proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2026-01-25 13:49:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update openssl to 1.0.2d

Browse Source 
Also update Cryptlib to edk2 r17731

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
This commit is contained in:
Gary Ching-Pang Lin 2015-07-13 11:58:44 +08:00 committed by Peter Jones
parent db142ce288
commit 4ac84f8673
564 changed files with 63252 additions and 54058 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

354
Cryptlib/Hash/CryptSha512.c Normal file
View File

@ -0,0 +1,354 @@
/** @file
SHA-384 and SHA-512 Digest Wrapper Implementations over OpenSSL.
Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "InternalCryptLib.h"
#include <openssl/sha.h>
/**
Retrieves the size, in bytes, of the context buffer required for SHA-384 hash operations.
@return The size, in bytes, of the context buffer required for SHA-384 hash operations.
**/
UINTN
EFIAPI
Sha384GetContextSize (
VOID
)
{
//
// Retrieves OpenSSL SHA-384 Context Size
//
return (UINTN) (sizeof (SHA512_CTX));
}
/**
Initializes user-supplied memory pointed by Sha384Context as SHA-384 hash context for
subsequent use.
If Sha384Context is NULL, then return FALSE.
@param[out] Sha384Context Pointer to SHA-384 context being initialized.
@retval TRUE SHA-384 context initialization succeeded.
@retval FALSE SHA-384 context initialization failed.
**/
BOOLEAN
EFIAPI
Sha384Init (
OUT VOID *Sha384Context
)
{
//
// Check input parameters.
//
if (Sha384Context == NULL) {
return FALSE;
}
//
// OpenSSL SHA-384 Context Initialization
//
return (BOOLEAN) (SHA384_Init ((SHA512_CTX *) Sha384Context));
}
/**
Makes a copy of an existing SHA-384 context.
If Sha384Context is NULL, then return FALSE.
If NewSha384Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] Sha384Context Pointer to SHA-384 context being copied.
@param[out] NewSha384Context Pointer to new SHA-384 context.
@retval TRUE SHA-384 context copy succeeded.
@retval FALSE SHA-384 context copy failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Sha384Duplicate (
IN CONST VOID *Sha384Context,
OUT VOID *NewSha384Context
)
{
//
// Check input parameters.
//
if (Sha384Context == NULL || NewSha384Context == NULL) {
return FALSE;
}
CopyMem (NewSha384Context, Sha384Context, sizeof (SHA512_CTX));
return TRUE;
}
/**
Digests the input data and updates SHA-384 context.
This function performs SHA-384 digest on a data buffer of the specified size.
It can be called multiple times to compute the digest of long or discontinuous data streams.
SHA-384 context should be already correctly intialized by Sha384Init(), and should not be finalized
by Sha384Final(). Behavior with invalid context is undefined.
If Sha384Context is NULL, then return FALSE.
@param[in, out] Sha384Context Pointer to the SHA-384 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval TRUE SHA-384 data digest succeeded.
@retval FALSE SHA-384 data digest failed.
**/
BOOLEAN
EFIAPI
Sha384Update (
IN OUT VOID *Sha384Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
//
// Check input parameters.
//
if (Sha384Context == NULL) {
return FALSE;
}
//
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL && DataSize != 0) {
return FALSE;
}
//
// OpenSSL SHA-384 Hash Update
//
return (BOOLEAN) (SHA384_Update ((SHA512_CTX *) Sha384Context, Data, DataSize));
}
/**
Completes computation of the SHA-384 digest value.
This function completes SHA-384 hash computation and retrieves the digest value into
the specified memory. After this function has been called, the SHA-384 context cannot
be used again.
SHA-384 context should be already correctly intialized by Sha384Init(), and should not be
finalized by Sha384Final(). Behavior with invalid SHA-384 context is undefined.
If Sha384Context is NULL, then return FALSE.
If HashValue is NULL, then return FALSE.
@param[in, out] Sha384Context Pointer to the SHA-384 context.
@param[out] HashValue Pointer to a buffer that receives the SHA-384 digest
value (48 bytes).
@retval TRUE SHA-384 digest computation succeeded.
@retval FALSE SHA-384 digest computation failed.
**/
BOOLEAN
EFIAPI
Sha384Final (
IN OUT VOID *Sha384Context,
OUT UINT8 *HashValue
)
{
//
// Check input parameters.
//
if (Sha384Context == NULL || HashValue == NULL) {
return FALSE;
}
//
// OpenSSL SHA-384 Hash Finalization
//
return (BOOLEAN) (SHA384_Final (HashValue, (SHA512_CTX *) Sha384Context));
}
/**
Retrieves the size, in bytes, of the context buffer required for SHA-512 hash operations.
@return The size, in bytes, of the context buffer required for SHA-512 hash operations.
**/
UINTN
EFIAPI
Sha512GetContextSize (
VOID
)
{
//
// Retrieves OpenSSL SHA-512 Context Size
//
return (UINTN) (sizeof (SHA512_CTX));
}
/**
Initializes user-supplied memory pointed by Sha512Context as SHA-512 hash context for
subsequent use.
If Sha512Context is NULL, then return FALSE.
@param[out] Sha512Context Pointer to SHA-512 context being initialized.
@retval TRUE SHA-512 context initialization succeeded.
@retval FALSE SHA-512 context initialization failed.
**/
BOOLEAN
EFIAPI
Sha512Init (
OUT VOID *Sha512Context
)
{
//
// Check input parameters.
//
if (Sha512Context == NULL) {
return FALSE;
}
//
// OpenSSL SHA-512 Context Initialization
//
return (BOOLEAN) (SHA512_Init ((SHA512_CTX *) Sha512Context));
}
/**
Makes a copy of an existing SHA-512 context.
If Sha512Context is NULL, then return FALSE.
If NewSha512Context is NULL, then return FALSE.
If this interface is not supported, then return FALSE.
@param[in] Sha512Context Pointer to SHA-512 context being copied.
@param[out] NewSha512Context Pointer to new SHA-512 context.
@retval TRUE SHA-512 context copy succeeded.
@retval FALSE SHA-512 context copy failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
EFIAPI
Sha512Duplicate (
IN CONST VOID *Sha512Context,
OUT VOID *NewSha512Context
)
{
//
// Check input parameters.
//
if (Sha512Context == NULL || NewSha512Context == NULL) {
return FALSE;
}
CopyMem (NewSha512Context, Sha512Context, sizeof (SHA512_CTX));
return TRUE;
}
/**
Digests the input data and updates SHA-512 context.
This function performs SHA-512 digest on a data buffer of the specified size.
It can be called multiple times to compute the digest of long or discontinuous data streams.
SHA-512 context should be already correctly intialized by Sha512Init(), and should not be finalized
by Sha512Final(). Behavior with invalid context is undefined.
If Sha512Context is NULL, then return FALSE.
@param[in, out] Sha512Context Pointer to the SHA-512 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataSize Size of Data buffer in bytes.
@retval TRUE SHA-512 data digest succeeded.
@retval FALSE SHA-512 data digest failed.
**/
BOOLEAN
EFIAPI
Sha512Update (
IN OUT VOID *Sha512Context,
IN CONST VOID *Data,
IN UINTN DataSize
)
{
//
// Check input parameters.
//
if (Sha512Context == NULL) {
return FALSE;
}
//
// Check invalid parameters, in case that only DataLength was checked in OpenSSL
//
if (Data == NULL && DataSize != 0) {
return FALSE;
}
//
// OpenSSL SHA-512 Hash Update
//
return (BOOLEAN) (SHA512_Update ((SHA512_CTX *) Sha512Context, Data, DataSize));
}
/**
Completes computation of the SHA-512 digest value.
This function completes SHA-512 hash computation and retrieves the digest value into
the specified memory. After this function has been called, the SHA-512 context cannot
be used again.
SHA-512 context should be already correctly intialized by Sha512Init(), and should not be
finalized by Sha512Final(). Behavior with invalid SHA-512 context is undefined.
If Sha512Context is NULL, then return FALSE.
If HashValue is NULL, then return FALSE.
@param[in, out] Sha512Context Pointer to the SHA-512 context.
@param[out] HashValue Pointer to a buffer that receives the SHA-512 digest
value (64 bytes).
@retval TRUE SHA-512 digest computation succeeded.
@retval FALSE SHA-512 digest computation failed.
**/
BOOLEAN
EFIAPI
Sha512Final (
IN OUT VOID *Sha512Context,
OUT UINT8 *HashValue
)
{
//
// Check input parameters.
//
if (Sha512Context == NULL || HashValue == NULL) {
return FALSE;
}
//
// OpenSSL SHA-512 Hash Finalization
//
return (BOOLEAN) (SHA384_Final (HashValue, (SHA512_CTX *) Sha512Context));
}

6
Cryptlib/Include/OpenSslSupport.h
View File

@ -133,6 +133,11 @@ struct tm {
char *tm_zone; /* timezone abbreviation */
};
struct timeval {
long tv_sec; /* time value, in seconds */
long tv_usec; /* time value, in microseconds */
} timeval;
struct dirent {
UINT32 d_fileno; /* file number of entry */
UINT16 d_reclen; /* length of this record */
@ -267,5 +272,6 @@ extern FILE *stdout;
#define assert(expression)
#define localtime(timer) NULL
#define gmtime_r(timer,result) (result = NULL)
#define atoi(nptr) Atoi(nptr)
#endif

16
Cryptlib/Include/memory.h Normal file
View File

@ -0,0 +1,16 @@
/** @file
Include file to support building OpenSSL Crypto Library.
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <OpenSslSupport.h>

33
Cryptlib/Include/openssl/aes.h
View File

@ -58,6 +58,8 @@
# error AES is disabled.
# endif
# include <stddef.h>
# define AES_ENCRYPT 1
# define AES_DECRYPT 0
@ -68,10 +70,6 @@
# define AES_MAXNR 14
# define AES_BLOCK_SIZE 16
# ifdef OPENSSL_FIPS
# define FIPS_AES_SIZE_T int
# endif
#ifdef __cplusplus
extern "C" {
#endif
@ -94,6 +92,11 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key);
int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key);
int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key);
void AES_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key);
void AES_decrypt(const unsigned char *in, unsigned char *out,
@ -102,37 +105,32 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key, const int enc);
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char *ivec, const int enc);
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc);
void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc);
void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc);
void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
const int nbits, const AES_KEY *key,
unsigned char *ivec, const int enc);
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num);
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char ivec[AES_BLOCK_SIZE],
unsigned char ecount_buf[AES_BLOCK_SIZE],
unsigned int *num);
/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */
/* NB: the IV is _two_ blocks long */
void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char *ivec, const int enc);
/* NB: the IV is _four_ blocks long */
void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
const AES_KEY *key2, const unsigned char *ivec,
const int enc);
@ -143,6 +141,7 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out,
const unsigned char *in, unsigned int inlen);
#ifdef __cplusplus
}
#endif

270
Cryptlib/Include/openssl/asn1.h
View File

@ -207,13 +207,13 @@ typedef struct asn1_const_ctx_st {
# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */
# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */
typedef struct asn1_object_st {
struct asn1_object_st {
const char *sn, *ln;
int nid;
int length;
unsigned char *data;
const unsigned char *data; /* data remains const after init */
int flags; /* Should we free this one */
} ASN1_OBJECT;
};
# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
/*
@ -228,10 +228,15 @@ typedef struct asn1_object_st {
* complete and is a place holder for content when it had all been accessed.
* The flag will be reset when content has been written to it.
*/
# define ASN1_STRING_FLAG_CONT 0x020
# define ASN1_STRING_FLAG_CONT 0x020
/*
* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
* type.
*/
# define ASN1_STRING_FLAG_MSTRING 0x040
/* This is the base type that holds just about everything :-) */
typedef struct asn1_string_st {
struct asn1_string_st {
int length;
int type;
unsigned char *data;
@ -241,7 +246,7 @@ typedef struct asn1_string_st {
* non-zero 'unused bits' value, it will be handled correctly
*/
long flags;
} ASN1_STRING;
};
/*
* ASN1_ENCODING structure: this is used to save the received encoding of an
@ -289,7 +294,6 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
* Declarations for template structures: for full definitions see asn1t.h
*/
typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
typedef struct ASN1_ITEM_st ASN1_ITEM;
typedef struct ASN1_TLC_st ASN1_TLC;
/* This is just an opaque pointer */
typedef struct ASN1_VALUE_st ASN1_VALUE;
@ -330,6 +334,13 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
type *name##_new(void); \
void name##_free(type *a);
# define DECLARE_ASN1_PRINT_FUNCTION(stname) \
DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
int fname##_print_ctx(BIO *out, stname *x, int indent, \
const ASN1_PCTX *pctx);
# define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
# define I2D_OF(type) int (*)(type *,unsigned char **)
# define I2D_OF_const(type) int (*)(const type *,unsigned char **)
@ -344,8 +355,6 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
((void*) (1 ? p : (type*)0))
# define CHECKED_PPTR_OF(type, p) \
((void**) (1 ? p : (type**)0))
# define CHECKED_PTR_OF_TO_CHAR(type, p) \
((char*) (1 ? p : (type*)0))
# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
@ -546,19 +555,15 @@ typedef struct asn1_type_st {
DECLARE_STACK_OF(ASN1_TYPE)
DECLARE_ASN1_SET_OF(ASN1_TYPE)
typedef struct asn1_method_st {
i2d_of_void *i2d;
d2i_of_void *d2i;
void *(*create) (void);
void (*destroy) (void *);
} ASN1_METHOD;
typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
/* This is used when parsing some Netscape objects */
typedef struct asn1_header_st {
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
typedef struct NETSCAPE_X509_st {
ASN1_OCTET_STRING *header;
void *data;
ASN1_METHOD *meth;
} ASN1_HEADER;
X509 *cert;
} NETSCAPE_X509;
/* This is used to contain a list of bit names */
typedef struct BIT_STRING_BITNAME_st {
@ -577,32 +582,34 @@ typedef struct BIT_STRING_BITNAME_st {
ASN1_STRING_type_new(V_ASN1_BIT_STRING)
# define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
# define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
ASN1_STRING_dup((ASN1_STRING *)a)
ASN1_STRING_dup((const ASN1_STRING *)a)
# define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
(ASN1_STRING *)a,(ASN1_STRING *)b)
(const ASN1_STRING *)a,(const ASN1_STRING *)b)
# define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
# define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\
ASN1_STRING_type_new(V_ASN1_INTEGER)
# define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a)
# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\
ASN1_STRING_dup((const ASN1_STRING *)a)
# define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
(ASN1_STRING *)a,(ASN1_STRING *)b)
(const ASN1_STRING *)a,(const ASN1_STRING *)b)
# define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
ASN1_STRING_type_new(V_ASN1_ENUMERATED)
# define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a)
# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\
ASN1_STRING_dup((const ASN1_STRING *)a)
# define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\
(ASN1_STRING *)a,(ASN1_STRING *)b)
(const ASN1_STRING *)a,(const ASN1_STRING *)b)
# define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\
ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
# define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
# define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
ASN1_STRING_dup((ASN1_STRING *)a)
ASN1_STRING_dup((const ASN1_STRING *)a)
# define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
(ASN1_STRING *)a,(ASN1_STRING *)b)
(const ASN1_STRING *)a,(const ASN1_STRING *)b)
# define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
# define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b)
# define M_i2d_ASN1_OCTET_STRING(a,pp) \
@ -686,7 +693,7 @@ typedef struct BIT_STRING_BITNAME_st {
ASN1_STRING_type_new(V_ASN1_IA5STRING)
# define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
# define M_ASN1_IA5STRING_dup(a) \
(ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
(ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a)
# define M_i2d_ASN1_IA5STRING(a,pp) \
i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
V_ASN1_UNIVERSAL)
@ -697,18 +704,20 @@ typedef struct BIT_STRING_BITNAME_st {
# define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\
ASN1_STRING_type_new(V_ASN1_UTCTIME)
# define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\
ASN1_STRING_dup((const ASN1_STRING *)a)
# define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\
ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
# define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
# define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
(ASN1_STRING *)a)
(const ASN1_STRING *)a)
# define M_ASN1_TIME_new() (ASN1_TIME *)\
ASN1_STRING_type_new(V_ASN1_UTCTIME)
# define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
# define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
# define M_ASN1_TIME_dup(a) (ASN1_TIME *)\
ASN1_STRING_dup((const ASN1_STRING *)a)
# define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\
ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
@ -786,16 +795,18 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT)
ASN1_STRING *ASN1_STRING_new(void);
void ASN1_STRING_free(ASN1_STRING *a);
ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *a);
void ASN1_STRING_clear_free(ASN1_STRING *a);
int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
ASN1_STRING *ASN1_STRING_type_new(int type);
int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
/*
* Since this is used to store all sorts of things, via macros, for now,
* make its data void *
*/
int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
int ASN1_STRING_length(ASN1_STRING *x);
int ASN1_STRING_length(const ASN1_STRING *x);
void ASN1_STRING_length_set(ASN1_STRING *x, int n);
int ASN1_STRING_type(ASN1_STRING *x);
unsigned char *ASN1_STRING_data(ASN1_STRING *x);
@ -807,6 +818,8 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
unsigned char *flags, int flags_len);
# ifndef OPENSSL_NO_BIO
int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
@ -825,27 +838,35 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
long length);
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
long length);
ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x);
int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
int offset_day, long offset_sec);
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
# if 0
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
# endif
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
time_t t);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
time_t t, int offset_day,
long offset_sec);
int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
int ASN1_TIME_diff(int *pday, int *psec,
const ASN1_TIME *from, const ASN1_TIME *to);
DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
const ASN1_OCTET_STRING *b);
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
int len);
@ -873,15 +894,20 @@ DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
int offset_day, long offset_sec);
int ASN1_TIME_check(ASN1_TIME *t);
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME
**out);
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
int i2d_ASN1_SET(STACK * a, unsigned char **pp,
int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length,
d2i_of_void *d2i, void (*free_func) (void *),
int ex_tag, int ex_class);
STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
const unsigned char **pp,
long length, d2i_of_void *d2i,
void (*free_func) (OPENSSL_BLOCK),
int ex_tag, int ex_class);
# ifndef OPENSSL_NO_BIO
int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
@ -899,9 +925,9 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
const char *sn, const char *ln);
int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
long ASN1_INTEGER_get(ASN1_INTEGER *a);
ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn);
long ASN1_INTEGER_get(const ASN1_INTEGER *a);
ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
@ -935,17 +961,17 @@ int ASN1_put_eoc(unsigned char **pp);
int ASN1_object_size(int constructed, int length, int tag);
/* Used to implement other functions */
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
# define ASN1_dup_of(type,i2d,d2i,x) \
((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
CHECKED_D2I_OF(type, d2i), \
CHECKED_PTR_OF_TO_CHAR(type, x)))
CHECKED_PTR_OF(type, x)))
# define ASN1_dup_of_const(type,i2d,d2i,x) \
((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
CHECKED_D2I_OF(type, d2i), \
CHECKED_PTR_OF_TO_CHAR(const type, x)))
CHECKED_PTR_OF(const type, x)))
void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
@ -1006,32 +1032,25 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x);
CHECKED_PTR_OF(const type, x)))
int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
int ASN1_UTCTIME_print(BIO *fp, ASN1_UTCTIME *a);
int ASN1_GENERALIZEDTIME_print(BIO *fp, ASN1_GENERALIZEDTIME *a);
int ASN1_TIME_print(BIO *fp, ASN1_TIME *a);
int ASN1_STRING_print(BIO *bp, ASN1_STRING *v);
int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
unsigned char *buf, int off);
int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
int dump);
# endif
const char *ASN1_tag2str(int tag);
/* Used to load and write netscape format cert/key */
int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp);
ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp,
long length);
ASN1_HEADER *ASN1_HEADER_new(void);
void ASN1_HEADER_free(ASN1_HEADER * a);
/* Used to load and write netscape format cert */
DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
/* Not used that much at this point, except for the first two */
ASN1_METHOD *X509_asn1_meth(void);
ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len);
int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
@ -1039,9 +1058,10 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
unsigned char *data, int max_len);
STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
d2i_of_void *d2i, void (*free_func) (void *));
unsigned char *ASN1_seq_pack(STACK * safes, i2d_of_void *i2d,
STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
d2i_of_void *d2i,
void (*free_func) (OPENSSL_BLOCK));
unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
unsigned char **buf, int *len);
void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
@ -1088,14 +1108,56 @@ void ASN1_add_oid_module(void);
ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val,
int flags, const ASN1_ITEM *it);
/* ASN1 Print flags */
int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
int ctype_nid, int econt_nid,
STACK_OF(X509_ALGOR) *mdalgs,
asn1_output_data_fn * data_fn, const ASN1_ITEM *it);
/* Indicate missing OPTIONAL fields */
# define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001
/* Mark start and end of SEQUENCE */
# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002
/* Mark start and end of SEQUENCE/SET OF */
# define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004
/* Show the ASN1 type of primitives */
# define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008
/* Don't show ASN1 type of ANY */
# define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010
/* Don't show ASN1 type of MSTRINGs */
# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020
/* Don't show field names in SEQUENCE */
# define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040
/* Show structure names of each SEQUENCE field */
# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080
/* Don't show structure name even at top level */
# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100
int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
const ASN1_ITEM *it, const ASN1_PCTX *pctx);
ASN1_PCTX *ASN1_PCTX_new(void);
void ASN1_PCTX_free(ASN1_PCTX *p);
unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p);
void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p);
void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p);
void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p);
void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p);
void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
BIO_METHOD *BIO_f_asn1(void);
BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
const ASN1_ITEM *it);
int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
const char *hdr, const ASN1_ITEM *it);
int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
int ctype_nid, int econt_nid,
STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it);
ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
int SMIME_text(BIO *in, BIO *out);
/* BEGIN ERROR CODES */
/*
@ -1127,6 +1189,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_ASN1_ENUMERATED_TO_BN 113
# define ASN1_F_ASN1_EX_C2I 204
# define ASN1_F_ASN1_FIND_END 190
# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216
# define ASN1_F_ASN1_GENERALIZEDTIME_SET 185
# define ASN1_F_ASN1_GENERATE_V3 178
# define ASN1_F_ASN1_GET_OBJECT 114
@ -1143,11 +1206,12 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_ASN1_ITEM_I2D_FP 193
# define ASN1_F_ASN1_ITEM_PACK 198
# define ASN1_F_ASN1_ITEM_SIGN 195
# define ASN1_F_ASN1_ITEM_SIGN_CTX 220
# define ASN1_F_ASN1_ITEM_UNPACK 199
# define ASN1_F_ASN1_ITEM_VERIFY 197
# define ASN1_F_ASN1_MBSTRING_NCOPY 122
# define ASN1_F_ASN1_OBJECT_NEW 123
# define ASN1_F_ASN1_OUTPUT_DATA 207
# define ASN1_F_ASN1_OUTPUT_DATA 214
# define ASN1_F_ASN1_PACK_STRING 124
# define ASN1_F_ASN1_PCTX_NEW 205
# define ASN1_F_ASN1_PKCS5_PBE_SET 125
@ -1161,14 +1225,17 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132
# define ASN1_F_ASN1_TEMPLATE_NEW 133
# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131
# define ASN1_F_ASN1_TIME_ADJ 217
# define ASN1_F_ASN1_TIME_SET 175
# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
# define ASN1_F_ASN1_UNPACK_STRING 136
# define ASN1_F_ASN1_UTCTIME_ADJ 218
# define ASN1_F_ASN1_UTCTIME_SET 187
# define ASN1_F_ASN1_VERIFY 137
# define ASN1_F_B64_READ_ASN1 208
# define ASN1_F_B64_WRITE_ASN1 209
# define ASN1_F_B64_READ_ASN1 209
# define ASN1_F_B64_WRITE_ASN1 210
# define ASN1_F_BIO_NEW_NDEF 208
# define ASN1_F_BITSTR_CB 180
# define ASN1_F_BN_TO_ASN1_ENUMERATED 138
# define ASN1_F_BN_TO_ASN1_INTEGER 139
@ -1187,6 +1254,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_D2I_ASN1_TYPE_BYTES 149
# define ASN1_F_D2I_ASN1_UINTEGER 150
# define ASN1_F_D2I_ASN1_UTCTIME 151
# define ASN1_F_D2I_AUTOPRIVATEKEY 207
# define ASN1_F_D2I_NETSCAPE_RSA 152
# define ASN1_F_D2I_NETSCAPE_RSA_2 153
# define ASN1_F_D2I_PRIVATEKEY 154
@ -1196,6 +1264,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_D2I_X509 156
# define ASN1_F_D2I_X509_CINF 157
# define ASN1_F_D2I_X509_PKEY 159
# define ASN1_F_I2D_ASN1_BIO_STREAM 211
# define ASN1_F_I2D_ASN1_SET 188
# define ASN1_F_I2D_ASN1_TIME 160
# define ASN1_F_I2D_DSA_PUBKEY 161
@ -1207,10 +1276,12 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_LONG_C2I 166
# define ASN1_F_OID_MODULE_INIT 174
# define ASN1_F_PARSE_TAGGING 182
# define ASN1_F_PKCS5_PBE2_SET 167
# define ASN1_F_PKCS5_PBE2_SET_IV 167
# define ASN1_F_PKCS5_PBE_SET 202
# define ASN1_F_SMIME_READ_ASN1 210
# define ASN1_F_SMIME_TEXT 211
# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215
# define ASN1_F_PKCS5_PBKDF2_SET 219
# define ASN1_F_SMIME_READ_ASN1 212
# define ASN1_F_SMIME_TEXT 213
# define ASN1_F_X509_CINF_NEW 168
# define ASN1_F_X509_CRL_ADD0_REVOKED 169
# define ASN1_F_X509_INFO_NEW 170
@ -1222,22 +1293,24 @@ void ERR_load_ASN1_strings(void);
/* Reason codes. */
# define ASN1_R_ADDING_OBJECT 171
# define ASN1_R_ASN1_PARSE_ERROR 198
# define ASN1_R_ASN1_SIG_PARSE_ERROR 199
# define ASN1_R_ASN1_PARSE_ERROR 203
# define ASN1_R_ASN1_SIG_PARSE_ERROR 204
# define ASN1_R_AUX_ERROR 100
# define ASN1_R_BAD_CLASS 101
# define ASN1_R_BAD_OBJECT_HEADER 102
# define ASN1_R_BAD_PASSWORD_READ 103
# define ASN1_R_BAD_TAG 104
# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
# define ASN1_R_BN_LIB 105
# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
# define ASN1_R_BUFFER_TOO_SMALL 107
# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108
# define ASN1_R_CONTEXT_NOT_INITIALISED 217
# define ASN1_R_DATA_IS_WRONG 109
# define ASN1_R_DECODE_ERROR 110
# define ASN1_R_DECODING_ERROR 111
# define ASN1_R_DEPTH_EXCEEDED 174
# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198
# define ASN1_R_ENCODE_ERROR 112
# define ASN1_R_ERROR_GETTING_TIME 173
# define ASN1_R_ERROR_LOADING_SECTION 172
@ -1272,10 +1345,10 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220
# define ASN1_R_INVALID_BMPSTRING_LENGTH 129
# define ASN1_R_INVALID_DIGIT 130
# define ASN1_R_INVALID_MIME_TYPE 200
# define ASN1_R_INVALID_MIME_TYPE 205
# define ASN1_R_INVALID_MODIFIER 186
# define ASN1_R_INVALID_NUMBER 187
# define ASN1_R_INVALID_OBJECT_ENCODING 212
# define ASN1_R_INVALID_OBJECT_ENCODING 216
# define ASN1_R_INVALID_SEPARATOR 131
# define ASN1_R_INVALID_TIME_FORMAT 132
# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133
@ -1283,9 +1356,9 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_IV_TOO_LARGE 135
# define ASN1_R_LENGTH_ERROR 136
# define ASN1_R_LIST_ERROR 188
# define ASN1_R_MIME_NO_CONTENT_TYPE 201
# define ASN1_R_MIME_PARSE_ERROR 202
# define ASN1_R_MIME_SIG_PARSE_ERROR 203
# define ASN1_R_MIME_NO_CONTENT_TYPE 206
# define ASN1_R_MIME_PARSE_ERROR 207
# define ASN1_R_MIME_SIG_PARSE_ERROR 208
# define ASN1_R_MISSING_EOC 137
# define ASN1_R_MISSING_SECOND_NUMBER 138
# define ASN1_R_MISSING_VALUE 189
@ -1295,11 +1368,12 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_NON_HEX_CHARACTERS 141
# define ASN1_R_NOT_ASCII_FORMAT 190
# define ASN1_R_NOT_ENOUGH_DATA 142
# define ASN1_R_NO_CONTENT_TYPE 204
# define ASN1_R_NO_CONTENT_TYPE 209
# define ASN1_R_NO_DEFAULT_DIGEST 201
# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
# define ASN1_R_NO_MULTIPART_BODY_FAILURE 205
# define ASN1_R_NO_MULTIPART_BOUNDARY 206
# define ASN1_R_NO_SIG_CONTENT_TYPE 207
# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210
# define ASN1_R_NO_MULTIPART_BOUNDARY 211
# define ASN1_R_NO_SIG_CONTENT_TYPE 212
# define ASN1_R_NULL_IS_WRONG_LENGTH 144
# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191
# define ASN1_R_ODD_NUMBER_OF_CHARS 145
@ -1309,8 +1383,8 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149
# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192
# define ASN1_R_SHORT_LINE 150
# define ASN1_R_SIG_INVALID_MIME_TYPE 208
# define ASN1_R_STREAMING_NOT_SUPPORTED 209
# define ASN1_R_SIG_INVALID_MIME_TYPE 213
# define ASN1_R_STREAMING_NOT_SUPPORTED 202
# define ASN1_R_STRING_TOO_LONG 151
# define ASN1_R_STRING_TOO_SHORT 152
# define ASN1_R_TAG_VALUE_TOO_HIGH 153
@ -1322,11 +1396,12 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
# define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
# define ASN1_R_UNEXPECTED_EOC 159
# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215
# define ASN1_R_UNKNOWN_FORMAT 160
# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
# define ASN1_R_UNKNOWN_OBJECT_TYPE 162
# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163
# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199
# define ASN1_R_UNKNOWN_TAG 194
# define ASN1_R_UNKOWN_FORMAT 195
# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164
@ -1334,6 +1409,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166
# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167
# define ASN1_R_UNSUPPORTED_TYPE 196
# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200
# define ASN1_R_WRONG_TAG 168
# define ASN1_R_WRONG_TYPE 169

7
Cryptlib/Include/openssl/asn1_mac.h
View File

@ -153,6 +153,13 @@ err:\
M_ASN1_D2I_get(b,func); \
}
# define M_ASN1_D2I_get_int_opt(b,func,type) \
if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
== (V_ASN1_UNIVERSAL|(type)))) \
{ \
M_ASN1_D2I_get_int(b,func); \
}
# define M_ASN1_D2I_get_imp(b,func, type) \
M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
c.q=c.p; \

73
Cryptlib/Include/openssl/asn1t.h
View File

@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -215,6 +215,18 @@ extern "C" {
#stname \
ASN1_ITEM_end(tname)
# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
;\
ASN1_ITEM_start(tname) \
ASN1_ITYPE_NDEF_SEQUENCE,\
V_ASN1_SEQUENCE,\
tname##_seq_tt,\
sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
&tname##_aux,\
sizeof(stname),\
#stname \
ASN1_ITEM_end(tname)
/*-
* This pair helps declare a CHOICE type. We can do:
*
@ -652,11 +664,18 @@ typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
int indent, const char *fname,
const ASN1_PCTX *pctx);
typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont,
int *putype, const ASN1_ITEM *it);
typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont,
int len, int utype, char *free_cont,
const ASN1_ITEM *it);
typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval,
const ASN1_ITEM *it, int indent,
const ASN1_PCTX *pctx);
typedef struct ASN1_COMPAT_FUNCS_st {
ASN1_new_func *asn1_new;
@ -672,6 +691,7 @@ typedef struct ASN1_EXTERN_FUNCS_st {
ASN1_ex_free_func *asn1_ex_clear;
ASN1_ex_d2i *asn1_ex_d2i;
ASN1_ex_i2d *asn1_ex_i2d;
ASN1_ex_print_func *asn1_ex_print;
} ASN1_EXTERN_FUNCS;
typedef struct ASN1_PRIMITIVE_FUNCS_st {
@ -682,6 +702,7 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st {
ASN1_ex_free_func *prim_clear;
ASN1_primitive_c2i *prim_c2i;
ASN1_primitive_i2c *prim_i2c;
ASN1_primitive_print *prim_print;
} ASN1_PRIMITIVE_FUNCS;
/*
@ -697,7 +718,8 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st {
* more appropriate.
*/
typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
void *exarg);
typedef struct ASN1_AUX_st {
void *app_data;
@ -708,6 +730,23 @@ typedef struct ASN1_AUX_st {
int enc_offset; /* Offset of ASN1_ENCODING structure */
} ASN1_AUX;
/* For print related callbacks exarg points to this structure */
typedef struct ASN1_PRINT_ARG_st {
BIO *out;
int indent;
const ASN1_PCTX *pctx;
} ASN1_PRINT_ARG;
/* For streaming related callbacks exarg points to this structure */
typedef struct ASN1_STREAM_ARG_st {
/* BIO to stream through */
BIO *out;
/* BIO with filters appended */
BIO *ndef_bio;
/* Streaming I/O boundary */
unsigned char **boundary;
} ASN1_STREAM_ARG;
/* Flags in ASN1_AUX */
/* Use a reference count */
@ -727,6 +766,12 @@ typedef struct ASN1_AUX_st {
# define ASN1_OP_D2I_POST 5
# define ASN1_OP_I2D_PRE 6
# define ASN1_OP_I2D_POST 7
# define ASN1_OP_PRINT_PRE 8
# define ASN1_OP_PRINT_POST 9
# define ASN1_OP_STREAM_PRE 10
# define ASN1_OP_STREAM_POST 11
# define ASN1_OP_DETACHED_PRE 12
# define ASN1_OP_DETACHED_POST 13
/* Macro to implement a primitive type */
# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
@ -782,9 +827,22 @@ typedef struct ASN1_AUX_st {
# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
pre stname *fname##_new(void) \
{ \
return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
} \
pre void fname##_free(stname *a) \
{ \
ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
}
# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
stname *fname##_new(void) \
{ \
@ -835,6 +893,17 @@ typedef struct ASN1_AUX_st {
return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
}
# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
int fname##_print_ctx(BIO *out, stname *x, int indent, \
const ASN1_PCTX *pctx) \
{ \
return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
ASN1_ITEM_rptr(itname), pctx); \
}
# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)

142
Cryptlib/Include/openssl/bio.h
View File

@ -68,6 +68,14 @@
# include <openssl/crypto.h>
# ifndef OPENSSL_NO_SCTP
# ifndef OPENSSL_SYS_VMS
# include <stdint.h>
# else
# include <inttypes.h>
# endif
# endif
#ifdef __cplusplus
extern "C" {
#endif
@ -95,6 +103,10 @@ extern "C" {
# define BIO_TYPE_BIO (19|0x0400)/* (half a) BIO pair */
# define BIO_TYPE_LINEBUFFER (20|0x0200)/* filter */
# define BIO_TYPE_DGRAM (21|0x0400|0x0100)
# ifndef OPENSSL_NO_SCTP
# define BIO_TYPE_DGRAM_SCTP (24|0x0400|0x0100)
# endif
# define BIO_TYPE_ASN1 (22|0x0200)/* filter */
# define BIO_TYPE_COMP (23|0x0200)/* filter */
# define BIO_TYPE_DESCRIPTOR 0x0100/* socket, fd, connect or accept */
@ -161,7 +173,25 @@ extern "C" {
# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */
# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout
* to * adjust socket timeouts */
* to adjust socket timeouts */
# define BIO_CTRL_DGRAM_SET_DONT_FRAG 48
# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49
# ifndef OPENSSL_NO_SCTP
/* SCTP stuff */
# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
# define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51
# define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52
# define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53
# define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO 60
# define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO 61
# define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO 62
# define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO 63
# define BIO_CTRL_DGRAM_SCTP_GET_PRINFO 64
# define BIO_CTRL_DGRAM_SCTP_SET_PRINFO 65
# define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70
# endif
/* modifiers */
# define BIO_FP_READ 0x02
@ -261,7 +291,7 @@ void BIO_clear_flags(BIO *b, int flags);
* BIO_CB_RETURN flag indicates if it is after the call
*/
# define BIO_CB_RETURN 0x80
# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
# define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
@ -279,7 +309,6 @@ int BIO_method_type(const BIO *b);
typedef void bio_info_cb (struct bio_st *, int, const char *, int, long,
long);
# ifndef OPENSSL_SYS_WIN16
typedef struct bio_method_st {
int type;
const char *name;
@ -292,20 +321,6 @@ typedef struct bio_method_st {
int (*destroy) (BIO *);
long (*callback_ctrl) (BIO *, int, bio_info_cb *);
} BIO_METHOD;
# else
typedef struct bio_method_st {
int type;
const char *name;
int (_far * bwrite) ();
int (_far * bread) ();
int (_far * bputs) ();
int (_far * bgets) ();
long (_far * ctrl) ();
int (_far * create) ();
int (_far * destroy) ();
long (_far * callback_ctrl) ();
} BIO_METHOD;
# endif
struct bio_st {
BIO_METHOD *method;
@ -351,6 +366,35 @@ typedef struct bio_f_buffer_ctx_struct {
int obuf_off; /* write/read offset */
} BIO_F_BUFFER_CTX;
/* Prefix and suffix callback in ASN1 BIO */
typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
void *parg);
# ifndef OPENSSL_NO_SCTP
/* SCTP parameter structs */
struct bio_dgram_sctp_sndinfo {
uint16_t snd_sid;
uint16_t snd_flags;
uint32_t snd_ppid;
uint32_t snd_context;
};
struct bio_dgram_sctp_rcvinfo {
uint16_t rcv_sid;
uint16_t rcv_ssn;
uint16_t rcv_flags;
uint32_t rcv_ppid;
uint32_t rcv_tsn;
uint32_t rcv_cumtsn;
uint32_t rcv_context;
};
struct bio_dgram_sctp_prinfo {
uint16_t pr_policy;
uint32_t pr_value;
};
# endif
/* connect BIO stuff */
# define BIO_CONN_S_BEFORE 1
# define BIO_CONN_S_GET_IP 2
@ -416,6 +460,14 @@ typedef struct bio_f_buffer_ctx_struct {
# define BIO_C_RESET_READ_REQUEST 147
# define BIO_C_SET_MD_CTX 148
# define BIO_C_SET_PREFIX 149
# define BIO_C_GET_PREFIX 150
# define BIO_C_SET_SUFFIX 151
# define BIO_C_GET_SUFFIX 152
# define BIO_C_SET_EX_ARG 153
# define BIO_C_GET_EX_ARG 154
# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg)
# define BIO_get_app_data(s) BIO_get_ex_data(s,0)
@ -571,6 +623,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
# define BIO_dgram_set_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
# define BIO_dgram_get_mtu_overhead(b) \
(unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
/* These two aren't currently implemented */
/* int BIO_get_ex_num(BIO *bio); */
@ -582,22 +636,21 @@ int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
unsigned long BIO_number_read(BIO *bio);
unsigned long BIO_number_written(BIO *bio);
# ifndef OPENSSL_NO_FP_API
# if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)
BIO_METHOD *BIO_s_file_internal(void);
BIO *BIO_new_file_internal(char *filename, char *mode);
BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
# define BIO_s_file BIO_s_file_internal
# define BIO_new_file BIO_new_file_internal
# define BIO_new_fp BIO_new_fp_internal
# else /* FP_API */
/* For BIO_f_asn1() */
int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
asn1_ps_func *prefix_free);
int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
asn1_ps_func **pprefix_free);
int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
asn1_ps_func *suffix_free);
int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
asn1_ps_func **psuffix_free);
BIO_METHOD *BIO_s_file(void);
BIO *BIO_new_file(const char *filename, const char *mode);
BIO *BIO_new_fp(FILE *stream, int close_flag);
# define BIO_s_file_internal BIO_s_file
# define BIO_new_file_internal BIO_new_file
# define BIO_new_fp_internal BIO_s_file
# endif /* FP_API */
# ifndef OPENSSL_NO_FP_API
# define BIO_s_file_internal BIO_s_file
# endif
BIO *BIO_new(BIO_METHOD *type);
int BIO_set(BIO *a, BIO_METHOD *type);
@ -628,13 +681,8 @@ int BIO_nread(BIO *bio, char **buf, int num);
int BIO_nwrite0(BIO *bio, char **buf);
int BIO_nwrite(BIO *bio, char **buf, int num);
# ifndef OPENSSL_SYS_WIN16
long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
long argl, long ret);
# else
long _far _loadds BIO_debug_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
# endif
BIO_METHOD *BIO_s_mem(void);
BIO *BIO_new_mem_buf(void *buf, int len);
@ -655,6 +703,9 @@ BIO_METHOD *BIO_f_linebuffer(void);
BIO_METHOD *BIO_f_nbio_test(void);
# ifndef OPENSSL_NO_DGRAM
BIO_METHOD *BIO_s_datagram(void);
# ifndef OPENSSL_NO_SCTP
BIO_METHOD *BIO_s_datagram_sctp(void);
# endif
# endif
/* BIO_METHOD *BIO_f_ber(void); */
@ -675,6 +726,9 @@ int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent);
int BIO_dump_fp(FILE *fp, const char *s, int len);
int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
# endif
int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
int datalen);
struct hostent *BIO_gethostbyname(const char *name);
/*-
* We might want a thread-safe interface too:
@ -698,9 +752,21 @@ int BIO_set_tcp_ndelay(int sock, int turn_on);
BIO *BIO_new_socket(int sock, int close_flag);
BIO *BIO_new_dgram(int fd, int close_flag);
# ifndef OPENSSL_NO_SCTP
BIO *BIO_new_dgram_sctp(int fd, int close_flag);
int BIO_dgram_is_sctp(BIO *bio);
int BIO_dgram_sctp_notification_cb(BIO *b,
void (*handle_notifications) (BIO *bio,
void
*context,
void *buf),
void *context);
int BIO_dgram_sctp_wait_for_dry(BIO *b);
int BIO_dgram_sctp_msg_waiting(BIO *b);
# endif
BIO *BIO_new_fd(int fd, int close_flag);
BIO *BIO_new_connect(char *host_port);
BIO *BIO_new_accept(char *host_port);
BIO *BIO_new_connect(const char *host_port);
BIO *BIO_new_accept(const char *host_port);
int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
BIO **bio2, size_t writebuf2);
@ -766,6 +832,8 @@ void ERR_load_BIO_strings(void);
# define BIO_F_BUFFER_CTRL 114
# define BIO_F_CONN_CTRL 127
# define BIO_F_CONN_STATE 115
# define BIO_F_DGRAM_SCTP_READ 132
# define BIO_F_DGRAM_SCTP_WRITE 133
# define BIO_F_FILE_CTRL 116
# define BIO_F_FILE_READ 130
# define BIO_F_LINEBUFFER_CTRL 129

2
Cryptlib/Include/openssl/blowfish.h
View File

@ -79,7 +79,7 @@ extern "C" {
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*/
# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
# if defined(__LP32__)
# define BF_LONG unsigned long
# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
# define BF_LONG unsigned long

190
Cryptlib/Include/openssl/bn.h
View File

@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
@ -77,6 +130,7 @@
# include <stdio.h> /* FILE */
# endif
# include <openssl/ossl_typ.h>
# include <openssl/crypto.h>
#ifdef __cplusplus
extern "C" {
@ -94,9 +148,11 @@ extern "C" {
/* #define BN_DEBUG */
/* #define BN_DEBUG_RAND */
# define BN_MUL_COMBA
# define BN_SQR_COMBA
# define BN_RECURSION
# ifndef OPENSSL_SMALL_FOOTPRINT
# define BN_MUL_COMBA
# define BN_SQR_COMBA
# define BN_RECURSION
# endif
/*
* This next option uses the C libraries (2 word)/(1 word) function. If it is
@ -139,6 +195,8 @@ extern "C" {
# define BN_DEC_FMT1 "%lu"
# define BN_DEC_FMT2 "%019lu"
# define BN_DEC_NUM 19
# define BN_HEX_FMT1 "%lX"
# define BN_HEX_FMT2 "%016lX"
# endif
/*
@ -165,83 +223,37 @@ extern "C" {
# define BN_DEC_FMT1 "%llu"
# define BN_DEC_FMT2 "%019llu"
# define BN_DEC_NUM 19
# define BN_HEX_FMT1 "%llX"
# define BN_HEX_FMT2 "%016llX"
# endif
# ifdef THIRTY_TWO_BIT
# ifdef BN_LLONG
# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
# if defined(_WIN32) && !defined(__GNUC__)
# define BN_ULLONG unsigned __int64
# define BN_MASK (0xffffffffffffffffI64)
# else
# define BN_ULLONG unsigned long long
# define BN_MASK (0xffffffffffffffffLL)
# endif
# endif
# define BN_ULONG unsigned long
# define BN_LONG long
# define BN_ULONG unsigned int
# define BN_LONG int
# define BN_BITS 64
# define BN_BYTES 4
# define BN_BITS2 32
# define BN_BITS4 16
# ifdef OPENSSL_SYS_WIN32
/* VC++ doesn't like the LL suffix */
# define BN_MASK (0xffffffffffffffffL)
# else
# define BN_MASK (0xffffffffffffffffLL)
# endif
# define BN_MASK2 (0xffffffffL)
# define BN_MASK2l (0xffff)
# define BN_MASK2h1 (0xffff8000L)
# define BN_MASK2h (0xffff0000L)
# define BN_TBIT (0x80000000L)
# define BN_DEC_CONV (1000000000L)
# define BN_DEC_FMT1 "%lu"
# define BN_DEC_FMT2 "%09lu"
# define BN_DEC_FMT1 "%u"
# define BN_DEC_FMT2 "%09u"
# define BN_DEC_NUM 9
# endif
# ifdef SIXTEEN_BIT
# ifndef BN_DIV2W
# define BN_DIV2W
# endif
# define BN_ULLONG unsigned long
# define BN_ULONG unsigned short
# define BN_LONG short
# define BN_BITS 32
# define BN_BYTES 2
# define BN_BITS2 16
# define BN_BITS4 8
# define BN_MASK (0xffffffff)
# define BN_MASK2 (0xffff)
# define BN_MASK2l (0xff)
# define BN_MASK2h1 (0xff80)
# define BN_MASK2h (0xff00)
# define BN_TBIT (0x8000)
# define BN_DEC_CONV (100000)
# define BN_DEC_FMT1 "%u"
# define BN_DEC_FMT2 "%05u"
# define BN_DEC_NUM 5
# endif
# ifdef EIGHT_BIT
# ifndef BN_DIV2W
# define BN_DIV2W
# endif
# define BN_ULLONG unsigned short
# define BN_ULONG unsigned char
# define BN_LONG char
# define BN_BITS 16
# define BN_BYTES 1
# define BN_BITS2 8
# define BN_BITS4 4
# define BN_MASK (0xffff)
# define BN_MASK2 (0xff)
# define BN_MASK2l (0xf)
# define BN_MASK2h1 (0xf8)
# define BN_MASK2h (0xf0)
# define BN_TBIT (0x80)
# define BN_DEC_CONV (100)
# define BN_DEC_FMT1 "%u"
# define BN_DEC_FMT2 "%02u"
# define BN_DEC_NUM 2
# define BN_HEX_FMT1 "%X"
# define BN_HEX_FMT2 "%08X"
# endif
# define BN_DEFAULT_BITS 1280
@ -314,12 +326,9 @@ struct bn_mont_ctx_st {
BIGNUM N; /* The modulus */
BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only
* stored for bignum algorithm) */
# if 0
/* OpenSSL 0.9.9 preview: */
BN_ULONG n0[2]; /* least significant word(s) of Ni */
# else
BN_ULONG n0; /* least significant word of Ni */
# endif
BN_ULONG n0[2]; /* least significant word(s) of Ni; (type
* changed with 0.9.9, was "BN_ULONG n0;"
* before) */
int flags;
};
@ -522,6 +531,7 @@ char *BN_bn2hex(const BIGNUM *a);
char *BN_bn2dec(const BIGNUM *a);
int BN_hex2bn(BIGNUM **a, const char *str);
int BN_dec2bn(BIGNUM **a, const char *str);
int BN_asc2bn(BIGNUM **a, const char *str);
int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
* -2 for
@ -589,8 +599,11 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
BN_CTX *);
# ifndef OPENSSL_NO_DEPRECATED
unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
# endif
CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
@ -619,6 +632,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
BN_RECP_CTX *recp, BN_CTX *ctx);
# ifndef OPENSSL_NO_EC2M
/*
* Functions for arithmetic over binary polynomials represented by BIGNUMs.
* The BIGNUM::neg property of BIGNUMs representing binary polynomials is
@ -630,7 +645,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
* r = a + b
*/
int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
/*
* r=a mod p
*/
@ -654,7 +669,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
/* r^2 + r = a mod p */
int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_CTX *ctx);
# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
/*-
* Some functions allow for representation of the irreducible polynomials
* as an unsigned int[], say p. The irreducible f(t) is then of the form:
@ -662,30 +677,32 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
* where m = p[0] > p[1] > ... > p[k] = 0.
*/
/* r = a mod p */
int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]);
int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
/* r = (a * b) mod p */
int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const unsigned int p[], BN_CTX *ctx);
const int p[], BN_CTX *ctx);
/* r = (a * a) mod p */
int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
BN_CTX *ctx);
/* r = (1 / b) mod p */
int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[],
int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
BN_CTX *ctx);
/* r = (a / b) mod p */
int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const unsigned int p[], BN_CTX *ctx);
const int p[], BN_CTX *ctx);
/* r = (a ^ b) mod p */
int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const unsigned int p[], BN_CTX *ctx);
const int p[], BN_CTX *ctx);
/* r = sqrt(a) mod p */
int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
const unsigned int p[], BN_CTX *ctx);
const int p[], BN_CTX *ctx);
/* r^2 + r = a mod p */
int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
const unsigned int p[], BN_CTX *ctx);
int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);
int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);
const int p[], BN_CTX *ctx);
int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
# endif
/*
* faster mod functions for the 'NIST primes' 0 <= a < p^2
@ -762,6 +779,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
* wouldn't be constructed with top!=dmax. */ \
BN_ULONG *_not_const; \
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
/* Debug only - safe to ignore error return */ \
RAND_pseudo_bytes(&_tmp_char, 1); \
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
@ -789,7 +807,9 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
# define bn_wcheck_size(bn, words) \
do { \
const BIGNUM *_bnum2 = (bn); \
assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \
/* avoid unused variable warning with NDEBUG */ \
(void)(_bnum2); \
} while(0)
# else /* !BN_DEBUG */
@ -805,10 +825,12 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
# define bn_correct_top(a) \
{ \
BN_ULONG *ftl; \
if ((a)->top > 0) \
int tmp_top = (a)->top; \
if (tmp_top > 0) \
{ \
for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
if (*(ftl--)) break; \
for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
if (*(ftl--)) break; \
(a)->top = tmp_top; \
} \
bn_pollute(a); \
}
@ -871,6 +893,7 @@ void ERR_load_BN_strings(void);
# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
# define BN_F_BN_GF2M_MOD_SQR 136
# define BN_F_BN_GF2M_MOD_SQRT 137
# define BN_F_BN_LSHIFT 145
# define BN_F_BN_MOD_EXP2_MONT 118
# define BN_F_BN_MOD_EXP_MONT 109
# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
@ -886,12 +909,14 @@ void ERR_load_BN_strings(void);
# define BN_F_BN_NEW 113
# define BN_F_BN_RAND 114
# define BN_F_BN_RAND_RANGE 122
# define BN_F_BN_RSHIFT 146
# define BN_F_BN_USUB 115
/* Reason codes. */
# define BN_R_ARG2_LT_ARG3 100
# define BN_R_BAD_RECIPROCAL 101
# define BN_R_BIGNUM_TOO_LONG 114
# define BN_R_BITS_TOO_SMALL 118
# define BN_R_CALLED_WITH_EVEN_MODULUS 102
# define BN_R_DIV_BY_ZERO 103
# define BN_R_ENCODING_ERROR 104
@ -899,6 +924,7 @@ void ERR_load_BN_strings(void);
# define BN_R_INPUT_NOT_REDUCED 110
# define BN_R_INVALID_LENGTH 106
# define BN_R_INVALID_RANGE 115
# define BN_R_INVALID_SHIFT 119
# define BN_R_NOT_A_SQUARE 111
# define BN_R_NOT_INITIALIZED 107
# define BN_R_NO_INVERSE 108

10
Cryptlib/Include/openssl/buffer.h
View File

@ -75,18 +75,20 @@ extern "C" {
/* typedef struct buf_mem_st BUF_MEM; */
struct buf_mem_st {
int length; /* current number of bytes */
size_t length; /* current number of bytes */
char *data;
int max; /* size of buffer */
size_t max; /* size of buffer */
};
BUF_MEM *BUF_MEM_new(void);
void BUF_MEM_free(BUF_MEM *a);
int BUF_MEM_grow(BUF_MEM *str, int len);
int BUF_MEM_grow_clean(BUF_MEM *str, int len);
int BUF_MEM_grow(BUF_MEM *str, size_t len);
int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
size_t BUF_strnlen(const char *str, size_t maxlen);
char *BUF_strdup(const char *str);
char *BUF_strndup(const char *str, size_t siz);
void *BUF_memdup(const void *data, size_t siz);
void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
/* safe string functions */
size_t BUF_strlcpy(char *dst, const char *src, size_t siz);

132
Cryptlib/Include/openssl/camellia.h Normal file
View File

@ -0,0 +1,132 @@
/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#ifndef HEADER_CAMELLIA_H
# define HEADER_CAMELLIA_H
# include <openssl/opensslconf.h>
# ifdef OPENSSL_NO_CAMELLIA
# error CAMELLIA is disabled.
# endif
# include <stddef.h>
# define CAMELLIA_ENCRYPT 1
# define CAMELLIA_DECRYPT 0
/*
* Because array size can't be a const in C, the following two are macros.
* Both sizes are in bytes.
*/
#ifdef __cplusplus
extern "C" {
#endif
/* This should be a hidden type, but EVP requires that the size be known */
# define CAMELLIA_BLOCK_SIZE 16
# define CAMELLIA_TABLE_BYTE_LEN 272
# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match
* with WORD */
struct camellia_key_st {
union {
double d; /* ensures 64-bit align */
KEY_TABLE_TYPE rd_key;
} u;
int grand_rounds;
};
typedef struct camellia_key_st CAMELLIA_KEY;
# ifdef OPENSSL_FIPS
int private_Camellia_set_key(const unsigned char *userKey, const int bits,
CAMELLIA_KEY *key);
# endif
int Camellia_set_key(const unsigned char *userKey, const int bits,
CAMELLIA_KEY *key);
void Camellia_encrypt(const unsigned char *in, unsigned char *out,
const CAMELLIA_KEY *key);
void Camellia_decrypt(const unsigned char *in, unsigned char *out,
const CAMELLIA_KEY *key);
void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
const CAMELLIA_KEY *key, const int enc);
void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key,
unsigned char *ivec, const int enc);
void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key,
unsigned char *ivec, int *num, const int enc);
void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key,
unsigned char *ivec, int *num, const int enc);
void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key,
unsigned char *ivec, int *num, const int enc);
void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key,
unsigned char *ivec, int *num);
void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key,
unsigned char ivec[CAMELLIA_BLOCK_SIZE],
unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
unsigned int *num);
#ifdef __cplusplus
}
#endif
#endif /* !HEADER_Camellia_H */

2
Cryptlib/Include/openssl/cast.h
View File

@ -72,7 +72,7 @@ extern "C" {
# define CAST_ENCRYPT 1
# define CAST_DECRYPT 0
# define CAST_LONG unsigned long
# define CAST_LONG unsigned int
# define CAST_BLOCK 8
# define CAST_KEY_LENGTH 16

82
Cryptlib/Include/openssl/cmac.h Normal file
View File

@ -0,0 +1,82 @@
/* crypto/cmac/cmac.h */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2010 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_CMAC_H
# define HEADER_CMAC_H
#ifdef __cplusplus
extern "C" {
#endif
# include <openssl/evp.h>
/* Opaque */
typedef struct CMAC_CTX_st CMAC_CTX;
CMAC_CTX *CMAC_CTX_new(void);
void CMAC_CTX_cleanup(CMAC_CTX *ctx);
void CMAC_CTX_free(CMAC_CTX *ctx);
EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
const EVP_CIPHER *cipher, ENGINE *impl);
int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
int CMAC_resume(CMAC_CTX *ctx);
#ifdef __cplusplus
}
#endif
#endif

555
Cryptlib/Include/openssl/cms.h Normal file
View File

@ -0,0 +1,555 @@
/* crypto/cms/cms.h */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_CMS_H
# define HEADER_CMS_H
# include <openssl/x509.h>
# ifdef OPENSSL_NO_CMS
# error CMS is disabled.
# endif
#ifdef __cplusplus
extern "C" {
#endif
typedef struct CMS_ContentInfo_st CMS_ContentInfo;
typedef struct CMS_SignerInfo_st CMS_SignerInfo;
typedef struct CMS_CertificateChoices CMS_CertificateChoices;
typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
typedef struct CMS_Receipt_st CMS_Receipt;
typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
DECLARE_STACK_OF(CMS_SignerInfo)
DECLARE_STACK_OF(GENERAL_NAMES)
DECLARE_STACK_OF(CMS_RecipientEncryptedKey)
DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
# define CMS_SIGNERINFO_ISSUER_SERIAL 0
# define CMS_SIGNERINFO_KEYIDENTIFIER 1
# define CMS_RECIPINFO_NONE -1
# define CMS_RECIPINFO_TRANS 0
# define CMS_RECIPINFO_AGREE 1
# define CMS_RECIPINFO_KEK 2
# define CMS_RECIPINFO_PASS 3
# define CMS_RECIPINFO_OTHER 4
/* S/MIME related flags */
# define CMS_TEXT 0x1
# define CMS_NOCERTS 0x2
# define CMS_NO_CONTENT_VERIFY 0x4
# define CMS_NO_ATTR_VERIFY 0x8
# define CMS_NOSIGS \
(CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
# define CMS_NOINTERN 0x10
# define CMS_NO_SIGNER_CERT_VERIFY 0x20
# define CMS_NOVERIFY 0x20
# define CMS_DETACHED 0x40
# define CMS_BINARY 0x80
# define CMS_NOATTR 0x100
# define CMS_NOSMIMECAP 0x200
# define CMS_NOOLDMIMETYPE 0x400
# define CMS_CRLFEOL 0x800
# define CMS_STREAM 0x1000
# define CMS_NOCRL 0x2000
# define CMS_PARTIAL 0x4000
# define CMS_REUSE_DIGEST 0x8000
# define CMS_USE_KEYID 0x10000
# define CMS_DEBUG_DECRYPT 0x20000
# define CMS_KEY_PARAM 0x40000
const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
int CMS_is_detached(CMS_ContentInfo *cms);
int CMS_set_detached(CMS_ContentInfo *cms, int detached);
# ifdef HEADER_PEM_H
DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
# endif
int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
int flags);
CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
unsigned int flags);
CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
STACK_OF(X509) *certs, BIO *data,
unsigned int flags);
CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
X509 *signcert, EVP_PKEY *pkey,
STACK_OF(X509) *certs, unsigned int flags);
int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
unsigned int flags);
CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
unsigned int flags);
int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
const unsigned char *key, size_t keylen,
BIO *dcont, BIO *out, unsigned int flags);
CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
const unsigned char *key,
size_t keylen, unsigned int flags);
int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
const unsigned char *key, size_t keylen);
int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
STACK_OF(X509) *certs,
X509_STORE *store, unsigned int flags);
STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
const EVP_CIPHER *cipher, unsigned int flags);
int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
BIO *dcont, BIO *out, unsigned int flags);
int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
unsigned char *key, size_t keylen,
unsigned char *id, size_t idlen);
int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
unsigned char *pass, ossl_ssize_t passlen);
STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
X509 *recip, unsigned int flags);
int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
EVP_PKEY **pk, X509 **recip,
X509_ALGOR **palg);
int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
ASN1_OCTET_STRING **keyid,
X509_NAME **issuer,
ASN1_INTEGER **sno);
CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
unsigned char *key, size_t keylen,
unsigned char *id, size_t idlen,
ASN1_GENERALIZEDTIME *date,
ASN1_OBJECT *otherTypeId,
ASN1_TYPE *otherType);
int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
X509_ALGOR **palg,
ASN1_OCTET_STRING **pid,
ASN1_GENERALIZEDTIME **pdate,
ASN1_OBJECT **potherid,
ASN1_TYPE **pothertype);
int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
unsigned char *key, size_t keylen);
int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
const unsigned char *id, size_t idlen);
int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
unsigned char *pass,
ossl_ssize_t passlen);
CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
int iter, int wrap_nid,
int pbe_nid,
unsigned char *pass,
ossl_ssize_t passlen,
const EVP_CIPHER *kekciph);
int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
unsigned int flags);
CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
int CMS_SignedData_init(CMS_ContentInfo *cms);
CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
unsigned int flags);
EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
ASN1_OCTET_STRING **keyid,
X509_NAME **issuer, ASN1_INTEGER **sno);
int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
unsigned int flags);
void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
X509 **signer, X509_ALGOR **pdig,
X509_ALGOR **psig);
ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
int CMS_SignerInfo_sign(CMS_SignerInfo *si);
int CMS_SignerInfo_verify(CMS_SignerInfo *si);
int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
int algnid, int keysize);
int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
int lastpos);
int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
int lastpos);
X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
const ASN1_OBJECT *obj, int type,
const void *bytes, int len);
int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
int nid, int type,
const void *bytes, int len);
int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
const char *attrname, int type,
const void *bytes, int len);
void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
int lastpos, int type);
int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
int lastpos);
int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
int lastpos);
X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
const ASN1_OBJECT *obj, int type,
const void *bytes, int len);
int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
int nid, int type,
const void *bytes, int len);
int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
const char *attrname, int type,
const void *bytes, int len);
void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
int lastpos, int type);
# ifdef HEADER_X509V3_H
int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
int allorfirst,
STACK_OF(GENERAL_NAMES)
*receiptList, STACK_OF(GENERAL_NAMES)
*receiptsTo);
int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
ASN1_STRING **pcid,
int *pallorfirst,
STACK_OF(GENERAL_NAMES) **plist,
STACK_OF(GENERAL_NAMES) **prto);
# endif
int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
X509_ALGOR **palg,
ASN1_OCTET_STRING **pukm);
STACK_OF(CMS_RecipientEncryptedKey)
*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
X509_ALGOR **pubalg,
ASN1_BIT_STRING **pubkey,
ASN1_OCTET_STRING **keyid,
X509_NAME **issuer,
ASN1_INTEGER **sno);
int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
ASN1_OCTET_STRING **keyid,
ASN1_GENERALIZEDTIME **tm,
CMS_OtherKeyAttribute **other,
X509_NAME **issuer, ASN1_INTEGER **sno);
int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
X509 *cert);
int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri,
CMS_RecipientEncryptedKey *rek);
int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
ASN1_OCTET_STRING *ukm, int keylen);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_CMS_strings(void);
/* Error codes for the CMS functions. */
/* Function codes. */
# define CMS_F_CHECK_CONTENT 99
# define CMS_F_CMS_ADD0_CERT 164
# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165
# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
# define CMS_F_CMS_ADD1_SIGNER 102
# define CMS_F_CMS_ADD1_SIGNINGTIME 103
# define CMS_F_CMS_COMPRESS 104
# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
# define CMS_F_CMS_COPY_CONTENT 107
# define CMS_F_CMS_COPY_MESSAGEDIGEST 108
# define CMS_F_CMS_DATA 109
# define CMS_F_CMS_DATAFINAL 110
# define CMS_F_CMS_DATAINIT 111
# define CMS_F_CMS_DECRYPT 112
# define CMS_F_CMS_DECRYPT_SET1_KEY 113
# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166
# define CMS_F_CMS_DECRYPT_SET1_PKEY 114
# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
# define CMS_F_CMS_DIGEST_VERIFY 118
# define CMS_F_CMS_ENCODE_RECEIPT 161
# define CMS_F_CMS_ENCRYPT 119
# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
# define CMS_F_CMS_ENVELOPED_DATA_INIT 126
# define CMS_F_CMS_ENV_ASN1_CTRL 171
# define CMS_F_CMS_FINAL 127
# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
# define CMS_F_CMS_GET0_CONTENT 129
# define CMS_F_CMS_GET0_ECONTENT_TYPE 130
# define CMS_F_CMS_GET0_ENVELOPED 131
# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
# define CMS_F_CMS_GET0_SIGNED 133
# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
# define CMS_F_CMS_RECEIPT_VERIFY 160
# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169
# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178
# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175
# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173
# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172
# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174
# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167
# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168
# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
# define CMS_F_CMS_SD_ASN1_CTRL 170
# define CMS_F_CMS_SET1_IAS 176
# define CMS_F_CMS_SET1_KEYID 177
# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
# define CMS_F_CMS_SET_DETACHED 147
# define CMS_F_CMS_SIGN 148
# define CMS_F_CMS_SIGNED_DATA_INIT 149
# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
# define CMS_F_CMS_SIGNERINFO_SIGN 151
# define CMS_F_CMS_SIGNERINFO_VERIFY 152
# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
# define CMS_F_CMS_SIGN_RECEIPT 163
# define CMS_F_CMS_STREAM 155
# define CMS_F_CMS_UNCOMPRESS 156
# define CMS_F_CMS_VERIFY 157
/* Reason codes. */
# define CMS_R_ADD_SIGNER_ERROR 99
# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
# define CMS_R_CERTIFICATE_VERIFY_ERROR 100
# define CMS_R_CIPHER_INITIALISATION_ERROR 101
# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
# define CMS_R_CMS_DATAFINAL_ERROR 103
# define CMS_R_CMS_LIB 104
# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
# define CMS_R_CONTENT_NOT_FOUND 105
# define CMS_R_CONTENT_TYPE_MISMATCH 171
# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
# define CMS_R_CONTENT_VERIFY_ERROR 109
# define CMS_R_CTRL_ERROR 110
# define CMS_R_CTRL_FAILURE 111
# define CMS_R_DECRYPT_ERROR 112
# define CMS_R_DIGEST_ERROR 161
# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
# define CMS_R_ERROR_SETTING_KEY 115
# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176
# define CMS_R_INVALID_KEY_LENGTH 118
# define CMS_R_MD_BIO_INIT_ERROR 119
# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
# define CMS_R_MSGSIGDIGEST_ERROR 172
# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
# define CMS_R_NEED_ONE_SIGNER 164
# define CMS_R_NOT_A_SIGNED_RECEIPT 165
# define CMS_R_NOT_ENCRYPTED_DATA 122
# define CMS_R_NOT_KEK 123
# define CMS_R_NOT_KEY_AGREEMENT 181
# define CMS_R_NOT_KEY_TRANSPORT 124
# define CMS_R_NOT_PWRI 177
# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
# define CMS_R_NO_CIPHER 126
# define CMS_R_NO_CONTENT 127
# define CMS_R_NO_CONTENT_TYPE 173
# define CMS_R_NO_DEFAULT_DIGEST 128
# define CMS_R_NO_DIGEST_SET 129
# define CMS_R_NO_KEY 130
# define CMS_R_NO_KEY_OR_CERT 174
# define CMS_R_NO_MATCHING_DIGEST 131
# define CMS_R_NO_MATCHING_RECIPIENT 132
# define CMS_R_NO_MATCHING_SIGNATURE 166
# define CMS_R_NO_MSGSIGDIGEST 167
# define CMS_R_NO_PASSWORD 178
# define CMS_R_NO_PRIVATE_KEY 133
# define CMS_R_NO_PUBLIC_KEY 134
# define CMS_R_NO_RECEIPT_REQUEST 168
# define CMS_R_NO_SIGNERS 135
# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
# define CMS_R_RECEIPT_DECODE_ERROR 169
# define CMS_R_RECIPIENT_ERROR 137
# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
# define CMS_R_SIGNFINAL_ERROR 139
# define CMS_R_SMIME_TEXT_ERROR 140
# define CMS_R_STORE_INIT_ERROR 141
# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
# define CMS_R_TYPE_NOT_DATA 143
# define CMS_R_TYPE_NOT_DIGESTED_DATA 144
# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
# define CMS_R_UNKNOWN_CIPHER 148
# define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149
# define CMS_R_UNKNOWN_ID 150
# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179
# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155
# define CMS_R_UNSUPPORTED_TYPE 156
# define CMS_R_UNWRAP_ERROR 157
# define CMS_R_UNWRAP_FAILURE 180
# define CMS_R_VERIFICATION_FAILURE 158
# define CMS_R_WRAP_ERROR 159
#ifdef __cplusplus
}
#endif
#endif

36
Cryptlib/Include/openssl/conf.h
View File

@ -78,8 +78,7 @@ typedef struct {
} CONF_VALUE;
DECLARE_STACK_OF(CONF_VALUE)
DECLARE_STACK_OF(CONF_MODULE)
DECLARE_STACK_OF(CONF_IMODULE)
DECLARE_LHASH_OF(CONF_VALUE);
struct conf_st;
struct conf_method_st;
@ -103,6 +102,9 @@ struct conf_method_st {
typedef struct conf_imodule_st CONF_IMODULE;
typedef struct conf_module_st CONF_MODULE;
DECLARE_STACK_OF(CONF_MODULE)
DECLARE_STACK_OF(CONF_IMODULE)
/* DSO module function typedefs */
typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf);
typedef void conf_finish_func (CONF_IMODULE *md);
@ -115,18 +117,24 @@ typedef void conf_finish_func (CONF_IMODULE *md);
# define CONF_MFLAGS_DEFAULT_SECTION 0x20
int CONF_set_default_method(CONF_METHOD *meth);
void CONF_set_nconf(CONF *conf, LHASH *hash);
LHASH *CONF_load(LHASH *conf, const char *file, long *eline);
void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
long *eline);
# ifndef OPENSSL_NO_FP_API
LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline);
LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
long *eline);
# endif
LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline);
STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section);
char *CONF_get_string(LHASH *conf, const char *group, const char *name);
long CONF_get_number(LHASH *conf, const char *group, const char *name);
void CONF_free(LHASH *conf);
int CONF_dump_fp(LHASH *conf, FILE *out);
int CONF_dump_bio(LHASH *conf, BIO *out);
LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
long *eline);
STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
const char *section);
char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
const char *name);
long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
const char *name);
void CONF_free(LHASH_OF(CONF_VALUE) *conf);
int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
void OPENSSL_config(const char *config_name);
void OPENSSL_no_config(void);
@ -139,7 +147,7 @@ void OPENSSL_no_config(void);
struct conf_st {
CONF_METHOD *meth;
void *meth_data;
LHASH *data;
LHASH_OF(CONF_VALUE) *data;
};
CONF *NCONF_new(CONF_METHOD *meth);
@ -217,6 +225,7 @@ void ERR_load_CONF_strings(void);
# define CONF_F_CONF_LOAD_BIO 102
# define CONF_F_CONF_LOAD_FP 103
# define CONF_F_CONF_MODULES_LOAD 116
# define CONF_F_CONF_PARSE_LIST 119
# define CONF_F_DEF_LOAD 120
# define CONF_F_DEF_LOAD_BIO 121
# define CONF_F_MODULE_INIT 115
@ -236,6 +245,7 @@ void ERR_load_CONF_strings(void);
/* Reason codes. */
# define CONF_R_ERROR_LOADING_DSO 110
# define CONF_R_LIST_CANNOT_BE_NULL 115
# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100
# define CONF_R_MISSING_EQUAL_SIGN 101
# define CONF_R_MISSING_FINISH_FUNCTION 111

133
Cryptlib/Include/openssl/crypto.h
View File

@ -1,6 +1,6 @@
/* crypto/crypto.h */
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -223,13 +223,9 @@ typedef struct openssl_item_st {
# define CRYPTO_LOCK_EC_PRE_COMP 36
# define CRYPTO_LOCK_STORE 37
# define CRYPTO_LOCK_COMP 38
# ifndef OPENSSL_FIPS
# define CRYPTO_NUM_LOCKS 39
# else
# define CRYPTO_LOCK_FIPS 39
# define CRYPTO_LOCK_FIPS2 40
# define CRYPTO_NUM_LOCKS 41
# endif
# define CRYPTO_LOCK_FIPS 39
# define CRYPTO_LOCK_FIPS2 40
# define CRYPTO_NUM_LOCKS 41
# define CRYPTO_LOCK 1
# define CRYPTO_UNLOCK 2
@ -294,10 +290,11 @@ typedef struct {
typedef struct bio_st BIO_dummy;
struct crypto_ex_data_st {
STACK *sk;
STACK_OF(void) *sk;
/* gcc is screwing up this data structure :-( */
int dummy;
};
DECLARE_STACK_OF(void)
/*
* This stuff is basically class callback functions The current classes are
@ -360,7 +357,14 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
* Set standard debugging functions (not done by default unless CRYPTO_MDEBUG
* is defined)
*/
void CRYPTO_malloc_debug_init(void);
# define CRYPTO_malloc_debug_init() do {\
CRYPTO_set_mem_debug_functions(\
CRYPTO_dbg_malloc,\
CRYPTO_dbg_realloc,\
CRYPTO_dbg_free,\
CRYPTO_dbg_set_options,\
CRYPTO_dbg_get_options);\
} while(0)
int CRYPTO_mem_ctrl(int mode);
int CRYPTO_is_mem_check_on(void);
@ -439,17 +443,31 @@ void CRYPTO_set_add_lock_callback(int (*func)
const char *file, int line));
int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type,
const char *file, int line);
/* Don't use this structure directly. */
typedef struct crypto_threadid_st {
void *ptr;
unsigned long val;
} CRYPTO_THREADID;
/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
int CRYPTO_THREADID_set_callback(void (*threadid_func) (CRYPTO_THREADID *));
void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *);
void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
# ifndef OPENSSL_NO_DEPRECATED
void CRYPTO_set_id_callback(unsigned long (*func) (void));
unsigned long (*CRYPTO_get_id_callback(void)) (void);
unsigned long CRYPTO_thread_id(void);
# endif
const char *CRYPTO_get_lock_name(int type);
int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
int line);
void int_CRYPTO_set_do_dynlock_callback(void (*do_dynlock_cb)
(int mode, int type,
const char *file, int line));
int CRYPTO_get_new_dynlockid(void);
void CRYPTO_destroy_dynlockid(int i);
struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
@ -493,10 +511,6 @@ int CRYPTO_set_mem_debug_functions(void (*m)
const char *, int, int),
void (*f) (void *, int), void (*so) (long),
long (*go) (void));
void CRYPTO_set_mem_info_functions(int (*push_info_fn)
(const char *info, const char *file,
int line), int (*pop_info_fn) (void),
int (*remove_all_info_fn) (void));
void CRYPTO_get_mem_functions(void *(**m) (size_t),
void *(**r) (void *, size_t),
void (**f) (void *));
@ -516,10 +530,10 @@ void CRYPTO_get_mem_debug_functions(void (**m)
void (**so) (long), long (**go) (void));
void *CRYPTO_malloc_locked(int num, const char *file, int line);
void CRYPTO_free_locked(void *);
void CRYPTO_free_locked(void *ptr);
void *CRYPTO_malloc(int num, const char *file, int line);
char *CRYPTO_strdup(const char *str, const char *file, int line);
void CRYPTO_free(void *);
void CRYPTO_free(void *ptr);
void *CRYPTO_realloc(void *addr, int num, const char *file, int line);
void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file,
int line);
@ -563,10 +577,6 @@ void CRYPTO_dbg_free(void *addr, int before_p);
void CRYPTO_dbg_set_options(long bits);
long CRYPTO_dbg_get_options(void);
int CRYPTO_dbg_push_info(const char *info, const char *file, int line);
int CRYPTO_dbg_pop_info(void);
int CRYPTO_dbg_remove_all_info(void);
# ifndef OPENSSL_NO_FP_API
void CRYPTO_mem_leaks_fp(FILE *);
# endif
@ -584,63 +594,32 @@ unsigned long *OPENSSL_ia32cap_loc(void);
# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
int OPENSSL_isservice(void);
int FIPS_mode(void);
int FIPS_mode_set(int r);
void OPENSSL_init(void);
# define fips_md_init(alg) fips_md_init_ctx(alg, alg)
# ifdef OPENSSL_FIPS
# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \
alg " previous FIPS forbidden algorithm error ignored");
# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \
#alg " Algorithm forbidden in FIPS mode");
# ifdef OPENSSL_FIPS_STRICT
# define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
# else
# define FIPS_BAD_ALGORITHM(alg) \
# define fips_md_init_ctx(alg, cx) \
int alg##_Init(cx##_CTX *c) \
{ \
FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
ERR_add_error_data(2, "Algorithm=", #alg); \
return 0; \
}
# endif
if (FIPS_mode()) OpenSSLDie(NULL, 0, \
"Low level API call to digest " #alg " forbidden in FIPS mode!"); \
return private_##alg##_Init(c); \
} \
int private_##alg##_Init(cx##_CTX *c)
/* Low level digest API blocking macro */
# define FIPS_NON_FIPS_MD_Init(alg) \
int alg##_Init(alg##_CTX *c) \
{ \
if (FIPS_mode()) \
FIPS_BAD_ALGORITHM(alg) \
return private_##alg##_Init(c); \
} \
int private_##alg##_Init(alg##_CTX *c)
/*
* For ciphers the API often varies from cipher to cipher and each needs to
* be treated as a special case. Variable key length ciphers (Blowfish, RC4,
* CAST) however are very similar and can use a blocking macro.
*/
# define FIPS_NON_FIPS_VCIPHER_Init(alg) \
void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
{ \
if (FIPS_mode()) \
FIPS_BAD_ABORT(alg) \
private_##alg##_set_key(key, len, data); \
} \
void private_##alg##_set_key(alg##_KEY *key, int len, \
const unsigned char *data)
# define fips_cipher_abort(alg) \
if (FIPS_mode()) OpenSSLDie(NULL, 0, \
"Low level API call to cipher " #alg " forbidden in FIPS mode!")
# else
# define FIPS_NON_FIPS_VCIPHER_Init(alg) \
void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
# define FIPS_NON_FIPS_MD_Init(alg) \
int alg##_Init(alg##_CTX *c)
# endif /* def OPENSSL_FIPS */
# define OPENSSL_HAVE_INIT 1
void OPENSSL_init(void);
# define fips_md_init_ctx(alg, cx) \
int alg##_Init(cx##_CTX *c)
# define fips_cipher_abort(alg) while(0)
# endif
/*
* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal.
@ -667,11 +646,13 @@ void ERR_load_CRYPTO_strings(void);
# define CRYPTO_F_CRYPTO_SET_EX_DATA 102
# define CRYPTO_F_DEF_ADD_INDEX 104
# define CRYPTO_F_DEF_GET_CLASS 105
# define CRYPTO_F_FIPS_MODE_SET 109
# define CRYPTO_F_INT_DUP_EX_DATA 106
# define CRYPTO_F_INT_FREE_EX_DATA 107
# define CRYPTO_F_INT_NEW_EX_DATA 108
/* Reason codes. */
# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
# define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
#ifdef __cplusplus

4
Cryptlib/Include/openssl/des.h
View File

@ -231,6 +231,10 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
# ifdef OPENSSL_FIPS
void private_DES_set_key_unchecked(const_DES_cblock *key,
DES_key_schedule *schedule);
# endif
void DES_string_to_key(const char *str, DES_cblock *key);
void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,

167
Cryptlib/Include/openssl/dh.h
View File

@ -77,8 +77,6 @@
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
# endif
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
# define DH_FLAG_CACHE_MONT_P 0x01
/*
@ -91,6 +89,23 @@
*/
# define DH_FLAG_NO_EXP_CONSTTIME 0x02
/*
* If this flag is set the DH method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
* sets this flag in its own methods it is its reposibility to ensure the
* result is compliant.
*/
# define DH_FLAG_FIPS_METHOD 0x0400
/*
* If this flag is set the operations normally disabled in FIPS mode are
* permitted it is then the applications responsibility to ensure that the
* usage is compliant.
*/
# define DH_FLAG_NON_FIPS_ALLOW 0x0400
#ifdef __cplusplus
extern "C" {
#endif
@ -152,6 +167,9 @@ struct dh_st {
# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
# define DH_NOT_SUITABLE_GENERATOR 0x08
# define DH_CHECK_Q_NOT_PRIME 0x10
# define DH_CHECK_INVALID_Q_VALUE 0x20
# define DH_CHECK_INVALID_J_VALUE 0x40
/* DH_check_pub_key error codes */
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
@ -163,7 +181,6 @@ struct dh_st {
*/
# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
# define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)
# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
@ -171,12 +188,9 @@ struct dh_st {
# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
const DH_METHOD *DH_OpenSSL(void);
DH *DHparams_dup(DH *);
# ifdef OPENSSL_FIPS
DH *FIPS_dh_new(void);
void FIPS_dh_free(DH *dh);
# endif
const DH_METHOD *DH_OpenSSL(void);
void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void);
@ -206,8 +220,11 @@ int DH_check(const DH *dh, int *codes);
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
int i2d_DHparams(const DH *a, unsigned char **pp);
DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
int i2d_DHxparams(const DH *a, unsigned char **pp);
# ifndef OPENSSL_NO_FP_API
int DHparams_print_fp(FILE *fp, const DH *x);
# endif
@ -217,6 +234,110 @@ int DHparams_print(BIO *bp, const DH *x);
int DHparams_print(char *bp, const DH *x);
# endif
/* RFC 5114 parameters */
DH *DH_get_1024_160(void);
DH *DH_get_2048_224(void);
DH *DH_get_2048_256(void);
/* RFC2631 KDF */
int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
ASN1_OBJECT *key_oid,
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid)
# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid)
# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md)
# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd)
# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen)
# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p)
# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
EVP_PKEY_OP_DERIVE, \
EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p)
# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4)
# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5)
# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6)
# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7)
# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8)
# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9)
# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10)
# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11)
# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
/* KDF types */
# define EVP_PKEY_DH_KDF_NONE 1
# define EVP_PKEY_DH_KDF_X9_42 2
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
@ -228,22 +349,42 @@ void ERR_load_DH_strings(void);
/* Function codes. */
# define DH_F_COMPUTE_KEY 102
# define DH_F_DHPARAMS_PRINT 100
# define DH_F_DHPARAMS_PRINT_FP 101
# define DH_F_DH_BUILTIN_GENPARAMS 106
# define DH_F_DH_COMPUTE_KEY 107
# define DH_F_DH_GENERATE_KEY 108
# define DH_F_DH_GENERATE_PARAMETERS 109
# define DH_F_DH_CMS_DECRYPT 117
# define DH_F_DH_CMS_SET_PEERKEY 118
# define DH_F_DH_CMS_SET_SHARED_INFO 119
# define DH_F_DH_COMPUTE_KEY 114
# define DH_F_DH_GENERATE_KEY 115
# define DH_F_DH_GENERATE_PARAMETERS_EX 116
# define DH_F_DH_NEW_METHOD 105
# define DH_F_DH_PARAM_DECODE 107
# define DH_F_DH_PRIV_DECODE 110
# define DH_F_DH_PRIV_ENCODE 111
# define DH_F_DH_PUB_DECODE 108
# define DH_F_DH_PUB_ENCODE 109
# define DH_F_DO_DH_PRINT 100
# define DH_F_GENERATE_KEY 103
# define DH_F_GENERATE_PARAMETERS 104
# define DH_F_PKEY_DH_DERIVE 112
# define DH_F_PKEY_DH_KEYGEN 113
/* Reason codes. */
# define DH_R_BAD_GENERATOR 101
# define DH_R_BN_DECODE_ERROR 109
# define DH_R_BN_ERROR 106
# define DH_R_DECODE_ERROR 104
# define DH_R_INVALID_PUBKEY 102
# define DH_R_KEY_SIZE_TOO_SMALL 104
# define DH_R_KDF_PARAMETER_ERROR 112
# define DH_R_KEYS_NOT_SET 108
# define DH_R_KEY_SIZE_TOO_SMALL 110
# define DH_R_MODULUS_TOO_LARGE 103
# define DH_R_NON_FIPS_METHOD 111
# define DH_R_NO_PARAMETERS_SET 107
# define DH_R_NO_PRIVATE_VALUE 100
# define DH_R_PARAMETER_ENCODING_ERROR 105
# define DH_R_PEER_KEY_ERROR 113
# define DH_R_SHARED_INFO_ERROR 114
#ifdef __cplusplus
}

60
Cryptlib/Include/openssl/dsa.h
View File

@ -88,8 +88,6 @@
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
# endif
# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
# define DSA_FLAG_CACHE_MONT_P 0x01
/*
* new with 0.9.7h; the built-in DSA implementation now uses constant time
@ -115,10 +113,6 @@
# define DSA_FLAG_NON_FIPS_ALLOW 0x0400
# ifdef OPENSSL_FIPS
# define FIPS_DSA_SIZE_T int
# endif
#ifdef __cplusplus
extern "C" {
#endif
@ -151,7 +145,7 @@ struct dsa_method {
char *app_data;
/* If this is non-NULL, it is used to generate DSA parameters */
int (*dsa_paramgen) (DSA *dsa, int bits,
unsigned char *seed, int seed_len,
const unsigned char *seed, int seed_len,
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb);
/* If this is non-NULL, it is used to generate DSA keys */
@ -183,7 +177,6 @@ struct dsa_st {
ENGINE *engine;
};
# define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
(char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
@ -191,6 +184,7 @@ struct dsa_st {
# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
DSA *DSAparams_dup(DSA *x);
DSA_SIG *DSA_SIG_new(void);
void DSA_SIG_free(DSA_SIG *a);
int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
@ -206,11 +200,6 @@ void DSA_set_default_method(const DSA_METHOD *);
const DSA_METHOD *DSA_get_default_method(void);
int DSA_set_method(DSA *dsa, const DSA_METHOD *);
# ifdef OPENSSL_FIPS
DSA *FIPS_dsa_new(void);
void FIPS_dsa_free(DSA *r);
# endif
DSA *DSA_new(void);
DSA *DSA_new_method(ENGINE *engine);
void DSA_free(DSA *r);
@ -242,7 +231,7 @@ DSA *DSA_generate_parameters(int bits,
/* New version */
int DSA_generate_parameters_ex(DSA *dsa, int bits,
unsigned char *seed, int seed_len,
const unsigned char *seed, int seed_len,
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb);
@ -276,10 +265,13 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off);
DH *DSA_dup_DH(const DSA *r);
# endif
# ifdef OPENSSL_FIPS
int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
# endif
# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1)
# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2)
# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3)
/* BEGIN ERROR CODES */
/*
@ -292,33 +284,47 @@ void ERR_load_DSA_strings(void);
/* Function codes. */
# define DSA_F_D2I_DSA_SIG 110
# define DSA_F_DO_DSA_PRINT 104
# define DSA_F_DSAPARAMS_PRINT 100
# define DSA_F_DSAPARAMS_PRINT_FP 101
# define DSA_F_DSA_BUILTIN_KEYGEN 119
# define DSA_F_DSA_BUILTIN_PARAMGEN 118
# define DSA_F_DSA_BUILTIN_PARAMGEN2 126
# define DSA_F_DSA_DO_SIGN 112
# define DSA_F_DSA_DO_VERIFY 113
# define DSA_F_DSA_GENERATE_PARAMETERS 117
# define DSA_F_DSA_GENERATE_KEY 124
# define DSA_F_DSA_GENERATE_PARAMETERS_EX 123
# define DSA_F_DSA_NEW_METHOD 103
# define DSA_F_DSA_PRINT 104
# define DSA_F_DSA_PARAM_DECODE 119
# define DSA_F_DSA_PRINT_FP 105
# define DSA_F_DSA_SET_DEFAULT_METHOD 115
# define DSA_F_DSA_SET_METHOD 116
# define DSA_F_DSA_PRIV_DECODE 115
# define DSA_F_DSA_PRIV_ENCODE 116
# define DSA_F_DSA_PUB_DECODE 117
# define DSA_F_DSA_PUB_ENCODE 118
# define DSA_F_DSA_SIGN 106
# define DSA_F_DSA_SIGN_SETUP 107
# define DSA_F_DSA_SIG_NEW 109
# define DSA_F_DSA_SIG_PRINT 125
# define DSA_F_DSA_VERIFY 108
# define DSA_F_I2D_DSA_SIG 111
# define DSA_F_OLD_DSA_PRIV_DECODE 122
# define DSA_F_PKEY_DSA_CTRL 120
# define DSA_F_PKEY_DSA_KEYGEN 121
# define DSA_F_SIG_CB 114
/* Reason codes. */
# define DSA_R_BAD_Q_VALUE 102
# define DSA_R_BN_DECODE_ERROR 108
# define DSA_R_BN_ERROR 109
# define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
# define DSA_R_KEY_SIZE_TOO_SMALL 106
# define DSA_R_DECODE_ERROR 104
# define DSA_R_INVALID_DIGEST_TYPE 106
# define DSA_R_INVALID_PARAMETERS 112
# define DSA_R_MISSING_PARAMETERS 101
# define DSA_R_MODULUS_TOO_LARGE 103
# define DSA_R_NON_FIPS_METHOD 104
# define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105
# define DSA_R_NEED_NEW_SETUP_VALUES 110
# define DSA_R_NON_FIPS_DSA_METHOD 111
# define DSA_R_NO_PARAMETERS_SET 107
# define DSA_R_PARAMETER_ENCODING_ERROR 105
# define DSA_R_Q_NOT_PRIME 113
#ifdef __cplusplus
}

43
Cryptlib/Include/openssl/dso.h
View File

@ -182,6 +182,10 @@ typedef struct dso_meth_st {
/* [De]Initialisation handlers. */
int (*init) (DSO *dso);
int (*finish) (DSO *dso);
/* Return pathname of the module containing location */
int (*pathbyaddr) (void *addr, char *path, int sz);
/* Perform global symbol lookup, i.e. among *all* modules */
void *(*globallookup) (const char *symname);
} DSO_METHOD;
/**********************************************************************/
@ -195,7 +199,7 @@ struct dso_st {
* handler. All in all, let each method control its own destiny.
* "Handles" and such go in a STACK.
*/
STACK *meth_data;
STACK_OF(void) *meth_data;
int references;
int flags;
/*
@ -337,6 +341,31 @@ DSO_METHOD *DSO_METHOD_win32(void);
/* If VMS is defined, use shared images. If not, return NULL. */
DSO_METHOD *DSO_METHOD_vms(void);
/*
* This function writes null-terminated pathname of DSO module containing
* 'addr' into 'sz' large caller-provided 'path' and returns the number of
* characters [including trailing zero] written to it. If 'sz' is 0 or
* negative, 'path' is ignored and required amount of charachers [including
* trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then
* pathname of cryptolib itself is returned. Negative or zero return value
* denotes error.
*/
int DSO_pathbyaddr(void *addr, char *path, int sz);
/*
* This function should be used with caution! It looks up symbols in *all*
* loaded modules and if module gets unloaded by somebody else attempt to
* dereference the pointer is doomed to have fatal consequences. Primary
* usage for this function is to probe *core* system functionality, e.g.
* check if getnameinfo(3) is available at run-time without bothering about
* OS-specific details such as libc.so.versioning or where does it actually
* reside: in libc itself or libsocket.
*/
void *DSO_global_lookup(const char *name);
/* If BeOS is defined, use shared images. If not, return NULL. */
DSO_METHOD *DSO_METHOD_beos(void);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
@ -347,6 +376,11 @@ void ERR_load_DSO_strings(void);
/* Error codes for the DSO functions. */
/* Function codes. */
# define DSO_F_BEOS_BIND_FUNC 144
# define DSO_F_BEOS_BIND_VAR 145
# define DSO_F_BEOS_LOAD 146
# define DSO_F_BEOS_NAME_CONVERTER 147
# define DSO_F_BEOS_UNLOAD 148
# define DSO_F_DLFCN_BIND_FUNC 100
# define DSO_F_DLFCN_BIND_VAR 101
# define DSO_F_DLFCN_LOAD 102
@ -366,22 +400,29 @@ void ERR_load_DSO_strings(void);
# define DSO_F_DSO_FREE 111
# define DSO_F_DSO_GET_FILENAME 127
# define DSO_F_DSO_GET_LOADED_FILENAME 128
# define DSO_F_DSO_GLOBAL_LOOKUP 139
# define DSO_F_DSO_LOAD 112
# define DSO_F_DSO_MERGE 132
# define DSO_F_DSO_NEW_METHOD 113
# define DSO_F_DSO_PATHBYADDR 140
# define DSO_F_DSO_SET_FILENAME 129
# define DSO_F_DSO_SET_NAME_CONVERTER 122
# define DSO_F_DSO_UP_REF 114
# define DSO_F_GLOBAL_LOOKUP_FUNC 138
# define DSO_F_PATHBYADDR 137
# define DSO_F_VMS_BIND_SYM 115
# define DSO_F_VMS_LOAD 116
# define DSO_F_VMS_MERGER 133
# define DSO_F_VMS_UNLOAD 117
# define DSO_F_WIN32_BIND_FUNC 118
# define DSO_F_WIN32_BIND_VAR 119
# define DSO_F_WIN32_GLOBALLOOKUP 142
# define DSO_F_WIN32_GLOBALLOOKUP_FUNC 143
# define DSO_F_WIN32_JOINER 135
# define DSO_F_WIN32_LOAD 120
# define DSO_F_WIN32_MERGER 134
# define DSO_F_WIN32_NAME_CONVERTER 125
# define DSO_F_WIN32_PATHBYADDR 141
# define DSO_F_WIN32_SPLITTER 136
# define DSO_F_WIN32_UNLOAD 121

56
Cryptlib/Include/openssl/dtls1.h
View File

@ -72,7 +72,11 @@
# elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
# include <sys/timeval.h>
# else
# include <sys/time.h>
# if defined(OPENSSL_SYS_VXWORKS)
# include <sys/times.h>
# else
# include <sys/time.h>
# endif
# endif
#ifdef __cplusplus
@ -80,10 +84,15 @@ extern "C" {
#endif
# define DTLS1_VERSION 0xFEFF
# define DTLS_MAX_VERSION DTLS1_VERSION
# define DTLS1_2_VERSION 0xFEFD
# define DTLS_MAX_VERSION DTLS1_2_VERSION
# define DTLS1_VERSION_MAJOR 0xFE
# define DTLS1_BAD_VER 0x0100
/* Special value for method supporting multiple versions */
# define DTLS_ANY_VERSION 0x1FFFF
# if 0
/* this alert description is not specified anywhere... */
# define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
@ -107,20 +116,30 @@ extern "C" {
# define DTLS1_AL_HEADER_LENGTH 2
# endif
# ifndef OPENSSL_NO_SSL_INTERN
# ifndef OPENSSL_NO_SCTP
# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
# endif
/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
# define DTLS1_MAX_MTU_OVERHEAD 48
typedef struct dtls1_bitmap_st {
PQ_64BIT map;
unsigned long length; /* sizeof the bitmap in bits */
PQ_64BIT max_seq_num; /* max record number seen so far */
unsigned long map; /* track 32 packets on 32-bit systems and 64
* - on 64-bit systems */
unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit
* value in big-endian encoding */
} DTLS1_BITMAP;
struct dtls1_retransmit_state {
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
const EVP_MD *write_hash; /* used for mac generation */
# ifndef OPENSSL_NO_COMP
EVP_MD_CTX *write_hash; /* used for mac generation */
# ifndef OPENSSL_NO_COMP
COMP_CTX *compress; /* compression */
# else
# else
char *compress;
# endif
# endif
SSL_SESSION *session;
unsigned short epoch;
};
@ -197,11 +216,14 @@ typedef struct dtls1_state_st {
record_pqueue buffered_app_data;
/* Is set when listening for new connections with dtls1_listen() */
unsigned int listen;
unsigned int link_mtu; /* max on-the-wire DTLS packet size */
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
struct hm_header_st r_msg_hdr;
struct dtls1_timeout_st timeout;
/* Indicates when the last handshake msg sent will timeout */
/*
* Indicates when the last handshake msg or heartbeat sent will timeout
*/
struct timeval next_timeout;
/* Timeout duration */
unsigned short timeout_duration;
@ -214,7 +236,16 @@ typedef struct dtls1_state_st {
unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
unsigned int handshake_fragment_len;
unsigned int retransmitting;
/*
* Set when the handshake is ready to process peer's ChangeCipherSpec message.
* Cleared after the message has been processed.
*/
unsigned int change_cipher_spec_ok;
# ifndef OPENSSL_NO_SCTP
/* used when SSL_ST_XX_FLUSH is entered */
int next_state;
int shutdown_received;
# endif
} DTLS1_STATE;
typedef struct dtls1_record_data_st {
@ -222,8 +253,13 @@ typedef struct dtls1_record_data_st {
unsigned int packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
# ifndef OPENSSL_NO_SCTP
struct bio_dgram_sctp_rcvinfo recordinfo;
# endif
} DTLS1_RECORD_DATA;
# endif
/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
# define DTLS1_TMO_READ_COUNT 2
# define DTLS1_TMO_WRITE_COUNT 2

58
Cryptlib/Include/openssl/e_os2.h
View File

@ -101,7 +101,7 @@ extern "C" {
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WIN32_UWIN
# else
# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32)
# if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN)
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WIN32_CYGWIN
# else
@ -109,6 +109,12 @@ extern "C" {
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WIN32
# endif
# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64)
# undef OPENSSL_SYS_UNIX
# if !defined(OPENSSL_SYS_WIN64)
# define OPENSSL_SYS_WIN64
# endif
# endif
# if defined(OPENSSL_SYSNAME_WINNT)
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WINNT
@ -121,7 +127,7 @@ extern "C" {
# endif
/* Anything that tries to look like Microsoft is "Windows" */
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WINDOWS
# ifndef OPENSSL_SYS_MSDOS
@ -199,8 +205,14 @@ extern "C" {
# endif
/* -------------------------------- VOS ----------------------------------- */
# ifdef OPENSSL_SYSNAME_VOS
# if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS)
# define OPENSSL_SYS_VOS
# ifdef __HPPA__
# define OPENSSL_SYS_VOS_HPPA
# endif
# ifdef __IA32__
# define OPENSSL_SYS_VOS_IA32
# endif
# endif
/* ------------------------------ VxWorks --------------------------------- */
@ -208,6 +220,17 @@ extern "C" {
# define OPENSSL_SYS_VXWORKS
# endif
/* -------------------------------- BeOS ---------------------------------- */
# if defined(__BEOS__)
# define OPENSSL_SYS_BEOS
# include <sys/socket.h>
# if defined(BONE_VERSION)
# define OPENSSL_SYS_BEOS_BONE
# else
# define OPENSSL_SYS_BEOS_R5
# endif
# endif
/**
* That's it for OS-specific stuff
*****************************************************************************/
@ -268,18 +291,37 @@ extern "C" {
* #define foobar OPENSSL_GLOBAL_REF(foobar)
*/
# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
# define OPENSSL_IMPLEMENT_GLOBAL(type,name) \
extern type _hide_##name; \
type *_shadow_##name(void) { return &_hide_##name; } \
static type _hide_##name
# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) \
type *_shadow_##name(void) \
{ static type _hide_##name=value; return &_hide_##name; }
# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
# else
# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name
# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value;
# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
# define OPENSSL_GLOBAL_REF(name) _shadow_##name
# endif
# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE)
# define ossl_ssize_t long
# endif
# ifdef OPENSSL_SYS_MSDOS
# define ossl_ssize_t long
# endif
# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
# define ssize_t int
# endif
# if defined(__ultrix) && !defined(ssize_t)
# define ossl_ssize_t int
# endif
# ifndef ossl_ssize_t
# define ossl_ssize_t ssize_t
# endif
#ifdef __cplusplus
}
#endif

7
Cryptlib/Include/openssl/ebcdic.h
View File

@ -5,6 +5,10 @@
# include <sys/types.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Avoid name clashes with other applications */
# define os_toascii _openssl_os_toascii
# define os_toebcdic _openssl_os_toebcdic
@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256];
void *ebcdic2ascii(void *dest, const void *srce, size_t count);
void *ascii2ebcdic(void *dest, const void *srce, size_t count);
#ifdef __cplusplus
}
#endif
#endif

1018
Cryptlib/Include/openssl/ec.h
View File

File diff suppressed because it is too large Load Diff

9
Cryptlib/Include/openssl/ecdh.h
View File

@ -85,6 +85,8 @@
extern "C" {
#endif
# define EC_FLAG_COFACTOR_ECDH 0x1000
const ECDH_METHOD *ECDH_OpenSSL(void);
void ECDH_set_default_method(const ECDH_METHOD *);
@ -101,6 +103,11 @@ int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
void *ECDH_get_ex_data(EC_KEY *d, int idx);
int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const unsigned char *sinfo, size_t sinfolen,
const EVP_MD *md);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
@ -111,11 +118,13 @@ void ERR_load_ECDH_strings(void);
/* Error codes for the ECDH functions. */
/* Function codes. */
# define ECDH_F_ECDH_CHECK 102
# define ECDH_F_ECDH_COMPUTE_KEY 100
# define ECDH_F_ECDH_DATA_NEW_METHOD 101
/* Reason codes. */
# define ECDH_R_KDF_FAILED 102
# define ECDH_R_NON_FIPS_METHOD 103
# define ECDH_R_NO_PRIVATE_VALUE 100
# define ECDH_R_POINT_ARITHMETIC_FAILURE 101

270
Cryptlib/Include/openssl/ecdsa.h
View File

@ -4,7 +4,7 @@
* \author Written by Nils Larsch for the OpenSSL project
*/
/* ====================================================================
* Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved.
* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -80,156 +80,143 @@ typedef struct ECDSA_SIG_st {
BIGNUM *s;
} ECDSA_SIG;
/** ECDSA_SIG *ECDSA_SIG_new(void)
* allocates and initialize a ECDSA_SIG structure
* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
/** Allocates and initialize a ECDSA_SIG structure
* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
*/
ECDSA_SIG *ECDSA_SIG_new(void);
/** ECDSA_SIG_free
* frees a ECDSA_SIG structure
* \param a pointer to the ECDSA_SIG structure
/** frees a ECDSA_SIG structure
* \param sig pointer to the ECDSA_SIG structure
*/
void ECDSA_SIG_free(ECDSA_SIG *a);
void ECDSA_SIG_free(ECDSA_SIG *sig);
/** i2d_ECDSA_SIG
* DER encode content of ECDSA_SIG object (note: this function modifies *pp
* (*pp += length of the DER encoded signature)).
* \param a pointer to the ECDSA_SIG object
* \param pp pointer to a unsigned char pointer for the output or NULL
* \return the length of the DER encoded ECDSA_SIG object or 0
/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
* (*pp += length of the DER encoded signature)).
* \param sig pointer to the ECDSA_SIG object
* \param pp pointer to a unsigned char pointer for the output or NULL
* \return the length of the DER encoded ECDSA_SIG object or 0
*/
int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp);
int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
/** d2i_ECDSA_SIG
* decodes a DER encoded ECDSA signature (note: this function changes *pp
* (*pp += len)).
* \param v pointer to ECDSA_SIG pointer (may be NULL)
* \param pp buffer with the DER encoded signature
* \param len bufferlength
* \return pointer to the decoded ECDSA_SIG structure (or NULL)
/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
* (*pp += len)).
* \param sig pointer to ECDSA_SIG pointer (may be NULL)
* \param pp memory buffer with the DER encoded signature
* \param len length of the buffer
* \return pointer to the decoded ECDSA_SIG structure (or NULL)
*/
ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len);
ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
/** ECDSA_do_sign
* computes the ECDSA signature of the given hash value using
* the supplied private key and returns the created signature.
* \param dgst pointer to the hash value
* \param dgst_len length of the hash value
* \param eckey pointer to the EC_KEY object containing a private EC key
* \return pointer to a ECDSA_SIG structure or NULL
/** Computes the ECDSA signature of the given hash value using
* the supplied private key and returns the created signature.
* \param dgst pointer to the hash value
* \param dgst_len length of the hash value
* \param eckey EC_KEY object containing a private EC key
* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
*/
ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
EC_KEY *eckey);
/** ECDSA_do_sign_ex
* computes ECDSA signature of a given hash value using the supplied
* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
* \param dgst pointer to the hash value to sign
* \param dgstlen length of the hash value
* \param kinv optional pointer to a pre-computed inverse k
* \param rp optional pointer to the pre-computed rp value (see
* ECDSA_sign_setup
* \param eckey pointer to the EC_KEY object containing a private EC key
* \return pointer to a ECDSA_SIG structure or NULL
/** Computes ECDSA signature of a given hash value using the supplied
* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
* \param dgst pointer to the hash value to sign
* \param dgstlen length of the hash value
* \param kinv BIGNUM with a pre-computed inverse k (optional)
* \param rp BIGNUM with a pre-computed rp value (optioanl),
* see ECDSA_sign_setup
* \param eckey EC_KEY object containing a private EC key
* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
*/
ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
const BIGNUM *kinv, const BIGNUM *rp,
EC_KEY *eckey);
/** ECDSA_do_verify
* verifies that the supplied signature is a valid ECDSA
* signature of the supplied hash value using the supplied public key.
* \param dgst pointer to the hash value
* \param dgst_len length of the hash value
* \param sig pointer to the ECDSA_SIG structure
* \param eckey pointer to the EC_KEY object containing a public EC key
* \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
/** Verifies that the supplied signature is a valid ECDSA
* signature of the supplied hash value using the supplied public key.
* \param dgst pointer to the hash value
* \param dgst_len length of the hash value
* \param sig ECDSA_SIG structure
* \param eckey EC_KEY object containing a public EC key
* \return 1 if the signature is valid, 0 if the signature is invalid
* and -1 on error
*/
int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey);
const ECDSA_METHOD *ECDSA_OpenSSL(void);
/** ECDSA_set_default_method
* sets the default ECDSA method
* \param meth the new default ECDSA_METHOD
/** Sets the default ECDSA method
* \param meth new default ECDSA_METHOD
*/
void ECDSA_set_default_method(const ECDSA_METHOD *meth);
/** ECDSA_get_default_method
* returns the default ECDSA method
* \return pointer to ECDSA_METHOD structure containing the default method
/** Returns the default ECDSA method
* \return pointer to ECDSA_METHOD structure containing the default method
*/
const ECDSA_METHOD *ECDSA_get_default_method(void);
/** ECDSA_set_method
* sets method to be used for the ECDSA operations
* \param eckey pointer to the EC_KEY object
* \param meth pointer to the new method
* \return 1 on success and 0 otherwise
/** Sets method to be used for the ECDSA operations
* \param eckey EC_KEY object
* \param meth new method
* \return 1 on success and 0 otherwise
*/
int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
/** ECDSA_size
* returns the maximum length of the DER encoded signature
* \param eckey pointer to a EC_KEY object
* \return numbers of bytes required for the DER encoded signature
/** Returns the maximum length of the DER encoded signature
* \param eckey EC_KEY object
* \return numbers of bytes required for the DER encoded signature
*/
int ECDSA_size(const EC_KEY *eckey);
/** ECDSA_sign_setup
* precompute parts of the signing operation.
* \param eckey pointer to the EC_KEY object containing a private EC key
* \param ctx pointer to a BN_CTX object (may be NULL)
* \param kinv pointer to a BIGNUM pointer for the inverse of k
* \param rp pointer to a BIGNUM pointer for x coordinate of k * generator
* \return 1 on success and 0 otherwise
/** Precompute parts of the signing operation
* \param eckey EC_KEY object containing a private EC key
* \param ctx BN_CTX object (optional)
* \param kinv BIGNUM pointer for the inverse of k
* \param rp BIGNUM pointer for x coordinate of k * generator
* \return 1 on success and 0 otherwise
*/
int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
/** ECDSA_sign
* computes ECDSA signature of a given hash value using the supplied
* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
* \param type this parameter is ignored
* \param dgst pointer to the hash value to sign
* \param dgstlen length of the hash value
* \param sig buffer to hold the DER encoded signature
* \param siglen pointer to the length of the returned signature
* \param eckey pointer to the EC_KEY object containing a private EC key
* \return 1 on success and 0 otherwise
/** Computes ECDSA signature of a given hash value using the supplied
* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
* \param type this parameter is ignored
* \param dgst pointer to the hash value to sign
* \param dgstlen length of the hash value
* \param sig memory for the DER encoded created signature
* \param siglen pointer to the length of the returned signature
* \param eckey EC_KEY object containing a private EC key
* \return 1 on success and 0 otherwise
*/
int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
/** ECDSA_sign_ex
* computes ECDSA signature of a given hash value using the supplied
* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
* \param type this parameter is ignored
* \param dgst pointer to the hash value to sign
* \param dgstlen length of the hash value
* \param sig buffer to hold the DER encoded signature
* \param siglen pointer to the length of the returned signature
* \param kinv optional pointer to a pre-computed inverse k
* \param rp optional pointer to the pre-computed rp value (see
* ECDSA_sign_setup
* \param eckey pointer to the EC_KEY object containing a private EC key
* \return 1 on success and 0 otherwise
/** Computes ECDSA signature of a given hash value using the supplied
* private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
* \param type this parameter is ignored
* \param dgst pointer to the hash value to sign
* \param dgstlen length of the hash value
* \param sig buffer to hold the DER encoded signature
* \param siglen pointer to the length of the returned signature
* \param kinv BIGNUM with a pre-computed inverse k (optional)
* \param rp BIGNUM with a pre-computed rp value (optioanl),
* see ECDSA_sign_setup
* \param eckey EC_KEY object containing a private EC key
* \return 1 on success and 0 otherwise
*/
int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
unsigned char *sig, unsigned int *siglen,
const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
/** ECDSA_verify
* verifies that the given signature is valid ECDSA signature
* of the supplied hash value using the specified public key.
* \param type this parameter is ignored
* \param dgst pointer to the hash value
* \param dgstlen length of the hash value
* \param sig pointer to the DER encoded signature
* \param siglen length of the DER encoded signature
* \param eckey pointer to the EC_KEY object containing a public EC key
* \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
/** Verifies that the given signature is valid ECDSA signature
* of the supplied hash value using the specified public key.
* \param type this parameter is ignored
* \param dgst pointer to the hash value
* \param dgstlen length of the hash value
* \param sig pointer to the DER encoded signature
* \param siglen length of the DER encoded signature
* \param eckey EC_KEY object containing a public EC key
* \return 1 if the signature is valid, 0 if the signature is invalid
* and -1 on error
*/
int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
const unsigned char *sig, int siglen, EC_KEY *eckey);
@ -241,6 +228,80 @@ int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
void *ECDSA_get_ex_data(EC_KEY *d, int idx);
/** Allocates and initialize a ECDSA_METHOD structure
* \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL)
* \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
*/
ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method);
/** frees a ECDSA_METHOD structure
* \param ecdsa_method pointer to the ECDSA_METHOD structure
*/
void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method);
/** Sets application specific data in the ECDSA_METHOD
* \param ecdsa_method pointer to existing ECDSA_METHOD
* \param app application specific data to set
*/
void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app);
/** Returns application specific data from a ECDSA_METHOD structure
* \param ecdsa_method pointer to ECDSA_METHOD structure
* \return pointer to application specific data.
*/
void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method);
/** Set the ECDSA_do_sign function in the ECDSA_METHOD
* \param ecdsa_method pointer to existing ECDSA_METHOD
* \param ecdsa_do_sign a funtion of type ECDSA_do_sign
*/
void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char
*dgst, int dgst_len,
const BIGNUM *inv,
const BIGNUM *rp,
EC_KEY *eckey));
/** Set the ECDSA_sign_setup function in the ECDSA_METHOD
* \param ecdsa_method pointer to existing ECDSA_METHOD
* \param ecdsa_sign_setup a funtion of type ECDSA_sign_setup
*/
void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_sign_setup) (EC_KEY *eckey,
BN_CTX *ctx,
BIGNUM **kinv,
BIGNUM **r));
/** Set the ECDSA_do_verify function in the ECDSA_METHOD
* \param ecdsa_method pointer to existing ECDSA_METHOD
* \param ecdsa_do_verify a funtion of type ECDSA_do_verify
*/
void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_do_verify) (const unsigned char
*dgst, int dgst_len,
const ECDSA_SIG *sig,
EC_KEY *eckey));
void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags);
/** Set the flags field in the ECDSA_METHOD
* \param ecdsa_method pointer to existing ECDSA_METHOD
* \param flags flags value to set
*/
void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name);
/** Set the name field in the ECDSA_METHOD
* \param ecdsa_method pointer to existing ECDSA_METHOD
* \param name name to set
*/
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
@ -251,9 +312,11 @@ void ERR_load_ECDSA_strings(void);
/* Error codes for the ECDSA functions. */
/* Function codes. */
# define ECDSA_F_ECDSA_CHECK 104
# define ECDSA_F_ECDSA_DATA_NEW_METHOD 100
# define ECDSA_F_ECDSA_DO_SIGN 101
# define ECDSA_F_ECDSA_DO_VERIFY 102
# define ECDSA_F_ECDSA_METHOD_NEW 105
# define ECDSA_F_ECDSA_SIGN_SETUP 103
/* Reason codes. */
@ -262,6 +325,7 @@ void ERR_load_ECDSA_strings(void);
# define ECDSA_R_ERR_EC_LIB 102
# define ECDSA_R_MISSING_PARAMETERS 103
# define ECDSA_R_NEED_NEW_SETUP_VALUES 106
# define ECDSA_R_NON_FIPS_METHOD 107
# define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104
# define ECDSA_R_SIGNATURE_MALLOC_FAILED 105

70
Cryptlib/Include/openssl/engine.h
View File

@ -89,16 +89,15 @@
# include <openssl/ecdsa.h>
# endif
# include <openssl/rand.h>
# include <openssl/store.h>
# include <openssl/ui.h>
# include <openssl/err.h>
# endif
# include <openssl/x509.h>
# include <openssl/ossl_typ.h>
# include <openssl/symhacks.h>
# include <openssl/x509.h>
#ifdef __cplusplus
extern "C" {
#endif
@ -116,6 +115,8 @@ extern "C" {
# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040
# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080
# define ENGINE_METHOD_STORE (unsigned int)0x0100
# define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200
# define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400
/* Obvious all-or-nothing cases. */
# define ENGINE_METHOD_ALL (unsigned int)0xFFFF
# define ENGINE_METHOD_NONE (unsigned int)0x0000
@ -152,6 +153,14 @@ extern "C" {
*/
# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004
/*
* This flag if for an ENGINE that does not want its methods registered as
* part of ENGINE_register_all_complete() for example if the methods are not
* usable as default methods.
*/
# define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008
/*
* ENGINEs can support their own command types, and these flags are used in
* ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input
@ -354,7 +363,10 @@ typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **,
const int **, int);
typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **,
int);
typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **,
const int **, int);
typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **,
const int **, int);
/*
* STRUCTURE functions ... all of these functions deal with pointers to
* ENGINE structures where the pointers have a "structural reference". This
@ -388,20 +400,20 @@ void ENGINE_load_aep(void);
void ENGINE_load_atalla(void);
void ENGINE_load_chil(void);
void ENGINE_load_cswift(void);
# ifndef OPENSSL_NO_GMP
void ENGINE_load_gmp(void);
# endif
void ENGINE_load_nuron(void);
void ENGINE_load_sureware(void);
void ENGINE_load_ubsec(void);
# ifdef OPENSSL_SYS_WIN32
# ifndef OPENSSL_NO_CAPIENG
void ENGINE_load_padlock(void);
void ENGINE_load_capi(void);
# endif
# ifndef OPENSSL_NO_GMP
void ENGINE_load_gmp(void);
# endif
# ifndef OPENSSL_NO_GOST
void ENGINE_load_gost(void);
# endif
# endif
void ENGINE_load_cryptodev(void);
void ENGINE_load_padlock(void);
void ENGINE_load_rdrand(void);
void ENGINE_load_builtin_engines(void);
/*
@ -456,6 +468,14 @@ int ENGINE_register_digests(ENGINE *e);
void ENGINE_unregister_digests(ENGINE *e);
void ENGINE_register_all_digests(void);
int ENGINE_register_pkey_meths(ENGINE *e);
void ENGINE_unregister_pkey_meths(ENGINE *e);
void ENGINE_register_all_pkey_meths(void);
int ENGINE_register_pkey_asn1_meths(ENGINE *e);
void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
void ENGINE_register_all_pkey_asn1_meths(void);
/*
* These functions register all support from the above categories. Note, use
* of these functions can result in static linkage of code your application
@ -551,6 +571,8 @@ int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
loadssl_f);
int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
int ENGINE_set_flags(ENGINE *e, int flags);
int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
/* These functions allow control over any per-structure ENGINE data. */
@ -593,8 +615,18 @@ ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
*e);
ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
const char *str,
int len);
const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
const char *str,
int len);
const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
int ENGINE_get_flags(const ENGINE *e);
@ -657,6 +689,8 @@ ENGINE *ENGINE_get_default_RAND(void);
*/
ENGINE *ENGINE_get_cipher_engine(int nid);
ENGINE *ENGINE_get_digest_engine(int nid);
ENGINE *ENGINE_get_pkey_meth_engine(int nid);
ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
/*
* This sets a new default ENGINE structure for performing RSA operations. If
@ -674,6 +708,8 @@ int ENGINE_set_default_DH(ENGINE *e);
int ENGINE_set_default_RAND(ENGINE *e);
int ENGINE_set_default_ciphers(ENGINE *e);
int ENGINE_set_default_digests(ENGINE *e);
int ENGINE_set_default_pkey_meths(ENGINE *e);
int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
/*
* The combination "set" - the flags are bitwise "OR"d from the
@ -762,6 +798,7 @@ typedef struct st_dynamic_fns {
*/
typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
# define IMPLEMENT_DYNAMIC_CHECK_FN() \
OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
return 0; }
@ -787,6 +824,8 @@ typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
const dynamic_fns *fns);
# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
OPENSSL_EXPORT \
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
OPENSSL_EXPORT \
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
@ -818,7 +857,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
*/
void *ENGINE_get_static_state(void);
# if defined(__OpenBSD__) || defined(__FreeBSD__)
# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
void ENGINE_setup_bsd_cryptodev(void);
# endif
@ -848,13 +887,15 @@ void ERR_load_ENGINE_strings(void);
# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
# define ENGINE_F_ENGINE_GET_DIGEST 186
# define ENGINE_F_ENGINE_GET_NEXT 115
# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193
# define ENGINE_F_ENGINE_GET_PKEY_METH 192
# define ENGINE_F_ENGINE_GET_PREV 116
# define ENGINE_F_ENGINE_INIT 119
# define ENGINE_F_ENGINE_LIST_ADD 120
# define ENGINE_F_ENGINE_LIST_REMOVE 121
# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192
# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194
# define ENGINE_F_ENGINE_NEW 122
# define ENGINE_F_ENGINE_REMOVE 123
# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
@ -883,7 +924,7 @@ void ERR_load_ENGINE_strings(void);
# define ENGINE_R_DSO_FAILURE 104
# define ENGINE_R_DSO_NOT_FOUND 132
# define ENGINE_R_ENGINES_SECTION_ERROR 148
# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101
# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102
# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
# define ENGINE_R_ENGINE_SECTION_ERROR 149
# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
@ -910,6 +951,7 @@ void ERR_load_ENGINE_strings(void);
# define ENGINE_R_RSA_NOT_IMPLEMENTED 141
# define ENGINE_R_UNIMPLEMENTED_CIPHER 146
# define ENGINE_R_UNIMPLEMENTED_DIGEST 147
# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101
# define ENGINE_R_VERSION_INCOMPATIBILITY 145
#ifdef __cplusplus

81
Cryptlib/Include/openssl/err.h
View File

@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_ERR_H
# define HEADER_ERR_H
@ -93,7 +146,7 @@ extern "C" {
# define ERR_NUM_ERRORS 16
typedef struct err_state_st {
unsigned long pid;
CRYPTO_THREADID tid;
int err_flags[ERR_NUM_ERRORS];
unsigned long err_buffer[ERR_NUM_ERRORS];
char *err_data[ERR_NUM_ERRORS];
@ -141,7 +194,9 @@ typedef struct err_state_st {
# define ERR_LIB_STORE 44
# define ERR_LIB_FIPS 45
# define ERR_LIB_CMS 46
# define ERR_LIB_JPAKE 47
# define ERR_LIB_TS 47
# define ERR_LIB_HMAC 48
# define ERR_LIB_JPAKE 49
# define ERR_LIB_USER 128
@ -175,6 +230,8 @@ typedef struct err_state_st {
# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
/*
@ -231,6 +288,7 @@ typedef struct err_state_st {
# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
# define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */
# define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */
# define ERR_R_TS_LIB ERR_LIB_TS/* 45 */
# define ERR_R_NESTED_ASN1_ERROR 58
# define ERR_R_BAD_ASN1_OBJECT_HEADER 59
@ -285,6 +343,7 @@ void ERR_print_errors_fp(FILE *fp);
# endif
# ifndef OPENSSL_NO_BIO
void ERR_print_errors(BIO *bp);
# endif
/* Add EFIAPI for UEFI version. */
#if defined(OPENSSL_SYS_UEFI)
@ -292,20 +351,24 @@ void EFIAPI ERR_add_error_data(int num, ...);
#else
void ERR_add_error_data(int num, ...);
#endif
# endif
void ERR_add_error_vdata(int num, va_list args);
void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
void ERR_load_ERR_strings(void);
void ERR_load_crypto_strings(void);
void ERR_free_strings(void);
void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
# ifndef OPENSSL_NO_DEPRECATED
void ERR_remove_state(unsigned long pid); /* if zero we look it up */
# endif
ERR_STATE *ERR_get_state(void);
# ifndef OPENSSL_NO_LHASH
LHASH *ERR_get_string_table(void);
LHASH *ERR_get_err_state_table(void);
void ERR_release_err_state_table(LHASH **hash);
LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void);
void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash);
# endif
int ERR_get_next_error_library(void);
@ -313,12 +376,6 @@ int ERR_get_next_error_library(void);
int ERR_set_mark(void);
int ERR_pop_to_mark(void);
# ifdef OPENSSL_FIPS
void int_ERR_set_state_func(ERR_STATE *(*get_func) (void),
void (*remove_func) (unsigned long pid));
void int_ERR_lib_init(void);
# endif
/* Already defined in ossl_typ.h */
/* typedef struct st_ERR_FNS ERR_FNS; */
/*

746
Cryptlib/Include/openssl/evp.h
View File

File diff suppressed because it is too large Load Diff

11
Cryptlib/Include/openssl/hmac.h
View File

@ -90,14 +90,15 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx);
# define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx)
/* deprecated */
void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md);
void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl);
void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md);
int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl);
int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
const unsigned char *d, size_t n, unsigned char *md,
unsigned int *md_len);
int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);

2
Cryptlib/Include/openssl/idea.h
View File

@ -87,7 +87,7 @@ void private_idea_set_encrypt_key(const unsigned char *key,
IDEA_KEY_SCHEDULE *ks);
# endif
void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
int enc);

14
Cryptlib/Include/openssl/kssl.h
View File

@ -71,6 +71,16 @@
# include <stdio.h>
# include <ctype.h>
# include <krb5.h>
# ifdef OPENSSL_SYS_WIN32
/*
* These can sometimes get redefined indirectly by krb5 header files after
* they get undefed in ossl_typ.h
*/
# undef X509_NAME
# undef X509_EXTENSIONS
# undef OCSP_REQUEST
# undef OCSP_RESPONSE
# endif
#ifdef __cplusplus
extern "C" {
@ -176,6 +186,10 @@ krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
KSSL_ERR *kssl_err);
unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
KSSL_CTX *SSL_get0_kssl_ctx(SSL *s);
char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
#ifdef __cplusplus
}
#endif

131
Cryptlib/Include/openssl/lhash.h
View File

@ -99,42 +99,42 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *);
*/
/* First: "hash" functions */
# define DECLARE_LHASH_HASH_FN(f_name,o_type) \
unsigned long f_name##_LHASH_HASH(const void *);
# define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
unsigned long f_name##_LHASH_HASH(const void *arg) { \
o_type a = (o_type)arg; \
return f_name(a); }
# define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
# define DECLARE_LHASH_HASH_FN(name, o_type) \
unsigned long name##_LHASH_HASH(const void *);
# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
unsigned long name##_LHASH_HASH(const void *arg) { \
const o_type *a = arg; \
return name##_hash(a); }
# define LHASH_HASH_FN(name) name##_LHASH_HASH
/* Second: "compare" functions */
# define DECLARE_LHASH_COMP_FN(f_name,o_type) \
int f_name##_LHASH_COMP(const void *, const void *);
# define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
o_type a = (o_type)arg1; \
o_type b = (o_type)arg2; \
return f_name(a,b); }
# define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
# define DECLARE_LHASH_COMP_FN(name, o_type) \
int name##_LHASH_COMP(const void *, const void *);
# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
const o_type *a = arg1; \
const o_type *b = arg2; \
return name##_cmp(a,b); }
# define LHASH_COMP_FN(name) name##_LHASH_COMP
/* Third: "doall" functions */
# define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
void f_name##_LHASH_DOALL(void *);
# define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
void f_name##_LHASH_DOALL(void *arg) { \
o_type a = (o_type)arg; \
f_name(a); }
# define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
# define DECLARE_LHASH_DOALL_FN(name, o_type) \
void name##_LHASH_DOALL(void *);
# define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
void name##_LHASH_DOALL(void *arg) { \
o_type *a = arg; \
name##_doall(a); }
# define LHASH_DOALL_FN(name) name##_LHASH_DOALL
/* Fourth: "doall_arg" functions */
# define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
void f_name##_LHASH_DOALL_ARG(void *, void *);
# define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
o_type a = (o_type)arg1; \
a_type b = (a_type)arg2; \
f_name(a,b); }
# define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
void name##_LHASH_DOALL_ARG(void *, void *);
# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
o_type *a = arg1; \
a_type *b = arg2; \
name##_doall_arg(a, b); }
# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
typedef struct lhash_st {
LHASH_NODE **b;
@ -161,7 +161,8 @@ typedef struct lhash_st {
unsigned long num_retrieve_miss;
unsigned long num_hash_comps;
int error;
} LHASH;
} _LHASH; /* Do not use _LHASH directly, use LHASH_OF
* and friends */
# define LH_LOAD_MULT 256
@ -171,27 +172,67 @@ typedef struct lhash_st {
*/
# define lh_error(lh) ((lh)->error)
LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
void lh_free(LHASH *lh);
void *lh_insert(LHASH *lh, void *data);
void *lh_delete(LHASH *lh, const void *data);
void *lh_retrieve(LHASH *lh, const void *data);
void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);
void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
void lh_free(_LHASH *lh);
void *lh_insert(_LHASH *lh, void *data);
void *lh_delete(_LHASH *lh, const void *data);
void *lh_retrieve(_LHASH *lh, const void *data);
void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func);
void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
unsigned long lh_strhash(const char *c);
unsigned long lh_num_items(const LHASH *lh);
unsigned long lh_num_items(const _LHASH *lh);
# ifndef OPENSSL_NO_FP_API
void lh_stats(const LHASH *lh, FILE *out);
void lh_node_stats(const LHASH *lh, FILE *out);
void lh_node_usage_stats(const LHASH *lh, FILE *out);
void lh_stats(const _LHASH *lh, FILE *out);
void lh_node_stats(const _LHASH *lh, FILE *out);
void lh_node_usage_stats(const _LHASH *lh, FILE *out);
# endif
# ifndef OPENSSL_NO_BIO
void lh_stats_bio(const LHASH *lh, BIO *out);
void lh_node_stats_bio(const LHASH *lh, BIO *out);
void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);
void lh_stats_bio(const _LHASH *lh, BIO *out);
void lh_node_stats_bio(const _LHASH *lh, BIO *out);
void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
# endif
/* Type checking... */
# define LHASH_OF(type) struct lhash_st_##type
# define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; }
# define CHECKED_LHASH_OF(type,lh) \
((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh))
/* Define wrapper functions. */
# define LHM_lh_new(type, name) \
((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name)))
# define LHM_lh_error(type, lh) \
lh_error(CHECKED_LHASH_OF(type,lh))
# define LHM_lh_insert(type, lh, inst) \
((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \
CHECKED_PTR_OF(type, inst)))
# define LHM_lh_retrieve(type, lh, inst) \
((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \
CHECKED_PTR_OF(type, inst)))
# define LHM_lh_delete(type, lh, inst) \
((type *)lh_delete(CHECKED_LHASH_OF(type, lh), \
CHECKED_PTR_OF(type, inst)))
# define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn)
# define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \
lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg))
# define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh))
# define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load)
# define LHM_lh_node_stats_bio(type, lh, out) \
lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out)
# define LHM_lh_node_usage_stats_bio(type, lh, out) \
lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out)
# define LHM_lh_stats_bio(type, lh, out) \
lh_stats_bio(CHECKED_LHASH_OF(type, lh), out)
# define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh))
DECLARE_LHASH_OF(OPENSSL_STRING);
DECLARE_LHASH_OF(OPENSSL_CSTRING);
#ifdef __cplusplus
}
#endif

2
Cryptlib/Include/openssl/md4.h
View File

@ -77,7 +77,7 @@ extern "C" {
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*/
# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
# if defined(__LP32__)
# define MD4_LONG unsigned long
# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
# define MD4_LONG unsigned long

2
Cryptlib/Include/openssl/md5.h
View File

@ -77,7 +77,7 @@ extern "C" {
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*/
# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
# if defined(__LP32__)
# define MD5_LONG unsigned long
# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
# define MD5_LONG unsigned long

52
Cryptlib/Include/openssl/md2.h → Cryptlib/Include/openssl/mdc2.h
View File

@ -1,5 +1,5 @@
/* crypto/md/md2.h */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
/* crypto/mdc2/mdc2.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
@ -56,37 +56,37 @@
* [including the GNU Public Licence.]
*/
#ifndef HEADER_MD2_H
# define HEADER_MD2_H
#ifndef HEADER_MDC2_H
# define HEADER_MDC2_H
# include <openssl/opensslconf.h>/* OPENSSL_NO_MD2, MD2_INT */
# ifdef OPENSSL_NO_MD2
# error MD2 is disabled.
# endif
# include <stddef.h>
# define MD2_DIGEST_LENGTH 16
# define MD2_BLOCK 16
# include <openssl/des.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct MD2state_st {
unsigned int num;
unsigned char data[MD2_BLOCK];
MD2_INT cksm[MD2_BLOCK];
MD2_INT state[MD2_BLOCK];
} MD2_CTX;
const char *MD2_options(void);
# ifdef OPENSSL_FIPS
int private_MD2_Init(MD2_CTX *c);
# ifdef OPENSSL_NO_MDC2
# error MDC2 is disabled.
# endif
int MD2_Init(MD2_CTX *c);
int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
int MD2_Final(unsigned char *md, MD2_CTX *c);
unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md);
# define MDC2_BLOCK 8
# define MDC2_DIGEST_LENGTH 16
typedef struct mdc2_ctx_st {
unsigned int num;
unsigned char data[MDC2_BLOCK];
DES_cblock h, hh;
int pad_type; /* either 1 or 2, default 1 */
} MDC2_CTX;
# ifdef OPENSSL_FIPS
int private_MDC2_Init(MDC2_CTX *c);
# endif
int MDC2_Init(MDC2_CTX *c);
int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
int MDC2_Final(unsigned char *md, MDC2_CTX *c);
unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md);
#ifdef __cplusplus
}
#endif

163
Cryptlib/Include/openssl/modes.h Normal file
View File

@ -0,0 +1,163 @@
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
*
* Rights for redistribution and usage in source and binary
* forms are granted according to the OpenSSL license.
*/
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef void (*block128_f) (const unsigned char in[16],
unsigned char out[16], const void *key);
typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], int enc);
typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out,
size_t blocks, const void *key,
const unsigned char ivec[16]);
typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out,
size_t blocks, const void *key,
const unsigned char ivec[16],
unsigned char cmac[16]);
void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], block128_f block);
void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], block128_f block);
void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16],
unsigned char ecount_buf[16], unsigned int *num,
block128_f block);
void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16],
unsigned char ecount_buf[16],
unsigned int *num, ctr128_f ctr);
void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], int *num,
block128_f block);
void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], int *num,
int enc, block128_f block);
void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const void *key,
unsigned char ivec[16], int *num,
int enc, block128_f block);
void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
size_t bits, const void *key,
unsigned char ivec[16], int *num,
int enc, block128_f block);
size_t CRYPTO_cts128_encrypt_block(const unsigned char *in,
unsigned char *out, size_t len,
const void *key, unsigned char ivec[16],
block128_f block);
size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc);
size_t CRYPTO_cts128_decrypt_block(const unsigned char *in,
unsigned char *out, size_t len,
const void *key, unsigned char ivec[16],
block128_f block);
size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc);
size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in,
unsigned char *out, size_t len,
const void *key,
unsigned char ivec[16],
block128_f block);
size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc);
size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in,
unsigned char *out, size_t len,
const void *key,
unsigned char ivec[16],
block128_f block);
size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc);
typedef struct gcm128_context GCM128_CONTEXT;
GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block);
void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
size_t len);
int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
size_t len);
int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len);
int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len);
int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len, ctr128_f stream);
int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len, ctr128_f stream);
int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
size_t len);
void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
typedef struct ccm128_context CCM128_CONTEXT;
void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
unsigned int M, unsigned int L, void *key,
block128_f block);
int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce,
size_t nlen, size_t mlen);
void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad,
size_t alen);
int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp,
unsigned char *out, size_t len);
int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp,
unsigned char *out, size_t len);
int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp,
unsigned char *out, size_t len,
ccm128_f stream);
int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp,
unsigned char *out, size_t len,
ccm128_f stream);
size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
typedef struct xts128_context XTS128_CONTEXT;
int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
const unsigned char iv[16],
const unsigned char *inp, unsigned char *out,
size_t len, int enc);
size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
unsigned char *out,
const unsigned char *in, size_t inlen,
block128_f block);
size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
unsigned char *out,
const unsigned char *in, size_t inlen,
block128_f block);
#ifdef __cplusplus
}
#endif

305
Cryptlib/Include/openssl/obj_mac.h
View File

@ -580,6 +580,26 @@
#define NID_sha1WithRSAEncryption 65
#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L
#define SN_rsaesOaep "RSAES-OAEP"
#define LN_rsaesOaep "rsaesOaep"
#define NID_rsaesOaep 919
#define OBJ_rsaesOaep OBJ_pkcs1,7L
#define SN_mgf1 "MGF1"
#define LN_mgf1 "mgf1"
#define NID_mgf1 911
#define OBJ_mgf1 OBJ_pkcs1,8L
#define SN_pSpecified "PSPECIFIED"
#define LN_pSpecified "pSpecified"
#define NID_pSpecified 935
#define OBJ_pSpecified OBJ_pkcs1,9L
#define SN_rsassaPss "RSASSA-PSS"
#define LN_rsassaPss "rsassaPss"
#define NID_rsassaPss 912
#define OBJ_rsassaPss OBJ_pkcs1,10L
#define SN_sha256WithRSAEncryption "RSA-SHA256"
#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption"
#define NID_sha256WithRSAEncryption 668
@ -981,6 +1001,10 @@
#define NID_id_smime_alg_CMSRC2wrap 247
#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L
#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK"
#define NID_id_alg_PWRI_KEK 893
#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L
#define SN_id_smime_cd_ldap "id-smime-cd-ldap"
#define NID_id_smime_cd_ldap 248
#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L
@ -2399,6 +2423,11 @@
#define NID_no_rev_avail 403
#define OBJ_no_rev_avail OBJ_id_ce,56L
#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage"
#define LN_anyExtendedKeyUsage "Any Extended Key Usage"
#define NID_anyExtendedKeyUsage 910
#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L
#define SN_netscape "Netscape"
#define LN_netscape "Netscape Communications Corp."
#define NID_netscape 57
@ -2586,6 +2615,24 @@
#define NID_aes_128_cfb128 421
#define OBJ_aes_128_cfb128 OBJ_aes,4L
#define SN_id_aes128_wrap "id-aes128-wrap"
#define NID_id_aes128_wrap 788
#define OBJ_id_aes128_wrap OBJ_aes,5L
#define SN_aes_128_gcm "id-aes128-GCM"
#define LN_aes_128_gcm "aes-128-gcm"
#define NID_aes_128_gcm 895
#define OBJ_aes_128_gcm OBJ_aes,6L
#define SN_aes_128_ccm "id-aes128-CCM"
#define LN_aes_128_ccm "aes-128-ccm"
#define NID_aes_128_ccm 896
#define OBJ_aes_128_ccm OBJ_aes,7L
#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad"
#define NID_id_aes128_wrap_pad 897
#define OBJ_id_aes128_wrap_pad OBJ_aes,8L
#define SN_aes_192_ecb "AES-192-ECB"
#define LN_aes_192_ecb "aes-192-ecb"
#define NID_aes_192_ecb 422
@ -2606,6 +2653,24 @@
#define NID_aes_192_cfb128 425
#define OBJ_aes_192_cfb128 OBJ_aes,24L
#define SN_id_aes192_wrap "id-aes192-wrap"
#define NID_id_aes192_wrap 789
#define OBJ_id_aes192_wrap OBJ_aes,25L
#define SN_aes_192_gcm "id-aes192-GCM"
#define LN_aes_192_gcm "aes-192-gcm"
#define NID_aes_192_gcm 898
#define OBJ_aes_192_gcm OBJ_aes,26L
#define SN_aes_192_ccm "id-aes192-CCM"
#define LN_aes_192_ccm "aes-192-ccm"
#define NID_aes_192_ccm 899
#define OBJ_aes_192_ccm OBJ_aes,27L
#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad"
#define NID_id_aes192_wrap_pad 900
#define OBJ_id_aes192_wrap_pad OBJ_aes,28L
#define SN_aes_256_ecb "AES-256-ECB"
#define LN_aes_256_ecb "aes-256-ecb"
#define NID_aes_256_ecb 426
@ -2626,6 +2691,24 @@
#define NID_aes_256_cfb128 429
#define OBJ_aes_256_cfb128 OBJ_aes,44L
#define SN_id_aes256_wrap "id-aes256-wrap"
#define NID_id_aes256_wrap 790
#define OBJ_id_aes256_wrap OBJ_aes,45L
#define SN_aes_256_gcm "id-aes256-GCM"
#define LN_aes_256_gcm "aes-256-gcm"
#define NID_aes_256_gcm 901
#define OBJ_aes_256_gcm OBJ_aes,46L
#define SN_aes_256_ccm "id-aes256-CCM"
#define LN_aes_256_ccm "aes-256-ccm"
#define NID_aes_256_ccm 902
#define OBJ_aes_256_ccm OBJ_aes,47L
#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad"
#define NID_id_aes256_wrap_pad 903
#define OBJ_id_aes256_wrap_pad OBJ_aes,48L
#define SN_aes_128_cfb1 "AES-128-CFB1"
#define LN_aes_128_cfb1 "aes-128-cfb1"
#define NID_aes_128_cfb1 650
@ -2650,6 +2733,26 @@
#define LN_aes_256_cfb8 "aes-256-cfb8"
#define NID_aes_256_cfb8 655
#define SN_aes_128_ctr "AES-128-CTR"
#define LN_aes_128_ctr "aes-128-ctr"
#define NID_aes_128_ctr 904
#define SN_aes_192_ctr "AES-192-CTR"
#define LN_aes_192_ctr "aes-192-ctr"
#define NID_aes_192_ctr 905
#define SN_aes_256_ctr "AES-256-CTR"
#define LN_aes_256_ctr "aes-256-ctr"
#define NID_aes_256_ctr 906
#define SN_aes_128_xts "AES-128-XTS"
#define LN_aes_128_xts "aes-128-xts"
#define NID_aes_128_xts 913
#define SN_aes_256_xts "AES-256-XTS"
#define LN_aes_256_xts "aes-256-xts"
#define NID_aes_256_xts 914
#define SN_des_cfb1 "DES-CFB1"
#define LN_des_cfb1 "des-cfb1"
#define NID_des_cfb1 656
@ -2666,18 +2769,6 @@
#define LN_des_ede3_cfb8 "des-ede3-cfb8"
#define NID_des_ede3_cfb8 659
#define SN_id_aes128_wrap "id-aes128-wrap"
#define NID_id_aes128_wrap 788
#define OBJ_id_aes128_wrap OBJ_aes,5L
#define SN_id_aes192_wrap "id-aes192-wrap"
#define NID_id_aes192_wrap 789
#define OBJ_id_aes192_wrap OBJ_aes,25L
#define SN_id_aes256_wrap "id-aes256-wrap"
#define NID_id_aes256_wrap 790
#define OBJ_id_aes256_wrap OBJ_aes,45L
#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L
#define SN_sha256 "SHA256"
@ -3810,6 +3901,18 @@
#define NID_camellia_256_cbc 753
#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L
#define SN_id_camellia128_wrap "id-camellia128-wrap"
#define NID_id_camellia128_wrap 907
#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L
#define SN_id_camellia192_wrap "id-camellia192-wrap"
#define NID_id_camellia192_wrap 908
#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L
#define SN_id_camellia256_wrap "id-camellia256-wrap"
#define NID_id_camellia256_wrap 909
#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L
#define OBJ_ntt_ds 0L,3L,4401L,5L
#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L
@ -3911,3 +4014,181 @@
#define SN_hmac "HMAC"
#define LN_hmac "hmac"
#define NID_hmac 855
#define SN_cmac "CMAC"
#define LN_cmac "cmac"
#define NID_cmac 894
#define SN_rc4_hmac_md5 "RC4-HMAC-MD5"
#define LN_rc4_hmac_md5 "rc4-hmac-md5"
#define NID_rc4_hmac_md5 915
#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1"
#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1"
#define NID_aes_128_cbc_hmac_sha1 916
#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1"
#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1"
#define NID_aes_192_cbc_hmac_sha1 917
#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1"
#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1"
#define NID_aes_256_cbc_hmac_sha1 918
#define SN_aes_128_cbc_hmac_sha256 "AES-128-CBC-HMAC-SHA256"
#define LN_aes_128_cbc_hmac_sha256 "aes-128-cbc-hmac-sha256"
#define NID_aes_128_cbc_hmac_sha256 948
#define SN_aes_192_cbc_hmac_sha256 "AES-192-CBC-HMAC-SHA256"
#define LN_aes_192_cbc_hmac_sha256 "aes-192-cbc-hmac-sha256"
#define NID_aes_192_cbc_hmac_sha256 949
#define SN_aes_256_cbc_hmac_sha256 "AES-256-CBC-HMAC-SHA256"
#define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256"
#define NID_aes_256_cbc_hmac_sha256 950
#define SN_dhpublicnumber "dhpublicnumber"
#define LN_dhpublicnumber "X9.42 DH"
#define NID_dhpublicnumber 920
#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L
#define SN_brainpoolP160r1 "brainpoolP160r1"
#define NID_brainpoolP160r1 921
#define OBJ_brainpoolP160r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,1L
#define SN_brainpoolP160t1 "brainpoolP160t1"
#define NID_brainpoolP160t1 922
#define OBJ_brainpoolP160t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,2L
#define SN_brainpoolP192r1 "brainpoolP192r1"
#define NID_brainpoolP192r1 923
#define OBJ_brainpoolP192r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,3L
#define SN_brainpoolP192t1 "brainpoolP192t1"
#define NID_brainpoolP192t1 924
#define OBJ_brainpoolP192t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,4L
#define SN_brainpoolP224r1 "brainpoolP224r1"
#define NID_brainpoolP224r1 925
#define OBJ_brainpoolP224r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,5L
#define SN_brainpoolP224t1 "brainpoolP224t1"
#define NID_brainpoolP224t1 926
#define OBJ_brainpoolP224t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,6L
#define SN_brainpoolP256r1 "brainpoolP256r1"
#define NID_brainpoolP256r1 927
#define OBJ_brainpoolP256r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
#define SN_brainpoolP256t1 "brainpoolP256t1"
#define NID_brainpoolP256t1 928
#define OBJ_brainpoolP256t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
#define SN_brainpoolP320r1 "brainpoolP320r1"
#define NID_brainpoolP320r1 929
#define OBJ_brainpoolP320r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,9L
#define SN_brainpoolP320t1 "brainpoolP320t1"
#define NID_brainpoolP320t1 930
#define OBJ_brainpoolP320t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,10L
#define SN_brainpoolP384r1 "brainpoolP384r1"
#define NID_brainpoolP384r1 931
#define OBJ_brainpoolP384r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
#define SN_brainpoolP384t1 "brainpoolP384t1"
#define NID_brainpoolP384t1 932
#define OBJ_brainpoolP384t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
#define SN_brainpoolP512r1 "brainpoolP512r1"
#define NID_brainpoolP512r1 933
#define OBJ_brainpoolP512r1 1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
#define SN_brainpoolP512t1 "brainpoolP512t1"
#define NID_brainpoolP512t1 934
#define OBJ_brainpoolP512t1 1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L
#define OBJ_secg_scheme OBJ_certicom_arc,1L
#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme"
#define NID_dhSinglePass_stdDH_sha1kdf_scheme 936
#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L
#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme"
#define NID_dhSinglePass_stdDH_sha224kdf_scheme 937
#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L
#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme"
#define NID_dhSinglePass_stdDH_sha256kdf_scheme 938
#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L
#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme"
#define NID_dhSinglePass_stdDH_sha384kdf_scheme 939
#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L
#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme"
#define NID_dhSinglePass_stdDH_sha512kdf_scheme 940
#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L
#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme"
#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 941
#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L
#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme"
#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 942
#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L
#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme"
#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 943
#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L
#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme"
#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 944
#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L
#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme"
#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 945
#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L
#define SN_dh_std_kdf "dh-std-kdf"
#define NID_dh_std_kdf 946
#define SN_dh_cofactor_kdf "dh-cofactor-kdf"
#define NID_dh_cofactor_kdf 947
#define SN_ct_precert_scts "ct_precert_scts"
#define LN_ct_precert_scts "CT Precertificate SCTs"
#define NID_ct_precert_scts 951
#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L
#define SN_ct_precert_poison "ct_precert_poison"
#define LN_ct_precert_poison "CT Precertificate Poison"
#define NID_ct_precert_poison 952
#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L
#define SN_ct_precert_signer "ct_precert_signer"
#define LN_ct_precert_signer "CT Precertificate Signer"
#define NID_ct_precert_signer 953
#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L
#define SN_ct_cert_scts "ct_cert_scts"
#define LN_ct_cert_scts "CT Certificate SCTs"
#define NID_ct_cert_scts 954
#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L
#define SN_jurisdictionLocalityName "jurisdictionL"
#define LN_jurisdictionLocalityName "jurisdictionLocalityName"
#define NID_jurisdictionLocalityName 955
#define OBJ_jurisdictionLocalityName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
#define SN_jurisdictionStateOrProvinceName "jurisdictionST"
#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName"
#define NID_jurisdictionStateOrProvinceName 956
#define OBJ_jurisdictionStateOrProvinceName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
#define SN_jurisdictionCountryName "jurisdictionC"
#define LN_jurisdictionCountryName "jurisdictionCountryName"
#define NID_jurisdictionCountryName 957
#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L

98
Cryptlib/Include/openssl/objects.h
View File

@ -1015,11 +1015,91 @@ int OBJ_txt2nid(const char *s);
int OBJ_ln2nid(const char *s);
int OBJ_sn2nid(const char *s);
int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
int (*cmp) (const void *, const void *));
const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
int size, int (*cmp) (const void *, const void *),
int flags);
const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
int (*cmp) (const void *, const void *));
const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
int size,
int (*cmp) (const void *, const void *),
int flags);
# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \
static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
static int nm##_cmp(type1 const *, type2 const *); \
scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \
_DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \
type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
/*-
* Unsolved problem: if a type is actually a pointer type, like
* nid_triple is, then its impossible to get a const where you need
* it. Consider:
*
* typedef int nid_triple[3];
* const void *a_;
* const nid_triple const *a = a_;
*
* The assignement discards a const because what you really want is:
*
* const int const * const *a = a_;
*
* But if you do that, you lose the fact that a is an array of 3 ints,
* which breaks comparison functions.
*
* Thus we end up having to cast, sadly, or unpack the
* declarations. Or, as I finally did in this case, delcare nid_triple
* to be a struct, which it should have been in the first place.
*
* Ben, August 2008.
*
* Also, strictly speaking not all types need be const, but handling
* the non-constness means a lot of complication, and in practice
* comparison routines do always not touch their arguments.
*/
# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \
static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \
{ \
type1 const *a = a_; \
type2 const *b = b_; \
return nm##_cmp(a,b); \
} \
static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
{ \
return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
nm##_cmp_BSEARCH_CMP_FN); \
} \
extern void dummy_prototype(void)
# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \
static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \
{ \
type1 const *a = a_; \
type2 const *b = b_; \
return nm##_cmp(a,b); \
} \
type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
{ \
return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
nm##_cmp_BSEARCH_CMP_FN); \
} \
extern void dummy_prototype(void)
# define OBJ_bsearch(type1,key,type2,base,num,cmp) \
((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
num,sizeof(type2), \
((void)CHECKED_PTR_OF(type1,cmp##_type_1), \
(void)CHECKED_PTR_OF(type2,cmp##_type_2), \
cmp##_BSEARCH_CMP_FN)))
# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \
((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
num,sizeof(type2), \
((void)CHECKED_PTR_OF(type1,cmp##_type_1), \
(void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
cmp##_BSEARCH_CMP_FN)),flags)
int OBJ_new_nid(int num);
int OBJ_add_object(const ASN1_OBJECT *obj);
@ -1027,6 +1107,14 @@ int OBJ_create(const char *oid, const char *sn, const char *ln);
void OBJ_cleanup(void);
int OBJ_create_objects(BIO *in);
int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
void OBJ_sigid_free(void);
extern int obj_cleanup_defer;
void check_defer(int nid);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes

39
Cryptlib/Include/openssl/ocsp.h
View File

@ -67,6 +67,7 @@
#ifndef HEADER_OCSP_H
# define HEADER_OCSP_H
# include <openssl/ossl_typ.h>
# include <openssl/x509.h>
# include <openssl/x509v3.h>
# include <openssl/safestack.h>
@ -387,17 +388,31 @@ typedef struct ocsp_service_locator_st {
# define ASN1_BIT_STRING_digest(data,type,md,len) \
ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
# define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
# define OCSP_CERTSTATUS_dup(cs)\
(OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
(char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
int maxline);
int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline);
void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
ASN1_VALUE *val);
int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,
const ASN1_ITEM *it);
BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
ASN1_VALUE *val);
int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path);
int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
const char *name, const char *value);
OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
@ -443,7 +458,7 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
X509_STORE *store, unsigned long flags);
int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath,
int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
int *pssl);
int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
@ -468,11 +483,6 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
STACK_OF(X509) *certs, unsigned long flags);
ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
void *data, STACK_OF(ASN1_OBJECT) *sk);
# define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
X509_EXTENSION *OCSP_accept_responses_new(char **oids);
@ -549,9 +559,9 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
char *OCSP_response_status_str(long s);
char *OCSP_cert_status_str(long s);
char *OCSP_crl_reason_str(long s);
const char *OCSP_response_status_str(long s);
const char *OCSP_cert_status_str(long s);
const char *OCSP_crl_reason_str(long s);
int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags);
int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags);
@ -585,7 +595,8 @@ void ERR_load_OCSP_strings(void);
# define OCSP_F_OCSP_REQUEST_VERIFY 116
# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
# define OCSP_F_OCSP_SENDREQ_BIO 112
# define OCSP_F_PARSE_HTTP_LINE1 117
# define OCSP_F_OCSP_SENDREQ_NBIO 117
# define OCSP_F_PARSE_HTTP_LINE1 118
# define OCSP_F_REQUEST_VERIFY 113
/* Reason codes. */

92
Cryptlib/Include/openssl/opensslconf.h
View File

@ -1,18 +1,15 @@
/* opensslconf.h */
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
#ifdef __cplusplus
extern "C" {
#endif
/* OpenSSL was configured with the following options: */
#ifndef OPENSSL_DOING_MAKEDEPEND
#ifndef OPENSSL_NO_CAMELLIA
# define OPENSSL_NO_CAMELLIA
#endif
#ifndef OPENSSL_NO_CAPIENG
# define OPENSSL_NO_CAPIENG
#endif
#ifndef OPENSSL_NO_CMS
# define OPENSSL_NO_CMS
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
# define OPENSSL_NO_EC_NISTP_64_GCC_128
#endif
#ifndef OPENSSL_NO_GMP
# define OPENSSL_NO_GMP
@ -23,8 +20,11 @@
#ifndef OPENSSL_NO_KRB5
# define OPENSSL_NO_KRB5
#endif
#ifndef OPENSSL_NO_MDC2
# define OPENSSL_NO_MDC2
#ifndef OPENSSL_NO_LIBUNBOUND
# define OPENSSL_NO_LIBUNBOUND
#endif
#ifndef OPENSSL_NO_MD2
# define OPENSSL_NO_MD2
#endif
#ifndef OPENSSL_NO_RC5
# define OPENSSL_NO_RC5
@ -32,8 +32,17 @@
#ifndef OPENSSL_NO_RFC3779
# define OPENSSL_NO_RFC3779
#endif
#ifndef OPENSSL_NO_SEED
# define OPENSSL_NO_SEED
#ifndef OPENSSL_NO_SCTP
# define OPENSSL_NO_SCTP
#endif
#ifndef OPENSSL_NO_SSL_TRACE
# define OPENSSL_NO_SSL_TRACE
#endif
#ifndef OPENSSL_NO_STORE
# define OPENSSL_NO_STORE
#endif
#ifndef OPENSSL_NO_UNIT_TEST
# define OPENSSL_NO_UNIT_TEST
#endif
#endif /* OPENSSL_DOING_MAKEDEPEND */
@ -47,14 +56,8 @@
who haven't had the time to do the appropriate changes in their
applications. */
#ifdef OPENSSL_ALGORITHM_DEFINES
# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
# define NO_CAMELLIA
# endif
# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
# define NO_CAPIENG
# endif
# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
# define NO_CMS
# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
# define NO_EC_NISTP_64_GCC_128
# endif
# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
# define NO_GMP
@ -65,8 +68,11 @@
# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
# define NO_KRB5
# endif
# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
# define NO_MDC2
# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)
# define NO_LIBUNBOUND
# endif
# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
# define NO_MD2
# endif
# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
# define NO_RC5
@ -74,28 +80,22 @@
# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
# define NO_RFC3779
# endif
# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
# define NO_SEED
# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
# define NO_SCTP
# endif
# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
# define NO_SSL_TRACE
# endif
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
# define NO_STORE
# endif
# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
# define NO_UNIT_TEST
# endif
#endif
/* crypto/opensslconf.h.in */
#ifdef OPENSSL_DOING_MAKEDEPEND
/* Include any symbols here that have to be explicitly set to enable a feature
* that should be visible to makedepend.
*
* [Our "make depend" doesn't actually look at this, we use actual build settings
* instead; we want to make it easy to remove subdirectories with disabled algorithms.]
*/
#ifndef OPENSSL_FIPS
#define OPENSSL_FIPS
#endif
#endif
/* Generate 80386 code? */
#undef I386_ONLY
@ -159,19 +159,12 @@
/* Should we define BN_DIV2W here? */
/* Only one for the following should be defined */
/* The prime number generation stuff may not work when
* EIGHT_BIT but I don't care since I've only used this mode
* for debuging the bignum libraries */
/* Bypass following definition for UEFI version. */
/* Bypass the following definitions for UEFI version. */
#if !defined(OPENSSL_SYS_UEFI)
#undef SIXTY_FOUR_BIT_LONG
#undef SIXTY_FOUR_BIT
#define THIRTY_TWO_BIT
#undef SIXTEEN_BIT
#undef EIGHT_BIT
#endif
#endif
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
@ -207,7 +200,7 @@
#endif
#if defined(DES_RISC1) && defined(DES_RISC2)
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
@ -258,3 +251,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif /* DES_DEFAULT_OPTIONS */
#endif /* HEADER_DES_LOCL_H */
#ifdef __cplusplus
}
#endif

16
Cryptlib/Include/openssl/opensslv.h
View File

@ -1,6 +1,10 @@
#ifndef HEADER_OPENSSLV_H
# define HEADER_OPENSSLV_H
#ifdef __cplusplus
extern "C" {
#endif
/*-
* Numeric release version identifier:
* MNNFFPPS: major minor fix patch status
@ -26,11 +30,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x009081ffL
# define OPENSSL_VERSION_NUMBER 0x1000204fL
# ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-fips 19 Mar 2015"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d-fips 9 Jul 2015"
# else
# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf 19 Mar 2015"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2d 9 Jul 2015"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
@ -84,6 +88,10 @@
* should only keep the versions that are binary compatible with the current.
*/
# define SHLIB_VERSION_HISTORY ""
# define SHLIB_VERSION_NUMBER "0.9.8"
# define SHLIB_VERSION_NUMBER "1.0.0"
#ifdef __cplusplus
}
#endif
#endif /* HEADER_OPENSSLV_H */

32
Cryptlib/Include/openssl/ossl_typ.h
View File

@ -55,6 +55,10 @@
#ifndef HEADER_OPENSSL_TYPES_H
# define HEADER_OPENSSL_TYPES_H
#ifdef __cplusplus
extern "C" {
#endif
# include <openssl/e_os2.h>
# ifdef NO_ASN1_TYPEDEFS
@ -91,10 +95,16 @@ typedef struct asn1_string_st ASN1_TIME;
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
typedef struct asn1_string_st ASN1_VISIBLESTRING;
typedef struct asn1_string_st ASN1_UTF8STRING;
typedef struct asn1_string_st ASN1_STRING;
typedef int ASN1_BOOLEAN;
typedef int ASN1_NULL;
# endif
typedef struct asn1_object_st ASN1_OBJECT;
typedef struct ASN1_ITEM_st ASN1_ITEM;
typedef struct asn1_pctx_st ASN1_PCTX;
# ifdef OPENSSL_SYS_WIN32
# undef X509_NAME
# undef X509_EXTENSIONS
@ -122,6 +132,11 @@ typedef struct env_md_st EVP_MD;
typedef struct env_md_ctx_st EVP_MD_CTX;
typedef struct evp_pkey_st EVP_PKEY;
typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
typedef struct dh_st DH;
typedef struct dh_method DH_METHOD;
@ -139,11 +154,14 @@ typedef struct ecdsa_method ECDSA_METHOD;
typedef struct x509_st X509;
typedef struct X509_algor_st X509_ALGOR;
typedef struct X509_crl_st X509_CRL;
typedef struct x509_crl_method_st X509_CRL_METHOD;
typedef struct x509_revoked_st X509_REVOKED;
typedef struct X509_name_st X509_NAME;
typedef struct X509_pubkey_st X509_PUBKEY;
typedef struct x509_store_st X509_STORE;
typedef struct x509_store_ctx_st X509_STORE_CTX;
typedef struct ssl_st SSL;
typedef struct ssl_ctx_st SSL_CTX;
typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
typedef struct v3_ext_ctx X509V3_CTX;
typedef struct conf_st CONF;
@ -157,12 +175,19 @@ typedef struct ui_method_st UI_METHOD;
typedef struct st_ERR_FNS ERR_FNS;
typedef struct engine_st ENGINE;
typedef struct ssl_st SSL;
typedef struct ssl_ctx_st SSL_CTX;
typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
typedef struct DIST_POINT_st DIST_POINT;
typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
/* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
# define DECLARE_PKCS12_STACK_OF(type)/* Nothing */
# define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */
@ -180,4 +205,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
typedef struct ocsp_response_st OCSP_RESPONSE;
typedef struct ocsp_responder_id_st OCSP_RESPID;
#ifdef __cplusplus
}
#endif
#endif /* def HEADER_OPENSSL_TYPES_H */

274
Cryptlib/Include/openssl/pem.h
View File

@ -129,11 +129,13 @@ extern "C" {
# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
# define PEM_STRING_PKCS8INF "PRIVATE KEY"
# define PEM_STRING_DHPARAMS "DH PARAMETERS"
# define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS"
# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
# define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
# define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
# define PEM_STRING_PARAMETERS "PARAMETERS"
# define PEM_STRING_CMS "CMS"
/*
@ -180,12 +182,9 @@ typedef struct pem_ctx_st {
int num_recipient;
PEM_USER **recipient;
# ifndef OPENSSL_NO_STACK
STACK *x509_chain; /* certificate chain */
# else
char *x509_chain; /* certificate chain */
# endif
/*-
XXX(ben): don#t think this is used!
STACK *x509_chain; / * certificate chain */
EVP_MD *md; /* signature type */
int md_enc; /* is the md encrypted or not? */
@ -222,28 +221,19 @@ typedef struct pem_ctx_st {
# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
{ \
return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \
str, fp, \
CHECKED_PPTR_OF(type, x), \
cb, u); \
return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
}
# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
int PEM_write_##name(FILE *fp, type *x) \
{ \
return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
str, fp, \
CHECKED_PTR_OF(type, x), \
NULL, NULL, 0, NULL, NULL); \
return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
}
# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
int PEM_write_##name(FILE *fp, const type *x) \
{ \
return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
str, fp, \
CHECKED_PTR_OF(const type, x), \
NULL, NULL, 0, NULL, NULL); \
return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
}
# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
@ -251,10 +241,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
unsigned char *kstr, int klen, pem_password_cb *cb, \
void *u) \
{ \
return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
str, fp, \
CHECKED_PTR_OF(type, x), \
enc, kstr, klen, cb, u); \
return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
}
# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
@ -262,10 +249,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
unsigned char *kstr, int klen, pem_password_cb *cb, \
void *u) \
{ \
return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
str, fp, \
CHECKED_PTR_OF(const type, x), \
enc, kstr, klen, cb, u); \
return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
}
# endif
@ -273,48 +257,33 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
{ \
return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \
str, bp, \
CHECKED_PPTR_OF(type, x), \
cb, u); \
return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
}
# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, type *x) \
{ \
return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
str, bp, \
CHECKED_PTR_OF(type, x), \
NULL, NULL, 0, NULL, NULL); \
return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
}
# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, const type *x) \
{ \
return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
str, bp, \
CHECKED_PTR_OF(const type, x), \
NULL, NULL, 0, NULL, NULL); \
return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
}
# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
{ \
return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
str, bp, \
CHECKED_PTR_OF(type, x), \
enc, kstr, klen, cb, u); \
return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
}
# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
{ \
return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
str, bp, \
CHECKED_PTR_OF(const type, x), \
enc, kstr, klen, cb, u); \
return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
}
# define IMPLEMENT_PEM_write(name, type, str, asn1) \
@ -351,7 +320,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
/* These are the same except they are for the declarations */
# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)
# if defined(OPENSSL_NO_FP_API)
# define DECLARE_PEM_read_fp(name, type) /**/
# define DECLARE_PEM_write_fp(name, type) /**/
@ -416,127 +385,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
# define DECLARE_PEM_rw_cb(name, type) \
DECLARE_PEM_read(name, type) \
DECLARE_PEM_write_cb(name, type)
# ifdef SSLEAY_MACROS
# define PEM_write_SSL_SESSION(fp,x) \
PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
# define PEM_write_X509(fp,x) \
PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
(char *)x, NULL,NULL,0,NULL,NULL)
# define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
NULL,NULL,0,NULL,NULL)
# define PEM_write_X509_CRL(fp,x) \
PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
fp,(char *)x, NULL,NULL,0,NULL,NULL)
# define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
(char *)x,enc,kstr,klen,cb,u)
# define PEM_write_RSAPublicKey(fp,x) \
PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
# define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
(char *)x,enc,kstr,klen,cb,u)
# define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
PEM_ASN1_write((int (*)())i2d_PrivateKey,\
(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
bp,(char *)x,enc,kstr,klen,cb,u)
# define PEM_write_PKCS7(fp,x) \
PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
(char *)x, NULL,NULL,0,NULL,NULL)
# define PEM_write_DHparams(fp,x) \
PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
(char *)x,NULL,NULL,0,NULL,NULL)
# define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
PEM_STRING_X509,fp, \
(char *)x, NULL,NULL,0,NULL,NULL)
# define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
# define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
(char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
# define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
# define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
# define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
# define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
# define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
# define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
# define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
# define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
# define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
(char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
(char **)x,cb,u)
# define PEM_write_bio_X509(bp,x) \
PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
(char *)x, NULL,NULL,0,NULL,NULL)
# define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
NULL,NULL,0,NULL,NULL)
# define PEM_write_bio_X509_CRL(bp,x) \
PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
bp,(char *)x, NULL,NULL,0,NULL,NULL)
# define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
bp,(char *)x,enc,kstr,klen,cb,u)
# define PEM_write_bio_RSAPublicKey(bp,x) \
PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
PEM_STRING_RSA_PUBLIC,\
bp,(char *)x,NULL,NULL,0,NULL,NULL)
# define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
bp,(char *)x,enc,kstr,klen,cb,u)
# define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
bp,(char *)x,enc,kstr,klen,cb,u)
# define PEM_write_bio_PKCS7(bp,x) \
PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
(char *)x, NULL,NULL,0,NULL,NULL)
# define PEM_write_bio_DHparams(bp,x) \
PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
bp,(char *)x,NULL,NULL,0,NULL,NULL)
# define PEM_write_bio_DSAparams(bp,x) \
PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
PEM_STRING_X509,bp, \
(char *)x, NULL,NULL,0,NULL,NULL)
# define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
(char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
# define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
# define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
# define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
# define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
# define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
# define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
# define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
# define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
# define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
(char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
(char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
(char **)x,cb,u)
# endif
# if 1
/* "userdata": new with OpenSSL 0.9.4 */
typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata);
@ -552,30 +400,17 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
# ifndef OPENSSL_NO_BIO
int PEM_read_bio(BIO *bp, char **name, char **header,
unsigned char **data, long *len);
int PEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data,
long len);
int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
const unsigned char *data, long len);
int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
const char *name, BIO *bp, pem_password_cb *cb,
void *u);
void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
pem_password_cb *cb, void *u);
# define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \
((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \
name, bp, \
CHECKED_PPTR_OF(type, x), \
cb, u))
int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, char *x,
int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
const EVP_CIPHER *enc, unsigned char *kstr, int klen,
pem_password_cb *cb, void *u);
# define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \
(PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \
name, bp, \
CHECKED_PTR_OF(type, x), \
enc, kstr, klen, cb, u))
STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
pem_password_cb *cb, void *u);
int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
@ -583,18 +418,17 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
pem_password_cb *cd, void *u);
# endif
# ifndef OPENSSL_SYS_WIN16
int PEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
int PEM_write(FILE *fp, char *name, char *hdr, unsigned char *data, long len);
int PEM_write(FILE *fp, const char *name, const char *hdr,
const unsigned char *data, long len);
void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
pem_password_cb *cb, void *u);
int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
char *x, const EVP_CIPHER *enc, unsigned char *kstr,
void *x, const EVP_CIPHER *enc, unsigned char *kstr,
int klen, pem_password_cb *callback, void *u);
STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
pem_password_cb *cb, void *u);
# endif
int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
EVP_MD *md_type, unsigned char **ek, int *ekl,
@ -613,9 +447,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key);
void PEM_proc_type(char *buf, int type);
void PEM_dek_info(char *buf, const char *type, int len, char *str);
# ifndef SSLEAY_MACROS
# include <openssl/symhacks.h>
# include <openssl/symhacks.h>
DECLARE_PEM_rw(X509, X509)
DECLARE_PEM_rw(X509_AUX, X509)
@ -627,24 +459,25 @@ DECLARE_PEM_rw(PKCS7, PKCS7)
DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
DECLARE_PEM_rw(PKCS8, X509_SIG)
DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
# ifndef OPENSSL_NO_RSA
# ifndef OPENSSL_NO_RSA
DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
DECLARE_PEM_rw_const(RSAPublicKey, RSA)
DECLARE_PEM_rw(RSA_PUBKEY, RSA)
# endif
# ifndef OPENSSL_NO_DSA
# endif
# ifndef OPENSSL_NO_DSA
DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
DECLARE_PEM_rw(DSA_PUBKEY, DSA)
DECLARE_PEM_rw_const(DSAparams, DSA)
# endif
# ifndef OPENSSL_NO_EC
# endif
# ifndef OPENSSL_NO_EC
DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
# endif
# ifndef OPENSSL_NO_DH
# endif
# ifndef OPENSSL_NO_DH
DECLARE_PEM_rw_const(DHparams, DH)
# endif
DECLARE_PEM_write_const(DHxparams, DH)
# endif
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
@ -679,7 +512,20 @@ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cd,
void *u);
# endif /* SSLEAY_MACROS */
EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
EVP_PKEY *b2i_PublicKey_bio(BIO *in);
int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
# ifndef OPENSSL_NO_RC4
EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
pem_password_cb *cb, void *u);
# endif
/* BEGIN ERROR CODES */
/*
@ -691,10 +537,22 @@ void ERR_load_PEM_strings(void);
/* Error codes for the PEM functions. */
/* Function codes. */
# define PEM_F_B2I_DSS 127
# define PEM_F_B2I_PVK_BIO 128
# define PEM_F_B2I_RSA 129
# define PEM_F_CHECK_BITLEN_DSA 130
# define PEM_F_CHECK_BITLEN_RSA 131
# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120
# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121
# define PEM_F_DO_B2I 132
# define PEM_F_DO_B2I_BIO 133
# define PEM_F_DO_BLOB_HEADER 134
# define PEM_F_DO_PK8PKEY 126
# define PEM_F_DO_PK8PKEY_FP 125
# define PEM_F_DO_PVK_BODY 135
# define PEM_F_DO_PVK_HEADER 136
# define PEM_F_I2B_PVK 137
# define PEM_F_I2B_PVK_BIO 138
# define PEM_F_LOAD_IV 101
# define PEM_F_PEM_ASN1_READ 102
# define PEM_F_PEM_ASN1_READ_BIO 103
@ -707,13 +565,17 @@ void ERR_load_PEM_strings(void);
# define PEM_F_PEM_PK8PKEY 119
# define PEM_F_PEM_READ 108
# define PEM_F_PEM_READ_BIO 109
# define PEM_F_PEM_READ_BIO_DHPARAMS 141
# define PEM_F_PEM_READ_BIO_PARAMETERS 140
# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123
# define PEM_F_PEM_READ_DHPARAMS 142
# define PEM_F_PEM_READ_PRIVATEKEY 124
# define PEM_F_PEM_SEALFINAL 110
# define PEM_F_PEM_SEALINIT 111
# define PEM_F_PEM_SIGNFINAL 112
# define PEM_F_PEM_WRITE 113
# define PEM_F_PEM_WRITE_BIO 114
# define PEM_F_PEM_WRITE_PRIVATEKEY 139
# define PEM_F_PEM_X509_INFO_READ 115
# define PEM_F_PEM_X509_INFO_READ_BIO 116
# define PEM_F_PEM_X509_INFO_WRITE_BIO 117
@ -723,18 +585,30 @@ void ERR_load_PEM_strings(void);
# define PEM_R_BAD_DECRYPT 101
# define PEM_R_BAD_END_LINE 102
# define PEM_R_BAD_IV_CHARS 103
# define PEM_R_BAD_MAGIC_NUMBER 116
# define PEM_R_BAD_PASSWORD_READ 104
# define PEM_R_BAD_VERSION_NUMBER 117
# define PEM_R_BIO_WRITE_FAILURE 118
# define PEM_R_CIPHER_IS_NULL 127
# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115
# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119
# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120
# define PEM_R_INCONSISTENT_HEADER 121
# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122
# define PEM_R_KEYBLOB_TOO_SHORT 123
# define PEM_R_NOT_DEK_INFO 105
# define PEM_R_NOT_ENCRYPTED 106
# define PEM_R_NOT_PROC_TYPE 107
# define PEM_R_NO_START_LINE 108
# define PEM_R_PROBLEMS_GETTING_PASSWORD 109
# define PEM_R_PUBLIC_KEY_NO_RSA 110
# define PEM_R_PVK_DATA_TOO_SHORT 124
# define PEM_R_PVK_TOO_SHORT 125
# define PEM_R_READ_KEY 111
# define PEM_R_SHORT_HEADER 112
# define PEM_R_UNSUPPORTED_CIPHER 113
# define PEM_R_UNSUPPORTED_ENCRYPTION 114
# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126
#ifdef __cplusplus
}

10
Cryptlib/Include/openssl/pkcs12.h
View File

@ -111,7 +111,7 @@ typedef struct {
PKCS7 *authsafes;
} PKCS12;
PREDECLARE_STACK_OF(PKCS12_SAFEBAG) typedef struct {
typedef struct {
ASN1_OBJECT *type;
union {
struct pkcs12_bag_st *bag; /* secret, crl and certbag */
@ -239,16 +239,10 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
const EVP_MD *md_type);
int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
int saltlen, const EVP_MD *md_type);
# if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE)
/* Rename these functions to avoid name clashes on NetWare OS */
unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
unsigned char **uni, int *unilen);
char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
# else
unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni,
int *unilen);
char *uni2asc(unsigned char *uni, int unilen);
# endif
DECLARE_ASN1_FUNCTIONS(PKCS12)
DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)

61
Cryptlib/Include/openssl/pkcs7.h
View File

@ -215,7 +215,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
# define PKCS7_type_is_signedAndEnveloped(a) \
(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
# define PKCS7_set_detached(p,v) \
@ -225,14 +224,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
# ifdef SSLEAY_MACROS
# ifndef PKCS7_ISSUER_AND_SERIAL_digest
# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
(char *)data,md,len)
# endif
# endif
/* S/MIME related flags */
# define PKCS7_TEXT 0x1
@ -249,6 +240,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
# define PKCS7_CRLFEOL 0x800
# define PKCS7_STREAM 0x1000
# define PKCS7_NOCRL 0x2000
# define PKCS7_PARTIAL 0x4000
# define PKCS7_REUSE_DIGEST 0x8000
/* Flags: for compatibility with older code */
@ -264,18 +257,18 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
# ifndef SSLEAY_MACROS
int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
const EVP_MD *type, unsigned char *md,
unsigned int *len);
# ifndef OPENSSL_NO_FP_API
# ifndef OPENSSL_NO_FP_API
PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7);
int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7);
# endif
# endif
PKCS7 *PKCS7_dup(PKCS7 *p7);
PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7);
int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7);
# endif
int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
@ -291,6 +284,7 @@ DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
DECLARE_ASN1_PRINT_FUNCTION(PKCS7)
long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
@ -299,6 +293,7 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
const EVP_MD *dgst);
int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
@ -319,9 +314,13 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
X509_ALGOR **pdig, X509_ALGOR **psig);
void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc);
int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7);
PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
@ -338,6 +337,12 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
BIO *data, int flags);
PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7,
X509 *signcert, EVP_PKEY *pkey,
const EVP_MD *md, int flags);
int PKCS7_final(PKCS7 *p7, BIO *data, int flags);
int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
BIO *indata, BIO *out, int flags);
STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
@ -352,10 +357,15 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid);
int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t);
int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
const unsigned char *md, int mdlen);
int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
int SMIME_text(BIO *in, BIO *out);
BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
/* BEGIN ERROR CODES */
/*
@ -369,12 +379,17 @@ void ERR_load_PKCS7_strings(void);
/* Function codes. */
# define PKCS7_F_B64_READ_PKCS7 120
# define PKCS7_F_B64_WRITE_PKCS7 121
# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136
# define PKCS7_F_I2D_PKCS7_BIO_STREAM 140
# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135
# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118
# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100
# define PKCS7_F_PKCS7_ADD_CRL 101
# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102
# define PKCS7_F_PKCS7_ADD_SIGNATURE 131
# define PKCS7_F_PKCS7_ADD_SIGNER 103
# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125
# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138
# define PKCS7_F_PKCS7_CTRL 104
# define PKCS7_F_PKCS7_DATADECODE 112
# define PKCS7_F_PKCS7_DATAFINAL 128
@ -382,15 +397,22 @@ void ERR_load_PKCS7_strings(void);
# define PKCS7_F_PKCS7_DATASIGN 106
# define PKCS7_F_PKCS7_DATAVERIFY 107
# define PKCS7_F_PKCS7_DECRYPT 114
# define PKCS7_F_PKCS7_DECRYPT_RINFO 133
# define PKCS7_F_PKCS7_ENCODE_RINFO 132
# define PKCS7_F_PKCS7_ENCRYPT 115
# define PKCS7_F_PKCS7_FINAL 134
# define PKCS7_F_PKCS7_FIND_DIGEST 127
# define PKCS7_F_PKCS7_GET0_SIGNERS 124
# define PKCS7_F_PKCS7_RECIP_INFO_SET 130
# define PKCS7_F_PKCS7_SET_CIPHER 108
# define PKCS7_F_PKCS7_SET_CONTENT 109
# define PKCS7_F_PKCS7_SET_DIGEST 126
# define PKCS7_F_PKCS7_SET_TYPE 110
# define PKCS7_F_PKCS7_SIGN 116
# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113
# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129
# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139
# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137
# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119
# define PKCS7_F_PKCS7_VERIFY 117
# define PKCS7_F_SMIME_READ_PKCS7 122
@ -401,20 +423,26 @@ void ERR_load_PKCS7_strings(void);
# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144
# define PKCS7_R_CIPHER_NOT_INITIALIZED 116
# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118
# define PKCS7_R_CTRL_ERROR 152
# define PKCS7_R_DECODE_ERROR 130
# define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100
# define PKCS7_R_DECRYPT_ERROR 119
# define PKCS7_R_DIGEST_FAILURE 101
# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149
# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
# define PKCS7_R_ERROR_ADDING_RECIPIENT 120
# define PKCS7_R_ERROR_SETTING_CIPHER 121
# define PKCS7_R_INVALID_MIME_TYPE 131
# define PKCS7_R_INVALID_NULL_POINTER 143
# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155
# define PKCS7_R_MIME_NO_CONTENT_TYPE 132
# define PKCS7_R_MIME_PARSE_ERROR 133
# define PKCS7_R_MIME_SIG_PARSE_ERROR 134
# define PKCS7_R_MISSING_CERIPEND_INFO 103
# define PKCS7_R_NO_CONTENT 122
# define PKCS7_R_NO_CONTENT_TYPE 135
# define PKCS7_R_NO_DEFAULT_DIGEST 151
# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154
# define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136
# define PKCS7_R_NO_MULTIPART_BOUNDARY 137
# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115
@ -424,6 +452,7 @@ void ERR_load_PKCS7_strings(void);
# define PKCS7_R_NO_SIG_CONTENT_TYPE 138
# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104
# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124
# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153
# define PKCS7_R_PKCS7_DATAFINAL 126
# define PKCS7_R_PKCS7_DATAFINAL_ERROR 125
# define PKCS7_R_PKCS7_DATASIGN 145
@ -432,6 +461,8 @@ void ERR_load_PKCS7_strings(void);
# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127
# define PKCS7_R_SIGNATURE_FAILURE 105
# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128
# define PKCS7_R_SIGNING_CTRL_FAILURE 147
# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148
# define PKCS7_R_SIG_INVALID_MIME_TYPE 141
# define PKCS7_R_SMIME_TEXT_ERROR 129
# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106

152
Cryptlib/Include/openssl/pq_compat.h
View File

@ -1,152 +0,0 @@
/* crypto/pqueue/pqueue_compat.h */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_PQ_COMPAT_H
# define HEADER_PQ_COMPAT_H
# include <openssl/opensslconf.h>
# include <openssl/bn.h>
/*
* The purpose of this header file is for supporting 64-bit integer
* manipulation on 32-bit (and lower) machines. Currently the only
* such environment is VMS, Utrix and those with smaller default integer
* sizes than 32 bits. For all such environment, we fall back to using
* BIGNUM. We may need to fine tune the conditions for systems that
* are incorrectly configured.
*
* The only clients of this code are (1) pqueue for priority, and
* (2) DTLS, for sequence number manipulation.
*/
# if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT)
# define PQ_64BIT_IS_INTEGER 0
# define PQ_64BIT_IS_BIGNUM 1
# define PQ_64BIT BIGNUM
# define PQ_64BIT_CTX BN_CTX
# define pq_64bit_init(x) BN_init(x)
# define pq_64bit_free(x) BN_free(x)
# define pq_64bit_ctx_new(ctx) BN_CTX_new()
# define pq_64bit_ctx_free(x) BN_CTX_free(x)
# define pq_64bit_assign(x, y) BN_copy(x, y)
# define pq_64bit_assign_word(x, y) BN_set_word(x, y)
# define pq_64bit_gt(x, y) BN_ucmp(x, y) >= 1 ? 1 : 0
# define pq_64bit_eq(x, y) BN_ucmp(x, y) == 0 ? 1 : 0
# define pq_64bit_add_word(x, w) BN_add_word(x, w)
# define pq_64bit_sub(r, x, y) BN_sub(r, x, y)
# define pq_64bit_sub_word(x, w) BN_sub_word(x, w)
# define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx)
# define pq_64bit_bin2num(bn, bytes, len) BN_bin2bn(bytes, len, bn)
# define pq_64bit_num2bin(bn, bytes) BN_bn2bin(bn, bytes)
# define pq_64bit_get_word(x) BN_get_word(x)
# define pq_64bit_is_bit_set(x, offset) BN_is_bit_set(x, offset)
# define pq_64bit_lshift(r, x, shift) BN_lshift(r, x, shift)
# define pq_64bit_set_bit(x, num) BN_set_bit(x, num)
# define pq_64bit_get_length(x) BN_num_bits((x))
# else
# define PQ_64BIT_IS_INTEGER 1
# define PQ_64BIT_IS_BIGNUM 0
# if defined(SIXTY_FOUR_BIT)
# define PQ_64BIT BN_ULONG
# define PQ_64BIT_PRINT "%lld"
# elif defined(SIXTY_FOUR_BIT_LONG)
# define PQ_64BIT BN_ULONG
# define PQ_64BIT_PRINT "%ld"
# elif defined(THIRTY_TWO_BIT)
# define PQ_64BIT BN_ULLONG
# define PQ_64BIT_PRINT "%lld"
# endif
# define PQ_64BIT_CTX void
# define pq_64bit_init(x)
# define pq_64bit_free(x)
# define pq_64bit_ctx_new(ctx) (ctx)
# define pq_64bit_ctx_free(x)
# define pq_64bit_assign(x, y) (*(x) = *(y))
# define pq_64bit_assign_word(x, y) (*(x) = y)
# define pq_64bit_gt(x, y) (*(x) > *(y))
# define pq_64bit_eq(x, y) (*(x) == *(y))
# define pq_64bit_add_word(x, w) (*(x) = (*(x) + (w)))
# define pq_64bit_sub(r, x, y) (*(r) = (*(x) - *(y)))
# define pq_64bit_sub_word(x, w) (*(x) = (*(x) - (w)))
# define pq_64bit_mod(r, x, n, ctx)
# define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num)
# define pq_64bit_num2bin(num, bytes) long_long_to_bytes(num, bytes)
# define pq_64bit_get_word(x) *(x)
# define pq_64bit_lshift(r, x, shift) (*(r) = (*(x) << (shift)))
# define pq_64bit_set_bit(x, num) do { \
PQ_64BIT mask = 1; \
mask = mask << (num); \
*(x) |= mask; \
} while(0)
# endif /* OPENSSL_SYS_VMS */
#endif

14
Cryptlib/Include/openssl/pqueue.h
View File

@ -64,19 +64,20 @@
# include <stdlib.h>
# include <string.h>
# include <openssl/pq_compat.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct _pqueue *pqueue;
typedef struct _pitem {
PQ_64BIT priority;
unsigned char priority[8]; /* 64-bit value in big-endian encoding */
void *data;
struct _pitem *next;
} pitem;
typedef struct _pitem *piterator;
pitem *pitem_new(PQ_64BIT priority, void *data);
pitem *pitem_new(unsigned char *prio64be, void *data);
void pitem_free(pitem *item);
pqueue pqueue_new(void);
@ -85,11 +86,14 @@ void pqueue_free(pqueue pq);
pitem *pqueue_insert(pqueue pq, pitem *item);
pitem *pqueue_peek(pqueue pq);
pitem *pqueue_pop(pqueue pq);
pitem *pqueue_find(pqueue pq, PQ_64BIT priority);
pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
pitem *pqueue_iterator(pqueue pq);
pitem *pqueue_next(piterator *iter);
void pqueue_print(pqueue pq);
int pqueue_size(pqueue pq);
#ifdef __cplusplus
}
#endif
#endif /* ! HEADER_PQUEUE_H */

40
Cryptlib/Include/openssl/rand.h
View File

@ -72,7 +72,7 @@ extern "C" {
#endif
# if defined(OPENSSL_FIPS)
# define FIPS_RAND_SIZE_T int
# define FIPS_RAND_SIZE_T size_t
# endif
/* Already defined in ossl_typ.h */
@ -110,16 +110,6 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
int RAND_egd(const char *path);
int RAND_egd_bytes(const char *path, int bytes);
int RAND_poll(void);
# ifndef OPENSSL_NO_ENGINE
# ifdef OPENSSL_FIPS
void int_RAND_init_engine_callbacks(void);
void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth,
const RAND_METHOD **pmeth),
const RAND_METHOD *(*get_rand_func) (const
RAND_METHOD
**pmeth));
# endif
# endif
# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
@ -128,6 +118,11 @@ int RAND_event(UINT, WPARAM, LPARAM);
# endif
# ifdef OPENSSL_FIPS
void RAND_set_fips_drbg_type(int type, int flags);
int RAND_init_fips(void);
# endif
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
@ -138,29 +133,16 @@ void ERR_load_RAND_strings(void);
/* Error codes for the RAND functions. */
/* Function codes. */
# define RAND_F_ENG_RAND_GET_RAND_METHOD 108
# define RAND_F_FIPS_RAND 103
# define RAND_F_FIPS_RAND_BYTES 102
# define RAND_F_FIPS_RAND_GET_RAND_METHOD 109
# define RAND_F_FIPS_RAND_SET_DT 106
# define RAND_F_FIPS_SET_DT 104
# define RAND_F_FIPS_SET_PRNG_SEED 107
# define RAND_F_FIPS_SET_TEST_MODE 105
# define RAND_F_RAND_GET_RAND_METHOD 101
# define RAND_F_RAND_INIT_FIPS 102
# define RAND_F_SSLEAY_RAND_BYTES 100
/* Reason codes. */
# define RAND_R_NON_FIPS_METHOD 105
# define RAND_R_NOT_IN_TEST_MODE 106
# define RAND_R_NO_KEY_SET 107
# define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
# define RAND_R_PRNG_ERROR 108
# define RAND_R_PRNG_KEYED 109
# define RAND_R_PRNG_NOT_REKEYED 102
# define RAND_R_PRNG_NOT_RESEEDED 103
# define RAND_R_DUAL_EC_DRBG_DISABLED 104
# define RAND_R_ERROR_INITIALISING_DRBG 102
# define RAND_R_ERROR_INSTANTIATING_DRBG 103
# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101
# define RAND_R_PRNG_NOT_SEEDED 100
# define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
# define RAND_R_PRNG_STUCK 104
#ifdef __cplusplus
}

8
Cryptlib/Include/openssl/rc4.h
View File

@ -64,6 +64,8 @@
# error RC4 is disabled.
# endif
# include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
@ -74,11 +76,9 @@ typedef struct rc4_key_st {
} RC4_KEY;
const char *RC4_options(void);
# ifdef OPENSSL_FIPS
void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
# endif
void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
unsigned char *outdata);
#ifdef __cplusplus

3
Cryptlib/Include/openssl/ripemd.h
View File

@ -70,7 +70,7 @@ extern "C" {
# error RIPEMD is disabled.
# endif
# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
# if defined(__LP32__)
# define RIPEMD160_LONG unsigned long
# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
# define RIPEMD160_LONG unsigned long
@ -89,6 +89,7 @@ typedef struct RIPEMD160state_st {
RIPEMD160_LONG data[RIPEMD160_LBLOCK];
unsigned int num;
} RIPEMD160_CTX;
# ifdef OPENSSL_FIPS
int private_RIPEMD160_Init(RIPEMD160_CTX *c);
# endif

229
Cryptlib/Include/openssl/rsa.h
View File

@ -74,27 +74,6 @@
# error RSA is disabled.
# endif
/*
* If this flag is set the RSA method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
* sets this flag in its own methods it is its reposibility to ensure the
* result is compliant.
*/
# define RSA_FLAG_FIPS_METHOD 0x0400
/*
* If this flag is set the operations normally disabled in FIPS mode are
* permitted it is then the applications responsibility to ensure that the
* usage is compliant.
*/
# define RSA_FLAG_NON_FIPS_ALLOW 0x0400
# ifdef OPENSSL_FIPS
# define FIPS_RSA_SIZE_T int
# endif
#ifdef __cplusplus
extern "C" {
#endif
@ -139,7 +118,7 @@ struct rsa_meth_st {
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa);
int (*rsa_verify) (int dtype, const unsigned char *m,
unsigned int m_length, unsigned char *sigbuf,
unsigned int m_length, const unsigned char *sigbuf,
unsigned int siglen, const RSA *rsa);
/*
* If this callback is NULL, the builtin software RSA key-gen will be
@ -189,8 +168,6 @@ struct rsa_st {
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
# endif
# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
# endif
@ -256,11 +233,84 @@ struct rsa_st {
# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
# endif
# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
pad, NULL)
# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \
EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
(EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
len, NULL)
# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
(EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \
0, plen)
# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
# define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)md)
# define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
# define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)pmd)
# define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)l)
# define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)l)
# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3)
# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5)
# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6)
# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7)
# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8)
# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9)
# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10)
# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11)
# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
# define RSA_PKCS1_PADDING 1
# define RSA_SSLV23_PADDING 2
# define RSA_NO_PADDING 3
# define RSA_PKCS1_OAEP_PADDING 4
# define RSA_X931_PADDING 5
/* EVP_PKEY_ only */
# define RSA_PKCS1_PSS_PADDING 6
# define RSA_PKCS1_PADDING_SIZE 11
@ -269,7 +319,7 @@ struct rsa_st {
RSA *RSA_new(void);
RSA *RSA_new_method(ENGINE *engine);
int RSA_size(const RSA *);
int RSA_size(const RSA *rsa);
/* Deprecated version */
# ifndef OPENSSL_NO_DEPRECATED
@ -279,12 +329,6 @@ RSA *RSA_generate_key(int bits, unsigned long e, void
/* New version */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb);
int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
BN_GENCB *cb);
int RSA_check_key(const RSA *);
/* next 4 return -1 on error */
@ -302,11 +346,6 @@ int RSA_up_ref(RSA *r);
int RSA_flags(const RSA *r);
# ifdef OPENSSL_FIPS
RSA *FIPS_rsa_new(void);
void FIPS_rsa_free(RSA *r);
# endif
void RSA_set_default_method(const RSA_METHOD *meth);
const RSA_METHOD *RSA_get_default_method(void);
const RSA_METHOD *RSA_get_method(const RSA *rsa);
@ -323,6 +362,23 @@ const RSA_METHOD *RSA_null_method(void);
DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
typedef struct rsa_pss_params_st {
X509_ALGOR *hashAlgorithm;
X509_ALGOR *maskGenAlgorithm;
ASN1_INTEGER *saltLength;
ASN1_INTEGER *trailerField;
} RSA_PSS_PARAMS;
DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
typedef struct rsa_oaep_params_st {
X509_ALGOR *hashFunc;
X509_ALGOR *maskGenFunc;
X509_ALGOR *pSourceFunc;
} RSA_OAEP_PARAMS;
DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
# ifndef OPENSSL_NO_FP_API
int RSA_print_fp(FILE *fp, const RSA *r, int offset);
# endif
@ -354,7 +410,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, RSA *rsa);
int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
/*
* The following 2 function sign and verify a ASN1_OCTET_STRING object inside
@ -390,6 +446,15 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f, int fl, int rsa_len,
const unsigned char *p, int pl);
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen,
const unsigned char *param, int plen,
const EVP_MD *md, const EVP_MD *mgf1md);
int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen,
int num, const unsigned char *param,
int plen, const EVP_MD *md,
const EVP_MD *mgf1md);
int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
@ -411,6 +476,15 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
const unsigned char *mHash, const EVP_MD *Hash,
int sLen);
int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
const unsigned char *EM, int sLen);
int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
int sLen);
int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int RSA_set_ex_data(RSA *r, int idx, void *arg);
@ -419,6 +493,28 @@ void *RSA_get_ex_data(const RSA *r, int idx);
RSA *RSAPublicKey_dup(RSA *rsa);
RSA *RSAPrivateKey_dup(RSA *rsa);
/*
* If this flag is set the RSA method is FIPS compliant and can be used in
* FIPS mode. This is set in the validated module method. If an application
* sets this flag in its own methods it is its responsibility to ensure the
* result is compliant.
*/
# define RSA_FLAG_FIPS_METHOD 0x0400
/*
* If this flag is set the operations normally disabled in FIPS mode are
* permitted it is then the applications responsibility to ensure that the
* usage is compliant.
*/
# define RSA_FLAG_NON_FIPS_ALLOW 0x0400
/*
* Application has decided PRNG is good enough to generate a key: don't
* check.
*/
# define RSA_FLAG_CHECKED 0x0800
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
@ -429,17 +525,29 @@ void ERR_load_RSA_strings(void);
/* Error codes for the RSA functions. */
/* Function codes. */
# define RSA_F_FIPS_RSA_SIGN 140
# define RSA_F_FIPS_RSA_VERIFY 141
# define RSA_F_CHECK_PADDING_MD 140
# define RSA_F_DO_RSA_PRINT 146
# define RSA_F_INT_RSA_VERIFY 145
# define RSA_F_MEMORY_LOCK 100
# define RSA_F_OLD_RSA_PRIV_DECODE 147
# define RSA_F_PKEY_RSA_CTRL 143
# define RSA_F_PKEY_RSA_CTRL_STR 144
# define RSA_F_PKEY_RSA_SIGN 142
# define RSA_F_PKEY_RSA_VERIFY 154
# define RSA_F_PKEY_RSA_VERIFYRECOVER 141
# define RSA_F_RSA_ALGOR_TO_MD 157
# define RSA_F_RSA_BUILTIN_KEYGEN 129
# define RSA_F_RSA_CHECK_KEY 123
# define RSA_F_RSA_CMS_DECRYPT 158
# define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
# define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
# define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
# define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
# define RSA_F_RSA_GENERATE_KEY 105
# define RSA_F_RSA_GENERATE_KEY_EX 155
# define RSA_F_RSA_ITEM_VERIFY 156
# define RSA_F_RSA_MEMORY_LOCK 130
# define RSA_F_RSA_MGF1_TO_MD 159
# define RSA_F_RSA_NEW_METHOD 106
# define RSA_F_RSA_NULL 124
# define RSA_F_RSA_NULL_MOD_EXP 131
@ -449,29 +557,37 @@ void ERR_load_RSA_strings(void);
# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135
# define RSA_F_RSA_PADDING_ADD_NONE 107
# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 160
# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148
# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
# define RSA_F_RSA_PADDING_ADD_SSLV23 110
# define RSA_F_RSA_PADDING_ADD_X931 127
# define RSA_F_RSA_PADDING_CHECK_NONE 111
# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 161
# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
# define RSA_F_RSA_PADDING_CHECK_SSLV23 114
# define RSA_F_RSA_PADDING_CHECK_X931 128
# define RSA_F_RSA_PRINT 115
# define RSA_F_RSA_PRINT_FP 116
# define RSA_F_RSA_PRIVATE_ENCRYPT 137
# define RSA_F_RSA_PUBLIC_DECRYPT 138
# define RSA_F_RSA_PRIVATE_DECRYPT 150
# define RSA_F_RSA_PRIVATE_ENCRYPT 151
# define RSA_F_RSA_PRIV_DECODE 137
# define RSA_F_RSA_PRIV_ENCODE 138
# define RSA_F_RSA_PSS_TO_CTX 162
# define RSA_F_RSA_PUBLIC_DECRYPT 152
# define RSA_F_RSA_PUBLIC_ENCRYPT 153
# define RSA_F_RSA_PUB_DECODE 139
# define RSA_F_RSA_SETUP_BLINDING 136
# define RSA_F_RSA_SET_DEFAULT_METHOD 139
# define RSA_F_RSA_SET_METHOD 142
# define RSA_F_RSA_SIGN 117
# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
# define RSA_F_RSA_VERIFY 119
# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
# define RSA_F_RSA_VERIFY_PKCS1_PSS 126
# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149
/* Reason codes. */
# define RSA_R_ALGORITHM_MISMATCH 100
@ -487,25 +603,39 @@ void ERR_load_RSA_strings(void);
# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132
# define RSA_R_DATA_TOO_SMALL 111
# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
# define RSA_R_DIGEST_DOES_NOT_MATCH 166
# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
# define RSA_R_FIRST_OCTET_INVALID 133
# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144
# define RSA_R_INVALID_DIGEST 160
# define RSA_R_INVALID_DIGEST_LENGTH 143
# define RSA_R_INVALID_HEADER 137
# define RSA_R_INVALID_KEYBITS 145
# define RSA_R_INVALID_LABEL 161
# define RSA_R_INVALID_MESSAGE_LENGTH 131
# define RSA_R_INVALID_MGF1_MD 156
# define RSA_R_INVALID_OAEP_PARAMETERS 162
# define RSA_R_INVALID_PADDING 138
# define RSA_R_INVALID_PADDING_MODE 141
# define RSA_R_INVALID_PSS_PARAMETERS 149
# define RSA_R_INVALID_PSS_SALTLEN 146
# define RSA_R_INVALID_SALT_LENGTH 150
# define RSA_R_INVALID_TRAILER 139
# define RSA_R_INVALID_X931_DIGEST 142
# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
# define RSA_R_KEY_SIZE_TOO_SMALL 120
# define RSA_R_LAST_OCTET_INVALID 134
# define RSA_R_MODULUS_TOO_LARGE 105
# define RSA_R_NON_FIPS_METHOD 141
# define RSA_R_NON_FIPS_RSA_METHOD 157
# define RSA_R_NO_PUBLIC_EXPONENT 140
# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
# define RSA_R_OAEP_DECODING_ERROR 121
# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142
# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158
# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
# define RSA_R_PADDING_CHECK_FAILED 114
# define RSA_R_PKCS_DECODING_ERROR 159
# define RSA_R_P_NOT_PRIME 128
@ -516,7 +646,16 @@ void ERR_load_RSA_strings(void);
# define RSA_R_SSLV3_ROLLBACK_ATTACK 115
# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
# define RSA_R_UNKNOWN_DIGEST 163
# define RSA_R_UNKNOWN_MASK_DIGEST 151
# define RSA_R_UNKNOWN_PADDING_TYPE 118
# define RSA_R_UNKNOWN_PSS_DIGEST 152
# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 164
# define RSA_R_UNSUPPORTED_LABEL_SOURCE 165
# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154
# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
# define RSA_R_VALUE_MISSING 147
# define RSA_R_WRONG_SIGNATURE_LENGTH 119
#ifdef __cplusplus

1310
Cryptlib/Include/openssl/safestack.h
View File

File diff suppressed because it is too large Load Diff

149
Cryptlib/Include/openssl/seed.h Normal file
View File

@ -0,0 +1,149 @@
/*
* Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Neither the name of author nor the names of its contributors may
* be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
/* ====================================================================
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_SEED_H
# define HEADER_SEED_H
# include <openssl/opensslconf.h>
# include <openssl/e_os2.h>
# include <openssl/crypto.h>
# ifdef OPENSSL_NO_SEED
# error SEED is disabled.
# endif
/* look whether we need 'long' to get 32 bits */
# ifdef AES_LONG
# ifndef SEED_LONG
# define SEED_LONG 1
# endif
# endif
# if !defined(NO_SYS_TYPES_H)
# include <sys/types.h>
# endif
# define SEED_BLOCK_SIZE 16
# define SEED_KEY_LENGTH 16
#ifdef __cplusplus
extern "C" {
#endif
typedef struct seed_key_st {
# ifdef SEED_LONG
unsigned long data[32];
# else
unsigned int data[32];
# endif
} SEED_KEY_SCHEDULE;
# ifdef OPENSSL_FIPS
void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
SEED_KEY_SCHEDULE *ks);
# endif
void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
SEED_KEY_SCHEDULE *ks);
void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
unsigned char d[SEED_BLOCK_SIZE],
const SEED_KEY_SCHEDULE *ks);
void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
unsigned char d[SEED_BLOCK_SIZE],
const SEED_KEY_SCHEDULE *ks);
void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
const SEED_KEY_SCHEDULE *ks, int enc);
void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
const SEED_KEY_SCHEDULE *ks,
unsigned char ivec[SEED_BLOCK_SIZE], int enc);
void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const SEED_KEY_SCHEDULE *ks,
unsigned char ivec[SEED_BLOCK_SIZE], int *num,
int enc);
void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const SEED_KEY_SCHEDULE *ks,
unsigned char ivec[SEED_BLOCK_SIZE], int *num);
#ifdef __cplusplus
}
#endif
#endif /* HEADER_SEED_H */

13
Cryptlib/Include/openssl/sha.h
View File

@ -81,7 +81,7 @@ extern "C" {
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*/
# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
# if defined(__LP32__)
# define SHA_LONG unsigned long
# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
# define SHA_LONG unsigned long
@ -115,6 +115,9 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
void SHA_Transform(SHA_CTX *c, const unsigned char *data);
# endif
# ifndef OPENSSL_NO_SHA1
# ifdef OPENSSL_FIPS
int private_SHA1_Init(SHA_CTX *c);
# endif
int SHA1_Init(SHA_CTX *c);
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
int SHA1_Final(unsigned char *md, SHA_CTX *c);
@ -136,6 +139,10 @@ typedef struct SHA256state_st {
} SHA256_CTX;
# ifndef OPENSSL_NO_SHA256
# ifdef OPENSSL_FIPS
int private_SHA224_Init(SHA256_CTX *c);
int private_SHA256_Init(SHA256_CTX *c);
# endif
int SHA224_Init(SHA256_CTX *c);
int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA224_Final(unsigned char *md, SHA256_CTX *c);
@ -185,6 +192,10 @@ typedef struct SHA512state_st {
# endif
# ifndef OPENSSL_NO_SHA512
# ifdef OPENSSL_FIPS
int private_SHA384_Init(SHA512_CTX *c);
int private_SHA512_Init(SHA512_CTX *c);
# endif
int SHA384_Init(SHA512_CTX *c);
int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA384_Final(unsigned char *md, SHA512_CTX *c);

169
Cryptlib/Include/openssl/srp.h Normal file
View File

@ -0,0 +1,169 @@
/* crypto/srp/srp.h */
/*
* Written by Christophe Renou (christophe.renou@edelweb.fr) with the
* precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
* EdelKey project and contributed to the OpenSSL project 2004.
*/
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef __SRP_H__
# define __SRP_H__
# ifndef OPENSSL_NO_SRP
# include <stdio.h>
# include <string.h>
#ifdef __cplusplus
extern "C" {
#endif
# include <openssl/safestack.h>
# include <openssl/bn.h>
# include <openssl/crypto.h>
typedef struct SRP_gN_cache_st {
char *b64_bn;
BIGNUM *bn;
} SRP_gN_cache;
DECLARE_STACK_OF(SRP_gN_cache)
typedef struct SRP_user_pwd_st {
char *id;
BIGNUM *s;
BIGNUM *v;
const BIGNUM *g;
const BIGNUM *N;
char *info;
} SRP_user_pwd;
DECLARE_STACK_OF(SRP_user_pwd)
typedef struct SRP_VBASE_st {
STACK_OF(SRP_user_pwd) *users_pwd;
STACK_OF(SRP_gN_cache) *gN_cache;
/* to simulate a user */
char *seed_key;
BIGNUM *default_g;
BIGNUM *default_N;
} SRP_VBASE;
/*
* Structure interne pour retenir les couples N et g
*/
typedef struct SRP_gN_st {
char *id;
BIGNUM *g;
BIGNUM *N;
} SRP_gN;
DECLARE_STACK_OF(SRP_gN)
SRP_VBASE *SRP_VBASE_new(char *seed_key);
int SRP_VBASE_free(SRP_VBASE *vb);
int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
char *SRP_create_verifier(const char *user, const char *pass, char **salt,
char **verifier, const char *N, const char *g);
int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM **verifier, BIGNUM *N, BIGNUM *g);
# define SRP_NO_ERROR 0
# define SRP_ERR_VBASE_INCOMPLETE_FILE 1
# define SRP_ERR_VBASE_BN_LIB 2
# define SRP_ERR_OPEN_FILE 3
# define SRP_ERR_MEMORY 4
# define DB_srptype 0
# define DB_srpverifier 1
# define DB_srpsalt 2
# define DB_srpid 3
# define DB_srpgN 4
# define DB_srpinfo 5
# undef DB_NUMBER
# define DB_NUMBER 6
# define DB_SRP_INDEX 'I'
# define DB_SRP_VALID 'V'
# define DB_SRP_REVOKED 'R'
# define DB_SRP_MODIF 'v'
/* see srp.c */
char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N);
SRP_gN *SRP_get_default_gN(const char *id);
/* server side .... */
BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
BIGNUM *N);
BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N);
/* client side .... */
BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
BIGNUM *a, BIGNUM *u);
int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
# define SRP_MINIMAL_N 1024
#ifdef __cplusplus
}
#endif
# endif
#endif

94
Cryptlib/OpenSSL/crypto/rand/rand_nw.c → Cryptlib/Include/openssl/srtp.h
View File

@ -1,4 +1,4 @@
/* crypto/rand/rand_nw.c */
/* ssl/srtp.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -108,72 +108,40 @@
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* DTLS code by Eric Rescorla <ekr@rtfm.com>
*
* Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
*/
#include "cryptlib.h"
#include <openssl/rand.h>
#include "rand_lcl.h"
#ifndef HEADER_D1_SRTP_H
# define HEADER_D1_SRTP_H
#if defined (OPENSSL_SYS_NETWARE)
# include <openssl/ssl.h>
#ifdef __cplusplus
extern "C" {
#endif
# define SRTP_AES128_CM_SHA1_80 0x0001
# define SRTP_AES128_CM_SHA1_32 0x0002
# define SRTP_AES128_F8_SHA1_80 0x0003
# define SRTP_AES128_F8_SHA1_32 0x0004
# define SRTP_NULL_SHA1_80 0x0005
# define SRTP_NULL_SHA1_32 0x0006
# ifndef OPENSSL_NO_SRTP
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
# if defined(NETWARE_LIBC)
# include <nks/thread.h>
# else
# include <nwthread.h>
# endif
extern int GetProcessSwitchCount(void);
# if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000)
extern void *RunningProcess; /* declare here same as found in newer NDKs */
extern unsigned long GetSuperHighResolutionTimer(void);
# endif
/*
* the FAQ indicates we need to provide at least 20 bytes (160 bits) of
* seed
*/
int RAND_poll(void)
{
unsigned long l;
unsigned long tsc;
int i;
/*
* There are several options to gather miscellaneous data but for now we
* will loop checking the time stamp counter (rdtsc) and the
* SuperHighResolutionTimer. Each iteration will collect 8 bytes of data
* but it is treated as only 1 byte of entropy. The call to
* ThreadSwitchWithDelay() will introduce additional variability into the
* data returned by rdtsc. Applications can agument the seed material by
* adding additional stuff with RAND_add() and should probably do so.
*/
l = GetProcessSwitchCount();
RAND_add(&l, sizeof(l), 1);
/* need to cast the void* to unsigned long here */
l = (unsigned long)RunningProcess;
RAND_add(&l, sizeof(l), 1);
for (i = 2; i < ENTROPY_NEEDED; i++) {
# ifdef __MWERKS__
asm {
rdtsc mov tsc, eax}
# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
asm volatile ("rdtsc":"=a" (tsc)::"edx");
# endif
RAND_add(&tsc, sizeof(tsc), 1);
l = GetSuperHighResolutionTimer();
RAND_add(&l, sizeof(l), 0);
# if defined(NETWARE_LIBC)
NXThreadYield();
# else /* NETWARE_CLIB */
ThreadSwitchWithDelay();
# endif
}
return 1;
#ifdef __cplusplus
}
#endif
#endif

1391
Cryptlib/Include/openssl/ssl.h
View File

File diff suppressed because it is too large Load Diff

4
Cryptlib/Include/openssl/ssl2.h
View File

@ -158,6 +158,8 @@ extern "C" {
# define CERT char
# endif
# ifndef OPENSSL_NO_SSL_INTERN
typedef struct ssl2_state_st {
int three_byte_header;
int clear_text; /* clear text */
@ -213,6 +215,8 @@ typedef struct ssl2_state_st {
} tmp;
} SSL2_STATE;
# endif
/* SSLv2 */
/* client */
# define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)

247
Cryptlib/Include/openssl/ssl3.h
View File

@ -123,7 +123,6 @@
# include <openssl/buffer.h>
# include <openssl/evp.h>
# include <openssl/ssl.h>
# include <openssl/pq_compat.h>
#ifdef __cplusplus
extern "C" {
@ -160,11 +159,17 @@ extern "C" {
# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA SSL3_CK_EDH_DSS_DES_40_CBC_SHA
# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA SSL3_CK_EDH_DSS_DES_64_CBC_SHA
# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA SSL3_CK_EDH_DSS_DES_192_CBC3_SHA
# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA SSL3_CK_EDH_RSA_DES_40_CBC_SHA
# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA SSL3_CK_EDH_RSA_DES_64_CBC_SHA
# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA SSL3_CK_EDH_RSA_DES_192_CBC3_SHA
# define SSL3_CK_ADH_RC4_40_MD5 0x03000017
# define SSL3_CK_ADH_RC4_128_MD5 0x03000018
@ -172,14 +177,16 @@ extern "C" {
# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
# if 0 /* Because it clashes with KRB5, is never
# if 0
# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
# if 0 /* Because it clashes with KRB5, is never
* used any more, and is safe to remove
* according to David Hopwood
* <david.hopwood@zetnet.co.uk> of the
* ietf-tls list */
# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
# endif
# endif
/*
@ -219,6 +226,18 @@ extern "C" {
# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA"
# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA"
# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA"
# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA"
# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA"
# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA"
/*
* This next block of six "EDH" labels is for backward compatibility with
* older versions of OpenSSL. New code should use the six "DHE" labels above
* instead:
*/
# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
@ -232,9 +251,11 @@ extern "C" {
# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
# if 0
# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
# endif
# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
@ -260,23 +281,73 @@ extern "C" {
# define SSL3_SESSION_ID_SIZE 32
# define SSL3_RT_HEADER_LENGTH 5
/* Due to MS stuffing up, this can change.... */
# if defined(OPENSSL_SYS_WIN16) || \
(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
# define SSL3_RT_MAX_EXTRA (14000)
# define SSL3_HM_HEADER_LENGTH 4
# ifndef SSL3_ALIGN_PAYLOAD
/*
* Some will argue that this increases memory footprint, but it's not
* actually true. Point is that malloc has to return at least 64-bit aligned
* pointers, meaning that allocating 5 bytes wastes 3 bytes in either case.
* Suggested pre-gaping simply moves these wasted bytes from the end of
* allocated region to its front, but makes data payload aligned, which
* improves performance:-)
*/
# define SSL3_ALIGN_PAYLOAD 8
# else
# define SSL3_RT_MAX_EXTRA (16384)
# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
# error "insane SSL3_ALIGN_PAYLOAD"
# undef SSL3_ALIGN_PAYLOAD
# endif
# endif
/*
* This is the maximum MAC (digest) size used by the SSL library. Currently
* maximum of 20 is used by SHA1, but we reserve for future extension for
* 512-bit hashes.
*/
# define SSL3_RT_MAX_MD_SIZE 64
/*
* Maximum block size used in all ciphersuites. Currently 16 for AES.
*/
# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
# define SSL3_RT_MAX_EXTRA (16384)
/* Maximum plaintext length: defined by SSL/TLS standards */
# define SSL3_RT_MAX_PLAIN_LENGTH 16384
/* Maximum compression overhead: defined by SSL/TLS standards */
# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
/*
* The standards give a maximum encryption overhead of 1024 bytes. In
* practice the value is lower than this. The overhead is the maximum number
* of padding bytes (256) plus the mac size.
*/
# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
/*
* OpenSSL currently only uses a padding length of at most one block so the
* send overhead is smaller.
*/
# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
(SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
/* If compression isn't used don't include the compression overhead */
# ifdef OPENSSL_NO_COMP
# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
# else
# define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
# define SSL3_RT_MAX_COMPRESSED_LENGTH \
(SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
# endif
# define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
# define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
# define SSL3_RT_MAX_DATA_SIZE (1024*1024)
# define SSL3_RT_MAX_ENCRYPTED_LENGTH \
(SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
# define SSL3_RT_MAX_PACKET_SIZE \
(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
@ -289,6 +360,24 @@ extern "C" {
# define SSL3_RT_ALERT 21
# define SSL3_RT_HANDSHAKE 22
# define SSL3_RT_APPLICATION_DATA 23
# define TLS1_RT_HEARTBEAT 24
/* Pseudo content types to indicate additional parameters */
# define TLS1_RT_CRYPTO 0x1000
# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1)
# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2)
# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3)
# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4)
# define TLS1_RT_CRYPTO_READ 0x0000
# define TLS1_RT_CRYPTO_WRITE 0x0100
# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5)
# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6)
# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7)
# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8)
/* Pseudo content type for SSL/TLS header info */
# define SSL3_RT_HEADER 0x100
# define SSL3_AL_WARNING 1
# define SSL3_AL_FATAL 2
@ -306,6 +395,11 @@ extern "C" {
# define SSL3_AD_CERTIFICATE_UNKNOWN 46
# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */
# define TLS1_HB_REQUEST 1
# define TLS1_HB_RESPONSE 2
# ifndef OPENSSL_NO_SSL_INTERN
typedef struct ssl3_record_st {
/* type of record */
/*
@ -338,7 +432,7 @@ typedef struct ssl3_record_st {
/* sequence number, needed by DTLS1 */
/*
* r
*/ PQ_64BIT seq_num;
*/ unsigned char seq_num[8];
} SSL3_RECORD;
typedef struct ssl3_buffer_st {
@ -352,6 +446,8 @@ typedef struct ssl3_buffer_st {
int left;
} SSL3_BUFFER;
# endif
# define SSL3_CT_RSA_SIGN 1
# define SSL3_CT_DSS_SIGN 2
# define SSL3_CT_RSA_FIXED_DH 3
@ -363,36 +459,41 @@ typedef struct ssl3_buffer_st {
* SSL3_CT_NUMBER is used to size arrays and it must be large enough to
* contain all of the cert types defined either for SSLv3 and TLSv1.
*/
# define SSL3_CT_NUMBER 7
# define SSL3_CT_NUMBER 9
# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
# define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
# define SSL3_FLAGS_POP_BUFFER 0x0004
# define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
# define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
/*
* Set when the handshake is ready to process peer's ChangeCipherSpec message.
* Cleared after the message has been processed.
*/
# define SSL3_FLAGS_CCS_OK 0x0080
/*
* SSL3_FLAGS_SGC_RESTART_DONE is set when we restart a handshake because of
* MS SGC and so prevents us from restarting the handshake in a loop. It's
* reset on a renegotiation, so effectively limits the client to one restart
* per negotiation. This limits the possibility of a DDoS attack where the
* client handshakes in a loop using SGC to restart. Servers which permit
* renegotiation can still be effected, but we can't prevent that.
*/
/* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */
# define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
# ifndef OPENSSL_NO_SSL_INTERN
typedef struct ssl3_state_st {
long flags;
int delay_buf_pop_ret;
unsigned char read_sequence[8];
int read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
unsigned char write_sequence[8];
int write_mac_secret_size;
unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
unsigned char server_random[SSL3_RANDOM_SIZE];
unsigned char client_random[SSL3_RANDOM_SIZE];
/* flags for countermeasure against known-IV weakness */
int need_empty_fragments;
int empty_fragment_done;
/* The value of 'extra' when the buffers were initialized */
int init_extra;
SSL3_BUFFER rbuf; /* read IO goes into here */
SSL3_BUFFER wbuf; /* write IO goes into here */
SSL3_RECORD rrec; /* each decoded record goes in here */
@ -412,11 +513,16 @@ typedef struct ssl3_state_st {
int wpend_ret; /* number of bytes submitted */
const unsigned char *wpend_buf;
/* used during startup, digest all incoming/outgoing packets */
EVP_MD_CTX finish_dgst1;
EVP_MD_CTX finish_dgst2;
BIO *handshake_buffer;
/*
* this is set whenerver we see a change_cipher_spec message come in when
* we are not looking for one
* When set of handshake digests is determined, buffer is hashed and
* freed and MD_CTX-es for all required digests are stored in this array
*/
EVP_MD_CTX **handshake_dgst;
/*
* Set whenever an expected ChangeCipherSpec message is processed.
* Unset when the peer's Finished message is received.
* Unexpected ChangeCipherSpec messages trigger a fatal alert.
*/
int change_cipher_spec;
int warn_alert;
@ -435,6 +541,15 @@ typedef struct ssl3_state_st {
int total_renegotiations;
int num_renegotiations;
int in_read_app_data;
/*
* Opaque PRF input as used for the current handshake. These fields are
* used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they
* are merely present to improve binary compatibility)
*/
void *client_opaque_prf_input;
size_t client_opaque_prf_input_len;
void *server_opaque_prf_input;
size_t server_opaque_prf_input_len;
struct {
/* actually only needs to be 16+20 */
unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
@ -446,13 +561,13 @@ typedef struct ssl3_state_st {
unsigned long message_size;
int message_type;
/* used to hold the new cipher we are going to use */
SSL_CIPHER *new_cipher;
# ifndef OPENSSL_NO_DH
const SSL_CIPHER *new_cipher;
# ifndef OPENSSL_NO_DH
DH *dh;
# endif
# ifndef OPENSSL_NO_ECDH
# endif
# ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh; /* holds short lived ECDH key */
# endif
# endif
/* used when SSL_ST_FLUSH_DATA is entered */
int next_state;
int reuse_message;
@ -466,11 +581,13 @@ typedef struct ssl3_state_st {
unsigned char *key_block;
const EVP_CIPHER *new_sym_enc;
const EVP_MD *new_hash;
# ifndef OPENSSL_NO_COMP
int new_mac_pkey_type;
int new_mac_secret_size;
# ifndef OPENSSL_NO_COMP
const SSL_COMP *new_compression;
# else
# else
char *new_compression;
# endif
# endif
int cert_request;
} tmp;
@ -481,24 +598,50 @@ typedef struct ssl3_state_st {
unsigned char previous_server_finished_len;
int send_connection_binding; /* TODOEKR */
# ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_NEXTPROTONEG
/*
* Set if we saw the Next Protocol Negotiation extension from our peer.
*/
int next_proto_neg_seen;
# endif
# ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_EC
/*
* This is set to true if we believe that this is a version of Safari
* running on OS X 10.6 or newer. We wish to know this because Safari on
* 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
*/
char is_probably_safari;
# endif /* !OPENSSL_NO_EC */
# endif /* !OPENSSL_NO_TLSEXT */
# endif /* !OPENSSL_NO_EC */
/*
* ALPN information (we are in the process of transitioning from NPN to
* ALPN.)
*/
/*
* In a server these point to the selected ALPN protocol after the
* ClientHello has been processed. In a client these contain the protocol
* that the server selected once the ServerHello has been processed.
*/
unsigned char *alpn_selected;
unsigned alpn_selected_len;
# endif /* OPENSSL_NO_TLSEXT */
} SSL3_STATE;
# endif
/* SSLv3 */
/*
* client
*/
/* extra state */
# define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
# ifndef OPENSSL_NO_SCTP
# define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT)
# define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT)
# endif
/* write to server */
# define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
# define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
@ -526,6 +669,10 @@ typedef struct ssl3_state_st {
# define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
# define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
# define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
# ifndef OPENSSL_NO_NEXTPROTONEG
# define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
# define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
# endif
# define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
# define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
/* read from server */
@ -541,11 +688,16 @@ typedef struct ssl3_state_st {
/* server */
/* extra state */
# define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
# ifndef OPENSSL_NO_SCTP
# define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT)
# define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT)
# endif
/* read from client */
/* Do not change the number values, they do matter */
# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
# define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
# define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
# define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT)
/* write to client */
# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
@ -571,6 +723,10 @@ typedef struct ssl3_state_st {
# define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
# define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
# define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
# ifndef OPENSSL_NO_NEXTPROTONEG
# define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
# define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
# endif
# define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
# define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
/* write to client */
@ -595,6 +751,9 @@ typedef struct ssl3_state_st {
# define SSL3_MT_CLIENT_KEY_EXCHANGE 16
# define SSL3_MT_FINISHED 20
# define SSL3_MT_CERTIFICATE_STATUS 22
# ifndef OPENSSL_NO_NEXTPROTONEG
# define SSL3_MT_NEXT_PROTO 67
# endif
# define DTLS1_MT_HELLO_VERIFY_REQUEST 3
# define SSL3_MT_CCS 1

50
Cryptlib/Include/openssl/stack.h
View File

@ -68,37 +68,37 @@ typedef struct stack_st {
char **data;
int sorted;
int num_alloc;
int (*comp) (const char *const *, const char *const *);
} STACK;
int (*comp) (const void *, const void *);
} _STACK; /* Use STACK_OF(...) instead */
# define M_sk_num(sk) ((sk) ? (sk)->num:-1)
# define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL)
int sk_num(const STACK *);
char *sk_value(const STACK *, int);
int sk_num(const _STACK *);
void *sk_value(const _STACK *, int);
char *sk_set(STACK *, int, char *);
void *sk_set(_STACK *, int, void *);
STACK *sk_new(int (*cmp) (const char *const *, const char *const *));
STACK *sk_new_null(void);
void sk_free(STACK *);
void sk_pop_free(STACK * st, void (*func) (void *));
int sk_insert(STACK * sk, char *data, int where);
char *sk_delete(STACK * st, int loc);
char *sk_delete_ptr(STACK * st, char *p);
int sk_find(STACK * st, char *data);
int sk_find_ex(STACK * st, char *data);
int sk_push(STACK * st, char *data);
int sk_unshift(STACK * st, char *data);
char *sk_shift(STACK * st);
char *sk_pop(STACK * st);
void sk_zero(STACK * st);
int (*sk_set_cmp_func(STACK * sk, int (*c) (const char *const *,
const char *const *)))
(const char *const *, const char *const *);
STACK *sk_dup(STACK * st);
void sk_sort(STACK * st);
int sk_is_sorted(const STACK * st);
_STACK *sk_new(int (*cmp) (const void *, const void *));
_STACK *sk_new_null(void);
void sk_free(_STACK *);
void sk_pop_free(_STACK *st, void (*func) (void *));
_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *));
int sk_insert(_STACK *sk, void *data, int where);
void *sk_delete(_STACK *st, int loc);
void *sk_delete_ptr(_STACK *st, void *p);
int sk_find(_STACK *st, void *data);
int sk_find_ex(_STACK *st, void *data);
int sk_push(_STACK *st, void *data);
int sk_unshift(_STACK *st, void *data);
void *sk_shift(_STACK *st);
void *sk_pop(_STACK *st);
void sk_zero(_STACK *st);
int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
(const void *, const void *);
_STACK *sk_dup(_STACK *st);
void sk_sort(_STACK *st);
int sk_is_sorted(const _STACK *st);
#ifdef __cplusplus
}

651
Cryptlib/Include/openssl/store.h
View File

@ -1,651 +0,0 @@
/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */
/*
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
* 2003.
*/
/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_STORE_H
# define HEADER_STORE_H
# include <openssl/ossl_typ.h>
# ifndef OPENSSL_NO_DEPRECATED
# include <openssl/evp.h>
# include <openssl/bn.h>
# include <openssl/x509.h>
# endif
#ifdef __cplusplus
extern "C" {
#endif
/* Already defined in ossl_typ.h */
/* typedef struct store_st STORE; */
/* typedef struct store_method_st STORE_METHOD; */
/*
* All the following functions return 0, a negative number or NULL on error.
* When everything is fine, they return a positive value or a non-NULL
* pointer, all depending on their purpose.
*/
/* Creators and destructor. */
STORE *STORE_new_method(const STORE_METHOD *method);
STORE *STORE_new_engine(ENGINE *engine);
void STORE_free(STORE *ui);
/*
* Give a user interface parametrised control commands. This can be used to
* send down an integer, a data pointer or a function pointer, as well as be
* used to get information from a STORE.
*/
int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void));
/*
* A control to set the directory with keys and certificates. Used by the
* built-in directory level method.
*/
# define STORE_CTRL_SET_DIRECTORY 0x0001
/*
* A control to set a file to load. Used by the built-in file level method.
*/
# define STORE_CTRL_SET_FILE 0x0002
/*
* A control to set a configuration file to load. Can be used by any method
* that wishes to load a configuration file.
*/
# define STORE_CTRL_SET_CONF_FILE 0x0003
/*
* A control to set a the section of the loaded configuration file. Can be
* used by any method that wishes to load a configuration file.
*/
# define STORE_CTRL_SET_CONF_SECTION 0x0004
/* Some methods may use extra data */
# define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg)
# define STORE_get_app_data(s) STORE_get_ex_data(s,0)
int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func,
CRYPTO_EX_free *free_func);
int STORE_set_ex_data(STORE *r, int idx, void *arg);
void *STORE_get_ex_data(STORE *r, int idx);
/* Use specific methods instead of the built-in one */
const STORE_METHOD *STORE_get_method(STORE *store);
const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);
/* The standard OpenSSL methods. */
/*
* This is the in-memory method. It does everything except revoking and
* updating, and is of course volatile. It's used by other methods that have
* an in-memory cache.
*/
const STORE_METHOD *STORE_Memory(void);
# if 0 /* Not yet implemented */
/*
* This is the directory store. It does everything except revoking and
* updating, and uses STORE_Memory() to cache things in memory.
*/
const STORE_METHOD *STORE_Directory(void);
/*
* This is the file store. It does everything except revoking and updating,
* and uses STORE_Memory() to cache things in memory. Certificates are added
* to it with the store operation, and it will only get cached certificates.
*/
const STORE_METHOD *STORE_File(void);
# endif
/*
* Store functions take a type code for the type of data they should store or
* fetch
*/
typedef enum STORE_object_types {
STORE_OBJECT_TYPE_X509_CERTIFICATE = 0x01, /* X509 * */
STORE_OBJECT_TYPE_X509_CRL = 0x02, /* X509_CRL * */
STORE_OBJECT_TYPE_PRIVATE_KEY = 0x03, /* EVP_PKEY * */
STORE_OBJECT_TYPE_PUBLIC_KEY = 0x04, /* EVP_PKEY * */
STORE_OBJECT_TYPE_NUMBER = 0x05, /* BIGNUM * */
STORE_OBJECT_TYPE_ARBITRARY = 0x06, /* BUF_MEM * */
STORE_OBJECT_TYPE_NUM = 0x06 /* The amount of known object types */
} STORE_OBJECT_TYPES;
/* List of text strings corresponding to the object types. */
extern const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1];
/*
* Some store functions take a parameter list. Those parameters come with
* one of the following codes. The comments following the codes below
* indicate what type the value should be a pointer to.
*/
typedef enum STORE_params {
STORE_PARAM_EVP_TYPE = 0x01, /* int */
STORE_PARAM_BITS = 0x02, /* size_t */
STORE_PARAM_KEY_PARAMETERS = 0x03, /* ??? */
STORE_PARAM_KEY_NO_PARAMETERS = 0x04, /* N/A */
STORE_PARAM_AUTH_PASSPHRASE = 0x05, /* char * */
STORE_PARAM_AUTH_KRB5_TICKET = 0x06, /* void * */
STORE_PARAM_TYPE_NUM = 0x06 /* The amount of known parameter types */
} STORE_PARAM_TYPES;
/*
* Parameter value sizes. -1 means unknown, anything else is the required
* size.
*/
extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1];
/*
* Store functions take attribute lists. Those attributes come with codes.
* The comments following the codes below indicate what type the value should
* be a pointer to.
*/
typedef enum STORE_attribs {
STORE_ATTR_END = 0x00,
STORE_ATTR_FRIENDLYNAME = 0x01, /* C string */
STORE_ATTR_KEYID = 0x02, /* 160 bit string (SHA1) */
STORE_ATTR_ISSUERKEYID = 0x03, /* 160 bit string (SHA1) */
STORE_ATTR_SUBJECTKEYID = 0x04, /* 160 bit string (SHA1) */
STORE_ATTR_ISSUERSERIALHASH = 0x05, /* 160 bit string (SHA1) */
STORE_ATTR_ISSUER = 0x06, /* X509_NAME * */
STORE_ATTR_SERIAL = 0x07, /* BIGNUM * */
STORE_ATTR_SUBJECT = 0x08, /* X509_NAME * */
STORE_ATTR_CERTHASH = 0x09, /* 160 bit string (SHA1) */
STORE_ATTR_EMAIL = 0x0a, /* C string */
STORE_ATTR_FILENAME = 0x0b, /* C string */
STORE_ATTR_TYPE_NUM = 0x0b, /* The amount of known attribute types */
STORE_ATTR_OR = 0xff /* This is a special separator, which
* expresses the OR operation. */
} STORE_ATTR_TYPES;
/*
* Attribute value sizes. -1 means unknown, anything else is the required
* size.
*/
extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1];
typedef enum STORE_certificate_status {
STORE_X509_VALID = 0x00,
STORE_X509_EXPIRED = 0x01,
STORE_X509_SUSPENDED = 0x02,
STORE_X509_REVOKED = 0x03
} STORE_CERTIFICATE_STATUS;
/*
* Engine store functions will return a structure that contains all the
* necessary information, including revokation status for certificates. This
* is really not needed for application authors, as the ENGINE framework
* functions will extract the OpenSSL-specific information when at all
* possible. However, for engine authors, it's crucial to know this
* structure.
*/
typedef struct STORE_OBJECT_st {
STORE_OBJECT_TYPES type;
union {
struct {
STORE_CERTIFICATE_STATUS status;
X509 *certificate;
} x509;
X509_CRL *crl;
EVP_PKEY *key;
BIGNUM *number;
BUF_MEM *arbitrary;
} data;
} STORE_OBJECT;
DECLARE_STACK_OF(STORE_OBJECT)
STORE_OBJECT *STORE_OBJECT_new(void);
void STORE_OBJECT_free(STORE_OBJECT *data);
/*
* The following functions handle the storage. They return 0, a negative
* number or NULL on error, anything else on success.
*/
X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],
OPENSSL_ITEM add_attributes[],
OPENSSL_ITEM modify_attributes[],
OPENSSL_ITEM delete_attributes[],
OPENSSL_ITEM parameters[]);
int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
X509 *STORE_list_certificate_next(STORE *e, void *handle);
int STORE_list_certificate_end(STORE *e, void *handle);
int STORE_list_certificate_endp(STORE *e, void *handle);
EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_store_private_key(STORE *e, EVP_PKEY *data,
OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],
OPENSSL_ITEM add_sttributes[],
OPENSSL_ITEM modify_attributes[],
OPENSSL_ITEM delete_attributes[],
OPENSSL_ITEM parameters[]);
int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);
int STORE_list_private_key_end(STORE *e, void *handle);
int STORE_list_private_key_endp(STORE *e, void *handle);
EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_store_public_key(STORE *e, EVP_PKEY *data,
OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],
OPENSSL_ITEM add_sttributes[],
OPENSSL_ITEM modify_attributes[],
OPENSSL_ITEM delete_attributes[],
OPENSSL_ITEM parameters[]);
int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);
int STORE_list_public_key_end(STORE *e, void *handle);
int STORE_list_public_key_endp(STORE *e, void *handle);
X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],
OPENSSL_ITEM add_sttributes[],
OPENSSL_ITEM modify_attributes[],
OPENSSL_ITEM delete_attributes[],
OPENSSL_ITEM parameters[]);
int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
X509_CRL *STORE_list_crl_next(STORE *e, void *handle);
int STORE_list_crl_end(STORE *e, void *handle);
int STORE_list_crl_endp(STORE *e, void *handle);
int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],
OPENSSL_ITEM add_sttributes[],
OPENSSL_ITEM modify_attributes[],
OPENSSL_ITEM delete_attributes[],
OPENSSL_ITEM parameters[]);
BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],
OPENSSL_ITEM add_sttributes[],
OPENSSL_ITEM modify_attributes[],
OPENSSL_ITEM delete_attributes[],
OPENSSL_ITEM parameters[]);
BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
/* Create and manipulate methods */
STORE_METHOD *STORE_create_method(char *name);
void STORE_destroy_method(STORE_METHOD *store_method);
/* These callback types are use for store handlers */
typedef int (*STORE_INITIALISE_FUNC_PTR) (STORE *);
typedef void (*STORE_CLEANUP_FUNC_PTR) (STORE *);
typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *,
STORE_OBJECT_TYPES
type,
OPENSSL_ITEM
attributes[],
OPENSSL_ITEM
parameters[]);
typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *,
STORE_OBJECT_TYPES type,
OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type,
OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);
typedef int (*STORE_END_OBJECT_FUNC_PTR) (STORE *, void *handle);
typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
typedef int (*STORE_STORE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
STORE_OBJECT *data,
OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
OPENSSL_ITEM search_attributes[],
OPENSSL_ITEM add_attributes[],
OPENSSL_ITEM modify_attributes[],
OPENSSL_ITEM delete_attributes[],
OPENSSL_ITEM parameters[]);
typedef int (*STORE_GENERIC_FUNC_PTR) (STORE *, OPENSSL_ITEM attributes[],
OPENSSL_ITEM parameters[]);
typedef int (*STORE_CTRL_FUNC_PTR) (STORE *, int cmd, long l, void *p,
void (*f) (void));
int STORE_method_set_initialise_function(STORE_METHOD *sm,
STORE_INITIALISE_FUNC_PTR init_f);
int STORE_method_set_cleanup_function(STORE_METHOD *sm,
STORE_CLEANUP_FUNC_PTR clean_f);
int STORE_method_set_generate_function(STORE_METHOD *sm,
STORE_GENERATE_OBJECT_FUNC_PTR
generate_f);
int STORE_method_set_get_function(STORE_METHOD *sm,
STORE_GET_OBJECT_FUNC_PTR get_f);
int STORE_method_set_store_function(STORE_METHOD *sm,
STORE_STORE_OBJECT_FUNC_PTR store_f);
int STORE_method_set_modify_function(STORE_METHOD *sm,
STORE_MODIFY_OBJECT_FUNC_PTR store_f);
int STORE_method_set_revoke_function(STORE_METHOD *sm,
STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);
int STORE_method_set_delete_function(STORE_METHOD *sm,
STORE_HANDLE_OBJECT_FUNC_PTR delete_f);
int STORE_method_set_list_start_function(STORE_METHOD *sm,
STORE_START_OBJECT_FUNC_PTR
list_start_f);
int STORE_method_set_list_next_function(STORE_METHOD *sm,
STORE_NEXT_OBJECT_FUNC_PTR
list_next_f);
int STORE_method_set_list_end_function(STORE_METHOD *sm,
STORE_END_OBJECT_FUNC_PTR list_end_f);
int STORE_method_set_update_store_function(STORE_METHOD *sm,
STORE_GENERIC_FUNC_PTR);
int STORE_method_set_lock_store_function(STORE_METHOD *sm,
STORE_GENERIC_FUNC_PTR);
int STORE_method_set_unlock_store_function(STORE_METHOD *sm,
STORE_GENERIC_FUNC_PTR);
int STORE_method_set_ctrl_function(STORE_METHOD *sm,
STORE_CTRL_FUNC_PTR ctrl_f);
STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD
*sm);
STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);
STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD
*sm);
STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);
STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);
STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD
*sm);
STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD
*sm);
STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD
*sm);
STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD
*sm);
STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD
*sm);
STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD
*sm);
STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD
*sm);
STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);
STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD
*sm);
STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);
/* Method helper structures and functions. */
/*
* This structure is the result of parsing through the information in a list
* of OPENSSL_ITEMs. It stores all the necessary information in a structured
* way.
*/
typedef struct STORE_attr_info_st STORE_ATTR_INFO;
/*
* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.
* Note that we do this in the list form, since the list of OPENSSL_ITEMs can
* come in blocks separated with STORE_ATTR_OR. Note that the value returned
* by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free().
*/
void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);
STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);
int STORE_parse_attrs_end(void *handle);
int STORE_parse_attrs_endp(void *handle);
/* Creator and destructor */
STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);
int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);
/* Manipulators */
char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs,
STORE_ATTR_TYPES code);
unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
STORE_ATTR_TYPES code);
X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs,
STORE_ATTR_TYPES code);
BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs,
STORE_ATTR_TYPES code);
int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
char *cstr, size_t cstr_size);
int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
unsigned char *sha1str, size_t sha1str_size);
int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
X509_NAME *dn);
int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
BIGNUM *number);
int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
char *cstr, size_t cstr_size);
int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs,
STORE_ATTR_TYPES code,
unsigned char *sha1str,
size_t sha1str_size);
int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
X509_NAME *dn);
int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs,
STORE_ATTR_TYPES code, BIGNUM *number);
/*
* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in
* each contained attribute.
*/
int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
/*
* Check if the set of attributes in a is within the range of attributes set
* in b.
*/
int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
/* Check if the set of attributes in a are also set in b. */
int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */
int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_STORE_strings(void);
/* Error codes for the STORE functions. */
/* Function codes. */
# define STORE_F_MEM_DELETE 134
# define STORE_F_MEM_GENERATE 135
# define STORE_F_MEM_LIST_END 168
# define STORE_F_MEM_LIST_NEXT 136
# define STORE_F_MEM_LIST_START 137
# define STORE_F_MEM_MODIFY 169
# define STORE_F_MEM_STORE 138
# define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139
# define STORE_F_STORE_ATTR_INFO_GET0_DN 140
# define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141
# define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142
# define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143
# define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144
# define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145
# define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146
# define STORE_F_STORE_ATTR_INFO_SET_CSTR 147
# define STORE_F_STORE_ATTR_INFO_SET_DN 148
# define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149
# define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150
# define STORE_F_STORE_CERTIFICATE 170
# define STORE_F_STORE_CTRL 161
# define STORE_F_STORE_DELETE_ARBITRARY 158
# define STORE_F_STORE_DELETE_CERTIFICATE 102
# define STORE_F_STORE_DELETE_CRL 103
# define STORE_F_STORE_DELETE_NUMBER 104
# define STORE_F_STORE_DELETE_PRIVATE_KEY 105
# define STORE_F_STORE_DELETE_PUBLIC_KEY 106
# define STORE_F_STORE_GENERATE_CRL 107
# define STORE_F_STORE_GENERATE_KEY 108
# define STORE_F_STORE_GET_ARBITRARY 159
# define STORE_F_STORE_GET_CERTIFICATE 109
# define STORE_F_STORE_GET_CRL 110
# define STORE_F_STORE_GET_NUMBER 111
# define STORE_F_STORE_GET_PRIVATE_KEY 112
# define STORE_F_STORE_GET_PUBLIC_KEY 113
# define STORE_F_STORE_LIST_CERTIFICATE_END 114
# define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153
# define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115
# define STORE_F_STORE_LIST_CERTIFICATE_START 116
# define STORE_F_STORE_LIST_CRL_END 117
# define STORE_F_STORE_LIST_CRL_ENDP 154
# define STORE_F_STORE_LIST_CRL_NEXT 118
# define STORE_F_STORE_LIST_CRL_START 119
# define STORE_F_STORE_LIST_PRIVATE_KEY_END 120
# define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155
# define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121
# define STORE_F_STORE_LIST_PRIVATE_KEY_START 122
# define STORE_F_STORE_LIST_PUBLIC_KEY_END 123
# define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156
# define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124
# define STORE_F_STORE_LIST_PUBLIC_KEY_START 125
# define STORE_F_STORE_MODIFY_ARBITRARY 162
# define STORE_F_STORE_MODIFY_CERTIFICATE 163
# define STORE_F_STORE_MODIFY_CRL 164
# define STORE_F_STORE_MODIFY_NUMBER 165
# define STORE_F_STORE_MODIFY_PRIVATE_KEY 166
# define STORE_F_STORE_MODIFY_PUBLIC_KEY 167
# define STORE_F_STORE_NEW_ENGINE 133
# define STORE_F_STORE_NEW_METHOD 132
# define STORE_F_STORE_PARSE_ATTRS_END 151
# define STORE_F_STORE_PARSE_ATTRS_ENDP 172
# define STORE_F_STORE_PARSE_ATTRS_NEXT 152
# define STORE_F_STORE_PARSE_ATTRS_START 171
# define STORE_F_STORE_REVOKE_CERTIFICATE 129
# define STORE_F_STORE_REVOKE_PRIVATE_KEY 130
# define STORE_F_STORE_REVOKE_PUBLIC_KEY 131
# define STORE_F_STORE_STORE_ARBITRARY 157
# define STORE_F_STORE_STORE_CERTIFICATE 100
# define STORE_F_STORE_STORE_CRL 101
# define STORE_F_STORE_STORE_NUMBER 126
# define STORE_F_STORE_STORE_PRIVATE_KEY 127
# define STORE_F_STORE_STORE_PUBLIC_KEY 128
/* Reason codes. */
# define STORE_R_ALREADY_HAS_A_VALUE 127
# define STORE_R_FAILED_DELETING_ARBITRARY 132
# define STORE_R_FAILED_DELETING_CERTIFICATE 100
# define STORE_R_FAILED_DELETING_KEY 101
# define STORE_R_FAILED_DELETING_NUMBER 102
# define STORE_R_FAILED_GENERATING_CRL 103
# define STORE_R_FAILED_GENERATING_KEY 104
# define STORE_R_FAILED_GETTING_ARBITRARY 133
# define STORE_R_FAILED_GETTING_CERTIFICATE 105
# define STORE_R_FAILED_GETTING_KEY 106
# define STORE_R_FAILED_GETTING_NUMBER 107
# define STORE_R_FAILED_LISTING_CERTIFICATES 108
# define STORE_R_FAILED_LISTING_KEYS 109
# define STORE_R_FAILED_MODIFYING_ARBITRARY 138
# define STORE_R_FAILED_MODIFYING_CERTIFICATE 139
# define STORE_R_FAILED_MODIFYING_CRL 140
# define STORE_R_FAILED_MODIFYING_NUMBER 141
# define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142
# define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143
# define STORE_R_FAILED_REVOKING_CERTIFICATE 110
# define STORE_R_FAILED_REVOKING_KEY 111
# define STORE_R_FAILED_STORING_ARBITRARY 134
# define STORE_R_FAILED_STORING_CERTIFICATE 112
# define STORE_R_FAILED_STORING_KEY 113
# define STORE_R_FAILED_STORING_NUMBER 114
# define STORE_R_NOT_IMPLEMENTED 128
# define STORE_R_NO_CONTROL_FUNCTION 144
# define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135
# define STORE_R_NO_DELETE_NUMBER_FUNCTION 115
# define STORE_R_NO_DELETE_OBJECT_FUNCTION 116
# define STORE_R_NO_GENERATE_CRL_FUNCTION 117
# define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118
# define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136
# define STORE_R_NO_GET_OBJECT_FUNCTION 119
# define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120
# define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131
# define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121
# define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122
# define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123
# define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145
# define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124
# define STORE_R_NO_STORE 129
# define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137
# define STORE_R_NO_STORE_OBJECT_FUNCTION 125
# define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126
# define STORE_R_NO_VALUE 130
#ifdef __cplusplus
}
#endif
#endif

102
Cryptlib/Include/openssl/symhacks.h
View File

@ -71,10 +71,6 @@
*/
# ifdef OPENSSL_SYS_VMS
/* Hack a long name in crypto/cryptlib.c */
# undef int_CRYPTO_set_do_dynlock_callback
# define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb
/* Hack a long name in crypto/ex_data.c */
# undef CRYPTO_get_ex_data_implementation
# define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl
@ -170,7 +166,7 @@
# undef CRYPTO_get_locked_mem_ex_functions
# define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs
/* Hack some long SSL names */
/* Hack some long SSL/TLS names */
# undef SSL_CTX_set_default_verify_paths
# define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths
# undef SSL_get_ex_data_X509_STORE_CTX_idx
@ -187,7 +183,10 @@
# define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
# undef SSL_COMP_get_compression_methods
# define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
# undef SSL_COMP_set0_compression_methods
# define SSL_COMP_set0_compression_methods SSL_COMP_set0_compress_methods
# undef SSL_COMP_free_compression_methods
# define SSL_COMP_free_compression_methods SSL_COMP_free_compress_methods
# undef ssl_add_clienthello_renegotiate_ext
# define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext
# undef ssl_add_serverhello_renegotiate_ext
@ -196,6 +195,35 @@
# define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext
# undef ssl_parse_serverhello_renegotiate_ext
# define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext
# undef SSL_srp_server_param_with_username
# define SSL_srp_server_param_with_username SSL_srp_server_param_with_un
# undef SSL_CTX_set_srp_client_pwd_callback
# define SSL_CTX_set_srp_client_pwd_callback SSL_CTX_set_srp_client_pwd_cb
# undef SSL_CTX_set_srp_verify_param_callback
# define SSL_CTX_set_srp_verify_param_callback SSL_CTX_set_srp_vfy_param_cb
# undef SSL_CTX_set_srp_username_callback
# define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb
# undef ssl_add_clienthello_use_srtp_ext
# define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext
# undef ssl_add_serverhello_use_srtp_ext
# define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext
# undef ssl_parse_clienthello_use_srtp_ext
# define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext
# undef ssl_parse_serverhello_use_srtp_ext
# define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext
# undef SSL_CTX_set_next_protos_advertised_cb
# define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
# undef SSL_CTX_set_next_proto_select_cb
# define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
# undef tls1_send_server_supplemental_data
# define tls1_send_server_supplemental_data tls1_send_server_suppl_data
# undef tls1_send_client_supplemental_data
# define tls1_send_client_supplemental_data tls1_send_client_suppl_data
# undef tls1_get_server_supplemental_data
# define tls1_get_server_supplemental_data tls1_get_server_suppl_data
# undef tls1_get_client_supplemental_data
# define tls1_get_client_supplemental_data tls1_get_client_suppl_data
# undef ssl3_cbc_record_digest_supported
# define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support
@ -204,7 +232,11 @@
# undef ssl_check_clienthello_tlsext_early
# define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early
/* Hack some long ENGINE names */
/* Hack some RSA long names */
# undef RSA_padding_check_PKCS1_OAEP_mgf1
# define RSA_padding_check_PKCS1_OAEP_mgf1 RSA_pad_check_PKCS1_OAEP_mgf1
/* Hack some ENGINE long names */
# undef ENGINE_get_default_BN_mod_exp_crt
# define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt
# undef ENGINE_set_default_BN_mod_exp_crt
@ -213,6 +245,14 @@
# define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn
# undef ENGINE_get_load_privkey_function
# define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn
# undef ENGINE_unregister_pkey_asn1_meths
# define ENGINE_unregister_pkey_asn1_meths ENGINE_unreg_pkey_asn1_meths
# undef ENGINE_register_all_pkey_asn1_meths
# define ENGINE_register_all_pkey_asn1_meths ENGINE_reg_all_pkey_asn1_meths
# undef ENGINE_set_default_pkey_asn1_meths
# define ENGINE_set_default_pkey_asn1_meths ENGINE_set_def_pkey_asn1_meths
# undef ENGINE_get_pkey_asn1_meth_engine
# define ENGINE_get_pkey_asn1_meth_engine ENGINE_get_pkey_asn1_meth_eng
# undef ENGINE_set_load_ssl_client_cert_function
# define ENGINE_set_load_ssl_client_cert_function \
ENGINE_set_ld_ssl_clnt_cert_fn
@ -238,6 +278,8 @@
# define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf
# undef OPENSSL_add_all_algorithms_conf
# define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf
# undef EVP_PKEY_meth_set_verify_recover
# define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover
/* Hack some long EC names */
# undef EC_GROUP_set_point_conversion_form
@ -246,6 +288,9 @@
# define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form
# undef EC_GROUP_clear_free_all_extra_data
# define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data
# undef EC_KEY_set_public_key_affine_coordinates
# define EC_KEY_set_public_key_affine_coordinates \
EC_KEY_set_pub_key_aff_coords
# undef EC_POINT_set_Jprojective_coordinates_GFp
# define EC_POINT_set_Jprojective_coordinates_GFp \
EC_POINT_set_Jproj_coords_GFp
@ -379,6 +424,14 @@
# undef STORE_method_get_unlock_store_function
# define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn
/* Hack some long TS names */
# undef TS_RESP_CTX_set_status_info_cond
# define TS_RESP_CTX_set_status_info_cond TS_RESP_CTX_set_stat_info_cond
# undef TS_RESP_CTX_set_clock_precision_digits
# define TS_RESP_CTX_set_clock_precision_digits TS_RESP_CTX_set_clk_prec_digits
# undef TS_CONF_set_clock_precision_digits
# define TS_CONF_set_clock_precision_digits TS_CONF_set_clk_prec_digits
/* Hack some long CMS names */
# undef CMS_RecipientInfo_ktri_get0_algs
# define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs
@ -392,15 +445,39 @@
# define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it
# undef cms_SignerIdentifier_get0_signer_id
# define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id
# undef CMS_RecipientInfo_kari_get0_orig_id
# define CMS_RecipientInfo_kari_get0_orig_id CMS_RecipInfo_kari_get0_orig_id
# undef CMS_RecipientInfo_kari_get0_reks
# define CMS_RecipientInfo_kari_get0_reks CMS_RecipInfo_kari_get0_reks
# undef CMS_RecipientEncryptedKey_cert_cmp
# define CMS_RecipientEncryptedKey_cert_cmp CMS_RecipEncryptedKey_cert_cmp
# undef CMS_RecipientInfo_kari_set0_pkey
# define CMS_RecipientInfo_kari_set0_pkey CMS_RecipInfo_kari_set0_pkey
# undef CMS_RecipientEncryptedKey_get0_id
# define CMS_RecipientEncryptedKey_get0_id CMS_RecipEncryptedKey_get0_id
# undef CMS_RecipientInfo_kari_orig_id_cmp
# define CMS_RecipientInfo_kari_orig_id_cmp CMS_RecipInfo_kari_orig_id_cmp
/* Hack some long DTLS1 names */
# undef dtls1_retransmit_buffered_messages
# define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs
/* Hack some long SRP names */
# undef SRP_generate_server_master_secret
# define SRP_generate_server_master_secret SRP_gen_server_master_secret
# undef SRP_generate_client_master_secret
# define SRP_generate_client_master_secret SRP_gen_client_master_secret
/* Hack some long UI names */
# undef UI_method_get_prompt_constructor
# define UI_method_get_prompt_constructor UI_method_get_prompt_constructr
# undef UI_method_set_prompt_constructor
# define UI_method_set_prompt_constructor UI_method_set_prompt_constructr
# endif /* defined OPENSSL_SYS_VMS */
/* Case insensiteve linking causes problems.... */
# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
/* Case insensitive linking causes problems.... */
# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
# undef ERR_load_CRYPTO_strings
# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings
# undef OCSP_crlID_new
@ -430,9 +507,10 @@
# undef X509v3_add_standard_extensions
# define X509v3_add_standard_extensions oX509v3_add_standard_extensions
/* This one clashes with CMS_data_create */
# undef cms_Data_create
# define cms_Data_create priv_cms_Data_create
# endif
#endif /* ! defined HEADER_VMS_IDHACKS_H */
/* This one clashes with CMS_data_create */
#undef cms_Data_create
#define cms_Data_create priv_cms_Data_create

387
Cryptlib/Include/openssl/tls1.h
View File

@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
@ -68,6 +121,32 @@
* Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright 2005 Nokia. All rights reserved.
*
* The portions of the attached software ("Contribution") is developed by
* Nokia Corporation and is licensed pursuant to the OpenSSL open source
* license.
*
* The Contribution, originally written by Mika Kousa and Pasi Eronen of
* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
* support (see RFC 4279) to OpenSSL.
*
* No patent licenses or other rights except those expressly stated in
* the OpenSSL open source license shall be deemed granted or received
* expressly, by implication, estoppel, or otherwise.
*
* No assurances are provided by Nokia that the Contribution does not
* infringe the patent or other intellectual property rights of any third
* party or that the license provides you with all the necessary rights
* to make use of the Contribution.
*
* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
* OTHERWISE.
*/
#ifndef HEADER_TLS1_H
# define HEADER_TLS1_H
@ -83,13 +162,7 @@ extern "C" {
# define TLS1_VERSION 0x0301
# define TLS1_1_VERSION 0x0302
# define TLS1_2_VERSION 0x0303
/*
* TLS 1.1 and 1.2 are not supported by this version of OpenSSL, so
* TLS_MAX_VERSION indicates TLS 1.0 regardless of the above definitions.
* (s23_clnt.c and s23_srvr.c have an OPENSSL_assert() check that would catch
* the error if TLS_MAX_VERSION was too low.)
*/
# define TLS_MAX_VERSION TLS1_VERSION
# define TLS_MAX_VERSION TLS1_2_VERSION
# define TLS1_VERSION_MAJOR 0x03
# define TLS1_VERSION_MINOR 0x01
@ -127,31 +200,137 @@ extern "C" {
# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */
/* ExtensionType values from RFC 3546 */
/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
# define TLSEXT_TYPE_server_name 0
# define TLSEXT_TYPE_max_fragment_length 1
# define TLSEXT_TYPE_client_certificate_url 2
# define TLSEXT_TYPE_trusted_ca_keys 3
# define TLSEXT_TYPE_truncated_hmac 4
# define TLSEXT_TYPE_status_request 5
/* ExtensionType values from RFC4681 */
# define TLSEXT_TYPE_user_mapping 6
/* ExtensionType values from RFC5878 */
# define TLSEXT_TYPE_client_authz 7
# define TLSEXT_TYPE_server_authz 8
/* ExtensionType values from RFC6091 */
# define TLSEXT_TYPE_cert_type 9
/* ExtensionType values from RFC4492 */
# define TLSEXT_TYPE_elliptic_curves 10
# define TLSEXT_TYPE_ec_point_formats 11
/* ExtensionType value from RFC5054 */
# define TLSEXT_TYPE_srp 12
/* ExtensionType values from RFC5246 */
# define TLSEXT_TYPE_signature_algorithms 13
/* ExtensionType value from RFC5764 */
# define TLSEXT_TYPE_use_srtp 14
/* ExtensionType value from RFC5620 */
# define TLSEXT_TYPE_heartbeat 15
/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
/*
* ExtensionType value for TLS padding extension.
* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
* http://tools.ietf.org/html/draft-agl-tls-padding-03
*/
# define TLSEXT_TYPE_padding 21
/* ExtensionType value from RFC4507 */
# define TLSEXT_TYPE_session_ticket 35
/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
# if 0
/*
* will have to be provided externally for now ,
* i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
* using whatever extension number you'd like to try
*/
# define TLSEXT_TYPE_opaque_prf_input ??
# endif
/* Temporary extension type */
# define TLSEXT_TYPE_renegotiate 0xff01
# ifndef OPENSSL_NO_NEXTPROTONEG
/* This is not an IANA defined extension number */
# define TLSEXT_TYPE_next_proto_neg 13172
# endif
/* NameType value from RFC 3546 */
# define TLSEXT_NAMETYPE_host_name 0
/* status request value from RFC 3546 */
# define TLSEXT_STATUSTYPE_ocsp 1
/* ECPointFormat values from draft-ietf-tls-ecc-12 */
# define TLSEXT_ECPOINTFORMAT_first 0
# define TLSEXT_ECPOINTFORMAT_uncompressed 0
# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
# define TLSEXT_ECPOINTFORMAT_last 2
/* Signature and hash algorithms from RFC 5246 */
# define TLSEXT_signature_anonymous 0
# define TLSEXT_signature_rsa 1
# define TLSEXT_signature_dsa 2
# define TLSEXT_signature_ecdsa 3
/* Total number of different signature algorithms */
# define TLSEXT_signature_num 4
# define TLSEXT_hash_none 0
# define TLSEXT_hash_md5 1
# define TLSEXT_hash_sha1 2
# define TLSEXT_hash_sha224 3
# define TLSEXT_hash_sha256 4
# define TLSEXT_hash_sha384 5
# define TLSEXT_hash_sha512 6
/* Total number of different digest algorithms */
# define TLSEXT_hash_num 7
/* Flag set for unrecognised algorithms */
# define TLSEXT_nid_unknown 0x1000000
/* ECC curves */
# define TLSEXT_curve_P_256 23
# define TLSEXT_curve_P_384 24
# ifndef OPENSSL_NO_TLSEXT
# define TLSEXT_MAXLEN_host_name 255
const char *SSL_get_servername(const SSL *s, const int type);
int SSL_get_servername_type(const SSL *s);
/*
* SSL_export_keying_material exports a value derived from the master secret,
* as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
* optional context. (Since a zero length context is allowed, the |use_context|
* flag controls whether a context is included.) It returns 1 on success and
* zero otherwise.
*/
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const char *label, size_t llen,
const unsigned char *p, size_t plen,
int use_context);
int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
unsigned char *rsig, unsigned char *rhash);
int SSL_get_shared_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
unsigned char *rsig, unsigned char *rhash);
int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
# define SSL_set_tlsext_host_name(s,name) \
SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
@ -205,19 +384,45 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
# define SSL_set_tlsext_opaque_prf_input(s, src, len) \
SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
# define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
# define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# ifndef OPENSSL_NO_HEARTBEATS
# define SSL_TLSEXT_HB_ENABLED 0x01
# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02
# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04
# define SSL_get_tlsext_heartbeat_pending(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
# endif
# endif
/* PSK ciphersuites from 4279 */
# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B
# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
/*
* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
* s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
* shouldn't.
* Additional TLS ciphersuites from expired Internet Draft
* draft-ietf-tls-56-bit-ciphersuites-01.txt (available if
* TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c). We
* actually treat them like SSL 3.0 ciphers, which we probably shouldn't.
* Note that the first two are actually not in the IDs.
*/
# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060
# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061
# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060/* not in
* ID */
# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061/* not in
* ID */
# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
@ -240,6 +445,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
/* TLS v1.2 ciphersuites */
# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B
# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C
# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D
# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E
# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
/* Camellia ciphersuites from RFC4132 */
# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
@ -248,6 +461,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
/* TLS v1.2 ciphersuites */
# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067
# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068
# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069
# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A
# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B
# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
/* Camellia ciphersuites from RFC4132 */
# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
@ -263,6 +486,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
/* TLS v1.2 GCM ciphersuites from RFC5288 */
# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F
# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0
# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1
# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2
# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3
# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4
# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5
# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
/*
* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in
* draft 13
@ -297,12 +534,43 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
/* SRP ciphersuites from RFC 5054 */
# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A
# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B
# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C
# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D
# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E
# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F
# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020
# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
/* ECDH HMAC based ciphersuites from RFC5289 */
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026
# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027
# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028
# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
/* ECDH GCM based ciphersuites from RFC5289 */
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E
# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
/*
* XXX Inconsistency alert: The OpenSSL names of ciphers with ephemeral DH
* here include the string "DHE", while elsewhere it has always been "EDH".
* (The alias for the list of all such ciphers also is "EDH".) The
* specifications speak of "EDH"; maybe we should allow both forms for
* everything.
* XXX * Backward compatibility alert: + * Older versions of OpenSSL gave
* some DHE ciphers names with "EDH" + * instead of "DHE". Going forward, we
* should be using DHE + * everywhere, though we may indefinitely maintain
* aliases for users + * or configurations that used "EDH" +
*/
# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
@ -358,6 +626,23 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
/* PSK ciphersuites from RFC 4279 */
# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
/* SRP ciphersuite from RFC 5054 */
# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"
# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"
# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"
# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"
# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"
# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
/* Camellia ciphersuites from RFC4132 */
# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
@ -381,6 +666,56 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
/* TLS v1.2 ciphersuites */
# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"
# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"
# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"
# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"
# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"
# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"
# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"
# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"
# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"
# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"
# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"
# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
/* TLS v1.2 GCM ciphersuites from RFC5288 */
# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"
# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"
# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"
# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"
# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"
# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"
# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
/* ECDH HMAC based ciphersuites from RFC5289 */
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"
# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"
# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"
# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
/* ECDH GCM based ciphersuites from RFC5289 */
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256"
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384"
# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256"
# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384"
# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
# define TLS_CT_RSA_SIGN 1
# define TLS_CT_DSS_SIGN 2
# define TLS_CT_RSA_FIXED_DH 3
@ -388,7 +723,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS_CT_ECDSA_SIGN 64
# define TLS_CT_RSA_FIXED_ECDH 65
# define TLS_CT_ECDSA_FIXED_ECDH 66
# define TLS_CT_NUMBER 7
# define TLS_CT_GOST94_SIGN 21
# define TLS_CT_GOST01_SIGN 22
/*
* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
* comment there)
*/
# define TLS_CT_NUMBER 9
# define TLS1_FINISH_MAC_LENGTH 12
@ -460,6 +801,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
# endif
/* TLS Session Ticket extension struct */
struct tls_session_ticket_ext_st {
unsigned short length;
void *data;
};
#ifdef __cplusplus
}
#endif

91
Cryptlib/Include/openssl/tmdiff.h
View File

@ -1,91 +0,0 @@
/* crypto/tmdiff.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/*
* Header for dynamic hash table routines Author - Eric Young
*/
/*
* ... erm yeah, "dynamic hash tables" you say? And what would dynamic hash
* tables have to do with any of this code *now*? AFAICS, this code is only
* referenced by crypto/bn/exp.c which is an unused file that I doubt
* compiles any more. speed.c is the only thing that could use this (and it
* has nothing to do with hash tables), yet it instead has its own
* duplication of all this stuff and looks, if anything, more complete. See
* the corresponding note in apps/speed.c. The Bemused - Geoff
*/
#ifndef HEADER_TMDIFF_H
# define HEADER_TMDIFF_H
#ifdef __cplusplus
extern "C" {
#endif
typedef struct ms_tm MS_TM;
MS_TM *ms_time_new(void);
void ms_time_free(MS_TM * a);
void ms_time_get(MS_TM * a);
double ms_time_diff(MS_TM * start, MS_TM * end);
int ms_time_cmp(const MS_TM * ap, const MS_TM * bp);
#ifdef __cplusplus
}
#endif
#endif

862
Cryptlib/Include/openssl/ts.h Normal file
View File

@ -0,0 +1,862 @@
/* crypto/ts/ts.h */
/*
* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project
* 2002, 2003, 2004.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_TS_H
# define HEADER_TS_H
# include <openssl/opensslconf.h>
# include <openssl/symhacks.h>
# ifndef OPENSSL_NO_BUFFER
# include <openssl/buffer.h>
# endif
# ifndef OPENSSL_NO_EVP
# include <openssl/evp.h>
# endif
# ifndef OPENSSL_NO_BIO
# include <openssl/bio.h>
# endif
# include <openssl/stack.h>
# include <openssl/asn1.h>
# include <openssl/safestack.h>
# ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
# endif
# ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
# endif
# ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
# endif
#ifdef __cplusplus
extern "C" {
#endif
# ifdef WIN32
/* Under Win32 this is defined in wincrypt.h */
# undef X509_NAME
# endif
# include <openssl/x509.h>
# include <openssl/x509v3.h>
/*-
MessageImprint ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
hashedMessage OCTET STRING }
*/
typedef struct TS_msg_imprint_st {
X509_ALGOR *hash_algo;
ASN1_OCTET_STRING *hashed_msg;
} TS_MSG_IMPRINT;
/*-
TimeStampReq ::= SEQUENCE {
version INTEGER { v1(1) },
messageImprint MessageImprint,
--a hash algorithm OID and the hash value of the data to be
--time-stamped
reqPolicy TSAPolicyId OPTIONAL,
nonce INTEGER OPTIONAL,
certReq BOOLEAN DEFAULT FALSE,
extensions [0] IMPLICIT Extensions OPTIONAL }
*/
typedef struct TS_req_st {
ASN1_INTEGER *version;
TS_MSG_IMPRINT *msg_imprint;
ASN1_OBJECT *policy_id; /* OPTIONAL */
ASN1_INTEGER *nonce; /* OPTIONAL */
ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */
STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */
} TS_REQ;
/*-
Accuracy ::= SEQUENCE {
seconds INTEGER OPTIONAL,
millis [0] INTEGER (1..999) OPTIONAL,
micros [1] INTEGER (1..999) OPTIONAL }
*/
typedef struct TS_accuracy_st {
ASN1_INTEGER *seconds;
ASN1_INTEGER *millis;
ASN1_INTEGER *micros;
} TS_ACCURACY;
/*-
TSTInfo ::= SEQUENCE {
version INTEGER { v1(1) },
policy TSAPolicyId,
messageImprint MessageImprint,
-- MUST have the same value as the similar field in
-- TimeStampReq
serialNumber INTEGER,
-- Time-Stamping users MUST be ready to accommodate integers
-- up to 160 bits.
genTime GeneralizedTime,
accuracy Accuracy OPTIONAL,
ordering BOOLEAN DEFAULT FALSE,
nonce INTEGER OPTIONAL,
-- MUST be present if the similar field was present
-- in TimeStampReq. In that case it MUST have the same value.
tsa [0] GeneralName OPTIONAL,
extensions [1] IMPLICIT Extensions OPTIONAL }
*/
typedef struct TS_tst_info_st {
ASN1_INTEGER *version;
ASN1_OBJECT *policy_id;
TS_MSG_IMPRINT *msg_imprint;
ASN1_INTEGER *serial;
ASN1_GENERALIZEDTIME *time;
TS_ACCURACY *accuracy;
ASN1_BOOLEAN ordering;
ASN1_INTEGER *nonce;
GENERAL_NAME *tsa;
STACK_OF(X509_EXTENSION) *extensions;
} TS_TST_INFO;
/*-
PKIStatusInfo ::= SEQUENCE {
status PKIStatus,
statusString PKIFreeText OPTIONAL,
failInfo PKIFailureInfo OPTIONAL }
From RFC 1510 - section 3.1.1:
PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
-- text encoded as UTF-8 String (note: each UTF8String SHOULD
-- include an RFC 1766 language tag to indicate the language
-- of the contained text)
*/
/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */
# define TS_STATUS_GRANTED 0
# define TS_STATUS_GRANTED_WITH_MODS 1
# define TS_STATUS_REJECTION 2
# define TS_STATUS_WAITING 3
# define TS_STATUS_REVOCATION_WARNING 4
# define TS_STATUS_REVOCATION_NOTIFICATION 5
/*
* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c
*/
# define TS_INFO_BAD_ALG 0
# define TS_INFO_BAD_REQUEST 2
# define TS_INFO_BAD_DATA_FORMAT 5
# define TS_INFO_TIME_NOT_AVAILABLE 14
# define TS_INFO_UNACCEPTED_POLICY 15
# define TS_INFO_UNACCEPTED_EXTENSION 16
# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17
# define TS_INFO_SYSTEM_FAILURE 25
typedef struct TS_status_info_st {
ASN1_INTEGER *status;
STACK_OF(ASN1_UTF8STRING) *text;
ASN1_BIT_STRING *failure_info;
} TS_STATUS_INFO;
DECLARE_STACK_OF(ASN1_UTF8STRING)
DECLARE_ASN1_SET_OF(ASN1_UTF8STRING)
/*-
TimeStampResp ::= SEQUENCE {
status PKIStatusInfo,
timeStampToken TimeStampToken OPTIONAL }
*/
typedef struct TS_resp_st {
TS_STATUS_INFO *status_info;
PKCS7 *token;
TS_TST_INFO *tst_info;
} TS_RESP;
/* The structure below would belong to the ESS component. */
/*-
IssuerSerial ::= SEQUENCE {
issuer GeneralNames,
serialNumber CertificateSerialNumber
}
*/
typedef struct ESS_issuer_serial {
STACK_OF(GENERAL_NAME) *issuer;
ASN1_INTEGER *serial;
} ESS_ISSUER_SERIAL;
/*-
ESSCertID ::= SEQUENCE {
certHash Hash,
issuerSerial IssuerSerial OPTIONAL
}
*/
typedef struct ESS_cert_id {
ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */
ESS_ISSUER_SERIAL *issuer_serial;
} ESS_CERT_ID;
DECLARE_STACK_OF(ESS_CERT_ID)
DECLARE_ASN1_SET_OF(ESS_CERT_ID)
/*-
SigningCertificate ::= SEQUENCE {
certs SEQUENCE OF ESSCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL
}
*/
typedef struct ESS_signing_cert {
STACK_OF(ESS_CERT_ID) *cert_ids;
STACK_OF(POLICYINFO) *policy_info;
} ESS_SIGNING_CERT;
TS_REQ *TS_REQ_new(void);
void TS_REQ_free(TS_REQ *a);
int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp);
TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
TS_REQ *TS_REQ_dup(TS_REQ *a);
TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void);
void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a);
int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp);
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
const unsigned char **pp, long length);
TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
TS_RESP *TS_RESP_new(void);
void TS_RESP_free(TS_RESP *a);
int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp);
TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
TS_RESP *TS_RESP_dup(TS_RESP *a);
TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
TS_STATUS_INFO *TS_STATUS_INFO_new(void);
void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp);
TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a,
const unsigned char **pp, long length);
TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a);
TS_TST_INFO *TS_TST_INFO_new(void);
void TS_TST_INFO_free(TS_TST_INFO *a);
int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp);
TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
long length);
TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
TS_ACCURACY *TS_ACCURACY_new(void);
void TS_ACCURACY_free(TS_ACCURACY *a);
int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp);
TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp,
long length);
TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a);
ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void);
void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a);
int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp);
ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a,
const unsigned char **pp,
long length);
ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a);
ESS_CERT_ID *ESS_CERT_ID_new(void);
void ESS_CERT_ID_free(ESS_CERT_ID *a);
int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp);
ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp,
long length);
ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a);
ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void);
void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a);
int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp);
ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a,
const unsigned char **pp, long length);
ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
void ERR_load_TS_strings(void);
int TS_REQ_set_version(TS_REQ *a, long version);
long TS_REQ_get_version(const TS_REQ *a);
int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint);
TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a);
int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg);
X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a);
int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy);
ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a);
int TS_REQ_set_cert_req(TS_REQ *a, int cert_req);
int TS_REQ_get_cert_req(const TS_REQ *a);
STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a);
void TS_REQ_ext_free(TS_REQ *a);
int TS_REQ_get_ext_count(TS_REQ *a);
int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos);
int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc);
void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx);
/* Function declarations for TS_REQ defined in ts/ts_req_print.c */
int TS_REQ_print_bio(BIO *bio, TS_REQ *a);
/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */
int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info);
TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a);
/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info);
PKCS7 *TS_RESP_get_token(TS_RESP *a);
TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a);
int TS_TST_INFO_set_version(TS_TST_INFO *a, long version);
long TS_TST_INFO_get_version(const TS_TST_INFO *a);
int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id);
ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a);
int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint);
TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a);
int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial);
const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a);
int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime);
const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a);
int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy);
TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a);
int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds);
const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a);
int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis);
const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a);
int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros);
const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a);
int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering);
int TS_TST_INFO_get_ordering(const TS_TST_INFO *a);
int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce);
const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a);
int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa);
GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a);
STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a);
void TS_TST_INFO_ext_free(TS_TST_INFO *a);
int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos);
int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc);
void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx);
/*
* Declarations related to response generation, defined in ts/ts_resp_sign.c.
*/
/* Optional flags for response generation. */
/* Don't include the TSA name in response. */
# define TS_TSA_NAME 0x01
/* Set ordering to true in response. */
# define TS_ORDERING 0x02
/*
* Include the signer certificate and the other specified certificates in
* the ESS signing certificate attribute beside the PKCS7 signed data.
* Only the signer certificates is included by default.
*/
# define TS_ESS_CERT_ID_CHAIN 0x04
/* Forward declaration. */
struct TS_resp_ctx;
/* This must return a unique number less than 160 bits long. */
typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *);
/*
* This must return the seconds and microseconds since Jan 1, 1970 in the sec
* and usec variables allocated by the caller. Return non-zero for success
* and zero for failure.
*/
typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec,
long *usec);
/*
* This must process the given extension. It can modify the TS_TST_INFO
* object of the context. Return values: !0 (processed), 0 (error, it must
* set the status info/failure info of the response).
*/
typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *,
void *);
typedef struct TS_resp_ctx {
X509 *signer_cert;
EVP_PKEY *signer_key;
STACK_OF(X509) *certs; /* Certs to include in signed data. */
STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */
ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */
ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */
ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */
unsigned clock_precision_digits; /* fraction of seconds in time stamp
* token. */
unsigned flags; /* Optional info, see values above. */
/* Callback functions. */
TS_serial_cb serial_cb;
void *serial_cb_data; /* User data for serial_cb. */
TS_time_cb time_cb;
void *time_cb_data; /* User data for time_cb. */
TS_extension_cb extension_cb;
void *extension_cb_data; /* User data for extension_cb. */
/* These members are used only while creating the response. */
TS_REQ *request;
TS_RESP *response;
TS_TST_INFO *tst_info;
} TS_RESP_CTX;
DECLARE_STACK_OF(EVP_MD)
DECLARE_ASN1_SET_OF(EVP_MD)
/* Creates a response context that can be used for generating responses. */
TS_RESP_CTX *TS_RESP_CTX_new(void);
void TS_RESP_CTX_free(TS_RESP_CTX *ctx);
/* This parameter must be set. */
int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
/* This parameter must be set. */
int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
/* This parameter must be set. */
int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy);
/* No additional certs are included in the response by default. */
int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
/*
* Adds a new acceptable policy, only the default policy is accepted by
* default.
*/
int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy);
/*
* Adds a new acceptable message digest. Note that no message digests are
* accepted by default. The md argument is shared with the caller.
*/
int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md);
/* Accuracy is not included by default. */
int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
int secs, int millis, int micros);
/*
* Clock precision digits, i.e. the number of decimal digits: '0' means sec,
* '3' msec, '6' usec, and so on. Default is 0.
*/
int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
unsigned clock_precision_digits);
/* At most we accept usec precision. */
# define TS_MAX_CLOCK_PRECISION_DIGITS 6
/* No flags are set by default. */
void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
/* Default callback always returns a constant. */
void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data);
/* Default callback uses the gettimeofday() and gmtime() system calls. */
void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data);
/*
* Default callback rejects all extensions. The extension callback is called
* when the TS_TST_INFO object is already set up and not signed yet.
*/
/* FIXME: extension handling is not tested yet. */
void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx,
TS_extension_cb cb, void *data);
/* The following methods can be used in the callbacks. */
int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
int status, const char *text);
/* Sets the status info only if it is still TS_STATUS_GRANTED. */
int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
int status, const char *text);
int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure);
/* The get methods below can be used in the extension callback. */
TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx);
TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx);
/*
* Creates the signed TS_TST_INFO and puts it in TS_RESP.
* In case of errors it sets the status info properly.
* Returns NULL only in case of memory allocation/fatal error.
*/
TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio);
/*
* Declarations related to response verification,
* they are defined in ts/ts_resp_verify.c.
*/
int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
X509_STORE *store, X509 **signer_out);
/* Context structure for the generic verify method. */
/* Verify the signer's certificate and the signature of the response. */
# define TS_VFY_SIGNATURE (1u << 0)
/* Verify the version number of the response. */
# define TS_VFY_VERSION (1u << 1)
/* Verify if the policy supplied by the user matches the policy of the TSA. */
# define TS_VFY_POLICY (1u << 2)
/*
* Verify the message imprint provided by the user. This flag should not be
* specified with TS_VFY_DATA.
*/
# define TS_VFY_IMPRINT (1u << 3)
/*
* Verify the message imprint computed by the verify method from the user
* provided data and the MD algorithm of the response. This flag should not
* be specified with TS_VFY_IMPRINT.
*/
# define TS_VFY_DATA (1u << 4)
/* Verify the nonce value. */
# define TS_VFY_NONCE (1u << 5)
/* Verify if the TSA name field matches the signer certificate. */
# define TS_VFY_SIGNER (1u << 6)
/* Verify if the TSA name field equals to the user provided name. */
# define TS_VFY_TSA_NAME (1u << 7)
/* You can use the following convenience constants. */
# define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \
| TS_VFY_VERSION \
| TS_VFY_POLICY \
| TS_VFY_IMPRINT \
| TS_VFY_NONCE \
| TS_VFY_SIGNER \
| TS_VFY_TSA_NAME)
# define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \
| TS_VFY_VERSION \
| TS_VFY_POLICY \
| TS_VFY_DATA \
| TS_VFY_NONCE \
| TS_VFY_SIGNER \
| TS_VFY_TSA_NAME)
typedef struct TS_verify_ctx {
/* Set this to the union of TS_VFY_... flags you want to carry out. */
unsigned flags;
/* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
X509_STORE *store;
STACK_OF(X509) *certs;
/* Must be set only with TS_VFY_POLICY. */
ASN1_OBJECT *policy;
/*
* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
* algorithm from the response is used.
*/
X509_ALGOR *md_alg;
unsigned char *imprint;
unsigned imprint_len;
/* Must be set only with TS_VFY_DATA. */
BIO *data;
/* Must be set only with TS_VFY_TSA_NAME. */
ASN1_INTEGER *nonce;
/* Must be set only with TS_VFY_TSA_NAME. */
GENERAL_NAME *tsa_name;
} TS_VERIFY_CTX;
int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
/*
* Declarations related to response verification context,
* they are defined in ts/ts_verify_ctx.c.
*/
/* Set all fields to zero. */
TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
/*-
* If ctx is NULL, it allocates and returns a new object, otherwise
* it returns ctx. It initialises all the members as follows:
* flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE)
* certs = NULL
* store = NULL
* policy = policy from the request or NULL if absent (in this case
* TS_VFY_POLICY is cleared from flags as well)
* md_alg = MD algorithm from request
* imprint, imprint_len = imprint from request
* data = NULL
* nonce, nonce_len = nonce from the request or NULL if absent (in this case
* TS_VFY_NONCE is cleared from flags as well)
* tsa_name = NULL
* Important: after calling this method TS_VFY_SIGNATURE should be added!
*/
TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx);
/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */
int TS_RESP_print_bio(BIO *bio, TS_RESP *a);
int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a);
int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a);
/* Common utility functions defined in ts/ts_lib.c */
int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num);
int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj);
int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions);
int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg);
int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
/*
* Function declarations for handling configuration options, defined in
* ts/ts_conf.c
*/
X509 *TS_CONF_load_cert(const char *file);
STACK_OF(X509) *TS_CONF_load_certs(const char *file);
EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
TS_RESP_CTX *ctx);
int TS_CONF_set_crypto_device(CONF *conf, const char *section,
const char *device);
int TS_CONF_set_default_engine(const char *name);
int TS_CONF_set_signer_cert(CONF *conf, const char *section,
const char *cert, TS_RESP_CTX *ctx);
int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
TS_RESP_CTX *ctx);
int TS_CONF_set_signer_key(CONF *conf, const char *section,
const char *key, const char *pass,
TS_RESP_CTX *ctx);
int TS_CONF_set_def_policy(CONF *conf, const char *section,
const char *policy, TS_RESP_CTX *ctx);
int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx);
int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx);
int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
TS_RESP_CTX *ctx);
int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx);
int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);
int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
TS_RESP_CTX *ctx);
/* -------------------------------------------------- */
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_TS_strings(void);
/* Error codes for the TS functions. */
/* Function codes. */
# define TS_F_D2I_TS_RESP 147
# define TS_F_DEF_SERIAL_CB 110
# define TS_F_DEF_TIME_CB 111
# define TS_F_ESS_ADD_SIGNING_CERT 112
# define TS_F_ESS_CERT_ID_NEW_INIT 113
# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114
# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149
# define TS_F_PKCS7_TO_TS_TST_INFO 148
# define TS_F_TS_ACCURACY_SET_MICROS 115
# define TS_F_TS_ACCURACY_SET_MILLIS 116
# define TS_F_TS_ACCURACY_SET_SECONDS 117
# define TS_F_TS_CHECK_IMPRINTS 100
# define TS_F_TS_CHECK_NONCES 101
# define TS_F_TS_CHECK_POLICY 102
# define TS_F_TS_CHECK_SIGNING_CERTS 103
# define TS_F_TS_CHECK_STATUS_INFO 104
# define TS_F_TS_COMPUTE_IMPRINT 145
# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146
# define TS_F_TS_GET_STATUS_TEXT 105
# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118
# define TS_F_TS_REQ_SET_MSG_IMPRINT 119
# define TS_F_TS_REQ_SET_NONCE 120
# define TS_F_TS_REQ_SET_POLICY_ID 121
# define TS_F_TS_RESP_CREATE_RESPONSE 122
# define TS_F_TS_RESP_CREATE_TST_INFO 123
# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124
# define TS_F_TS_RESP_CTX_ADD_MD 125
# define TS_F_TS_RESP_CTX_ADD_POLICY 126
# define TS_F_TS_RESP_CTX_NEW 127
# define TS_F_TS_RESP_CTX_SET_ACCURACY 128
# define TS_F_TS_RESP_CTX_SET_CERTS 129
# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130
# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131
# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132
# define TS_F_TS_RESP_GET_POLICY 133
# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134
# define TS_F_TS_RESP_SET_STATUS_INFO 135
# define TS_F_TS_RESP_SET_TST_INFO 150
# define TS_F_TS_RESP_SIGN 136
# define TS_F_TS_RESP_VERIFY_SIGNATURE 106
# define TS_F_TS_RESP_VERIFY_TOKEN 107
# define TS_F_TS_TST_INFO_SET_ACCURACY 137
# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138
# define TS_F_TS_TST_INFO_SET_NONCE 139
# define TS_F_TS_TST_INFO_SET_POLICY_ID 140
# define TS_F_TS_TST_INFO_SET_SERIAL 141
# define TS_F_TS_TST_INFO_SET_TIME 142
# define TS_F_TS_TST_INFO_SET_TSA 143
# define TS_F_TS_VERIFY 108
# define TS_F_TS_VERIFY_CERT 109
# define TS_F_TS_VERIFY_CTX_NEW 144
/* Reason codes. */
# define TS_R_BAD_PKCS7_TYPE 132
# define TS_R_BAD_TYPE 133
# define TS_R_CERTIFICATE_VERIFY_ERROR 100
# define TS_R_COULD_NOT_SET_ENGINE 127
# define TS_R_COULD_NOT_SET_TIME 115
# define TS_R_D2I_TS_RESP_INT_FAILED 128
# define TS_R_DETACHED_CONTENT 134
# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116
# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101
# define TS_R_INVALID_NULL_POINTER 102
# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117
# define TS_R_MESSAGE_IMPRINT_MISMATCH 103
# define TS_R_NONCE_MISMATCH 104
# define TS_R_NONCE_NOT_RETURNED 105
# define TS_R_NO_CONTENT 106
# define TS_R_NO_TIME_STAMP_TOKEN 107
# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118
# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119
# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129
# define TS_R_POLICY_MISMATCH 108
# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120
# define TS_R_RESPONSE_SETUP_ERROR 121
# define TS_R_SIGNATURE_FAILURE 109
# define TS_R_THERE_MUST_BE_ONE_SIGNER 110
# define TS_R_TIME_SYSCALL_ERROR 122
# define TS_R_TOKEN_NOT_PRESENT 130
# define TS_R_TOKEN_PRESENT 131
# define TS_R_TSA_NAME_MISMATCH 111
# define TS_R_TSA_UNTRUSTED 112
# define TS_R_TST_INFO_SETUP_ERROR 123
# define TS_R_TS_DATASIGN 124
# define TS_R_UNACCEPTABLE_POLICY 125
# define TS_R_UNSUPPORTED_MD_ALGORITHM 126
# define TS_R_UNSUPPORTED_VERSION 113
# define TS_R_WRONG_CONTENT_TYPE 114
#ifdef __cplusplus
}
#endif
#endif

18
Cryptlib/Include/openssl/txt_db.h
View File

@ -77,15 +77,18 @@
extern "C" {
#endif
typedef OPENSSL_STRING *OPENSSL_PSTRING;
DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
typedef struct txt_db_st {
int num_fields;
STACK /* char ** */ * data;
LHASH **index;
int (**qual) (char **);
STACK_OF(OPENSSL_PSTRING) *data;
LHASH_OF(OPENSSL_STRING) **index;
int (**qual) (OPENSSL_STRING *);
long error;
long arg1;
long arg2;
char **arg_row;
OPENSSL_STRING *arg_row;
} TXT_DB;
# ifndef OPENSSL_NO_BIO
@ -95,11 +98,12 @@ long TXT_DB_write(BIO *out, TXT_DB *db);
TXT_DB *TXT_DB_read(char *in, int num);
long TXT_DB_write(char *out, TXT_DB *db);
# endif
int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (char **),
int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
void TXT_DB_free(TXT_DB *db);
char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
int TXT_DB_insert(TXT_DB *db, char **value);
OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
OPENSSL_STRING *value);
int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
#ifdef __cplusplus
}

11
Cryptlib/Include/openssl/ui.h
View File

@ -301,8 +301,8 @@ UI_METHOD *UI_OpenSSL(void);
* The UI_STRING type is the data structure that contains all the needed info
* about a string or a prompt, including test data for a verification prompt.
*/
DECLARE_STACK_OF(UI_STRING)
typedef struct ui_string_st UI_STRING;
DECLARE_STACK_OF(UI_STRING)
/*
* The different types of strings that are currently supported. This is only
@ -327,11 +327,20 @@ int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
int UI_method_set_reader(UI_METHOD *method,
int (*reader) (UI *ui, UI_STRING *uis));
int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
int UI_method_set_prompt_constructor(UI_METHOD *method,
char *(*prompt_constructor) (UI *ui,
const char
*object_desc,
const char
*object_name));
int (*UI_method_get_opener(UI_METHOD *method)) (UI *);
int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *);
int (*UI_method_get_flusher(UI_METHOD *method)) (UI *);
int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *);
int (*UI_method_get_closer(UI_METHOD *method)) (UI *);
char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
const char *,
const char *);
/*
* The following functions are helpers for method writers to access relevant

41
Cryptlib/Include/openssl/whrlpool.h Normal file
View File

@ -0,0 +1,41 @@
#ifndef HEADER_WHRLPOOL_H
# define HEADER_WHRLPOOL_H
# include <openssl/e_os2.h>
# include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
# define WHIRLPOOL_DIGEST_LENGTH (512/8)
# define WHIRLPOOL_BBLOCK 512
# define WHIRLPOOL_COUNTER (256/8)
typedef struct {
union {
unsigned char c[WHIRLPOOL_DIGEST_LENGTH];
/* double q is here to ensure 64-bit alignment */
double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)];
} H;
unsigned char data[WHIRLPOOL_BBLOCK / 8];
unsigned int bitoff;
size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)];
} WHIRLPOOL_CTX;
# ifndef OPENSSL_NO_WHIRLPOOL
# ifdef OPENSSL_FIPS
int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
# endif
int WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes);
void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits);
int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c);
unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md);
# endif
#ifdef __cplusplus
}
#endif
#endif

331
Cryptlib/Include/openssl/x509.h
View File

@ -154,11 +154,11 @@ typedef struct X509_val_st {
ASN1_TIME *notAfter;
} X509_VAL;
typedef struct X509_pubkey_st {
struct X509_pubkey_st {
X509_ALGOR *algor;
ASN1_BIT_STRING *public_key;
EVP_PKEY *pkey;
} X509_PUBKEY;
};
typedef struct X509_sig_st {
X509_ALGOR *algor;
@ -184,7 +184,9 @@ struct X509_name_st {
# else
char *bytes;
# endif
unsigned long hash; /* Keep the hash around for lookups */
/* unsigned long hash; Keep the hash around for lookups */
unsigned char *canon_enc;
int canon_enclen;
} /* X509_NAME */ ;
DECLARE_STACK_OF(X509_NAME)
@ -281,8 +283,11 @@ struct x509_st {
unsigned long ex_xkusage;
unsigned long ex_nscert;
ASN1_OCTET_STRING *skid;
struct AUTHORITY_KEYID_st *akid;
AUTHORITY_KEYID *akid;
X509_POLICY_CACHE *policy_cache;
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
# ifndef OPENSSL_NO_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
@ -325,10 +330,11 @@ typedef struct x509_cert_pair_st {
# define X509_TRUST_OBJECT_SIGN 5
# define X509_TRUST_OCSP_SIGN 6
# define X509_TRUST_OCSP_REQUEST 7
# define X509_TRUST_TSA 8
/* Keep these up to date! */
# define X509_TRUST_MIN 1
# define X509_TRUST_MAX 7
# define X509_TRUST_MAX 8
/* trust_flags values */
# define X509_TRUST_DYNAMIC 1
@ -355,6 +361,7 @@ typedef struct x509_cert_pair_st {
# define X509_FLAG_NO_SIGDUMP (1L << 9)
# define X509_FLAG_NO_AUX (1L << 10)
# define X509_FLAG_NO_ATTRIBUTES (1L << 11)
# define X509_FLAG_NO_IDS (1L << 12)
/* Flags specific to X509_NAME_print_ex() */
@ -417,12 +424,16 @@ typedef struct x509_cert_pair_st {
XN_FLAG_FN_LN | \
XN_FLAG_FN_ALIGN)
typedef struct X509_revoked_st {
struct x509_revoked_st {
ASN1_INTEGER *serialNumber;
ASN1_TIME *revocationDate;
STACK_OF(X509_EXTENSION) /* optional */ *extensions;
/* Set up if indirect CRL */
STACK_OF(GENERAL_NAME) *issuer;
/* Revocation reason */
int reason;
int sequence; /* load sequence */
} X509_REVOKED;
};
DECLARE_STACK_OF(X509_REVOKED)
DECLARE_ASN1_SET_OF(X509_REVOKED)
@ -444,6 +455,22 @@ struct X509_crl_st {
X509_ALGOR *sig_alg;
ASN1_BIT_STRING *signature;
int references;
int flags;
/* Copies of various extensions */
AUTHORITY_KEYID *akid;
ISSUING_DIST_POINT *idp;
/* Convenient breakdown of IDP */
int idp_flags;
int idp_reasons;
/* CRL and base CRL numbers for delta processing */
ASN1_INTEGER *crl_number;
ASN1_INTEGER *base_crl_number;
# ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
# endif
STACK_OF(GENERAL_NAMES) *issuers;
const X509_CRL_METHOD *meth;
void *meth_data;
} /* X509_CRL */ ;
DECLARE_STACK_OF(X509_CRL)
@ -532,19 +559,20 @@ typedef struct PBKDF2PARAM_st {
/* PKCS#8 private key info structure */
typedef struct pkcs8_priv_key_info_st {
struct pkcs8_priv_key_info_st {
/* Flag for various broken formats */
int broken;
# define PKCS8_OK 0
# define PKCS8_NO_OCTET 1
# define PKCS8_EMBEDDED_PARAM 2
# define PKCS8_NS_DB 3
# define PKCS8_NEG_PRIVKEY 4
ASN1_INTEGER *version;
X509_ALGOR *pkeyalg;
/* Should be OCTET STRING but some are broken */
ASN1_TYPE *pkey;
STACK_OF(X509_ATTRIBUTE) *attributes;
} PKCS8_PRIV_KEY_INFO;
};
#ifdef __cplusplus
}
@ -557,151 +585,6 @@ typedef struct pkcs8_priv_key_info_st {
extern "C" {
#endif
# ifdef SSLEAY_MACROS
# define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
a->signature,(char *)a->cert_info,r)
# define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
a->sig_alg,a->signature,(char *)a->req_info,r)
# define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
a->sig_alg, a->signature,(char *)a->crl,r)
# define X509_sign(x,pkey,md) \
ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
# define X509_REQ_sign(x,pkey,md) \
ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
x->signature, (char *)x->req_info,pkey,md)
# define X509_CRL_sign(x,pkey,md) \
ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
x->signature, (char *)x->crl,pkey,md)
# define NETSCAPE_SPKI_sign(x,pkey,md) \
ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
x->signature, (char *)x->spkac,pkey,md)
# define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
(char *(*)())d2i_X509,(char *)x509)
# define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
(int (*)())i2d_X509_ATTRIBUTE, \
(char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
# define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
(int (*)())i2d_X509_EXTENSION, \
(char *(*)())d2i_X509_EXTENSION,(char *)ex)
# define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
(char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
# define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
# define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
(char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
# define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
# define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
(char *(*)())d2i_X509_CRL,(char *)crl)
# define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
(unsigned char **)(crl))
# define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
(unsigned char *)crl)
# define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
(unsigned char **)(crl))
# define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
(unsigned char *)crl)
# define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
(char *(*)())d2i_PKCS7,(char *)p7)
# define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
(unsigned char **)(p7))
# define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
(unsigned char *)p7)
# define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
(unsigned char **)(p7))
# define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
(unsigned char *)p7)
# define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
(char *(*)())d2i_X509_REQ,(char *)req)
# define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
(unsigned char **)(req))
# define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
(unsigned char *)req)
# define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
(unsigned char **)(req))
# define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
(unsigned char *)req)
# define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
(char *(*)())d2i_RSAPublicKey,(char *)rsa)
# define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
(char *(*)())d2i_RSAPrivateKey,(char *)rsa)
# define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
(unsigned char **)(rsa))
# define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
(unsigned char *)rsa)
# define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
(unsigned char **)(rsa))
# define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
(unsigned char *)rsa)
# define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
(unsigned char **)(rsa))
# define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
(unsigned char *)rsa)
# define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
(unsigned char **)(rsa))
# define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
(unsigned char *)rsa)
# define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
(unsigned char **)(dsa))
# define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
(unsigned char *)dsa)
# define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
(unsigned char **)(dsa))
# define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
(unsigned char *)dsa)
# define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\
EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \
(unsigned char **)(ecdsa))
# define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \
(unsigned char *)ecdsa)
# define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\
EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \
(unsigned char **)(ecdsa))
# define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \
(unsigned char *)ecdsa)
# define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
(char *(*)())d2i_X509_ALGOR,(char *)xn)
# define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
(char *(*)())d2i_X509_NAME,(char *)xn)
# define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
(int (*)())i2d_X509_NAME_ENTRY, \
(char *(*)())d2i_X509_NAME_ENTRY,\
(char *)ne)
# define X509_digest(data,type,md,len) \
ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
# define X509_NAME_digest(data,type,md,len) \
ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
# ifndef PKCS7_ISSUER_AND_SERIAL_digest
# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
(char *)data,md,len)
# endif
# endif
# define X509_EXT_PACK_UNKNOWN 1
# define X509_EXT_PACK_STRING 2
@ -722,6 +605,20 @@ extern "C" {
# define X509_CRL_get_issuer(x) ((x)->crl->issuer)
# define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
int (*crl_free) (X509_CRL *crl),
int (*crl_lookup) (X509_CRL *crl,
X509_REVOKED **ret,
ASN1_INTEGER *ser,
X509_NAME *issuer),
int (*crl_verify) (X509_CRL *crl,
EVP_PKEY *pk));
void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
void *X509_CRL_get_meth_data(X509_CRL *crl);
/*
* This one is only used so that a binary form can output, as in
* i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
@ -730,8 +627,7 @@ extern "C" {
const char *X509_verify_cert_error_string(long n);
# ifndef SSLEAY_MACROS
# ifndef OPENSSL_NO_EVP
# ifndef OPENSSL_NO_EVP
int X509_verify(X509 *a, EVP_PKEY *r);
int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
@ -745,11 +641,17 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent);
int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig);
int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert);
int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl);
int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
@ -762,35 +664,35 @@ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
unsigned char *md, unsigned int *len);
int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
unsigned char *md, unsigned int *len);
# endif
# endif
# ifndef OPENSSL_NO_FP_API
# ifndef OPENSSL_NO_FP_API
X509 *d2i_X509_fp(FILE *fp, X509 **x509);
int i2d_X509_fp(FILE *fp, X509 *x509);
X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
# ifndef OPENSSL_NO_RSA
# ifndef OPENSSL_NO_RSA
RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
# endif
# ifndef OPENSSL_NO_DSA
# endif
# ifndef OPENSSL_NO_DSA
DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
# endif
# ifndef OPENSSL_NO_EC
# endif
# ifndef OPENSSL_NO_EC
EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
# endif
# endif
X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
@ -801,35 +703,35 @@ int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
# endif
# endif
# ifndef OPENSSL_NO_BIO
# ifndef OPENSSL_NO_BIO
X509 *d2i_X509_bio(BIO *bp, X509 **x509);
int i2d_X509_bio(BIO *bp, X509 *x509);
X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
# ifndef OPENSSL_NO_RSA
# ifndef OPENSSL_NO_RSA
RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
# endif
# ifndef OPENSSL_NO_DSA
# endif
# ifndef OPENSSL_NO_DSA
DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
# endif
# ifndef OPENSSL_NO_EC
# endif
# ifndef OPENSSL_NO_EC
EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
# endif
# endif
X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
@ -840,28 +742,30 @@ int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
# endif
# endif
X509 *X509_dup(X509 *x509);
X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
X509_CRL *X509_CRL_dup(X509_CRL *crl);
X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
X509_REQ *X509_REQ_dup(X509_REQ *req);
X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype,
void *pval);
void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
X509_ALGOR *algor);
void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
# endif /* !SSLEAY_MACROS */
int X509_cmp_time(ASN1_TIME *s, time_t *t);
int X509_cmp_current_time(ASN1_TIME *s);
int X509_cmp_time(const ASN1_TIME *s, time_t *t);
int X509_cmp_current_time(const ASN1_TIME *s);
ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
int offset_day, long offset_sec, time_t *t);
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
const char *X509_get_default_cert_area(void);
@ -928,6 +832,12 @@ void *X509_get_ex_data(X509 *r, int idx);
int i2d_X509_AUX(X509 *a, unsigned char **pp);
X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
const X509 *x);
int X509_get_signature_nid(const X509 *x);
int X509_alias_set1(X509 *x, unsigned char *name, int len);
int X509_keyid_set1(X509 *x, unsigned char *id, int len);
unsigned char *X509_alias_get0(X509 *x, int *len);
@ -945,6 +855,9 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
DECLARE_ASN1_FUNCTIONS(X509_CRL)
int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
int X509_CRL_get0_by_serial(X509_CRL *crl,
X509_REVOKED **ret, ASN1_INTEGER *serial);
int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
X509_PKEY *X509_PKEY_new(void);
void X509_PKEY_free(X509_PKEY *a);
@ -980,6 +893,9 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data,
EVP_PKEY *pkey, const EVP_MD *type);
int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
void *asn, EVP_MD_CTX *ctx);
# endif
int X509_set_version(X509 *x, long version);
@ -989,8 +905,8 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name);
X509_NAME *X509_get_issuer_name(X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name);
X509_NAME *X509_get_subject_name(X509 *a);
int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
EVP_PKEY *X509_get_pubkey(X509 *x);
ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
@ -1026,16 +942,24 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
int X509_CRL_set_version(X509_CRL *x, long version);
int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_sort(X509_CRL *crl);
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
int X509_check_private_key(X509 *x509, EVP_PKEY *pkey);
int X509_chain_check_suiteb(int *perror_depth,
X509 *x, STACK_OF(X509) *chain,
unsigned long flags);
int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
unsigned long X509_issuer_and_serial_hash(X509 *a);
@ -1046,11 +970,18 @@ unsigned long X509_issuer_name_hash(X509 *a);
int X509_subject_name_cmp(const X509 *a, const X509 *b);
unsigned long X509_subject_name_hash(X509 *x);
# ifndef OPENSSL_NO_MD5
unsigned long X509_issuer_name_hash_old(X509 *a);
unsigned long X509_subject_name_hash_old(X509 *x);
# endif
int X509_cmp(const X509 *a, const X509 *b);
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
unsigned long X509_NAME_hash(X509_NAME *x);
unsigned long X509_NAME_hash_old(X509_NAME *x);
int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
# ifndef OPENSSL_NO_FP_API
int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
unsigned long cflag);
@ -1250,10 +1181,19 @@ DECLARE_ASN1_FUNCTIONS(PBEPARAM)
DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
int saltlen);
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
const unsigned char *salt, int saltlen);
X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
const unsigned char *salt, int saltlen);
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
unsigned char *salt, int saltlen);
X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
unsigned char *salt, int saltlen,
unsigned char *aiv, int prf_nid);
X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
int prf_nid, int keylen);
/* PKCS#8 utilities */
@ -1264,6 +1204,20 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
int version, int ptype, void *pval,
unsigned char *penc, int penclen);
int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
const unsigned char **pk, int *ppklen,
X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8);
int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
int ptype, void *pval,
unsigned char *penc, int penclen);
int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
const unsigned char **pk, int *ppklen,
X509_ALGOR **pa, X509_PUBKEY *pub);
int X509_check_trust(X509 *x, int id, int flags);
int X509_TRUST_get_count(void);
X509_TRUST *X509_TRUST_get0(int idx);
@ -1300,6 +1254,7 @@ void ERR_load_X509_strings(void);
# define X509_F_X509_ATTRIBUTE_GET0_DATA 139
# define X509_F_X509_ATTRIBUTE_SET1_DATA 138
# define X509_F_X509_CHECK_PRIVATE_KEY 128
# define X509_F_X509_CRL_DIFF 105
# define X509_F_X509_CRL_PRINT_FP 147
# define X509_F_X509_EXTENSION_CREATE_BY_NID 108
# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
@ -1332,19 +1287,29 @@ void ERR_load_X509_strings(void);
# define X509_F_X509_VERIFY_CERT 127
/* Reason codes. */
# define X509_R_AKID_MISMATCH 110
# define X509_R_BAD_X509_FILETYPE 100
# define X509_R_BASE64_DECODE_ERROR 118
# define X509_R_CANT_CHECK_DH_KEY 114
# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
# define X509_R_CRL_ALREADY_DELTA 127
# define X509_R_CRL_VERIFY_FAILURE 131
# define X509_R_ERR_ASN1_LIB 102
# define X509_R_IDP_MISMATCH 128
# define X509_R_INVALID_DIRECTORY 113
# define X509_R_INVALID_FIELD_NAME 119
# define X509_R_INVALID_TRUST 123
# define X509_R_ISSUER_MISMATCH 129
# define X509_R_KEY_TYPE_MISMATCH 115
# define X509_R_KEY_VALUES_MISMATCH 116
# define X509_R_LOADING_CERT_DIR 103
# define X509_R_LOADING_DEFAULTS 104
# define X509_R_METHOD_NOT_SUPPORTED 124
# define X509_R_NEWER_CRL_NOT_NEWER 132
# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
# define X509_R_NO_CRL_NUMBER 130
# define X509_R_PUBLIC_KEY_DECODE_ERROR 125
# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126
# define X509_R_SHOULD_RETRY 106
# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108

95
Cryptlib/Include/openssl/x509_vfy.h
View File

@ -79,6 +79,7 @@
extern "C" {
#endif
# if 0
/* Outer object */
typedef struct x509_hash_dir_st {
int num_dirs;
@ -86,6 +87,7 @@ typedef struct x509_hash_dir_st {
int *dirs_type;
int num_dirs_alloced;
} X509_HASH_DIR_CTX;
# endif
typedef struct x509_file_st {
int num_paths; /* number of paths to files or directories */
@ -154,6 +156,8 @@ typedef struct x509_lookup_method_st {
X509_OBJECT *ret);
} X509_LOOKUP_METHOD;
typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
/*
* This structure hold all parameters associated with a verify operation by
* including an X509_VERIFY_PARAM structure in related structures the
@ -169,6 +173,7 @@ typedef struct X509_VERIFY_PARAM_st {
int trust; /* trust setting to check */
int depth; /* Verify depth */
STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
X509_VERIFY_PARAM_ID *id; /* opaque ID data */
} X509_VERIFY_PARAM;
DECLARE_STACK_OF(X509_VERIFY_PARAM)
@ -202,6 +207,8 @@ struct x509_store_st {
int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
/* Check certificate against CRL */
int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
int (*cleanup) (X509_STORE_CTX *ctx);
CRYPTO_EX_DATA ex_data;
int references;
@ -258,6 +265,8 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */
/* Check certificate against CRL */
int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
int (*check_policy) (X509_STORE_CTX *ctx);
STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
int (*cleanup) (X509_STORE_CTX *ctx);
/* The following is built up */
/* if 0, rebuild chain */
@ -278,6 +287,12 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */
X509 *current_issuer;
/* current CRL */
X509_CRL *current_crl;
/* score of current CRL */
int current_crl_score;
/* Reason mask */
unsigned int current_reasons;
/* For CRL path validation: parent context */
X509_STORE_CTX *parent;
CRYPTO_EX_DATA ex_data;
} /* X509_STORE_CTX */ ;
@ -345,8 +360,31 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
# define X509_V_ERR_INVALID_EXTENSION 41
# define X509_V_ERR_INVALID_POLICY_EXTENSION 42
# define X509_V_ERR_NO_EXPLICIT_POLICY 43
# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
# define X509_V_ERR_UNNESTED_RESOURCE 44
# define X509_V_ERR_UNNESTED_RESOURCE 46
# define X509_V_ERR_PERMITTED_VIOLATION 47
# define X509_V_ERR_EXCLUDED_VIOLATION 48
# define X509_V_ERR_SUBTREE_MINMAX 49
# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
/* Suite B mode algorithm violation */
# define X509_V_ERR_SUITE_B_INVALID_VERSION 56
# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
# define X509_V_ERR_SUITE_B_INVALID_CURVE 58
# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
/* Host, email and IP check errors */
# define X509_V_ERR_HOSTNAME_MISMATCH 62
# define X509_V_ERR_EMAIL_MISMATCH 63
# define X509_V_ERR_IP_ADDRESS_MISMATCH 64
/* The application is not happy */
# define X509_V_ERR_APPLICATION_VERIFICATION 50
@ -377,9 +415,29 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
# define X509_V_FLAG_INHIBIT_MAP 0x400
/* Notify callback that policy is OK */
# define X509_V_FLAG_NOTIFY_POLICY 0x800
/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000
/* Delta CRL support */
# define X509_V_FLAG_USE_DELTAS 0x2000
/* Check selfsigned CA signature */
# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
/* Use trusted store first */
# define X509_V_FLAG_TRUSTED_FIRST 0x8000
/* Suite B 128 bit only mode: not normally used */
# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000
/* Suite B 192 bit only mode */
# define X509_V_FLAG_SUITEB_192_LOS 0x20000
/* Suite B 128 bit mode allowing 192 bit algorithms */
# define X509_V_FLAG_SUITEB_128_LOS 0x30000
/* Allow partial chains if at least one certificate is in trusted store */
# define X509_V_FLAG_PARTIAL_CHAIN 0x80000
/*
* If the initial chain is not trusted, do not attempt to build an alternative
* chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag
* will force the behaviour to match that of previous versions.
*/
# define X509_V_FLAG_NO_ALT_CHAINS 0x100000
# define X509_VP_FLAG_DEFAULT 0x1
# define X509_VP_FLAG_OVERWRITE 0x2
@ -404,11 +462,21 @@ void X509_OBJECT_free_contents(X509_OBJECT *a);
X509_STORE *X509_STORE_new(void);
void X509_STORE_free(X509_STORE *v);
STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
int X509_STORE_set_trust(X509_STORE *ctx, int trust);
int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
void X509_STORE_set_verify_cb(X509_STORE *ctx,
int (*verify_cb) (int, X509_STORE_CTX *));
void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
*ctx,
X509_NAME *nm));
X509_STORE_CTX *X509_STORE_CTX_new(void);
int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
@ -419,6 +487,8 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
@ -469,6 +539,9 @@ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
@ -513,9 +586,27 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
ASN1_OBJECT *policy);
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
STACK_OF(ASN1_OBJECT) *policies);
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const char *name, size_t namelen);
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
const char *name, size_t namelen);
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned int flags);
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
const char *email, size_t emaillen);
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
const unsigned char *ip, size_t iplen);
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
const char *ipasc);
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_get_count(void);
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
void X509_VERIFY_PARAM_table_cleanup(void);

214
Cryptlib/Include/openssl/x509v3.h
View File

@ -67,6 +67,13 @@
extern "C" {
#endif
# ifdef OPENSSL_SYS_WIN32
/* Under Win32 these are defined in wincrypt.h */
# undef X509_NAME
# undef X509_CERT_PAIR
# undef X509_EXTENSIONS
# endif
/* Forward reference */
struct v3_ext_method;
struct v3_ext_ctx;
@ -77,19 +84,19 @@ typedef void *(*X509V3_EXT_NEW)(void);
typedef void (*X509V3_EXT_FREE) (void *);
typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (struct v3_ext_method *method,
void *ext,
STACK_OF(CONF_VALUE)
*extlist);
typedef void *(*X509V3_EXT_V2I)(struct v3_ext_method *method,
typedef STACK_OF(CONF_VALUE) *
(*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext,
STACK_OF(CONF_VALUE) *extlist);
typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method,
struct v3_ext_ctx *ctx,
STACK_OF(CONF_VALUE) *values);
typedef char *(*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
typedef void *(*X509V3_EXT_S2I)(struct v3_ext_method *method,
typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method,
void *ext);
typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method,
struct v3_ext_ctx *ctx, const char *str);
typedef int (*X509V3_EXT_I2R) (struct v3_ext_method *method, void *ext,
typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext,
BIO *out, int indent);
typedef void *(*X509V3_EXT_R2I)(struct v3_ext_method *method,
typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method,
struct v3_ext_ctx *ctx, const char *str);
/* V3 extension structure */
@ -222,24 +229,41 @@ typedef struct DIST_POINT_NAME_st {
GENERAL_NAMES *fullname;
STACK_OF(X509_NAME_ENTRY) *relativename;
} name;
/* If relativename then this contains the full distribution point name */
X509_NAME *dpname;
} DIST_POINT_NAME;
/* All existing reasons */
# define CRLDP_ALL_REASONS 0x807f
typedef struct DIST_POINT_st {
# define CRL_REASON_NONE -1
# define CRL_REASON_UNSPECIFIED 0
# define CRL_REASON_KEY_COMPROMISE 1
# define CRL_REASON_CA_COMPROMISE 2
# define CRL_REASON_AFFILIATION_CHANGED 3
# define CRL_REASON_SUPERSEDED 4
# define CRL_REASON_CESSATION_OF_OPERATION 5
# define CRL_REASON_CERTIFICATE_HOLD 6
# define CRL_REASON_REMOVE_FROM_CRL 8
# define CRL_REASON_PRIVILEGE_WITHDRAWN 9
# define CRL_REASON_AA_COMPROMISE 10
struct DIST_POINT_st {
DIST_POINT_NAME *distpoint;
ASN1_BIT_STRING *reasons;
GENERAL_NAMES *CRLissuer;
} DIST_POINT;
int dp_reasons;
};
typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
DECLARE_STACK_OF(DIST_POINT)
DECLARE_ASN1_SET_OF(DIST_POINT)
typedef struct AUTHORITY_KEYID_st {
struct AUTHORITY_KEYID_st {
ASN1_OCTET_STRING *keyid;
GENERAL_NAMES *issuer;
ASN1_INTEGER *serial;
} AUTHORITY_KEYID;
};
/* Strong extranet structures */
@ -305,10 +329,10 @@ typedef struct GENERAL_SUBTREE_st {
DECLARE_STACK_OF(GENERAL_SUBTREE)
typedef struct NAME_CONSTRAINTS_st {
struct NAME_CONSTRAINTS_st {
STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
} NAME_CONSTRAINTS;
};
typedef struct POLICY_CONSTRAINTS_st {
ASN1_INTEGER *requireExplicitPolicy;
@ -329,6 +353,31 @@ typedef struct PROXY_CERT_INFO_EXTENSION_st {
DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
struct ISSUING_DIST_POINT_st {
DIST_POINT_NAME *distpoint;
int onlyuser;
int onlyCA;
ASN1_BIT_STRING *onlysomereasons;
int indirectCRL;
int onlyattr;
};
/* Values in idp_flags field */
/* IDP present */
# define IDP_PRESENT 0x1
/* IDP values inconsistent */
# define IDP_INVALID 0x2
/* onlyuser true */
# define IDP_ONLYUSER 0x4
/* onlyCA true */
# define IDP_ONLYCA 0x8
/* onlyattr true */
# define IDP_ONLYATTR 0x10
/* indirectCRL true */
# define IDP_INDIRECT 0x20
/* onlysomereasons present */
# define IDP_REASONS 0x40
# define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
",name:", val->name, ",value:", val->value);
@ -363,7 +412,6 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
# define EXFLAG_CA 0x10
/* Really self issued not necessarily self signed */
# define EXFLAG_SI 0x20
# define EXFLAG_SS 0x20
# define EXFLAG_V1 0x40
# define EXFLAG_INVALID 0x80
# define EXFLAG_SET 0x100
@ -371,6 +419,9 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
# define EXFLAG_PROXY 0x400
# define EXFLAG_INVALID_POLICY 0x800
# define EXFLAG_FRESHEST 0x1000
/* Self signed */
# define EXFLAG_SS 0x2000
# define KU_DIGITAL_SIGNATURE 0x0080
# define KU_NON_REPUDIATION 0x0040
@ -399,6 +450,7 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
# define XKU_OCSP_SIGN 0x20
# define XKU_TIMESTAMP 0x40
# define XKU_DVCS 0x80
# define XKU_ANYEKU 0x100
# define X509_PURPOSE_DYNAMIC 0x1
# define X509_PURPOSE_DYNAMIC_NAME 0x2
@ -421,9 +473,10 @@ typedef struct x509_purpose_st {
# define X509_PURPOSE_CRL_SIGN 6
# define X509_PURPOSE_ANY 7
# define X509_PURPOSE_OCSP_HELPER 8
# define X509_PURPOSE_TIMESTAMP_SIGN 9
# define X509_PURPOSE_MIN 1
# define X509_PURPOSE_MAX 8
# define X509_PURPOSE_MAX 9
/* Flags for X509V3_EXT_print() */
@ -470,6 +523,8 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx,
@ -488,11 +543,18 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
GENERAL_NAMES *gen,
STACK_OF(CONF_VALUE) *extlist);
GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *nval);
GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
DECLARE_ASN1_FUNCTIONS(OTHERNAME)
DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
ASN1_OBJECT *oid, ASN1_TYPE *value);
int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
ASN1_OCTET_STRING *ia5);
@ -511,6 +573,11 @@ DECLARE_ASN1_FUNCTIONS(NOTICEREF)
DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
DECLARE_ASN1_FUNCTIONS(DIST_POINT)
DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
@ -528,12 +595,18 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, int gen_type, char *value,
int is_nc);
# ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
CONF_VALUE *cnf);
GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, CONF_VALUE *cnf);
GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
CONF_VALUE *cnf, int is_nc);
const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, CONF_VALUE *cnf,
int is_nc);
void X509V3_conf_free(CONF_VALUE *val);
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
@ -549,23 +622,24 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
X509_CRL *crl);
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
X509V3_CTX *ctx, int ext_nid,
char *value);
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
char *value);
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509 *cert);
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509_REQ *req);
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509_CRL *crl);
X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
char *name, char *value);
int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
char *section, X509 *cert);
int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
char *section, X509_REQ *req);
int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
char *section, X509_CRL *crl);
int X509V3_add_value_bool_nf(char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist);
int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
# endif
char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
@ -593,20 +667,21 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
int X509V3_EXT_add_alias(int nid_to, int nid_from);
void X509V3_EXT_cleanup(void);
X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
int X509V3_add_standard_extensions(void);
STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
void *X509V3_EXT_d2i(X509_EXTENSION *ext);
void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
int *idx);
int X509V3_EXT_free(int nid, void *ext_data);
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
int crit, unsigned long flags);
char *hex_to_string(unsigned char *buffer, long len);
unsigned char *string_to_hex(char *str, long *len);
char *hex_to_string(const unsigned char *buffer, long len);
unsigned char *string_to_hex(const char *str, long *len);
int name_cmp(const char *name, const char *cmp);
void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
@ -624,6 +699,7 @@ int X509_check_purpose(X509 *x, int id, int ca);
int X509_supported_extension(X509_EXTENSION *ex);
int X509_PURPOSE_set(int *p, int purpose);
int X509_check_issued(X509 *issuer, X509 *subject);
int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
int X509_PURPOSE_get_count(void);
X509_PURPOSE *X509_PURPOSE_get0(int idx);
int X509_PURPOSE_get_by_sname(char *sname);
@ -637,10 +713,38 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
void X509_PURPOSE_cleanup(void);
int X509_PURPOSE_get_id(X509_PURPOSE *);
STACK *X509_get1_email(X509 *x);
STACK *X509_REQ_get1_email(X509_REQ *x);
void X509_email_free(STACK * sk);
STACK *X509_get1_ocsp(X509 *x);
STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
/* Flags for X509_check_* functions */
/*
* Always check subject name for host match even if subject alt names present
*/
# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1
/* Disable wildcard matching for dnsName fields and common name. */
# define X509_CHECK_FLAG_NO_WILDCARDS 0x2
/* Wildcards must not match a partial label. */
# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
/* Allow (non-partial) wildcards to match multiple labels. */
# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
/* Constraint verifier subdomain patterns to match a single labels. */
# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
/*
* Match reference identifiers starting with "." to any sub-domain.
* This is a non-public flag, turned on implicitly when the subject
* reference identity is a DNS name.
*/
# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
int X509_check_host(X509 *x, const char *chk, size_t chklen,
unsigned int flags, char **peername);
int X509_check_email(X509 *x, const char *chk, size_t chklen,
unsigned int flags);
int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
unsigned int flags);
int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
@ -649,6 +753,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
unsigned long chtype);
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
DECLARE_STACK_OF(X509_POLICY_NODE)
# ifndef OPENSSL_NO_RFC3779
@ -806,8 +911,9 @@ void ERR_load_X509V3_strings(void);
/* Error codes for the X509V3 functions. */
/* Function codes. */
# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156
# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157
# define X509V3_F_A2I_GENERAL_NAME 164
# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161
# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162
# define X509V3_F_COPY_EMAIL 122
# define X509V3_F_COPY_ISSUER 123
# define X509V3_F_DO_DIRNAME 144
@ -815,6 +921,7 @@ void ERR_load_X509V3_strings(void);
# define X509V3_F_DO_EXT_I2D 135
# define X509V3_F_DO_EXT_NCONF 151
# define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148
# define X509V3_F_GNAMES_FROM_SECTNAME 156
# define X509V3_F_HEX_TO_STRING 111
# define X509V3_F_I2S_ASN1_ENUMERATED 121
# define X509V3_F_I2S_ASN1_IA5STRING 149
@ -831,13 +938,14 @@ void ERR_load_X509V3_strings(void);
# define X509V3_F_S2I_ASN1_OCTET_STRING 112
# define X509V3_F_S2I_ASN1_SKEY_ID 114
# define X509V3_F_S2I_SKEY_ID 115
# define X509V3_F_SET_DIST_POINT_NAME 158
# define X509V3_F_STRING_TO_HEX 113
# define X509V3_F_SXNET_ADD_ID_ASC 125
# define X509V3_F_SXNET_ADD_ID_INTEGER 126
# define X509V3_F_SXNET_ADD_ID_ULONG 127
# define X509V3_F_SXNET_GET_ID_ASC 128
# define X509V3_F_SXNET_GET_ID_ULONG 129
# define X509V3_F_V2I_ASIDENTIFIERS 158
# define X509V3_F_V2I_ASIDENTIFIERS 163
# define X509V3_F_V2I_ASN1_BIT_STRING 101
# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139
# define X509V3_F_V2I_AUTHORITY_KEYID 119
@ -846,6 +954,7 @@ void ERR_load_X509V3_strings(void);
# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103
# define X509V3_F_V2I_GENERAL_NAMES 118
# define X509V3_F_V2I_GENERAL_NAME_EX 117
# define X509V3_F_V2I_IDP 157
# define X509V3_F_V2I_IPADDRBLOCKS 159
# define X509V3_F_V2I_ISSUER_ALT 153
# define X509V3_F_V2I_NAME_CONSTRAINTS 147
@ -859,6 +968,7 @@ void ERR_load_X509V3_strings(void);
# define X509V3_F_X509V3_EXT_ADD 104
# define X509V3_F_X509V3_EXT_ADD_ALIAS 106
# define X509V3_F_X509V3_EXT_CONF 107
# define X509V3_F_X509V3_EXT_FREE 165
# define X509V3_F_X509V3_EXT_I2D 136
# define X509V3_F_X509V3_EXT_NCONF 152
# define X509V3_F_X509V3_GET_SECTION 142
@ -873,7 +983,9 @@ void ERR_load_X509V3_strings(void);
# define X509V3_R_BAD_OBJECT 119
# define X509V3_R_BN_DEC2BN_ERROR 100
# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
# define X509V3_R_CANNOT_FIND_FREE_FUNCTION 168
# define X509V3_R_DIRNAME_ERROR 149
# define X509V3_R_DISTPOINT_ALREADY_SET 160
# define X509V3_R_DUPLICATE_ZONE_ID 133
# define X509V3_R_ERROR_CONVERTING_ZONE 131
# define X509V3_R_ERROR_CREATING_EXTENSION 144
@ -887,12 +999,13 @@ void ERR_load_X509V3_strings(void);
# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151
# define X509V3_R_ILLEGAL_HEX_DIGIT 113
# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152
# define X509V3_R_INVALID_ASNUMBER 160
# define X509V3_R_INVALID_ASRANGE 161
# define X509V3_R_INVALID_ASNUMBER 162
# define X509V3_R_INVALID_ASRANGE 163
# define X509V3_R_INVALID_BOOLEAN_STRING 104
# define X509V3_R_INVALID_EXTENSION_STRING 105
# define X509V3_R_INVALID_INHERITANCE 162
# define X509V3_R_INVALID_IPADDRESS 163
# define X509V3_R_INVALID_INHERITANCE 165
# define X509V3_R_INVALID_IPADDRESS 166
# define X509V3_R_INVALID_MULTIPLE_RDNS 161
# define X509V3_R_INVALID_NAME 106
# define X509V3_R_INVALID_NULL_ARGUMENT 107
# define X509V3_R_INVALID_NULL_NAME 108
@ -920,9 +1033,9 @@ void ERR_load_X509V3_strings(void);
# define X509V3_R_ODD_NUMBER_OF_DIGITS 112
# define X509V3_R_OPERATION_NOT_DEFINED 148
# define X509V3_R_OTHERNAME_ERROR 147
# define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155
# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155
# define X509V3_R_POLICY_PATH_LENGTH 156
# define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157
# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157
# define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158
# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
# define X509V3_R_SECTION_NOT_FOUND 150
@ -933,6 +1046,7 @@ void ERR_load_X509V3_strings(void);
# define X509V3_R_UNKNOWN_EXTENSION_NAME 130
# define X509V3_R_UNKNOWN_OPTION 120
# define X509V3_R_UNSUPPORTED_OPTION 117
# define X509V3_R_UNSUPPORTED_TYPE 167
# define X509V3_R_USER_TOO_LONG 132
#ifdef __cplusplus

500
Cryptlib/Library/BaseCryptLib.h
View File

File diff suppressed because it is too large Load Diff

2
Cryptlib/Makefile
View File

@ -19,6 +19,7 @@ OBJS = Hash/CryptMd4.o \
Hash/CryptMd5.o \
Hash/CryptSha1.o \
Hash/CryptSha256.o \
Hash/CryptSha512.o \
Hmac/CryptHmacMd5.o \
Hmac/CryptHmacSha1.o \
Cipher/CryptAes.o \
@ -30,6 +31,7 @@ OBJS = Hash/CryptMd4.o \
Pk/CryptPkcs7SignNull.o \
Pk/CryptPkcs7Verify.o \
Pk/CryptDhNull.o \
Pk/CryptTs.o \
Pk/CryptX509.o \
Pk/CryptAuthenticode.o \
Pem/CryptPem.o \

173
Cryptlib/OpenSSL/Makefile
View File

@ -1,9 +1,9 @@
EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Icrypto/asn1 -Icrypto/evp -Icrypto/modes
CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \
-ffreestanding -I$(shell $(CC) -print-file-name=include) \
-Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC
-Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC
ifeq ($(ARCH),x86_64)
CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \
@ -23,7 +23,6 @@ LDFLAGS = -nostdlib -znocombreloc
TARGET = libopenssl.a
OBJS = crypto/cryptlib.o \
crypto/dyn_lck.o \
crypto/mem.o \
crypto/mem_clr.o \
crypto/mem_dbg.o \
@ -35,10 +34,9 @@ OBJS = crypto/cryptlib.o \
crypto/o_time.o \
crypto/o_str.o \
crypto/o_dir.o \
crypto/o_fips.o \
crypto/o_init.o \
crypto/fips_err.o \
crypto/md2/md2_dgst.o \
crypto/md2/md2_one.o \
crypto/fips_ers.o \
crypto/md4/md4_dgst.o \
crypto/md4/md4_one.o \
crypto/md5/md5_dgst.o \
@ -50,9 +48,8 @@ OBJS = crypto/cryptlib.o \
crypto/sha/sha256.o \
crypto/sha/sha512.o \
crypto/hmac/hmac.o \
crypto/ripemd/rmd_dgst.o \
crypto/ripemd/rmd_one.o \
crypto/des/des_lib.o \
crypto/hmac/hm_ameth.o \
crypto/hmac/hm_pmeth.o \
crypto/des/set_key.o \
crypto/des/ecb_enc.o \
crypto/des/cbc_enc.o \
@ -79,29 +76,9 @@ OBJS = crypto/cryptlib.o \
crypto/des/des_old.o \
crypto/des/des_old2.o \
crypto/des/read2pwd.o \
crypto/rc2/rc2_ecb.o \
crypto/rc2/rc2_skey.o \
crypto/rc2/rc2_cbc.o \
crypto/rc2/rc2cfb64.o \
crypto/rc2/rc2ofb64.o \
crypto/rc4/rc4_enc.o \
crypto/rc4/rc4_skey.o \
crypto/rc4/rc4_fblk.o \
crypto/idea/i_cbc.o \
crypto/idea/i_cfb64.o \
crypto/idea/i_ofb64.o \
crypto/idea/i_ecb.o \
crypto/idea/i_skey.o \
crypto/bf/bf_skey.o \
crypto/bf/bf_ecb.o \
crypto/bf/bf_enc.o \
crypto/bf/bf_cfb64.o \
crypto/bf/bf_ofb64.o \
crypto/cast/c_skey.o \
crypto/cast/c_ecb.o \
crypto/cast/c_enc.o \
crypto/cast/c_cfb64.o \
crypto/cast/c_ofb64.o \
crypto/rc4/rc4_utl.o \
crypto/aes/aes_misc.o \
crypto/aes/aes_ecb.o \
crypto/aes/aes_cfb.o \
@ -111,6 +88,15 @@ OBJS = crypto/cryptlib.o \
crypto/aes/aes_wrap.o \
crypto/aes/aes_core.o \
crypto/aes/aes_cbc.o \
crypto/modes/cbc128.o \
crypto/modes/ctr128.o \
crypto/modes/cts128.o \
crypto/modes/cfb128.o \
crypto/modes/ofb128.o \
crypto/modes/gcm128.o \
crypto/modes/ccm128.o \
crypto/modes/xts128.o \
crypto/modes/wrap128.o \
crypto/bn/bn_add.o \
crypto/bn/bn_div.o \
crypto/bn/bn_exp.o \
@ -139,7 +125,6 @@ OBJS = crypto/cryptlib.o \
crypto/bn/bn_depr.o \
crypto/bn/bn_x931p.o \
crypto/bn/bn_const.o \
crypto/bn/bn_opt.o \
crypto/rsa/rsa_eay.o \
crypto/rsa/rsa_gen.o \
crypto/rsa/rsa_lib.o \
@ -154,20 +139,12 @@ OBJS = crypto/cryptlib.o \
crypto/rsa/rsa_null.o \
crypto/rsa/rsa_pss.o \
crypto/rsa/rsa_x931.o \
crypto/rsa/rsa_x931g.o \
crypto/rsa/rsa_asn1.o \
crypto/rsa/rsa_depr.o \
crypto/rsa/rsa_eng.o \
crypto/dsa/dsa_gen.o \
crypto/dsa/dsa_key.o \
crypto/dsa/dsa_lib.o \
crypto/dsa/dsa_asn1.o \
crypto/dsa/dsa_vrf.o \
crypto/dsa/dsa_sign.o \
crypto/dsa/dsa_err.o \
crypto/dsa/dsa_ossl.o \
crypto/dsa/dsa_depr.o \
crypto/dsa/dsa_utl.o \
crypto/rsa/rsa_ameth.o \
crypto/rsa/rsa_prn.o \
crypto/rsa/rsa_pmeth.o \
crypto/rsa/rsa_crpt.o \
crypto/dso/dso_dl.o \
crypto/dso/dso_dlfcn.o \
crypto/dso/dso_err.o \
@ -176,6 +153,7 @@ OBJS = crypto/cryptlib.o \
crypto/dso/dso_openssl.o \
crypto/dso/dso_win32.o \
crypto/dso/dso_vms.o \
crypto/dso/dso_beos.o \
crypto/dh/dh_asn1.o \
crypto/dh/dh_gen.o \
crypto/dh/dh_key.o \
@ -183,30 +161,10 @@ OBJS = crypto/cryptlib.o \
crypto/dh/dh_check.o \
crypto/dh/dh_err.o \
crypto/dh/dh_depr.o \
crypto/ec/ec_lib.o \
crypto/ec/ecp_smpl.o \
crypto/ec/ecp_mont.o \
crypto/ec/ecp_nist.o \
crypto/ec/ec_cvt.o \
crypto/ec/ec_mult.o \
crypto/ec/ec_err.o \
crypto/ec/ec_curve.o \
crypto/ec/ec_check.o \
crypto/ec/ec_print.o \
crypto/ec/ec_asn1.o \
crypto/ec/ec_key.o \
crypto/ec/ec2_smpl.o \
crypto/ec/ec2_mult.o \
crypto/ecdh/ech_lib.o \
crypto/ecdh/ech_ossl.o \
crypto/ecdh/ech_key.o \
crypto/ecdh/ech_err.o \
crypto/ecdsa/ecs_lib.o \
crypto/ecdsa/ecs_asn1.o \
crypto/ecdsa/ecs_ossl.o \
crypto/ecdsa/ecs_sign.o \
crypto/ecdsa/ecs_vrf.o \
crypto/ecdsa/ecs_err.o \
crypto/dh/dh_ameth.o \
crypto/dh/dh_pmeth.o \
crypto/dh/dh_prn.o \
crypto/dh/dh_rfc5114.o \
crypto/buffer/buffer.o \
crypto/buffer/buf_str.o \
crypto/buffer/buf_err.o \
@ -217,10 +175,14 @@ OBJS = crypto/cryptlib.o \
crypto/bio/bss_null.o \
crypto/bio/bss_fd.o \
crypto/bio/bss_file.o \
crypto/bio/bss_sock.o \
crypto/bio/bss_conn.o \
crypto/bio/bf_null.o \
crypto/bio/bf_buff.o \
crypto/bio/b_dump.o \
crypto/bio/b_print.o \
crypto/bio/b_sock.o \
crypto/bio/bss_acpt.o \
crypto/bio/bf_nbio.o \
crypto/bio/bss_log.o \
crypto/bio/bss_bio.o \
@ -231,26 +193,18 @@ OBJS = crypto/cryptlib.o \
crypto/rand/md_rand.o \
crypto/rand/randfile.o \
crypto/rand/rand_lib.o \
crypto/rand/rand_eng.o \
crypto/rand/rand_err.o \
crypto/rand/rand_egd.o \
crypto/rand/rand_win.o \
crypto/rand/rand_unix.o \
crypto/rand/rand_os2.o \
crypto/rand/rand_nw.o \
crypto/err/err.o \
crypto/err/err_def.o \
crypto/err/err_all.o \
crypto/err/err_prn.o \
crypto/err/err_str.o \
crypto/err/err_bio.o \
crypto/objects/o_names.o \
crypto/objects/obj_dat.o \
crypto/objects/obj_lib.o \
crypto/objects/obj_err.o \
crypto/objects/obj_xref.o \
crypto/evp/encode.o \
crypto/evp/digest.o \
crypto/evp/dig_eng.o \
crypto/evp/evp_enc.o \
crypto/evp/evp_key.o \
crypto/evp/evp_acnf.o \
@ -259,22 +213,25 @@ OBJS = crypto/cryptlib.o \
crypto/evp/e_bf.o \
crypto/evp/e_idea.o \
crypto/evp/e_des3.o \
crypto/evp/e_camellia.o \
crypto/evp/e_rc4.o \
crypto/evp/e_aes.o \
crypto/evp/names.o \
crypto/evp/e_seed.o \
crypto/evp/e_xcbc_d.o \
crypto/evp/e_rc2.o \
crypto/evp/e_cast.o \
crypto/evp/e_rc5.o \
crypto/evp/enc_min.o \
crypto/evp/m_null.o \
crypto/evp/m_md2.o \
crypto/evp/m_md4.o \
crypto/evp/m_md5.o \
crypto/evp/m_sha.o \
crypto/evp/m_sha1.o \
crypto/evp/m_wp.o \
crypto/evp/m_dss.o \
crypto/evp/m_dss1.o \
crypto/evp/m_mdc2.o \
crypto/evp/m_ripemd.o \
crypto/evp/m_ecdsa.o \
crypto/evp/p_open.o \
@ -299,6 +256,13 @@ OBJS = crypto/cryptlib.o \
crypto/evp/p5_crpt.o \
crypto/evp/p5_crpt2.o \
crypto/evp/e_old.o \
crypto/evp/pmeth_lib.o \
crypto/evp/pmeth_fn.o \
crypto/evp/pmeth_gn.o \
crypto/evp/m_sigver.o \
crypto/evp/e_aes_cbc_hmac_sha1.o \
crypto/evp/e_aes_cbc_hmac_sha256.o \
crypto/evp/e_rc4_hmac_md5.o \
crypto/asn1/a_object.o \
crypto/asn1/a_bitstr.o \
crypto/asn1/a_utctm.o \
@ -334,6 +298,7 @@ OBJS = crypto/cryptlib.o \
crypto/asn1/x_info.o \
crypto/asn1/x_spki.o \
crypto/asn1/nsseq.o \
crypto/asn1/x_nx509.o \
crypto/asn1/d2i_pu.o \
crypto/asn1/d2i_pr.o \
crypto/asn1/i2d_pu.o \
@ -351,20 +316,22 @@ OBJS = crypto/cryptlib.o \
crypto/asn1/tasn_dec.o \
crypto/asn1/tasn_utl.o \
crypto/asn1/tasn_typ.o \
crypto/asn1/tasn_prn.o \
crypto/asn1/ameth_lib.o \
crypto/asn1/f_int.o \
crypto/asn1/f_string.o \
crypto/asn1/n_pkey.o \
crypto/asn1/f_enum.o \
crypto/asn1/a_hdr.o \
crypto/asn1/x_pkey.o \
crypto/asn1/a_bool.o \
crypto/asn1/x_exten.o \
crypto/asn1/bio_asn1.o \
crypto/asn1/bio_ndef.o \
crypto/asn1/asn_mime.o \
crypto/asn1/asn1_gen.o \
crypto/asn1/asn1_par.o \
crypto/asn1/asn1_lib.o \
crypto/asn1/asn1_err.o \
crypto/asn1/a_meth.o \
crypto/asn1/a_bytes.o \
crypto/asn1/a_strnid.o \
crypto/asn1/evp_asn1.o \
@ -384,6 +351,7 @@ OBJS = crypto/cryptlib.o \
crypto/pem/pem_oth.o \
crypto/pem/pem_pk8.o \
crypto/pem/pem_pkey.o \
crypto/pem/pvkfmt.o \
crypto/x509/x509_def.o \
crypto/x509/x509_d2.o \
crypto/x509/x509_r2x.o \
@ -405,8 +373,6 @@ OBJS = crypto/cryptlib.o \
crypto/x509/x_all.o \
crypto/x509/x509_txt.o \
crypto/x509/x509_trs.o \
crypto/x509/by_file.o \
crypto/x509/by_dir.o \
crypto/x509/x509_vpm.o \
crypto/x509v3/v3_bcons.o \
crypto/x509v3/v3_bitst.o \
@ -459,6 +425,7 @@ OBJS = crypto/cryptlib.o \
crypto/pkcs7/pk7_smime.o \
crypto/pkcs7/pk7_attr.o \
crypto/pkcs7/pk7_mime.o \
crypto/pkcs7/bio_pk7.o \
crypto/pkcs12/p12_add.o \
crypto/pkcs12/p12_asn.o \
crypto/pkcs12/p12_attr.o \
@ -478,29 +445,6 @@ OBJS = crypto/cryptlib.o \
crypto/comp/comp_err.o \
crypto/comp/c_rle.o \
crypto/comp/c_zlib.o \
crypto/engine/eng_err.o \
crypto/engine/eng_lib.o \
crypto/engine/eng_list.o \
crypto/engine/eng_init.o \
crypto/engine/eng_ctrl.o \
crypto/engine/eng_table.o \
crypto/engine/eng_pkey.o \
crypto/engine/eng_fat.o \
crypto/engine/eng_all.o \
crypto/engine/tb_rsa.o \
crypto/engine/tb_dsa.o \
crypto/engine/tb_ecdsa.o \
crypto/engine/tb_dh.o \
crypto/engine/tb_ecdh.o \
crypto/engine/tb_rand.o \
crypto/engine/tb_store.o \
crypto/engine/tb_cipher.o \
crypto/engine/tb_digest.o \
crypto/engine/eng_openssl.o \
crypto/engine/eng_cnf.o \
crypto/engine/eng_dyn.o \
crypto/engine/eng_cryptodev.o \
crypto/engine/eng_padlock.o \
crypto/ocsp/ocsp_asn.o \
crypto/ocsp/ocsp_ext.o \
crypto/ocsp/ocsp_ht.o \
@ -510,18 +454,25 @@ OBJS = crypto/cryptlib.o \
crypto/ocsp/ocsp_prn.o \
crypto/ocsp/ocsp_vfy.o \
crypto/ocsp/ocsp_err.o \
crypto/ui/ui_err.o \
crypto/ui/ui_lib.o \
crypto/ui/ui_util.o \
crypto/ui/ui_compat.o \
crypto/krb5/krb5_asn.o \
crypto/store/str_err.o \
crypto/store/str_lib.o \
crypto/store/str_meth.o \
crypto/store/str_mem.o \
crypto/pqueue/pqueue.o \
crypto/ts/ts_err.o \
crypto/ts/ts_req_utils.o \
crypto/ts/ts_req_print.o \
crypto/ts/ts_rsp_utils.o \
crypto/ts/ts_rsp_print.o \
crypto/ts/ts_rsp_sign.o \
crypto/ts/ts_rsp_verify.o \
crypto/ts/ts_verify_ctx.o \
crypto/ts/ts_lib.o \
crypto/ts/ts_conf.o \
crypto/ts/ts_asn1.o \
crypto/cmac/cmac.o \
crypto/cmac/cm_ameth.o \
crypto/cmac/cm_pmeth.o \
all: $(TARGET)

27
Cryptlib/OpenSSL/crypto/LPdir_nyi.c
View File

@ -1,4 +1,6 @@
/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */
/*
* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
*/
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
@ -26,17 +28,20 @@
*/
#ifndef LPDIR_H
#include "LPdir.h"
# include "LPdir.h"
#endif
struct LP_dir_context_st { void *dummy; };
struct LP_dir_context_st {
void *dummy;
};
const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
{
errno = EINVAL;
return 0;
}
{
errno = EINVAL;
return 0;
}
int LP_find_file_end(LP_DIR_CTX **ctx)
{
errno = EINVAL;
return 0;
}
{
errno = EINVAL;
return 0;
}

84
Cryptlib/OpenSSL/crypto/aes/aes_cbc.c
View File

@ -49,86 +49,18 @@
*
*/
#ifndef AES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#include <openssl/aes.h>
#include "aes_locl.h"
#include <openssl/modes.h>
#if !defined(OPENSSL_FIPS_AES_ASM)
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t len, const AES_KEY *key,
unsigned char *ivec, const int enc)
{
unsigned long n;
unsigned long len = length;
unsigned char tmp[AES_BLOCK_SIZE];
const unsigned char *iv = ivec;
assert(in && out && key && ivec);
assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
if (AES_ENCRYPT == enc) {
while (len >= AES_BLOCK_SIZE) {
for (n = 0; n < AES_BLOCK_SIZE; ++n)
out[n] = in[n] ^ iv[n];
AES_encrypt(out, out, key);
iv = out;
len -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
if (len) {
for (n = 0; n < len; ++n)
out[n] = in[n] ^ iv[n];
for (n = len; n < AES_BLOCK_SIZE; ++n)
out[n] = iv[n];
AES_encrypt(out, out, key);
iv = out;
}
memcpy(ivec, iv, AES_BLOCK_SIZE);
} else if (in != out) {
while (len >= AES_BLOCK_SIZE) {
AES_decrypt(in, out, key);
for (n = 0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= iv[n];
iv = in;
len -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
if (len) {
AES_decrypt(in, tmp, key);
for (n = 0; n < len; ++n)
out[n] = tmp[n] ^ iv[n];
iv = in;
}
memcpy(ivec, iv, AES_BLOCK_SIZE);
} else {
while (len >= AES_BLOCK_SIZE) {
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(in, out, key);
for (n = 0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= ivec[n];
memcpy(ivec, tmp, AES_BLOCK_SIZE);
len -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
if (len) {
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(tmp, out, key);
for (n = 0; n < len; ++n)
out[n] ^= ivec[n];
for (n = len; n < AES_BLOCK_SIZE; ++n)
out[n] = tmp[n];
memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
}
if (enc)
CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
(block128_f) AES_encrypt);
else
CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
(block128_f) AES_decrypt);
}
#endif

165
Cryptlib/OpenSSL/crypto/aes/aes_cfb.c
View File

@ -1,6 +1,6 @@
/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -48,73 +48,9 @@
* ====================================================================
*
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef AES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#include <openssl/aes.h>
#include "aes_locl.h"
#include "e_os.h"
#include <openssl/modes.h>
/*
* The input and output encrypted as though 128bit cfb mode is being used.
@ -123,106 +59,27 @@
*/
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc)
{
unsigned int n;
unsigned long l = length;
unsigned char c;
assert(in && out && key && ivec && num);
n = *num;
if (enc) {
while (l--) {
if (n == 0) {
AES_encrypt(ivec, ivec, key);
}
ivec[n] = *(out++) = *(in++) ^ ivec[n];
n = (n + 1) % AES_BLOCK_SIZE;
}
} else {
while (l--) {
if (n == 0) {
AES_encrypt(ivec, ivec, key);
}
c = *(in);
*(out++) = *(in++) ^ ivec[n];
ivec[n] = c;
n = (n + 1) % AES_BLOCK_SIZE;
}
}
*num = n;
}
/*
* This expects a single block of size nbits for both in and out. Note that
* it corrupts any extra bits in the last byte of out
*/
void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
const int nbits, const AES_KEY *key,
unsigned char *ivec, const int enc)
{
int n, rem, num;
unsigned char ovec[AES_BLOCK_SIZE * 2];
if (nbits <= 0 || nbits > 128)
return;
/* fill in the first half of the new IV with the current IV */
memcpy(ovec, ivec, AES_BLOCK_SIZE);
/* construct the new IV */
AES_encrypt(ivec, ivec, key);
num = (nbits + 7) / 8;
if (enc) /* encrypt the input */
for (n = 0; n < num; ++n)
out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n] ^ ivec[n]);
else /* decrypt the input */
for (n = 0; n < num; ++n)
out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n]) ^ ivec[n];
/* shift ovec left... */
rem = nbits % 8;
num = nbits / 8;
if (rem == 0)
memcpy(ivec, ovec + num, AES_BLOCK_SIZE);
else
for (n = 0; n < AES_BLOCK_SIZE; ++n)
ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem);
/* it is not necessary to cleanse ovec, since the IV is not secret */
CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
(block128_f) AES_encrypt);
}
/* N.B. This expects the input to be packed, MS bit first */
void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc)
{
unsigned int n;
unsigned char c[1], d[1];
assert(in && out && key && ivec && num);
assert(*num == 0);
for (n = 0; n < length; ++n) {
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
AES_cfbr_encrypt_block(c, d, 1, key, ivec, enc);
out[n / 8] =
(out[n / 8] & ~(1 << (7 - n % 8))) | ((d[0] & 0x80) >> (n % 8));
}
CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
(block128_f) AES_encrypt);
}
void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num, const int enc)
{
unsigned int n;
assert(in && out && key && ivec && num);
assert(*num == 0);
for (n = 0; n < length; ++n)
AES_cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc);
CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
(block128_f) AES_encrypt);
}

254
Cryptlib/OpenSSL/crypto/aes/aes_core.c
View File

@ -37,12 +37,9 @@
#include <stdlib.h>
#include <openssl/aes.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include "aes_locl.h"
#ifndef AES_ASM
/*-
Te0[x] = S [x].[02, 01, 01, 03];
Te1[x] = S [x].[03, 02, 01, 01];
@ -628,17 +625,14 @@ static const u32 rcon[] = {
/**
* Expand the cipher key into the encryption key schedule.
*/
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
{
u32 *rk;
int i = 0;
u32 temp;
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
if (!userKey || !key)
return -1;
if (bits != 128 && bits != 192 && bits != 256)
@ -733,8 +727,8 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
/**
* Expand the cipher key into the decryption key schedule.
*/
int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
{
u32 *rk;
@ -742,7 +736,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
u32 temp;
/* first, start with an encryption schedule */
status = AES_set_encrypt_key(userKey, bits, key);
status = private_AES_set_encrypt_key(userKey, bits, key);
if (status < 0)
return status;
@ -782,7 +776,6 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
return 0;
}
#ifndef AES_ASM
/*
* Encrypt a single block
* in and out can overlap
@ -1137,33 +1130,234 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
* map cipher state to byte array block:
*/
s0 =
(Td4[(t0 >> 24) ] << 24) ^
(Td4[(t3 >> 16) & 0xff] << 16) ^
(Td4[(t2 >> 8) & 0xff] << 8) ^
(Td4[(t1 ) & 0xff]) ^
((u32)Td4[(t0 >> 24) ] << 24) ^
((u32)Td4[(t3 >> 16) & 0xff] << 16) ^
((u32)Td4[(t2 >> 8) & 0xff] << 8) ^
((u32)Td4[(t1 ) & 0xff]) ^
rk[0];
PUTU32(out , s0);
s1 =
(Td4[(t1 >> 24) ] << 24) ^
(Td4[(t0 >> 16) & 0xff] << 16) ^
(Td4[(t3 >> 8) & 0xff] << 8) ^
(Td4[(t2 ) & 0xff]) ^
((u32)Td4[(t1 >> 24) ] << 24) ^
((u32)Td4[(t0 >> 16) & 0xff] << 16) ^
((u32)Td4[(t3 >> 8) & 0xff] << 8) ^
((u32)Td4[(t2 ) & 0xff]) ^
rk[1];
PUTU32(out + 4, s1);
s2 =
(Td4[(t2 >> 24) ] << 24) ^
(Td4[(t1 >> 16) & 0xff] << 16) ^
(Td4[(t0 >> 8) & 0xff] << 8) ^
(Td4[(t3 ) & 0xff]) ^
((u32)Td4[(t2 >> 24) ] << 24) ^
((u32)Td4[(t1 >> 16) & 0xff] << 16) ^
((u32)Td4[(t0 >> 8) & 0xff] << 8) ^
((u32)Td4[(t3 ) & 0xff]) ^
rk[2];
PUTU32(out + 8, s2);
s3 =
(Td4[(t3 >> 24) ] << 24) ^
(Td4[(t2 >> 16) & 0xff] << 16) ^
(Td4[(t1 >> 8) & 0xff] << 8) ^
(Td4[(t0 ) & 0xff]) ^
((u32)Td4[(t3 >> 24) ] << 24) ^
((u32)Td4[(t2 >> 16) & 0xff] << 16) ^
((u32)Td4[(t1 >> 8) & 0xff] << 8) ^
((u32)Td4[(t0 ) & 0xff]) ^
rk[3];
PUTU32(out + 12, s3);
}
#else /* AES_ASM */
static const u8 Te4[256] = {
0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
};
static const u32 rcon[] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000,
0x10000000, 0x20000000, 0x40000000, 0x80000000,
0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
};
/**
* Expand the cipher key into the encryption key schedule.
*/
int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
{
u32 *rk;
int i = 0;
u32 temp;
if (!userKey || !key)
return -1;
if (bits != 128 && bits != 192 && bits != 256)
return -2;
rk = key->rd_key;
if (bits==128)
key->rounds = 10;
else if (bits==192)
key->rounds = 12;
else
key->rounds = 14;
rk[0] = GETU32(userKey );
rk[1] = GETU32(userKey + 4);
rk[2] = GETU32(userKey + 8);
rk[3] = GETU32(userKey + 12);
if (bits == 128) {
while (1) {
temp = rk[3];
rk[4] = rk[0] ^
((u32)Te4[(temp >> 16) & 0xff] << 24) ^
((u32)Te4[(temp >> 8) & 0xff] << 16) ^
((u32)Te4[(temp ) & 0xff] << 8) ^
((u32)Te4[(temp >> 24) ]) ^
rcon[i];
rk[5] = rk[1] ^ rk[4];
rk[6] = rk[2] ^ rk[5];
rk[7] = rk[3] ^ rk[6];
if (++i == 10) {
return 0;
}
rk += 4;
}
}
rk[4] = GETU32(userKey + 16);
rk[5] = GETU32(userKey + 20);
if (bits == 192) {
while (1) {
temp = rk[ 5];
rk[ 6] = rk[ 0] ^
((u32)Te4[(temp >> 16) & 0xff] << 24) ^
((u32)Te4[(temp >> 8) & 0xff] << 16) ^
((u32)Te4[(temp ) & 0xff] << 8) ^
((u32)Te4[(temp >> 24) ]) ^
rcon[i];
rk[ 7] = rk[ 1] ^ rk[ 6];
rk[ 8] = rk[ 2] ^ rk[ 7];
rk[ 9] = rk[ 3] ^ rk[ 8];
if (++i == 8) {
return 0;
}
rk[10] = rk[ 4] ^ rk[ 9];
rk[11] = rk[ 5] ^ rk[10];
rk += 6;
}
}
rk[6] = GETU32(userKey + 24);
rk[7] = GETU32(userKey + 28);
if (bits == 256) {
while (1) {
temp = rk[ 7];
rk[ 8] = rk[ 0] ^
((u32)Te4[(temp >> 16) & 0xff] << 24) ^
((u32)Te4[(temp >> 8) & 0xff] << 16) ^
((u32)Te4[(temp ) & 0xff] << 8) ^
((u32)Te4[(temp >> 24) ]) ^
rcon[i];
rk[ 9] = rk[ 1] ^ rk[ 8];
rk[10] = rk[ 2] ^ rk[ 9];
rk[11] = rk[ 3] ^ rk[10];
if (++i == 7) {
return 0;
}
temp = rk[11];
rk[12] = rk[ 4] ^
((u32)Te4[(temp >> 24) ] << 24) ^
((u32)Te4[(temp >> 16) & 0xff] << 16) ^
((u32)Te4[(temp >> 8) & 0xff] << 8) ^
((u32)Te4[(temp ) & 0xff]);
rk[13] = rk[ 5] ^ rk[12];
rk[14] = rk[ 6] ^ rk[13];
rk[15] = rk[ 7] ^ rk[14];
rk += 8;
}
}
return 0;
}
/**
* Expand the cipher key into the decryption key schedule.
*/
int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
{
u32 *rk;
int i, j, status;
u32 temp;
/* first, start with an encryption schedule */
status = private_AES_set_encrypt_key(userKey, bits, key);
if (status < 0)
return status;
rk = key->rd_key;
/* invert the order of the round keys: */
for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
}
/* apply the inverse MixColumn transform to all round keys but the first and the last: */
for (i = 1; i < (key->rounds); i++) {
rk += 4;
for (j = 0; j < 4; j++) {
u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
tp1 = rk[j];
m = tp1 & 0x80808080;
tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
((m - (m >> 7)) & 0x1b1b1b1b);
m = tp2 & 0x80808080;
tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
((m - (m >> 7)) & 0x1b1b1b1b);
m = tp4 & 0x80808080;
tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
((m - (m >> 7)) & 0x1b1b1b1b);
tp9 = tp8 ^ tp1;
tpb = tp9 ^ tp2;
tpd = tp9 ^ tp4;
tpe = tp8 ^ tp4 ^ tp2;
#if defined(ROTATE)
rk[j] = tpe ^ ROTATE(tpd,16) ^
ROTATE(tp9,24) ^ ROTATE(tpb,8);
#else
rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
(tp9 >> 8) ^ (tp9 << 24) ^
(tpb >> 24) ^ (tpb << 8);
#endif
}
}
return 0;
}
#endif /* AES_ASM */

90
Cryptlib/OpenSSL/crypto/aes/aes_ctr.c
View File

@ -49,97 +49,15 @@
*
*/
#ifndef AES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#include <openssl/aes.h>
#include "aes_locl.h"
#include <openssl/modes.h>
/*
* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code is
* endian-neutral.
*/
/* increment counter (128-bit int) by 1 */
static void AES_ctr128_inc(unsigned char *counter)
{
unsigned long c;
/* Grab bottom dword of counter and increment */
c = GETU32(counter + 12);
c++;
c &= 0xFFFFFFFF;
PUTU32(counter + 12, c);
/* if no overflow, we're done */
if (c)
return;
/* Grab 1st dword of counter and increment */
c = GETU32(counter + 8);
c++;
c &= 0xFFFFFFFF;
PUTU32(counter + 8, c);
/* if no overflow, we're done */
if (c)
return;
/* Grab 2nd dword of counter and increment */
c = GETU32(counter + 4);
c++;
c &= 0xFFFFFFFF;
PUTU32(counter + 4, c);
/* if no overflow, we're done */
if (c)
return;
/* Grab top dword of counter and increment */
c = GETU32(counter + 0);
c++;
c &= 0xFFFFFFFF;
PUTU32(counter + 0, c);
}
/*
* The input encrypted as though 128bit counter mode is being used. The
* extra state information to record how much of the 128bit block we have
* used is contained in *num, and the encrypted counter is kept in
* ecount_buf. Both *num and ecount_buf must be initialised with zeros
* before the first call to AES_ctr128_encrypt(). This algorithm assumes
* that the counter is in the x lower bits of the IV (ivec), and that the
* application has full control over overflow and the rest of the IV. This
* implementation takes NO responsability for checking that the counter
* doesn't overflow into the rest of the IV when incremented.
*/
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char ivec[AES_BLOCK_SIZE],
unsigned char ecount_buf[AES_BLOCK_SIZE],
unsigned int *num)
{
unsigned int n;
unsigned long l = length;
assert(in && out && key && counter && num);
assert(*num < AES_BLOCK_SIZE);
n = *num;
while (l--) {
if (n == 0) {
AES_encrypt(ivec, ecount_buf, key);
AES_ctr128_inc(ivec);
}
*(out++) = *(in++) ^ ecount_buf[n];
n = (n + 1) % AES_BLOCK_SIZE;
}
*num = n;
CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
(block128_f) AES_encrypt);
}

12
Cryptlib/OpenSSL/crypto/aes/aes_ige.c
View File

@ -77,11 +77,11 @@ typedef struct {
/* N.B. The IV for this mode is _twice_ the block size */
void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char *ivec, const int enc)
{
unsigned long n;
unsigned long len;
size_t n;
size_t len = length;
OPENSSL_assert(in && out && key && ivec);
OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
@ -206,12 +206,12 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
/* N.B. The IV for this mode is _four times_ the block size */
void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
const AES_KEY *key2, const unsigned char *ivec,
const int enc)
{
unsigned long n;
unsigned long len = length;
size_t n;
size_t len = length;
unsigned char tmp[AES_BLOCK_SIZE];
unsigned char tmp2[AES_BLOCK_SIZE];
unsigned char tmp3[AES_BLOCK_SIZE];

50
Cryptlib/OpenSSL/crypto/aes/aes_locl.h
View File

@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@ -50,40 +50,40 @@
*/
#ifndef HEADER_AES_LOCL_H
#define HEADER_AES_LOCL_H
# define HEADER_AES_LOCL_H
#include <openssl/e_os2.h>
# include <openssl/e_os2.h>
#ifdef OPENSSL_NO_AES
#error AES is disabled.
#endif
# ifdef OPENSSL_NO_AES
# error AES is disabled.
# endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
# define GETU32(p) SWAP(*((u32 *)(p)))
# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
#else
# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
#endif
# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
# define GETU32(p) SWAP(*((u32 *)(p)))
# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
# else
# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
# endif
#ifdef AES_LONG
# ifdef AES_LONG
typedef unsigned long u32;
#else
# else
typedef unsigned int u32;
#endif
# endif
typedef unsigned short u16;
typedef unsigned char u8;
#define MAXKC (256/32)
#define MAXKB (256/8)
#define MAXNR 14
# define MAXKC (256/32)
# define MAXKB (256/8)
# define MAXNR 14
/* This controls loop-unrolling in aes_core.c */
#undef FULL_UNROLL
# undef FULL_UNROLL
#endif /* !HEADER_AES_LOCL_H */
#endif /* !HEADER_AES_LOCL_H */

21
Cryptlib/OpenSSL/crypto/aes/aes_misc.c
View File

@ -50,6 +50,7 @@
*/
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
#include <openssl/aes.h>
#include "aes_locl.h"
@ -63,3 +64,23 @@ const char *AES_options(void)
return "aes(partial)";
#endif
}
/* FIPS wrapper functions to block low level AES calls in FIPS mode */
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
{
#ifdef OPENSSL_FIPS
fips_cipher_abort(AES);
#endif
return private_AES_set_encrypt_key(userKey, bits, key);
}
int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
{
#ifdef OPENSSL_FIPS
fips_cipher_abort(AES);
#endif
return private_AES_set_decrypt_key(userKey, bits, key);
}

93
Cryptlib/OpenSSL/crypto/aes/aes_ofb.c
View File

@ -1,6 +1,6 @@
/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -48,97 +48,14 @@
* ====================================================================
*
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef AES_DEBUG
# ifndef NDEBUG
# define NDEBUG
# endif
#endif
#include <assert.h>
#include <openssl/aes.h>
#include "aes_locl.h"
#include <openssl/modes.h>
/*
* The input and output encrypted as though 128bit ofb mode is being used.
* The extra state information to record how much of the 128bit block we have
* used is contained in *num;
*/
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num)
{
unsigned int n;
unsigned long l = length;
assert(in && out && key && ivec && num);
n = *num;
while (l--) {
if (n == 0) {
AES_encrypt(ivec, ivec, key);
}
*(out++) = *(in++) ^ ivec[n];
n = (n + 1) % AES_BLOCK_SIZE;
}
*num = n;
CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
(block128_f) AES_encrypt);
}

186
Cryptlib/OpenSSL/crypto/aes/aes_wrap.c
View File

@ -54,197 +54,19 @@
#include "cryptlib.h"
#include <openssl/aes.h>
#include <openssl/bio.h>
static const unsigned char default_iv[] = {
0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
};
#include <openssl/modes.h>
int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out,
const unsigned char *in, unsigned int inlen)
{
unsigned char *A, B[16], *R;
unsigned int i, j, t;
if ((inlen & 0x7) || (inlen < 8))
return -1;
A = B;
t = 1;
memcpy(out + 8, in, inlen);
if (!iv)
iv = default_iv;
memcpy(A, iv, 8);
for (j = 0; j < 6; j++) {
R = out + 8;
for (i = 0; i < inlen; i += 8, t++, R += 8) {
memcpy(B + 8, R, 8);
AES_encrypt(B, B, key);
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff) {
A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(R, B + 8, 8);
}
}
memcpy(out, A, 8);
return inlen + 8;
return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt);
}
int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out,
const unsigned char *in, unsigned int inlen)
{
unsigned char *A, B[16], *R;
unsigned int i, j, t;
inlen -= 8;
if (inlen & 0x7)
return -1;
if (inlen < 8)
return -1;
A = B;
t = 6 * (inlen >> 3);
memcpy(A, in, 8);
memcpy(out, in + 8, inlen);
for (j = 0; j < 6; j++) {
R = out + inlen - 8;
for (i = 0; i < inlen; i += 8, t--, R -= 8) {
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff) {
A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(B + 8, R, 8);
AES_decrypt(B, B, key);
memcpy(R, B + 8, 8);
}
}
if (!iv)
iv = default_iv;
if (memcmp(A, iv, 8)) {
OPENSSL_cleanse(out, inlen);
return 0;
}
return inlen;
return CRYPTO_128_unwrap(key, iv, out, in, inlen,
(block128_f) AES_decrypt);
}
#ifdef AES_WRAP_TEST
int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
const unsigned char *iv,
const unsigned char *eout,
const unsigned char *key, int keylen)
{
unsigned char *otmp = NULL, *ptmp = NULL;
int r, ret = 0;
AES_KEY wctx;
otmp = OPENSSL_malloc(keylen + 8);
ptmp = OPENSSL_malloc(keylen);
if (!otmp || !ptmp)
return 0;
if (AES_set_encrypt_key(kek, keybits, &wctx))
goto err;
r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
if (r <= 0)
goto err;
if (eout && memcmp(eout, otmp, keylen))
goto err;
if (AES_set_decrypt_key(kek, keybits, &wctx))
goto err;
r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
if (memcmp(key, ptmp, keylen))
goto err;
ret = 1;
err:
if (otmp)
OPENSSL_free(otmp);
if (ptmp)
OPENSSL_free(ptmp);
return ret;
}
int main(int argc, char **argv)
{
static const unsigned char kek[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
};
static const unsigned char key[] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
static const unsigned char e1[] = {
0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
};
static const unsigned char e2[] = {
0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
};
static const unsigned char e3[] = {
0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
};
static const unsigned char e4[] = {
0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
};
static const unsigned char e5[] = {
0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
};
static const unsigned char e6[] = {
0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
};
AES_KEY wctx, xctx;
int ret;
ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
fprintf(stderr, "Key test result %d\n", ret);
}
#endif

26
Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c
View File

@ -234,3 +234,29 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
return (0);
return ((a->data[w] & v) != 0);
}
/*
* Checks if the given bit string contains only bits specified by
* the flags vector. Returns 0 if there is at least one bit set in 'a'
* which is not specified in 'flags', 1 otherwise.
* 'len' is the length of 'flags'.
*/
int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
unsigned char *flags, int flags_len)
{
int i, ok;
/* Check if there is one bit set at all. */
if (!a || !a->data)
return 1;
/*
* Check each byte of the internal representation of the bit string.
*/
ok = 1;
for (i = 0; i < a->length && ok; ++i) {
unsigned char mask = i < flags_len ? ~flags[i] : 0xff;
/* We are done if there is an unneeded bit set. */
ok = (a->data[i] & mask) == 0;
}
return ok;
}

6
Cryptlib/OpenSSL/crypto/asn1/a_digest.c
View File

@ -86,7 +86,8 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
p = str;
i2d(data, &p);
EVP_Digest(str, i, md, len, type, NULL);
if (!EVP_Digest(str, i, md, len, type, NULL))
return 0;
OPENSSL_free(str);
return (1);
}
@ -103,7 +104,8 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
if (!str)
return (0);
EVP_Digest(str, i, md, len, type, NULL);
if (!EVP_Digest(str, i, md, len, type, NULL))
return 0;
OPENSSL_free(str);
return (1);
}

2
Cryptlib/OpenSSL/crypto/asn1/a_dup.c
View File

@ -62,7 +62,7 @@
#ifndef NO_OLD_ASN1
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
{
unsigned char *b, *p;
const unsigned char *p2;

65
Cryptlib/OpenSSL/crypto/asn1/a_gentm.c
View File

@ -65,6 +65,7 @@
#include "cryptlib.h"
#include "o_time.h"
#include <openssl/asn1.h>
#include "asn1_locl.h"
#if 0
@ -117,10 +118,10 @@ ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
#endif
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
{
static int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
static int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
char *a;
int n, i, l, o;
@ -139,6 +140,8 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
for (i = 0; i < 7; i++) {
if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
i++;
if (tm)
tm->tm_sec = 0;
break;
}
if ((a[o] < '0') || (a[o] > '9'))
@ -155,6 +158,31 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
if ((n < min[i]) || (n > max[i]))
goto err;
if (tm) {
switch (i) {
case 0:
tm->tm_year = n * 100 - 1900;
break;
case 1:
tm->tm_year += n;
break;
case 2:
tm->tm_mon = n - 1;
break;
case 3:
tm->tm_mday = n;
break;
case 4:
tm->tm_hour = n;
break;
case 5:
tm->tm_min = n;
break;
case 6:
tm->tm_sec = n;
break;
}
}
}
/*
* Optional fractional seconds: decimal point followed by one or more
@ -174,6 +202,7 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
if (a[o] == 'Z')
o++;
else if ((a[o] == '+') || (a[o] == '-')) {
int offsign = a[o] == '-' ? -1 : 1, offset = 0;
o++;
if (o + 4 > l)
goto err;
@ -187,14 +216,30 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
n = (n * 10) + a[o] - '0';
if ((n < min[i]) || (n > max[i]))
goto err;
if (tm) {
if (i == 7)
offset = n * 3600;
else if (i == 8)
offset += n * 60;
}
o++;
}
if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign))
return 0;
} else if (a[o]) {
/* Missing time zone information. */
goto err;
}
return (o == l);
err:
return (0);
}
int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
{
return asn1_generalizedtime_to_tm(NULL, d);
}
int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
{
ASN1_GENERALIZEDTIME t;
@ -216,6 +261,13 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
time_t t)
{
return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
}
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
time_t t, int offset_day,
long offset_sec)
{
char *p;
struct tm *ts;
@ -231,11 +283,16 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
if (ts == NULL)
return (NULL);
if (offset_day || offset_sec) {
if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
return NULL;
}
p = (char *)s->data;
if ((p == NULL) || ((size_t)s->length < len)) {
p = OPENSSL_malloc(len);
if (p == NULL) {
ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE);
return (NULL);
}
if (s->data != NULL)

118
Cryptlib/OpenSSL/crypto/asn1/a_hdr.c
View File

@ -1,118 +0,0 @@
/* crypto/asn1/a_hdr.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/asn1_mac.h>
#include <openssl/asn1.h>
int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp)
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->header, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_len(a->data, a->meth->i2d);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->header, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_put(a->data, a->meth->i2d);
M_ASN1_I2D_finish();
}
ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a, ASN1_HEADER *, ASN1_HEADER_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->header, d2i_ASN1_OCTET_STRING);
if (ret->meth != NULL) {
M_ASN1_D2I_get_x(void, ret->data, ret->meth->d2i);
} else {
if (a != NULL)
(*a) = ret;
return (ret);
}
M_ASN1_D2I_Finish(a, ASN1_HEADER_free, ASN1_F_D2I_ASN1_HEADER);
}
ASN1_HEADER *ASN1_HEADER_new(void)
{
ASN1_HEADER *ret = NULL;
ASN1_CTX c;
M_ASN1_New_Malloc(ret, ASN1_HEADER);
M_ASN1_New(ret->header, M_ASN1_OCTET_STRING_new);
ret->meth = NULL;
ret->data = NULL;
return (ret);
M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
}
void ASN1_HEADER_free(ASN1_HEADER * a)
{
if (a == NULL)
return;
M_ASN1_OCTET_STRING_free(a->header);
if (a->meth != NULL)
a->meth->destroy(a->data);
OPENSSL_free(a);
}

20
Cryptlib/OpenSSL/crypto/asn1/a_int.c
View File

@ -61,12 +61,12 @@
#include <openssl/asn1.h>
#include <openssl/bn.h>
ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
{
return M_ASN1_INTEGER_dup(x);
}
int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
{
int neg, ret;
/* Compare signs */
@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
else {
ret = a->length;
i = a->data[0];
if (ret == 1 && i == 0)
neg = 0;
if (!neg && (i > 127)) {
pad = 1;
pb = 0;
@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
p += a->length - 1;
i = a->length;
/* Copy zeros to destination as long as source is zero */
while (!*n) {
while (!*n && i > 1) {
*(p--) = 0;
n--;
i--;
@ -377,7 +379,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
return (1);
}
long ASN1_INTEGER_get(ASN1_INTEGER *a)
long ASN1_INTEGER_get(const ASN1_INTEGER *a)
{
int neg = 0, i;
long r = 0;
@ -391,8 +393,8 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
return -1;
if (a->length > (int)sizeof(long)) {
/* hmm... a bit ugly */
return (0xffffffffL);
/* hmm... a bit ugly, return all ones */
return -1;
}
if (a->data == NULL)
return 0;
@ -406,7 +408,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
return (r);
}
ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
{
ASN1_INTEGER *ret;
int len, j;
@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
goto err;
}
if (BN_is_negative(bn))
if (BN_is_negative(bn) && !BN_is_zero(bn))
ret->type = V_ASN1_NEG_INTEGER;
else
ret->type = V_ASN1_INTEGER;
@ -446,7 +448,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
return (NULL);
}
BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
{
BIGNUM *ret;

86
Cryptlib/OpenSSL/crypto/asn1/a_meth.c
View File

@ -1,86 +0,0 @@
/* crypto/asn1/a_meth.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/asn1.h>
static ASN1_METHOD ia5string_meth = {
(I2D_OF(void)) i2d_ASN1_IA5STRING,
(D2I_OF(void)) d2i_ASN1_IA5STRING,
(void *(*)(void))ASN1_STRING_new,
(void (*)(void *))ASN1_STRING_free
};
static ASN1_METHOD bit_string_meth = {
(I2D_OF(void)) i2d_ASN1_BIT_STRING,
(D2I_OF(void)) d2i_ASN1_BIT_STRING,
(void *(*)(void))ASN1_STRING_new,
(void (*)(void *))ASN1_STRING_free
};
ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
{
return (&ia5string_meth);
}
ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
{
return (&bit_string_meth);
}

26
Cryptlib/OpenSSL/crypto/asn1/a_object.c
View File

@ -262,8 +262,6 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
return ret;
err:
ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
ASN1_OBJECT_free(ret);
return (NULL);
}
@ -272,6 +270,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
{
ASN1_OBJECT *ret = NULL;
const unsigned char *p;
unsigned char *data;
int i, length;
/*
@ -305,17 +304,24 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
ret = (*a);
p = *pp;
if ((ret->data == NULL) || (ret->length < length)) {
if (ret->data != NULL)
OPENSSL_free(ret->data);
ret->data = (unsigned char *)OPENSSL_malloc(length);
ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
if (ret->data == NULL) {
/* detach data from object */
data = (unsigned char *)ret->data;
ret->data = NULL;
/* once detached we can change it */
if ((data == NULL) || (ret->length < length)) {
ret->length = 0;
if (data != NULL)
OPENSSL_free(data);
data = (unsigned char *)OPENSSL_malloc(length);
if (data == NULL) {
i = ERR_R_MALLOC_FAILURE;
goto err;
}
ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
}
memcpy(ret->data, p, length);
memcpy(data, p, length);
/* reattach data to object, after which it remains const */
ret->data = data;
ret->length = length;
ret->sn = NULL;
ret->ln = NULL;
@ -368,7 +374,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
}
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
if (a->data != NULL)
OPENSSL_free(a->data);
OPENSSL_free((void *)a->data);
a->data = NULL;
a->length = 0;
}

5
Cryptlib/OpenSSL/crypto/asn1/a_octet.c
View File

@ -60,12 +60,13 @@
#include "cryptlib.h"
#include <openssl/asn1.h>
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
{
return M_ASN1_OCTET_STRING_dup(x);
}
int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
const ASN1_OCTET_STRING *b)
{
return M_ASN1_OCTET_STRING_cmp(a, b);
}

44
Cryptlib/OpenSSL/crypto/asn1/a_set.c
View File

@ -86,8 +86,8 @@ static int SetBlobCmp(const void *elem1, const void *elem2)
/*
* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)
*/
int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
int ex_class, int is_set)
int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class, int is_set)
{
int ret = 0, r;
int i;
@ -98,8 +98,8 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
if (a == NULL)
return (0);
for (i = sk_num(a) - 1; i >= 0; i--)
ret += i2d(sk_value(a, i), NULL);
for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--)
ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
r = ASN1_object_size(1, ret, ex_tag);
if (pp == NULL)
return (r);
@ -111,9 +111,9 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
/* And then again by Ben */
/* And again by Steve */
if (!is_set || (sk_num(a) < 2)) {
for (i = 0; i < sk_num(a); i++)
i2d(sk_value(a, i), &p);
if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) {
for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++)
i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
*pp = p;
return (r);
@ -121,15 +121,15 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
pStart = p; /* Catch the beg of Setblobs */
/* In this array we will store the SET blobs */
rgSetBlob = (MYBLOB *) OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
if (rgSetBlob == NULL) {
ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
return (0);
}
for (i = 0; i < sk_num(a); i++) {
for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) {
rgSetBlob[i].pbData = p; /* catch each set encode blob */
i2d(sk_value(a, i), &p);
i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
* SetBlob */
}
@ -140,7 +140,7 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
* Now we have to sort the blobs. I am using a simple algo. *Sort ptrs
* *Copy to temp-mem *Copy from temp-mem to user-mem
*/
qsort(rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
if (!(pTempMem = OPENSSL_malloc(totSize))) {
ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
return (0);
@ -148,7 +148,7 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
/* Copy to temp mem */
p = pTempMem;
for (i = 0; i < sk_num(a); ++i) {
for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) {
memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
p += rgSetBlob[i].cbData;
}
@ -161,15 +161,17 @@ int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
return (r);
}
STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length,
d2i_of_void *d2i, void (*free_func) (void *), int ex_tag,
int ex_class)
STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
const unsigned char **pp,
long length, d2i_of_void *d2i,
void (*free_func) (OPENSSL_BLOCK),
int ex_tag, int ex_class)
{
ASN1_const_CTX c;
STACK *ret = NULL;
STACK_OF(OPENSSL_BLOCK) *ret = NULL;
if ((a == NULL) || ((*a) == NULL)) {
if ((ret = sk_new_null()) == NULL) {
if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) {
ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
goto err;
}
@ -213,10 +215,10 @@ STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length,
*/
if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT);
asn1_add_error(*pp, (int)(c.q - *pp));
asn1_add_error(*pp, (int)(c.p - *pp));
goto err;
}
if (!sk_push(ret, s))
if (!sk_OPENSSL_BLOCK_push(ret, s))
goto err;
}
if (a != NULL)
@ -226,9 +228,9 @@ STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length,
err:
if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
if (free_func != NULL)
sk_pop_free(ret, free_func);
sk_OPENSSL_BLOCK_pop_free(ret, free_func);
else
sk_free(ret);
sk_OPENSSL_BLOCK_free(ret);
}
return (NULL);
}

132
Cryptlib/OpenSSL/crypto/asn1/a_sign.c
View File

@ -123,6 +123,7 @@
#include <openssl/x509.h>
#include <openssl/objects.h>
#include <openssl/buffer.h>
#include "asn1_locl.h"
#ifndef NO_ASN1_OLD
@ -181,10 +182,10 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
p = buf_in;
i2d(data, &p);
EVP_SignInit_ex(&ctx, type, NULL);
EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl);
if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out,
(unsigned int *)&outl, pkey)) {
if (!EVP_SignInit_ex(&ctx, type, NULL)
|| !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl)
|| !EVP_SignFinal(&ctx, (unsigned char *)buf_out,
(unsigned int *)&outl, pkey)) {
outl = 0;
ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
goto err;
@ -220,64 +221,89 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
EVP_PKEY *pkey, const EVP_MD *type)
{
EVP_MD_CTX ctx;
unsigned char *buf_in = NULL, *buf_out = NULL;
int i, inl = 0, outl = 0, outll = 0;
X509_ALGOR *a;
EVP_MD_CTX_init(&ctx);
for (i = 0; i < 2; i++) {
if (i == 0)
a = algor1;
else
a = algor2;
if (a == NULL)
continue;
if (type->pkey_type == NID_dsaWithSHA1 ||
type->pkey_type == NID_ecdsa_with_SHA1) {
/*
* special case: RFC 3279 tells us to omit 'parameters' with
* id-dsa-with-sha1 and ecdsa-with-SHA1
*/
ASN1_TYPE_free(a->parameter);
a->parameter = NULL;
} else if ((a->parameter == NULL) ||
(a->parameter->type != V_ASN1_NULL)) {
ASN1_TYPE_free(a->parameter);
if ((a->parameter = ASN1_TYPE_new()) == NULL)
goto err;
a->parameter->type = V_ASN1_NULL;
}
ASN1_OBJECT_free(a->algorithm);
a->algorithm = OBJ_nid2obj(type->pkey_type);
if (a->algorithm == NULL) {
ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
goto err;
}
if (a->algorithm->length == 0) {
ASN1err(ASN1_F_ASN1_ITEM_SIGN,
ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
goto err;
}
if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) {
EVP_MD_CTX_cleanup(&ctx);
return 0;
}
return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
}
int ASN1_item_sign_ctx(const ASN1_ITEM *it,
X509_ALGOR *algor1, X509_ALGOR *algor2,
ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
{
const EVP_MD *type;
EVP_PKEY *pkey;
unsigned char *buf_in = NULL, *buf_out = NULL;
size_t inl = 0, outl = 0, outll = 0;
int signid, paramtype;
int rv;
type = EVP_MD_CTX_md(ctx);
pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
if (!type || !pkey) {
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
return 0;
}
if (pkey->ameth->item_sign) {
rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature);
if (rv == 1)
outl = signature->length;
/*-
* Return value meanings:
* <=0: error.
* 1: method does everything.
* 2: carry on as normal.
* 3: ASN1 method sets algorithm identifiers: just sign.
*/
if (rv <= 0)
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
if (rv <= 1)
goto err;
} else
rv = 2;
if (rv == 2) {
if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
if (!pkey->ameth ||
!OBJ_find_sigid_by_algs(&signid,
EVP_MD_nid(type),
pkey->ameth->pkey_id)) {
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
return 0;
}
} else
signid = type->pkey_type;
if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
paramtype = V_ASN1_NULL;
else
paramtype = V_ASN1_UNDEF;
if (algor1)
X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
if (algor2)
X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
}
inl = ASN1_item_i2d(asn, &buf_in, it);
outll = outl = EVP_PKEY_size(pkey);
buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl);
buf_out = OPENSSL_malloc((unsigned int)outl);
if ((buf_in == NULL) || (buf_out == NULL)) {
outl = 0;
ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EVP_SignInit_ex(&ctx, type, NULL)) {
if (!EVP_DigestSignUpdate(ctx, buf_in, inl)
|| !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
outl = 0;
ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB);
goto err;
}
EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl);
if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out,
(unsigned int *)&outl, pkey)) {
outl = 0;
ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB);
ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
goto err;
}
if (signature->data != NULL)
@ -292,7 +318,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
err:
EVP_MD_CTX_cleanup(&ctx);
EVP_MD_CTX_cleanup(ctx);
if (buf_in != NULL) {
OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
OPENSSL_free(buf_in);

1
Cryptlib/OpenSSL/crypto/asn1/a_strex.c
View File

@ -638,6 +638,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
mbflag |= MBSTRING_FLAG;
stmp.data = NULL;
stmp.length = 0;
stmp.flags = 0;
ret =
ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
B_ASN1_UTF8STRING);

21
Cryptlib/OpenSSL/crypto/asn1/a_strnid.c
View File

@ -67,7 +67,6 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
static void st_free(ASN1_STRING_TABLE *tbl);
static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
const ASN1_STRING_TABLE *const *b);
static int table_cmp(const void *a, const void *b);
/*
* This is the global mask for the mbstring functions: this is use to mask
@ -171,7 +170,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
/* This table must be kept in NID order */
static ASN1_STRING_TABLE tbl_standard[] = {
static const ASN1_STRING_TABLE tbl_standard[] = {
{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
@ -202,24 +201,24 @@ static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
return (*a)->nid - (*b)->nid;
}
static int table_cmp(const void *a, const void *b)
DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
{
const ASN1_STRING_TABLE *sa = a, *sb = b;
return sa->nid - sb->nid;
return a->nid - b->nid;
}
IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
{
int idx;
ASN1_STRING_TABLE *ttmp;
ASN1_STRING_TABLE fnd;
fnd.nid = nid;
ttmp = (ASN1_STRING_TABLE *)OBJ_bsearch((char *)&fnd,
(char *)tbl_standard,
sizeof(tbl_standard) /
sizeof(ASN1_STRING_TABLE),
sizeof(ASN1_STRING_TABLE),
table_cmp);
ttmp = OBJ_bsearch_table(&fnd, tbl_standard,
sizeof(tbl_standard) /
sizeof(ASN1_STRING_TABLE));
if (ttmp)
return ttmp;
if (!stable)

68
Cryptlib/OpenSSL/crypto/asn1/a_time.c
View File

@ -66,6 +66,7 @@
#include "cryptlib.h"
#include "o_time.h"
#include <openssl/asn1t.h>
#include "asn1_locl.h"
IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
@ -99,18 +100,28 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
#endif
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{
return ASN1_TIME_adj(s, t, 0, 0);
}
ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
int offset_day, long offset_sec)
{
struct tm *ts;
struct tm data;
ts = OPENSSL_gmtime(&t, &data);
if (ts == NULL) {
ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
return NULL;
}
if (offset_day || offset_sec) {
if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
return NULL;
}
if ((ts->tm_year >= 50) && (ts->tm_year < 150))
return ASN1_UTCTIME_set(s, t);
return ASN1_GENERALIZEDTIME_set(s, t);
return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
}
int ASN1_TIME_check(ASN1_TIME *t)
@ -164,3 +175,54 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
return ret;
}
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
{
ASN1_TIME t;
t.length = strlen(str);
t.data = (unsigned char *)str;
t.flags = 0;
t.type = V_ASN1_UTCTIME;
if (!ASN1_TIME_check(&t)) {
t.type = V_ASN1_GENERALIZEDTIME;
if (!ASN1_TIME_check(&t))
return 0;
}
if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
return 0;
return 1;
}
static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t)
{
if (t == NULL) {
time_t now_t;
time(&now_t);
if (OPENSSL_gmtime(&now_t, tm))
return 1;
return 0;
}
if (t->type == V_ASN1_UTCTIME)
return asn1_utctime_to_tm(tm, t);
else if (t->type == V_ASN1_GENERALIZEDTIME)
return asn1_generalizedtime_to_tm(tm, t);
return 0;
}
int ASN1_TIME_diff(int *pday, int *psec,
const ASN1_TIME *from, const ASN1_TIME *to)
{
struct tm tm_from, tm_to;
if (!asn1_time_to_tm(&tm_from, from))
return 0;
if (!asn1_time_to_tm(&tm_to, to))
return 0;
return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
}

Some files were not shown because too many files have changed in this diff Show More