164,12 +1372,12 @@ STACK_OF(type) \ # define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) # define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) # define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) +# define sk_PKCS7_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7, (st), (copy_func), (free_func)) # define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) # define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) # define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) # define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) - -# define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) +# define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp)) # define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) # define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) # define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) @@ -1186,12 +1394,12 @@ STACK_OF(type) \ # define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) # define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) # define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) +# define sk_PKCS7_RECIP_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_RECIP_INFO, (st), (copy_func), (free_func)) # define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) # define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) # define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) # define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) - -# define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) +# define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp)) # define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) # define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) # define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) @@ -1208,12 +1416,12 @@ STACK_OF(type) \ # define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) # define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) # define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) +# define sk_PKCS7_SIGNER_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_SIGNER_INFO, (st), (copy_func), (free_func)) # define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) # define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) # define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) # define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) - -# define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) +# define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp)) # define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) # define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) # define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) @@ -1230,12 +1438,12 @@ STACK_OF(type) \ # define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) # define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) # define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) +# define sk_POLICYINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYINFO, (st), (copy_func), (free_func)) # define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) # define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) # define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) # define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) - -# define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) +# define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp)) # define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) # define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) # define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) @@ -1252,12 +1460,12 @@ STACK_OF(type) \ # define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) # define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) # define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) +# define sk_POLICYQUALINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYQUALINFO, (st), (copy_func), (free_func)) # define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) # define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) # define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) # define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) - -# define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st)) +# define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp)) # define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) # define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) # define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) @@ -1274,12 +1482,122 @@ STACK_OF(type) \ # define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) # define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) # define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) +# define sk_POLICY_MAPPING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICY_MAPPING, (st), (copy_func), (free_func)) # define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) # define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) # define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) # define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) - -# define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) +# define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp)) +# define sk_SCT_new_null() SKM_sk_new_null(SCT) +# define sk_SCT_free(st) SKM_sk_free(SCT, (st)) +# define sk_SCT_num(st) SKM_sk_num(SCT, (st)) +# define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i)) +# define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val)) +# define sk_SCT_zero(st) SKM_sk_zero(SCT, (st)) +# define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val)) +# define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val)) +# define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val)) +# define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val)) +# define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i)) +# define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr)) +# define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i)) +# define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp)) +# define sk_SCT_dup(st) SKM_sk_dup(SCT, st) +# define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func)) +# define sk_SCT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SCT, (st), (copy_func), (free_func)) +# define sk_SCT_shift(st) SKM_sk_shift(SCT, (st)) +# define sk_SCT_pop(st) SKM_sk_pop(SCT, (st)) +# define sk_SCT_sort(st) SKM_sk_sort(SCT, (st)) +# define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st)) +# define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp)) +# define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN) +# define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st)) +# define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st)) +# define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i)) +# define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val)) +# define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st)) +# define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val)) +# define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val)) +# define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val)) +# define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val)) +# define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i)) +# define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr)) +# define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i)) +# define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp)) +# define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st) +# define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func)) +# define sk_SRP_gN_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN, (st), (copy_func), (free_func)) +# define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st)) +# define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st)) +# define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st)) +# define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st)) +# define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp)) +# define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache) +# define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i)) +# define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val)) +# define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val)) +# define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val)) +# define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val)) +# define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val)) +# define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i)) +# define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr)) +# define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i)) +# define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp)) +# define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st) +# define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func)) +# define sk_SRP_gN_cache_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN_cache, (st), (copy_func), (free_func)) +# define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st)) +# define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st)) +# define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp)) +# define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd) +# define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i)) +# define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val)) +# define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val)) +# define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val)) +# define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val)) +# define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val)) +# define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i)) +# define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr)) +# define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i)) +# define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp)) +# define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st) +# define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func)) +# define sk_SRP_user_pwd_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_user_pwd, (st), (copy_func), (free_func)) +# define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st)) +# define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st)) +# define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) +# define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) +# define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i)) +# define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val)) +# define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val)) +# define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val)) +# define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val)) +# define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val)) +# define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i)) +# define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr)) +# define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i)) +# define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp)) +# define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st) +# define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func)) +# define sk_SRTP_PROTECTION_PROFILE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRTP_PROTECTION_PROFILE, (st), (copy_func), (free_func)) +# define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st)) +# define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) # define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) # define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) # define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) @@ -1296,12 +1614,12 @@ STACK_OF(type) \ # define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) # define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) # define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) +# define sk_SSL_CIPHER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_CIPHER, (st), (copy_func), (free_func)) # define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) # define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) # define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) # define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) - -# define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) +# define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp)) # define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) # define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) # define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) @@ -1318,12 +1636,56 @@ STACK_OF(type) \ # define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) # define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) # define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) +# define sk_SSL_COMP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_COMP, (st), (copy_func), (free_func)) # define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) # define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) # define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) # define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) - -# define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp)) +# define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY) +# define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i)) +# define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val)) +# define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val)) +# define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val)) +# define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val)) +# define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val)) +# define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i)) +# define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr)) +# define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i)) +# define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp)) +# define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st) +# define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func)) +# define sk_STACK_OF_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STACK_OF_X509_NAME_ENTRY, (st), (copy_func), (free_func)) +# define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st)) +# define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp)) +# define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO) +# define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i)) +# define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val)) +# define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val)) +# define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val)) +# define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val)) +# define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val)) +# define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i)) +# define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr)) +# define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i)) +# define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp)) +# define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st) +# define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func)) +# define sk_STORE_ATTR_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_ATTR_INFO, (st), (copy_func), (free_func)) +# define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st)) +# define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st)) +# define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp)) # define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) # define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) # define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) @@ -1340,12 +1702,12 @@ STACK_OF(type) \ # define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) # define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) # define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +# define sk_STORE_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_OBJECT, (st), (copy_func), (free_func)) # define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) # define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) # define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) # define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) - -# define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) +# define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp)) # define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) # define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) # define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) @@ -1362,12 +1724,12 @@ STACK_OF(type) \ # define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) # define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) # define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) +# define sk_SXNETID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SXNETID, (st), (copy_func), (free_func)) # define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) # define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) # define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) # define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) - -# define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) +# define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) # define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) # define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) # define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) @@ -1384,12 +1746,12 @@ STACK_OF(type) \ # define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) # define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) # define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) +# define sk_UI_STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(UI_STRING, (st), (copy_func), (free_func)) # define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) # define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) # define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) # define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) - -# define sk_X509_new(st) SKM_sk_new(X509, (st)) +# define sk_X509_new(cmp) SKM_sk_new(X509, (cmp)) # define sk_X509_new_null() SKM_sk_new_null(X509) # define sk_X509_free(st) SKM_sk_free(X509, (st)) # define sk_X509_num(st) SKM_sk_num(X509, (st)) @@ -1406,12 +1768,12 @@ STACK_OF(type) \ # define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) # define sk_X509_dup(st) SKM_sk_dup(X509, st) # define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) +# define sk_X509_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509, (st), (copy_func), (free_func)) # define sk_X509_shift(st) SKM_sk_shift(X509, (st)) # define sk_X509_pop(st) SKM_sk_pop(X509, (st)) # define sk_X509_sort(st) SKM_sk_sort(X509, (st)) # define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) - -# define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) +# define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp)) # define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) # define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) # define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) @@ -1428,12 +1790,12 @@ STACK_OF(type) \ # define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) # define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) # define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) +# define sk_X509V3_EXT_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509V3_EXT_METHOD, (st), (copy_func), (free_func)) # define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) # define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) # define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) # define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) - -# define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) +# define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp)) # define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) # define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) # define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) @@ -1450,12 +1812,12 @@ STACK_OF(type) \ # define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) # define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) # define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) +# define sk_X509_ALGOR_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ALGOR, (st), (copy_func), (free_func)) # define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) # define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) # define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) # define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) - -# define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) +# define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp)) # define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) # define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) # define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) @@ -1472,12 +1834,12 @@ STACK_OF(type) \ # define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) # define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) # define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) +# define sk_X509_ATTRIBUTE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ATTRIBUTE, (st), (copy_func), (free_func)) # define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) # define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) # define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) # define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) - -# define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) +# define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp)) # define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) # define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) # define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) @@ -1494,12 +1856,12 @@ STACK_OF(type) \ # define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) # define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) # define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) +# define sk_X509_CRL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_CRL, (st), (copy_func), (free_func)) # define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) # define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) # define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) # define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) - -# define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) +# define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp)) # define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) # define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) # define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) @@ -1516,12 +1878,12 @@ STACK_OF(type) \ # define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) # define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) # define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) +# define sk_X509_EXTENSION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_EXTENSION, (st), (copy_func), (free_func)) # define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) # define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) # define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) # define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) - -# define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) +# define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp)) # define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) # define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) # define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) @@ -1538,12 +1900,12 @@ STACK_OF(type) \ # define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) # define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) # define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) +# define sk_X509_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_INFO, (st), (copy_func), (free_func)) # define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) # define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) # define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) # define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) - -# define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) +# define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp)) # define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) # define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) # define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) @@ -1560,12 +1922,12 @@ STACK_OF(type) \ # define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) # define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) # define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) +# define sk_X509_LOOKUP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_LOOKUP, (st), (copy_func), (free_func)) # define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) # define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) # define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) # define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) - -# define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) +# define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp)) # define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) # define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) # define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) @@ -1582,12 +1944,12 @@ STACK_OF(type) \ # define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) # define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) # define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) +# define sk_X509_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME, (st), (copy_func), (free_func)) # define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) # define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) # define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) # define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) - -# define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) +# define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp)) # define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) # define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) # define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) @@ -1604,12 +1966,12 @@ STACK_OF(type) \ # define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) # define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) # define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) +# define sk_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME_ENTRY, (st), (copy_func), (free_func)) # define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) # define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) # define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) # define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) - -# define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) +# define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp)) # define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) # define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) # define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) @@ -1626,12 +1988,12 @@ STACK_OF(type) \ # define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) # define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) # define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) +# define sk_X509_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_OBJECT, (st), (copy_func), (free_func)) # define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) # define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) # define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) # define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) - -# define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st)) +# define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp)) # define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) # define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) # define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) @@ -1648,12 +2010,12 @@ STACK_OF(type) \ # define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) # define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) # define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) +# define sk_X509_POLICY_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_DATA, (st), (copy_func), (free_func)) # define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) # define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) # define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) # define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) - -# define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st)) +# define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp)) # define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) # define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) # define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) @@ -1670,34 +2032,12 @@ STACK_OF(type) \ # define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) # define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) # define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) +# define sk_X509_POLICY_NODE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_NODE, (st), (copy_func), (free_func)) # define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) # define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) # define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) # define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) - -# define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st)) -# define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF) -# define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) -# define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st)) -# define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i)) -# define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val)) -# define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st)) -# define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val)) -# define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val)) -# define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val)) -# define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val)) -# define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i)) -# define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr)) -# define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i)) -# define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp)) -# define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st) -# define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func)) -# define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st)) -# define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st)) -# define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st)) -# define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st)) - -# define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) +# define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) # define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) # define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) # define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) @@ -1714,12 +2054,12 @@ STACK_OF(type) \ # define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) # define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) # define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) +# define sk_X509_PURPOSE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_PURPOSE, (st), (copy_func), (free_func)) # define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) # define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) # define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) # define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) - -# define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) +# define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) # define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) # define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) # define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) @@ -1736,12 +2076,12 @@ STACK_OF(type) \ # define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) # define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) # define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) +# define sk_X509_REVOKED_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_REVOKED, (st), (copy_func), (free_func)) # define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) # define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) # define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) # define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) - -# define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) +# define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp)) # define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) # define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) # define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) @@ -1758,12 +2098,12 @@ STACK_OF(type) \ # define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) # define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) # define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) +# define sk_X509_TRUST_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_TRUST, (st), (copy_func), (free_func)) # define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) # define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) # define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) # define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) - -# define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st)) +# define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) # define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) # define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) # define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) @@ -1780,11 +2120,127 @@ STACK_OF(type) \ # define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) # define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) # define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) +# define sk_X509_VERIFY_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_VERIFY_PARAM, (st), (copy_func), (free_func)) # define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) # define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) # define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) # define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) - +# define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp)) +# define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple) +# define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st)) +# define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st)) +# define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i)) +# define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val)) +# define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st)) +# define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val)) +# define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val)) +# define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val)) +# define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val)) +# define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i)) +# define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr)) +# define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i)) +# define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp)) +# define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st) +# define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func)) +# define sk_nid_triple_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(nid_triple, (st), (copy_func), (free_func)) +# define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st)) +# define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st)) +# define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st)) +# define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st)) +# define sk_void_new(cmp) SKM_sk_new(void, (cmp)) +# define sk_void_new_null() SKM_sk_new_null(void) +# define sk_void_free(st) SKM_sk_free(void, (st)) +# define sk_void_num(st) SKM_sk_num(void, (st)) +# define sk_void_value(st, i) SKM_sk_value(void, (st), (i)) +# define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val)) +# define sk_void_zero(st) SKM_sk_zero(void, (st)) +# define sk_void_push(st, val) SKM_sk_push(void, (st), (val)) +# define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val)) +# define sk_void_find(st, val) SKM_sk_find(void, (st), (val)) +# define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val)) +# define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i)) +# define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr)) +# define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i)) +# define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp)) +# define sk_void_dup(st) SKM_sk_dup(void, st) +# define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func)) +# define sk_void_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(void, (st), (copy_func), (free_func)) +# define sk_void_shift(st) SKM_sk_shift(void, (st)) +# define sk_void_pop(st) SKM_sk_pop(void, (st)) +# define sk_void_sort(st) SKM_sk_sort(void, (st)) +# define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) +# define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) +# define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) +# define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) +# define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) +# define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC(char, free_func)) +# define sk_OPENSSL_STRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_COPY_FUNC(char, copy_func), CHECKED_SK_FREE_FUNC(char, free_func))) +# define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) +# define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) +# define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) +# define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) +# define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) +# define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) +# define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ + ((int (*)(const char * const *,const char * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) +# define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) +# define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) +# define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) +# define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) +# define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) +# define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) +# define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) +# define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +# define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +# define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) +# define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) +# define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC(void, free_func)) +# define sk_OPENSSL_BLOCK_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_BLOCK) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_COPY_FUNC(void, copy_func), CHECKED_SK_FREE_FUNC(void, free_func))) +# define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) +# define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) +# define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) +# define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) +# define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +# define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) +# define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) +# define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) +# define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ + ((int (*)(const void * const *,const void * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) +# define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) +# define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) +# define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) +# define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) +# define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) +# define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +# define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) +# define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) +# define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func)) +# define sk_OPENSSL_PSTRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_PSTRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_COPY_FUNC(OPENSSL_STRING, copy_func), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func))) +# define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +# define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) +# define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +# define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ + ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +# define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) +# define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) # define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1793,7 +2249,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1802,7 +2257,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1811,7 +2265,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1820,7 +2273,14 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) - +# define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func)) # define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1829,7 +2289,22 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) - +# define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func)) +# define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +# define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +# define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len)) +# define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func)) # define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1838,7 +2313,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1847,7 +2321,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1856,7 +2329,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1865,7 +2337,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1874,7 +2345,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1883,7 +2353,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1892,7 +2361,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1901,7 +2369,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1910,7 +2377,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1919,7 +2385,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1928,7 +2393,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1937,7 +2401,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1946,7 +2409,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1955,7 +2417,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1964,7 +2425,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1973,7 +2433,6 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) - # define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1982,11 +2441,232 @@ STACK_OF(type) \ SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) - # define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) - # define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) - +# define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) +# define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) +# define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) +# define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst) +# define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn) +# define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg) +# define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh) +# define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh) +# define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh) +# define lh_ADDED_OBJ_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ADDED_OBJ,lh,out) +# define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out) +# define lh_ADDED_OBJ_stats_bio(lh,out) \ + LHM_lh_stats_bio(ADDED_OBJ,lh,out) +# define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) +# define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info) +# define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst) +# define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst) +# define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst) +# define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn) +# define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg) +# define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh) +# define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh) +# define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh) +# define lh_APP_INFO_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(APP_INFO,lh,out) +# define lh_APP_INFO_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(APP_INFO,lh,out) +# define lh_APP_INFO_stats_bio(lh,out) \ + LHM_lh_stats_bio(APP_INFO,lh,out) +# define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh) +# define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) +# define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst) +# define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst) +# define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst) +# define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn) +# define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg) +# define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh) +# define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh) +# define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh) +# define lh_CONF_VALUE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(CONF_VALUE,lh,out) +# define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out) +# define lh_CONF_VALUE_stats_bio(lh,out) \ + LHM_lh_stats_bio(CONF_VALUE,lh,out) +# define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) +# define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile) +# define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst) +# define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst) +# define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst) +# define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn) +# define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg) +# define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh) +# define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh) +# define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh) +# define lh_ENGINE_PILE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ENGINE_PILE,lh,out) +# define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out) +# define lh_ENGINE_PILE_stats_bio(lh,out) \ + LHM_lh_stats_bio(ENGINE_PILE,lh,out) +# define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh) +# define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) +# define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst) +# define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst) +# define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst) +# define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn) +# define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg) +# define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh) +# define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh) +# define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh) +# define lh_ERR_STATE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ERR_STATE,lh,out) +# define lh_ERR_STATE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out) +# define lh_ERR_STATE_stats_bio(lh,out) \ + LHM_lh_stats_bio(ERR_STATE,lh,out) +# define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) +# define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) +# define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst) +# define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst) +# define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst) +# define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn) +# define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg) +# define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh) +# define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh) +# define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh) +# define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out) +# define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out) +# define lh_ERR_STRING_DATA_stats_bio(lh,out) \ + LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) +# define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) +# define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) +# define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) +# define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) +# define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst) +# define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn) +# define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) +# define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) +# define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) +# define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh) +# define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out) +# define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out) +# define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ + LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) +# define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) +# define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) +# define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) +# define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) +# define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst) +# define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn) +# define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg) +# define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh) +# define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh) +# define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh) +# define lh_FUNCTION_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(FUNCTION,lh,out) +# define lh_FUNCTION_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(FUNCTION,lh,out) +# define lh_FUNCTION_stats_bio(lh,out) \ + LHM_lh_stats_bio(FUNCTION,lh,out) +# define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) +# define lh_MEM_new() LHM_lh_new(MEM,mem) +# define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst) +# define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst) +# define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst) +# define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn) +# define lh_MEM_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg) +# define lh_MEM_error(lh) LHM_lh_error(MEM,lh) +# define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh) +# define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh) +# define lh_MEM_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(MEM,lh,out) +# define lh_MEM_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(MEM,lh,out) +# define lh_MEM_stats_bio(lh,out) \ + LHM_lh_stats_bio(MEM,lh,out) +# define lh_MEM_free(lh) LHM_lh_free(MEM,lh) +# define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) +# define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst) +# define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst) +# define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst) +# define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn) +# define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg) +# define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh) +# define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh) +# define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh) +# define lh_OBJ_NAME_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OBJ_NAME,lh,out) +# define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out) +# define lh_OBJ_NAME_stats_bio(lh,out) \ + LHM_lh_stats_bio(OBJ_NAME,lh,out) +# define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) +# define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring) +# define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst) +# define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst) +# define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst) +# define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn) +# define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg) +# define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh) +# define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh) +# define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh) +# define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out) +# define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out) +# define lh_OPENSSL_CSTRING_stats_bio(lh,out) \ + LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out) +# define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh) +# define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) +# define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) +# define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) +# define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst) +# define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn) +# define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) +# define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) +# define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) +# define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh) +# define lh_OPENSSL_STRING_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out) +# define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out) +# define lh_OPENSSL_STRING_stats_bio(lh,out) \ + LHM_lh_stats_bio(OPENSSL_STRING,lh,out) +# define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) +# define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) +# define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) +# define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) +# define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst) +# define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn) +# define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg) +# define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh) +# define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh) +# define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh) +# define lh_SSL_SESSION_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(SSL_SESSION,lh,out) +# define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out) +# define lh_SSL_SESSION_stats_bio(lh,out) \ + LHM_lh_stats_bio(SSL_SESSION,lh,out) +# define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) +#ifdef __cplusplus +} +#endif #endif /* !defined HEADER_SAFESTACK_H */ diff --git a/Cryptlib/Include/openssl/seed.h b/Cryptlib/Include/openssl/seed.h new file mode 100644 index 00000000..8cbf0d92 --- /dev/null +++ b/Cryptlib/Include/openssl/seed.h @@ -0,0 +1,149 @@ +/* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of author nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_SEED_H +# define HEADER_SEED_H + +# include <openssl/opensslconf.h> +# include <openssl/e_os2.h> +# include <openssl/crypto.h> + +# ifdef OPENSSL_NO_SEED +# error SEED is disabled. +# endif + +/* look whether we need 'long' to get 32 bits */ +# ifdef AES_LONG +# ifndef SEED_LONG +# define SEED_LONG 1 +# endif +# endif + +# if !defined(NO_SYS_TYPES_H) +# include <sys/types.h> +# endif + +# define SEED_BLOCK_SIZE 16 +# define SEED_KEY_LENGTH 16 + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct seed_key_st { +# ifdef SEED_LONG + unsigned long data[32]; +# else + unsigned int data[32]; +# endif +} SEED_KEY_SCHEDULE; + +# ifdef OPENSSL_FIPS +void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks); +# endif +void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks); + +void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); +void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], + unsigned char d[SEED_BLOCK_SIZE], + const SEED_KEY_SCHEDULE *ks); + +void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, + const SEED_KEY_SCHEDULE *ks, int enc); +void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int enc); +void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num, + int enc); +void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_SEED_H */ diff --git a/Cryptlib/Include/openssl/sha.h b/Cryptlib/Include/openssl/sha.h index 8a508788..e5169e4f 100644 --- a/Cryptlib/Include/openssl/sha.h +++ b/Cryptlib/Include/openssl/sha.h @@ -81,7 +81,7 @@ extern "C" { * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +# if defined(__LP32__) # define SHA_LONG unsigned long # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) # define SHA_LONG unsigned long @@ -115,6 +115,9 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); void SHA_Transform(SHA_CTX *c, const unsigned char *data); # endif # ifndef OPENSSL_NO_SHA1 +# ifdef OPENSSL_FIPS +int private_SHA1_Init(SHA_CTX *c); +# endif int SHA1_Init(SHA_CTX *c); int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); @@ -136,6 +139,10 @@ typedef struct SHA256state_st { } SHA256_CTX; # ifndef OPENSSL_NO_SHA256 +# ifdef OPENSSL_FIPS +int private_SHA224_Init(SHA256_CTX *c); +int private_SHA256_Init(SHA256_CTX *c); +# endif int SHA224_Init(SHA256_CTX *c); int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); int SHA224_Final(unsigned char *md, SHA256_CTX *c); @@ -185,6 +192,10 @@ typedef struct SHA512state_st { # endif # ifndef OPENSSL_NO_SHA512 +# ifdef OPENSSL_FIPS +int private_SHA384_Init(SHA512_CTX *c); +int private_SHA512_Init(SHA512_CTX *c); +# endif int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); diff --git a/Cryptlib/Include/openssl/srp.h b/Cryptlib/Include/openssl/srp.h new file mode 100644 index 00000000..d072536f --- /dev/null +++ b/Cryptlib/Include/openssl/srp.h @@ -0,0 +1,169 @@ +/* crypto/srp/srp.h */ +/* + * Written by Christophe Renou (christophe.renou@edelweb.fr) with the + * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the + * EdelKey project and contributed to the OpenSSL project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef __SRP_H__ +# define __SRP_H__ + +# ifndef OPENSSL_NO_SRP + +# include <stdio.h> +# include <string.h> + +#ifdef __cplusplus +extern "C" { +#endif + +# include <openssl/safestack.h> +# include <openssl/bn.h> +# include <openssl/crypto.h> + +typedef struct SRP_gN_cache_st { + char *b64_bn; + BIGNUM *bn; +} SRP_gN_cache; + + +DECLARE_STACK_OF(SRP_gN_cache) + +typedef struct SRP_user_pwd_st { + char *id; + BIGNUM *s; + BIGNUM *v; + const BIGNUM *g; + const BIGNUM *N; + char *info; +} SRP_user_pwd; + +DECLARE_STACK_OF(SRP_user_pwd) + +typedef struct SRP_VBASE_st { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; +/* to simulate a user */ + char *seed_key; + BIGNUM *default_g; + BIGNUM *default_N; +} SRP_VBASE; + +/* + * Structure interne pour retenir les couples N et g + */ +typedef struct SRP_gN_st { + char *id; + BIGNUM *g; + BIGNUM *N; +} SRP_gN; + +DECLARE_STACK_OF(SRP_gN) + +SRP_VBASE *SRP_VBASE_new(char *seed_key); +int SRP_VBASE_free(SRP_VBASE *vb); +int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); +SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); +char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); +int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, + BIGNUM **verifier, BIGNUM *N, BIGNUM *g); + +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' + +/* see srp.c */ +char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N); +SRP_gN *SRP_get_default_gN(const char *id); + +/* server side .... */ +BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, + BIGNUM *N); +BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v); +int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N); +BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N); + +/* client side .... */ +BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass); +BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g); +BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, + BIGNUM *a, BIGNUM *u); +int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); + +# define SRP_MINIMAL_N 1024 + +#ifdef __cplusplus +} +#endif + +# endif +#endif diff --git a/Cryptlib/Include/openssl/srtp.h b/Cryptlib/Include/openssl/srtp.h new file mode 100644 index 00000000..2279c32b --- /dev/null +++ b/Cryptlib/Include/openssl/srtp.h @@ -0,0 +1,147 @@ +/* ssl/srtp.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* + * DTLS code by Eric Rescorla <ekr@rtfm.com> + * + * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc. + */ + +#ifndef HEADER_D1_SRTP_H +# define HEADER_D1_SRTP_H + +# include <openssl/ssl.h> + +#ifdef __cplusplus +extern "C" { +#endif + +# define SRTP_AES128_CM_SHA1_80 0x0001 +# define SRTP_AES128_CM_SHA1_32 0x0002 +# define SRTP_AES128_F8_SHA1_80 0x0003 +# define SRTP_AES128_F8_SHA1_32 0x0004 +# define SRTP_NULL_SHA1_80 0x0005 +# define SRTP_NULL_SHA1_32 0x0006 + +# ifndef OPENSSL_NO_SRTP + +int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); + +STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h index ee9944f9..6fe1a247 100644 --- a/Cryptlib/Include/openssl/ssl.h +++ b/Cryptlib/Include/openssl/ssl.h @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -109,62 +109,35 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. */ #ifndef HEADER_SSL_H @@ -251,56 +224,98 @@ extern "C" { # define SSL_MAX_MASTER_KEY_LENGTH 48 /* These are used to specify which ciphers to use and not to use */ + +# define SSL_TXT_EXP40 "EXPORT40" +# define SSL_TXT_EXP56 "EXPORT56" # define SSL_TXT_LOW "LOW" # define SSL_TXT_MEDIUM "MEDIUM" # define SSL_TXT_HIGH "HIGH" # define SSL_TXT_FIPS "FIPS" -# define SSL_TXT_kFZA "kFZA" -# define SSL_TXT_aFZA "aFZA" -# define SSL_TXT_eFZA "eFZA" -# define SSL_TXT_FZA "FZA" + +# define SSL_TXT_kFZA "kFZA"/* unused! */ +# define SSL_TXT_aFZA "aFZA"/* unused! */ +# define SSL_TXT_eFZA "eFZA"/* unused! */ +# define SSL_TXT_FZA "FZA"/* unused! */ # define SSL_TXT_aNULL "aNULL" # define SSL_TXT_eNULL "eNULL" # define SSL_TXT_NULL "NULL" -# define SSL_TXT_kKRB5 "kKRB5" -# define SSL_TXT_aKRB5 "aKRB5" -# define SSL_TXT_KRB5 "KRB5" - # define SSL_TXT_kRSA "kRSA" # define SSL_TXT_kDHr "kDHr" # define SSL_TXT_kDHd "kDHd" +# define SSL_TXT_kDH "kDH" # define SSL_TXT_kEDH "kEDH" +# define SSL_TXT_kDHE "kDHE"/* alias for kEDH */ +# define SSL_TXT_kKRB5 "kKRB5" +# define SSL_TXT_kECDHr "kECDHr" +# define SSL_TXT_kECDHe "kECDHe" +# define SSL_TXT_kECDH "kECDH" +# define SSL_TXT_kEECDH "kEECDH" +# define SSL_TXT_kECDHE "kECDHE"/* alias for kEECDH */ +# define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kGOST "kGOST" +# define SSL_TXT_kSRP "kSRP" + # define SSL_TXT_aRSA "aRSA" # define SSL_TXT_aDSS "aDSS" # define SSL_TXT_aDH "aDH" +# define SSL_TXT_aECDH "aECDH" +# define SSL_TXT_aKRB5 "aKRB5" +# define SSL_TXT_aECDSA "aECDSA" +# define SSL_TXT_aPSK "aPSK" +# define SSL_TXT_aGOST94 "aGOST94" +# define SSL_TXT_aGOST01 "aGOST01" +# define SSL_TXT_aGOST "aGOST" +# define SSL_TXT_aSRP "aSRP" + # define SSL_TXT_DSS "DSS" # define SSL_TXT_DH "DH" -# define SSL_TXT_EDH "EDH" +# define SSL_TXT_EDH "EDH"/* same as "kEDH:-ADH" */ +# define SSL_TXT_DHE "DHE"/* alias for EDH */ # define SSL_TXT_ADH "ADH" # define SSL_TXT_RSA "RSA" +# define SSL_TXT_ECDH "ECDH" +# define SSL_TXT_EECDH "EECDH"/* same as "kEECDH:-AECDH" */ +# define SSL_TXT_ECDHE "ECDHE"/* alias for ECDHE" */ +# define SSL_TXT_AECDH "AECDH" +# define SSL_TXT_ECDSA "ECDSA" +# define SSL_TXT_KRB5 "KRB5" +# define SSL_TXT_PSK "PSK" +# define SSL_TXT_SRP "SRP" + # define SSL_TXT_DES "DES" # define SSL_TXT_3DES "3DES" # define SSL_TXT_RC4 "RC4" # define SSL_TXT_RC2 "RC2" # define SSL_TXT_IDEA "IDEA" # define SSL_TXT_SEED "SEED" +# define SSL_TXT_AES128 "AES128" +# define SSL_TXT_AES256 "AES256" # define SSL_TXT_AES "AES" +# define SSL_TXT_AES_GCM "AESGCM" +# define SSL_TXT_CAMELLIA128 "CAMELLIA128" +# define SSL_TXT_CAMELLIA256 "CAMELLIA256" # define SSL_TXT_CAMELLIA "CAMELLIA" + # define SSL_TXT_MD5 "MD5" # define SSL_TXT_SHA1 "SHA1" -# define SSL_TXT_SHA "SHA" -# define SSL_TXT_EXP "EXP" -# define SSL_TXT_EXPORT "EXPORT" -# define SSL_TXT_EXP40 "EXPORT40" -# define SSL_TXT_EXP56 "EXPORT56" +# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ +# define SSL_TXT_GOST94 "GOST94" +# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_SHA256 "SHA256" +# define SSL_TXT_SHA384 "SHA384" + # define SSL_TXT_SSLV2 "SSLv2" # define SSL_TXT_SSLV3 "SSLv3" # define SSL_TXT_TLSV1 "TLSv1" +# define SSL_TXT_TLSV1_1 "TLSv1.1" +# define SSL_TXT_TLSV1_2 "TLSv1.2" + +# define SSL_TXT_EXP "EXP" +# define SSL_TXT_EXPORT "EXPORT" + # define SSL_TXT_ALL "ALL" -# define SSL_TXT_ECC "ECCdraft"/* ECC ciphersuites are not yet - * official */ /*- * COMPLEMENTOF* definitions. These identifiers are used to (de-select) @@ -323,7 +338,13 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" +/* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 @@ -349,25 +370,72 @@ extern "C" { * function parameters used to prototype callbacks in SSL_CTX. */ typedef struct ssl_st *ssl_crock_st; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; +typedef struct tls_sigalgs_st TLS_SIGALGS; +typedef struct ssl_conf_ctx_st SSL_CONF_CTX; + +DECLARE_STACK_OF(SSL_CIPHER) + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; + +DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) + +typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, + const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, + int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + SSL_CIPHER **cipher, void *arg); + +# ifndef OPENSSL_NO_TLSEXT + +/* Typedefs for handling custom extensions */ + +typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *add_arg); + +typedef void (*custom_ext_free_cb) (SSL *s, unsigned int ext_type, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *parse_arg); + +# endif + +# ifndef OPENSSL_NO_SSL_INTERN /* used to hold info on the particular ciphers used */ -typedef struct ssl_cipher_st { +struct ssl_cipher_st { int valid; const char *name; /* text name */ unsigned long id; /* id, 4 bytes, first is version */ - unsigned long algorithms; /* what ciphers are used */ + /* + * changed in 0.9.9: these four used to be portions of a single value + * 'algorithms' + */ + unsigned long algorithm_mkey; /* key exchange algorithm */ + unsigned long algorithm_auth; /* server authentication */ + unsigned long algorithm_enc; /* symmetric encryption */ + unsigned long algorithm_mac; /* symmetric authentication */ + unsigned long algorithm_ssl; /* (major) protocol version */ unsigned long algo_strength; /* strength and export flags */ unsigned long algorithm2; /* Extra flags */ int strength_bits; /* Number of bits really used */ int alg_bits; /* Number of bits for algorithm */ - unsigned long mask; /* used for matching */ - unsigned long mask_strength; /* also used for matching */ -} SSL_CIPHER; - -DECLARE_STACK_OF(SSL_CIPHER) +}; /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ -typedef struct ssl_method_st { +struct ssl_method_st { int version; int (*ssl_new) (SSL *s); void (*ssl_clear) (SSL *s); @@ -388,40 +456,46 @@ typedef struct ssl_method_st { int (*ssl_dispatch_alert) (SSL *s); long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); - SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); + const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); int (*ssl_pending) (const SSL *s); int (*num_ciphers) (void); - SSL_CIPHER *(*get_cipher) (unsigned ncipher); - struct ssl_method_st *(*get_ssl_method) (int version); + const SSL_CIPHER *(*get_cipher) (unsigned ncipher); + const struct ssl_method_st *(*get_ssl_method) (int version); long (*get_timeout) (void); struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ int (*ssl_version) (void); long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); -} SSL_METHOD; +}; /*- * Lets make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { * version INTEGER, -- structure version number * SSLversion INTEGER, -- SSL version number - * Cipher OCTET_STRING, -- the 3 byte cipher ID - * Session_ID OCTET_STRING, -- the Session ID - * Master_key OCTET_STRING, -- the master key - * KRB5_principal OCTET_STRING -- optional Kerberos principal - * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument + * Cipher OCTET STRING, -- the 3 byte cipher ID + * Session_ID OCTET STRING, -- the Session ID + * Master_key OCTET STRING, -- the master key + * KRB5_principal OCTET STRING -- optional Kerberos principal + * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate - * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context - * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' - * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX + * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context + * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' + * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension + * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint + * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity + * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket + * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) + * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method + * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username * } * Look in ssl/ssl_asn1.c for more details * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). */ -typedef struct ssl_session_st { +struct ssl_session_st { int ssl_version; /* what ssl version session info is being * kept in here? */ /* only really used in SSLv2 */ @@ -439,10 +513,19 @@ typedef struct ssl_session_st { */ unsigned int sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -# ifndef OPENSSL_NO_KRB5 +# ifndef OPENSSL_NO_KRB5 unsigned int krb5_client_princ_len; unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; -# endif /* OPENSSL_NO_KRB5 */ +# endif /* OPENSSL_NO_KRB5 */ +# ifndef OPENSSL_NO_PSK + char *psk_identity_hint; + char *psk_identity; +# endif + /* + * Used to indicate that session resumption is not allowed. Applications + * can also set this bit for a new session via not_resumable_session_cb + * to disable session caching and tickets. + */ int not_resumable; /* The cert is the certificate used to establish this connection */ struct sess_cert_st /* SESS_CERT */ *sess_cert; @@ -461,8 +544,8 @@ typedef struct ssl_session_st { int references; long timeout; long time; - int compress_meth; /* Need to lookup the method */ - SSL_CIPHER *cipher; + unsigned int compress_meth; /* Need to lookup the method */ + const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used * to load the 'cipher' structure */ STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ @@ -472,21 +555,32 @@ typedef struct ssl_session_st { * implement a maximum cache size. */ struct ssl_session_st *prev, *next; -# ifndef OPENSSL_NO_TLSEXT +# ifndef OPENSSL_NO_TLSEXT char *tlsext_hostname; +# ifndef OPENSSL_NO_EC + size_t tlsext_ecpointformatlist_length; + unsigned char *tlsext_ecpointformatlist; /* peer's list */ + size_t tlsext_ellipticcurvelist_length; + unsigned char *tlsext_ellipticcurvelist; /* peer's list */ +# endif /* OPENSSL_NO_EC */ /* RFC4507 info */ unsigned char *tlsext_tick; /* Session ticket */ size_t tlsext_ticklen; /* Session ticket length */ long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ +# endif +# ifndef OPENSSL_NO_SRP + char *srp_username; +# endif +}; + # endif -} SSL_SESSION; # define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L # define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L /* Allow initial connection to servers that don't support RI */ # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L -# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L +# define SSL_OP_TLSEXT_PADDING 0x00000010L # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L @@ -495,6 +589,8 @@ typedef struct ssl_session_st { /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Refers to ancient SSLREF and SSLv2, retained for compatibility */ +# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 /* * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in @@ -510,7 +606,7 @@ typedef struct ssl_session_st { * SSL_OP_ALL: various bug workarounds that should be rather harmless. This * used to be 0x000FFFFFL before 0.9.7. */ -# define SSL_OP_ALL 0x00000FFFL +# define SSL_OP_ALL 0x80000BFFL /* DTLS options */ # define SSL_OP_NO_QUERY_MTU 0x00001000L @@ -523,6 +619,8 @@ typedef struct ssl_session_st { /* As server, disallow session resumption on renegotiation */ # define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L +/* Don't use compression even if supported */ +# define SSL_OP_NO_COMPRESSION 0x00020000L /* Permit unsafe legacy renegotiation */ # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L /* If set, always create a new key when using tmp_ecdh parameters */ @@ -546,15 +644,34 @@ typedef struct ssl_session_st { # define SSL_OP_NO_SSLv2 0x01000000L # define SSL_OP_NO_SSLv3 0x02000000L # define SSL_OP_NO_TLSv1 0x04000000L +# define SSL_OP_NO_TLSv1_2 0x08000000L +# define SSL_OP_NO_TLSv1_1 0x10000000L + +# define SSL_OP_NO_DTLSv1 0x04000000L +# define SSL_OP_NO_DTLSv1_2 0x08000000L +# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) + +/* + * These next two were never actually used for anything since SSLeay zap so + * we have some more flags. + */ /* * The next flag deliberately changes the ciphertest, this is a check for the * PKCS#1 attack */ -# define SSL_OP_PKCS1_CHECK_1 0x08000000L -# define SSL_OP_PKCS1_CHECK_2 0x10000000L +# define SSL_OP_PKCS1_CHECK_1 0x0 +# define SSL_OP_PKCS1_CHECK_2 0x0 + # define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L +/* + * Make server add server-hello extension from early version of cryptopro + * draft, when GOST ciphersuite is negotiated. Required for interoperability + * with CryptoPro CSP 3.x + */ +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L /* * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success @@ -575,6 +692,19 @@ typedef struct ssl_session_st { /* Don't attempt to automatically build certificate chain */ # define SSL_MODE_NO_AUTO_CHAIN 0x00000008L /* + * Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) "Released" buffers are put onto a free-list in the context or + * just freed (depending on the context's setting for freelist_max_len). + */ +# define SSL_MODE_RELEASE_BUFFERS 0x00000010L +/* + * Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L +/* * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications * that reconnect with a downgraded protocol version; see * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your @@ -584,6 +714,69 @@ typedef struct ssl_session_st { */ # define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L +/* Cert related flags */ +/* + * Many implementations ignore some aspects of the TLS standards such as + * enforcing certifcate chain algorithms. When this is set we enforce them. + */ +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001L + +/* Suite B modes, takes same values as certificate verify flags */ +# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 + +/* Perform all sorts of protocol violations for testing purposes */ +# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 + +/* Flags for building certificate chains */ +/* Treat any existing certificates as untrusted CAs */ +# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +/* Don't include root CA in chain */ +# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +/* Clear verification errors from queue */ +# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 + +/* Flags returned by SSL_check_chain */ +/* Certificate can be used with this session */ +# define CERT_PKEY_VALID 0x1 +/* Certificate can also be used for signing */ +# define CERT_PKEY_SIGN 0x2 +/* EE certificate signing algorithm OK */ +# define CERT_PKEY_EE_SIGNATURE 0x10 +/* CA signature algorithms OK */ +# define CERT_PKEY_CA_SIGNATURE 0x20 +/* EE certificate parameters OK */ +# define CERT_PKEY_EE_PARAM 0x40 +/* CA certificate parameters OK */ +# define CERT_PKEY_CA_PARAM 0x80 +/* Signing explicitly allowed as opposed to SHA1 fallback */ +# define CERT_PKEY_EXPLICIT_SIGN 0x100 +/* Client CA issuer names match (always set for server cert) */ +# define CERT_PKEY_ISSUER_NAME 0x200 +/* Cert type matches client types (always set for server cert) */ +# define CERT_PKEY_CERT_TYPE 0x400 +/* Cert chain suitable to Suite B */ +# define CERT_PKEY_SUITEB 0x800 + +# define SSL_CONF_FLAG_CMDLINE 0x1 +# define SSL_CONF_FLAG_FILE 0x2 +# define SSL_CONF_FLAG_CLIENT 0x4 +# define SSL_CONF_FLAG_SERVER 0x8 +# define SSL_CONF_FLAG_SHOW_ERRORS 0x10 +# define SSL_CONF_FLAG_CERTIFICATE 0x20 +/* Configuration value types */ +# define SSL_CONF_TYPE_UNKNOWN 0x0 +# define SSL_CONF_TYPE_STRING 0x1 +# define SSL_CONF_TYPE_FILE 0x2 +# define SSL_CONF_TYPE_DIR 0x3 + /* * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they * cannot be used to clear bits. @@ -616,10 +809,28 @@ typedef struct ssl_session_st { SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) # define SSL_set_mtu(ssl, mtu) \ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) +# define DTLS_set_link_mtu(ssl, mtu) \ + SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) +# define DTLS_get_link_min_mtu(ssl) \ + SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) # define SSL_get_secure_renegotiation_support(ssl) \ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_heartbeat(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) +# endif + +# define SSL_CTX_set_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_set_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) +# define SSL_CTX_clear_cert_flags(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) +# define SSL_clear_cert_flags(s,op) \ + SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) + void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb) (int write_p, int version, int content_type, const void *buf, @@ -631,6 +842,41 @@ void SSL_set_msg_callback(SSL *ssl, # define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) # define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +# ifndef OPENSSL_NO_SRP + +# ifndef OPENSSL_NO_SSL_INTERN + +typedef struct srp_ctx_st { + /* param for all the callbacks */ + void *SRP_cb_arg; + /* set client Hello login callback */ + int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); + /* set SRP N/g param callback for verification */ + int (*SRP_verify_param_callback) (SSL *, void *); + /* set SRP client passwd callback */ + char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); + char *login; + BIGNUM *N, *g, *s, *B, *A; + BIGNUM *a, *b, *v; + char *info; + int strength; + unsigned long srp_Mask; +} SRP_CTX; + +# endif + +/* see tls_srp.c */ +int SSL_SRP_CTX_init(SSL *s); +int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +int SSL_SRP_CTX_free(SSL *ctx); +int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +int SSL_srp_server_param_with_username(SSL *s, int *ad); +int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); +int SRP_Calc_A_param(SSL *s); +int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); + +# endif + # if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) # define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ @@ -659,25 +905,30 @@ void SSL_set_msg_callback(SSL *ssl, typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, unsigned int *id_len); -typedef struct ssl_comp_st { +typedef struct ssl_comp_st SSL_COMP; + +# ifndef OPENSSL_NO_SSL_INTERN + +struct ssl_comp_st { int id; const char *name; -# ifndef OPENSSL_NO_COMP +# ifndef OPENSSL_NO_COMP COMP_METHOD *method; -# else +# else char *method; -# endif -} SSL_COMP; +# endif +}; DECLARE_STACK_OF(SSL_COMP) +DECLARE_LHASH_OF(SSL_SESSION); struct ssl_ctx_st { - SSL_METHOD *method; + const SSL_METHOD *method; STACK_OF(SSL_CIPHER) *cipher_list; /* same as above but sorted for lookup */ STACK_OF(SSL_CIPHER) *cipher_list_by_id; struct x509_store_st /* X509_STORE */ *cert_store; - struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */ + LHASH_OF(SSL_SESSION) *sessions; /* * Most session-ids that will be cached, default is * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. @@ -800,21 +1051,27 @@ struct ssl_ctx_st { X509_VERIFY_PARAM *param; -# if 0 +# if 0 int purpose; /* Purpose setting */ int trust; /* Trust setting */ -# endif +# endif int quiet_shutdown; -# ifndef OPENSSL_ENGINE + /* + * Maximum amount of data to send in one fragment. actual record size can + * be more than this due to padding and MAC overheads. + */ + unsigned int max_send_fragment; + +# ifndef OPENSSL_NO_ENGINE /* * Engine to pass requests for client certs to */ ENGINE *client_cert_engine; -# endif +# endif -# ifndef OPENSSL_NO_TLSEXT +# ifndef OPENSSL_NO_TLSEXT /* TLS extensions servername callback */ int (*tlsext_servername_callback) (SSL *, int *, void *); void *tlsext_servername_arg; @@ -832,10 +1089,102 @@ struct ssl_ctx_st { /* Callback for status request */ int (*tlsext_status_cb) (SSL *ssl, void *arg); void *tlsext_status_arg; -# endif + /* draft-rescorla-tls-opaque-prf-input-00.txt information */ + int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput, + size_t len, void *arg); + void *tlsext_opaque_prf_input_callback_arg; +# endif + +# ifndef OPENSSL_NO_PSK + char *psk_identity_hint; + unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); + unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +# endif + +# ifndef OPENSSL_NO_BUF_FREELISTS +# define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 + unsigned int freelist_max_len; + struct ssl3_buf_freelist_st *wbuf_freelist; + struct ssl3_buf_freelist_st *rbuf_freelist; +# endif +# ifndef OPENSSL_NO_SRP + SRP_CTX srp_ctx; /* ctx for SRP authentication */ +# endif + +# ifndef OPENSSL_NO_TLSEXT + +# ifndef OPENSSL_NO_NEXTPROTONEG + /* Next protocol negotiation information */ + /* (for experimental NPN extension). */ + + /* + * For a server, this contains a callback function by which the set of + * advertised protocols can be provided. + */ + int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, + unsigned int *len, void *arg); + void *next_protos_advertised_cb_arg; + /* + * For a client, this contains a callback function that selects the next + * protocol from the list provided by the server. + */ + int (*next_proto_select_cb) (SSL *s, unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, void *arg); + void *next_proto_select_cb_arg; +# endif + /* SRTP profiles we are willing to do from RFC 5764 */ + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; + + /* + * ALPN information (we are in the process of transitioning from NPN to + * ALPN.) + */ + + /*- + * For a server, this contains a callback function that allows the + * server to select the protocol for the connection. + * out: on successful return, this must point to the raw protocol + * name (without the length prefix). + * outlen: on successful return, this contains the length of |*out|. + * in: points to the client's list of supported protocols in + * wire-format. + * inlen: the length of |in|. + */ + int (*alpn_select_cb) (SSL *s, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, void *arg); + void *alpn_select_cb_arg; + + /* + * For a client, this contains the list of supported protocols in wire + * format. + */ + unsigned char *alpn_client_proto_list; + unsigned alpn_client_proto_list_len; + +# ifndef OPENSSL_NO_EC + /* EC extension values inherited by SSL structure */ + size_t tlsext_ecpointformatlist_length; + unsigned char *tlsext_ecpointformatlist; + size_t tlsext_ellipticcurvelist_length; + unsigned char *tlsext_ellipticcurvelist; +# endif /* OPENSSL_NO_EC */ +# endif }; +# endif + # define SSL_SESS_CACHE_OFF 0x0000 # define SSL_SESS_CACHE_CLIENT 0x0001 # define SSL_SESS_CACHE_SERVER 0x0002 @@ -847,7 +1196,7 @@ struct ssl_ctx_st { # define SSL_SESS_CACHE_NO_INTERNAL \ (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) -struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); # define SSL_CTX_sess_number(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) # define SSL_CTX_sess_connect(ctx) \ @@ -919,6 +1268,140 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, *cookie, unsigned int cookie_len)); +# ifndef OPENSSL_NO_NEXTPROTONEG +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, + int (*cb) (SSL *ssl, + const unsigned char + **out, + unsigned int *outlen, + void *arg), void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, + int (*cb) (SSL *ssl, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg); +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); +# endif + +# ifndef OPENSSL_NO_TLSEXT +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); +# endif + +# define OPENSSL_NPN_UNSUPPORTED 0 +# define OPENSSL_NPN_NEGOTIATED 1 +# define OPENSSL_NPN_NO_OVERLAP 2 + +int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned protos_len); +int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned protos_len); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg); +void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned *len); + +# ifndef OPENSSL_NO_PSK +/* + * the maximum length of the buffer given to callbacks containing the + * resulting identity/psk + */ +# define PSK_MAX_IDENTITY_LEN 128 +# define PSK_MAX_PSK_LEN 256 +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, + unsigned int (*psk_client_callback) (SSL + *ssl, + const + char + *hint, + char + *identity, + unsigned + int + max_identity_len, + unsigned + char + *psk, + unsigned + int + max_psk_len)); +void SSL_set_psk_client_callback(SSL *ssl, + unsigned int (*psk_client_callback) (SSL + *ssl, + const + char + *hint, + char + *identity, + unsigned + int + max_identity_len, + unsigned + char + *psk, + unsigned + int + max_psk_len)); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, + unsigned int (*psk_server_callback) (SSL + *ssl, + const + char + *identity, + unsigned + char + *psk, + unsigned + int + max_psk_len)); +void SSL_set_psk_server_callback(SSL *ssl, + unsigned int (*psk_server_callback) (SSL + *ssl, + const + char + *identity, + unsigned + char + *psk, + unsigned + int + max_psk_len)); +int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +const char *SSL_get_psk_identity_hint(const SSL *s); +const char *SSL_get_psk_identity(const SSL *s); +# endif + +# ifndef OPENSSL_NO_TLSEXT +/* Register callbacks to handle custom TLS Extensions for client or server. */ + +int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +int SSL_extension_supported(unsigned int ext_type); + +# endif # define SSL_NOTHING 1 # define SSL_WRITING 2 @@ -931,6 +1414,11 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, # define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) # define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +# define SSL_MAC_FLAG_READ_MAC_STREAM 1 +# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + +# ifndef OPENSSL_NO_SSL_INTERN + struct ssl_st { /* * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, @@ -940,25 +1428,25 @@ struct ssl_st { /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ int type; /* SSLv3 */ - SSL_METHOD *method; + const SSL_METHOD *method; /* * There are 2 BIO's even though they are normally both the same. This * is so data can be read and written to different handlers */ -# ifndef OPENSSL_NO_BIO +# ifndef OPENSSL_NO_BIO /* used by SSL_read */ BIO *rbio; /* used by SSL_write */ BIO *wbio; /* used during session-id reuse to concatenate messages */ BIO *bbio; -# else +# else /* used by SSL_read */ char *rbio; /* used by SSL_write */ char *wbio; char *bbio; -# endif +# endif /* * This holds a variable that indicates what we were doing when a 0 or -1 * is returned. This is needed for non-blocking IO so we know what @@ -978,9 +1466,7 @@ struct ssl_st { /* are we the server side? - mostly used by SSL_clear */ int server; /* - * 1 if we are to use a new session. - * 2 if we are a server and are inside a handshake - * (i.e. not just sending a HelloRequest) + * Generate a new session or reuse an old one. * NB: For servers, the 'new' session may actually be a previously * cached session or even the previous session unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set @@ -1013,10 +1499,10 @@ struct ssl_st { void *msg_callback_arg; int hit; /* reusing a previous session */ X509_VERIFY_PARAM *param; -# if 0 +# if 0 int purpose; /* Purpose setting */ int trust; /* Trust setting */ -# endif +# endif /* crypto */ STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; @@ -1024,20 +1510,21 @@ struct ssl_st { * These are the ones being used, the ones in SSL_SESSION are the ones to * be 'copied' into these ones */ + int mac_flags; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ - const EVP_MD *read_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP + EVP_MD_CTX *read_hash; /* used for mac generation */ +# ifndef OPENSSL_NO_COMP COMP_CTX *expand; /* uncompress */ -# else +# else char *expand; -# endif +# endif EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - const EVP_MD *write_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP + EVP_MD_CTX *write_hash; /* used for mac generation */ +# ifndef OPENSSL_NO_COMP COMP_CTX *compress; /* compression */ -# else +# else char *compress; -# endif +# endif /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ @@ -1066,10 +1553,20 @@ struct ssl_st { int error; /* actual code */ int error_code; -# ifndef OPENSSL_NO_KRB5 +# ifndef OPENSSL_NO_KRB5 /* Kerberos 5 context */ KSSL_CTX *kssl_ctx; -# endif /* OPENSSL_NO_KRB5 */ +# endif /* OPENSSL_NO_KRB5 */ +# ifndef OPENSSL_NO_PSK + unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); + unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +# endif SSL_CTX *ctx; /* * set this flag to 1 and a sleep(1) is put into all SSL_read() and @@ -1090,7 +1587,8 @@ struct ssl_st { int first_packet; /* what was passed, used for SSLv3/TLS rollback check */ int client_version; -# ifndef OPENSSL_NO_TLSEXT + unsigned int max_send_fragment; +# ifndef OPENSSL_NO_TLSEXT /* TLS extension debug callback */ void (*tlsext_debug_cb) (SSL *s, int client_server, int type, unsigned char *data, int len, void *arg); @@ -1116,13 +1614,81 @@ struct ssl_st { int tlsext_ocsp_resplen; /* RFC4507 session ticket expected to be received or sent */ int tlsext_ticket_expected; +# ifndef OPENSSL_NO_EC + size_t tlsext_ecpointformatlist_length; + /* our list */ + unsigned char *tlsext_ecpointformatlist; + size_t tlsext_ellipticcurvelist_length; + /* our list */ + unsigned char *tlsext_ellipticcurvelist; +# endif /* OPENSSL_NO_EC */ + /* + * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for + * handshakes + */ + void *tlsext_opaque_prf_input; + size_t tlsext_opaque_prf_input_len; + /* TLS Session Ticket extension override */ + TLS_SESSION_TICKET_EXT *tlsext_session_ticket; + /* TLS Session Ticket extension callback */ + tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; + void *tls_session_ticket_ext_cb_arg; + /* TLS pre-shared secret session resumption */ + tls_session_secret_cb_fn tls_session_secret_cb; + void *tls_session_secret_cb_arg; SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ -# define session_ctx initial_ctx -# else -# define session_ctx ctx -# endif +# ifndef OPENSSL_NO_NEXTPROTONEG + /* + * Next protocol negotiation. For the client, this is the protocol that + * we sent in NextProtocol and is set when handling ServerHello + * extensions. For a server, this is the client's selected_protocol from + * NextProtocol and is set when handling the NextProtocol message, before + * the Finished message. + */ + unsigned char *next_proto_negotiated; + unsigned char next_proto_negotiated_len; +# endif +# define session_ctx initial_ctx + /* What we'll do */ + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; + /* What's been chosen */ + SRTP_PROTECTION_PROFILE *srtp_profile; + /*- + * Is use of the Heartbeat extension negotiated? + * 0: disabled + * 1: enabled + * 2: enabled, but not allowed to send Requests + */ + unsigned int tlsext_heartbeat; + /* Indicates if a HeartbeatRequest is in flight */ + unsigned int tlsext_hb_pending; + /* HeartbeatRequest sequence number */ + unsigned int tlsext_hb_seq; +# else +# define session_ctx ctx +# endif /* OPENSSL_NO_TLSEXT */ + /*- + * 1 if we are renegotiating. + * 2 if we are a server and are inside a handshake + * (i.e. not just sending a HelloRequest) + */ + int renegotiate; +# ifndef OPENSSL_NO_SRP + /* ctx for SRP authentication */ + SRP_CTX srp_ctx; +# endif +# ifndef OPENSSL_NO_TLSEXT + /* + * For a client, this contains the list of supported protocols in wire + * format. + */ + unsigned char *alpn_client_proto_list; + unsigned alpn_client_proto_list_len; +# endif /* OPENSSL_NO_TLSEXT */ }; +# endif + #ifdef __cplusplus } #endif @@ -1132,6 +1698,7 @@ struct ssl_st { # include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ # include <openssl/dtls1.h> /* Datagram TLS */ # include <openssl/ssl23.h> +# include <openssl/srtp.h> /* Support for the use_srtp extension */ #ifdef __cplusplus extern "C" { @@ -1160,6 +1727,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +# define SSL_ST_ERR 0x05 # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 @@ -1234,20 +1802,12 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) # define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) -# if 1 /* SSLEAY_MACROS */ -# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) -# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) -# define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ - (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) -# define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u) -# define PEM_write_SSL_SESSION(fp,x) \ - PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ - PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) -# define PEM_write_bio_SSL_SESSION(bp,x) \ - PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL) -# endif +# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) -# define SSL_AD_REASON_OFFSET 1000 +DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value + * from SSL_AD_... */ /* These alert types are for SSLv3 and TLSv1 */ # define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY /* fatal */ @@ -1295,7 +1855,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ # define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK - # define SSL_ERROR_NONE 0 # define SSL_ERROR_SSL 1 # define SSL_ERROR_WANT_READ 2 @@ -1306,7 +1865,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_ERROR_ZERO_RETURN 6 # define SSL_ERROR_WANT_CONNECT 7 # define SSL_ERROR_WANT_ACCEPT 8 - # define SSL_CTRL_NEED_TMP_RSA 1 # define SSL_CTRL_SET_TMP_RSA 2 # define SSL_CTRL_SET_TMP_DH 3 @@ -1314,7 +1872,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_CTRL_SET_TMP_RSA_CB 5 # define SSL_CTRL_SET_TMP_DH_CB 6 # define SSL_CTRL_SET_TMP_ECDH_CB 7 - # define SSL_CTRL_GET_SESSION_REUSED 8 # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 # define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 @@ -1322,10 +1879,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 # define SSL_CTRL_GET_FLAGS 13 # define SSL_CTRL_EXTRA_CHAIN_CERT 14 - # define SSL_CTRL_SET_MSG_CALLBACK 15 # define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 - /* only applies to datagram connections */ # define SSL_CTRL_SET_MTU 17 /* Stats */ @@ -1343,17 +1898,15 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_CTRL_SESS_CACHE_FULL 31 # define SSL_CTRL_OPTIONS 32 # define SSL_CTRL_MODE 33 - # define SSL_CTRL_GET_READ_AHEAD 40 # define SSL_CTRL_SET_READ_AHEAD 41 # define SSL_CTRL_SET_SESS_CACHE_SIZE 42 # define SSL_CTRL_GET_SESS_CACHE_SIZE 43 # define SSL_CTRL_SET_SESS_CACHE_MODE 44 # define SSL_CTRL_GET_SESS_CACHE_MODE 45 - # define SSL_CTRL_GET_MAX_CERT_LIST 50 # define SSL_CTRL_SET_MAX_CERT_LIST 51 - +# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 /* see tls1.h for macros based on these */ # ifndef OPENSSL_NO_TLSEXT # define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 @@ -1363,7 +1916,9 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 # define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 # define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 - +# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 +# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 +# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 @@ -1373,27 +1928,65 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 - # define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 -# endif - +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 +# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 +# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 +# endif +# endif /* OPENSSL_NO_TLSEXT */ # define DTLS_CTRL_GET_TIMEOUT 73 # define DTLS_CTRL_HANDLE_TIMEOUT 74 # define DTLS_CTRL_LISTEN 75 - # define SSL_CTRL_GET_RI_SUPPORT 76 # define SSL_CTRL_CLEAR_OPTIONS 77 # define SSL_CTRL_CLEAR_MODE 78 - +# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +# define SSL_CTRL_CHAIN 88 +# define SSL_CTRL_CHAIN_CERT 89 +# define SSL_CTRL_GET_CURVES 90 +# define SSL_CTRL_SET_CURVES 91 +# define SSL_CTRL_SET_CURVES_LIST 92 +# define SSL_CTRL_GET_SHARED_CURVE 93 +# define SSL_CTRL_SET_ECDH_AUTO 94 +# define SSL_CTRL_SET_SIGALGS 97 +# define SSL_CTRL_SET_SIGALGS_LIST 98 +# define SSL_CTRL_CERT_FLAGS 99 +# define SSL_CTRL_CLEAR_CERT_FLAGS 100 +# define SSL_CTRL_SET_CLIENT_SIGALGS 101 +# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 +# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 +# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 +# define SSL_CTRL_BUILD_CERT_CHAIN 105 +# define SSL_CTRL_SET_VERIFY_CERT_STORE 106 +# define SSL_CTRL_SET_CHAIN_CERT_STORE 107 +# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +# define SSL_CTRL_GET_SERVER_TMP_KEY 109 +# define SSL_CTRL_GET_RAW_CIPHERLIST 110 +# define SSL_CTRL_GET_EC_POINT_FORMATS 111 +# define SSL_CTRL_GET_CHAIN_CERTS 115 +# define SSL_CTRL_SELECT_CURRENT_CERT 116 +# define SSL_CTRL_SET_CURRENT_CERT 117 # define SSL_CTRL_CHECK_PROTO_VERSION 119 - +# define DTLS_CTRL_SET_LINK_MTU 120 +# define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CERT_SET_FIRST 1 +# define SSL_CERT_SET_NEXT 2 +# define SSL_CERT_SET_SERVER 3 # define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) # define DTLSv1_handle_timeout(ssl) \ SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) # define DTLSv1_listen(ssl, peer) \ SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) - # define SSL_session_reused(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) # define SSL_num_renegotiations(ssl) \ @@ -1402,7 +1995,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) # define SSL_total_renegotiations(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) - # define SSL_CTX_need_tmp_RSA(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) # define SSL_CTX_set_tmp_rsa(ctx,rsa) \ @@ -1411,7 +2003,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) - # define SSL_need_tmp_RSA(ssl) \ SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) # define SSL_set_tmp_rsa(ssl,rsa) \ @@ -1420,10 +2011,112 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) # define SSL_set_tmp_ecdh(ssl,ecdh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) - # define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) - +# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) +# define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) +# define SSL_CTX_set0_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) +# define SSL_CTX_set1_chain(ctx,sk) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) +# define SSL_CTX_add0_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) +# define SSL_CTX_add1_chain_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) +# define SSL_CTX_get0_chain_certs(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_CTX_clear_chain_certs(ctx) \ + SSL_CTX_set0_chain(ctx,NULL) +# define SSL_CTX_build_cert_chain(ctx, flags) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_CTX_select_current_cert(ctx,x509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) +# define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_CTX_set0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) +# define SSL_CTX_set1_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) +# define SSL_CTX_set0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) +# define SSL_CTX_set1_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) +# define SSL_set0_chain(ctx,sk) \ + SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) +# define SSL_set1_chain(ctx,sk) \ + SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) +# define SSL_add0_chain_cert(ctx,x509) \ + SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) +# define SSL_add1_chain_cert(ctx,x509) \ + SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) +# define SSL_get0_chain_certs(ctx,px509) \ + SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) +# define SSL_clear_chain_certs(ctx) \ + SSL_set0_chain(ctx,NULL) +# define SSL_build_cert_chain(s, flags) \ + SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) +# define SSL_select_current_cert(ctx,x509) \ + SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) +# define SSL_set_current_cert(ctx,op) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) +# define SSL_set0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) +# define SSL_set1_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) +# define SSL_set0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) +# define SSL_set1_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) +# define SSL_get1_curves(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_GET_CURVES,0,(char *)s) +# define SSL_CTX_set1_curves(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) +# define SSL_CTX_set1_curves_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) +# define SSL_set1_curves(ctx, clist, clistlen) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) +# define SSL_set1_curves_list(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) +# define SSL_get_shared_curve(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) +# define SSL_CTX_set_ecdh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) +# define SSL_set_ecdh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) +# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) +# define SSL_CTX_set1_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) +# define SSL_set1_sigalgs(ctx, slist, slistlen) \ + SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist) +# define SSL_set1_sigalgs_list(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) +# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist) +# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) +# define SSL_set1_client_sigalgs(ctx, slist, slistlen) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist) +# define SSL_set1_client_sigalgs_list(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) +# define SSL_get0_certificate_types(s, clist) \ + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)clist) +# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) +# define SSL_set1_client_certificate_types(s, clist, clistlen) \ + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) +# define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) +# define SSL_get_server_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) +# define SSL_get0_raw_cipherlist(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,(char *)plst) +# define SSL_get0_ec_point_formats(s, plst) \ + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,(char *)plst) # ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx, int client); @@ -1435,7 +2128,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio); # endif int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); -SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); +SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); void SSL_CTX_free(SSL_CTX *); long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); long SSL_CTX_get_timeout(const SSL_CTX *ctx); @@ -1446,10 +2139,11 @@ int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); -SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); char *SSL_CIPHER_get_version(const SSL_CIPHER *c); const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); int SSL_get_fd(const SSL *s); int SSL_get_rfd(const SSL *s); @@ -1476,6 +2170,7 @@ int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, int (*callback) (int ok, X509_STORE_CTX *ctx)); void SSL_set_verify_depth(SSL *s, int depth); +void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); # ifndef OPENSSL_NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); # endif @@ -1486,6 +2181,16 @@ int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, int SSL_use_certificate(SSL *ssl, X509 *x); int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +# ifndef OPENSSL_NO_TLSEXT +/* Set serverinfo data for the current active cert. */ +int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); +# ifndef OPENSSL_NO_STDIO +int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); +# endif /* NO_STDIO */ + +# endif + # ifndef OPENSSL_NO_STDIO int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); @@ -1518,12 +2223,14 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t); long SSL_SESSION_get_timeout(const SSL_SESSION *s); long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); void SSL_copy_session_id(SSL *to, const SSL *from); +X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); SSL_SESSION *SSL_SESSION_new(void); -unsigned long SSL_SESSION_hash(const SSL_SESSION *a); -int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); +unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); # ifndef OPENSSL_NO_FP_API int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); # endif @@ -1558,6 +2265,8 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb) (X509_STORE_CTX *, void *), void *arg); +void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), + void *arg); # ifndef OPENSSL_NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); # endif @@ -1588,6 +2297,37 @@ int SSL_set_purpose(SSL *s, int purpose); int SSL_CTX_set_trust(SSL_CTX *s, int trust); int SSL_set_trust(SSL *s, int trust); +int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + +# ifndef OPENSSL_NO_SRP +int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); +int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, + char *(*cb) (SSL *, void *)); +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, + int (*cb) (SSL *, void *)); +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, + int (*cb) (SSL *, int *, void *)); +int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); + +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + BIGNUM *sa, BIGNUM *v, char *info); +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +BIGNUM *SSL_get_srp_g(SSL *s); +BIGNUM *SSL_get_srp_N(SSL *s); + +char *SSL_get_srp_username(SSL *s); +char *SSL_get_srp_userinfo(SSL *s); +# endif + +void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); @@ -1603,37 +2343,62 @@ int SSL_get_error(const SSL *s, int ret_code); const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth); +int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +# ifndef OPENSSL_NO_SSL2 +const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ +const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ +const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ +# endif + +# ifndef OPENSSL_NO_SSL3_METHOD +const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ +const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ +const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ +# endif + +const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS + * version */ +const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available + * SSL/TLS version */ +const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available + * SSL/TLS version */ + +const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ +const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ +const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ -SSL_METHOD *SSLv2_method(void); /* SSLv2 */ -SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ -SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ +const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ +const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ +const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ -SSL_METHOD *SSLv3_method(void); /* SSLv3 */ -SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ -SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ +const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ +const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ +const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ -SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ -SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ -SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ +const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ +const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ +const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ -SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ -SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ -SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ +const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ +const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ +const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ -SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ -SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ -SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ +const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); int SSL_renegotiate_pending(SSL *s); int SSL_shutdown(SSL *s); -SSL_METHOD *SSL_get_ssl_method(SSL *s); -int SSL_set_ssl_method(SSL *s, SSL_METHOD *method); +const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); +const SSL_METHOD *SSL_get_ssl_method(SSL *s); +int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); const char *SSL_alert_type_string_long(int value); const char *SSL_alert_type_string(int value); const char *SSL_alert_desc_string_long(int value); @@ -1661,7 +2426,10 @@ SSL *SSL_dup(SSL *ssl); X509 *SSL_get_certificate(const SSL *ssl); /* * EVP_PKEY - */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); + */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); @@ -1683,6 +2451,7 @@ void SSL_set_info_callback(SSL *ssl, void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val); int SSL_state(const SSL *ssl); +void SSL_set_state(SSL *ssl, int state); void SSL_set_verify_result(SSL *ssl, long v); long SSL_get_verify_result(const SSL *ssl); @@ -1731,6 +2500,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void); # define SSL_set_max_cert_list(ssl,m) \ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +# define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) + /* NB: the keylength is only applicable when is_export is true */ # ifndef OPENSSL_NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, @@ -1763,6 +2537,9 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s); const COMP_METHOD *SSL_get_current_expansion(SSL *s); const char *SSL_COMP_get_name(const COMP_METHOD *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths); +void SSL_COMP_free_compression_methods(void); int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); # else const void *SSL_get_current_compression(SSL *s); @@ -1772,6 +2549,47 @@ void *SSL_COMP_get_compression_methods(void); int SSL_COMP_add_compression_method(int id, void *cm); # endif +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); + +/* TLS extensions functions */ +int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, + void *arg); + +/* Pre-shared secret session resumption functions */ +int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn tls_session_secret_cb, + void *arg); + +void SSL_set_debug(SSL *s, int debug); +int SSL_cache_hit(SSL *s); +int SSL_is_server(SSL *s); + +SSL_CONF_CTX *SSL_CONF_CTX_new(void); +int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); +void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); +int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); + +void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + +int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + +# ifndef OPENSSL_NO_SSL_TRACE +void SSL_trace(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); +const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +# endif + +# ifndef OPENSSL_NO_UNIT_TEST +const struct openssl_ssl_test_functions *SSL_test_functions(void); +# endif + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -1782,6 +2600,7 @@ void ERR_load_SSL_strings(void); /* Error codes for the SSL functions. */ /* Function codes. */ +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 # define SSL_F_CLIENT_CERTIFICATE 100 # define SSL_F_CLIENT_FINISHED 167 # define SSL_F_CLIENT_HELLO 101 @@ -1790,9 +2609,9 @@ void ERR_load_SSL_strings(void); # define SSL_F_DO_DTLS1_WRITE 245 # define SSL_F_DO_SSL3_WRITE 104 # define SSL_F_DTLS1_ACCEPT 246 -# define SSL_F_DTLS1_ADD_CERT_TO_BUF 280 +# define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 # define SSL_F_DTLS1_BUFFER_RECORD 247 -# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 # define SSL_F_DTLS1_CLIENT_HELLO 248 # define SSL_F_DTLS1_CONNECT 249 # define SSL_F_DTLS1_ENC 250 @@ -1800,9 +2619,10 @@ void ERR_load_SSL_strings(void); # define SSL_F_DTLS1_GET_MESSAGE 252 # define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 # define SSL_F_DTLS1_GET_RECORD 254 -# define SSL_F_DTLS1_HANDLE_TIMEOUT 282 +# define SSL_F_DTLS1_HANDLE_TIMEOUT 297 +# define SSL_F_DTLS1_HEARTBEAT 305 # define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 -# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 # define SSL_F_DTLS1_PROCESS_RECORD 257 # define SSL_F_DTLS1_READ_BYTES 258 @@ -1821,6 +2641,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_GET_CLIENT_MASTER_KEY 107 # define SSL_F_GET_SERVER_FINISHED 108 # define SSL_F_GET_SERVER_HELLO 109 +# define SSL_F_GET_SERVER_STATIC_DH_KEY 340 # define SSL_F_GET_SERVER_VERIFY 110 # define SSL_F_I2D_SSL_SESSION 111 # define SSL_F_READ_N 112 @@ -1846,20 +2667,22 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL2_SET_CERTIFICATE 126 # define SSL_F_SSL2_WRITE 127 # define SSL_F_SSL3_ACCEPT 128 -# define SSL_F_SSL3_ADD_CERT_TO_BUF 281 +# define SSL_F_SSL3_ADD_CERT_TO_BUF 296 # define SSL_F_SSL3_CALLBACK_CTRL 233 # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 -# define SSL_F_SSL3_CHECK_CLIENT_HELLO 292 +# define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 +# define SSL_F_SSL3_CHECK_FINISHED 339 # define SSL_F_SSL3_CLIENT_HELLO 131 # define SSL_F_SSL3_CONNECT 132 # define SSL_F_SSL3_CTRL 213 # define SSL_F_SSL3_CTX_CTRL 133 -# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 # define SSL_F_SSL3_ENC 134 # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 # define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 -# define SSL_F_SSL3_GET_CERT_STATUS 288 +# define SSL_F_SSL3_GET_CERT_STATUS 289 # define SSL_F_SSL3_GET_CERT_VERIFY 136 # define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 # define SSL_F_SSL3_GET_CLIENT_HELLO 138 @@ -1868,11 +2691,13 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_GET_KEY_EXCHANGE 141 # define SSL_F_SSL3_GET_MESSAGE 142 # define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 +# define SSL_F_SSL3_GET_NEXT_PROTO 306 # define SSL_F_SSL3_GET_RECORD 143 # define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 # define SSL_F_SSL3_GET_SERVER_DONE 145 # define SSL_F_SSL3_GET_SERVER_HELLO 146 -# define SSL_F_SSL3_NEW_SESSION_TICKET 284 +# define SSL_F_SSL3_HANDSHAKE_MAC 285 +# define SSL_F_SSL3_NEW_SESSION_TICKET 287 # define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 # define SSL_F_SSL3_PEEK 235 # define SSL_F_SSL3_READ_BYTES 148 @@ -1884,34 +2709,43 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 # define SSL_F_SSL3_SEND_SERVER_HELLO 242 # define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 -# define SSL_F_SSL3_SETUP_BUFFERS 156 # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +# define SSL_F_SSL3_SETUP_READ_BUFFER 156 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 # define SSL_F_SSL3_WRITE_BYTES 158 # define SSL_F_SSL3_WRITE_PENDING 159 -# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285 -# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 +# define SSL_F_SSL_ADD_CERT_CHAIN 318 +# define SSL_F_SSL_ADD_CERT_TO_BUF 319 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 # define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 # define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 -# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286 -# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 # define SSL_F_SSL_BAD_METHOD 160 +# define SSL_F_SSL_BUILD_CERT_CHAIN 332 # define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 # define SSL_F_SSL_CERT_DUP 221 # define SSL_F_SSL_CERT_INST 222 # define SSL_F_SSL_CERT_INSTANTIATE 214 # define SSL_F_SSL_CERT_NEW 162 # define SSL_F_SSL_CHECK_PRIVATE_KEY 163 -# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 # define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 # define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 # define SSL_F_SSL_CLEAR 164 # define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +# define SSL_F_SSL_CONF_CMD 334 # define SSL_F_SSL_CREATE_CIPHER_LIST 166 # define SSL_F_SSL_CTRL 232 # define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +# define SSL_F_SSL_CTX_MAKE_PROFILES 309 # define SSL_F_SSL_CTX_NEW 169 # define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 -# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 # define SSL_F_SSL_CTX_SET_PURPOSE 226 # define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 # define SSL_F_SSL_CTX_SET_SSL_VERSION 170 @@ -1923,30 +2757,40 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 # define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 # define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +# define SSL_F_SSL_CTX_USE_SERVERINFO 336 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 # define SSL_F_SSL_DO_HANDSHAKE 180 # define SSL_F_SSL_GET_NEW_SESSION 181 # define SSL_F_SSL_GET_PREV_SESSION 217 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 # define SSL_F_SSL_GET_SERVER_SEND_CERT 182 # define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 # define SSL_F_SSL_GET_SIGN_PKEY 183 # define SSL_F_SSL_INIT_WBIO_BUFFER 184 # define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 # define SSL_F_SSL_NEW 186 -# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287 -# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290 -# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289 -# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 # define SSL_F_SSL_PEEK 270 -# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 -# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 +# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 +# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 # define SSL_F_SSL_READ 223 # define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 # define SSL_F_SSL_SESSION_NEW 189 # define SSL_F_SSL_SESSION_PRINT_FP 190 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 # define SSL_F_SSL_SESS_CERT_NEW 225 # define SSL_F_SSL_SET_CERT 191 # define SSL_F_SSL_SET_CIPHER_LIST 271 @@ -1956,9 +2800,11 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_SET_RFD 194 # define SSL_F_SSL_SET_SESSION 195 # define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 # define SSL_F_SSL_SET_TRUST 228 # define SSL_F_SSL_SET_WFD 196 # define SSL_F_SSL_SHUTDOWN 224 +# define SSL_F_SSL_SRP_CTX_INIT 313 # define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 # define SSL_F_SSL_UNDEFINED_FUNCTION 197 # define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 @@ -1968,14 +2814,25 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_USE_PRIVATEKEY 201 # define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 # define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 # define SSL_F_SSL_USE_RSAPRIVATEKEY 204 # define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 # define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 # define SSL_F_SSL_VERIFY_CERT_CHAIN 207 # define SSL_F_SSL_WRITE 208 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 333 +# define SSL_F_TLS1_CERT_VERIFY_MAC 286 # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 # define SSL_F_TLS1_ENC 210 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 +# define SSL_F_TLS1_GET_CURVELIST 338 +# define SSL_F_TLS1_HEARTBEAT 315 +# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 +# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 +# define SSL_F_TLS1_PRF 284 # define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 335 # define SSL_F_WRITE_PENDING 212 /* Reason codes. */ @@ -1985,6 +2842,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_AUTHENTICATION_TYPE 102 # define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 # define SSL_R_BAD_CHECKSUM 104 +# define SSL_R_BAD_DATA 390 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 # define SSL_R_BAD_DECOMPRESSION 107 # define SSL_R_BAD_DH_G_LENGTH 108 @@ -1995,12 +2853,15 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_ECC_CERT 304 # define SSL_R_BAD_ECDSA_SIGNATURE 305 # define SSL_R_BAD_ECPOINT 306 +# define SSL_R_BAD_HANDSHAKE_LENGTH 332 # define SSL_R_BAD_HELLO_REQUEST 105 # define SSL_R_BAD_LENGTH 271 # define SSL_R_BAD_MAC_DECODE 113 +# define SSL_R_BAD_MAC_LENGTH 333 # define SSL_R_BAD_MESSAGE_TYPE 114 # define SSL_R_BAD_PACKET_LENGTH 115 # define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +# define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 # define SSL_R_BAD_RESPONSE_ARGUMENT 117 # define SSL_R_BAD_RSA_DECRYPT 118 # define SSL_R_BAD_RSA_ENCRYPT 119 @@ -2008,9 +2869,18 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_RSA_MODULUS_LENGTH 121 # define SSL_R_BAD_RSA_SIGNATURE 122 # define SSL_R_BAD_SIGNATURE 123 +# define SSL_R_BAD_SRP_A_LENGTH 347 +# define SSL_R_BAD_SRP_B_LENGTH 348 +# define SSL_R_BAD_SRP_G_LENGTH 349 +# define SSL_R_BAD_SRP_N_LENGTH 350 +# define SSL_R_BAD_SRP_PARAMETERS 371 +# define SSL_R_BAD_SRP_S_LENGTH 351 +# define SSL_R_BAD_SRTP_MKI_VALUE 352 +# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 # define SSL_R_BAD_SSL_FILETYPE 124 # define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 # define SSL_R_BAD_STATE 126 +# define SSL_R_BAD_VALUE 384 # define SSL_R_BAD_WRITE_RETRY 127 # define SSL_R_BIO_NOT_SET 128 # define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 @@ -2019,13 +2889,15 @@ void ERR_load_SSL_strings(void); # define SSL_R_CA_DN_TOO_LONG 132 # define SSL_R_CCS_RECEIVED_EARLY 133 # define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +# define SSL_R_CERT_CB_ERROR 377 # define SSL_R_CERT_LENGTH_MISMATCH 135 # define SSL_R_CHALLENGE_IS_DIFFERENT 136 # define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 # define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 # define SSL_R_CIPHER_TABLE_SRC_ERROR 139 -# define SSL_R_CLIENTHELLO_TLSEXT 157 +# define SSL_R_CLIENTHELLO_TLSEXT 226 # define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +# define SSL_R_COMPRESSION_DISABLED 343 # define SSL_R_COMPRESSION_FAILURE 141 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 # define SSL_R_COMPRESSION_LIBRARY_ERROR 142 @@ -2036,26 +2908,41 @@ void ERR_load_SSL_strings(void); # define SSL_R_DATA_LENGTH_TOO_LONG 146 # define SSL_R_DECRYPTION_FAILED 147 # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 372 # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 # define SSL_R_DIGEST_CHECK_FAILED 149 -# define SSL_R_DTLS_MESSAGE_TOO_BIG 318 +# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 # define SSL_R_DUPLICATE_COMPRESSION_ID 309 +# define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 +# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +# define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 +# define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 +# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 # define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 +# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 # define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 +# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 # define SSL_R_HTTPS_PROXY_REQUEST 155 # define SSL_R_HTTP_REQUEST 156 # define SSL_R_ILLEGAL_PADDING 283 +# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 # define SSL_R_INAPPROPRIATE_FALLBACK 373 +# define SSL_R_INCONSISTENT_COMPRESSION 340 # define SSL_R_INVALID_CHALLENGE_LENGTH 158 # define SSL_R_INVALID_COMMAND 280 +# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_NULL_CMD_NAME 385 # define SSL_R_INVALID_PURPOSE 278 -# define SSL_R_INVALID_STATUS_RESPONSE 316 -# define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 +# define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SRP_USERNAME 357 +# define SSL_R_INVALID_STATUS_RESPONSE 328 +# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 # define SSL_R_INVALID_TRUST 279 # define SSL_R_KEY_ARG_TOO_LONG 284 # define SSL_R_KRB5 285 @@ -2078,17 +2965,20 @@ void ERR_load_SSL_strings(void); # define SSL_R_MISSING_DH_KEY 163 # define SSL_R_MISSING_DH_RSA_CERT 164 # define SSL_R_MISSING_DSA_SIGNING_CERT 165 +# define SSL_R_MISSING_ECDH_CERT 382 +# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 # define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 # define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 # define SSL_R_MISSING_RSA_CERTIFICATE 168 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 # define SSL_R_MISSING_RSA_SIGNING_CERT 170 +# define SSL_R_MISSING_SRP_PARAM 358 # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 # define SSL_R_MISSING_TMP_RSA_KEY 172 # define SSL_R_MISSING_TMP_RSA_PKEY 173 # define SSL_R_MISSING_VERIFY_MESSAGE 174 -# define SSL_R_MULTIPLE_SGC_RESTARTS 325 +# define SSL_R_MULTIPLE_SGC_RESTARTS 346 # define SSL_R_NON_SSLV2_INITIAL_PACKET 175 # define SSL_R_NO_CERTIFICATES_RETURNED 176 # define SSL_R_NO_CERTIFICATE_ASSIGNED 177 @@ -2100,23 +2990,32 @@ void ERR_load_SSL_strings(void); # define SSL_R_NO_CIPHERS_SPECIFIED 183 # define SSL_R_NO_CIPHER_LIST 184 # define SSL_R_NO_CIPHER_MATCH 185 -# define SSL_R_NO_CLIENT_CERT_METHOD 317 +# define SSL_R_NO_CLIENT_CERT_METHOD 331 # define SSL_R_NO_CLIENT_CERT_RECEIVED 186 # define SSL_R_NO_COMPRESSION_SPECIFIED 187 +# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 # define SSL_R_NO_METHOD_SPECIFIED 188 +# define SSL_R_NO_PEM_EXTENSIONS 389 # define SSL_R_NO_PRIVATEKEY 189 # define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 # define SSL_R_NO_PROTOCOLS_AVAILABLE 191 # define SSL_R_NO_PUBLICKEY 192 -# define SSL_R_NO_RENEGOTIATION 319 +# define SSL_R_NO_RENEGOTIATION 339 +# define SSL_R_NO_REQUIRED_DIGEST 324 # define SSL_R_NO_SHARED_CIPHER 193 +# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376 +# define SSL_R_NO_SRTP_PROFILES 359 # define SSL_R_NO_VERIFY_CALLBACK 194 # define SSL_R_NULL_SSL_CTX 195 # define SSL_R_NULL_SSL_METHOD_PASSED 196 # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 387 +# define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 379 # define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 +# define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 # define SSL_R_PACKET_LENGTH_TOO_LONG 198 -# define SSL_R_PARSE_TLSEXT 223 +# define SSL_R_PARSE_TLSEXT 227 # define SSL_R_PATH_TOO_LONG 270 # define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 # define SSL_R_PEER_ERROR 200 @@ -2124,9 +3023,14 @@ void ERR_load_SSL_strings(void); # define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 # define SSL_R_PEER_ERROR_NO_CIPHER 203 # define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 +# define SSL_R_PEM_NAME_BAD_PREFIX 391 +# define SSL_R_PEM_NAME_TOO_SHORT 392 # define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 # define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 # define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +# define SSL_R_PSK_NO_CLIENT_CB 224 +# define SSL_R_PSK_NO_SERVER_CB 225 # define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 # define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 # define SSL_R_PUBLIC_KEY_NOT_RSA 210 @@ -2136,22 +3040,29 @@ void ERR_load_SSL_strings(void); # define SSL_R_RECORD_LENGTH_MISMATCH 213 # define SSL_R_RECORD_TOO_LARGE 214 # define SSL_R_RECORD_TOO_SMALL 298 -# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320 -# define SSL_R_RENEGOTIATION_ENCODING_ERR 321 -# define SSL_R_RENEGOTIATION_MISMATCH 322 +# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +# define SSL_R_RENEGOTIATION_MISMATCH 337 # define SSL_R_REQUIRED_CIPHER_MISSING 215 +# define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 # define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 # define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 # define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 -# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324 -# define SSL_R_SERVERHELLO_TLSEXT 224 +# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SERVERHELLO_TLSEXT 275 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 # define SSL_R_SHORT_READ 219 +# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +# define SSL_R_SRP_A_CALC 361 +# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 # define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 # define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 -# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 -# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 +# define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 # define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 # define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 # define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 @@ -2192,7 +3103,10 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 # define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 # define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 -# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 +# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 +# define SSL_R_TLS_HEARTBEAT_PENDING 366 +# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 @@ -2213,25 +3127,32 @@ void ERR_load_SSL_strings(void); # define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 # define SSL_R_UNKNOWN_CIPHER_RETURNED 248 # define SSL_R_UNKNOWN_CIPHER_TYPE 249 +# define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_DIGEST 368 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 # define SSL_R_UNKNOWN_PKEY_TYPE 251 # define SSL_R_UNKNOWN_PROTOCOL 252 # define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 # define SSL_R_UNKNOWN_SSL_VERSION 254 # define SSL_R_UNKNOWN_STATE 255 -# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323 +# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 # define SSL_R_UNSUPPORTED_CIPHER 256 # define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +# define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 # define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 # define SSL_R_UNSUPPORTED_PROTOCOL 258 # define SSL_R_UNSUPPORTED_SSL_VERSION 259 # define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 # define SSL_R_WRITE_BIO_NOT_SET 260 +# define SSL_R_WRONG_CERTIFICATE_TYPE 383 # define SSL_R_WRONG_CIPHER_RETURNED 261 +# define SSL_R_WRONG_CURVE 378 # define SSL_R_WRONG_MESSAGE_TYPE 262 # define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 # define SSL_R_WRONG_SIGNATURE_LENGTH 264 # define SSL_R_WRONG_SIGNATURE_SIZE 265 +# define SSL_R_WRONG_SIGNATURE_TYPE 370 # define SSL_R_WRONG_SSL_VERSION 266 # define SSL_R_WRONG_VERSION_NUMBER 267 # define SSL_R_X509_LIB 268 diff --git a/Cryptlib/Include/openssl/ssl2.h b/Cryptlib/Include/openssl/ssl2.h index d3996764..03c7dd8c 100644 --- a/Cryptlib/Include/openssl/ssl2.h +++ b/Cryptlib/Include/openssl/ssl2.h @@ -158,6 +158,8 @@ extern "C" { # define CERT char # endif +# ifndef OPENSSL_NO_SSL_INTERN + typedef struct ssl2_state_st { int three_byte_header; int clear_text; /* clear text */ @@ -213,6 +215,8 @@ typedef struct ssl2_state_st { } tmp; } SSL2_STATE; +# endif + /* SSLv2 */ /* client */ # define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) diff --git a/Cryptlib/Include/openssl/ssl3.h b/Cryptlib/Include/openssl/ssl3.h index 761a0e20..e681d50a 100644 --- a/Cryptlib/Include/openssl/ssl3.h +++ b/Cryptlib/Include/openssl/ssl3.h @@ -123,7 +123,6 @@ # include <openssl/buffer.h> # include <openssl/evp.h> # include <openssl/ssl.h> -# include <openssl/pq_compat.h> #ifdef __cplusplus extern "C" { @@ -160,11 +159,17 @@ extern "C" { # define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 # define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 +# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA SSL3_CK_EDH_DSS_DES_40_CBC_SHA # define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 +# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA SSL3_CK_EDH_DSS_DES_64_CBC_SHA # define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 +# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA SSL3_CK_EDH_DSS_DES_192_CBC3_SHA # define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 +# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA SSL3_CK_EDH_RSA_DES_40_CBC_SHA # define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 +# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA SSL3_CK_EDH_RSA_DES_64_CBC_SHA # define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 +# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA SSL3_CK_EDH_RSA_DES_192_CBC3_SHA # define SSL3_CK_ADH_RC4_40_MD5 0x03000017 # define SSL3_CK_ADH_RC4_128_MD5 0x03000018 @@ -172,14 +177,16 @@ extern "C" { # define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A # define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B -# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C -# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D -# if 0 /* Because it clashes with KRB5, is never +# if 0 +# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C +# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D +# if 0 /* Because it clashes with KRB5, is never * used any more, and is safe to remove * according to David Hopwood * <david.hopwood@zetnet.co.uk> of the * ietf-tls list */ -# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E +# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E +# endif # endif /* @@ -219,6 +226,18 @@ extern "C" { # define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" # define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" +# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* + * This next block of six "EDH" labels is for backward compatibility with + * older versions of OpenSSL. New code should use the six "DHE" labels above + * instead: + */ # define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" # define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" # define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" @@ -232,9 +251,11 @@ extern "C" { # define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" # define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" -# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" -# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" -# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" +# if 0 +# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" +# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" +# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" +# endif # define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" # define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" @@ -260,23 +281,73 @@ extern "C" { # define SSL3_SESSION_ID_SIZE 32 # define SSL3_RT_HEADER_LENGTH 5 -/* Due to MS stuffing up, this can change.... */ -# if defined(OPENSSL_SYS_WIN16) || \ - (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) -# define SSL3_RT_MAX_EXTRA (14000) +# define SSL3_HM_HEADER_LENGTH 4 + +# ifndef SSL3_ALIGN_PAYLOAD + /* + * Some will argue that this increases memory footprint, but it's not + * actually true. Point is that malloc has to return at least 64-bit aligned + * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case. + * Suggested pre-gaping simply moves these wasted bytes from the end of + * allocated region to its front, but makes data payload aligned, which + * improves performance:-) + */ +# define SSL3_ALIGN_PAYLOAD 8 # else -# define SSL3_RT_MAX_EXTRA (16384) +# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 +# error "insane SSL3_ALIGN_PAYLOAD" +# undef SSL3_ALIGN_PAYLOAD +# endif # endif +/* + * This is the maximum MAC (digest) size used by the SSL library. Currently + * maximum of 20 is used by SHA1, but we reserve for future extension for + * 512-bit hashes. + */ + +# define SSL3_RT_MAX_MD_SIZE 64 + +/* + * Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +# define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ # define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* + * The standards give a maximum encryption overhead of 1024 bytes. In + * practice the value is lower than this. The overhead is the maximum number + * of padding bytes (256) plus the mac size. + */ +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) + +/* + * OpenSSL currently only uses a padding length of at most one block so the + * send overhead is smaller. + */ + +# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ + # ifdef OPENSSL_NO_COMP -# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH # else -# define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) +# define SSL3_RT_MAX_COMPRESSED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) # endif -# define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) -# define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) -# define SSL3_RT_MAX_DATA_SIZE (1024*1024) +# define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) # define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" # define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" @@ -289,6 +360,24 @@ extern "C" { # define SSL3_RT_ALERT 21 # define SSL3_RT_HANDSHAKE 22 # define SSL3_RT_APPLICATION_DATA 23 +# define TLS1_RT_HEARTBEAT 24 + +/* Pseudo content types to indicate additional parameters */ +# define TLS1_RT_CRYPTO 0x1000 +# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) +# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) +# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) +# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) + +# define TLS1_RT_CRYPTO_READ 0x0000 +# define TLS1_RT_CRYPTO_WRITE 0x0100 +# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) +# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) +# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) +# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) + +/* Pseudo content type for SSL/TLS header info */ +# define SSL3_RT_HEADER 0x100 # define SSL3_AL_WARNING 1 # define SSL3_AL_FATAL 2 @@ -306,6 +395,11 @@ extern "C" { # define SSL3_AD_CERTIFICATE_UNKNOWN 46 # define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ +# define TLS1_HB_REQUEST 1 +# define TLS1_HB_RESPONSE 2 + +# ifndef OPENSSL_NO_SSL_INTERN + typedef struct ssl3_record_st { /* type of record */ /* @@ -338,7 +432,7 @@ typedef struct ssl3_record_st { /* sequence number, needed by DTLS1 */ /* * r - */ PQ_64BIT seq_num; + */ unsigned char seq_num[8]; } SSL3_RECORD; typedef struct ssl3_buffer_st { @@ -352,6 +446,8 @@ typedef struct ssl3_buffer_st { int left; } SSL3_BUFFER; +# endif + # define SSL3_CT_RSA_SIGN 1 # define SSL3_CT_DSS_SIGN 2 # define SSL3_CT_RSA_FIXED_DH 3 @@ -363,36 +459,41 @@ typedef struct ssl3_buffer_st { * SSL3_CT_NUMBER is used to size arrays and it must be large enough to * contain all of the cert types defined either for SSLv3 and TLSv1. */ -# define SSL3_CT_NUMBER 7 +# define SSL3_CT_NUMBER 9 # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 # define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 # define SSL3_FLAGS_POP_BUFFER 0x0004 # define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 -# define SSL3_FLAGS_CCS_OK 0x0080 - +# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 +# define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 /* - * SSL3_FLAGS_SGC_RESTART_DONE is set when we restart a handshake because of - * MS SGC and so prevents us from restarting the handshake in a loop. It's - * reset on a renegotiation, so effectively limits the client to one restart - * per negotiation. This limits the possibility of a DDoS attack where the - * client handshakes in a loop using SGC to restart. Servers which permit - * renegotiation can still be effected, but we can't prevent that. + * Set when the handshake is ready to process peer's ChangeCipherSpec message. + * Cleared after the message has been processed. */ +# define SSL3_FLAGS_CCS_OK 0x0080 + +/* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */ # define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 +# ifndef OPENSSL_NO_SSL_INTERN + typedef struct ssl3_state_st { long flags; int delay_buf_pop_ret; unsigned char read_sequence[8]; + int read_mac_secret_size; unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; unsigned char write_sequence[8]; + int write_mac_secret_size; unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; unsigned char server_random[SSL3_RANDOM_SIZE]; unsigned char client_random[SSL3_RANDOM_SIZE]; /* flags for countermeasure against known-IV weakness */ int need_empty_fragments; int empty_fragment_done; + /* The value of 'extra' when the buffers were initialized */ + int init_extra; SSL3_BUFFER rbuf; /* read IO goes into here */ SSL3_BUFFER wbuf; /* write IO goes into here */ SSL3_RECORD rrec; /* each decoded record goes in here */ @@ -412,11 +513,16 @@ typedef struct ssl3_state_st { int wpend_ret; /* number of bytes submitted */ const unsigned char *wpend_buf; /* used during startup, digest all incoming/outgoing packets */ - EVP_MD_CTX finish_dgst1; - EVP_MD_CTX finish_dgst2; + BIO *handshake_buffer; /* - * this is set whenerver we see a change_cipher_spec message come in when - * we are not looking for one + * When set of handshake digests is determined, buffer is hashed and + * freed and MD_CTX-es for all required digests are stored in this array + */ + EVP_MD_CTX **handshake_dgst; + /* + * Set whenever an expected ChangeCipherSpec message is processed. + * Unset when the peer's Finished message is received. + * Unexpected ChangeCipherSpec messages trigger a fatal alert. */ int change_cipher_spec; int warn_alert; @@ -435,6 +541,15 @@ typedef struct ssl3_state_st { int total_renegotiations; int num_renegotiations; int in_read_app_data; + /* + * Opaque PRF input as used for the current handshake. These fields are + * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they + * are merely present to improve binary compatibility) + */ + void *client_opaque_prf_input; + size_t client_opaque_prf_input_len; + void *server_opaque_prf_input; + size_t server_opaque_prf_input_len; struct { /* actually only needs to be 16+20 */ unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; @@ -446,13 +561,13 @@ typedef struct ssl3_state_st { unsigned long message_size; int message_type; /* used to hold the new cipher we are going to use */ - SSL_CIPHER *new_cipher; -# ifndef OPENSSL_NO_DH + const SSL_CIPHER *new_cipher; +# ifndef OPENSSL_NO_DH DH *dh; -# endif -# ifndef OPENSSL_NO_ECDH +# endif +# ifndef OPENSSL_NO_ECDH EC_KEY *ecdh; /* holds short lived ECDH key */ -# endif +# endif /* used when SSL_ST_FLUSH_DATA is entered */ int next_state; int reuse_message; @@ -466,11 +581,13 @@ typedef struct ssl3_state_st { unsigned char *key_block; const EVP_CIPHER *new_sym_enc; const EVP_MD *new_hash; -# ifndef OPENSSL_NO_COMP + int new_mac_pkey_type; + int new_mac_secret_size; +# ifndef OPENSSL_NO_COMP const SSL_COMP *new_compression; -# else +# else char *new_compression; -# endif +# endif int cert_request; } tmp; @@ -481,24 +598,50 @@ typedef struct ssl3_state_st { unsigned char previous_server_finished_len; int send_connection_binding; /* TODOEKR */ -# ifndef OPENSSL_NO_TLSEXT -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_NEXTPROTONEG + /* + * Set if we saw the Next Protocol Negotiation extension from our peer. + */ + int next_proto_neg_seen; +# endif + +# ifndef OPENSSL_NO_TLSEXT +# ifndef OPENSSL_NO_EC /* * This is set to true if we believe that this is a version of Safari * running on OS X 10.6 or newer. We wish to know this because Safari on * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ char is_probably_safari; -# endif /* !OPENSSL_NO_EC */ -# endif /* !OPENSSL_NO_TLSEXT */ +# endif /* !OPENSSL_NO_EC */ + + /* + * ALPN information (we are in the process of transitioning from NPN to + * ALPN.) + */ + + /* + * In a server these point to the selected ALPN protocol after the + * ClientHello has been processed. In a client these contain the protocol + * that the server selected once the ServerHello has been processed. + */ + unsigned char *alpn_selected; + unsigned alpn_selected_len; +# endif /* OPENSSL_NO_TLSEXT */ } SSL3_STATE; +# endif + /* SSLv3 */ /* * client */ /* extra state */ # define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) +# ifndef OPENSSL_NO_SCTP +# define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT) +# define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT) +# endif /* write to server */ # define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) # define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) @@ -526,6 +669,10 @@ typedef struct ssl3_state_st { # define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) # define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) # define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) +# define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) +# endif # define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) # define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) /* read from server */ @@ -541,11 +688,16 @@ typedef struct ssl3_state_st { /* server */ /* extra state */ # define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) +# ifndef OPENSSL_NO_SCTP +# define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT) +# define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT) +# endif /* read from client */ /* Do not change the number values, they do matter */ # define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) # define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) # define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) +# define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT) /* write to client */ # define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) # define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) @@ -571,6 +723,10 @@ typedef struct ssl3_state_st { # define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) # define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) # define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) +# define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) +# endif # define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) # define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) /* write to client */ @@ -595,6 +751,9 @@ typedef struct ssl3_state_st { # define SSL3_MT_CLIENT_KEY_EXCHANGE 16 # define SSL3_MT_FINISHED 20 # define SSL3_MT_CERTIFICATE_STATUS 22 +# ifndef OPENSSL_NO_NEXTPROTONEG +# define SSL3_MT_NEXT_PROTO 67 +# endif # define DTLS1_MT_HELLO_VERIFY_REQUEST 3 # define SSL3_MT_CCS 1 diff --git a/Cryptlib/Include/openssl/stack.h b/Cryptlib/Include/openssl/stack.h index 5ce82501..eb072166 100644 --- a/Cryptlib/Include/openssl/stack.h +++ b/Cryptlib/Include/openssl/stack.h @@ -68,37 +68,37 @@ typedef struct stack_st { char **data; int sorted; int num_alloc; - int (*comp) (const char *const *, const char *const *); -} STACK; + int (*comp) (const void *, const void *); +} _STACK; /* Use STACK_OF(...) instead */ # define M_sk_num(sk) ((sk) ? (sk)->num:-1) # define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) -int sk_num(const STACK *); -char *sk_value(const STACK *, int); +int sk_num(const _STACK *); +void *sk_value(const _STACK *, int); -char *sk_set(STACK *, int, char *); +void *sk_set(_STACK *, int, void *); -STACK *sk_new(int (*cmp) (const char *const *, const char *const *)); -STACK *sk_new_null(void); -void sk_free(STACK *); -void sk_pop_free(STACK * st, void (*func) (void *)); -int sk_insert(STACK * sk, char *data, int where); -char *sk_delete(STACK * st, int loc); -char *sk_delete_ptr(STACK * st, char *p); -int sk_find(STACK * st, char *data); -int sk_find_ex(STACK * st, char *data); -int sk_push(STACK * st, char *data); -int sk_unshift(STACK * st, char *data); -char *sk_shift(STACK * st); -char *sk_pop(STACK * st); -void sk_zero(STACK * st); -int (*sk_set_cmp_func(STACK * sk, int (*c) (const char *const *, - const char *const *))) - (const char *const *, const char *const *); -STACK *sk_dup(STACK * st); -void sk_sort(STACK * st); -int sk_is_sorted(const STACK * st); +_STACK *sk_new(int (*cmp) (const void *, const void *)); +_STACK *sk_new_null(void); +void sk_free(_STACK *); +void sk_pop_free(_STACK *st, void (*func) (void *)); +_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *)); +int sk_insert(_STACK *sk, void *data, int where); +void *sk_delete(_STACK *st, int loc); +void *sk_delete_ptr(_STACK *st, void *p); +int sk_find(_STACK *st, void *data); +int sk_find_ex(_STACK *st, void *data); +int sk_push(_STACK *st, void *data); +int sk_unshift(_STACK *st, void *data); +void *sk_shift(_STACK *st); +void *sk_pop(_STACK *st); +void sk_zero(_STACK *st); +int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *))) + (const void *, const void *); +_STACK *sk_dup(_STACK *st); +void sk_sort(_STACK *st); +int sk_is_sorted(const _STACK *st); #ifdef __cplusplus } diff --git a/Cryptlib/Include/openssl/store.h b/Cryptlib/Include/openssl/store.h deleted file mode 100644 index 715d4704..00000000 --- a/Cryptlib/Include/openssl/store.h +++ /dev/null @@ -1,651 +0,0 @@ -/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */ -/* - * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project - * 2003. - */ -/* ==================================================================== - * Copyright (c) 2003 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_STORE_H -# define HEADER_STORE_H - -# include <openssl/ossl_typ.h> -# ifndef OPENSSL_NO_DEPRECATED -# include <openssl/evp.h> -# include <openssl/bn.h> -# include <openssl/x509.h> -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* Already defined in ossl_typ.h */ -/* typedef struct store_st STORE; */ -/* typedef struct store_method_st STORE_METHOD; */ - -/* - * All the following functions return 0, a negative number or NULL on error. - * When everything is fine, they return a positive value or a non-NULL - * pointer, all depending on their purpose. - */ - -/* Creators and destructor. */ -STORE *STORE_new_method(const STORE_METHOD *method); -STORE *STORE_new_engine(ENGINE *engine); -void STORE_free(STORE *ui); - -/* - * Give a user interface parametrised control commands. This can be used to - * send down an integer, a data pointer or a function pointer, as well as be - * used to get information from a STORE. - */ -int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void)); - -/* - * A control to set the directory with keys and certificates. Used by the - * built-in directory level method. - */ -# define STORE_CTRL_SET_DIRECTORY 0x0001 -/* - * A control to set a file to load. Used by the built-in file level method. - */ -# define STORE_CTRL_SET_FILE 0x0002 -/* - * A control to set a configuration file to load. Can be used by any method - * that wishes to load a configuration file. - */ -# define STORE_CTRL_SET_CONF_FILE 0x0003 -/* - * A control to set a the section of the loaded configuration file. Can be - * used by any method that wishes to load a configuration file. - */ -# define STORE_CTRL_SET_CONF_SECTION 0x0004 - -/* Some methods may use extra data */ -# define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg) -# define STORE_get_app_data(s) STORE_get_ex_data(s,0) -int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); -int STORE_set_ex_data(STORE *r, int idx, void *arg); -void *STORE_get_ex_data(STORE *r, int idx); - -/* Use specific methods instead of the built-in one */ -const STORE_METHOD *STORE_get_method(STORE *store); -const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth); - -/* The standard OpenSSL methods. */ -/* - * This is the in-memory method. It does everything except revoking and - * updating, and is of course volatile. It's used by other methods that have - * an in-memory cache. - */ -const STORE_METHOD *STORE_Memory(void); -# if 0 /* Not yet implemented */ -/* - * This is the directory store. It does everything except revoking and - * updating, and uses STORE_Memory() to cache things in memory. - */ -const STORE_METHOD *STORE_Directory(void); -/* - * This is the file store. It does everything except revoking and updating, - * and uses STORE_Memory() to cache things in memory. Certificates are added - * to it with the store operation, and it will only get cached certificates. - */ -const STORE_METHOD *STORE_File(void); -# endif - -/* - * Store functions take a type code for the type of data they should store or - * fetch - */ -typedef enum STORE_object_types { - STORE_OBJECT_TYPE_X509_CERTIFICATE = 0x01, /* X509 * */ - STORE_OBJECT_TYPE_X509_CRL = 0x02, /* X509_CRL * */ - STORE_OBJECT_TYPE_PRIVATE_KEY = 0x03, /* EVP_PKEY * */ - STORE_OBJECT_TYPE_PUBLIC_KEY = 0x04, /* EVP_PKEY * */ - STORE_OBJECT_TYPE_NUMBER = 0x05, /* BIGNUM * */ - STORE_OBJECT_TYPE_ARBITRARY = 0x06, /* BUF_MEM * */ - STORE_OBJECT_TYPE_NUM = 0x06 /* The amount of known object types */ -} STORE_OBJECT_TYPES; -/* List of text strings corresponding to the object types. */ -extern const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1]; - -/* - * Some store functions take a parameter list. Those parameters come with - * one of the following codes. The comments following the codes below - * indicate what type the value should be a pointer to. - */ -typedef enum STORE_params { - STORE_PARAM_EVP_TYPE = 0x01, /* int */ - STORE_PARAM_BITS = 0x02, /* size_t */ - STORE_PARAM_KEY_PARAMETERS = 0x03, /* ??? */ - STORE_PARAM_KEY_NO_PARAMETERS = 0x04, /* N/A */ - STORE_PARAM_AUTH_PASSPHRASE = 0x05, /* char * */ - STORE_PARAM_AUTH_KRB5_TICKET = 0x06, /* void * */ - STORE_PARAM_TYPE_NUM = 0x06 /* The amount of known parameter types */ -} STORE_PARAM_TYPES; -/* - * Parameter value sizes. -1 means unknown, anything else is the required - * size. - */ -extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1]; - -/* - * Store functions take attribute lists. Those attributes come with codes. - * The comments following the codes below indicate what type the value should - * be a pointer to. - */ -typedef enum STORE_attribs { - STORE_ATTR_END = 0x00, - STORE_ATTR_FRIENDLYNAME = 0x01, /* C string */ - STORE_ATTR_KEYID = 0x02, /* 160 bit string (SHA1) */ - STORE_ATTR_ISSUERKEYID = 0x03, /* 160 bit string (SHA1) */ - STORE_ATTR_SUBJECTKEYID = 0x04, /* 160 bit string (SHA1) */ - STORE_ATTR_ISSUERSERIALHASH = 0x05, /* 160 bit string (SHA1) */ - STORE_ATTR_ISSUER = 0x06, /* X509_NAME * */ - STORE_ATTR_SERIAL = 0x07, /* BIGNUM * */ - STORE_ATTR_SUBJECT = 0x08, /* X509_NAME * */ - STORE_ATTR_CERTHASH = 0x09, /* 160 bit string (SHA1) */ - STORE_ATTR_EMAIL = 0x0a, /* C string */ - STORE_ATTR_FILENAME = 0x0b, /* C string */ - STORE_ATTR_TYPE_NUM = 0x0b, /* The amount of known attribute types */ - STORE_ATTR_OR = 0xff /* This is a special separator, which - * expresses the OR operation. */ -} STORE_ATTR_TYPES; -/* - * Attribute value sizes. -1 means unknown, anything else is the required - * size. - */ -extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1]; - -typedef enum STORE_certificate_status { - STORE_X509_VALID = 0x00, - STORE_X509_EXPIRED = 0x01, - STORE_X509_SUSPENDED = 0x02, - STORE_X509_REVOKED = 0x03 -} STORE_CERTIFICATE_STATUS; - -/* - * Engine store functions will return a structure that contains all the - * necessary information, including revokation status for certificates. This - * is really not needed for application authors, as the ENGINE framework - * functions will extract the OpenSSL-specific information when at all - * possible. However, for engine authors, it's crucial to know this - * structure. - */ -typedef struct STORE_OBJECT_st { - STORE_OBJECT_TYPES type; - union { - struct { - STORE_CERTIFICATE_STATUS status; - X509 *certificate; - } x509; - X509_CRL *crl; - EVP_PKEY *key; - BIGNUM *number; - BUF_MEM *arbitrary; - } data; -} STORE_OBJECT; -DECLARE_STACK_OF(STORE_OBJECT) -STORE_OBJECT *STORE_OBJECT_new(void); -void STORE_OBJECT_free(STORE_OBJECT *data); - -/* - * The following functions handle the storage. They return 0, a negative - * number or NULL on error, anything else on success. - */ -X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[], - OPENSSL_ITEM add_attributes[], - OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[], - OPENSSL_ITEM parameters[]); -int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -X509 *STORE_list_certificate_next(STORE *e, void *handle); -int STORE_list_certificate_end(STORE *e, void *handle); -int STORE_list_certificate_endp(STORE *e, void *handle); -EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_store_private_key(STORE *e, EVP_PKEY *data, - OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[], - OPENSSL_ITEM add_sttributes[], - OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[], - OPENSSL_ITEM parameters[]); -int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle); -int STORE_list_private_key_end(STORE *e, void *handle); -int STORE_list_private_key_endp(STORE *e, void *handle); -EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_store_public_key(STORE *e, EVP_PKEY *data, - OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[], - OPENSSL_ITEM add_sttributes[], - OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[], - OPENSSL_ITEM parameters[]); -int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle); -int STORE_list_public_key_end(STORE *e, void *handle); -int STORE_list_public_key_endp(STORE *e, void *handle); -X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[], - OPENSSL_ITEM add_sttributes[], - OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[], - OPENSSL_ITEM parameters[]); -int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -X509_CRL *STORE_list_crl_next(STORE *e, void *handle); -int STORE_list_crl_end(STORE *e, void *handle); -int STORE_list_crl_endp(STORE *e, void *handle); -int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], - OPENSSL_ITEM add_sttributes[], - OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[], - OPENSSL_ITEM parameters[]); -BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[], - OPENSSL_ITEM add_sttributes[], - OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[], - OPENSSL_ITEM parameters[]); -BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); - -/* Create and manipulate methods */ -STORE_METHOD *STORE_create_method(char *name); -void STORE_destroy_method(STORE_METHOD *store_method); - -/* These callback types are use for store handlers */ -typedef int (*STORE_INITIALISE_FUNC_PTR) (STORE *); -typedef void (*STORE_CLEANUP_FUNC_PTR) (STORE *); -typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, - STORE_OBJECT_TYPES - type, - OPENSSL_ITEM - attributes[], - OPENSSL_ITEM - parameters[]); -typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, - STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle); -typedef int (*STORE_END_OBJECT_FUNC_PTR) (STORE *, void *handle); -typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -typedef int (*STORE_STORE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, - STORE_OBJECT *data, - OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, - OPENSSL_ITEM search_attributes[], - OPENSSL_ITEM add_attributes[], - OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[], - OPENSSL_ITEM parameters[]); -typedef int (*STORE_GENERIC_FUNC_PTR) (STORE *, OPENSSL_ITEM attributes[], - OPENSSL_ITEM parameters[]); -typedef int (*STORE_CTRL_FUNC_PTR) (STORE *, int cmd, long l, void *p, - void (*f) (void)); - -int STORE_method_set_initialise_function(STORE_METHOD *sm, - STORE_INITIALISE_FUNC_PTR init_f); -int STORE_method_set_cleanup_function(STORE_METHOD *sm, - STORE_CLEANUP_FUNC_PTR clean_f); -int STORE_method_set_generate_function(STORE_METHOD *sm, - STORE_GENERATE_OBJECT_FUNC_PTR - generate_f); -int STORE_method_set_get_function(STORE_METHOD *sm, - STORE_GET_OBJECT_FUNC_PTR get_f); -int STORE_method_set_store_function(STORE_METHOD *sm, - STORE_STORE_OBJECT_FUNC_PTR store_f); -int STORE_method_set_modify_function(STORE_METHOD *sm, - STORE_MODIFY_OBJECT_FUNC_PTR store_f); -int STORE_method_set_revoke_function(STORE_METHOD *sm, - STORE_HANDLE_OBJECT_FUNC_PTR revoke_f); -int STORE_method_set_delete_function(STORE_METHOD *sm, - STORE_HANDLE_OBJECT_FUNC_PTR delete_f); -int STORE_method_set_list_start_function(STORE_METHOD *sm, - STORE_START_OBJECT_FUNC_PTR - list_start_f); -int STORE_method_set_list_next_function(STORE_METHOD *sm, - STORE_NEXT_OBJECT_FUNC_PTR - list_next_f); -int STORE_method_set_list_end_function(STORE_METHOD *sm, - STORE_END_OBJECT_FUNC_PTR list_end_f); -int STORE_method_set_update_store_function(STORE_METHOD *sm, - STORE_GENERIC_FUNC_PTR); -int STORE_method_set_lock_store_function(STORE_METHOD *sm, - STORE_GENERIC_FUNC_PTR); -int STORE_method_set_unlock_store_function(STORE_METHOD *sm, - STORE_GENERIC_FUNC_PTR); -int STORE_method_set_ctrl_function(STORE_METHOD *sm, - STORE_CTRL_FUNC_PTR ctrl_f); - -STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD - *sm); -STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm); -STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD - *sm); -STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm); -STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm); -STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD - *sm); -STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD - *sm); -STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD - *sm); -STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD - *sm); -STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD - *sm); -STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD - *sm); -STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD - *sm); -STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm); -STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD - *sm); -STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm); - -/* Method helper structures and functions. */ - -/* - * This structure is the result of parsing through the information in a list - * of OPENSSL_ITEMs. It stores all the necessary information in a structured - * way. - */ -typedef struct STORE_attr_info_st STORE_ATTR_INFO; - -/* - * Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO. - * Note that we do this in the list form, since the list of OPENSSL_ITEMs can - * come in blocks separated with STORE_ATTR_OR. Note that the value returned - * by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). - */ -void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes); -STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle); -int STORE_parse_attrs_end(void *handle); -int STORE_parse_attrs_endp(void *handle); - -/* Creator and destructor */ -STORE_ATTR_INFO *STORE_ATTR_INFO_new(void); -int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs); - -/* Manipulators */ -char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, - STORE_ATTR_TYPES code); -unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, - STORE_ATTR_TYPES code); -X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, - STORE_ATTR_TYPES code); -BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, - STORE_ATTR_TYPES code); -int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, - char *cstr, size_t cstr_size); -int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, - unsigned char *sha1str, size_t sha1str_size); -int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, - X509_NAME *dn); -int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, - BIGNUM *number); -int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, - char *cstr, size_t cstr_size); -int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, - STORE_ATTR_TYPES code, - unsigned char *sha1str, - size_t sha1str_size); -int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, - X509_NAME *dn); -int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, - STORE_ATTR_TYPES code, BIGNUM *number); - -/* - * Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in - * each contained attribute. - */ -int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); -/* - * Check if the set of attributes in a is within the range of attributes set - * in b. - */ -int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); -/* Check if the set of attributes in a are also set in b. */ -int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); -/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */ -int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_STORE_strings(void); - -/* Error codes for the STORE functions. */ - -/* Function codes. */ -# define STORE_F_MEM_DELETE 134 -# define STORE_F_MEM_GENERATE 135 -# define STORE_F_MEM_LIST_END 168 -# define STORE_F_MEM_LIST_NEXT 136 -# define STORE_F_MEM_LIST_START 137 -# define STORE_F_MEM_MODIFY 169 -# define STORE_F_MEM_STORE 138 -# define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 -# define STORE_F_STORE_ATTR_INFO_GET0_DN 140 -# define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 -# define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142 -# define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143 -# define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144 -# define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145 -# define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146 -# define STORE_F_STORE_ATTR_INFO_SET_CSTR 147 -# define STORE_F_STORE_ATTR_INFO_SET_DN 148 -# define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149 -# define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 -# define STORE_F_STORE_CERTIFICATE 170 -# define STORE_F_STORE_CTRL 161 -# define STORE_F_STORE_DELETE_ARBITRARY 158 -# define STORE_F_STORE_DELETE_CERTIFICATE 102 -# define STORE_F_STORE_DELETE_CRL 103 -# define STORE_F_STORE_DELETE_NUMBER 104 -# define STORE_F_STORE_DELETE_PRIVATE_KEY 105 -# define STORE_F_STORE_DELETE_PUBLIC_KEY 106 -# define STORE_F_STORE_GENERATE_CRL 107 -# define STORE_F_STORE_GENERATE_KEY 108 -# define STORE_F_STORE_GET_ARBITRARY 159 -# define STORE_F_STORE_GET_CERTIFICATE 109 -# define STORE_F_STORE_GET_CRL 110 -# define STORE_F_STORE_GET_NUMBER 111 -# define STORE_F_STORE_GET_PRIVATE_KEY 112 -# define STORE_F_STORE_GET_PUBLIC_KEY 113 -# define STORE_F_STORE_LIST_CERTIFICATE_END 114 -# define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153 -# define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 -# define STORE_F_STORE_LIST_CERTIFICATE_START 116 -# define STORE_F_STORE_LIST_CRL_END 117 -# define STORE_F_STORE_LIST_CRL_ENDP 154 -# define STORE_F_STORE_LIST_CRL_NEXT 118 -# define STORE_F_STORE_LIST_CRL_START 119 -# define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 -# define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155 -# define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 -# define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 -# define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 -# define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156 -# define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 -# define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 -# define STORE_F_STORE_MODIFY_ARBITRARY 162 -# define STORE_F_STORE_MODIFY_CERTIFICATE 163 -# define STORE_F_STORE_MODIFY_CRL 164 -# define STORE_F_STORE_MODIFY_NUMBER 165 -# define STORE_F_STORE_MODIFY_PRIVATE_KEY 166 -# define STORE_F_STORE_MODIFY_PUBLIC_KEY 167 -# define STORE_F_STORE_NEW_ENGINE 133 -# define STORE_F_STORE_NEW_METHOD 132 -# define STORE_F_STORE_PARSE_ATTRS_END 151 -# define STORE_F_STORE_PARSE_ATTRS_ENDP 172 -# define STORE_F_STORE_PARSE_ATTRS_NEXT 152 -# define STORE_F_STORE_PARSE_ATTRS_START 171 -# define STORE_F_STORE_REVOKE_CERTIFICATE 129 -# define STORE_F_STORE_REVOKE_PRIVATE_KEY 130 -# define STORE_F_STORE_REVOKE_PUBLIC_KEY 131 -# define STORE_F_STORE_STORE_ARBITRARY 157 -# define STORE_F_STORE_STORE_CERTIFICATE 100 -# define STORE_F_STORE_STORE_CRL 101 -# define STORE_F_STORE_STORE_NUMBER 126 -# define STORE_F_STORE_STORE_PRIVATE_KEY 127 -# define STORE_F_STORE_STORE_PUBLIC_KEY 128 - -/* Reason codes. */ -# define STORE_R_ALREADY_HAS_A_VALUE 127 -# define STORE_R_FAILED_DELETING_ARBITRARY 132 -# define STORE_R_FAILED_DELETING_CERTIFICATE 100 -# define STORE_R_FAILED_DELETING_KEY 101 -# define STORE_R_FAILED_DELETING_NUMBER 102 -# define STORE_R_FAILED_GENERATING_CRL 103 -# define STORE_R_FAILED_GENERATING_KEY 104 -# define STORE_R_FAILED_GETTING_ARBITRARY 133 -# define STORE_R_FAILED_GETTING_CERTIFICATE 105 -# define STORE_R_FAILED_GETTING_KEY 106 -# define STORE_R_FAILED_GETTING_NUMBER 107 -# define STORE_R_FAILED_LISTING_CERTIFICATES 108 -# define STORE_R_FAILED_LISTING_KEYS 109 -# define STORE_R_FAILED_MODIFYING_ARBITRARY 138 -# define STORE_R_FAILED_MODIFYING_CERTIFICATE 139 -# define STORE_R_FAILED_MODIFYING_CRL 140 -# define STORE_R_FAILED_MODIFYING_NUMBER 141 -# define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142 -# define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143 -# define STORE_R_FAILED_REVOKING_CERTIFICATE 110 -# define STORE_R_FAILED_REVOKING_KEY 111 -# define STORE_R_FAILED_STORING_ARBITRARY 134 -# define STORE_R_FAILED_STORING_CERTIFICATE 112 -# define STORE_R_FAILED_STORING_KEY 113 -# define STORE_R_FAILED_STORING_NUMBER 114 -# define STORE_R_NOT_IMPLEMENTED 128 -# define STORE_R_NO_CONTROL_FUNCTION 144 -# define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135 -# define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 -# define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 -# define STORE_R_NO_GENERATE_CRL_FUNCTION 117 -# define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 -# define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136 -# define STORE_R_NO_GET_OBJECT_FUNCTION 119 -# define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 -# define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131 -# define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 -# define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 -# define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 -# define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145 -# define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 -# define STORE_R_NO_STORE 129 -# define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137 -# define STORE_R_NO_STORE_OBJECT_FUNCTION 125 -# define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 -# define STORE_R_NO_VALUE 130 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/Cryptlib/Include/openssl/symhacks.h b/Cryptlib/Include/openssl/symhacks.h index b8a6ddf1..239fa4fb 100644 --- a/Cryptlib/Include/openssl/symhacks.h +++ b/Cryptlib/Include/openssl/symhacks.h @@ -71,10 +71,6 @@ */ # ifdef OPENSSL_SYS_VMS -/* Hack a long name in crypto/cryptlib.c */ -# undef int_CRYPTO_set_do_dynlock_callback -# define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb - /* Hack a long name in crypto/ex_data.c */ # undef CRYPTO_get_ex_data_implementation # define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl @@ -170,7 +166,7 @@ # undef CRYPTO_get_locked_mem_ex_functions # define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs -/* Hack some long SSL names */ +/* Hack some long SSL/TLS names */ # undef SSL_CTX_set_default_verify_paths # define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths # undef SSL_get_ex_data_X509_STORE_CTX_idx @@ -187,7 +183,10 @@ # define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud # undef SSL_COMP_get_compression_methods # define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods - +# undef SSL_COMP_set0_compression_methods +# define SSL_COMP_set0_compression_methods SSL_COMP_set0_compress_methods +# undef SSL_COMP_free_compression_methods +# define SSL_COMP_free_compression_methods SSL_COMP_free_compress_methods # undef ssl_add_clienthello_renegotiate_ext # define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext # undef ssl_add_serverhello_renegotiate_ext @@ -196,6 +195,35 @@ # define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext # undef ssl_parse_serverhello_renegotiate_ext # define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext +# undef SSL_srp_server_param_with_username +# define SSL_srp_server_param_with_username SSL_srp_server_param_with_un +# undef SSL_CTX_set_srp_client_pwd_callback +# define SSL_CTX_set_srp_client_pwd_callback SSL_CTX_set_srp_client_pwd_cb +# undef SSL_CTX_set_srp_verify_param_callback +# define SSL_CTX_set_srp_verify_param_callback SSL_CTX_set_srp_vfy_param_cb +# undef SSL_CTX_set_srp_username_callback +# define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb +# undef ssl_add_clienthello_use_srtp_ext +# define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext +# undef ssl_add_serverhello_use_srtp_ext +# define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext +# undef ssl_parse_clienthello_use_srtp_ext +# define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext +# undef ssl_parse_serverhello_use_srtp_ext +# define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext +# undef SSL_CTX_set_next_protos_advertised_cb +# define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb +# undef SSL_CTX_set_next_proto_select_cb +# define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb + +# undef tls1_send_server_supplemental_data +# define tls1_send_server_supplemental_data tls1_send_server_suppl_data +# undef tls1_send_client_supplemental_data +# define tls1_send_client_supplemental_data tls1_send_client_suppl_data +# undef tls1_get_server_supplemental_data +# define tls1_get_server_supplemental_data tls1_get_server_suppl_data +# undef tls1_get_client_supplemental_data +# define tls1_get_client_supplemental_data tls1_get_client_suppl_data # undef ssl3_cbc_record_digest_supported # define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support @@ -204,7 +232,11 @@ # undef ssl_check_clienthello_tlsext_early # define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early -/* Hack some long ENGINE names */ +/* Hack some RSA long names */ +# undef RSA_padding_check_PKCS1_OAEP_mgf1 +# define RSA_padding_check_PKCS1_OAEP_mgf1 RSA_pad_check_PKCS1_OAEP_mgf1 + +/* Hack some ENGINE long names */ # undef ENGINE_get_default_BN_mod_exp_crt # define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt # undef ENGINE_set_default_BN_mod_exp_crt @@ -213,6 +245,14 @@ # define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn # undef ENGINE_get_load_privkey_function # define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn +# undef ENGINE_unregister_pkey_asn1_meths +# define ENGINE_unregister_pkey_asn1_meths ENGINE_unreg_pkey_asn1_meths +# undef ENGINE_register_all_pkey_asn1_meths +# define ENGINE_register_all_pkey_asn1_meths ENGINE_reg_all_pkey_asn1_meths +# undef ENGINE_set_default_pkey_asn1_meths +# define ENGINE_set_default_pkey_asn1_meths ENGINE_set_def_pkey_asn1_meths +# undef ENGINE_get_pkey_asn1_meth_engine +# define ENGINE_get_pkey_asn1_meth_engine ENGINE_get_pkey_asn1_meth_eng # undef ENGINE_set_load_ssl_client_cert_function # define ENGINE_set_load_ssl_client_cert_function \ ENGINE_set_ld_ssl_clnt_cert_fn @@ -238,6 +278,8 @@ # define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf # undef OPENSSL_add_all_algorithms_conf # define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf +# undef EVP_PKEY_meth_set_verify_recover +# define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover /* Hack some long EC names */ # undef EC_GROUP_set_point_conversion_form @@ -246,6 +288,9 @@ # define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form # undef EC_GROUP_clear_free_all_extra_data # define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data +# undef EC_KEY_set_public_key_affine_coordinates +# define EC_KEY_set_public_key_affine_coordinates \ + EC_KEY_set_pub_key_aff_coords # undef EC_POINT_set_Jprojective_coordinates_GFp # define EC_POINT_set_Jprojective_coordinates_GFp \ EC_POINT_set_Jproj_coords_GFp @@ -379,6 +424,14 @@ # undef STORE_method_get_unlock_store_function # define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn +/* Hack some long TS names */ +# undef TS_RESP_CTX_set_status_info_cond +# define TS_RESP_CTX_set_status_info_cond TS_RESP_CTX_set_stat_info_cond +# undef TS_RESP_CTX_set_clock_precision_digits +# define TS_RESP_CTX_set_clock_precision_digits TS_RESP_CTX_set_clk_prec_digits +# undef TS_CONF_set_clock_precision_digits +# define TS_CONF_set_clock_precision_digits TS_CONF_set_clk_prec_digits + /* Hack some long CMS names */ # undef CMS_RecipientInfo_ktri_get0_algs # define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs @@ -392,15 +445,39 @@ # define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it # undef cms_SignerIdentifier_get0_signer_id # define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id +# undef CMS_RecipientInfo_kari_get0_orig_id +# define CMS_RecipientInfo_kari_get0_orig_id CMS_RecipInfo_kari_get0_orig_id +# undef CMS_RecipientInfo_kari_get0_reks +# define CMS_RecipientInfo_kari_get0_reks CMS_RecipInfo_kari_get0_reks +# undef CMS_RecipientEncryptedKey_cert_cmp +# define CMS_RecipientEncryptedKey_cert_cmp CMS_RecipEncryptedKey_cert_cmp +# undef CMS_RecipientInfo_kari_set0_pkey +# define CMS_RecipientInfo_kari_set0_pkey CMS_RecipInfo_kari_set0_pkey +# undef CMS_RecipientEncryptedKey_get0_id +# define CMS_RecipientEncryptedKey_get0_id CMS_RecipEncryptedKey_get0_id +# undef CMS_RecipientInfo_kari_orig_id_cmp +# define CMS_RecipientInfo_kari_orig_id_cmp CMS_RecipInfo_kari_orig_id_cmp /* Hack some long DTLS1 names */ # undef dtls1_retransmit_buffered_messages # define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs +/* Hack some long SRP names */ +# undef SRP_generate_server_master_secret +# define SRP_generate_server_master_secret SRP_gen_server_master_secret +# undef SRP_generate_client_master_secret +# define SRP_generate_client_master_secret SRP_gen_client_master_secret + +/* Hack some long UI names */ +# undef UI_method_get_prompt_constructor +# define UI_method_get_prompt_constructor UI_method_get_prompt_constructr +# undef UI_method_set_prompt_constructor +# define UI_method_set_prompt_constructor UI_method_set_prompt_constructr + # endif /* defined OPENSSL_SYS_VMS */ -/* Case insensiteve linking causes problems.... */ -# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) +/* Case insensitive linking causes problems.... */ +# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) # undef ERR_load_CRYPTO_strings # define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings # undef OCSP_crlID_new @@ -430,9 +507,10 @@ # undef X509v3_add_standard_extensions # define X509v3_add_standard_extensions oX509v3_add_standard_extensions +/* This one clashes with CMS_data_create */ +# undef cms_Data_create +# define cms_Data_create priv_cms_Data_create + # endif #endif /* ! defined HEADER_VMS_IDHACKS_H */ -/* This one clashes with CMS_data_create */ -#undef cms_Data_create -#define cms_Data_create priv_cms_Data_create diff --git a/Cryptlib/Include/openssl/tls1.h b/Cryptlib/Include/openssl/tls1.h index fd8a034d..5929607f 100644 --- a/Cryptlib/Include/openssl/tls1.h +++ b/Cryptlib/Include/openssl/tls1.h @@ -56,6 +56,59 @@ * [including the GNU Public Licence.] */ /* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * * Portions of the attached software ("Contribution") are developed by @@ -68,6 +121,32 @@ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ #ifndef HEADER_TLS1_H # define HEADER_TLS1_H @@ -83,13 +162,7 @@ extern "C" { # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 # define TLS1_2_VERSION 0x0303 -/* - * TLS 1.1 and 1.2 are not supported by this version of OpenSSL, so - * TLS_MAX_VERSION indicates TLS 1.0 regardless of the above definitions. - * (s23_clnt.c and s23_srvr.c have an OPENSSL_assert() check that would catch - * the error if TLS_MAX_VERSION was too low.) - */ -# define TLS_MAX_VERSION TLS1_VERSION +# define TLS_MAX_VERSION TLS1_2_VERSION # define TLS1_VERSION_MAJOR 0x03 # define TLS1_VERSION_MINOR 0x01 @@ -127,31 +200,137 @@ extern "C" { # define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 # define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ -/* ExtensionType values from RFC 3546 */ +/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ # define TLSEXT_TYPE_server_name 0 # define TLSEXT_TYPE_max_fragment_length 1 # define TLSEXT_TYPE_client_certificate_url 2 # define TLSEXT_TYPE_trusted_ca_keys 3 # define TLSEXT_TYPE_truncated_hmac 4 # define TLSEXT_TYPE_status_request 5 +/* ExtensionType values from RFC4681 */ +# define TLSEXT_TYPE_user_mapping 6 +/* ExtensionType values from RFC5878 */ +# define TLSEXT_TYPE_client_authz 7 +# define TLSEXT_TYPE_server_authz 8 +/* ExtensionType values from RFC6091 */ +# define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC4492 */ # define TLSEXT_TYPE_elliptic_curves 10 # define TLSEXT_TYPE_ec_point_formats 11 + +/* ExtensionType value from RFC5054 */ +# define TLSEXT_TYPE_srp 12 + +/* ExtensionType values from RFC5246 */ +# define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC5764 */ +# define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC5620 */ +# define TLSEXT_TYPE_heartbeat 15 + +/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */ +# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +/* + * ExtensionType value for TLS padding extension. + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + * http://tools.ietf.org/html/draft-agl-tls-padding-03 + */ +# define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC4507 */ # define TLSEXT_TYPE_session_ticket 35 +/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ +# if 0 +/* + * will have to be provided externally for now , + * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 + * using whatever extension number you'd like to try + */ +# define TLSEXT_TYPE_opaque_prf_input ?? +# endif + /* Temporary extension type */ # define TLSEXT_TYPE_renegotiate 0xff01 +# ifndef OPENSSL_NO_NEXTPROTONEG +/* This is not an IANA defined extension number */ +# define TLSEXT_TYPE_next_proto_neg 13172 +# endif + /* NameType value from RFC 3546 */ # define TLSEXT_NAMETYPE_host_name 0 /* status request value from RFC 3546 */ # define TLSEXT_STATUSTYPE_ocsp 1 +/* ECPointFormat values from draft-ietf-tls-ecc-12 */ +# define TLSEXT_ECPOINTFORMAT_first 0 +# define TLSEXT_ECPOINTFORMAT_uncompressed 0 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +# define TLSEXT_ECPOINTFORMAT_last 2 + +/* Signature and hash algorithms from RFC 5246 */ + +# define TLSEXT_signature_anonymous 0 +# define TLSEXT_signature_rsa 1 +# define TLSEXT_signature_dsa 2 +# define TLSEXT_signature_ecdsa 3 + +/* Total number of different signature algorithms */ +# define TLSEXT_signature_num 4 + +# define TLSEXT_hash_none 0 +# define TLSEXT_hash_md5 1 +# define TLSEXT_hash_sha1 2 +# define TLSEXT_hash_sha224 3 +# define TLSEXT_hash_sha256 4 +# define TLSEXT_hash_sha384 5 +# define TLSEXT_hash_sha512 6 + +/* Total number of different digest algorithms */ + +# define TLSEXT_hash_num 7 + +/* Flag set for unrecognised algorithms */ +# define TLSEXT_nid_unknown 0x1000000 + +/* ECC curves */ + +# define TLSEXT_curve_P_256 23 +# define TLSEXT_curve_P_384 24 + # ifndef OPENSSL_NO_TLSEXT # define TLSEXT_MAXLEN_host_name 255 const char *SSL_get_servername(const SSL *s, const int type); int SSL_get_servername_type(const SSL *s); +/* + * SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) It returns 1 on success and + * zero otherwise. + */ +int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *p, size_t plen, + int use_context); + +int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); # define SSL_set_tlsext_host_name(s,name) \ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) @@ -205,19 +384,45 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) +# define SSL_set_tlsext_opaque_prf_input(s, src, len) \ +SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) +# define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ +SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) +# define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ +SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) + # define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_TLSEXT_HB_ENABLED 0x01 +# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 +# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04 + +# define SSL_get_tlsext_heartbeat_pending(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL) +# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ + SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) +# endif # endif +/* PSK ciphersuites from 4279 */ +# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D + /* - * Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt - * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see - * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably - * shouldn't. + * Additional TLS ciphersuites from expired Internet Draft + * draft-ietf-tls-56-bit-ciphersuites-01.txt (available if + * TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c). We + * actually treat them like SSL 3.0 ciphers, which we probably shouldn't. + * Note that the first two are actually not in the IDs. */ -# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 -# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 +# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060/* not in + * ID */ +# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061/* not in + * ID */ # define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 # define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 # define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 @@ -240,6 +445,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 # define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + /* Camellia ciphersuites from RFC4132 */ # define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 # define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 @@ -248,6 +461,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 # define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 +/* TLS v1.2 ciphersuites */ +# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC4132 */ # define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 # define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 # define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 @@ -263,6 +486,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A # define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + /* * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in * draft 13 @@ -297,12 +534,43 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 # define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 +/* SRP ciphersuites from RFC 5054 */ +# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC5289 */ + +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + /* - * XXX Inconsistency alert: The OpenSSL names of ciphers with ephemeral DH - * here include the string "DHE", while elsewhere it has always been "EDH". - * (The alias for the list of all such ciphers also is "EDH".) The - * specifications speak of "EDH"; maybe we should allow both forms for - * everything. + * XXX * Backward compatibility alert: + * Older versions of OpenSSL gave + * some DHE ciphers names with "EDH" + * instead of "DHE". Going forward, we + * should be using DHE + * everywhere, though we may indefinitely maintain + * aliases for users + * or configurations that used "EDH" + */ # define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" # define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" @@ -358,6 +626,23 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" # define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" +/* PSK ciphersuites from RFC 4279 */ +# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +/* SRP ciphersuite from RFC 5054 */ +# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + /* Camellia ciphersuites from RFC4132 */ # define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" # define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" @@ -381,6 +666,56 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" # define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" +/* TLS v1.2 ciphersuites */ +# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC5288 */ +# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* ECDH HMAC based ciphersuites from RFC5289 */ + +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC5289 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + # define TLS_CT_RSA_SIGN 1 # define TLS_CT_DSS_SIGN 2 # define TLS_CT_RSA_FIXED_DH 3 @@ -388,7 +723,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS_CT_ECDSA_SIGN 64 # define TLS_CT_RSA_FIXED_ECDH 65 # define TLS_CT_ECDSA_FIXED_ECDH 66 -# define TLS_CT_NUMBER 7 +# define TLS_CT_GOST94_SIGN 21 +# define TLS_CT_GOST01_SIGN 22 +/* + * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) + */ +# define TLS_CT_NUMBER 9 # define TLS1_FINISH_MAC_LENGTH 12 @@ -460,6 +801,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" # endif +/* TLS Session Ticket extension struct */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + #ifdef __cplusplus } #endif diff --git a/Cryptlib/Include/openssl/tmdiff.h b/Cryptlib/Include/openssl/tmdiff.h deleted file mode 100644 index 33c901ee..00000000 --- a/Cryptlib/Include/openssl/tmdiff.h +++ /dev/null @@ -1,91 +0,0 @@ -/* crypto/tmdiff.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* - * Header for dynamic hash table routines Author - Eric Young - */ -/* - * ... erm yeah, "dynamic hash tables" you say? And what would dynamic hash - * tables have to do with any of this code *now*? AFAICS, this code is only - * referenced by crypto/bn/exp.c which is an unused file that I doubt - * compiles any more. speed.c is the only thing that could use this (and it - * has nothing to do with hash tables), yet it instead has its own - * duplication of all this stuff and looks, if anything, more complete. See - * the corresponding note in apps/speed.c. The Bemused - Geoff - */ - -#ifndef HEADER_TMDIFF_H -# define HEADER_TMDIFF_H - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct ms_tm MS_TM; - -MS_TM *ms_time_new(void); -void ms_time_free(MS_TM * a); -void ms_time_get(MS_TM * a); -double ms_time_diff(MS_TM * start, MS_TM * end); -int ms_time_cmp(const MS_TM * ap, const MS_TM * bp); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/Cryptlib/Include/openssl/ts.h b/Cryptlib/Include/openssl/ts.h new file mode 100644 index 00000000..16eccbb3 --- /dev/null +++ b/Cryptlib/Include/openssl/ts.h @@ -0,0 +1,862 @@ +/* crypto/ts/ts.h */ +/* + * Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project + * 2002, 2003, 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_TS_H +# define HEADER_TS_H + +# include <openssl/opensslconf.h> +# include <openssl/symhacks.h> +# ifndef OPENSSL_NO_BUFFER +# include <openssl/buffer.h> +# endif +# ifndef OPENSSL_NO_EVP +# include <openssl/evp.h> +# endif +# ifndef OPENSSL_NO_BIO +# include <openssl/bio.h> +# endif +# include <openssl/stack.h> +# include <openssl/asn1.h> +# include <openssl/safestack.h> + +# ifndef OPENSSL_NO_RSA +# include <openssl/rsa.h> +# endif + +# ifndef OPENSSL_NO_DSA +# include <openssl/dsa.h> +# endif + +# ifndef OPENSSL_NO_DH +# include <openssl/dh.h> +# endif + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef WIN32 +/* Under Win32 this is defined in wincrypt.h */ +# undef X509_NAME +# endif + +# include <openssl/x509.h> +# include <openssl/x509v3.h> + +/*- +MessageImprint ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier, + hashedMessage OCTET STRING } +*/ + +typedef struct TS_msg_imprint_st { + X509_ALGOR *hash_algo; + ASN1_OCTET_STRING *hashed_msg; +} TS_MSG_IMPRINT; + +/*- +TimeStampReq ::= SEQUENCE { + version INTEGER { v1(1) }, + messageImprint MessageImprint, + --a hash algorithm OID and the hash value of the data to be + --time-stamped + reqPolicy TSAPolicyId OPTIONAL, + nonce INTEGER OPTIONAL, + certReq BOOLEAN DEFAULT FALSE, + extensions [0] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_req_st { + ASN1_INTEGER *version; + TS_MSG_IMPRINT *msg_imprint; + ASN1_OBJECT *policy_id; /* OPTIONAL */ + ASN1_INTEGER *nonce; /* OPTIONAL */ + ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ + STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ +} TS_REQ; + +/*- +Accuracy ::= SEQUENCE { + seconds INTEGER OPTIONAL, + millis [0] INTEGER (1..999) OPTIONAL, + micros [1] INTEGER (1..999) OPTIONAL } +*/ + +typedef struct TS_accuracy_st { + ASN1_INTEGER *seconds; + ASN1_INTEGER *millis; + ASN1_INTEGER *micros; +} TS_ACCURACY; + +/*- +TSTInfo ::= SEQUENCE { + version INTEGER { v1(1) }, + policy TSAPolicyId, + messageImprint MessageImprint, + -- MUST have the same value as the similar field in + -- TimeStampReq + serialNumber INTEGER, + -- Time-Stamping users MUST be ready to accommodate integers + -- up to 160 bits. + genTime GeneralizedTime, + accuracy Accuracy OPTIONAL, + ordering BOOLEAN DEFAULT FALSE, + nonce INTEGER OPTIONAL, + -- MUST be present if the similar field was present + -- in TimeStampReq. In that case it MUST have the same value. + tsa [0] GeneralName OPTIONAL, + extensions [1] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_tst_info_st { + ASN1_INTEGER *version; + ASN1_OBJECT *policy_id; + TS_MSG_IMPRINT *msg_imprint; + ASN1_INTEGER *serial; + ASN1_GENERALIZEDTIME *time; + TS_ACCURACY *accuracy; + ASN1_BOOLEAN ordering; + ASN1_INTEGER *nonce; + GENERAL_NAME *tsa; + STACK_OF(X509_EXTENSION) *extensions; +} TS_TST_INFO; + +/*- +PKIStatusInfo ::= SEQUENCE { + status PKIStatus, + statusString PKIFreeText OPTIONAL, + failInfo PKIFailureInfo OPTIONAL } + +From RFC 1510 - section 3.1.1: +PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + -- text encoded as UTF-8 String (note: each UTF8String SHOULD + -- include an RFC 1766 language tag to indicate the language + -- of the contained text) +*/ + +/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ + +# define TS_STATUS_GRANTED 0 +# define TS_STATUS_GRANTED_WITH_MODS 1 +# define TS_STATUS_REJECTION 2 +# define TS_STATUS_WAITING 3 +# define TS_STATUS_REVOCATION_WARNING 4 +# define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* + * Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c + */ + +# define TS_INFO_BAD_ALG 0 +# define TS_INFO_BAD_REQUEST 2 +# define TS_INFO_BAD_DATA_FORMAT 5 +# define TS_INFO_TIME_NOT_AVAILABLE 14 +# define TS_INFO_UNACCEPTED_POLICY 15 +# define TS_INFO_UNACCEPTED_EXTENSION 16 +# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +# define TS_INFO_SYSTEM_FAILURE 25 + +typedef struct TS_status_info_st { + ASN1_INTEGER *status; + STACK_OF(ASN1_UTF8STRING) *text; + ASN1_BIT_STRING *failure_info; +} TS_STATUS_INFO; + +DECLARE_STACK_OF(ASN1_UTF8STRING) +DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) + +/*- +TimeStampResp ::= SEQUENCE { + status PKIStatusInfo, + timeStampToken TimeStampToken OPTIONAL } +*/ + +typedef struct TS_resp_st { + TS_STATUS_INFO *status_info; + PKCS7 *token; + TS_TST_INFO *tst_info; +} TS_RESP; + +/* The structure below would belong to the ESS component. */ + +/*- +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serialNumber CertificateSerialNumber + } +*/ + +typedef struct ESS_issuer_serial { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER *serial; +} ESS_ISSUER_SERIAL; + +/*- +ESSCertID ::= SEQUENCE { + certHash Hash, + issuerSerial IssuerSerial OPTIONAL +} +*/ + +typedef struct ESS_cert_id { + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ESS_ISSUER_SERIAL *issuer_serial; +} ESS_CERT_ID; + +DECLARE_STACK_OF(ESS_CERT_ID) +DECLARE_ASN1_SET_OF(ESS_CERT_ID) + +/*- +SigningCertificate ::= SEQUENCE { + certs SEQUENCE OF ESSCertID, + policies SEQUENCE OF PolicyInformation OPTIONAL +} +*/ + +typedef struct ESS_signing_cert { + STACK_OF(ESS_CERT_ID) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +} ESS_SIGNING_CERT; + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, + long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +void ERR_load_TS_strings(void); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* + * Declarations related to response generation, defined in ts/ts_resp_sign.c. + */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +# define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +# define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +# define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *); + +/* + * This must return the seconds and microseconds since Jan 1, 1970 in the sec + * and usec variables allocated by the caller. Return non-zero for success + * and zero for failure. + */ +typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, + long *usec); + +/* + * This must process the given extension. It can modify the TS_TST_INFO + * object of the context. Return values: !0 (processed), 0 (error, it must + * set the status info/failure info of the response). + */ +typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, + void *); + +typedef struct TS_resp_ctx { + X509 *signer_cert; + EVP_PKEY *signer_key; + STACK_OF(X509) *certs; /* Certs to include in signed data. */ + STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ + ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ + STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ + ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ + unsigned clock_precision_digits; /* fraction of seconds in time stamp + * token. */ + unsigned flags; /* Optional info, see values above. */ + /* Callback functions. */ + TS_serial_cb serial_cb; + void *serial_cb_data; /* User data for serial_cb. */ + TS_time_cb time_cb; + void *time_cb_data; /* User data for time_cb. */ + TS_extension_cb extension_cb; + void *extension_cb_data; /* User data for extension_cb. */ + /* These members are used only while creating the response. */ + TS_REQ *request; + TS_RESP *response; + TS_TST_INFO *tst_info; +} TS_RESP_CTX; + +DECLARE_STACK_OF(EVP_MD) +DECLARE_ASN1_SET_OF(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* + * Adds a new acceptable policy, only the default policy is accepted by + * default. + */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); + +/* + * Adds a new acceptable message digest. Note that no message digests are + * accepted by default. The md argument is shared with the caller. + */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* + * Clock precision digits, i.e. the number of decimal digits: '0' means sec, + * '3' msec, '6' usec, and so on. Default is 0. + */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +# define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses the gettimeofday() and gmtime() system calls. */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* + * Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. + */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +# define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +# define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +# define TS_VFY_POLICY (1u << 2) +/* + * Verify the message imprint provided by the user. This flag should not be + * specified with TS_VFY_DATA. + */ +# define TS_VFY_IMPRINT (1u << 3) +/* + * Verify the message imprint computed by the verify method from the user + * provided data and the MD algorithm of the response. This flag should not + * be specified with TS_VFY_IMPRINT. + */ +# define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +# define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +# define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +# define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx { + /* Set this to the union of TS_VFY_... flags you want to carry out. */ + unsigned flags; + /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ + X509_STORE *store; + STACK_OF(X509) *certs; + /* Must be set only with TS_VFY_POLICY. */ + ASN1_OBJECT *policy; + /* + * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the + * algorithm from the response is used. + */ + X509_ALGOR *md_alg; + unsigned char *imprint; + unsigned imprint_len; + /* Must be set only with TS_VFY_DATA. */ + BIO *data; + /* Must be set only with TS_VFY_TSA_NAME. */ + ASN1_INTEGER *nonce; + /* Must be set only with TS_VFY_TSA_NAME. */ + GENERAL_NAME *tsa_name; +} TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + * they are defined in ts/ts_verify_ctx.c. + */ + +/* Set all fields to zero. */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); + +/*- + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* + * Function declarations for handling configuration options, defined in + * ts/ts_conf.c + */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +/* -------------------------------------------------- */ +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_TS_strings(void); + +/* Error codes for the TS functions. */ + +/* Function codes. */ +# define TS_F_D2I_TS_RESP 147 +# define TS_F_DEF_SERIAL_CB 110 +# define TS_F_DEF_TIME_CB 111 +# define TS_F_ESS_ADD_SIGNING_CERT 112 +# define TS_F_ESS_CERT_ID_NEW_INIT 113 +# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +# define TS_F_PKCS7_TO_TS_TST_INFO 148 +# define TS_F_TS_ACCURACY_SET_MICROS 115 +# define TS_F_TS_ACCURACY_SET_MILLIS 116 +# define TS_F_TS_ACCURACY_SET_SECONDS 117 +# define TS_F_TS_CHECK_IMPRINTS 100 +# define TS_F_TS_CHECK_NONCES 101 +# define TS_F_TS_CHECK_POLICY 102 +# define TS_F_TS_CHECK_SIGNING_CERTS 103 +# define TS_F_TS_CHECK_STATUS_INFO 104 +# define TS_F_TS_COMPUTE_IMPRINT 145 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +# define TS_F_TS_GET_STATUS_TEXT 105 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +# define TS_F_TS_REQ_SET_NONCE 120 +# define TS_F_TS_REQ_SET_POLICY_ID 121 +# define TS_F_TS_RESP_CREATE_RESPONSE 122 +# define TS_F_TS_RESP_CREATE_TST_INFO 123 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +# define TS_F_TS_RESP_CTX_ADD_MD 125 +# define TS_F_TS_RESP_CTX_ADD_POLICY 126 +# define TS_F_TS_RESP_CTX_NEW 127 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +# define TS_F_TS_RESP_CTX_SET_CERTS 129 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +# define TS_F_TS_RESP_GET_POLICY 133 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +# define TS_F_TS_RESP_SET_STATUS_INFO 135 +# define TS_F_TS_RESP_SET_TST_INFO 150 +# define TS_F_TS_RESP_SIGN 136 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +# define TS_F_TS_RESP_VERIFY_TOKEN 107 +# define TS_F_TS_TST_INFO_SET_ACCURACY 137 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +# define TS_F_TS_TST_INFO_SET_NONCE 139 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +# define TS_F_TS_TST_INFO_SET_SERIAL 141 +# define TS_F_TS_TST_INFO_SET_TIME 142 +# define TS_F_TS_TST_INFO_SET_TSA 143 +# define TS_F_TS_VERIFY 108 +# define TS_F_TS_VERIFY_CERT 109 +# define TS_F_TS_VERIFY_CTX_NEW 144 + +/* Reason codes. */ +# define TS_R_BAD_PKCS7_TYPE 132 +# define TS_R_BAD_TYPE 133 +# define TS_R_CERTIFICATE_VERIFY_ERROR 100 +# define TS_R_COULD_NOT_SET_ENGINE 127 +# define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_D2I_TS_RESP_INT_FAILED 128 +# define TS_R_DETACHED_CONTENT 134 +# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +# define TS_R_INVALID_NULL_POINTER 102 +# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +# define TS_R_NONCE_MISMATCH 104 +# define TS_R_NONCE_NOT_RETURNED 105 +# define TS_R_NO_CONTENT 106 +# define TS_R_NO_TIME_STAMP_TOKEN 107 +# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +# define TS_R_POLICY_MISMATCH 108 +# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +# define TS_R_RESPONSE_SETUP_ERROR 121 +# define TS_R_SIGNATURE_FAILURE 109 +# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +# define TS_R_TIME_SYSCALL_ERROR 122 +# define TS_R_TOKEN_NOT_PRESENT 130 +# define TS_R_TOKEN_PRESENT 131 +# define TS_R_TSA_NAME_MISMATCH 111 +# define TS_R_TSA_UNTRUSTED 112 +# define TS_R_TST_INFO_SETUP_ERROR 123 +# define TS_R_TS_DATASIGN 124 +# define TS_R_UNACCEPTABLE_POLICY 125 +# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +# define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_WRONG_CONTENT_TYPE 114 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/Cryptlib/Include/openssl/txt_db.h b/Cryptlib/Include/openssl/txt_db.h index f1145a79..98e23a20 100644 --- a/Cryptlib/Include/openssl/txt_db.h +++ b/Cryptlib/Include/openssl/txt_db.h @@ -77,15 +77,18 @@ extern "C" { #endif +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + typedef struct txt_db_st { int num_fields; - STACK /* char ** */ * data; - LHASH **index; - int (**qual) (char **); + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual) (OPENSSL_STRING *); long error; long arg1; long arg2; - char **arg_row; + OPENSSL_STRING *arg_row; } TXT_DB; # ifndef OPENSSL_NO_BIO @@ -95,11 +98,12 @@ long TXT_DB_write(BIO *out, TXT_DB *db); TXT_DB *TXT_DB_read(char *in, int num); long TXT_DB_write(char *out, TXT_DB *db); # endif -int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (char **), +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); void TXT_DB_free(TXT_DB *db); -char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); -int TXT_DB_insert(TXT_DB *db, char **value); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); #ifdef __cplusplus } diff --git a/Cryptlib/Include/openssl/ui.h b/Cryptlib/Include/openssl/ui.h index 1f0c2ea2..b917edab 100644 --- a/Cryptlib/Include/openssl/ui.h +++ b/Cryptlib/Include/openssl/ui.h @@ -301,8 +301,8 @@ UI_METHOD *UI_OpenSSL(void); * The UI_STRING type is the data structure that contains all the needed info * about a string or a prompt, including test data for a verification prompt. */ -DECLARE_STACK_OF(UI_STRING) typedef struct ui_string_st UI_STRING; +DECLARE_STACK_OF(UI_STRING) /* * The different types of strings that are currently supported. This is only @@ -327,11 +327,20 @@ int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); int UI_method_set_reader(UI_METHOD *method, int (*reader) (UI *ui, UI_STRING *uis)); int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +int UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor) (UI *ui, + const char + *object_desc, + const char + *object_name)); int (*UI_method_get_opener(UI_METHOD *method)) (UI *); int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *); int (*UI_method_get_flusher(UI_METHOD *method)) (UI *); int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *); int (*UI_method_get_closer(UI_METHOD *method)) (UI *); +char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *, + const char *, + const char *); /* * The following functions are helpers for method writers to access relevant diff --git a/Cryptlib/Include/openssl/whrlpool.h b/Cryptlib/Include/openssl/whrlpool.h new file mode 100644 index 00000000..73c749da --- /dev/null +++ b/Cryptlib/Include/openssl/whrlpool.h @@ -0,0 +1,41 @@ +#ifndef HEADER_WHRLPOOL_H +# define HEADER_WHRLPOOL_H + +# include <openssl/e_os2.h> +# include <stddef.h> + +#ifdef __cplusplus +extern "C" { +#endif + +# define WHIRLPOOL_DIGEST_LENGTH (512/8) +# define WHIRLPOOL_BBLOCK 512 +# define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK / 8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; +} WHIRLPOOL_CTX; + +# ifndef OPENSSL_NO_WHIRLPOOL +# ifdef OPENSSL_FIPS +int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +# endif +int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); +int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); +unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); +# endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/Cryptlib/Include/openssl/x509.h b/Cryptlib/Include/openssl/x509.h index 51cccbf7..99337b84 100644 --- a/Cryptlib/Include/openssl/x509.h +++ b/Cryptlib/Include/openssl/x509.h @@ -154,11 +154,11 @@ typedef struct X509_val_st { ASN1_TIME *notAfter; } X509_VAL; -typedef struct X509_pubkey_st { +struct X509_pubkey_st { X509_ALGOR *algor; ASN1_BIT_STRING *public_key; EVP_PKEY *pkey; -} X509_PUBKEY; +}; typedef struct X509_sig_st { X509_ALGOR *algor; @@ -184,7 +184,9 @@ struct X509_name_st { # else char *bytes; # endif - unsigned long hash; /* Keep the hash around for lookups */ +/* unsigned long hash; Keep the hash around for lookups */ + unsigned char *canon_enc; + int canon_enclen; } /* X509_NAME */ ; DECLARE_STACK_OF(X509_NAME) @@ -281,8 +283,11 @@ struct x509_st { unsigned long ex_xkusage; unsigned long ex_nscert; ASN1_OCTET_STRING *skid; - struct AUTHORITY_KEYID_st *akid; + AUTHORITY_KEYID *akid; X509_POLICY_CACHE *policy_cache; + STACK_OF(DIST_POINT) *crldp; + STACK_OF(GENERAL_NAME) *altname; + NAME_CONSTRAINTS *nc; # ifndef OPENSSL_NO_RFC3779 STACK_OF(IPAddressFamily) *rfc3779_addr; struct ASIdentifiers_st *rfc3779_asid; @@ -325,10 +330,11 @@ typedef struct x509_cert_pair_st { # define X509_TRUST_OBJECT_SIGN 5 # define X509_TRUST_OCSP_SIGN 6 # define X509_TRUST_OCSP_REQUEST 7 +# define X509_TRUST_TSA 8 /* Keep these up to date! */ # define X509_TRUST_MIN 1 -# define X509_TRUST_MAX 7 +# define X509_TRUST_MAX 8 /* trust_flags values */ # define X509_TRUST_DYNAMIC 1 @@ -355,6 +361,7 @@ typedef struct x509_cert_pair_st { # define X509_FLAG_NO_SIGDUMP (1L << 9) # define X509_FLAG_NO_AUX (1L << 10) # define X509_FLAG_NO_ATTRIBUTES (1L << 11) +# define X509_FLAG_NO_IDS (1L << 12) /* Flags specific to X509_NAME_print_ex() */ @@ -417,12 +424,16 @@ typedef struct x509_cert_pair_st { XN_FLAG_FN_LN | \ XN_FLAG_FN_ALIGN) -typedef struct X509_revoked_st { +struct x509_revoked_st { ASN1_INTEGER *serialNumber; ASN1_TIME *revocationDate; STACK_OF(X509_EXTENSION) /* optional */ *extensions; + /* Set up if indirect CRL */ + STACK_OF(GENERAL_NAME) *issuer; + /* Revocation reason */ + int reason; int sequence; /* load sequence */ -} X509_REVOKED; +}; DECLARE_STACK_OF(X509_REVOKED) DECLARE_ASN1_SET_OF(X509_REVOKED) @@ -444,6 +455,22 @@ struct X509_crl_st { X509_ALGOR *sig_alg; ASN1_BIT_STRING *signature; int references; + int flags; + /* Copies of various extensions */ + AUTHORITY_KEYID *akid; + ISSUING_DIST_POINT *idp; + /* Convenient breakdown of IDP */ + int idp_flags; + int idp_reasons; + /* CRL and base CRL numbers for delta processing */ + ASN1_INTEGER *crl_number; + ASN1_INTEGER *base_crl_number; +# ifndef OPENSSL_NO_SHA + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; +# endif + STACK_OF(GENERAL_NAMES) *issuers; + const X509_CRL_METHOD *meth; + void *meth_data; } /* X509_CRL */ ; DECLARE_STACK_OF(X509_CRL) @@ -532,19 +559,20 @@ typedef struct PBKDF2PARAM_st { /* PKCS#8 private key info structure */ -typedef struct pkcs8_priv_key_info_st { +struct pkcs8_priv_key_info_st { /* Flag for various broken formats */ int broken; # define PKCS8_OK 0 # define PKCS8_NO_OCTET 1 # define PKCS8_EMBEDDED_PARAM 2 # define PKCS8_NS_DB 3 +# define PKCS8_NEG_PRIVKEY 4 ASN1_INTEGER *version; X509_ALGOR *pkeyalg; /* Should be OCTET STRING but some are broken */ ASN1_TYPE *pkey; STACK_OF(X509_ATTRIBUTE) *attributes; -} PKCS8_PRIV_KEY_INFO; +}; #ifdef __cplusplus } @@ -557,151 +585,6 @@ typedef struct pkcs8_priv_key_info_st { extern "C" { #endif -# ifdef SSLEAY_MACROS -# define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ - a->signature,(char *)a->cert_info,r) -# define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ - a->sig_alg,a->signature,(char *)a->req_info,r) -# define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ - a->sig_alg, a->signature,(char *)a->crl,r) - -# define X509_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ - x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) -# define X509_REQ_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ - x->signature, (char *)x->req_info,pkey,md) -# define X509_CRL_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ - x->signature, (char *)x->crl,pkey,md) -# define NETSCAPE_SPKI_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ - x->signature, (char *)x->spkac,pkey,md) - -# define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ - (char *(*)())d2i_X509,(char *)x509) -# define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ - (int (*)())i2d_X509_ATTRIBUTE, \ - (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) -# define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ - (int (*)())i2d_X509_EXTENSION, \ - (char *(*)())d2i_X509_EXTENSION,(char *)ex) -# define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ - (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) -# define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) -# define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ - (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) -# define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) - -# define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ - (char *(*)())d2i_X509_CRL,(char *)crl) -# define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ - X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ - (unsigned char **)(crl)) -# define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ - (unsigned char *)crl) -# define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ - X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ - (unsigned char **)(crl)) -# define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ - (unsigned char *)crl) - -# define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ - (char *(*)())d2i_PKCS7,(char *)p7) -# define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ - PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ - (unsigned char **)(p7)) -# define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ - (unsigned char *)p7) -# define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ - PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ - (unsigned char **)(p7)) -# define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ - (unsigned char *)p7) - -# define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ - (char *(*)())d2i_X509_REQ,(char *)req) -# define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ - X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ - (unsigned char **)(req)) -# define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ - (unsigned char *)req) -# define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ - X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ - (unsigned char **)(req)) -# define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ - (unsigned char *)req) - -# define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ - (char *(*)())d2i_RSAPublicKey,(char *)rsa) -# define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ - (char *(*)())d2i_RSAPrivateKey,(char *)rsa) - -# define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ - (unsigned char **)(rsa)) -# define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ - (unsigned char *)rsa) -# define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ - (unsigned char **)(rsa)) -# define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ - (unsigned char *)rsa) - -# define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ - (unsigned char **)(rsa)) -# define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ - (unsigned char *)rsa) -# define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ - (unsigned char **)(rsa)) -# define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ - (unsigned char *)rsa) - -# define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ - DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ - (unsigned char **)(dsa)) -# define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ - (unsigned char *)dsa) -# define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ - DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ - (unsigned char **)(dsa)) -# define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ - (unsigned char *)dsa) - -# define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\ - EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \ - (unsigned char **)(ecdsa)) -# define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \ - (unsigned char *)ecdsa) -# define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\ - EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \ - (unsigned char **)(ecdsa)) -# define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \ - (unsigned char *)ecdsa) - -# define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ - (char *(*)())d2i_X509_ALGOR,(char *)xn) - -# define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ - (char *(*)())d2i_X509_NAME,(char *)xn) -# define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ - (int (*)())i2d_X509_NAME_ENTRY, \ - (char *(*)())d2i_X509_NAME_ENTRY,\ - (char *)ne) - -# define X509_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) -# define X509_NAME_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) -# ifndef PKCS7_ISSUER_AND_SERIAL_digest -# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ - (char *)data,md,len) -# endif -# endif - # define X509_EXT_PACK_UNKNOWN 1 # define X509_EXT_PACK_STRING 2 @@ -722,6 +605,20 @@ extern "C" { # define X509_CRL_get_issuer(x) ((x)->crl->issuer) # define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), + int (*crl_free) (X509_CRL *crl), + int (*crl_lookup) (X509_CRL *crl, + X509_REVOKED **ret, + ASN1_INTEGER *ser, + X509_NAME *issuer), + int (*crl_verify) (X509_CRL *crl, + EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + /* * This one is only used so that a binary form can output, as in * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) @@ -730,8 +627,7 @@ extern "C" { const char *X509_verify_cert_error_string(long n); -# ifndef SSLEAY_MACROS -# ifndef OPENSSL_NO_EVP +# ifndef OPENSSL_NO_EVP int X509_verify(X509 *a, EVP_PKEY *r); int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); @@ -745,11 +641,17 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig); int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert); int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl); int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_pubkey_digest(const X509 *data, const EVP_MD *type, @@ -762,35 +664,35 @@ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, unsigned int *len); int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len); -# endif +# endif -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_FP_API X509 *d2i_X509_fp(FILE *fp, X509 **x509); int i2d_X509_fp(FILE *fp, X509 *x509); X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl); X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req); -# ifndef OPENSSL_NO_RSA +# ifndef OPENSSL_NO_RSA RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa); RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa); RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa); -# endif -# ifndef OPENSSL_NO_DSA +# endif +# ifndef OPENSSL_NO_DSA DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); -# endif -# ifndef OPENSSL_NO_EC +# endif +# ifndef OPENSSL_NO_EC EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); -# endif +# endif X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8); PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, @@ -801,35 +703,35 @@ int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); -# endif +# endif -# ifndef OPENSSL_NO_BIO +# ifndef OPENSSL_NO_BIO X509 *d2i_X509_bio(BIO *bp, X509 **x509); int i2d_X509_bio(BIO *bp, X509 *x509); X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); -# ifndef OPENSSL_NO_RSA +# ifndef OPENSSL_NO_RSA RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa); RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa); RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa); -# endif -# ifndef OPENSSL_NO_DSA +# endif +# ifndef OPENSSL_NO_DSA DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); -# endif -# ifndef OPENSSL_NO_EC +# endif +# ifndef OPENSSL_NO_EC EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); -# endif +# endif X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8); PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, @@ -840,28 +742,30 @@ int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); -# endif +# endif X509 *X509_dup(X509 *x509); X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); X509_CRL *X509_CRL_dup(X509_CRL *crl); +X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev); X509_REQ *X509_REQ_dup(X509_REQ *req); X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); -# endif /* !SSLEAY_MACROS */ - -int X509_cmp_time(ASN1_TIME *s, time_t *t); -int X509_cmp_current_time(ASN1_TIME *s); +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); const char *X509_get_default_cert_area(void); @@ -928,6 +832,12 @@ void *X509_get_ex_data(X509 *r, int idx); int i2d_X509_AUX(X509 *a, unsigned char **pp); X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, + const X509 *x); +int X509_get_signature_nid(const X509 *x); + int X509_alias_set1(X509 *x, unsigned char *name, int len); int X509_keyid_set1(X509 *x, unsigned char *id, int len); unsigned char *X509_alias_get0(X509 *x, int *len); @@ -945,6 +855,9 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) DECLARE_ASN1_FUNCTIONS(X509_CRL) int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); X509_PKEY *X509_PKEY_new(void); void X509_PKEY_free(X509_PKEY *a); @@ -980,6 +893,9 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + void *asn, EVP_MD_CTX *ctx); # endif int X509_set_version(X509 *x, long version); @@ -989,8 +905,8 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name); X509_NAME *X509_get_issuer_name(X509 *a); int X509_set_subject_name(X509 *x, X509_NAME *name); X509_NAME *X509_get_subject_name(X509 *a); -int X509_set_notBefore(X509 *x, ASN1_TIME *tm); -int X509_set_notAfter(X509 *x, ASN1_TIME *tm); +int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); +int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); EVP_PKEY *X509_get_pubkey(X509 *x); ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); @@ -1026,16 +942,24 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, int X509_CRL_set_version(X509_CRL *x, long version); int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); -int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm); -int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm); +int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_sort(X509_CRL *crl); int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); int X509_check_private_key(X509 *x509, EVP_PKEY *pkey); +int X509_chain_check_suiteb(int *perror_depth, + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); unsigned long X509_issuer_and_serial_hash(X509 *a); @@ -1046,11 +970,18 @@ unsigned long X509_issuer_name_hash(X509 *a); int X509_subject_name_cmp(const X509 *a, const X509 *b); unsigned long X509_subject_name_hash(X509 *x); +# ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +# endif + int X509_cmp(const X509 *a, const X509 *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); # ifndef OPENSSL_NO_FP_API int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, unsigned long cflag); @@ -1250,10 +1181,19 @@ DECLARE_ASN1_FUNCTIONS(PBEPARAM) DECLARE_ASN1_FUNCTIONS(PBE2PARAM) DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) -X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, - int saltlen); +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); /* PKCS#8 utilities */ @@ -1264,6 +1204,20 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8); + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, X509_PUBKEY *pub); + int X509_check_trust(X509 *x, int id, int flags); int X509_TRUST_get_count(void); X509_TRUST *X509_TRUST_get0(int idx); @@ -1300,6 +1254,7 @@ void ERR_load_X509_strings(void); # define X509_F_X509_ATTRIBUTE_GET0_DATA 139 # define X509_F_X509_ATTRIBUTE_SET1_DATA 138 # define X509_F_X509_CHECK_PRIVATE_KEY 128 +# define X509_F_X509_CRL_DIFF 105 # define X509_F_X509_CRL_PRINT_FP 147 # define X509_F_X509_EXTENSION_CREATE_BY_NID 108 # define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 @@ -1332,19 +1287,29 @@ void ERR_load_X509_strings(void); # define X509_F_X509_VERIFY_CERT 127 /* Reason codes. */ +# define X509_R_AKID_MISMATCH 110 # define X509_R_BAD_X509_FILETYPE 100 # define X509_R_BASE64_DECODE_ERROR 118 # define X509_R_CANT_CHECK_DH_KEY 114 # define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +# define X509_R_CRL_ALREADY_DELTA 127 +# define X509_R_CRL_VERIFY_FAILURE 131 # define X509_R_ERR_ASN1_LIB 102 +# define X509_R_IDP_MISMATCH 128 # define X509_R_INVALID_DIRECTORY 113 # define X509_R_INVALID_FIELD_NAME 119 # define X509_R_INVALID_TRUST 123 +# define X509_R_ISSUER_MISMATCH 129 # define X509_R_KEY_TYPE_MISMATCH 115 # define X509_R_KEY_VALUES_MISMATCH 116 # define X509_R_LOADING_CERT_DIR 103 # define X509_R_LOADING_DEFAULTS 104 +# define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NEWER_CRL_NOT_NEWER 132 # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_NUMBER 130 +# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 # define X509_R_SHOULD_RETRY 106 # define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 # define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 diff --git a/Cryptlib/Include/openssl/x509_vfy.h b/Cryptlib/Include/openssl/x509_vfy.h index 69fab69e..bd8613c6 100644 --- a/Cryptlib/Include/openssl/x509_vfy.h +++ b/Cryptlib/Include/openssl/x509_vfy.h @@ -79,6 +79,7 @@ extern "C" { #endif +# if 0 /* Outer object */ typedef struct x509_hash_dir_st { int num_dirs; @@ -86,6 +87,7 @@ typedef struct x509_hash_dir_st { int *dirs_type; int num_dirs_alloced; } X509_HASH_DIR_CTX; +# endif typedef struct x509_file_st { int num_paths; /* number of paths to files or directories */ @@ -154,6 +156,8 @@ typedef struct x509_lookup_method_st { X509_OBJECT *ret); } X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; + /* * This structure hold all parameters associated with a verify operation by * including an X509_VERIFY_PARAM structure in related structures the @@ -169,6 +173,7 @@ typedef struct X509_VERIFY_PARAM_st { int trust; /* trust setting to check */ int depth; /* Verify depth */ STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ + X509_VERIFY_PARAM_ID *id; /* opaque ID data */ } X509_VERIFY_PARAM; DECLARE_STACK_OF(X509_VERIFY_PARAM) @@ -202,6 +207,8 @@ struct x509_store_st { int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); /* Check certificate against CRL */ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup) (X509_STORE_CTX *ctx); CRYPTO_EX_DATA ex_data; int references; @@ -258,6 +265,8 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ /* Check certificate against CRL */ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); int (*check_policy) (X509_STORE_CTX *ctx); + STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup) (X509_STORE_CTX *ctx); /* The following is built up */ /* if 0, rebuild chain */ @@ -278,6 +287,12 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ X509 *current_issuer; /* current CRL */ X509_CRL *current_crl; + /* score of current CRL */ + int current_crl_score; + /* Reason mask */ + unsigned int current_reasons; + /* For CRL path validation: parent context */ + X509_STORE_CTX *parent; CRYPTO_EX_DATA ex_data; } /* X509_STORE_CTX */ ; @@ -345,8 +360,31 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_INVALID_EXTENSION 41 # define X509_V_ERR_INVALID_POLICY_EXTENSION 42 # define X509_V_ERR_NO_EXPLICIT_POLICY 43 - -# define X509_V_ERR_UNNESTED_RESOURCE 44 +# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 + +# define X509_V_ERR_UNNESTED_RESOURCE 46 + +# define X509_V_ERR_PERMITTED_VIOLATION 47 +# define X509_V_ERR_EXCLUDED_VIOLATION 48 +# define X509_V_ERR_SUBTREE_MINMAX 49 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 + +/* Suite B mode algorithm violation */ +# define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +# define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 + +/* Host, email and IP check errors */ +# define X509_V_ERR_HOSTNAME_MISMATCH 62 +# define X509_V_ERR_EMAIL_MISMATCH 63 +# define X509_V_ERR_IP_ADDRESS_MISMATCH 64 /* The application is not happy */ # define X509_V_ERR_APPLICATION_VERIFICATION 50 @@ -377,9 +415,29 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_FLAG_INHIBIT_MAP 0x400 /* Notify callback that policy is OK */ # define X509_V_FLAG_NOTIFY_POLICY 0x800 - +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +# define X509_V_FLAG_USE_DELTAS 0x2000 /* Check selfsigned CA signature */ # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +# define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Suite B 128 bit only mode: not normally used */ +# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +# define X509_V_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +# define X509_V_FLAG_SUITEB_128_LOS 0x30000 + +/* Allow partial chains if at least one certificate is in trusted store */ +# define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 # define X509_VP_FLAG_DEFAULT 0x1 # define X509_VP_FLAG_OVERWRITE 0x2 @@ -404,11 +462,21 @@ void X509_OBJECT_free_contents(X509_OBJECT *a); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); +STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); int X509_STORE_set_trust(X509_STORE *ctx, int trust); int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +void X509_STORE_set_verify_cb(X509_STORE *ctx, + int (*verify_cb) (int, X509_STORE_CTX *)); + +void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, + STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX + *ctx, + X509_NAME *nm)); + X509_STORE_CTX *X509_STORE_CTX_new(void); int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); @@ -419,6 +487,8 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); +X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); + X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); @@ -469,6 +539,9 @@ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); @@ -513,9 +586,27 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy); int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies); + +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, + const char *ipasc); + int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_get_count(void); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); void X509_VERIFY_PARAM_table_cleanup(void); diff --git a/Cryptlib/Include/openssl/x509v3.h b/Cryptlib/Include/openssl/x509v3.h index 0eeaa503..f5c61560 100644 --- a/Cryptlib/Include/openssl/x509v3.h +++ b/Cryptlib/Include/openssl/x509v3.h @@ -67,6 +67,13 @@ extern "C" { #endif +# ifdef OPENSSL_SYS_WIN32 +/* Under Win32 these are defined in wincrypt.h */ +# undef X509_NAME +# undef X509_CERT_PAIR +# undef X509_EXTENSIONS +# endif + /* Forward reference */ struct v3_ext_method; struct v3_ext_ctx; @@ -77,19 +84,19 @@ typedef void *(*X509V3_EXT_NEW)(void); typedef void (*X509V3_EXT_FREE) (void *); typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); -typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (struct v3_ext_method *method, - void *ext, - STACK_OF(CONF_VALUE) - *extlist); -typedef void *(*X509V3_EXT_V2I)(struct v3_ext_method *method, +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); -typedef char *(*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); -typedef void *(*X509V3_EXT_S2I)(struct v3_ext_method *method, +typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, + void *ext); +typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); -typedef int (*X509V3_EXT_I2R) (struct v3_ext_method *method, void *ext, +typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext, BIO *out, int indent); -typedef void *(*X509V3_EXT_R2I)(struct v3_ext_method *method, +typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); /* V3 extension structure */ @@ -222,24 +229,41 @@ typedef struct DIST_POINT_NAME_st { GENERAL_NAMES *fullname; STACK_OF(X509_NAME_ENTRY) *relativename; } name; +/* If relativename then this contains the full distribution point name */ + X509_NAME *dpname; } DIST_POINT_NAME; - -typedef struct DIST_POINT_st { +/* All existing reasons */ +# define CRLDP_ALL_REASONS 0x807f + +# define CRL_REASON_NONE -1 +# define CRL_REASON_UNSPECIFIED 0 +# define CRL_REASON_KEY_COMPROMISE 1 +# define CRL_REASON_CA_COMPROMISE 2 +# define CRL_REASON_AFFILIATION_CHANGED 3 +# define CRL_REASON_SUPERSEDED 4 +# define CRL_REASON_CESSATION_OF_OPERATION 5 +# define CRL_REASON_CERTIFICATE_HOLD 6 +# define CRL_REASON_REMOVE_FROM_CRL 8 +# define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +# define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { DIST_POINT_NAME *distpoint; ASN1_BIT_STRING *reasons; GENERAL_NAMES *CRLissuer; -} DIST_POINT; + int dp_reasons; +}; typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; DECLARE_STACK_OF(DIST_POINT) DECLARE_ASN1_SET_OF(DIST_POINT) -typedef struct AUTHORITY_KEYID_st { +struct AUTHORITY_KEYID_st { ASN1_OCTET_STRING *keyid; GENERAL_NAMES *issuer; ASN1_INTEGER *serial; -} AUTHORITY_KEYID; +}; /* Strong extranet structures */ @@ -305,10 +329,10 @@ typedef struct GENERAL_SUBTREE_st { DECLARE_STACK_OF(GENERAL_SUBTREE) -typedef struct NAME_CONSTRAINTS_st { +struct NAME_CONSTRAINTS_st { STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; -} NAME_CONSTRAINTS; +}; typedef struct POLICY_CONSTRAINTS_st { ASN1_INTEGER *requireExplicitPolicy; @@ -329,6 +353,31 @@ typedef struct PROXY_CERT_INFO_EXTENSION_st { DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +/* Values in idp_flags field */ +/* IDP present */ +# define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +# define IDP_INVALID 0x2 +/* onlyuser true */ +# define IDP_ONLYUSER 0x4 +/* onlyCA true */ +# define IDP_ONLYCA 0x8 +/* onlyattr true */ +# define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +# define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +# define IDP_REASONS 0x40 + # define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ ",name:", val->name, ",value:", val->value); @@ -363,7 +412,6 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) # define EXFLAG_CA 0x10 /* Really self issued not necessarily self signed */ # define EXFLAG_SI 0x20 -# define EXFLAG_SS 0x20 # define EXFLAG_V1 0x40 # define EXFLAG_INVALID 0x80 # define EXFLAG_SET 0x100 @@ -371,6 +419,9 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) # define EXFLAG_PROXY 0x400 # define EXFLAG_INVALID_POLICY 0x800 +# define EXFLAG_FRESHEST 0x1000 +/* Self signed */ +# define EXFLAG_SS 0x2000 # define KU_DIGITAL_SIGNATURE 0x0080 # define KU_NON_REPUDIATION 0x0040 @@ -399,6 +450,7 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) # define XKU_OCSP_SIGN 0x20 # define XKU_TIMESTAMP 0x40 # define XKU_DVCS 0x80 +# define XKU_ANYEKU 0x100 # define X509_PURPOSE_DYNAMIC 0x1 # define X509_PURPOSE_DYNAMIC_NAME 0x2 @@ -421,9 +473,10 @@ typedef struct x509_purpose_st { # define X509_PURPOSE_CRL_SIGN 6 # define X509_PURPOSE_ANY 7 # define X509_PURPOSE_OCSP_HELPER 8 +# define X509_PURPOSE_TIMESTAMP_SIGN 9 # define X509_PURPOSE_MIN 1 -# define X509_PURPOSE_MAX 8 +# define X509_PURPOSE_MAX 9 /* Flags for X509V3_EXT_print() */ @@ -470,6 +523,8 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, @@ -488,11 +543,18 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); -GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); DECLARE_ASN1_FUNCTIONS(OTHERNAME) DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); @@ -511,6 +573,11 @@ DECLARE_ASN1_FUNCTIONS(NOTICEREF) DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) DECLARE_ASN1_FUNCTIONS(DIST_POINT) DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) @@ -528,12 +595,18 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, char *value, + int is_nc); + # ifdef HEADER_CONF_H -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf); GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, - X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf, int is_nc); + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, + int is_nc); void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, @@ -549,23 +622,24 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, char *value); -X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, - char *value); -int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509 *cert); -int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509_REQ *req); -int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *name, char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_CRL *crl); int X509V3_add_value_bool_nf(char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist); int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); # endif char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); @@ -593,20 +667,21 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); int X509V3_EXT_add_alias(int nid_to, int nid_from); void X509V3_EXT_cleanup(void); -X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); -X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); int X509V3_add_standard_extensions(void); STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); void *X509V3_EXT_d2i(X509_EXTENSION *ext); void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); +int X509V3_EXT_free(int nid, void *ext_data); X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); -char *hex_to_string(unsigned char *buffer, long len); -unsigned char *string_to_hex(char *str, long *len); +char *hex_to_string(const unsigned char *buffer, long len); +unsigned char *string_to_hex(const char *str, long *len); int name_cmp(const char *name, const char *cmp); void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, @@ -624,6 +699,7 @@ int X509_check_purpose(X509 *x, int id, int ca); int X509_supported_extension(X509_EXTENSION *ex); int X509_PURPOSE_set(int *p, int purpose); int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); int X509_PURPOSE_get_count(void); X509_PURPOSE *X509_PURPOSE_get0(int idx); int X509_PURPOSE_get_by_sname(char *sname); @@ -637,10 +713,38 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp); void X509_PURPOSE_cleanup(void); int X509_PURPOSE_get_id(X509_PURPOSE *); -STACK *X509_get1_email(X509 *x); -STACK *X509_REQ_get1_email(X509_REQ *x); -void X509_email_free(STACK * sk); -STACK *X509_get1_ocsp(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); +/* Flags for X509_check_* functions */ + +/* + * Always check subject name for host match even if subject alt names present + */ +# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +# define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject + * reference identity is a DNS name. + */ +# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); @@ -649,6 +753,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, unsigned long chtype); void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DECLARE_STACK_OF(X509_POLICY_NODE) # ifndef OPENSSL_NO_RFC3779 @@ -806,8 +911,9 @@ void ERR_load_X509V3_strings(void); /* Error codes for the X509V3 functions. */ /* Function codes. */ -# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156 -# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157 +# define X509V3_F_A2I_GENERAL_NAME 164 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 # define X509V3_F_COPY_EMAIL 122 # define X509V3_F_COPY_ISSUER 123 # define X509V3_F_DO_DIRNAME 144 @@ -815,6 +921,7 @@ void ERR_load_X509V3_strings(void); # define X509V3_F_DO_EXT_I2D 135 # define X509V3_F_DO_EXT_NCONF 151 # define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 +# define X509V3_F_GNAMES_FROM_SECTNAME 156 # define X509V3_F_HEX_TO_STRING 111 # define X509V3_F_I2S_ASN1_ENUMERATED 121 # define X509V3_F_I2S_ASN1_IA5STRING 149 @@ -831,13 +938,14 @@ void ERR_load_X509V3_strings(void); # define X509V3_F_S2I_ASN1_OCTET_STRING 112 # define X509V3_F_S2I_ASN1_SKEY_ID 114 # define X509V3_F_S2I_SKEY_ID 115 +# define X509V3_F_SET_DIST_POINT_NAME 158 # define X509V3_F_STRING_TO_HEX 113 # define X509V3_F_SXNET_ADD_ID_ASC 125 # define X509V3_F_SXNET_ADD_ID_INTEGER 126 # define X509V3_F_SXNET_ADD_ID_ULONG 127 # define X509V3_F_SXNET_GET_ID_ASC 128 # define X509V3_F_SXNET_GET_ID_ULONG 129 -# define X509V3_F_V2I_ASIDENTIFIERS 158 +# define X509V3_F_V2I_ASIDENTIFIERS 163 # define X509V3_F_V2I_ASN1_BIT_STRING 101 # define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 # define X509V3_F_V2I_AUTHORITY_KEYID 119 @@ -846,6 +954,7 @@ void ERR_load_X509V3_strings(void); # define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 # define X509V3_F_V2I_GENERAL_NAMES 118 # define X509V3_F_V2I_GENERAL_NAME_EX 117 +# define X509V3_F_V2I_IDP 157 # define X509V3_F_V2I_IPADDRBLOCKS 159 # define X509V3_F_V2I_ISSUER_ALT 153 # define X509V3_F_V2I_NAME_CONSTRAINTS 147 @@ -859,6 +968,7 @@ void ERR_load_X509V3_strings(void); # define X509V3_F_X509V3_EXT_ADD 104 # define X509V3_F_X509V3_EXT_ADD_ALIAS 106 # define X509V3_F_X509V3_EXT_CONF 107 +# define X509V3_F_X509V3_EXT_FREE 165 # define X509V3_F_X509V3_EXT_I2D 136 # define X509V3_F_X509V3_EXT_NCONF 152 # define X509V3_F_X509V3_GET_SECTION 142 @@ -873,7 +983,9 @@ void ERR_load_X509V3_strings(void); # define X509V3_R_BAD_OBJECT 119 # define X509V3_R_BN_DEC2BN_ERROR 100 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +# define X509V3_R_CANNOT_FIND_FREE_FUNCTION 168 # define X509V3_R_DIRNAME_ERROR 149 +# define X509V3_R_DISTPOINT_ALREADY_SET 160 # define X509V3_R_DUPLICATE_ZONE_ID 133 # define X509V3_R_ERROR_CONVERTING_ZONE 131 # define X509V3_R_ERROR_CREATING_EXTENSION 144 @@ -887,12 +999,13 @@ void ERR_load_X509V3_strings(void); # define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 # define X509V3_R_ILLEGAL_HEX_DIGIT 113 # define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 -# define X509V3_R_INVALID_ASNUMBER 160 -# define X509V3_R_INVALID_ASRANGE 161 +# define X509V3_R_INVALID_ASNUMBER 162 +# define X509V3_R_INVALID_ASRANGE 163 # define X509V3_R_INVALID_BOOLEAN_STRING 104 # define X509V3_R_INVALID_EXTENSION_STRING 105 -# define X509V3_R_INVALID_INHERITANCE 162 -# define X509V3_R_INVALID_IPADDRESS 163 +# define X509V3_R_INVALID_INHERITANCE 165 +# define X509V3_R_INVALID_IPADDRESS 166 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 # define X509V3_R_INVALID_NAME 106 # define X509V3_R_INVALID_NULL_ARGUMENT 107 # define X509V3_R_INVALID_NULL_NAME 108 @@ -920,9 +1033,9 @@ void ERR_load_X509V3_strings(void); # define X509V3_R_ODD_NUMBER_OF_DIGITS 112 # define X509V3_R_OPERATION_NOT_DEFINED 148 # define X509V3_R_OTHERNAME_ERROR 147 -# define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 +# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 # define X509V3_R_POLICY_PATH_LENGTH 156 -# define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 +# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 # define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 # define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 # define X509V3_R_SECTION_NOT_FOUND 150 @@ -933,6 +1046,7 @@ void ERR_load_X509V3_strings(void); # define X509V3_R_UNKNOWN_EXTENSION_NAME 130 # define X509V3_R_UNKNOWN_OPTION 120 # define X509V3_R_UNSUPPORTED_OPTION 117 +# define X509V3_R_UNSUPPORTED_TYPE 167 # define X509V3_R_USER_TOO_LONG 132 #ifdef __cplusplus |