diff options
Diffstat (limited to 'src/include/openssl')
53 files changed, 3168 insertions, 3478 deletions
diff --git a/src/include/openssl/aead.h b/src/include/openssl/aead.h index 61cf3cd..dc453e3 100644 --- a/src/include/openssl/aead.h +++ b/src/include/openssl/aead.h @@ -115,18 +115,28 @@ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_key_wrap(void); * See |EVP_aead_aes_128_key_wrap| for details. */ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_key_wrap(void); +/* EVP_aead_aes_128_ctr_hmac_sha256 is AES-128 in CTR mode with HMAC-SHA256 for + * authentication. The nonce is 12 bytes; the bottom 32-bits are used as the + * block counter, thus the maximum plaintext size is 64GB. */ +OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void); + +/* EVP_aead_aes_128_ctr_hmac_sha256 is AES-256 in CTR mode with HMAC-SHA256 for + * authentication. See |EVP_aead_aes_128_ctr_hmac_sha256| for details. */ +OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_ctr_hmac_sha256(void); + /* EVP_has_aes_hardware returns one if we enable hardware support for fast and * constant-time AES-GCM. */ OPENSSL_EXPORT int EVP_has_aes_hardware(void); -/* TLS specific AEAD algorithms. +/* TLS-specific AEAD algorithms. * * These AEAD primitives do not meet the definition of generic AEADs. They are - * all specific to TLS in some fashion and should not be used outside of that - * context. They require an additional data of length 11 (the standard TLS one - * with the length omitted). They are also stateful, so a given |EVP_AEAD_CTX| - * may only be used for one of seal or open, but not both. */ + * all specific to TLS and should not be used outside of that context. They must + * be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful, and may + * not be used concurrently. Any nonces are used as IVs, so they must be + * unpredictable. They only accept an |ad| parameter of length 11 (the standard + * TLS one with length omitted). */ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_md5_tls(void); OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_sha1_tls(void); @@ -144,11 +154,13 @@ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void); OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void); -/* SSLv3 specific AEAD algorithms. +/* SSLv3-specific AEAD algorithms. * * These AEAD primitives do not meet the definition of generic AEADs. They are - * all specific to SSLv3 in some fashion and should not be used outside of that - * context. */ + * all specific to SSLv3 and should not be used outside of that context. They + * must be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful, + * and may not be used concurrently. They only accept an |ad| parameter of + * length 9 (the standard TLS one with length and version omitted). */ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void); OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_sha1_ssl3(void); @@ -205,17 +217,35 @@ typedef struct evp_aead_ctx_st { * be used. */ #define EVP_AEAD_DEFAULT_TAG_LENGTH 0 -/* EVP_AEAD_init initializes |ctx| for the given AEAD algorithm from |impl|. +/* evp_aead_direction_t denotes the direction of an AEAD operation. */ +enum evp_aead_direction_t { + evp_aead_open, + evp_aead_seal, +}; + +/* EVP_AEAD_CTX_init initializes |ctx| for the given AEAD algorithm from |impl|. * The |impl| argument may be NULL to choose the default implementation. * Authentication tags may be truncated by passing a size as |tag_len|. A * |tag_len| of zero indicates the default tag length and this is defined as * EVP_AEAD_DEFAULT_TAG_LENGTH for readability. - * Returns 1 on success. Otherwise returns 0 and pushes to the error stack. */ + * + * Returns 1 on success. Otherwise returns 0 and pushes to the error stack. In + * the error case, you do not need to call |EVP_AEAD_CTX_cleanup|, but it's + * harmless to do so. */ OPENSSL_EXPORT int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len, size_t tag_len, ENGINE *impl); -/* EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. */ +/* EVP_AEAD_CTX_init_with_direction calls |EVP_AEAD_CTX_init| for normal + * AEADs. For TLS-specific and SSL3-specific AEADs, it initializes |ctx| for a + * given direction. */ +OPENSSL_EXPORT int EVP_AEAD_CTX_init_with_direction( + EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len, + size_t tag_len, enum evp_aead_direction_t dir); + +/* EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. It is a no-op to + * call |EVP_AEAD_CTX_cleanup| on a |EVP_AEAD_CTX| that has been |memset| to + * all zeros. */ OPENSSL_EXPORT void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx); /* EVP_AEAD_CTX_seal encrypts and authenticates |in_len| bytes from |in| and @@ -270,6 +300,14 @@ OPENSSL_EXPORT int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *ad, size_t ad_len); +/* Obscure functions. */ + +/* EVP_AEAD_CTX_get_rc4_state sets |*out_key| to point to an RC4 key structure. + * It returns one on success or zero if |ctx| doesn't have an RC4 key. */ +OPENSSL_EXPORT int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx, + const RC4_KEY **out_key); + + #if defined(__cplusplus) } /* extern C */ #endif diff --git a/src/include/openssl/asn1.h b/src/include/openssl/asn1.h index 941b156..4baf81c 100644 --- a/src/include/openssl/asn1.h +++ b/src/include/openssl/asn1.h @@ -517,7 +517,7 @@ struct X509_algor_st } /* X509_ALGOR */; DEFINE_STACK_OF(X509_ALGOR); -DECLARE_ASN1_FUNCTIONS(X509_ALGOR); +DECLARE_ASN1_FUNCTIONS(X509_ALGOR) typedef struct NETSCAPE_X509_st { @@ -1078,187 +1078,157 @@ OPENSSL_EXPORT int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, asn1_ps_f } #endif -#define ASN1_F_asn1_template_ex_d2i 100 -#define ASN1_F_ASN1_dup 101 -#define ASN1_F_a2i_ASN1_STRING 102 -#define ASN1_F_ASN1_d2i_fp 103 -#define ASN1_F_d2i_ASN1_OBJECT 104 -#define ASN1_F_asn1_item_ex_combine_new 105 -#define ASN1_F_ASN1_template_new 106 -#define ASN1_F_asn1_do_adb 107 -#define ASN1_F_asn1_d2i_read_bio 108 -#define ASN1_F_asn1_ex_c2i 109 -#define ASN1_F_c2i_ASN1_INTEGER 110 -#define ASN1_F_ASN1_PCTX_new 111 -#define ASN1_F_ASN1_item_unpack 112 -#define ASN1_F_d2i_ASN1_type_bytes 113 -#define ASN1_F_a2i_ASN1_INTEGER 114 -#define ASN1_F_asn1_collect 115 -#define ASN1_F_ASN1_item_dup 116 -#define ASN1_F_ASN1_ENUMERATED_set 117 -#define ASN1_F_c2i_ASN1_OBJECT 118 -#define ASN1_F_ASN1_unpack_string 119 -#define ASN1_F_d2i_ASN1_UINTEGER 120 -#define ASN1_F_long_c2i 121 -#define ASN1_F_ASN1_seq_pack 122 -#define ASN1_F_a2d_ASN1_OBJECT 123 -#define ASN1_F_ASN1_STRING_type_new 124 -#define ASN1_F_ASN1_INTEGER_set 125 -#define ASN1_F_BN_to_ASN1_INTEGER 126 -#define ASN1_F_BIO_new_NDEF 127 -#define ASN1_F_ASN1_ENUMERATED_to_BN 128 -#define ASN1_F_ASN1_item_ex_d2i 129 -#define ASN1_F_ASN1_INTEGER_to_BN 130 -#define ASN1_F_i2d_ASN1_TIME 131 -#define ASN1_F_ASN1_TIME_adj 132 -#define ASN1_F_ASN1_BIT_STRING_set_bit 133 -#define ASN1_F_ASN1_seq_unpack 134 -#define ASN1_F_ASN1_item_pack 135 -#define ASN1_F_ASN1_STRING_set 136 -#define ASN1_F_ASN1_UTCTIME_adj 137 -#define ASN1_F_ASN1_mbstring_ncopy 138 -#define ASN1_F_d2i_ASN1_BOOLEAN 139 -#define ASN1_F_ASN1_OBJECT_new 140 -#define ASN1_F_asn1_template_noexp_d2i 141 -#define ASN1_F_c2i_ASN1_BIT_STRING 142 -#define ASN1_F_BN_to_ASN1_ENUMERATED 143 -#define ASN1_F_asn1_d2i_ex_primitive 144 -#define ASN1_F_ASN1_i2d_bio 145 -#define ASN1_F_ASN1_item_i2d_bio 146 -#define ASN1_F_d2i_ASN1_UTCTIME 147 -#define ASN1_F_ASN1_STRING_TABLE_add 148 -#define ASN1_F_asn1_find_end 149 -#define ASN1_F_ASN1_item_d2i_fp 150 -#define ASN1_F_collect_data 151 -#define ASN1_F_asn1_check_tlen 152 -#define ASN1_F_ASN1_i2d_fp 153 -#define ASN1_F_ASN1_item_i2d_fp 154 -#define ASN1_F_ASN1_GENERALIZEDTIME_adj 155 -#define ASN1_F_asn1_collate_primitive 156 -#define ASN1_F_ASN1_pack_string 157 -#define ASN1_F_ASN1_get_object 158 -#define ASN1_F_d2i_ASN1_bytes 159 -#define ASN1_F_a2i_ASN1_ENUMERATED 160 -#define ASN1_R_ASN1_SIG_PARSE_ERROR 100 -#define ASN1_R_ADDING_OBJECT 101 -#define ASN1_R_MIME_NO_CONTENT_TYPE 102 -#define ASN1_R_UNKNOWN_OBJECT_TYPE 103 -#define ASN1_R_ILLEGAL_FORMAT 104 -#define ASN1_R_HEADER_TOO_LONG 105 -#define ASN1_R_INVALID_UTF8STRING 106 -#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 107 -#define ASN1_R_ILLEGAL_TAGGED_ANY 108 -#define ASN1_R_DATA_IS_WRONG 109 -#define ASN1_R_NOT_ASCII_FORMAT 110 -#define ASN1_R_NOT_ENOUGH_DATA 111 -#define ASN1_R_MSTRING_NOT_UNIVERSAL 112 -#define ASN1_R_UNKNOWN_FORMAT 113 -#define ASN1_R_BAD_PASSWORD_READ 115 -#define ASN1_R_BAD_OBJECT_HEADER 116 -#define ASN1_R_ILLEGAL_CHARACTERS 117 -#define ASN1_R_CONTEXT_NOT_INITIALISED 118 -#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 119 -#define ASN1_R_BN_LIB 120 -#define ASN1_R_NO_MATCHING_CHOICE_TYPE 121 -#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 122 -#define ASN1_R_ASN1_PARSE_ERROR 123 -#define ASN1_R_NO_MULTIPART_BOUNDARY 124 -#define ASN1_R_INVALID_SEPARATOR 125 -#define ASN1_R_MALLOC_FAILURE 126 -#define ASN1_R_ILLEGAL_NULL 127 -#define ASN1_R_INVALID_MIME_TYPE 128 -#define ASN1_R_INVALID_NUMBER 129 -#define ASN1_R_STRING_TOO_LONG 130 -#define ASN1_R_BAD_GET_ASN1_OBJECT_CALL 131 -#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 132 -#define ASN1_R_EXPECTING_A_TIME 133 -#define ASN1_R_TAG_VALUE_TOO_HIGH 134 -#define ASN1_R_NESTED_ASN1_STRING 135 -#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 136 -#define ASN1_R_MISSING_SECOND_NUMBER 137 -#define ASN1_R_TIME_NOT_ASCII_FORMAT 138 -#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 139 -#define ASN1_R_WRONG_TYPE 140 -#define ASN1_R_EXPECTING_AN_INTEGER 141 -#define ASN1_R_DEPTH_EXCEEDED 142 -#define ASN1_R_ILLEGAL_OBJECT 143 -#define ASN1_R_UNKNOWN_TAG 144 -#define ASN1_R_ILLEGAL_IMPLICIT_TAG 145 -#define ASN1_R_AUX_ERROR 146 -#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 147 -#define ASN1_R_FIELD_MISSING 148 -#define ASN1_R_TYPE_NOT_CONSTRUCTED 149 -#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 150 -#define ASN1_R_FIRST_NUM_TOO_LARGE 151 -#define ASN1_R_INVALID_DIGIT 152 -#define ASN1_R_MSTRING_WRONG_TAG 153 -#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 154 -#define ASN1_R_UNSUPPORTED_TYPE 155 -#define ASN1_R_ERROR_LOADING_SECTION 156 -#define ASN1_R_ODD_NUMBER_OF_CHARS 157 -#define ASN1_R_ASN1_LENGTH_MISMATCH 158 -#define ASN1_R_MISSING_EOC 159 -#define ASN1_R_ILLEGAL_INTEGER 160 -#define ASN1_R_ILLEGAL_HEX 161 -#define ASN1_R_NESTED_ASN1_ERROR 162 -#define ASN1_R_TOO_LONG 163 -#define ASN1_R_LENGTH_ERROR 164 -#define ASN1_R_DECODING_ERROR 165 -#define ASN1_R_MIME_SIG_PARSE_ERROR 166 -#define ASN1_R_ILLEGAL_NULL_VALUE 167 -#define ASN1_R_EXPECTING_A_BOOLEAN 168 -#define ASN1_R_STREAMING_NOT_SUPPORTED 169 -#define ASN1_R_INVALID_BMPSTRING_LENGTH 170 -#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 171 -#define ASN1_R_INVALID_MODIFIER 172 -#define ASN1_R_UNEXPECTED_EOC 173 -#define ASN1_R_ILLEGAL_NESTED_TAGGING 174 -#define ASN1_R_IV_TOO_LARGE 175 -#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 176 -#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 177 -#define ASN1_R_BUFFER_TOO_SMALL 178 -#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 179 -#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 181 -#define ASN1_R_MIME_PARSE_ERROR 182 -#define ASN1_R_INVALID_OBJECT_ENCODING 183 -#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 184 -#define ASN1_R_UNSUPPORTED_CIPHER 185 -#define ASN1_R_NO_MULTIPART_BODY_FAILURE 186 -#define ASN1_R_NO_CONTENT_TYPE 187 -#define ASN1_R_SECOND_NUMBER_TOO_LARGE 188 -#define ASN1_R_INVALID_TIME_FORMAT 189 -#define ASN1_R_NO_DEFAULT_DIGEST 190 -#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 191 -#define ASN1_R_EXPECTING_AN_OBJECT 192 -#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 193 -#define ASN1_R_ERROR_GETTING_TIME 194 -#define ASN1_R_MISSING_VALUE 195 -#define ASN1_R_LIST_ERROR 196 -#define ASN1_R_DECODE_ERROR 197 -#define ASN1_R_NON_HEX_CHARACTERS 198 -#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 199 -#define ASN1_R_EXPECTING_AN_ASN1_SEQUENCE 201 -#define ASN1_R_STRING_TOO_SHORT 203 -#define ASN1_R_ILLEGAL_OPTIONAL_ANY 204 -#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 205 -#define ASN1_R_NO_SIG_CONTENT_TYPE 206 -#define ASN1_R_ENCODE_ERROR 207 -#define ASN1_R_SHORT_LINE 208 -#define ASN1_R_ILLEGAL_TIME_VALUE 209 -#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 210 -#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 211 -#define ASN1_R_BAD_CLASS 212 -#define ASN1_R_BAD_TAG 213 -#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 214 -#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 215 -#define ASN1_R_ILLEGAL_BOOLEAN 216 -#define ASN1_R_SIG_INVALID_MIME_TYPE 217 -#define ASN1_R_NULL_IS_WRONG_LENGTH 218 -#define ASN1_R_MISSING_ASN1_EOS 219 -#define ASN1_R_ERROR_PARSING_SET_ELEMENT 220 -#define ASN1_R_WRONG_TAG 221 -#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 222 -#define ASN1_R_TYPE_NOT_PRIMITIVE 223 -#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 224 +#define ASN1_F_ASN1_BIT_STRING_set_bit 100 +#define ASN1_F_ASN1_ENUMERATED_set 101 +#define ASN1_F_ASN1_ENUMERATED_to_BN 102 +#define ASN1_F_ASN1_GENERALIZEDTIME_adj 103 +#define ASN1_F_ASN1_INTEGER_set 104 +#define ASN1_F_ASN1_INTEGER_to_BN 105 +#define ASN1_F_ASN1_OBJECT_new 106 +#define ASN1_F_ASN1_PCTX_new 107 +#define ASN1_F_ASN1_STRING_TABLE_add 108 +#define ASN1_F_ASN1_STRING_set 109 +#define ASN1_F_ASN1_STRING_type_new 110 +#define ASN1_F_ASN1_TIME_adj 111 +#define ASN1_F_ASN1_UTCTIME_adj 112 +#define ASN1_F_ASN1_d2i_fp 113 +#define ASN1_F_ASN1_dup 114 +#define ASN1_F_ASN1_generate_v3 115 +#define ASN1_F_ASN1_get_object 116 +#define ASN1_F_ASN1_i2d_bio 117 +#define ASN1_F_ASN1_i2d_fp 118 +#define ASN1_F_ASN1_item_d2i_fp 119 +#define ASN1_F_ASN1_item_dup 120 +#define ASN1_F_ASN1_item_ex_d2i 121 +#define ASN1_F_ASN1_item_i2d_bio 122 +#define ASN1_F_ASN1_item_i2d_fp 123 +#define ASN1_F_ASN1_item_pack 124 +#define ASN1_F_ASN1_item_unpack 125 +#define ASN1_F_ASN1_mbstring_ncopy 126 +#define ASN1_F_ASN1_template_new 127 +#define ASN1_F_BIO_new_NDEF 128 +#define ASN1_F_BN_to_ASN1_ENUMERATED 129 +#define ASN1_F_BN_to_ASN1_INTEGER 130 +#define ASN1_F_a2d_ASN1_OBJECT 131 +#define ASN1_F_a2i_ASN1_ENUMERATED 132 +#define ASN1_F_a2i_ASN1_INTEGER 133 +#define ASN1_F_a2i_ASN1_STRING 134 +#define ASN1_F_append_exp 135 +#define ASN1_F_asn1_cb 136 +#define ASN1_F_asn1_check_tlen 137 +#define ASN1_F_asn1_collate_primitive 138 +#define ASN1_F_asn1_collect 139 +#define ASN1_F_asn1_d2i_ex_primitive 140 +#define ASN1_F_asn1_d2i_read_bio 141 +#define ASN1_F_asn1_do_adb 142 +#define ASN1_F_asn1_ex_c2i 143 +#define ASN1_F_asn1_find_end 144 +#define ASN1_F_asn1_item_ex_combine_new 145 +#define ASN1_F_asn1_str2type 146 +#define ASN1_F_asn1_template_ex_d2i 147 +#define ASN1_F_asn1_template_noexp_d2i 148 +#define ASN1_F_bitstr_cb 149 +#define ASN1_F_c2i_ASN1_BIT_STRING 150 +#define ASN1_F_c2i_ASN1_INTEGER 151 +#define ASN1_F_c2i_ASN1_OBJECT 152 +#define ASN1_F_collect_data 153 +#define ASN1_F_d2i_ASN1_BOOLEAN 154 +#define ASN1_F_d2i_ASN1_OBJECT 155 +#define ASN1_F_d2i_ASN1_UINTEGER 156 +#define ASN1_F_d2i_ASN1_UTCTIME 157 +#define ASN1_F_d2i_ASN1_bytes 158 +#define ASN1_F_d2i_ASN1_type_bytes 159 +#define ASN1_F_i2d_ASN1_TIME 160 +#define ASN1_F_i2d_PrivateKey 161 +#define ASN1_F_long_c2i 162 +#define ASN1_F_parse_tagging 163 +#define ASN1_R_ASN1_LENGTH_MISMATCH 100 +#define ASN1_R_AUX_ERROR 101 +#define ASN1_R_BAD_GET_ASN1_OBJECT_CALL 102 +#define ASN1_R_BAD_OBJECT_HEADER 103 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 104 +#define ASN1_R_BN_LIB 105 +#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +#define ASN1_R_BUFFER_TOO_SMALL 107 +#define ASN1_R_DECODE_ERROR 108 +#define ASN1_R_DEPTH_EXCEEDED 109 +#define ASN1_R_ENCODE_ERROR 110 +#define ASN1_R_ERROR_GETTING_TIME 111 +#define ASN1_R_EXPECTING_AN_ASN1_SEQUENCE 112 +#define ASN1_R_EXPECTING_AN_INTEGER 113 +#define ASN1_R_EXPECTING_AN_OBJECT 114 +#define ASN1_R_EXPECTING_A_BOOLEAN 115 +#define ASN1_R_EXPECTING_A_TIME 116 +#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 117 +#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 118 +#define ASN1_R_FIELD_MISSING 119 +#define ASN1_R_FIRST_NUM_TOO_LARGE 120 +#define ASN1_R_HEADER_TOO_LONG 121 +#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 122 +#define ASN1_R_ILLEGAL_BOOLEAN 123 +#define ASN1_R_ILLEGAL_CHARACTERS 124 +#define ASN1_R_ILLEGAL_FORMAT 125 +#define ASN1_R_ILLEGAL_HEX 126 +#define ASN1_R_ILLEGAL_IMPLICIT_TAG 127 +#define ASN1_R_ILLEGAL_INTEGER 128 +#define ASN1_R_ILLEGAL_NESTED_TAGGING 129 +#define ASN1_R_ILLEGAL_NULL 130 +#define ASN1_R_ILLEGAL_NULL_VALUE 131 +#define ASN1_R_ILLEGAL_OBJECT 132 +#define ASN1_R_ILLEGAL_OPTIONAL_ANY 133 +#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 134 +#define ASN1_R_ILLEGAL_TAGGED_ANY 135 +#define ASN1_R_ILLEGAL_TIME_VALUE 136 +#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 137 +#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 138 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 139 +#define ASN1_R_INVALID_BMPSTRING_LENGTH 140 +#define ASN1_R_INVALID_DIGIT 141 +#define ASN1_R_INVALID_MODIFIER 142 +#define ASN1_R_INVALID_NUMBER 143 +#define ASN1_R_INVALID_OBJECT_ENCODING 144 +#define ASN1_R_INVALID_SEPARATOR 145 +#define ASN1_R_INVALID_TIME_FORMAT 146 +#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 147 +#define ASN1_R_INVALID_UTF8STRING 148 +#define ASN1_R_LIST_ERROR 149 +#define ASN1_R_MALLOC_FAILURE 150 +#define ASN1_R_MISSING_ASN1_EOS 151 +#define ASN1_R_MISSING_EOC 152 +#define ASN1_R_MISSING_SECOND_NUMBER 153 +#define ASN1_R_MISSING_VALUE 154 +#define ASN1_R_MSTRING_NOT_UNIVERSAL 155 +#define ASN1_R_MSTRING_WRONG_TAG 156 +#define ASN1_R_NESTED_ASN1_ERROR 157 +#define ASN1_R_NESTED_ASN1_STRING 158 +#define ASN1_R_NON_HEX_CHARACTERS 159 +#define ASN1_R_NOT_ASCII_FORMAT 160 +#define ASN1_R_NOT_ENOUGH_DATA 161 +#define ASN1_R_NO_MATCHING_CHOICE_TYPE 162 +#define ASN1_R_NULL_IS_WRONG_LENGTH 163 +#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 164 +#define ASN1_R_ODD_NUMBER_OF_CHARS 165 +#define ASN1_R_SECOND_NUMBER_TOO_LARGE 166 +#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 167 +#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 168 +#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 169 +#define ASN1_R_SHORT_LINE 170 +#define ASN1_R_STREAMING_NOT_SUPPORTED 171 +#define ASN1_R_STRING_TOO_LONG 172 +#define ASN1_R_STRING_TOO_SHORT 173 +#define ASN1_R_TAG_VALUE_TOO_HIGH 174 +#define ASN1_R_TIME_NOT_ASCII_FORMAT 175 +#define ASN1_R_TOO_LONG 176 +#define ASN1_R_TYPE_NOT_CONSTRUCTED 177 +#define ASN1_R_TYPE_NOT_PRIMITIVE 178 +#define ASN1_R_UNEXPECTED_EOC 179 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 180 +#define ASN1_R_UNKNOWN_FORMAT 181 +#define ASN1_R_UNKNOWN_TAG 182 +#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 183 +#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 184 +#define ASN1_R_UNSUPPORTED_TYPE 185 +#define ASN1_R_WRONG_TAG 186 +#define ASN1_R_WRONG_TYPE 187 #endif diff --git a/src/include/openssl/asn1_mac.h b/src/include/openssl/asn1_mac.h index 3e8eebb..49b2a28 100644 --- a/src/include/openssl/asn1_mac.h +++ b/src/include/openssl/asn1_mac.h @@ -65,512 +65,10 @@ extern "C" { #endif -#ifndef ASN1_MAC_ERR_LIB -#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 -#endif - -#define ASN1_MAC_H_err(f,r,line) \ - ERR_put_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) - -#define M_ASN1_D2I_vars(a,type,func) \ - ASN1_const_CTX c; \ - type ret=NULL; \ - \ - c.pp=(const unsigned char **)pp; \ - c.q= *(const unsigned char **)pp; \ - c.error=ASN1_R_NESTED_ASN1_ERROR; \ - if ((a == NULL) || ((*a) == NULL)) \ - { if ((ret=(type)func()) == NULL) \ - { c.line=__LINE__; goto err; } } \ - else ret=(*a); - -#define M_ASN1_D2I_Init() \ - c.p= *(const unsigned char **)pp; \ - c.max=(length == 0)?0:(c.p+length); - -#define M_ASN1_D2I_Finish_2(a) \ - if (!asn1_const_Finish(&c)) \ - { c.line=__LINE__; goto err; } \ - *(const unsigned char **)pp=c.p; \ - if (a != NULL) (*a)=ret; \ - return(ret); - -#define M_ASN1_D2I_Finish(a,func,e) \ - M_ASN1_D2I_Finish_2(a); \ -err:\ - ASN1_MAC_H_err((e),c.error,c.line); \ - asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ - if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ - return(NULL) - -#define M_ASN1_D2I_start_sequence() \ - if (!asn1_GetSequence(&c,&length)) \ - { c.line=__LINE__; goto err; } -/* Begin reading ASN1 without a surrounding sequence */ -#define M_ASN1_D2I_begin() \ - c.slen = length; - -/* End reading ASN1 with no check on length */ -#define M_ASN1_D2I_Finish_nolen(a, func, e) \ - *pp=c.p; \ - if (a != NULL) (*a)=ret; \ - return(ret); \ -err:\ - ASN1_MAC_H_err((e),c.error,c.line); \ - asn1_add_error(*pp,(int)(c.q- *pp)); \ - if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ - return(NULL) - -#define M_ASN1_D2I_end_sequence() \ - (((c.inf&1) == 0)?(c.slen <= 0): \ - (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) - -/* Don't use this with d2i_ASN1_BOOLEAN() */ -#define M_ASN1_D2I_get(b, func) \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -/* Don't use this with d2i_ASN1_BOOLEAN() */ -#define M_ASN1_D2I_get_x(type,b,func) \ - c.q=c.p; \ - if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -/* use this instead () */ -#define M_ASN1_D2I_get_int(b,func) \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) < 0) \ - {c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_opt(b,func,type) \ - if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ - == (V_ASN1_UNIVERSAL|(type)))) \ - { \ - M_ASN1_D2I_get(b,func); \ - } - -#define M_ASN1_D2I_get_int_opt(b,func,type) \ - if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ - == (V_ASN1_UNIVERSAL|(type)))) \ - { \ - M_ASN1_D2I_get_int(b,func); \ - } - -#define M_ASN1_D2I_get_imp(b,func, type) \ - M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ - c.slen-=(c.p-c.q);\ - M_ASN1_next_prev=_tmp; - -#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ - if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ - (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ - { \ - unsigned char _tmp = M_ASN1_next; \ - M_ASN1_D2I_get_imp(b,func, type);\ - } - -#define M_ASN1_D2I_get_set(r,func,free_func) \ - M_ASN1_D2I_get_imp_set(r,func,free_func, \ - V_ASN1_SET,V_ASN1_UNIVERSAL); - -#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ - V_ASN1_SET,V_ASN1_UNIVERSAL); - -#define M_ASN1_D2I_get_set_opt(r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ - { M_ASN1_D2I_get_set(r,func,free_func); } - -#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ - { M_ASN1_D2I_get_set_type(type,r,func,free_func); } - -#define M_ASN1_I2D_len_SET_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_len_SET(a,f); - -#define M_ASN1_I2D_put_SET_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SET(a,f); - -#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE(a,f); - -#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE_type(type,a,f); - -#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ - if ((c.slen != 0) && \ - (M_ASN1_next == \ - (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ - { \ - M_ASN1_D2I_get_imp_set(b,func,free_func,\ - tag,V_ASN1_CONTEXT_SPECIFIC); \ - } - -#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ - if ((c.slen != 0) && \ - (M_ASN1_next == \ - (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ - { \ - M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ - tag,V_ASN1_CONTEXT_SPECIFIC); \ - } - -#define M_ASN1_D2I_get_seq(r,func,free_func) \ - M_ASN1_D2I_get_imp_set(r,func,free_func,\ - V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - -#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ - V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) - -#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ - { M_ASN1_D2I_get_seq(r,func,free_func); } - -#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ - { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } - -#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ - M_ASN1_D2I_get_imp_set(r,func,free_func,\ - x,V_ASN1_CONTEXT_SPECIFIC); - -#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ - x,V_ASN1_CONTEXT_SPECIFIC); - -#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ - (void (*)())free_func,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ - free_func,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_set_strings(r,func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ - if ((c.slen != 0L) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ASN1_R_BAD_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (func(&(r),&c.p,Tlen) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ - { c.error=ASN1_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ - if ((c.slen != 0) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ASN1_R_BAD_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ - (void (*)())free_func, \ - b,V_ASN1_UNIVERSAL) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_check_infinite_end(&c.p, Tlen)) \ - { c.error=ASN1_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ - if ((c.slen != 0) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ASN1_R_BAD_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ - free_func,b,V_ASN1_UNIVERSAL) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_check_infinite_end(&c.p, Tlen)) \ - { c.error=ASN1_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -/* New macros */ -#define M_ASN1_New_Malloc(ret,type) \ - if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ - { c.line=__LINE__; goto err2; } - -#define M_ASN1_New(arg,func) \ - if (((arg)=func()) == NULL) return(NULL) - -#define M_ASN1_New_Error(a) \ -/* err: ASN1_MAC_H_err((a),ASN1_R_NESTED_ASN1_ERROR,c.line); \ - return(NULL);*/ \ - err2: ASN1_MAC_H_err((a),ASN1_R_MALLOC_FAILURE,c.line); \ - return(NULL) +OPENSSL_EXPORT int asn1_GetSequence(ASN1_const_CTX *c, long *length); -/* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, - some macros that use ASN1_const_CTX still insist on writing in the input - stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. - Please? -- Richard Levitte */ -#define M_ASN1_next (*((unsigned char *)(c.p))) -#define M_ASN1_next_prev (*((unsigned char *)(c.q))) - -/*************************************************/ - -#define M_ASN1_I2D_vars(a) int r=0,ret=0; \ - unsigned char *p; \ - if (a == NULL) return(0) - -/* Length Macros */ -#define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) -#define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) - -#define M_ASN1_I2D_len_SET(a,f) \ - ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); - -#define M_ASN1_I2D_len_SET_type(type,a,f) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ - V_ASN1_UNIVERSAL,IS_SET); - -#define M_ASN1_I2D_len_SEQUENCE(a,f) \ - ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ - V_ASN1_UNIVERSAL,IS_SEQUENCE) - -#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_len_SEQUENCE(a,f); - -#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - M_ASN1_I2D_len_SEQUENCE_type(type,a,f); - -#define M_ASN1_I2D_len_IMP_SET(a,f,x) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); - -#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ - if (a != NULL)\ - { \ - v=f(a,NULL); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0))\ - { \ - v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0))\ - { \ - v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_##type##_num(a) != 0))\ - { \ - v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ - V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -/* Put Macros */ -#define M_ASN1_I2D_put(a,f) f(a,&p) - -#define M_ASN1_I2D_put_IMP_opt(a,f,t) \ - if (a != NULL) \ - { \ - unsigned char *q=p; \ - f(a,&p); \ - *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ - } - -#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ - V_ASN1_UNIVERSAL,IS_SET) -#define M_ASN1_I2D_put_SET_type(type,a,f) \ - i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET) -#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ - V_ASN1_CONTEXT_SPECIFIC,IS_SET) -#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ - i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET) -#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ - V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) - -#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ - V_ASN1_UNIVERSAL,IS_SEQUENCE) - -#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ - i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE) - -#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE(a,f); - -#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); } - -#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); } - -#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); } - -#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); } - -#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ - if (a != NULL) \ - { \ - ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ - f(a,&p); \ - } - -#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ - } - -#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ - } - -#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - } - -#define M_ASN1_I2D_seq_total() \ - r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ - if (pp == NULL) return(r); \ - p= *pp; \ - ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) - -#define M_ASN1_I2D_INF_seq_start(tag,ctx) \ - *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ - *(p++)=0x80 - -#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 - -#define M_ASN1_I2D_finish() *pp=p; \ - return(r); -OPENSSL_EXPORT int asn1_GetSequence(ASN1_const_CTX *c, long *length); -OPENSSL_EXPORT void asn1_add_error(const unsigned char *address, int offset); #ifdef __cplusplus } #endif diff --git a/src/include/openssl/asn1t.h b/src/include/openssl/asn1t.h index 72eb2cb..6c91134 100644 --- a/src/include/openssl/asn1t.h +++ b/src/include/openssl/asn1t.h @@ -58,7 +58,7 @@ #ifndef HEADER_ASN1T_H #define HEADER_ASN1T_H -#include <stddef.h> +#include <openssl/base.h> #include <openssl/asn1.h> #ifdef OPENSSL_BUILD_SHLIBCRYPTO diff --git a/src/include/openssl/base.h b/src/include/openssl/base.h index d73f269..b769ad5 100644 --- a/src/include/openssl/base.h +++ b/src/include/openssl/base.h @@ -56,8 +56,8 @@ /* This file should be the first included by all BoringSSL headers. */ +#include <stddef.h> #include <stdint.h> -#include <stdlib.h> #include <sys/types.h> #include <openssl/opensslfeatures.h> @@ -103,6 +103,11 @@ extern "C" { #define OPENSSL_WINDOWS #endif +#if defined(TRUSTY) +#define OPENSSL_TRUSTY +#define OPENSSL_NO_THREADS +#endif + #define OPENSSL_IS_BORINGSSL #define OPENSSL_VERSION_NUMBER 0x10002000 @@ -132,6 +137,9 @@ extern "C" { #endif /* defined(BORINGSSL_SHARED_LIBRARY) */ +/* CRYPTO_THREADID is a dummy value. */ +typedef int CRYPTO_THREADID; + typedef int ASN1_BOOLEAN; typedef int ASN1_NULL; typedef struct ASN1_ITEM_st ASN1_ITEM; @@ -174,7 +182,9 @@ typedef struct bn_mont_ctx_st BN_MONT_CTX; typedef struct buf_mem_st BUF_MEM; typedef struct cbb_st CBB; typedef struct cbs_st CBS; +typedef struct cmac_ctx_st CMAC_CTX; typedef struct conf_st CONF; +typedef struct conf_value_st CONF_VALUE; typedef struct dh_method DH_METHOD; typedef struct dh_st DH; typedef struct dsa_method DSA_METHOD; @@ -198,6 +208,7 @@ typedef struct md5_state_st MD5_CTX; typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; typedef struct pkcs12_st PKCS12; typedef struct rand_meth_st RAND_METHOD; +typedef struct rc4_key_st RC4_KEY; typedef struct rsa_meth_st RSA_METHOD; typedef struct rsa_st RSA; typedef struct sha256_state_st SHA256_CTX; diff --git a/src/include/openssl/bio.h b/src/include/openssl/bio.h index 4d89d11..b70b42f 100644 --- a/src/include/openssl/bio.h +++ b/src/include/openssl/bio.h @@ -59,9 +59,9 @@ #include <openssl/base.h> -#include <stdarg.h> #include <stdio.h> /* For FILE */ +#include <openssl/err.h> /* for ERR_print_errors_fp */ #include <openssl/ex_data.h> #include <openssl/stack.h> @@ -96,6 +96,9 @@ OPENSSL_EXPORT int BIO_free(BIO *bio); * TODO(fork): remove. */ OPENSSL_EXPORT void BIO_vfree(BIO *bio); +/* BIO_up_ref increments the reference count of |bio| and returns it. */ +OPENSSL_EXPORT BIO *BIO_up_ref(BIO *bio); + /* Basic I/O. */ @@ -331,10 +334,6 @@ OPENSSL_EXPORT int BIO_indent(BIO *bio, unsigned indent, unsigned max_indent); OPENSSL_EXPORT int BIO_hexdump(BIO *bio, const uint8_t *data, size_t len, unsigned indent); -/* BIO_print_errors_fp prints the current contents of the error stack to |out| - * using human readable strings where possible. */ -OPENSSL_EXPORT void BIO_print_errors_fp(FILE *out); - /* BIO_print_errors prints the current contents of the error stack to |bio| * using human readable strings where possible. */ OPENSSL_EXPORT void BIO_print_errors(BIO *bio); @@ -652,7 +651,7 @@ OPENSSL_EXPORT int BIO_zero_copy_get_read_buf_done(BIO* bio, size_t bytes_read); * stack. * * The zero copy write operation is completed by calling - * |BIO_zero_copy_write_buf_don|e. Neither |BIO_zero_copy_get_write_buf_done| + * |BIO_zero_copy_write_buf_done|. Neither |BIO_zero_copy_get_write_buf| * nor any other I/O write operation may be called while a zero copy write * operation is active. */ OPENSSL_EXPORT int BIO_zero_copy_get_write_buf(BIO* bio, @@ -693,8 +692,6 @@ OPENSSL_EXPORT int BIO_zero_copy_get_write_buf_done(BIO* bio, #define BIO_CTRL_INFO 3 /* opt - extra tit-bits */ #define BIO_CTRL_SET 4 /* man - set the 'IO' type */ #define BIO_CTRL_GET 5 /* man - get the 'IO' type */ -#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */ -#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */ #define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */ #define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */ #define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */ @@ -706,6 +703,14 @@ OPENSSL_EXPORT int BIO_zero_copy_get_write_buf_done(BIO* bio, #define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ +/* Android compatibility section. + * + * A previous version of BoringSSL used in Android renamed ERR_print_errors_fp + * to BIO_print_errors_fp. It has subsequently been renamed back to + * ERR_print_errors_fp. */ +#define BIO_print_errors_fp ERR_print_errors_fp + + /* Private functions */ #define BIO_FLAGS_READ 0x01 @@ -779,17 +784,12 @@ struct bio_st { /* num is a BIO-specific value. For example, in fd BIOs it's used to store a * file descriptor. */ int num; - /* TODO(fork): reference counting is only used by the SSL BIO code. If we can - * dump that then we can remove this. We could also drop - * BIO_CTRL_PUSH/BIO_CTRL_POP. */ int references; void *ptr; /* next_bio points to the next |BIO| in a chain. This |BIO| owns a reference * to |next_bio|. */ struct bio_st *next_bio; /* used by filter BIOs */ size_t num_read, num_write; - - CRYPTO_EX_DATA ex_data; }; #define BIO_C_SET_CONNECT 100 @@ -854,43 +854,40 @@ struct bio_st { } /* extern C */ #endif -#define BIO_F_bio_make_pair 100 -#define BIO_F_bio_ctrl 101 -#define BIO_F_buffer_ctrl 102 +#define BIO_F_BIO_callback_ctrl 100 +#define BIO_F_BIO_ctrl 101 +#define BIO_F_BIO_new 102 #define BIO_F_BIO_new_file 103 -#define BIO_F_file_read 104 -#define BIO_F_BIO_new 105 -#define BIO_F_bio_io 106 -#define BIO_F_BIO_new_mem_buf 107 -#define BIO_F_mem_write 108 -#define BIO_F_conn_state 109 -#define BIO_F_conn_ctrl 110 -#define BIO_F_file_ctrl 111 -#define BIO_F_BIO_callback_ctrl 112 -#define BIO_F_bio_ip_and_port_to_socket_and_addr 113 -#define BIO_F_bio_write 114 -#define BIO_F_BIO_ctrl 115 -#define BIO_F_BIO_zero_copy_get_write_buf 116 -#define BIO_F_BIO_zero_copy_get_write_buf_done 117 -#define BIO_F_BIO_zero_copy_get_read_buf 118 -#define BIO_F_BIO_zero_copy_get_read_buf_done 119 -#define BIO_R_UNSUPPORTED_METHOD 100 -#define BIO_R_NO_PORT_SPECIFIED 101 -#define BIO_R_NO_HOSTNAME_SPECIFIED 102 -#define BIO_R_IN_USE 103 -#define BIO_R_UNINITIALIZED 104 -#define BIO_R_CONNECT_ERROR 105 +#define BIO_F_BIO_new_mem_buf 104 +#define BIO_F_BIO_zero_copy_get_read_buf 105 +#define BIO_F_BIO_zero_copy_get_read_buf_done 106 +#define BIO_F_BIO_zero_copy_get_write_buf 107 +#define BIO_F_BIO_zero_copy_get_write_buf_done 108 +#define BIO_F_bio_io 109 +#define BIO_F_bio_make_pair 110 +#define BIO_F_bio_write 111 +#define BIO_F_buffer_ctrl 112 +#define BIO_F_conn_ctrl 113 +#define BIO_F_conn_state 114 +#define BIO_F_file_ctrl 115 +#define BIO_F_file_read 116 +#define BIO_F_mem_write 117 +#define BIO_R_BAD_FOPEN_MODE 100 +#define BIO_R_BROKEN_PIPE 101 +#define BIO_R_CONNECT_ERROR 102 +#define BIO_R_ERROR_SETTING_NBIO 103 +#define BIO_R_INVALID_ARGUMENT 104 +#define BIO_R_IN_USE 105 #define BIO_R_KEEPALIVE 106 -#define BIO_R_BROKEN_PIPE 107 -#define BIO_R_NBIO_CONNECT_ERROR 108 -#define BIO_R_BAD_FOPEN_MODE 109 -#define BIO_R_ASN1_OBJECT_TOO_LONG 110 -#define BIO_R_INVALID_ARGUMENT 111 -#define BIO_R_WRITE_TO_READ_ONLY_BIO 112 -#define BIO_R_ERROR_SETTING_NBIO 113 -#define BIO_R_SYS_LIB 114 -#define BIO_R_NO_SUCH_FILE 115 -#define BIO_R_NULL_PARAMETER 116 -#define BIO_R_UNABLE_TO_CREATE_SOCKET 117 +#define BIO_R_NBIO_CONNECT_ERROR 107 +#define BIO_R_NO_HOSTNAME_SPECIFIED 108 +#define BIO_R_NO_PORT_SPECIFIED 109 +#define BIO_R_NO_SUCH_FILE 110 +#define BIO_R_NULL_PARAMETER 111 +#define BIO_R_SYS_LIB 112 +#define BIO_R_UNABLE_TO_CREATE_SOCKET 113 +#define BIO_R_UNINITIALIZED 114 +#define BIO_R_UNSUPPORTED_METHOD 115 +#define BIO_R_WRITE_TO_READ_ONLY_BIO 116 #endif /* OPENSSL_HEADER_BIO_H */ diff --git a/src/include/openssl/blowfish.h b/src/include/openssl/blowfish.h new file mode 100644 index 0000000..fa60d53 --- /dev/null +++ b/src/include/openssl/blowfish.h @@ -0,0 +1,93 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#ifndef OPENSSL_HEADER_BLOWFISH_H +#define OPENSSL_HEADER_BLOWFISH_H + +#include <openssl/base.h> + +#ifdef __cplusplus +extern "C" { +#endif + + +#define BF_ENCRYPT 1 +#define BF_DECRYPT 0 + +#define BF_ROUNDS 16 +#define BF_BLOCK 8 + +typedef struct bf_key_st { + uint32_t P[BF_ROUNDS + 2]; + uint32_t S[4 * 256]; +} BF_KEY; + +OPENSSL_EXPORT void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data); +OPENSSL_EXPORT void BF_encrypt(uint32_t *data, const BF_KEY *key); +OPENSSL_EXPORT void BF_decrypt(uint32_t *data, const BF_KEY *key); + +OPENSSL_EXPORT void BF_ecb_encrypt(const uint8_t *in, uint8_t *out, + const BF_KEY *key, int enc); +OPENSSL_EXPORT void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, long length, + const BF_KEY *schedule, uint8_t *ivec, + int enc); + + +#ifdef __cplusplus +} +#endif + +#endif /* OPENSSL_HEADER_BLOWFISH_H */ diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h index 0631b8c..2cd0224 100644 --- a/src/include/openssl/bn.h +++ b/src/include/openssl/bn.h @@ -124,7 +124,9 @@ #define OPENSSL_HEADER_BN_H #include <openssl/base.h> +#include <openssl/thread.h> +#include <inttypes.h> /* for PRIu64 and friends */ #include <stdio.h> /* for FILE* */ #if defined(__cplusplus) @@ -137,13 +139,24 @@ extern "C" { * will allow you to work with numbers until you run out of memory. */ -/* BN_ULONG is the native word size when working with big integers. */ +/* BN_ULONG is the native word size when working with big integers. + * + * Note: on some platforms, inttypes.h does not define print format macros in + * C++ unless |__STDC_FORMAT_MACROS| defined. As this is a public header, bn.h + * does not define |__STDC_FORMAT_MACROS| itself. C++ source files which use the + * FMT macros must define it externally. */ #if defined(OPENSSL_64_BIT) #define BN_ULONG uint64_t #define BN_BITS2 64 +#define BN_DEC_FMT1 "%" PRIu64 +#define BN_DEC_FMT2 "%019" PRIu64 +#define BN_HEX_FMT1 "%" PRIx64 #elif defined(OPENSSL_32_BIT) #define BN_ULONG uint32_t #define BN_BITS2 32 +#define BN_DEC_FMT1 "%" PRIu32 +#define BN_DEC_FMT2 "%09" PRIu32 +#define BN_HEX_FMT1 "%" PRIx32 #else #error "Must define either OPENSSL_32_BIT or OPENSSL_64_BIT" #endif @@ -473,7 +486,8 @@ OPENSSL_EXPORT BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); BN_div(NULL, (rem), (numerator), (divisor), (ctx)) /* BN_nnmod is a non-negative modulo function. It acts like |BN_mod|, but 0 <= - * |rem| < |divisor| is always true. */ + * |rem| < |divisor| is always true. It returns one on success and zero on + * error. */ OPENSSL_EXPORT int BN_nnmod(BIGNUM *rem, const BIGNUM *numerator, const BIGNUM *divisor, BN_CTX *ctx); @@ -710,15 +724,13 @@ OPENSSL_EXPORT BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, OPENSSL_EXPORT int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); -/* BN_MONT_CTX_set_locked takes the lock indicated by |lock| and checks whether - * |*pmont| is NULL. If so, it creates a new |BN_MONT_CTX| and sets the modulus - * for it to |mod|. It then stores it as |*pmont| and returns it, or NULL on - * error. +/* BN_MONT_CTX_set_locked takes |lock| and checks whether |*pmont| is NULL. If + * so, it creates a new |BN_MONT_CTX| and sets the modulus for it to |mod|. It + * then stores it as |*pmont| and returns it, or NULL on error. * * If |*pmont| is already non-NULL then the existing value is returned. */ -OPENSSL_EXPORT BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, - int lock, const BIGNUM *mod, - BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock, + const BIGNUM *mod, BN_CTX *bn_ctx); /* BN_to_montgomery sets |ret| equal to |a| in the Montgomery domain. It * returns one on success and zero on error. */ @@ -815,47 +827,47 @@ OPENSSL_EXPORT BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); } /* extern C */ #endif -#define BN_F_BN_bn2hex 100 -#define BN_F_BN_new 101 -#define BN_F_BN_exp 102 -#define BN_F_mod_exp_recp 103 -#define BN_F_BN_mod_sqrt 104 -#define BN_F_BN_rand 105 -#define BN_F_BN_rand_range 106 -#define BN_F_bn_wexpand 107 -#define BN_F_BN_mod_exp_mont 108 -#define BN_F_BN_mod_exp2_mont 109 -#define BN_F_BN_CTX_get 110 -#define BN_F_BN_mod_inverse 111 -#define BN_F_BN_bn2dec 112 -#define BN_F_BN_div 113 -#define BN_F_BN_div_recp 114 -#define BN_F_BN_mod_exp_mont_consttime 115 -#define BN_F_BN_mod_exp_mont_word 116 -#define BN_F_BN_CTX_start 117 -#define BN_F_BN_usub 118 -#define BN_F_BN_mod_lshift_quick 119 -#define BN_F_BN_CTX_new 120 -#define BN_F_BN_mod_inverse_no_branch 121 -#define BN_F_BN_generate_dsa_nonce 122 -#define BN_F_BN_generate_prime_ex 123 -#define BN_F_BN_sqrt 124 -#define BN_R_NOT_A_SQUARE 100 -#define BN_R_TOO_MANY_ITERATIONS 101 -#define BN_R_INPUT_NOT_REDUCED 102 -#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 103 -#define BN_R_NO_INVERSE 104 -#define BN_R_NOT_INITIALIZED 105 -#define BN_R_DIV_BY_ZERO 106 -#define BN_R_CALLED_WITH_EVEN_MODULUS 107 -#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 108 -#define BN_R_BAD_RECIPROCAL 109 -#define BN_R_P_IS_NOT_PRIME 110 -#define BN_R_INVALID_RANGE 111 -#define BN_R_ARG2_LT_ARG3 112 -#define BN_R_BIGNUM_TOO_LONG 113 -#define BN_R_PRIVATE_KEY_TOO_LARGE 114 -#define BN_R_BITS_TOO_SMALL 115 -#define BN_R_NEGATIVE_NUMBER 116 +#define BN_F_BN_CTX_get 100 +#define BN_F_BN_CTX_new 101 +#define BN_F_BN_CTX_start 102 +#define BN_F_BN_bn2dec 103 +#define BN_F_BN_bn2hex 104 +#define BN_F_BN_div 105 +#define BN_F_BN_div_recp 106 +#define BN_F_BN_exp 107 +#define BN_F_BN_generate_dsa_nonce 108 +#define BN_F_BN_generate_prime_ex 109 +#define BN_F_BN_mod_exp2_mont 110 +#define BN_F_BN_mod_exp_mont 111 +#define BN_F_BN_mod_exp_mont_consttime 112 +#define BN_F_BN_mod_exp_mont_word 113 +#define BN_F_BN_mod_inverse 114 +#define BN_F_BN_mod_inverse_no_branch 115 +#define BN_F_BN_mod_lshift_quick 116 +#define BN_F_BN_mod_sqrt 117 +#define BN_F_BN_new 118 +#define BN_F_BN_rand 119 +#define BN_F_BN_rand_range 120 +#define BN_F_BN_sqrt 121 +#define BN_F_BN_usub 122 +#define BN_F_bn_wexpand 123 +#define BN_F_mod_exp_recp 124 +#define BN_R_ARG2_LT_ARG3 100 +#define BN_R_BAD_RECIPROCAL 101 +#define BN_R_BIGNUM_TOO_LONG 102 +#define BN_R_BITS_TOO_SMALL 103 +#define BN_R_CALLED_WITH_EVEN_MODULUS 104 +#define BN_R_DIV_BY_ZERO 105 +#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 106 +#define BN_R_INPUT_NOT_REDUCED 107 +#define BN_R_INVALID_RANGE 108 +#define BN_R_NEGATIVE_NUMBER 109 +#define BN_R_NOT_A_SQUARE 110 +#define BN_R_NOT_INITIALIZED 111 +#define BN_R_NO_INVERSE 112 +#define BN_R_PRIVATE_KEY_TOO_LARGE 113 +#define BN_R_P_IS_NOT_PRIME 114 +#define BN_R_TOO_MANY_ITERATIONS 115 +#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 116 #endif /* OPENSSL_HEADER_BN_H */ diff --git a/src/include/openssl/buf.h b/src/include/openssl/buf.h index 0a0a9b8..2b36ce4 100644 --- a/src/include/openssl/buf.h +++ b/src/include/openssl/buf.h @@ -116,8 +116,8 @@ OPENSSL_EXPORT size_t BUF_strlcat(char *dst, const char *src, size_t size); #endif #define BUF_F_BUF_MEM_new 100 -#define BUF_F_buf_mem_grow 101 +#define BUF_F_BUF_memdup 101 #define BUF_F_BUF_strndup 102 -#define BUF_F_BUF_memdup 103 +#define BUF_F_buf_mem_grow 103 #endif /* OPENSSL_HEADER_BUFFER_H */ diff --git a/src/include/openssl/bytestring.h b/src/include/openssl/bytestring.h index 2bff3f5..e10621a 100644 --- a/src/include/openssl/bytestring.h +++ b/src/include/openssl/bytestring.h @@ -47,7 +47,7 @@ OPENSSL_EXPORT void CBS_init(CBS *cbs, const uint8_t *data, size_t len); * otherwise. */ OPENSSL_EXPORT int CBS_skip(CBS *cbs, size_t len); -/* CBS_data returns a pointer to the contains of |cbs|. */ +/* CBS_data returns a pointer to the contents of |cbs|. */ OPENSSL_EXPORT const uint8_t *CBS_data(const CBS *cbs); /* CBS_len returns the number of bytes remaining in |cbs|. */ @@ -134,7 +134,7 @@ OPENSSL_EXPORT int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out); * element must match |tag_value|. It returns one on success and zero * on error. * - * Tag numbers greater than 31 are not supported. */ + * Tag numbers greater than 30 are not supported (i.e. short form only). */ OPENSSL_EXPORT int CBS_get_asn1(CBS *cbs, CBS *out, unsigned tag_value); /* CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the @@ -155,7 +155,7 @@ OPENSSL_EXPORT int CBS_peek_asn1_tag(const CBS *cbs, unsigned tag_value); * header. Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore * the value. * - * Tag numbers greater than 31 are not supported. */ + * Tag numbers greater than 30 are not supported (i.e. short form only). */ OPENSSL_EXPORT int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, size_t *out_header_len); @@ -287,7 +287,9 @@ OPENSSL_EXPORT int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents); /* CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an * ASN.1 object can be written. The |tag| argument will be used as the tag for - * the object. It returns one on success or zero on error. */ + * the object. Passing in |tag| number 31 will return in an error since only + * single octet identifiers are supported. It returns one on success or zero + * on error. */ OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, uint8_t tag); /* CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on diff --git a/src/include/openssl/cast.h b/src/include/openssl/cast.h new file mode 100644 index 0000000..8021723 --- /dev/null +++ b/src/include/openssl/cast.h @@ -0,0 +1,96 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#ifndef OPENSSL_HEADER_CAST_H +#define OPENSSL_HEADER_CAST_H + +#include <openssl/base.h> + +#ifdef __cplusplus +extern "C" { +#endif + + +#define CAST_ENCRYPT 1 +#define CAST_DECRYPT 0 + +#define CAST_BLOCK 8 +#define CAST_KEY_LENGTH 16 + +typedef struct cast_key_st { + uint32_t data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +OPENSSL_EXPORT void CAST_set_key(CAST_KEY *key, size_t len, + const uint8_t *data); +OPENSSL_EXPORT void CAST_ecb_encrypt(const uint8_t *in, uint8_t *out, + const CAST_KEY *key, int enc); +OPENSSL_EXPORT void CAST_encrypt(uint32_t *data, const CAST_KEY *key); +OPENSSL_EXPORT void CAST_decrypt(uint32_t *data, const CAST_KEY *key); +OPENSSL_EXPORT void CAST_cbc_encrypt(const uint8_t *in, uint8_t *out, + long length, const CAST_KEY *ks, + uint8_t *iv, int enc); + +OPENSSL_EXPORT void CAST_cfb64_encrypt(const uint8_t *in, uint8_t *out, + long length, const CAST_KEY *schedule, + uint8_t *ivec, int *num, int enc); + +#ifdef __cplusplus +} +#endif + +#endif /* OPENSSL_HEADER_CAST_H */ diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h index adca5a9..f1469a0 100644 --- a/src/include/openssl/cipher.h +++ b/src/include/openssl/cipher.h @@ -80,10 +80,12 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_cbc(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ecb(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cbc(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ctr(void); +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ofb(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ecb(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cbc(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ctr(void); +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ofb(void); /* Deprecated AES-GCM implementations that set |EVP_CIPH_FLAG_CUSTOM_CIPHER|. * Use |EVP_aead_aes_128_gcm| and |EVP_aead_aes_256_gcm| instead. */ @@ -91,9 +93,9 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_gcm(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_gcm(void); /* Deprecated 192-bit version of AES. */ +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ctr(void); -OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_gcm(void); /* EVP_enc_null returns a 'cipher' that passes plaintext through as @@ -123,8 +125,8 @@ OPENSSL_EXPORT void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx); * |EVP_CIPHER_CTX_init| and returns it, or NULL on allocation failure. */ OPENSSL_EXPORT EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); -/* EVP_CIPHER_CTX_cleanup frees any memory referenced by |ctx|. It returns one - * on success and zero otherwise. */ +/* EVP_CIPHER_CTX_cleanup frees any memory referenced by |ctx|. It returns + * one. */ OPENSSL_EXPORT int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx); /* EVP_CIPHER_CTX_free calls |EVP_CIPHER_CTX_cleanup| on |ctx| and then frees @@ -236,7 +238,8 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_CIPHER_CTX_cipher( const EVP_CIPHER_CTX *ctx); /* EVP_CIPHER_CTX_nid returns a NID identifying the |EVP_CIPHER| underlying - * |ctx| (e.g. |NID_rc4|). It will crash if no cipher has been configured. */ + * |ctx| (e.g. |NID_aes_128_gcm|). It will crash if no cipher has been + * configured. */ OPENSSL_EXPORT int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); /* EVP_CIPHER_CTX_block_size returns the block size, in bytes, of the cipher @@ -289,13 +292,9 @@ OPENSSL_EXPORT int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *ctx, unsigned k /* Cipher accessors. */ /* EVP_CIPHER_nid returns a NID identifing |cipher|. (For example, - * |NID_rc4|.) */ + * |NID_aes_128_gcm|.) */ OPENSSL_EXPORT int EVP_CIPHER_nid(const EVP_CIPHER *cipher); -/* EVP_CIPHER_name returns the short name for |cipher| or NULL if no name is - * known. */ -OPENSSL_EXPORT const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); - /* EVP_CIPHER_block_size returns the block size, in bytes, for |cipher|, or one * if |cipher| is a stream cipher. */ OPENSSL_EXPORT unsigned EVP_CIPHER_block_size(const EVP_CIPHER *cipher); @@ -491,7 +490,7 @@ typedef struct evp_cipher_info_st { } EVP_CIPHER_INFO; struct evp_cipher_st { - /* type contains a NID identifing the cipher. (For example, NID_rc4.) */ + /* type contains a NID identifing the cipher. (e.g. NID_aes_128_gcm.) */ int nid; /* block_size contains the block size, in bytes, of the cipher, or 1 for a @@ -521,7 +520,7 @@ struct evp_cipher_st { int (*cipher)(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t inl); - int (*cleanup)(EVP_CIPHER_CTX *); + void (*cleanup)(EVP_CIPHER_CTX *); int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); }; @@ -531,62 +530,65 @@ struct evp_cipher_st { } /* extern C */ #endif -#define CIPHER_F_EVP_CipherInit_ex 100 -#define CIPHER_F_EVP_EncryptFinal_ex 101 -#define CIPHER_F_EVP_DecryptFinal_ex 102 -#define CIPHER_F_EVP_CIPHER_CTX_ctrl 103 -#define CIPHER_F_aes_init_key 104 -#define CIPHER_F_aesni_init_key 105 -#define CIPHER_F_EVP_CIPHER_CTX_copy 106 -#define CIPHER_F_EVP_AEAD_CTX_open 107 -#define CIPHER_F_EVP_AEAD_CTX_init 108 -#define CIPHER_F_EVP_AEAD_CTX_seal 109 -#define CIPHER_F_aead_aes_gcm_seal 110 -#define CIPHER_F_aead_aes_gcm_open 111 -#define CIPHER_F_aead_aes_gcm_init 112 -#define CIPHER_F_aead_chacha20_poly1305_init 113 -#define CIPHER_F_aead_chacha20_poly1305_open 114 -#define CIPHER_F_aead_chacha20_poly1305_seal 115 -#define CIPHER_F_aead_rc4_md5_tls_init 116 -#define CIPHER_F_aead_rc4_md5_tls_seal 117 -#define CIPHER_F_aead_rc4_md5_tls_open 118 -#define CIPHER_F_aead_aes_key_wrap_seal 119 -#define CIPHER_F_aead_aes_key_wrap_init 120 -#define CIPHER_F_aead_aes_key_wrap_open 121 -#define CIPHER_F_EVP_CIPHER_CTX_set_key_length 122 -#define CIPHER_F_aead_tls_init 123 -#define CIPHER_F_aead_tls_open 124 -#define CIPHER_F_aead_tls_seal 125 -#define CIPHER_F_aead_tls_ensure_cipher_init 126 -#define CIPHER_F_aead_ssl3_open 127 -#define CIPHER_F_aead_ssl3_seal 128 -#define CIPHER_F_aead_ssl3_init 129 -#define CIPHER_F_aead_ssl3_ensure_cipher_init 130 -#define CIPHER_R_WRAP_MODE_NOT_ALLOWED 100 -#define CIPHER_R_AES_KEY_SETUP_FAILED 101 -#define CIPHER_R_INPUT_NOT_INITIALIZED 102 -#define CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 103 -#define CIPHER_R_INITIALIZATION_ERROR 104 -#define CIPHER_R_CTRL_NOT_IMPLEMENTED 105 -#define CIPHER_R_NO_CIPHER_SET 106 -#define CIPHER_R_BAD_DECRYPT 107 -#define CIPHER_R_WRONG_FINAL_BLOCK_LENGTH 108 -#define CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED 109 -#define CIPHER_R_TAG_TOO_LARGE 110 -#define CIPHER_R_BAD_KEY_LENGTH 111 -#define CIPHER_R_BUFFER_TOO_SMALL 112 -#define CIPHER_R_OUTPUT_ALIASES_INPUT 113 -#define CIPHER_R_UNSUPPORTED_KEY_SIZE 114 -#define CIPHER_R_TOO_LARGE 115 -#define CIPHER_R_IV_TOO_LARGE 116 -#define CIPHER_R_INVALID_AD_SIZE 117 -#define CIPHER_R_INVALID_AD 118 -#define CIPHER_R_UNSUPPORTED_TAG_SIZE 119 -#define CIPHER_R_UNSUPPORTED_INPUT_SIZE 120 -#define CIPHER_R_UNSUPPORTED_AD_SIZE 121 -#define CIPHER_R_UNSUPPORTED_NONCE_SIZE 122 -#define CIPHER_R_INVALID_KEY_LENGTH 123 -#define CIPHER_R_INVALID_OPERATION 124 -#define CIPHER_R_INVALID_NONCE_SIZE 125 +#define CIPHER_F_EVP_AEAD_CTX_init 100 +#define CIPHER_F_EVP_AEAD_CTX_open 101 +#define CIPHER_F_EVP_AEAD_CTX_seal 102 +#define CIPHER_F_EVP_CIPHER_CTX_copy 103 +#define CIPHER_F_EVP_CIPHER_CTX_ctrl 104 +#define CIPHER_F_EVP_CIPHER_CTX_set_key_length 105 +#define CIPHER_F_EVP_CipherInit_ex 106 +#define CIPHER_F_EVP_DecryptFinal_ex 107 +#define CIPHER_F_EVP_EncryptFinal_ex 108 +#define CIPHER_F_aead_aes_gcm_init 109 +#define CIPHER_F_aead_aes_gcm_open 110 +#define CIPHER_F_aead_aes_gcm_seal 111 +#define CIPHER_F_aead_aes_key_wrap_init 112 +#define CIPHER_F_aead_aes_key_wrap_open 113 +#define CIPHER_F_aead_aes_key_wrap_seal 114 +#define CIPHER_F_aead_chacha20_poly1305_init 115 +#define CIPHER_F_aead_chacha20_poly1305_open 116 +#define CIPHER_F_aead_chacha20_poly1305_seal 117 +#define CIPHER_F_aead_rc4_md5_tls_init 118 +#define CIPHER_F_aead_rc4_md5_tls_open 119 +#define CIPHER_F_aead_rc4_md5_tls_seal 120 +#define CIPHER_F_aead_ssl3_ensure_cipher_init 121 +#define CIPHER_F_aead_ssl3_init 122 +#define CIPHER_F_aead_ssl3_open 123 +#define CIPHER_F_aead_ssl3_seal 124 +#define CIPHER_F_aead_tls_ensure_cipher_init 125 +#define CIPHER_F_aead_tls_init 126 +#define CIPHER_F_aead_tls_open 127 +#define CIPHER_F_aead_tls_seal 128 +#define CIPHER_F_aes_init_key 129 +#define CIPHER_F_aesni_init_key 130 +#define CIPHER_F_EVP_AEAD_CTX_init_with_direction 131 +#define CIPHER_F_aead_aes_ctr_hmac_sha256_init 132 +#define CIPHER_F_aead_aes_ctr_hmac_sha256_open 133 +#define CIPHER_F_aead_aes_ctr_hmac_sha256_seal 134 +#define CIPHER_R_AES_KEY_SETUP_FAILED 100 +#define CIPHER_R_BAD_DECRYPT 101 +#define CIPHER_R_BAD_KEY_LENGTH 102 +#define CIPHER_R_BUFFER_TOO_SMALL 103 +#define CIPHER_R_CTRL_NOT_IMPLEMENTED 104 +#define CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED 105 +#define CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 106 +#define CIPHER_R_INITIALIZATION_ERROR 107 +#define CIPHER_R_INPUT_NOT_INITIALIZED 108 +#define CIPHER_R_INVALID_AD_SIZE 109 +#define CIPHER_R_INVALID_KEY_LENGTH 110 +#define CIPHER_R_INVALID_NONCE_SIZE 111 +#define CIPHER_R_INVALID_OPERATION 112 +#define CIPHER_R_IV_TOO_LARGE 113 +#define CIPHER_R_NO_CIPHER_SET 114 +#define CIPHER_R_OUTPUT_ALIASES_INPUT 115 +#define CIPHER_R_TAG_TOO_LARGE 116 +#define CIPHER_R_TOO_LARGE 117 +#define CIPHER_R_UNSUPPORTED_AD_SIZE 118 +#define CIPHER_R_UNSUPPORTED_INPUT_SIZE 119 +#define CIPHER_R_UNSUPPORTED_KEY_SIZE 120 +#define CIPHER_R_UNSUPPORTED_NONCE_SIZE 121 +#define CIPHER_R_UNSUPPORTED_TAG_SIZE 122 +#define CIPHER_R_WRONG_FINAL_BLOCK_LENGTH 123 +#define CIPHER_R_NO_DIRECTION_SET 124 #endif /* OPENSSL_HEADER_CIPHER_H */ diff --git a/src/include/openssl/cmac.h b/src/include/openssl/cmac.h new file mode 100644 index 0000000..183f41b --- /dev/null +++ b/src/include/openssl/cmac.h @@ -0,0 +1,76 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CMAC_H +#define OPENSSL_HEADER_CMAC_H + +#include <openssl/base.h> + +#if defined(__cplusplus) +extern "C" { +#endif + + +/* CMAC. + * + * CMAC is a MAC based on AES-CBC and defined in + * https://tools.ietf.org/html/rfc4493#section-2.3. */ + + +/* One-shot functions. */ + +/* AES_CMAC calculates the 16-byte, CMAC authenticator of |in_len| bytes of + * |in| and writes it to |out|. The |key_len| may be 16 or 32 bytes to select + * between AES-128 and AES-256. It returns one on success or zero on error. */ +OPENSSL_EXPORT int AES_CMAC(uint8_t out[16], const uint8_t *key, size_t key_len, + const uint8_t *in, size_t in_len); + + +/* Incremental interface. */ + +/* CMAC_CTX_new allocates a fresh |CMAC_CTX| and returns it, or NULL on + * error. */ +OPENSSL_EXPORT CMAC_CTX *CMAC_CTX_new(void); + +/* CMAC_CTX_free frees a |CMAC_CTX|. */ +OPENSSL_EXPORT void CMAC_CTX_free(CMAC_CTX *ctx); + +/* CMAC_Init configures |ctx| to use the given |key| and |cipher|. The CMAC RFC + * only specifies the use of AES-128 thus |key_len| should be 16 and |cipher| + * should be |EVP_aes_128_cbc()|. However, this implementation also supports + * AES-256 by setting |key_len| to 32 and |cipher| to |EVP_aes_256_cbc()|. The + * |engine| argument is ignored. + * + * It returns one on success or zero on error. */ +OPENSSL_EXPORT int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t key_len, + const EVP_CIPHER *cipher, ENGINE *engine); + + +/* CMAC_Reset resets |ctx| so that a fresh message can be authenticated. */ +OPENSSL_EXPORT int CMAC_Reset(CMAC_CTX *ctx); + +/* CMAC_Update processes |in_len| bytes of message from |in|. It returns one on + * success or zero on error. */ +OPENSSL_EXPORT int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len); + +/* CMAC_Final sets |*out_len| to 16 and, if |out| is not NULL, writes 16 bytes + * of authenticator to it. It returns one on success or zero on error. */ +OPENSSL_EXPORT int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len); + + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* OPENSSL_HEADER_CBC_H */ diff --git a/src/include/openssl/conf.h b/src/include/openssl/conf.h index 0918c0c..84fc94f 100644 --- a/src/include/openssl/conf.h +++ b/src/include/openssl/conf.h @@ -79,19 +79,20 @@ extern "C" { * * Config files are representated by a |CONF|. */ -typedef struct { +struct conf_value_st { char *section; char *name; char *value; -} CONF_VALUE; +}; struct conf_st { LHASH_OF(CONF_VALUE) *data; }; -/* NCONF_new returns a fresh, empty |CONF|, or NULL on error. */ -CONF *NCONF_new(void); +/* NCONF_new returns a fresh, empty |CONF|, or NULL on error. The |method| + * argument must be NULL. */ +CONF *NCONF_new(void *method); /* NCONF_free frees all the data owned by |conf| and then |conf| itself. */ void NCONF_free(CONF *conf); @@ -102,6 +103,10 @@ void NCONF_free(CONF *conf); * number of the line that contained the error. */ int NCONF_load(CONF *conf, const char *filename, long *out_error_line); +/* NCONF_load_bio acts like |NCONF_load| but reads from |bio| rather than from + * a named file. */ +int NCONF_load_bio(CONF *conf, BIO *bio, long *out_error_line); + /* NCONF_get_section returns a stack of values for a given section in |conf|. * If |section| is NULL, the default section is returned. It returns NULL on * error. */ @@ -131,14 +136,14 @@ int CONF_parse_list(const char *list, char sep, int remove_whitespace, #endif #define CONF_F_CONF_parse_list 100 -#define CONF_F_str_copy 101 +#define CONF_F_NCONF_load 101 #define CONF_F_def_load_bio 102 -#define CONF_F_NCONF_load 103 -#define CONF_R_MISSING_EQUAL_SIGN 100 -#define CONF_R_LIST_CANNOT_BE_NULL 101 -#define CONF_R_NO_CLOSE_BRACE 102 -#define CONF_R_VARIABLE_HAS_NO_VALUE 103 +#define CONF_F_str_copy 103 +#define CONF_R_LIST_CANNOT_BE_NULL 100 +#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 101 +#define CONF_R_MISSING_EQUAL_SIGN 102 +#define CONF_R_NO_CLOSE_BRACE 103 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 104 -#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 105 +#define CONF_R_VARIABLE_HAS_NO_VALUE 105 #endif /* OPENSSL_HEADER_THREAD_H */ diff --git a/src/include/openssl/cpu.h b/src/include/openssl/cpu.h index 79441ae..83ec473 100644 --- a/src/include/openssl/cpu.h +++ b/src/include/openssl/cpu.h @@ -78,7 +78,6 @@ extern "C" { * Index 0: * EDX for CPUID where EAX = 1 * Bit 30 is used to indicate an Intel CPU - * Bit 20 is used to indicate RC4_CHAR * Index 1: * ECX for CPUID where EAX = 1 * Index 2: diff --git a/src/include/openssl/crypto.h b/src/include/openssl/crypto.h index e58d5f0..5c974f8 100644 --- a/src/include/openssl/crypto.h +++ b/src/include/openssl/crypto.h @@ -17,8 +17,11 @@ #include <openssl/base.h> +/* Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than + * mem.h. */ #include <openssl/mem.h> + #if defined(__cplusplus) extern "C" { #endif @@ -32,6 +35,9 @@ extern "C" { * nothing and a static initializer is used instead. */ OPENSSL_EXPORT void CRYPTO_library_init(void); + +/* Deprecated functions. */ + #define OPENSSL_VERSION_TEXT "BoringSSL" #define SSLEAY_VERSION 0 @@ -48,9 +54,9 @@ OPENSSL_EXPORT const char *SSLeay(void); } /* extern C */ #endif -#define CRYPTO_F_CRYPTO_set_ex_data 100 -#define CRYPTO_F_get_class 101 -#define CRYPTO_F_get_new_index 102 +#define CRYPTO_F_CRYPTO_get_ex_new_index 100 +#define CRYPTO_F_CRYPTO_set_ex_data 101 +#define CRYPTO_F_get_class 102 #define CRYPTO_F_get_func_pointers 103 #endif /* OPENSSL_HEADER_CRYPTO_H */ diff --git a/src/include/openssl/des.h b/src/include/openssl/des.h index 1f0dbad..f3804c3 100644 --- a/src/include/openssl/des.h +++ b/src/include/openssl/des.h @@ -94,6 +94,10 @@ typedef struct DES_ks { OPENSSL_EXPORT void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule); +/* DES_set_odd_parity sets the parity bits (the least-significant bits in each + * byte) of |key| given the other bits in each byte. */ +OPENSSL_EXPORT void DES_set_odd_parity(DES_cblock *key); + /* DES_ecb_encrypt encrypts (or decrypts, if |is_encrypt| is |DES_DECRYPT|) a * single DES block (8 bytes) from in to out, using the key configured in * |schedule|. */ @@ -108,6 +112,15 @@ OPENSSL_EXPORT void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, const DES_key_schedule *schedule, DES_cblock *ivec, int enc); +/* DES_ecb3_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) a single + * block (8 bytes) of data from |input| to |output| using 3DES. */ +OPENSSL_EXPORT void DES_ecb3_encrypt(const DES_cblock *input, + DES_cblock *output, + const DES_key_schedule *ks1, + const DES_key_schedule *ks2, + const DES_key_schedule *ks3, + int enc); + /* DES_ede3_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len| * bytes from |in| to |out| with 3DES in CBC mode. 3DES uses three keys, thus * the function takes three different |DES_key_schedule|s. */ diff --git a/src/include/openssl/dh.h b/src/include/openssl/dh.h index 9d8bda2..60a030d 100644 --- a/src/include/openssl/dh.h +++ b/src/include/openssl/dh.h @@ -61,6 +61,7 @@ #include <openssl/engine.h> #include <openssl/ex_data.h> +#include <openssl/thread.h> #if defined(__cplusplus) extern "C" { @@ -144,6 +145,10 @@ OPENSSL_EXPORT int DH_size(const DH *dh); #define DH_CHECK_INVALID_Q_VALUE 0x20 #define DH_CHECK_INVALID_J_VALUE 0x40 +/* These are compatibility defines. */ +#define DH_NOT_SUITABLE_GENERATOR DH_CHECK_NOT_SUITABLE_GENERATOR +#define DH_UNABLE_TO_CHECK_GENERATOR DH_CHECK_UNABLE_TO_CHECK_GENERATOR + /* DH_check checks the suitability of |dh| as a Diffie-Hellman group. and sets * |DH_CHECK_*| flags in |*out_flags| if it finds any errors. It returns one if * |*out_flags| was successfully set and zero on error. @@ -185,7 +190,7 @@ OPENSSL_EXPORT int i2d_DHparams(const DH *in, unsigned char **outp); /* ex_data functions. * - * These functions are wrappers. See |ex_data.h| for details. */ + * See |ex_data.h| for details. */ OPENSSL_EXPORT int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, @@ -232,6 +237,8 @@ struct dh_st { /* priv_length contains the length, in bits, of the private value. If zero, * the private value will be the same length as |p|. */ unsigned priv_length; + + CRYPTO_MUTEX method_mont_p_lock; BN_MONT_CTX *method_mont_p; /* Place holders if we want to do X9.42 DH */ @@ -251,12 +258,12 @@ struct dh_st { } /* extern C */ #endif -#define DH_F_generate_parameters 100 -#define DH_F_generate_key 101 -#define DH_F_compute_key 102 -#define DH_F_DH_new_method 103 -#define DH_R_INVALID_PUBKEY 100 -#define DH_R_BAD_GENERATOR 101 +#define DH_F_DH_new_method 100 +#define DH_F_compute_key 101 +#define DH_F_generate_key 102 +#define DH_F_generate_parameters 103 +#define DH_R_BAD_GENERATOR 100 +#define DH_R_INVALID_PUBKEY 101 #define DH_R_MODULUS_TOO_LARGE 102 #define DH_R_NO_PRIVATE_VALUE 103 diff --git a/src/include/openssl/digest.h b/src/include/openssl/digest.h index 95a35e7..8285dce 100644 --- a/src/include/openssl/digest.h +++ b/src/include/openssl/digest.h @@ -171,12 +171,9 @@ OPENSSL_EXPORT int EVP_Digest(const void *data, size_t len, uint8_t *md_out, * These functions allow code to learn details about an abstract hash * function. */ -/* EVP_MD_type returns a NID identifing |md|. (For example, |NID_md5|.) */ +/* EVP_MD_type returns a NID identifing |md|. (For example, |NID_sha256|.) */ OPENSSL_EXPORT int EVP_MD_type(const EVP_MD *md); -/* EVP_MD_name returns the short name for |md| or NULL if no name is known. */ -OPENSSL_EXPORT const char *EVP_MD_name(const EVP_MD *md); - /* EVP_MD_flags returns the flags for |md|, which is a set of |EVP_MD_FLAG_*| * values, ORed together. */ OPENSSL_EXPORT uint32_t EVP_MD_flags(const EVP_MD *md); @@ -224,7 +221,7 @@ OPENSSL_EXPORT unsigned EVP_MD_CTX_size(const EVP_MD_CTX *ctx); OPENSSL_EXPORT unsigned EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); /* EVP_MD_CTX_type returns a NID describing the digest function used by |ctx|. - * (For example, |NID_md5|.) It will crash if a digest hasn't been set on + * (For example, |NID_sha256|.) It will crash if a digest hasn't been set on * |ctx|. */ OPENSSL_EXPORT int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); diff --git a/src/include/openssl/dsa.h b/src/include/openssl/dsa.h index 8a182c2..2271915 100644 --- a/src/include/openssl/dsa.h +++ b/src/include/openssl/dsa.h @@ -64,6 +64,7 @@ #include <openssl/engine.h> #include <openssl/ex_data.h> +#include <openssl/thread.h> #if defined(__cplusplus) extern "C" { @@ -301,7 +302,7 @@ OPENSSL_EXPORT DH *DSA_dup_DH(const DSA *dsa); /* ex_data functions. * - * These functions are wrappers. See |ex_data.h| for details. */ + * See |ex_data.h| for details. */ OPENSSL_EXPORT int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, @@ -351,6 +352,7 @@ struct dsa_st { int flags; /* Normally used to cache montgomery values */ + CRYPTO_MUTEX method_mont_p_lock; BN_MONT_CTX *method_mont_p; int references; CRYPTO_EX_DATA ex_data; @@ -364,14 +366,14 @@ struct dsa_st { } /* extern C */ #endif -#define DSA_F_sign 100 -#define DSA_F_verify 101 -#define DSA_F_dsa_sig_cb 102 -#define DSA_F_DSA_new_method 103 -#define DSA_F_sign_setup 104 -#define DSA_R_NEED_NEW_SETUP_VALUES 100 -#define DSA_R_BAD_Q_VALUE 101 +#define DSA_F_DSA_new_method 100 +#define DSA_F_dsa_sig_cb 101 +#define DSA_F_sign 102 +#define DSA_F_sign_setup 103 +#define DSA_F_verify 104 +#define DSA_R_BAD_Q_VALUE 100 +#define DSA_R_MISSING_PARAMETERS 101 #define DSA_R_MODULUS_TOO_LARGE 102 -#define DSA_R_MISSING_PARAMETERS 103 +#define DSA_R_NEED_NEW_SETUP_VALUES 103 #endif /* OPENSSL_HEADER_DSA_H */ diff --git a/src/include/openssl/dtls1.h b/src/include/openssl/dtls1.h index 0fc3ae6..38ca801 100644 --- a/src/include/openssl/dtls1.h +++ b/src/include/openssl/dtls1.h @@ -1,255 +1,16 @@ -/* ssl/dtls1.h */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - -#ifndef HEADER_DTLS1_H -#define HEADER_DTLS1_H - -#include <openssl/base.h> -#include <openssl/buf.h> -#include <openssl/pqueue.h> - -#ifdef __cplusplus -extern "C" { -#endif - - -#define DTLS1_VERSION 0xFEFF -#define DTLS1_2_VERSION 0xFEFD - -/* lengths of messages */ -#define DTLS1_COOKIE_LENGTH 256 - -#define DTLS1_RT_HEADER_LENGTH 13 - -#define DTLS1_HM_HEADER_LENGTH 12 - -#define DTLS1_HM_BAD_FRAGMENT -2 -#define DTLS1_HM_FRAGMENT_RETRY -3 - -#define DTLS1_CCS_HEADER_LENGTH 1 - -#define DTLS1_AL_HEADER_LENGTH 2 - -#ifndef OPENSSL_NO_SSL_INTERN - - -#if defined(OPENSSL_WINDOWS) -/* Because of Windows header issues, we can't get the normal declaration of - * timeval. */ -typedef struct OPENSSL_timeval_st { - long tv_sec; - long tv_usec; -} OPENSSL_timeval; -#else -#include <sys/time.h> -typedef struct timeval OPENSSL_timeval; -#endif - -typedef struct dtls1_bitmap_st - { - /* map is a bit mask of the last 64 sequence numbers. Bit - * |1<<i| corresponds to |max_seq_num - i|. */ - uint64_t map; - /* max_seq_num is the largest sequence number seen so far. It - * is a 64-bit value in big-endian encoding. */ - uint8_t max_seq_num[8]; - } DTLS1_BITMAP; - -struct dtls1_retransmit_state - { - SSL_AEAD_CTX *aead_write_ctx; - SSL_SESSION *session; - unsigned short epoch; - }; - -struct hm_header_st - { - unsigned char type; - unsigned long msg_len; - unsigned short seq; - unsigned long frag_off; - unsigned long frag_len; - unsigned int is_ccs; - struct dtls1_retransmit_state saved_retransmit_state; - }; - -struct ccs_header_st - { - unsigned char type; - unsigned short seq; - }; - -struct dtls1_timeout_st - { - /* Number of read timeouts so far */ - unsigned int read_timeouts; - - /* Number of write timeouts so far */ - unsigned int write_timeouts; - - /* Number of alerts received so far */ - unsigned int num_alerts; - }; - -typedef struct record_pqueue_st - { - unsigned short epoch; - pqueue q; - } record_pqueue; - -typedef struct hm_fragment_st - { - struct hm_header_st msg_header; - unsigned char *fragment; - unsigned char *reassembly; - } hm_fragment; - -typedef struct dtls1_state_st - { - /* send_cookie is true if we are resending the ClientHello - * with a cookie from a HelloVerifyRequest. */ - unsigned int send_cookie; - - uint8_t cookie[DTLS1_COOKIE_LENGTH]; - size_t cookie_len; - - /* - * The current data and handshake epoch. This is initially - * undefined, and starts at zero once the initial handshake is - * completed - */ - unsigned short r_epoch; - unsigned short w_epoch; - - /* records being received in the current epoch */ - DTLS1_BITMAP bitmap; - - /* renegotiation starts a new set of sequence numbers */ - DTLS1_BITMAP next_bitmap; - - /* handshake message numbers */ - unsigned short handshake_write_seq; - unsigned short next_handshake_write_seq; - - unsigned short handshake_read_seq; - - /* save last sequence number for retransmissions */ - unsigned char last_write_sequence[8]; - - /* Received handshake records (processed and unprocessed) */ - record_pqueue unprocessed_rcds; - record_pqueue processed_rcds; - - /* Buffered handshake messages */ - pqueue buffered_messages; - - /* Buffered (sent) handshake records */ - pqueue sent_messages; - - /* Buffered application records. - * Only for records between CCS and Finished - * to prevent either protocol violation or - * unnecessary message loss. - */ - record_pqueue buffered_app_data; - - unsigned int mtu; /* max DTLS packet size */ - - struct hm_header_st w_msg_hdr; - struct hm_header_st r_msg_hdr; - - struct dtls1_timeout_st timeout; - - /* Indicates when the last handshake msg or heartbeat sent will - * timeout. Because of header issues on Windows, this cannot actually - * be a struct timeval. */ - OPENSSL_timeval next_timeout; - - /* Timeout duration */ - unsigned short timeout_duration; - - /* storage for Alert/Handshake protocol data received but not - * yet processed by ssl3_read_bytes: */ - unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; - unsigned int alert_fragment_len; - unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; - unsigned int handshake_fragment_len; - - unsigned int change_cipher_spec_ok; - } DTLS1_STATE; - -typedef struct dtls1_record_data_st - { - unsigned char *packet; - unsigned int packet_length; - SSL3_BUFFER rbuf; - SSL3_RECORD rrec; - } DTLS1_RECORD_DATA; - -#endif - -/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ -#define DTLS1_TMO_READ_COUNT 2 -#define DTLS1_TMO_WRITE_COUNT 2 - -#define DTLS1_TMO_ALERT_COUNT 12 - -#ifdef __cplusplus -} -#endif -#endif - +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +/* This header is provided in order to make compiling against code that expects + OpenSSL easier. */ diff --git a/src/include/openssl/ec.h b/src/include/openssl/ec.h index 2662c01..633b11b 100644 --- a/src/include/openssl/ec.h +++ b/src/include/openssl/ec.h @@ -107,10 +107,6 @@ OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_by_curve_name(int nid); /* EC_GROUP_free frees |group| and the data that it points to. */ OPENSSL_EXPORT void EC_GROUP_free(EC_GROUP *group); -/* EC_GROUP_copy sets |*dest| equal to |*src|. It returns one on success and - * zero otherwise. */ -OPENSSL_EXPORT int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src); - /* EC_GROUP_dup returns a fresh |EC_GROUP| which is equal to |a| or NULL on * error. */ OPENSSL_EXPORT EC_GROUP *EC_GROUP_dup(const EC_GROUP *a); @@ -319,91 +315,99 @@ OPENSSL_EXPORT void EC_GROUP_set_point_conversion_form( } /* extern C */ #endif -#define EC_F_ec_pre_comp_new 100 -#define EC_F_ec_GFp_mont_field_decode 101 -#define EC_F_ec_group_new_from_data 102 -#define EC_F_ec_GFp_simple_point_get_affine_coordinates 103 -#define EC_F_ec_GFp_simple_make_affine 104 -#define EC_F_EC_KEY_new_method 105 -#define EC_F_ec_GFp_mont_field_encode 106 -#define EC_F_EC_GROUP_new_by_curve_name 107 -#define EC_F_ec_group_new 108 -#define EC_F_ec_asn1_group2pkparameters 109 -#define EC_F_EC_POINT_set_compressed_coordinates_GFp 110 -#define EC_F_ec_GFp_mont_field_sqr 111 -#define EC_F_EC_POINT_make_affine 112 -#define EC_F_i2d_ECParameters 113 -#define EC_F_ec_wNAF_mul 114 -#define EC_F_EC_GROUP_copy 115 -#define EC_F_EC_POINT_cmp 116 -#define EC_F_ec_GFp_mont_field_mul 117 -#define EC_F_EC_POINT_dup 118 -#define EC_F_EC_POINT_invert 119 -#define EC_F_ec_GFp_simple_point_set_affine_coordinates 120 -#define EC_F_ec_GFp_simple_points_make_affine 121 -#define EC_F_i2o_ECPublicKey 122 -#define EC_F_EC_KEY_check_key 123 -#define EC_F_ec_wNAF_precompute_mult 124 -#define EC_F_EC_POINT_oct2point 125 -#define EC_F_EC_POINT_is_at_infinity 126 -#define EC_F_EC_POINT_get_affine_coordinates_GFp 127 -#define EC_F_ec_point_set_Jprojective_coordinates_GFp 128 -#define EC_F_o2i_ECPublicKey 129 -#define EC_F_ec_GFp_mont_field_set_to_one 130 -#define EC_F_ec_group_new_curve_GFp 131 -#define EC_F_EC_POINT_dbl 132 -#define EC_F_ec_asn1_pkparameters2group 133 -#define EC_F_i2d_ECPKParameters 134 -#define EC_F_EC_KEY_copy 135 -#define EC_F_EC_POINT_new 136 -#define EC_F_EC_POINT_point2oct 137 -#define EC_F_EC_POINT_copy 138 -#define EC_F_EC_POINT_is_on_curve 139 -#define EC_F_ec_GFp_simple_group_set_curve 140 -#define EC_F_i2d_ECPrivateKey 141 -#define EC_F_d2i_ECParameters 142 -#define EC_F_ec_GFp_mont_group_set_curve 143 -#define EC_F_EC_POINT_set_to_infinity 144 -#define EC_F_EC_POINTs_make_affine 145 -#define EC_F_compute_wNAF 146 -#define EC_F_ec_GFp_simple_point2oct 147 -#define EC_F_EC_GROUP_get_degree 148 -#define EC_F_ec_GFp_simple_group_check_discriminant 149 -#define EC_F_d2i_ECPKParameters 150 -#define EC_F_d2i_ECPrivateKey 151 -#define EC_F_ec_GFp_simple_oct2point 152 -#define EC_F_EC_POINT_set_affine_coordinates_GFp 153 -#define EC_F_EC_KEY_set_public_key_affine_coordinates 154 -#define EC_F_EC_KEY_generate_key 155 -#define EC_F_ec_GFp_simple_set_compressed_coordinates 156 -#define EC_F_EC_POINT_add 157 -#define EC_F_EC_GROUP_get_curve_GFp 158 -#define EC_R_PKPARAMETERS2GROUP_FAILURE 100 -#define EC_R_NON_NAMED_CURVE 101 -#define EC_R_COORDINATES_OUT_OF_RANGE 102 -#define EC_R_POINT_AT_INFINITY 103 -#define EC_R_NOT_INITIALIZED 104 -#define EC_R_MISSING_PRIVATE_KEY 105 -#define EC_R_GROUP2PKPARAMETERS_FAILURE 106 -#define EC_R_INVALID_ENCODING 107 -#define EC_R_BUFFER_TOO_SMALL 108 -#define EC_R_D2I_ECPKPARAMETERS_FAILURE 109 -#define EC_R_INVALID_FORM 110 -#define EC_R_INVALID_PRIVATE_KEY 111 -#define EC_R_INVALID_COMPRESSED_POINT 112 -#define EC_R_MISSING_PARAMETERS 113 -#define EC_R_INVALID_FIELD 114 -#define EC_R_INVALID_COMPRESSION_BIT 115 -#define EC_R_GF2M_NOT_SUPPORTED 116 -#define EC_R_POINT_IS_NOT_ON_CURVE 117 -#define EC_R_UNKNOWN_ORDER 118 -#define EC_R_UNKNOWN_GROUP 119 -#define EC_R_WRONG_ORDER 120 -#define EC_R_UNDEFINED_GENERATOR 121 -#define EC_R_INCOMPATIBLE_OBJECTS 122 -#define EC_R_I2D_ECPKPARAMETERS_FAILURE 123 -#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 124 -#define EC_R_INVALID_GROUP_ORDER 125 -#define EC_R_SLOT_FULL 126 +#define EC_F_EC_GROUP_copy 100 +#define EC_F_EC_GROUP_get_curve_GFp 101 +#define EC_F_EC_GROUP_get_degree 102 +#define EC_F_EC_GROUP_new_by_curve_name 103 +#define EC_F_EC_KEY_check_key 104 +#define EC_F_EC_KEY_copy 105 +#define EC_F_EC_KEY_generate_key 106 +#define EC_F_EC_KEY_new_method 107 +#define EC_F_EC_KEY_set_public_key_affine_coordinates 108 +#define EC_F_EC_POINT_add 109 +#define EC_F_EC_POINT_cmp 110 +#define EC_F_EC_POINT_copy 111 +#define EC_F_EC_POINT_dbl 112 +#define EC_F_EC_POINT_dup 113 +#define EC_F_EC_POINT_get_affine_coordinates_GFp 114 +#define EC_F_EC_POINT_invert 115 +#define EC_F_EC_POINT_is_at_infinity 116 +#define EC_F_EC_POINT_is_on_curve 117 +#define EC_F_EC_POINT_make_affine 118 +#define EC_F_EC_POINT_new 119 +#define EC_F_EC_POINT_oct2point 120 +#define EC_F_EC_POINT_point2oct 121 +#define EC_F_EC_POINT_set_affine_coordinates_GFp 122 +#define EC_F_EC_POINT_set_compressed_coordinates_GFp 123 +#define EC_F_EC_POINT_set_to_infinity 124 +#define EC_F_EC_POINTs_make_affine 125 +#define EC_F_compute_wNAF 126 +#define EC_F_d2i_ECPKParameters 127 +#define EC_F_d2i_ECParameters 128 +#define EC_F_d2i_ECPrivateKey 129 +#define EC_F_ec_GFp_mont_field_decode 130 +#define EC_F_ec_GFp_mont_field_encode 131 +#define EC_F_ec_GFp_mont_field_mul 132 +#define EC_F_ec_GFp_mont_field_set_to_one 133 +#define EC_F_ec_GFp_mont_field_sqr 134 +#define EC_F_ec_GFp_mont_group_set_curve 135 +#define EC_F_ec_GFp_simple_group_check_discriminant 136 +#define EC_F_ec_GFp_simple_group_set_curve 137 +#define EC_F_ec_GFp_simple_make_affine 138 +#define EC_F_ec_GFp_simple_oct2point 139 +#define EC_F_ec_GFp_simple_point2oct 140 +#define EC_F_ec_GFp_simple_point_get_affine_coordinates 141 +#define EC_F_ec_GFp_simple_point_set_affine_coordinates 142 +#define EC_F_ec_GFp_simple_points_make_affine 143 +#define EC_F_ec_GFp_simple_set_compressed_coordinates 144 +#define EC_F_ec_asn1_group2pkparameters 145 +#define EC_F_ec_asn1_pkparameters2group 146 +#define EC_F_ec_group_new 147 +#define EC_F_ec_group_new_curve_GFp 148 +#define EC_F_ec_group_new_from_data 149 +#define EC_F_ec_point_set_Jprojective_coordinates_GFp 150 +#define EC_F_ec_pre_comp_new 151 +#define EC_F_ec_wNAF_mul 152 +#define EC_F_ec_wNAF_precompute_mult 153 +#define EC_F_i2d_ECPKParameters 154 +#define EC_F_i2d_ECParameters 155 +#define EC_F_i2d_ECPrivateKey 156 +#define EC_F_i2o_ECPublicKey 157 +#define EC_F_o2i_ECPublicKey 158 +#define EC_F_BN_to_felem 159 +#define EC_F_ec_GFp_nistp256_group_set_curve 160 +#define EC_F_ec_GFp_nistp256_point_get_affine_coordinates 161 +#define EC_F_ec_GFp_nistp256_points_mul 162 +#define EC_F_ec_group_copy 163 +#define EC_F_nistp256_pre_comp_new 164 +#define EC_F_EC_KEY_new_by_curve_name 165 +#define EC_R_BUFFER_TOO_SMALL 100 +#define EC_R_COORDINATES_OUT_OF_RANGE 101 +#define EC_R_D2I_ECPKPARAMETERS_FAILURE 102 +#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 103 +#define EC_R_GROUP2PKPARAMETERS_FAILURE 104 +#define EC_R_I2D_ECPKPARAMETERS_FAILURE 105 +#define EC_R_INCOMPATIBLE_OBJECTS 106 +#define EC_R_INVALID_COMPRESSED_POINT 107 +#define EC_R_INVALID_COMPRESSION_BIT 108 +#define EC_R_INVALID_ENCODING 109 +#define EC_R_INVALID_FIELD 110 +#define EC_R_INVALID_FORM 111 +#define EC_R_INVALID_GROUP_ORDER 112 +#define EC_R_INVALID_PRIVATE_KEY 113 +#define EC_R_MISSING_PARAMETERS 114 +#define EC_R_MISSING_PRIVATE_KEY 115 +#define EC_R_NON_NAMED_CURVE 116 +#define EC_R_NOT_INITIALIZED 117 +#define EC_R_PKPARAMETERS2GROUP_FAILURE 118 +#define EC_R_POINT_AT_INFINITY 119 +#define EC_R_POINT_IS_NOT_ON_CURVE 120 +#define EC_R_SLOT_FULL 121 +#define EC_R_UNDEFINED_GENERATOR 122 +#define EC_R_UNKNOWN_GROUP 123 +#define EC_R_UNKNOWN_ORDER 124 +#define EC_R_WRONG_ORDER 125 +#define EC_R_BIGNUM_OUT_OF_RANGE 126 +#define EC_R_WRONG_CURVE_PARAMETERS 127 #endif /* OPENSSL_HEADER_EC_H */ diff --git a/src/include/openssl/ec_key.h b/src/include/openssl/ec_key.h index 115c0cd..ee64030 100644 --- a/src/include/openssl/ec_key.h +++ b/src/include/openssl/ec_key.h @@ -79,7 +79,7 @@ extern "C" { #endif -/* ec_key.h conatins functions that handle elliptic-curve points that are +/* ec_key.h contains functions that handle elliptic-curve points that are * public/private keys. */ diff --git a/src/include/openssl/ecdh.h b/src/include/openssl/ecdh.h index 46cf839..27a8578 100644 --- a/src/include/openssl/ecdh.h +++ b/src/include/openssl/ecdh.h @@ -96,8 +96,8 @@ OPENSSL_EXPORT int ECDH_compute_key(void *out, size_t outlen, #endif #define ECDH_F_ECDH_compute_key 100 -#define ECDH_R_POINT_ARITHMETIC_FAILURE 100 -#define ECDH_R_KDF_FAILED 101 -#define ECDH_R_NO_PRIVATE_VALUE 102 +#define ECDH_R_KDF_FAILED 100 +#define ECDH_R_NO_PRIVATE_VALUE 101 +#define ECDH_R_POINT_ARITHMETIC_FAILURE 102 #endif /* OPENSSL_HEADER_ECDH_H */ diff --git a/src/include/openssl/ecdsa.h b/src/include/openssl/ecdsa.h index f3ff49f..e045463 100644 --- a/src/include/openssl/ecdsa.h +++ b/src/include/openssl/ecdsa.h @@ -107,17 +107,13 @@ OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_new(void); OPENSSL_EXPORT void ECDSA_SIG_free(ECDSA_SIG *sig); /* ECDSA_sign signs |digest_len| bytes from |digest| with |key| and returns the - * resulting signature structure, or NULL on error. - * - * TODO(fork): remove this function. */ + * resulting signature structure, or NULL on error. */ OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest, size_t digest_len, EC_KEY *key); /* ECDSA_verify verifies that |sig| constitutes a valid signature by |key| of * |digest|. It returns one on success or zero if the signature is invalid or - * on error. - * - * TODO(fork): remove this function. */ + * on error. */ OPENSSL_EXPORT int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, const ECDSA_SIG *sig, EC_KEY *key); @@ -172,16 +168,15 @@ OPENSSL_EXPORT int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp); } /* extern C */ #endif -#define ECDSA_F_digest_to_bn 100 +#define ECDSA_F_ECDSA_do_sign_ex 100 #define ECDSA_F_ECDSA_do_verify 101 -#define ECDSA_F_ECDSA_sign_setup 102 -#define ECDSA_F_ECDSA_do_sign_ex 103 -#define ECDSA_F_ECDSA_sign_ex 104 -#define ECDSA_F_ecdsa_sign_setup 105 -#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 100 -#define ECDSA_R_NEED_NEW_SETUP_VALUES 101 -#define ECDSA_R_MISSING_PARAMETERS 102 -#define ECDSA_R_BAD_SIGNATURE 103 -#define ECDSA_R_NOT_IMPLEMENTED 104 +#define ECDSA_F_ECDSA_sign_ex 102 +#define ECDSA_F_digest_to_bn 103 +#define ECDSA_F_ecdsa_sign_setup 104 +#define ECDSA_R_BAD_SIGNATURE 100 +#define ECDSA_R_MISSING_PARAMETERS 101 +#define ECDSA_R_NEED_NEW_SETUP_VALUES 102 +#define ECDSA_R_NOT_IMPLEMENTED 103 +#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 #endif /* OPENSSL_HEADER_ECDSA_H */ diff --git a/src/include/openssl/engine.h b/src/include/openssl/engine.h index 4a4f37d..da242f6 100644 --- a/src/include/openssl/engine.h +++ b/src/include/openssl/engine.h @@ -78,12 +78,14 @@ OPENSSL_EXPORT ECDSA_METHOD *ENGINE_get_ECDSA_method(const ENGINE *engine); * These functions take a void* type but actually operate on all method * structures. */ -/* METHOD_ref increments the reference count of |method|. */ -OPENSSL_EXPORT void METHOD_ref(void *method); +/* METHOD_ref increments the reference count of |method|. This is a no-op for + * now because all methods are currently static. */ +void METHOD_ref(void *method); /* METHOD_unref decrements the reference count of |method| and frees it if the - * reference count drops to zero. */ -OPENSSL_EXPORT void METHOD_unref(void *method); + * reference count drops to zero. This is a no-op for now because all methods + * are currently static. */ +void METHOD_unref(void *method); /* Private functions. */ diff --git a/src/include/openssl/err.h b/src/include/openssl/err.h index c749659..e591534 100644 --- a/src/include/openssl/err.h +++ b/src/include/openssl/err.h @@ -109,9 +109,9 @@ #ifndef OPENSSL_HEADER_ERR_H #define OPENSSL_HEADER_ERR_H +#include <stdio.h> + #include <openssl/base.h> -#include <openssl/thread.h> -#include <openssl/lhash.h> #if defined(__cplusplus) extern "C" { @@ -142,16 +142,18 @@ extern "C" { /* Startup and shutdown. */ -/* ERR_load_crypto_strings initialises the error string hash with builtin - * values. If this is not called then the string forms of errors produced by - * the functions below will contain numeric identifiers rather than - * human-readable strings. */ +/* ERR_load_BIO_strings does nothing. + * + * TODO(fork): remove. libjingle calls this. */ +OPENSSL_EXPORT void ERR_load_BIO_strings(void); + +/* ERR_load_ERR_strings does nothing. */ +OPENSSL_EXPORT void ERR_load_ERR_strings(void); + +/* ERR_load_crypto_strings does nothing. */ OPENSSL_EXPORT void ERR_load_crypto_strings(void); -/* ERR_free_strings frees any memory retained by the error system, expect for - * per-thread structures which are assumed to have already been freed with - * |ERR_remove_thread_state|. This should only be called at process - * shutdown. */ +/* ERR_free_strings does nothing. */ OPENSSL_EXPORT void ERR_free_strings(void); @@ -257,13 +259,21 @@ OPENSSL_EXPORT void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx); +/* ERR_print_errors_fp prints the current contents of the error stack to |file| + * using human readable strings where possible. */ +OPENSSL_EXPORT void ERR_print_errors_fp(FILE *file); + /* Clearing errors. */ /* ERR_clear_error clears the error queue for the current thread. */ OPENSSL_EXPORT void ERR_clear_error(void); -/* ERR_remove_thread_state deletes the error queue for the given thread. If - * |tid| is NULL then the error queue for the current thread is deleted. */ +/* ERR_remove_thread_state clears the error queue for the current thread if + * |tid| is NULL. Otherwise it does nothing because it's no longer possible to + * delete the error queue for other threads. + * + * Error queues are thread-local data and are deleted automatically. You do not + * need to call this function. See |ERR_clear_error|. */ OPENSSL_EXPORT void ERR_remove_thread_state(const CRYPTO_THREADID *tid); @@ -357,9 +367,6 @@ struct err_error_st { /* ERR_STATE contains the per-thread, error queue. */ typedef struct err_state_st { - /* tid is the identifier of the thread that owns this queue. */ - CRYPTO_THREADID tid; - /* errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring * buffer. */ struct err_error_st errors[ERR_NUM_ERRORS]; @@ -474,40 +481,6 @@ enum { #define ERR_GET_FUNC(packed_error) ((int)(((packed_error) >> 12) & 0xfff)) #define ERR_GET_REASON(packed_error) ((int)((packed_error) & 0xfff)) -/* ERR_STRING_DATA is the type of an lhash node that contains a mapping from a - * library, function or reason code to a string representation of it. */ -typedef struct err_string_data_st { - uint32_t error; - const char *string; -} ERR_STRING_DATA; - -/* ERR_load_strings loads an array of ERR_STRING_DATA into the hash table. The - * array must be terminated by an entry with a NULL string. */ -OPENSSL_EXPORT void ERR_load_strings(const ERR_STRING_DATA *str); - -/* ERR_FNS_st is a structure of function pointers that contains the actual - * implementation of the error queue handling functions. */ -struct ERR_FNS_st { - void (*shutdown)(void (*err_state_free_cb)(ERR_STATE*)); - ERR_STRING_DATA *(*get_item)(uint32_t packed_error); - ERR_STRING_DATA *(*set_item)(const ERR_STRING_DATA *); - ERR_STRING_DATA *(*del_item)(uint32_t packed_error); - - /* get_state returns the ERR_STATE for the current thread. This function - * never returns NULL. */ - ERR_STATE *(*get_state)(void); - - /* release_state returns the |ERR_STATE| for the given thread, or NULL if - * none exists. It the return value is not NULL, it also returns ownership of - * the |ERR_STATE| and deletes it from its data structures. */ - ERR_STATE *(*release_state)(const CRYPTO_THREADID *tid); - - /* get_next_library returns a unique value suitable for passing as the - * |library| to error calls. It will be distinct from all built-in library - * values. */ - int (*get_next_library)(void); -}; - /* OPENSSL_DECLARE_ERROR_REASON is used by util/make_errors.h (which generates * the error defines) to recognise that an additional reason value is needed. * This is needed when the reason value is used outside of an @@ -522,11 +495,6 @@ struct ERR_FNS_st { * ${lib}_F_${reason}. */ #define OPENSSL_DECLARE_ERROR_FUNCTION(lib, function_name) -/* ERR_load_BIO_strings does nothing. - * - * TODO(fork): remove. libjingle calls this. */ -OPENSSL_EXPORT void ERR_load_BIO_strings(void); - /* Android compatibility section. * diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h index 39da689..54ad4be 100644 --- a/src/include/openssl/evp.h +++ b/src/include/openssl/evp.h @@ -58,7 +58,6 @@ #define OPENSSL_HEADER_EVP_H #include <openssl/base.h> -#include <openssl/stack.h> /* OpenSSL included digest and cipher functions in this header so we include * them for users that still expect that. @@ -67,9 +66,7 @@ #include <openssl/aead.h> #include <openssl/cipher.h> #include <openssl/digest.h> -#include <openssl/mem.h> #include <openssl/obj.h> -#include <openssl/thread.h> #if defined(__cplusplus) extern "C" { @@ -89,6 +86,9 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new(void); * itself. */ OPENSSL_EXPORT void EVP_PKEY_free(EVP_PKEY *pkey); +/* EVP_PKEY_up_ref increments the reference count of |pkey| and returns it. */ +OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_up_ref(EVP_PKEY *pkey); + /* EVP_PKEY_is_opaque returns one if |pkey| is opaque. Opaque keys are backed by * custom implementations which do not expose key material and parameters. It is * an error to attempt to duplicate, export, or compare an opaque key. */ @@ -107,10 +107,6 @@ OPENSSL_EXPORT int EVP_PKEY_supports_digest(const EVP_PKEY *pkey, * function. */ OPENSSL_EXPORT int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); -/* EVP_PKEY_dup adds one to the reference count of |pkey| and returns - * |pkey|. */ -OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey); - /* EVP_PKEY_copy_parameters sets the parameters of |to| to equal the parameters * of |from|. It returns one on success and zero on error. */ OPENSSL_EXPORT int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); @@ -119,12 +115,15 @@ OPENSSL_EXPORT int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); * parameters or zero if not, or if the algorithm doesn't take parameters. */ OPENSSL_EXPORT int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); -/* EVP_PKEY_size returns the "size", in bytes, of |pkey|. For example, for an - * RSA key this returns the number of bytes needed to represent the modulus. */ +/* EVP_PKEY_size returns the maximum size, in bytes, of a signature signed by + * |pkey|. For an RSA key, this returns the number of bytes needed to represent + * the modulus. For an EC key, this returns the maximum size of a DER-encoded + * ECDSA signature. */ OPENSSL_EXPORT int EVP_PKEY_size(const EVP_PKEY *pkey); -/* EVP_PKEY_bits returns the "size", in bits, of |pkey|. For example, for an - * RSA key, this returns the bit length of the modulus. */ +/* EVP_PKEY_bits returns the "size", in bits, of |pkey|. For an RSA key, this + * returns the bit length of the modulus. For an EC key, this returns the bit + * length of the group order. */ OPENSSL_EXPORT int EVP_PKEY_bits(EVP_PKEY *pkey); /* EVP_PKEY_id returns the type of |pkey|, which is one of the |EVP_PKEY_*| @@ -444,18 +443,6 @@ OPENSSL_EXPORT void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); * set. */ OPENSSL_EXPORT void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); -/* EVP_PKEY_CTX_ctrl performs |cmd| on |ctx|. The |keytype| and |optype| - * arguments can be -1 to specify that any type and operation are acceptable, - * otherwise |keytype| must match the type of |ctx| and the bits of |optype| - * must intersect the operation flags set on |ctx|. - * - * The |p1| and |p2| arguments depend on the value of |cmd|. - * - * It returns -2 if |cmd| is not recognised, -1 on error or a |cmd| specific - * value otherwise. */ -OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, int p1, void *p2); - /* EVP_PKEY_sign_init initialises an |EVP_PKEY_CTX| for a signing operation. It * should be called before |EVP_PKEY_sign|. * @@ -569,64 +556,28 @@ OPENSSL_EXPORT int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); OPENSSL_EXPORT int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); -/* EVP_PKEY_CTX_ctrl operations. - * - * These values are passed as the |cmd| argument to - * EVP_PKEY_CTX_ctrl */ - -/* Generic. */ +/* Generic control functions. */ /* EVP_PKEY_CTX_set_signature_md sets |md| as the digest to be used in a - * signature operation. It returns one on success or otherwise on error. See - * the return values of |EVP_PKEY_CTX_ctrl| for details. */ + * signature operation. It returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); /* EVP_PKEY_CTX_get_signature_md sets |*out_md| to the digest to be used in a - * signature operation. It returns one on success or otherwise on error. See - * the return values of |EVP_PKEY_CTX_ctrl| for details. */ + * signature operation. It returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md); -/* EVP_PKEY_CTRL_DIGESTINIT is an internal value. It's called by - * EVP_DigestInit_ex to signal the |EVP_PKEY| that a digest operation is - * starting. */ -#define EVP_PKEY_CTRL_DIGESTINIT 3 - -/* EVP_PKEY_CTRL_PEER_KEY is called with different values of |p1|: - * 0: Is called from |EVP_PKEY_derive_set_peer| and |p2| contains a peer key. - * If the return value is <= 0, the key is rejected. - * 1: Is called at the end of |EVP_PKEY_derive_set_peer| and |p2| contains a - * peer key. If the return value is <= 0, the key is rejected. - * 2: Is called with |p2| == NULL to test whether the peer's key was used. - * (EC)DH always return one in this case. - * 3: Is called with |p2| == NULL to set whether the peer's key was used. - * (EC)DH always return one in this case. This was only used for GOST. */ -#define EVP_PKEY_CTRL_PEER_KEY 4 - -/* EVP_PKEY_CTRL_SET_MAC_KEY sets a MAC key. For example, this can be done an - * |EVP_PKEY_CTX| prior to calling |EVP_PKEY_keygen| in order to generate an - * HMAC |EVP_PKEY| with the given key. It returns one on success and zero on - * error. */ -#define EVP_PKEY_CTRL_SET_MAC_KEY 5 - -/* EVP_PKEY_ALG_CTRL is the base value from which key-type specific ctrl - * commands are numbered. */ -#define EVP_PKEY_ALG_CTRL 0x1000 - /* RSA specific control functions. */ /* EVP_PKEY_CTX_set_rsa_padding sets the padding type to use. It should be one - * of the |RSA_*_PADDING| values. Returns one on success or another value on - * error. See |EVP_PKEY_CTX_ctrl| for the other return values, which are - * non-standard. */ + * of the |RSA_*_PADDING| values. Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int padding); /* EVP_PKEY_CTX_get_rsa_padding sets |*out_padding| to the current padding * value, which is one of the |RSA_*_PADDING| values. Returns one on success or - * another value on error. See |EVP_PKEY_CTX_ctrl| for the other return values, - * which are non-standard. */ + * zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *out_padding); @@ -635,8 +586,7 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, * in the signature. A value of -2 causes the salt to be the maximum length * that will fit. Otherwise the value gives the size of the salt in bytes. * - * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl| - * for the other return values, which are non-standard. */ + * Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int salt_len); @@ -645,68 +595,68 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, * |EVP_PKEY_CTX_set_rsa_pss_saltlen| for details of the special values that it * can take. * - * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl| - * for the other return values, which are non-standard. */ + * Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *out_salt_len); /* EVP_PKEY_CTX_set_rsa_keygen_bits sets the size of the desired RSA modulus, - * in bits, for key generation. Returns one on success or another value on - * error. See |EVP_PKEY_CTX_ctrl| for the other return values, which are - * non-standard. */ + * in bits, for key generation. Returns one on success or zero on + * error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits); /* EVP_PKEY_CTX_set_rsa_keygen_pubexp sets |e| as the public exponent for key - * generation. Returns one on success or another value on error. See - * |EVP_PKEY_CTX_ctrl| for the other return values, which are non-standard. */ + * generation. Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *e); /* EVP_PKEY_CTX_set_rsa_oaep_md sets |md| as the digest used in OAEP padding. - * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl| - * for the other return values, which are non-standard. */ + * Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); /* EVP_PKEY_CTX_get_rsa_oaep_md sets |*out_md| to the digest function used in - * OAEP padding. Returns one on success or another value on error. See - * |EVP_PKEY_CTX_ctrl| for the other return values, which are non-standard. */ + * OAEP padding. Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md); /* EVP_PKEY_CTX_set_rsa_mgf1_md sets |md| as the digest used in MGF1. Returns - * one on success or another value on error. See |EVP_PKEY_CTX_ctrl| for the - * other return values, which are non-standard. */ + * one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); /* EVP_PKEY_CTX_get_rsa_mgf1_md sets |*out_md| to the digest function used in - * MGF1. Returns one on success or another value on error. See - * |EVP_PKEY_CTX_ctrl| for the other return values, which are non-standard. */ + * MGF1. Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md); /* EVP_PKEY_CTX_set0_rsa_oaep_label sets |label_len| bytes from |label| as the - * label used in OAEP. DANGER: this call takes ownership of |label| and will - * call |free| on it when |ctx| is destroyed. + * label used in OAEP. DANGER: On success, this call takes ownership of |label| + * and will call |OPENSSL_free| on it when |ctx| is destroyed. * - * Returns one on success or another value on error. See |EVP_PKEY_CTX_ctrl| - * for the other return values, which are non-standard. */ + * Returns one on success or zero on error. */ OPENSSL_EXPORT int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, const uint8_t *label, size_t label_len); /* EVP_PKEY_CTX_get0_rsa_oaep_label sets |*out_label| to point to the internal * buffer containing the OAEP label (which may be NULL) and returns the length - * of the label or a negative value on error. */ + * of the label or a negative value on error. + * + * WARNING: the return value differs from the usual return value convention. */ OPENSSL_EXPORT int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, const uint8_t **out_label); -/* EC specific */ +/* Deprecated functions. */ -#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +/* EVP_PKEY_dup adds one to the reference count of |pkey| and returns + * |pkey|. + * + * WARNING: this is a |_dup| function that doesn't actually duplicate! Use + * |EVP_PKEY_up_ref| if you want to increment the reference count without + * confusion. */ +OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey); /* Private functions */ @@ -734,9 +684,6 @@ struct evp_pkey_st { * which element (if any) of the |pkey| union is valid. */ int type; - /* TODO(fork): document */ - int save_type; - union { char *ptr; struct rsa_st *rsa; /* RSA */ @@ -745,16 +692,9 @@ struct evp_pkey_st { struct ec_key_st *ec; /* ECC */ } pkey; - ENGINE *engine; - - /* TODO(fork): document */ - int save_parameters; /* ameth contains a pointer to a method table that contains many ASN.1 * methods for the key type. */ const EVP_PKEY_ASN1_METHOD *ameth; - - /* TODO(fork): document; */ - STACK_OF(X509_ATTRIBUTE) * attributes; /* [ 0 ] */ } /* EVP_PKEY */; @@ -762,105 +702,105 @@ struct evp_pkey_st { } /* extern C */ #endif -#define EVP_F_rsa_item_verify 100 -#define EVP_F_do_sigver_init 101 -#define EVP_F_eckey_priv_decode 102 -#define EVP_F_pkey_ec_sign 103 -#define EVP_F_EVP_PKEY_sign_init 104 -#define EVP_F_d2i_PrivateKey 105 -#define EVP_F_rsa_priv_encode 106 -#define EVP_F_rsa_mgf1_to_md 107 -#define EVP_F_EVP_PKEY_get1_DH 108 -#define EVP_F_EVP_PKEY_sign 109 -#define EVP_F_old_ec_priv_decode 110 -#define EVP_F_EVP_PKEY_get1_RSA 111 -#define EVP_F_pkey_ec_ctrl 112 -#define EVP_F_evp_pkey_ctx_new 113 -#define EVP_F_EVP_PKEY_verify 114 -#define EVP_F_EVP_PKEY_encrypt 115 +#define EVP_F_EVP_PKEY_derive_init 108 +#define EVP_F_EVP_PKEY_encrypt 110 +#define EVP_F_EVP_PKEY_encrypt_init 111 +#define EVP_F_EVP_PKEY_get1_DH 112 +#define EVP_F_EVP_PKEY_get1_EC_KEY 114 +#define EVP_F_EVP_PKEY_get1_RSA 115 #define EVP_F_EVP_PKEY_keygen 116 -#define EVP_F_eckey_type2param 117 -#define EVP_F_eckey_priv_encode 118 -#define EVP_F_do_EC_KEY_print 119 -#define EVP_F_pkey_ec_keygen 120 -#define EVP_F_EVP_PKEY_encrypt_init 121 -#define EVP_F_pkey_rsa_ctrl 122 -#define EVP_F_rsa_priv_decode 123 -#define EVP_F_rsa_pss_to_ctx 124 -#define EVP_F_EVP_PKEY_get1_EC_KEY 125 -#define EVP_F_EVP_PKEY_verify_init 126 -#define EVP_F_EVP_PKEY_derive_init 127 -#define EVP_F_eckey_param2type 128 -#define EVP_F_eckey_pub_decode 129 -#define EVP_F_d2i_AutoPrivateKey 130 +#define EVP_F_EVP_PKEY_sign 120 +#define EVP_F_EVP_PKEY_sign_init 121 +#define EVP_F_EVP_PKEY_verify 122 +#define EVP_F_EVP_PKEY_verify_init 123 +#define EVP_F_d2i_AutoPrivateKey 125 +#define EVP_F_d2i_PrivateKey 126 +#define EVP_F_do_EC_KEY_print 127 +#define EVP_F_do_sigver_init 129 +#define EVP_F_eckey_param2type 130 #define EVP_F_eckey_param_decode 131 -#define EVP_F_EVP_PKEY_new 132 -#define EVP_F_pkey_ec_derive 133 -#define EVP_F_pkey_ec_paramgen 134 -#define EVP_F_EVP_PKEY_CTX_ctrl 135 -#define EVP_F_EVP_PKEY_decrypt_init 136 -#define EVP_F_EVP_PKEY_decrypt 137 -#define EVP_F_EVP_PKEY_copy_parameters 138 -#define EVP_F_EVP_PKEY_set_type 139 -#define EVP_F_EVP_PKEY_derive 140 -#define EVP_F_EVP_PKEY_keygen_init 141 -#define EVP_F_do_rsa_print 142 -#define EVP_F_old_rsa_priv_decode 143 -#define EVP_F_rsa_algor_to_md 144 -#define EVP_F_eckey_pub_encode 145 -#define EVP_F_EVP_PKEY_derive_set_peer 146 -#define EVP_F_pkey_rsa_sign 147 -#define EVP_F_check_padding_md 148 -#define EVP_F_i2d_PublicKey 149 -#define EVP_F_rsa_pub_decode 150 -#define EVP_F_EVP_PKEY_get1_DSA 151 -#define EVP_F_pkey_rsa_encrypt 152 -#define EVP_F_pkey_rsa_decrypt 153 -#define EVP_F_hmac_signctx 154 -#define EVP_F_EVP_DigestVerifyInitFromAlgorithm 155 -#define EVP_F_EVP_DigestSignAlgorithm 156 -#define EVP_F_rsa_digest_verify_init_from_algorithm 157 -#define EVP_F_EVP_PKEY_CTX_dup 158 -#define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 100 -#define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 101 -#define EVP_R_INVALID_DIGEST_TYPE 102 -#define EVP_R_EXPECTING_A_DH_KEY 103 -#define EVP_R_OPERATON_NOT_INITIALIZED 104 -#define EVP_R_MISSING_PARAMETERS 105 -#define EVP_R_NO_DEFAULT_DIGEST 106 -#define EVP_R_UNKNOWN_DIGEST 107 -#define EVP_R_KEYS_NOT_SET 108 -#define EVP_R_X931_UNSUPPORTED 109 -#define EVP_R_DIGEST_DOES_NOT_MATCH 110 -#define EVP_R_DIFFERENT_PARAMETERS 111 -#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 112 -#define EVP_R_DIFFERENT_KEY_TYPES 113 -#define EVP_R_NO_PARAMETERS_SET 114 -#define EVP_R_NO_NID_FOR_CURVE 115 -#define EVP_R_NO_OPERATION_SET 116 -#define EVP_R_UNSUPPORTED_ALGORITHM 117 -#define EVP_R_EXPECTING_AN_DSA_KEY 118 -#define EVP_R_UNKNOWN_MASK_DIGEST 119 -#define EVP_R_INVALID_SALT_LENGTH 120 -#define EVP_R_BUFFER_TOO_SMALL 121 -#define EVP_R_INVALID_PADDING_MODE 122 -#define EVP_R_INVALID_MGF1_MD 123 -#define EVP_R_SHARED_INFO_ERROR 124 -#define EVP_R_INVALID_KEYBITS 125 -#define EVP_R_PEER_KEY_ERROR 126 -#define EVP_R_EXPECTING_A_DSA_KEY 127 -#define EVP_R_UNSUPPORTED_MASK_ALGORITHM 128 -#define EVP_R_EXPECTING_AN_EC_KEY_KEY 129 -#define EVP_R_INVALID_TRAILER 130 -#define EVP_R_INVALID_DIGEST_LENGTH 131 -#define EVP_R_COMMAND_NOT_SUPPORTED 132 -#define EVP_R_EXPLICIT_EC_PARAMETERS_NOT_SUPPORTED 133 -#define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 134 -#define EVP_R_NO_MDC2_SUPPORT 135 -#define EVP_R_INVALID_CURVE 136 -#define EVP_R_NO_KEY_SET 137 -#define EVP_R_INVALID_PSS_PARAMETERS 138 -#define EVP_R_KDF_PARAMETER_ERROR 139 +#define EVP_F_eckey_priv_decode 132 +#define EVP_F_eckey_priv_encode 133 +#define EVP_F_eckey_pub_decode 134 +#define EVP_F_eckey_pub_encode 135 +#define EVP_F_eckey_type2param 136 +#define EVP_F_evp_pkey_ctx_new 137 +#define EVP_F_hmac_signctx 138 +#define EVP_F_i2d_PublicKey 139 +#define EVP_F_old_ec_priv_decode 140 +#define EVP_F_old_rsa_priv_decode 141 +#define EVP_F_pkey_ec_ctrl 142 +#define EVP_F_pkey_ec_derive 143 +#define EVP_F_pkey_ec_keygen 144 +#define EVP_F_pkey_ec_paramgen 145 +#define EVP_F_pkey_ec_sign 146 +#define EVP_F_pkey_rsa_ctrl 147 +#define EVP_F_pkey_rsa_decrypt 148 +#define EVP_F_pkey_rsa_encrypt 149 +#define EVP_F_pkey_rsa_sign 150 +#define EVP_F_rsa_algor_to_md 151 +#define EVP_F_rsa_digest_verify_init_from_algorithm 152 +#define EVP_F_rsa_mgf1_to_md 153 +#define EVP_F_rsa_priv_decode 154 +#define EVP_F_rsa_priv_encode 155 +#define EVP_F_rsa_pss_to_ctx 156 +#define EVP_F_rsa_pub_decode 157 +#define EVP_F_pkey_hmac_ctrl 158 +#define EVP_F_EVP_PKEY_CTX_get0_rsa_oaep_label 159 +#define EVP_F_EVP_DigestSignAlgorithm 160 +#define EVP_F_EVP_DigestVerifyInitFromAlgorithm 161 +#define EVP_F_EVP_PKEY_CTX_ctrl 162 +#define EVP_F_EVP_PKEY_CTX_dup 163 +#define EVP_F_EVP_PKEY_copy_parameters 164 +#define EVP_F_EVP_PKEY_decrypt 165 +#define EVP_F_EVP_PKEY_decrypt_init 166 +#define EVP_F_EVP_PKEY_derive 167 +#define EVP_F_EVP_PKEY_derive_set_peer 168 +#define EVP_F_EVP_PKEY_get1_DSA 169 +#define EVP_F_EVP_PKEY_keygen_init 170 +#define EVP_F_EVP_PKEY_new 171 +#define EVP_F_EVP_PKEY_set_type 172 +#define EVP_F_check_padding_md 173 +#define EVP_F_do_dsa_print 174 +#define EVP_F_do_rsa_print 175 +#define EVP_F_dsa_param_decode 176 +#define EVP_F_dsa_priv_decode 177 +#define EVP_F_dsa_priv_encode 178 +#define EVP_F_dsa_pub_decode 179 +#define EVP_F_dsa_pub_encode 180 +#define EVP_F_dsa_sig_print 181 +#define EVP_F_old_dsa_priv_decode 182 +#define EVP_R_BUFFER_TOO_SMALL 100 +#define EVP_R_COMMAND_NOT_SUPPORTED 101 +#define EVP_R_DIFFERENT_KEY_TYPES 104 +#define EVP_R_DIFFERENT_PARAMETERS 105 +#define EVP_R_EXPECTING_AN_EC_KEY_KEY 107 +#define EVP_R_EXPECTING_A_DH_KEY 109 +#define EVP_R_EXPECTING_A_DSA_KEY 110 +#define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 111 +#define EVP_R_INVALID_CURVE 112 +#define EVP_R_INVALID_DIGEST_LENGTH 113 +#define EVP_R_INVALID_DIGEST_TYPE 114 +#define EVP_R_INVALID_KEYBITS 115 +#define EVP_R_INVALID_MGF1_MD 116 +#define EVP_R_INVALID_PADDING_MODE 118 +#define EVP_R_INVALID_PSS_PARAMETERS 119 +#define EVP_R_INVALID_SALT_LENGTH 121 +#define EVP_R_INVALID_TRAILER 122 +#define EVP_R_KEYS_NOT_SET 123 +#define EVP_R_MISSING_PARAMETERS 124 +#define EVP_R_NO_DEFAULT_DIGEST 125 +#define EVP_R_NO_KEY_SET 126 +#define EVP_R_NO_MDC2_SUPPORT 127 +#define EVP_R_NO_NID_FOR_CURVE 128 +#define EVP_R_NO_OPERATION_SET 129 +#define EVP_R_NO_PARAMETERS_SET 130 +#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 131 +#define EVP_R_OPERATON_NOT_INITIALIZED 132 +#define EVP_R_UNKNOWN_DIGEST 133 +#define EVP_R_UNKNOWN_MASK_DIGEST 134 +#define EVP_R_UNSUPPORTED_ALGORITHM 138 +#define EVP_R_UNSUPPORTED_MASK_ALGORITHM 139 #define EVP_R_UNSUPPORTED_MASK_PARAMETER 140 #define EVP_R_EXPECTING_AN_RSA_KEY 141 #define EVP_R_INVALID_OPERATION 142 @@ -872,5 +812,9 @@ struct evp_pkey_st { #define EVP_R_WRONG_PUBLIC_KEY_TYPE 148 #define EVP_R_UNKNOWN_SIGNATURE_ALGORITHM 149 #define EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 150 +#define EVP_R_BN_DECODE_ERROR 151 +#define EVP_R_PARAMETER_ENCODING_ERROR 152 +#define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 153 +#define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 154 #endif /* OPENSSL_HEADER_EVP_H */ diff --git a/src/include/openssl/ex_data.h b/src/include/openssl/ex_data.h index f61501a..2303eb4 100644 --- a/src/include/openssl/ex_data.h +++ b/src/include/openssl/ex_data.h @@ -119,21 +119,51 @@ extern "C" { /* ex_data is a mechanism for associating arbitrary extra data with objects. - * The different types of objects which can have data associated with them are - * called "classes" and there are predefined classes for all the OpenSSL - * objects that support ex_data. - * - * Within a given class, different users can be assigned indexes in which to - * store their data. Each index has callback functions that are called when a - * new object of that type is created, freed and duplicated. */ + * For each type of object that supports ex_data, different users can be + * assigned indexes in which to store their data. Each index has callback + * functions that are called when a new object of that type is created, freed + * and duplicated. */ typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + +/* Type-specific functions. + * + * Each type that supports ex_data provides three functions: */ + +#if 0 /* Sample */ + +/* |TYPE_get_ex_new_index| allocates a new index for |TYPE|. See the + * descriptions of the callback typedefs for details of when they are + * called. Any of the callback arguments may be NULL. The |argl| and |argp| + * arguments are opaque values that are passed to the callbacks. It returns the + * new index or a negative number on error. + * + * TODO(fork): this should follow the standard calling convention. */ +OPENSSL_EXPORT int TYPE_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + +/* |TYPE_set_ex_data| sets an extra data pointer on |t|. The |index| argument + * should have been returned from a previous call to |TYPE_get_ex_new_index|. */ +OPENSSL_EXPORT int TYPE_set_ex_data(TYPE *t, int index, void *arg); + +/* |TYPE_get_ex_data| returns an extra data pointer for |t|, or NULL if no such + * pointer exists. The |index| argument should have been returned from a + * previous call to |TYPE_get_ex_new_index|. */ +OPENSSL_EXPORT void *TYPE_get_ex_data(const TYPE *t, int index); + +#endif /* Sample */ + + +/* Callback types. */ + /* CRYPTO_EX_new is the type of a callback function that is called whenever a * new object of a given class is created. For example, if this callback has - * been passed to |CRYPTO_get_ex_new_index| with a |class| of - * |CRYPTO_EX_INDEX_SSL| then it'll be called each time an SSL* is created. + * been passed to |SSL_get_ex_new_index| then it'll be called each time an SSL* + * is created. * * The callback is passed the new object (i.e. the SSL*) in |parent|. The * arguments |argl| and |argp| contain opaque values that were given to @@ -166,126 +196,10 @@ typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, void **from_d, int index, long argl, void *argp); -/* CRYPTO_get_ex_new_index allocates a new index for ex_data linked with - * objects of the given |class|. This should not be called directly, rather - * each class of object should provide a wrapper function that sets - * |class_value| correctly. - * - * The |class_value| argument should be one of |CRYPTO_EX_INDEX_*| or a - * user-defined class value returned from |CRYPTO_ex_data_new_class|. - * - * See the descriptions of the callback typedefs for details of when they are - * called. Any of the callback arguments may be NULL. The |argl| and |argp| - * arguments are opaque values that are passed to the callbacks. - * - * It returns the new index, or a negative number on error. - * - * TODO(fork): this should follow the standard calling convention. - * - * TODO(fork): replace the class_value with a pointer to EX_CLASS_ITEM. Saves - * having that hash table and some of the lock-bouncing. Maybe have every - * module have a private global EX_CLASS_ITEM somewhere and any direct callers - * of CRYPTO_{get,set}_ex_data{,_index} would have to always call the - * wrappers. */ -OPENSSL_EXPORT int CRYPTO_get_ex_new_index(int class_value, long argl, - void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - -/* CRYPTO_set_ex_data sets an extra data pointer on a given object. This should - * not be called directly, rather each class of object should provide a wrapper - * function. - * - * The |index| argument should have been returned from a previous call to - * |CRYPTO_get_ex_new_index|. */ -OPENSSL_EXPORT int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val); - -/* CRYPTO_set_ex_data return an extra data pointer for a given object, or NULL - * if no such index exists. This should not be called directly, rather each - * class of object should provide a wrapper function. - * - * The |index| argument should have been returned from a previous call to - * |CRYPTO_get_ex_new_index|. */ -OPENSSL_EXPORT void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int index); - -/* CRYPTO_EX_INDEX_* are the built-in classes of objects. - * - * User defined classes start at 100. - * - * TODO(fork): WARNING: these are called "INDEX", but they aren't! */ -#define CRYPTO_EX_INDEX_BIO 0 -#define CRYPTO_EX_INDEX_SSL 1 -#define CRYPTO_EX_INDEX_SSL_CTX 2 -#define CRYPTO_EX_INDEX_SSL_SESSION 3 -#define CRYPTO_EX_INDEX_X509_STORE 4 -#define CRYPTO_EX_INDEX_X509_STORE_CTX 5 -#define CRYPTO_EX_INDEX_RSA 6 -#define CRYPTO_EX_INDEX_DSA 7 -#define CRYPTO_EX_INDEX_DH 8 -#define CRYPTO_EX_INDEX_ENGINE 9 -#define CRYPTO_EX_INDEX_X509 10 -#define CRYPTO_EX_INDEX_UI 11 -#define CRYPTO_EX_INDEX_EC_KEY 12 -#define CRYPTO_EX_INDEX_EC_GROUP 13 -#define CRYPTO_EX_INDEX_COMP 14 -#define CRYPTO_EX_INDEX_STORE 15 - - -/* User-defined classes of objects. - * - * Core OpenSSL code has predefined class values given above (the - * |CRYPTO_EX_INDEX_*| values). It's possible to get dynamic class values - * assigned for user-defined objects. */ - -/* CRYPTO_ex_data_new_class returns a fresh class value for a user-defined type - * that wishes to use ex_data. - * - * TODO(fork): hopefully remove this. */ -OPENSSL_EXPORT int CRYPTO_ex_data_new_class(void); - - -/* Embedding, allocating and freeing |CRYPTO_EX_DATA| structures for objects - * that embed them. */ - -/* CRYPTO_new_ex_data initialises a newly allocated |CRYPTO_EX_DATA| which is - * embedded inside of |obj| which is of class |class_value|. Returns one on - * success and zero otherwise. */ -OPENSSL_EXPORT int CRYPTO_new_ex_data(int class_value, void *obj, - CRYPTO_EX_DATA *ad); - -/* CRYPTO_dup_ex_data duplicates |from| into a freshly allocated - * |CRYPTO_EX_DATA|, |to|. Both of which are inside objects of the given - * class. It returns one on success and zero otherwise. */ -OPENSSL_EXPORT int CRYPTO_dup_ex_data(int class_value, CRYPTO_EX_DATA *to, - const CRYPTO_EX_DATA *from); - -/* CRYPTO_free_ex_data frees |ad|, which is embedded inside |obj|, which is an - * object of the given class. */ -OPENSSL_EXPORT void CRYPTO_free_ex_data(int class_value, void *obj, - CRYPTO_EX_DATA *ad); - - -/* Handling different ex_data implementations. */ - -/* CRYPTO_EX_DATA_IMPL is the opaque type of an implementation of ex_data. */ -typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; - -/* CRYPTO_get_ex_data_implementation returns the current implementation of - * ex_data. */ -OPENSSL_EXPORT const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation( - void); - -/* CRYPTO_set_ex_data_implementation sets the implementation of ex_data to use, - * unless ex_data has already been used and the default implementation - * installed. It returns one on success and zero otherwise. */ -OPENSSL_EXPORT int CRYPTO_set_ex_data_implementation( - const CRYPTO_EX_DATA_IMPL *impl); - -/* Private functions. */ +/* Deprecated functions. */ -/* CRYPTO_cleanup_all_ex_data cleans up all ex_data state. It assumes that no - * other threads are executing code that might call ex_data functions. */ +/* CRYPTO_cleanup_all_ex_data does nothing. */ OPENSSL_EXPORT void CRYPTO_cleanup_all_ex_data(void); struct crypto_ex_data_st { diff --git a/src/include/openssl/hmac.h b/src/include/openssl/hmac.h index 6c34cdc..89cdf8f 100644 --- a/src/include/openssl/hmac.h +++ b/src/include/openssl/hmac.h @@ -94,9 +94,14 @@ OPENSSL_EXPORT void HMAC_CTX_init(HMAC_CTX *ctx); OPENSSL_EXPORT void HMAC_CTX_cleanup(HMAC_CTX *ctx); /* HMAC_Init_ex sets up an initialised |HMAC_CTX| to use |md| as the hash - * function and |key| as the key. Any of |md| or |key| can be NULL, in which - * case the previous value will be used. It returns one on success or zero - * otherwise. */ + * function and |key| as the key. For a non-initial call, |md| may be NULL, in + * which case the previous hash function will be used. If the hash function has + * not changed and |key| is NULL, |ctx| reuses the previous key. It returns one + * on success or zero otherwise. + * + * WARNING: NULL and empty keys are ambiguous on non-initial calls. Passing NULL + * |key| but repeating the previous |md| reuses the previous key rather than the + * empty key. */ OPENSSL_EXPORT int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len, const EVP_MD *md, ENGINE *impl); @@ -152,8 +157,6 @@ struct hmac_ctx_st { EVP_MD_CTX md_ctx; EVP_MD_CTX i_ctx; EVP_MD_CTX o_ctx; - unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK]; } /* HMAC_CTX */; diff --git a/src/include/openssl/lhash.h b/src/include/openssl/lhash.h index c8628d1..d2ee982 100644 --- a/src/include/openssl/lhash.h +++ b/src/include/openssl/lhash.h @@ -96,9 +96,6 @@ extern "C" { * * LHASH_OF:ASN1_OBJECT * LHASH_OF:CONF_VALUE - * LHASH_OF:ERR_STATE - * LHASH_OF:ERR_STRING_DATA - * LHASH_OF:EX_CLASS_ITEM * LHASH_OF:SSL_SESSION */ #define IN_LHASH_H diff --git a/src/include/openssl/lhash_macros.h b/src/include/openssl/lhash_macros.h index f84b5ed..1d98107 100644 --- a/src/include/openssl/lhash_macros.h +++ b/src/include/openssl/lhash_macros.h @@ -92,122 +92,6 @@ void (*)(CONF_VALUE *, void *), func), \ arg); -/* ERR_STATE */ -#define lh_ERR_STATE_new(hash, comp) \ - ((LHASH_OF(ERR_STATE) *)lh_new( \ - CHECKED_CAST(lhash_hash_func, uint32_t (*)(const ERR_STATE *), hash), \ - CHECKED_CAST(lhash_cmp_func, \ - int (*)(const ERR_STATE *a, const ERR_STATE *b), comp))) - -#define lh_ERR_STATE_free(lh) \ - lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh)); - -#define lh_ERR_STATE_num_items(lh) \ - lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh)) - -#define lh_ERR_STATE_retrieve(lh, data) \ - ((ERR_STATE *)lh_retrieve(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \ - CHECKED_CAST(void *, ERR_STATE *, data))) - -#define lh_ERR_STATE_insert(lh, old_data, data) \ - lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \ - CHECKED_CAST(void **, ERR_STATE **, old_data), \ - CHECKED_CAST(void *, ERR_STATE *, data)) - -#define lh_ERR_STATE_delete(lh, data) \ - ((ERR_STATE *)lh_delete(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \ - CHECKED_CAST(void *, ERR_STATE *, data))) - -#define lh_ERR_STATE_doall(lh, func) \ - lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \ - CHECKED_CAST(void (*)(void *), void (*)(ERR_STATE *), func)); - -#define lh_ERR_STATE_doall_arg(lh, func, arg) \ - lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STATE) *, lh), \ - CHECKED_CAST(void (*)(void *, void *), \ - void (*)(ERR_STATE *, void *), func), \ - arg); - -/* ERR_STRING_DATA */ -#define lh_ERR_STRING_DATA_new(hash, comp) \ - ((LHASH_OF(ERR_STRING_DATA) *)lh_new( \ - CHECKED_CAST(lhash_hash_func, uint32_t (*)(const ERR_STRING_DATA *), \ - hash), \ - CHECKED_CAST( \ - lhash_cmp_func, \ - int (*)(const ERR_STRING_DATA *a, const ERR_STRING_DATA *b), comp))) - -#define lh_ERR_STRING_DATA_free(lh) \ - lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh)); - -#define lh_ERR_STRING_DATA_num_items(lh) \ - lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh)) - -#define lh_ERR_STRING_DATA_retrieve(lh, data) \ - ((ERR_STRING_DATA *)lh_retrieve( \ - CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \ - CHECKED_CAST(void *, ERR_STRING_DATA *, data))) - -#define lh_ERR_STRING_DATA_insert(lh, old_data, data) \ - lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \ - CHECKED_CAST(void **, ERR_STRING_DATA **, old_data), \ - CHECKED_CAST(void *, ERR_STRING_DATA *, data)) - -#define lh_ERR_STRING_DATA_delete(lh, data) \ - ((ERR_STRING_DATA *)lh_delete( \ - CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \ - CHECKED_CAST(void *, ERR_STRING_DATA *, data))) - -#define lh_ERR_STRING_DATA_doall(lh, func) \ - lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \ - CHECKED_CAST(void (*)(void *), void (*)(ERR_STRING_DATA *), func)); - -#define lh_ERR_STRING_DATA_doall_arg(lh, func, arg) \ - lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(ERR_STRING_DATA) *, lh), \ - CHECKED_CAST(void (*)(void *, void *), \ - void (*)(ERR_STRING_DATA *, void *), func), \ - arg); - -/* EX_CLASS_ITEM */ -#define lh_EX_CLASS_ITEM_new(hash, comp) \ - ((LHASH_OF(EX_CLASS_ITEM) *)lh_new( \ - CHECKED_CAST(lhash_hash_func, uint32_t (*)(const EX_CLASS_ITEM *), \ - hash), \ - CHECKED_CAST(lhash_cmp_func, \ - int (*)(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b), \ - comp))) - -#define lh_EX_CLASS_ITEM_free(lh) \ - lh_free(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh)); - -#define lh_EX_CLASS_ITEM_num_items(lh) \ - lh_num_items(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh)) - -#define lh_EX_CLASS_ITEM_retrieve(lh, data) \ - ((EX_CLASS_ITEM *)lh_retrieve( \ - CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \ - CHECKED_CAST(void *, EX_CLASS_ITEM *, data))) - -#define lh_EX_CLASS_ITEM_insert(lh, old_data, data) \ - lh_insert(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \ - CHECKED_CAST(void **, EX_CLASS_ITEM **, old_data), \ - CHECKED_CAST(void *, EX_CLASS_ITEM *, data)) - -#define lh_EX_CLASS_ITEM_delete(lh, data) \ - ((EX_CLASS_ITEM *)lh_delete( \ - CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \ - CHECKED_CAST(void *, EX_CLASS_ITEM *, data))) - -#define lh_EX_CLASS_ITEM_doall(lh, func) \ - lh_doall(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \ - CHECKED_CAST(void (*)(void *), void (*)(EX_CLASS_ITEM *), func)); - -#define lh_EX_CLASS_ITEM_doall_arg(lh, func, arg) \ - lh_doall_arg(CHECKED_CAST(_LHASH *, LHASH_OF(EX_CLASS_ITEM) *, lh), \ - CHECKED_CAST(void (*)(void *, void *), \ - void (*)(EX_CLASS_ITEM *, void *), func), \ - arg); - /* SSL_SESSION */ #define lh_SSL_SESSION_new(hash, comp) \ ((LHASH_OF(SSL_SESSION) *)lh_new( \ diff --git a/src/include/openssl/mem.h b/src/include/openssl/mem.h index 3bd01c0..42ec46a 100644 --- a/src/include/openssl/mem.h +++ b/src/include/openssl/mem.h @@ -58,6 +58,7 @@ #include <openssl/base.h> +#include <stdlib.h> #include <stdarg.h> #if defined(__cplusplus) diff --git a/src/include/openssl/obj.h b/src/include/openssl/obj.h index 5dd8886..f476617 100644 --- a/src/include/openssl/obj.h +++ b/src/include/openssl/obj.h @@ -193,10 +193,10 @@ OPENSSL_EXPORT int OBJ_find_sigid_by_algs(int *out_sign_nid, int digest_nid, } /* extern C */ #endif -#define OBJ_F_OBJ_txt2obj 100 -#define OBJ_F_OBJ_create 101 -#define OBJ_F_OBJ_dup 102 -#define OBJ_F_OBJ_nid2obj 103 +#define OBJ_F_OBJ_create 100 +#define OBJ_F_OBJ_dup 101 +#define OBJ_F_OBJ_nid2obj 102 +#define OBJ_F_OBJ_txt2obj 103 #define OBJ_R_UNKNOWN_NID 100 #endif /* OPENSSL_HEADER_OBJECTS_H */ diff --git a/src/include/openssl/opensslfeatures.h b/src/include/openssl/opensslfeatures.h index 4f5cb31..c3f97d5 100644 --- a/src/include/openssl/opensslfeatures.h +++ b/src/include/openssl/opensslfeatures.h @@ -22,12 +22,15 @@ #define OPENSSL_NO_BF #define OPENSSL_NO_BUF_FREELISTS #define OPENSSL_NO_CAMELLIA +#define OPENSSL_NO_CAPIENG #define OPENSSL_NO_CAST #define OPENSSL_NO_CMS #define OPENSSL_NO_COMP #define OPENSSL_NO_DANE #define OPENSSL_NO_DEPRECATED #define OPENSSL_NO_DYNAMIC_ENGINE +#define OPENSSL_NO_EC_NISTP_64_GCC_128 +#define OPENSSL_NO_EC2M #define OPENSSL_NO_ENGINE #define OPENSSL_NO_GMP #define OPENSSL_NO_GOST @@ -38,11 +41,13 @@ #define OPENSSL_NO_KRB5 #define OPENSSL_NO_MD2 #define OPENSSL_NO_MDC2 +#define OPENSSL_NO_OCB #define OPENSSL_NO_OCSP #define OPENSSL_NO_RC2 #define OPENSSL_NO_RC5 #define OPENSSL_NO_RFC3779 #define OPENSSL_NO_RIPEMD +#define OPENSSL_NO_RMD160 #define OPENSSL_NO_SCTP #define OPENSSL_NO_SEED #define OPENSSL_NO_SRP diff --git a/src/include/openssl/opensslv.h b/src/include/openssl/opensslv.h index a3555d4..22f7e25 100644 --- a/src/include/openssl/opensslv.h +++ b/src/include/openssl/opensslv.h @@ -15,4 +15,4 @@ /* This header is provided in order to make compiling against code that expects OpenSSL easier. */ -#include "crypto.h" +#include "ssl.h" diff --git a/src/include/openssl/pem.h b/src/include/openssl/pem.h index 5f61cab..adc8d86 100644 --- a/src/include/openssl/pem.h +++ b/src/include/openssl/pem.h @@ -502,57 +502,44 @@ void ERR_load_PEM_strings(void); } #endif -#define PEM_F_PEM_read_bio_DHparams 100 -#define PEM_F_load_iv 101 -#define PEM_F_PEM_write 102 -#define PEM_F_do_pk8pkey_fp 103 -#define PEM_F_PEM_read_PrivateKey 104 -#define PEM_F_PEM_read_DHparams 105 -#define PEM_F_PEM_ASN1_read_bio 106 -#define PEM_F_PEM_ASN1_read 107 +#define PEM_F_PEM_ASN1_read 100 +#define PEM_F_PEM_ASN1_read_bio 101 +#define PEM_F_PEM_ASN1_write 102 +#define PEM_F_PEM_ASN1_write_bio 103 +#define PEM_F_PEM_X509_INFO_read 104 +#define PEM_F_PEM_X509_INFO_read_bio 105 +#define PEM_F_PEM_X509_INFO_write_bio 106 +#define PEM_F_PEM_do_header 107 #define PEM_F_PEM_get_EVP_CIPHER_INFO 108 -#define PEM_F_PEM_X509_INFO_read 109 -#define PEM_F_PEM_read_bio_Parameters 110 -#define PEM_F_PEM_read 111 -#define PEM_F_PEM_X509_INFO_read_bio 112 -#define PEM_F_PEM_X509_INFO_write_bio 113 -#define PEM_F_PEM_ASN1_write 114 -#define PEM_F_d2i_PKCS8PrivateKey_bio 115 -#define PEM_F_d2i_PKCS8PrivateKey_fp 116 -#define PEM_F_PEM_read_bio_PrivateKey 117 -#define PEM_F_PEM_write_PrivateKey 118 -#define PEM_F_PEM_ASN1_write_bio 119 -#define PEM_F_PEM_do_header 120 -#define PEM_F_PEM_write_bio 121 -#define PEM_F_do_pk8pkey 122 -#define PEM_F_PEM_read_bio 123 -#define PEM_R_NO_START_LINE 100 -#define PEM_R_NOT_PROC_TYPE 101 -#define PEM_R_SHORT_HEADER 102 +#define PEM_F_PEM_read 109 +#define PEM_F_PEM_read_DHparams 110 +#define PEM_F_PEM_read_PrivateKey 111 +#define PEM_F_PEM_read_bio 112 +#define PEM_F_PEM_read_bio_DHparams 113 +#define PEM_F_PEM_read_bio_Parameters 114 +#define PEM_F_PEM_read_bio_PrivateKey 115 +#define PEM_F_PEM_write 116 +#define PEM_F_PEM_write_PrivateKey 117 +#define PEM_F_PEM_write_bio 118 +#define PEM_F_d2i_PKCS8PrivateKey_bio 119 +#define PEM_F_d2i_PKCS8PrivateKey_fp 120 +#define PEM_F_do_pk8pkey 121 +#define PEM_F_do_pk8pkey_fp 122 +#define PEM_F_load_iv 123 +#define PEM_R_BAD_BASE64_DECODE 100 +#define PEM_R_BAD_DECRYPT 101 +#define PEM_R_BAD_END_LINE 102 #define PEM_R_BAD_IV_CHARS 103 -#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 104 -#define PEM_R_BAD_END_LINE 105 -#define PEM_R_CIPHER_IS_NULL 106 -#define PEM_R_BAD_MAGIC_NUMBER 107 -#define PEM_R_BAD_DECRYPT 108 -#define PEM_R_UNSUPPORTED_ENCRYPTION 109 -#define PEM_R_PVK_DATA_TOO_SHORT 110 -#define PEM_R_PROBLEMS_GETTING_PASSWORD 111 -#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 112 -#define PEM_R_BIO_WRITE_FAILURE 113 -#define PEM_R_INCONSISTENT_HEADER 114 -#define PEM_R_PUBLIC_KEY_NO_RSA 115 -#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 116 -#define PEM_R_KEYBLOB_TOO_SHORT 117 -#define PEM_R_BAD_BASE64_DECODE 118 -#define PEM_R_READ_KEY 119 -#define PEM_R_BAD_PASSWORD_READ 120 -#define PEM_R_UNSUPPORTED_KEY_COMPONENTS 121 -#define PEM_R_UNSUPPORTED_CIPHER 122 -#define PEM_R_NOT_ENCRYPTED 123 -#define PEM_R_NOT_DEK_INFO 124 -#define PEM_R_BAD_VERSION_NUMBER 125 -#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 126 -#define PEM_R_PVK_TOO_SHORT 127 +#define PEM_R_BAD_PASSWORD_READ 104 +#define PEM_R_CIPHER_IS_NULL 105 +#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 106 +#define PEM_R_NOT_DEK_INFO 107 +#define PEM_R_NOT_ENCRYPTED 108 +#define PEM_R_NOT_PROC_TYPE 109 +#define PEM_R_NO_START_LINE 110 +#define PEM_R_READ_KEY 111 +#define PEM_R_SHORT_HEADER 112 +#define PEM_R_UNSUPPORTED_CIPHER 113 +#define PEM_R_UNSUPPORTED_ENCRYPTION 114 #endif /* OPENSSL_HEADER_PEM_H */ diff --git a/src/include/openssl/pkcs8.h b/src/include/openssl/pkcs8.h index 826ac7f..8dc7731 100644 --- a/src/include/openssl/pkcs8.h +++ b/src/include/openssl/pkcs8.h @@ -58,11 +58,9 @@ #define OPENSSL_HEADER_PKCS8_H #include <openssl/base.h> - -#include <stdio.h> - #include <openssl/x509.h> + #if defined(__cplusplus) extern "C" { #endif @@ -172,52 +170,48 @@ OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12); } /* extern C */ #endif -#define PKCS8_F_PKCS8_encrypt 100 +#define PKCS8_F_EVP_PKCS82PKEY 100 #define PKCS8_F_EVP_PKEY2PKCS8 101 -#define PKCS8_F_EVP_PKCS82PKEY 102 -#define PKCS8_F_PKCS5_pbe_set0_algor 103 -#define PKCS8_F_pbe_crypt 104 -#define PKCS8_F_pkcs12_item_decrypt_d2i 105 +#define PKCS8_F_PKCS12_get_key_and_certs 102 +#define PKCS8_F_PKCS12_handle_content_info 103 +#define PKCS8_F_PKCS12_handle_content_infos 104 +#define PKCS8_F_PKCS5_pbe2_set_iv 105 #define PKCS8_F_PKCS5_pbe_set 106 -#define PKCS8_F_pkcs12_key_gen_uni 107 -#define PKCS8_F_pkcs12_key_gen_asc 108 -#define PKCS8_F_pkcs12_pbe_keyivgen 109 -#define PKCS8_F_pbe_cipher_init 110 -#define PKCS8_F_pkcs12_item_i2d_encrypt 111 -#define PKCS8_F_PKCS5_pbe2_set_iv 112 -#define PKCS8_F_PKCS5_pbkdf2_set 113 -#define PKCS8_F_pkcs12_key_gen_raw 114 -#define PKCS8_F_PKCS8_decrypt 115 -#define PKCS8_F_PKCS8_encrypt_pbe 116 -#define PKCS8_F_PKCS12_parse 117 -#define PKCS8_F_PKCS12_handle_content_info 118 -#define PKCS8_F_PKCS12_handle_content_infos 119 -#define PKCS8_F_PKCS12_get_key_and_certs 120 -#define PKCS8_R_ERROR_SETTING_CIPHER_PARAMS 100 -#define PKCS8_R_PRIVATE_KEY_ENCODE_ERROR 101 -#define PKCS8_R_UNKNOWN_ALGORITHM 102 -#define PKCS8_R_UNKNOWN_CIPHER 103 -#define PKCS8_R_UNKNOWN_DIGEST 104 +#define PKCS8_F_PKCS5_pbe_set0_algor 107 +#define PKCS8_F_PKCS5_pbkdf2_set 108 +#define PKCS8_F_PKCS8_decrypt 109 +#define PKCS8_F_PKCS8_encrypt 110 +#define PKCS8_F_PKCS8_encrypt_pbe 111 +#define PKCS8_F_pbe_cipher_init 112 +#define PKCS8_F_pbe_crypt 113 +#define PKCS8_F_pkcs12_item_decrypt_d2i 114 +#define PKCS8_F_pkcs12_item_i2d_encrypt 115 +#define PKCS8_F_pkcs12_key_gen_raw 116 +#define PKCS8_F_pkcs12_pbe_keyivgen 117 +#define PKCS8_R_BAD_PKCS12_DATA 100 +#define PKCS8_R_BAD_PKCS12_VERSION 101 +#define PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 102 +#define PKCS8_R_CRYPT_ERROR 103 +#define PKCS8_R_DECODE_ERROR 104 #define PKCS8_R_ENCODE_ERROR 105 -#define PKCS8_R_DECODE_ERROR 106 -#define PKCS8_R_ENCRYPT_ERROR 107 -#define PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 108 -#define PKCS8_R_PRIVATE_KEY_DECODE_ERROR 109 -#define PKCS8_R_UNKNOWN_CIPHER_ALGORITHM 110 -#define PKCS8_R_KEYGEN_FAILURE 111 -#define PKCS8_R_TOO_LONG 112 -#define PKCS8_R_CRYPT_ERROR 113 -#define PKCS8_R_METHOD_NOT_SUPPORTED 114 -#define PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 115 -#define PKCS8_R_KEY_GEN_ERROR 116 -#define PKCS8_R_BAD_PKCS12_DATA 117 -#define PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED 118 -#define PKCS8_R_BAD_PKCS12_VERSION 119 -#define PKCS8_R_PKCS12_TOO_DEEPLY_NESTED 120 -#define PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12 121 -#define PKCS8_R_UNKNOWN_HASH 122 -#define PKCS8_R_BAD_MAC 123 -#define PKCS8_R_MISSING_MAC 124 -#define PKCS8_R_INCORRECT_PASSWORD 125 +#define PKCS8_R_ENCRYPT_ERROR 106 +#define PKCS8_R_ERROR_SETTING_CIPHER_PARAMS 107 +#define PKCS8_R_INCORRECT_PASSWORD 108 +#define PKCS8_R_KEYGEN_FAILURE 109 +#define PKCS8_R_KEY_GEN_ERROR 110 +#define PKCS8_R_METHOD_NOT_SUPPORTED 111 +#define PKCS8_R_MISSING_MAC 112 +#define PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12 113 +#define PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED 114 +#define PKCS8_R_PKCS12_TOO_DEEPLY_NESTED 115 +#define PKCS8_R_PRIVATE_KEY_DECODE_ERROR 116 +#define PKCS8_R_PRIVATE_KEY_ENCODE_ERROR 117 +#define PKCS8_R_TOO_LONG 118 +#define PKCS8_R_UNKNOWN_ALGORITHM 119 +#define PKCS8_R_UNKNOWN_CIPHER 120 +#define PKCS8_R_UNKNOWN_CIPHER_ALGORITHM 121 +#define PKCS8_R_UNKNOWN_DIGEST 122 +#define PKCS8_R_UNKNOWN_HASH 123 +#define PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 124 #endif /* OPENSSL_HEADER_PKCS8_H */ diff --git a/src/include/openssl/rand.h b/src/include/openssl/rand.h index 6186044..01ef4f8 100644 --- a/src/include/openssl/rand.h +++ b/src/include/openssl/rand.h @@ -22,8 +22,10 @@ extern "C" { #endif -/* RAND_bytes writes |len| bytes of random data to |buf|. It returns one on - * success and zero on otherwise. */ +/* Random number generation. */ + + +/* RAND_bytes writes |len| bytes of random data to |buf| and returns one. */ OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len); /* RAND_cleanup frees any resources used by the RNG. This is not safe if other diff --git a/src/include/openssl/rc4.h b/src/include/openssl/rc4.h index 727b474..0619cac 100644 --- a/src/include/openssl/rc4.h +++ b/src/include/openssl/rc4.h @@ -67,13 +67,10 @@ extern "C" { /* RC4. */ -typedef struct rc4_key_st { +struct rc4_key_st { uint32_t x, y; - /* data is sometimes used as an array of 32-bit values and sometimes as 8-bit - * values, depending on the platform. */ uint32_t data[256]; -} RC4_KEY; - +} /* RC4_KEY */; /* RC4_set_key performs an RC4 key schedule and initialises |rc4key| with |len| * bytes of key material from |key|. */ diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h index a4596c7..2e24231 100644 --- a/src/include/openssl/rsa.h +++ b/src/include/openssl/rsa.h @@ -61,6 +61,7 @@ #include <openssl/engine.h> #include <openssl/ex_data.h> +#include <openssl/thread.h> #if defined(__cplusplus) extern "C" { @@ -190,7 +191,7 @@ OPENSSL_EXPORT int RSA_sign(int hash_nid, const uint8_t *in, unsigned int *out_len, RSA *rsa); /* RSA_sign_raw signs |in_len| bytes from |in| with the public key from |rsa| - * and writes, at most, |max_out| bytes of encrypted data to |out|. The + * and writes, at most, |max_out| bytes of signature data to |out|. The * |max_out| argument must be, at least, |RSA_size| in order to ensure success. * * It returns 1 on success or zero on error. @@ -254,7 +255,7 @@ OPENSSL_EXPORT int RSA_public_decrypt(int flen, const uint8_t *from, /* Utility functions. */ /* RSA_size returns the number of bytes in the modulus, which is also the size - * of a signature of encrypted value using |rsa|. */ + * of a signature or encrypted value using |rsa|. */ OPENSSL_EXPORT unsigned RSA_size(const RSA *rsa); /* RSA_is_opaque returns one if |rsa| is opaque and doesn't expose its key @@ -286,11 +287,12 @@ OPENSSL_EXPORT int RSA_check_key(const RSA *rsa); OPENSSL_EXPORT int RSA_recover_crt_params(RSA *rsa); /* RSA_verify_PKCS1_PSS_mgf1 verifies that |EM| is a correct PSS padding of - * |mHash|, where |mHash| is a digest produced by |Hash|. The |mgf1Hash| - * argument specifies the hash function for generating the mask. If NULL, - * |Hash| is used. The |sLen| argument specifies the expected salt length in - * bytes. If |sLen| is -1 then the salt length is the same as the hash length. - * If -2, then the salt length is maximal and is taken from the size of |EM|. + * |mHash|, where |mHash| is a digest produced by |Hash|. |EM| must point to + * exactly |RSA_size(rsa)| bytes of data. The |mgf1Hash| argument specifies the + * hash function for generating the mask. If NULL, |Hash| is used. The |sLen| + * argument specifies the expected salt length in bytes. If |sLen| is -1 then + * the salt length is the same as the hash length. If -2, then the salt length + * is maximal and is taken from the size of |EM|. * * It returns one on success or zero on error. */ OPENSSL_EXPORT int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, @@ -299,12 +301,12 @@ OPENSSL_EXPORT int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, const uint8_t *EM, int sLen); /* RSA_padding_add_PKCS1_PSS_mgf1 writes a PSS padding of |mHash| to |EM|, - * where |mHash| is a digest produced by |Hash|. There must be at least - * |RSA_size(rsa)| bytes of space in |EM|. The |mgf1Hash| argument specifies - * the hash function for generating the mask. If NULL, |Hash| is used. The - * |sLen| argument specifies the expected salt length in bytes. If |sLen| is -1 - * then the salt length is the same as the hash length. If -2, then the salt - * length is maximal given the space in |EM|. + * where |mHash| is a digest produced by |Hash|. |RSA_size(rsa)| bytes of + * output will be written to |EM|. The |mgf1Hash| argument specifies the hash + * function for generating the mask. If NULL, |Hash| is used. The |sLen| + * argument specifies the expected salt length in bytes. If |sLen| is -1 then + * the salt length is the same as the hash length. If -2, then the salt length + * is maximal given the space in |EM|. * * It returns one on success or zero on error. */ OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM, @@ -314,7 +316,6 @@ OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM, int sLen); - /* ASN.1 functions. */ /* d2i_RSAPublicKey parses an ASN.1, DER-encoded, RSA public key from |len| @@ -348,7 +349,7 @@ OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp); /* ex_data functions. * - * These functions are wrappers. See |ex_data.h| for details. */ + * See |ex_data.h| for details. */ OPENSSL_EXPORT int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, @@ -477,18 +478,21 @@ struct rsa_st { int references; int flags; - /* Used to cache montgomery values */ + CRYPTO_MUTEX lock; + + /* Used to cache montgomery values. The creation of these values is protected + * by |lock|. */ BN_MONT_CTX *_method_mod_n; BN_MONT_CTX *_method_mod_p; BN_MONT_CTX *_method_mod_q; /* num_blindings contains the size of the |blindings| and |blindings_inuse| * arrays. This member and the |blindings_inuse| array are protected by - * CRYPTO_LOCK_RSA_BLINDING. */ + * |lock|. */ unsigned num_blindings; /* blindings is an array of BN_BLINDING structures that can be reserved by a - * thread by locking CRYPTO_LOCK_RSA_BLINDING and changing the corresponding - * element in |blindings_inuse| from 0 to 1. */ + * thread by locking |lock| and changing the corresponding element in + * |blindings_inuse| from 0 to 1. */ BN_BLINDING **blindings; unsigned char *blindings_inuse; }; @@ -498,79 +502,74 @@ struct rsa_st { } /* extern C */ #endif -#define RSA_F_RSA_padding_check_none 100 -#define RSA_F_RSA_padding_add_none 101 -#define RSA_F_RSA_padding_check_PKCS1_OAEP_mgf1 102 -#define RSA_F_RSA_verify_PKCS1_PSS_mgf1 103 -#define RSA_F_RSA_padding_add_PKCS1_PSS_mgf1 104 -#define RSA_F_RSA_verify 105 -#define RSA_F_rsa_setup_blinding 106 -#define RSA_F_verify_raw 107 -#define RSA_F_RSA_padding_add_PKCS1_type_1 108 -#define RSA_F_keygen 109 -#define RSA_F_RSA_padding_add_PKCS1_OAEP_mgf1 110 -#define RSA_F_pkcs1_prefixed_msg 111 -#define RSA_F_BN_BLINDING_update 112 -#define RSA_F_RSA_padding_check_SSLv23 113 -#define RSA_F_RSA_padding_add_SSLv23 114 -#define RSA_F_BN_BLINDING_new 115 -#define RSA_F_RSA_padding_add_PKCS1_type_2 116 -#define RSA_F_BN_BLINDING_convert_ex 117 -#define RSA_F_BN_BLINDING_invert_ex 118 -#define RSA_F_encrypt 119 -#define RSA_F_sign_raw 120 -#define RSA_F_RSA_new_method 121 -#define RSA_F_RSA_padding_check_PKCS1_type_1 122 -#define RSA_F_RSA_sign 123 -#define RSA_F_BN_BLINDING_create_param 124 -#define RSA_F_decrypt 125 -#define RSA_F_RSA_padding_check_PKCS1_type_2 126 -#define RSA_F_RSA_recover_crt_params 127 -#define RSA_F_RSA_check_key 128 -#define RSA_F_private_transform 129 -#define RSA_R_INVALID_MESSAGE_LENGTH 100 -#define RSA_R_NO_PUBLIC_EXPONENT 102 -#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 103 -#define RSA_R_BLOCK_TYPE_IS_NOT_01 104 -#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 105 -#define RSA_R_UNKNOWN_PADDING_TYPE 106 -#define RSA_R_TOO_MANY_ITERATIONS 107 -#define RSA_R_SLEN_RECOVERY_FAILED 108 -#define RSA_R_WRONG_SIGNATURE_LENGTH 109 -#define RSA_R_MODULUS_TOO_LARGE 110 -#define RSA_R_NULL_BEFORE_BLOCK_MISSING 111 -#define RSA_R_DATA_TOO_LARGE 112 -#define RSA_R_OUTPUT_BUFFER_TOO_SMALL 113 -#define RSA_R_SLEN_CHECK_FAILED 114 -#define RSA_R_FIRST_OCTET_INVALID 115 -#define RSA_R_BAD_E_VALUE 116 -#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 117 -#define RSA_R_EMPTY_PUBLIC_KEY 118 -#define RSA_R_BAD_PAD_BYTE_COUNT 119 -#define RSA_R_OAEP_DECODING_ERROR 120 -#define RSA_R_TOO_LONG 121 -#define RSA_R_BAD_FIXED_HEADER_DECRYPT 122 -#define RSA_R_DATA_TOO_SMALL 123 -#define RSA_R_UNKNOWN_ALGORITHM_TYPE 124 -#define RSA_R_PADDING_CHECK_FAILED 125 -#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 126 -#define RSA_R_BLOCK_TYPE_IS_NOT_02 127 -#define RSA_R_LAST_OCTET_INVALID 128 -#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 129 -#define RSA_R_SSLV3_ROLLBACK_ATTACK 130 -#define RSA_R_KEY_SIZE_TOO_SMALL 131 -#define RSA_R_BAD_SIGNATURE 132 -#define RSA_R_BN_NOT_INITIALIZED 133 -#define RSA_R_PKCS_DECODING_ERROR 134 -#define RSA_R_BAD_RSA_PARAMETERS 135 -#define RSA_R_INTERNAL_ERROR 136 -#define RSA_R_CRT_PARAMS_ALREADY_GIVEN 137 -#define RSA_R_D_E_NOT_CONGRUENT_TO_1 138 +#define RSA_F_BN_BLINDING_convert_ex 100 +#define RSA_F_BN_BLINDING_create_param 101 +#define RSA_F_BN_BLINDING_invert_ex 102 +#define RSA_F_BN_BLINDING_new 103 +#define RSA_F_BN_BLINDING_update 104 +#define RSA_F_RSA_check_key 105 +#define RSA_F_RSA_new_method 106 +#define RSA_F_RSA_padding_add_PKCS1_OAEP_mgf1 107 +#define RSA_F_RSA_padding_add_PKCS1_PSS_mgf1 108 +#define RSA_F_RSA_padding_add_PKCS1_type_1 109 +#define RSA_F_RSA_padding_add_PKCS1_type_2 110 +#define RSA_F_RSA_padding_add_none 111 +#define RSA_F_RSA_padding_check_PKCS1_OAEP_mgf1 112 +#define RSA_F_RSA_padding_check_PKCS1_type_1 113 +#define RSA_F_RSA_padding_check_PKCS1_type_2 114 +#define RSA_F_RSA_padding_check_none 115 +#define RSA_F_RSA_recover_crt_params 116 +#define RSA_F_RSA_sign 117 +#define RSA_F_RSA_verify 118 +#define RSA_F_RSA_verify_PKCS1_PSS_mgf1 119 +#define RSA_F_decrypt 120 +#define RSA_F_encrypt 121 +#define RSA_F_keygen 122 +#define RSA_F_pkcs1_prefixed_msg 123 +#define RSA_F_private_transform 124 +#define RSA_F_rsa_setup_blinding 125 +#define RSA_F_sign_raw 126 +#define RSA_F_verify_raw 127 +#define RSA_R_BAD_E_VALUE 100 +#define RSA_R_BAD_FIXED_HEADER_DECRYPT 101 +#define RSA_R_BAD_PAD_BYTE_COUNT 102 +#define RSA_R_BAD_RSA_PARAMETERS 103 +#define RSA_R_BAD_SIGNATURE 104 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 105 +#define RSA_R_BN_NOT_INITIALIZED 106 +#define RSA_R_CRT_PARAMS_ALREADY_GIVEN 107 +#define RSA_R_CRT_VALUES_INCORRECT 108 +#define RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN 109 +#define RSA_R_DATA_TOO_LARGE 110 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 111 +#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 112 +#define RSA_R_DATA_TOO_SMALL 113 +#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 114 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 115 +#define RSA_R_D_E_NOT_CONGRUENT_TO_1 116 +#define RSA_R_EMPTY_PUBLIC_KEY 117 +#define RSA_R_FIRST_OCTET_INVALID 118 +#define RSA_R_INCONSISTENT_SET_OF_CRT_VALUES 119 +#define RSA_R_INTERNAL_ERROR 120 +#define RSA_R_INVALID_MESSAGE_LENGTH 121 +#define RSA_R_KEY_SIZE_TOO_SMALL 122 +#define RSA_R_LAST_OCTET_INVALID 123 +#define RSA_R_MODULUS_TOO_LARGE 124 +#define RSA_R_NO_PUBLIC_EXPONENT 125 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 126 +#define RSA_R_N_NOT_EQUAL_P_Q 127 +#define RSA_R_OAEP_DECODING_ERROR 128 +#define RSA_R_ONLY_ONE_OF_P_Q_GIVEN 129 +#define RSA_R_OUTPUT_BUFFER_TOO_SMALL 130 +#define RSA_R_PADDING_CHECK_FAILED 131 +#define RSA_R_PKCS_DECODING_ERROR 132 +#define RSA_R_SLEN_CHECK_FAILED 133 +#define RSA_R_SLEN_RECOVERY_FAILED 134 +#define RSA_R_TOO_LONG 135 +#define RSA_R_TOO_MANY_ITERATIONS 136 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 137 +#define RSA_R_UNKNOWN_PADDING_TYPE 138 #define RSA_R_VALUE_MISSING 139 -#define RSA_R_N_NOT_EQUAL_P_Q 140 -#define RSA_R_CRT_VALUES_INCORRECT 141 -#define RSA_R_INCONSISTENT_SET_OF_CRT_VALUES 142 -#define RSA_R_ONLY_ONE_OF_P_Q_GIVEN 143 -#define RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN 144 +#define RSA_R_WRONG_SIGNATURE_LENGTH 140 #endif /* OPENSSL_HEADER_RSA_H */ diff --git a/src/include/openssl/safe_stack.h b/src/include/openssl/safestack.h index 6e5e433..6e5e433 100644 --- a/src/include/openssl/safe_stack.h +++ b/src/include/openssl/safestack.h diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index ef73c8d..b746007 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -140,8 +140,8 @@ * OTHERWISE. */ -#ifndef HEADER_SSL_H -#define HEADER_SSL_H +#ifndef OPENSSL_HEADER_SSL_H +#define OPENSSL_HEADER_SSL_H #include <openssl/base.h> @@ -152,17 +152,132 @@ #include <openssl/pem.h> #include <openssl/x509.h> +#if !defined(OPENSSL_WINDOWS) +#include <sys/time.h> +#endif + /* Some code expected to get the threading functions by including ssl.h. */ #include <openssl/thread.h> /* wpa_supplicant expects to get the version functions from ssl.h */ #include <openssl/crypto.h> -#ifdef __cplusplus +/* Forward-declare struct timeval. On Windows, it is defined in winsock2.h and + * Windows headers define too many macros to be included in public headers. + * However, only a forward declaration is needed. */ +struct timeval; + +#if defined(__cplusplus) extern "C" { #endif +/* SSL implementation. */ + + +/* Initialization. */ + +/* SSL_library_init initializes the crypto and SSL libraries and returns one. */ +OPENSSL_EXPORT int SSL_library_init(void); + + +/* Protocol version constants */ + +#define SSL3_VERSION 0x0300 +#define SSL3_VERSION_MAJOR 0x03 +#define SSL3_VERSION_MINOR 0x00 + +#define TLS1_2_VERSION 0x0303 +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 + +#define TLS1_1_VERSION 0x0302 +#define TLS1_1_VERSION_MAJOR 0x03 +#define TLS1_1_VERSION_MINOR 0x02 + +#define TLS1_VERSION 0x0301 +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 + +#define DTLS1_VERSION 0xFEFF +#define DTLS1_2_VERSION 0xFEFD + + +/* Cipher suites. */ + +/* An SSL_CIPHER represents a cipher suite. */ +typedef struct ssl_cipher_st { + /* name is the OpenSSL name for the cipher. */ + const char *name; + /* id is the cipher suite value bitwise OR-d with 0x03000000. */ + uint32_t id; + + /* The following are internal fields. See ssl/internal.h for their values. */ + + uint32_t algorithm_mkey; + uint32_t algorithm_auth; + uint32_t algorithm_enc; + uint32_t algorithm_mac; + uint32_t algorithm_ssl; + uint32_t algo_strength; + + /* algorithm2 contains extra flags. See ssl/internal.h. */ + uint32_t algorithm2; + + /* strength_bits is the strength of the cipher in bits. */ + int strength_bits; + /* alg_bits is the number of bits of key material used by the algorithm. */ + int alg_bits; +} SSL_CIPHER; + +DECLARE_STACK_OF(SSL_CIPHER) + +/* SSL_get_cipher_by_value returns the structure representing a TLS cipher + * suite based on its assigned number, or NULL if unknown. See + * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4. */ +OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value); + +/* SSL_CIPHER_get_id returns |cipher|'s id. It may be cast to a |uint16_t| to + * get the cipher suite value. */ +OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_is_AES returns one if |cipher| uses AES (either GCM or CBC + * mode). */ +OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_has_MD5_HMAC returns one if |cipher| uses HMAC-MD5. */ +OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_is_AESGCM returns one if |cipher| uses AES-GCM. */ +OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_is_CHACHA20POLY1305 returns one if |cipher| uses + * CHACHA20_POLY1305. */ +OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. */ +OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_get_kx_name returns a string that describes the key-exchange + * method used by |cipher|. For example, "ECDHE_ECDSA". */ +OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_get_rfc_name returns a newly-allocated string with the standard + * name for |cipher|. For example, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". The + * caller is responsible for calling |OPENSSL_free| on the result. */ +OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher); + +/* SSL_CIPHER_get_bits returns the strength, in bits, of |cipher|. If + * |out_alg_bits| is not NULL, it writes the number of bits consumed by the + * symmetric algorithm to |*out_alg_bits|. */ +OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, + int *out_alg_bits); + + +/* Underdocumented functions. + * + * Functions below here haven't been touched up and may be underdocumented. */ + /* SSLeay version number for ASN.1 encoding of the session information */ /* Version 0 - initial version * Version 1 - added the optional peer certificate. */ @@ -178,11 +293,11 @@ extern "C" { #define SSL_TXT_HIGH "HIGH" #define SSL_TXT_FIPS "FIPS" -#define SSL_TXT_aNULL "aNULL" - #define SSL_TXT_kRSA "kRSA" -#define SSL_TXT_kEDH "kEDH" -#define SSL_TXT_kEECDH "kEECDH" +#define SSL_TXT_kDHE "kDHE" +#define SSL_TXT_kEDH "kEDH" /* same as "kDHE" */ +#define SSL_TXT_kECDHE "kECDHE" +#define SSL_TXT_kEECDH "kEECDH" /* same as "kECDHE" */ #define SSL_TXT_kPSK "kPSK" #define SSL_TXT_aRSA "aRSA" @@ -190,12 +305,12 @@ extern "C" { #define SSL_TXT_aPSK "aPSK" #define SSL_TXT_DH "DH" -#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */ -#define SSL_TXT_ADH "ADH" +#define SSL_TXT_DHE "DHE" /* same as "kDHE" */ +#define SSL_TXT_EDH "EDH" /* same as "DHE" */ #define SSL_TXT_RSA "RSA" #define SSL_TXT_ECDH "ECDH" -#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */ -#define SSL_TXT_AECDH "AECDH" +#define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE" */ +#define SSL_TXT_EECDH "EECDH" /* same as "ECDHE" */ #define SSL_TXT_ECDSA "ECDSA" #define SSL_TXT_PSK "PSK" @@ -237,7 +352,7 @@ extern "C" { /* The following cipher list is used by default. It also is substituted when an * application-defined cipher list string starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" +#define SSL_DEFAULT_CIPHER_LIST "ALL" /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is @@ -253,14 +368,11 @@ extern "C" { typedef struct ssl_method_st SSL_METHOD; typedef struct ssl_protocol_method_st SSL_PROTOCOL_METHOD; -typedef struct ssl_cipher_st SSL_CIPHER; typedef struct ssl_session_st SSL_SESSION; typedef struct tls_sigalgs_st TLS_SIGALGS; typedef struct ssl_conf_ctx_st SSL_CONF_CTX; typedef struct ssl3_enc_method SSL3_ENC_METHOD; -DECLARE_STACK_OF(SSL_CIPHER) - /* SRTP protection profiles for use with the use_srtp extension (RFC 5764). */ typedef struct srtp_protection_profile_st { const char *name; @@ -269,28 +381,6 @@ typedef struct srtp_protection_profile_st { DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) -/* used to hold info on the particular ciphers used */ -struct ssl_cipher_st { - int valid; - const char *name; /* text name */ - unsigned long id; /* id, 4 bytes, first is version */ - - /* changed in 0.9.9: these four used to be portions of a single value - * 'algorithms' */ - unsigned long algorithm_mkey; /* key exchange algorithm */ - unsigned long algorithm_auth; /* server authentication */ - unsigned long algorithm_enc; /* symmetric encryption */ - unsigned long algorithm_mac; /* symmetric authentication */ - unsigned long algorithm_ssl; /* (major) protocol version */ - - unsigned long algo_strength; /* strength and export flags */ - unsigned long algorithm2; /* Extra flags. See SSL2_CF_* in ssl2.h - and algorithm2 section in - ssl_locl.h */ - int strength_bits; /* Number of bits really used */ - int alg_bits; /* Number of bits for algorithm */ -}; - /* An SSL_SESSION represents an SSL session that may be resumed in an * abbreviated handshake. */ struct ssl_session_st { @@ -382,8 +472,6 @@ struct ssl_session_st { /* DTLS options */ #define SSL_OP_NO_QUERY_MTU 0x00001000L -/* Turn on Cookie Exchange (on relevant for servers) */ -#define SSL_OP_COOKIE_EXCHANGE 0x00002000L /* Don't use RFC4507 ticket extension */ #define SSL_OP_NO_TICKET 0x00004000L @@ -393,9 +481,9 @@ struct ssl_session_st { #define SSL_OP_NO_COMPRESSION 0x00020000L /* Permit unsafe legacy renegotiation */ #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L -/* If set, always create a new key when using tmp_ecdh parameters */ +/* SSL_OP_SINGLE_ECDH_USE does nothing. */ #define SSL_OP_SINGLE_ECDH_USE 0x00080000L -/* If set, always create a new key when using tmp_dh parameters */ +/* SSL_OP_SINGLE_DH_USE does nothing. */ #define SSL_OP_SINGLE_DH_USE 0x00100000L /* Set on servers to choose the cipher according to the server's preferences */ #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L @@ -435,14 +523,11 @@ struct ssl_session_st { #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L /* Don't attempt to automatically build certificate chain */ #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L -/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and - * TLS only.) "Released" buffers are put onto a free-list in the context or - * just freed (depending on the context's setting for freelist_max_len). */ -#define SSL_MODE_RELEASE_BUFFERS 0x00000010L /* The following flags do nothing and are included only to make it easier to * compile code with BoringSSL. */ #define SSL_MODE_AUTO_RETRY 0 +#define SSL_MODE_RELEASE_BUFFERS 0 /* Send the current time in the Random fields of the ClientHello and * ServerHello records for compatibility with hypothetical implementations that @@ -467,9 +552,14 @@ struct ssl_session_st { /* Clear verification errors from queue */ #define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 -/* When set, clients may send application data before receipt of CCS and - * Finished. This mode enables full-handshakes to 'complete' in one RTT. */ -#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L +/* SSL_MODE_ENABLE_FALSE_START allows clients to send application data before + * receipt of CCS and Finished. This mode enables full-handshakes to 'complete' + * in one RTT. See draft-bmoeller-tls-falsestart-01. */ +#define SSL_MODE_ENABLE_FALSE_START 0x00000080L + +/* Deprecated: SSL_MODE_HANDSHAKE_CUTTHROUGH is the same as + * SSL_MODE_ENABLE_FALSE_START. */ +#define SSL_MODE_HANDSHAKE_CUTTHROUGH SSL_MODE_ENABLE_FALSE_START /* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two: * the first record will contain a single byte and the second will contain the @@ -482,7 +572,7 @@ struct ssl_session_st { * session resumption is used for a given SSL*. */ #define SSL_MODE_NO_SESSION_CREATION 0x00000200L -/* SSL_MODE_SEND_SERVERHELLO_TIME sends TLS_FALLBACK_SCSV in the ClientHello. +/* SSL_MODE_SEND_FALLBACK_SCSV sends TLS_FALLBACK_SCSV in the ClientHello. * To be set only by applications that reconnect with a downgraded protocol * version; see https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-05 * for details. @@ -492,38 +582,69 @@ struct ssl_session_st { * draft-ietf-tls-downgrade-scsv-05. */ #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L -/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they - * cannot be used to clear bits. */ - -#define SSL_CTX_set_options(ctx, op) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_OPTIONS, (op), NULL) -#define SSL_CTX_clear_options(ctx, op) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_OPTIONS, (op), NULL) -#define SSL_CTX_get_options(ctx) SSL_CTX_ctrl((ctx), SSL_CTRL_OPTIONS, 0, NULL) -#define SSL_set_options(ssl, op) SSL_ctrl((ssl), SSL_CTRL_OPTIONS, (op), NULL) -#define SSL_clear_options(ssl, op) \ - SSL_ctrl((ssl), SSL_CTRL_CLEAR_OPTIONS, (op), NULL) -#define SSL_get_options(ssl) SSL_ctrl((ssl), SSL_CTRL_OPTIONS, 0, NULL) - -#define SSL_CTX_set_mode(ctx, op) SSL_CTX_ctrl((ctx), SSL_CTRL_MODE, (op), NULL) -#define SSL_CTX_clear_mode(ctx, op) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_MODE, (op), NULL) -#define SSL_CTX_get_mode(ctx) SSL_CTX_ctrl((ctx), SSL_CTRL_MODE, 0, NULL) -#define SSL_clear_mode(ssl, op) SSL_ctrl((ssl), SSL_CTRL_CLEAR_MODE, (op), NULL) -#define SSL_set_mode(ssl, op) SSL_ctrl((ssl), SSL_CTRL_MODE, (op), NULL) -#define SSL_get_mode(ssl) SSL_ctrl((ssl), SSL_CTRL_MODE, 0, NULL) -#define SSL_set_mtu(ssl, mtu) SSL_ctrl((ssl), SSL_CTRL_SET_MTU, (mtu), NULL) - -#define SSL_get_secure_renegotiation_support(ssl) \ - SSL_ctrl((SSL *)(ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) - -#define SSL_CTX_set_cert_flags(ctx, op) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_CERT_FLAGS, (op), NULL) -#define SSL_set_cert_flags(s, op) SSL_ctrl((s), SSL_CTRL_CERT_FLAGS, (op), NULL) -#define SSL_CTX_clear_cert_flags(ctx, op) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_CLEAR_CERT_FLAGS, (op), NULL) -#define SSL_clear_cert_flags(s, op) \ - SSL_ctrl((s), SSL_CTRL_CLEAR_CERT_FLAGS, (op), NULL) +/* SSL_CTX_set_options enables all options set in |options| (which should be one + * or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a + * bitmask representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options); + +/* SSL_CTX_clear_options disables all options set in |options| (which should be + * one or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a + * bitmask representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options); + +/* SSL_CTX_get_options returns a bitmask of |SSL_OP_*| values that represent all + * the options enabled for |ctx|. */ +OPENSSL_EXPORT uint32_t SSL_CTX_get_options(const SSL_CTX *ctx); + +/* SSL_set_options enables all options set in |options| (which should be one or + * more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a bitmask + * representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_set_options(SSL *ssl, uint32_t options); + +/* SSL_clear_options disables all options set in |options| (which should be one + * or more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a + * bitmask representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_clear_options(SSL *ssl, uint32_t options); + +/* SSL_get_options returns a bitmask of |SSL_OP_*| values that represent all the + * options enabled for |ssl|. */ +OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl); + +/* SSL_CTX_set_mode enables all modes set in |mode| (which should be one or more + * of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a bitmask + * representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode); + +/* SSL_CTX_clear_mode disables all modes set in |mode| (which should be one or + * more of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a + * bitmask representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode); + +/* SSL_CTX_get_mode returns a bitmask of |SSL_MODE_*| values that represent all + * the modes enabled for |ssl|. */ +OPENSSL_EXPORT uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx); + +/* SSL_set_mode enables all modes set in |mode| (which should be one or more of + * the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask + * representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_set_mode(SSL *ssl, uint32_t mode); + +/* SSL_clear_mode disables all modes set in |mode| (which should be one or more + * of the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask + * representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode); + +/* SSL_get_mode returns a bitmask of |SSL_MODE_*| values that represent all the + * modes enabled for |ssl|. */ +OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl); + +/* SSL_set_mtu sets the |ssl|'s MTU in DTLS to |mtu|. It returns one on success + * and zero on failure. */ +OPENSSL_EXPORT int SSL_set_mtu(SSL *ssl, unsigned mtu); + +/* SSL_get_secure_renegotiation_support returns one if the peer supports secure + * renegotiation (RFC 5746) and zero otherwise. */ +OPENSSL_EXPORT int SSL_get_secure_renegotiation_support(const SSL *ssl); /* SSL_CTX_set_min_version sets the minimum protocol version for |ctx| to * |version|. */ @@ -541,16 +662,36 @@ OPENSSL_EXPORT void SSL_set_min_version(SSL *ssl, uint16_t version); * |version|. */ OPENSSL_EXPORT void SSL_set_max_version(SSL *ssl, uint16_t version); +/* SSL_CTX_set_msg_callback installs |cb| as the message callback for |ctx|. + * This callback will be called when sending or receiving low-level record + * headers, complete handshake messages, ChangeCipherSpec, and alerts. + * |write_p| is one for outgoing messages and zero for incoming messages. + * + * For each record header, |cb| is called with |version| = 0 and |content_type| + * = |SSL3_RT_HEADER|. The |len| bytes from |buf| contain the header. Note that + * this does not include the record body. If the record is sealed, the length + * in the header is the length of the ciphertext. + * + * For each handshake message, ChangeCipherSpec, and alert, |version| is the + * protocol version and |content_type| is the corresponding record type. The + * |len| bytes from |buf| contain the handshake message, one-byte + * ChangeCipherSpec body, and two-byte alert, respectively. */ OPENSSL_EXPORT void SSL_CTX_set_msg_callback( SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); + +/* SSL_CTX_set_msg_callback_arg sets the |arg| parameter of the message + * callback. */ +OPENSSL_EXPORT void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); + +/* SSL_set_msg_callback installs |cb| as the message callback of |ssl|. See + * |SSL_CTX_set_msg_callback| for when this callback is called. */ OPENSSL_EXPORT void SSL_set_msg_callback( SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); -#define SSL_CTX_set_msg_callback_arg(ctx, arg) \ - SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -#define SSL_set_msg_callback_arg(ssl, arg) \ - SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +/* set_msg_callback_arg sets the |arg| parameter of the message callback. */ +OPENSSL_EXPORT void SSL_set_msg_callback_arg(SSL *ssl, void *arg); /* SSL_CTX_set_keylog_bio sets configures all SSL objects attached to |ctx| to * log session material to |keylog_bio|. This is intended for debugging use @@ -686,6 +827,10 @@ struct ssl_ctx_st { struct ssl_session_st *session_cache_head; struct ssl_session_st *session_cache_tail; + /* handshakes_since_cache_flush is the number of successful handshakes since + * the last cache flush. */ + int handshakes_since_cache_flush; + /* This can have one of 2 values, ored together, * SSL_SESS_CACHE_CLIENT, * SSL_SESS_CACHE_SERVER, @@ -709,26 +854,6 @@ struct ssl_ctx_st { SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, uint8_t *data, int len, int *copy); - /* TODO(agl): remove the stats stuff. */ - struct { - int sess_connect; /* SSL new conn - started */ - int sess_connect_renegotiate; /* SSL reneg - requested */ - int sess_connect_good; /* SSL new conne/reneg - finished */ - int sess_accept; /* SSL new accept - started */ - int sess_accept_renegotiate; /* SSL reneg - requested */ - int sess_accept_good; /* SSL accept/reneg - finished */ - int sess_miss; /* session lookup misses */ - int sess_timeout; /* reuse attempt on timeouted session */ - int sess_cache_full; /* session removed due to full cache */ - int sess_hit; /* session reuse actually done */ - int sess_cb_hit; /* session-id that was not - * in the cache was - * passed back via the callback. This - * indicates that the application is - * supplying session-id's from other - * processes - spooky :-) */ - } stats; - int references; /* if defined, these override the X509_verify_cert() calls */ @@ -749,13 +874,6 @@ struct ssl_ctx_st { /* get channel id callback */ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey); - /* cookie generate callback */ - int (*app_gen_cookie_cb)(SSL *ssl, uint8_t *cookie, size_t *cookie_len); - - /* verify cookie callback */ - int (*app_verify_cookie_cb)(SSL *ssl, const uint8_t *cookie, - size_t cookie_len); - CRYPTO_EX_DATA ex_data; STACK_OF(X509) *extra_certs; @@ -773,9 +891,9 @@ struct ssl_ctx_st { /* Default values to use in SSL structures follow (these are copied by * SSL_new) */ - unsigned long options; - unsigned long mode; - long max_cert_list; + uint32_t options; + uint32_t mode; + uint32_t max_cert_list; struct cert_st /* CERT */ *cert; int read_ahead; @@ -800,16 +918,22 @@ struct ssl_ctx_st { * before the decision whether to resume a session is made. It may return one * to continue the handshake or zero to cause the handshake loop to return * with an error and cause SSL_get_error to return - * SSL_ERROR_PENDING_CERTIFICATE. */ + * SSL_ERROR_PENDING_CERTIFICATE. Note: when the handshake loop is resumed, it + * will not call the callback a second time. */ int (*select_certificate_cb)(const struct ssl_early_callback_ctx *); + /* dos_protection_cb is called once the resumption decision for a ClientHello + * has been made. It returns one to continue the handshake or zero to + * abort. */ + int (*dos_protection_cb) (const struct ssl_early_callback_ctx *); + /* quiet_shutdown is true if the connection should not send a close_notify on * shutdown. */ int quiet_shutdown; /* Maximum amount of data to send in one fragment. actual record size can be * more than this due to padding and MAC overheads. */ - unsigned int max_send_fragment; + uint16_t max_send_fragment; /* TLS extensions servername callback */ int (*tlsext_servername_callback)(SSL *, int *, void *); @@ -822,11 +946,6 @@ struct ssl_ctx_st { int (*tlsext_ticket_key_cb)(SSL *ssl, uint8_t *name, uint8_t *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); - /* certificate status request info */ - /* Callback for status request */ - int (*tlsext_status_cb)(SSL *ssl, void *arg); - void *tlsext_status_arg; - /* Server-only: psk_identity_hint is the default identity hint to send in * PSK-based key exchanges. */ char *psk_identity_hint; @@ -906,47 +1025,17 @@ struct ssl_ctx_st { /* If not NULL, session key material will be logged to this BIO for debugging * purposes. The format matches NSS's and is readable by Wireshark. */ BIO *keylog_bio; -}; -#define SSL_SESS_CACHE_OFF 0x0000 -#define SSL_SESS_CACHE_CLIENT 0x0001 -#define SSL_SESS_CACHE_SERVER 0x0002 -#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER) -#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 -/* See SSL_CTX_set_session_cache_mode(3) */ -#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 -#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 -#define SSL_SESS_CACHE_NO_INTERNAL \ - (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE) + /* current_time_cb, if not NULL, is the function to use to get the current + * time. It sets |*out_clock| to the current time. */ + void (*current_time_cb)(const SSL *ssl, struct timeval *out_clock); +}; OPENSSL_EXPORT LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); -#define SSL_CTX_sess_number(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_NUMBER, 0, NULL) -#define SSL_CTX_sess_connect(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT, 0, NULL) -#define SSL_CTX_sess_connect_good(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT_GOOD, 0, NULL) -#define SSL_CTX_sess_connect_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CONNECT_RENEGOTIATE, 0, NULL) -#define SSL_CTX_sess_accept(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT, 0, NULL) -#define SSL_CTX_sess_accept_renegotiate(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT_RENEGOTIATE, 0, NULL) -#define SSL_CTX_sess_accept_good(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_ACCEPT_GOOD, 0, NULL) -#define SSL_CTX_sess_hits(ctx) SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_HIT, 0, NULL) -#define SSL_CTX_sess_cb_hits(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CB_HIT, 0, NULL) -#define SSL_CTX_sess_misses(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_MISSES, 0, NULL) -#define SSL_CTX_sess_timeouts(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_TIMEOUTS, 0, NULL) -#define SSL_CTX_sess_cache_full(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SESS_CACHE_FULL, 0, NULL) -/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client - * IDs from clients. Returns 1 on success. */ -#define SSL_CTX_enable_tls_channel_id(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_CHANNEL_ID, 0, NULL) + +/* SSL_CTX_sess_number returns the number of sessions in |ctx|'s internal + * session cache. */ +OPENSSL_EXPORT size_t SSL_CTX_sess_number(const SSL_CTX *ctx); OPENSSL_EXPORT void SSL_CTX_sess_set_new_cb( SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess)); @@ -984,13 +1073,6 @@ OPENSSL_EXPORT void SSL_CTX_set_channel_id_cb( SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey)); OPENSSL_EXPORT void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey); -OPENSSL_EXPORT void SSL_CTX_set_cookie_generate_cb( - SSL_CTX *ctx, - int (*app_gen_cookie_cb)(SSL *ssl, uint8_t *cookie, size_t *cookie_len)); -OPENSSL_EXPORT void SSL_CTX_set_cookie_verify_cb( - SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, const uint8_t *cookie, - size_t cookie_len)); - /* SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end * of a connection) to request SCTs from the server. See @@ -1051,10 +1133,24 @@ OPENSSL_EXPORT int SSL_select_next_proto(uint8_t **out, uint8_t *outlen, #define OPENSSL_NPN_NEGOTIATED 1 #define OPENSSL_NPN_NO_OVERLAP 2 +/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. + * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit + * length-prefixed strings). It returns zero on success and one on failure. + * + * WARNING: this function is dangerous because it breaks the usual return value + * convention. */ OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, unsigned protos_len); + +/* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|. + * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit + * length-prefixed strings). It returns zero on success and one on failure. + * + * WARNING: this function is dangerous because it breaks the usual return value + * convention. */ OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len); + OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb( SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *outlen, const uint8_t *in, unsigned int inlen, void *arg), @@ -1067,6 +1163,11 @@ OPENSSL_EXPORT void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **data, * causes 3G radios to switch to DCH mode (high data rate). */ OPENSSL_EXPORT void SSL_enable_fastradio_padding(SSL *ssl, char on_off); +/* SSL_set_reject_peer_renegotiations controls whether renegotiation attempts by + * the peer are rejected. It may be set at any point in a connection's lifetime + * to disallow future renegotiations programmatically. */ +OPENSSL_EXPORT void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject); + /* the maximum length of the buffer given to callbacks containing the resulting * identity/psk */ #define PSK_MAX_IDENTITY_LEN 128 @@ -1259,17 +1360,12 @@ struct ssl_st { /* for server side, keep the list of CA_dn we can use */ STACK_OF(X509_NAME) *client_CA; - int references; - unsigned long options; /* protocol behaviour */ - unsigned long mode; /* API behaviour */ - long max_cert_list; + uint32_t options; /* protocol behaviour */ + uint32_t mode; /* API behaviour */ + uint32_t max_cert_list; int client_version; /* what was passed, used for * SSLv3/TLS rollback check */ - unsigned int max_send_fragment; - /* TLS extension debug callback */ - void (*tlsext_debug_cb)(SSL *s, int client_server, int type, uint8_t *data, - int len, void *arg); - void *tlsext_debug_arg; + uint16_t max_send_fragment; char *tlsext_hostname; /* should_ack_sni is true if the SNI extension should be acked. This is * only used by a server. */ @@ -1328,6 +1424,10 @@ struct ssl_st { * data rate) state in 3G networks. */ char fastradio_padding; + /* reject_peer_renegotiations, if one, causes causes renegotiation attempts + * from the peer to be rejected with a fatal error. */ + char reject_peer_renegotiations; + /* These fields are always NULL and exist only to keep wpa_supplicant happy * about the change to EVP_AEAD. They are only needed for EAP-FAST, which we * don't support. */ @@ -1335,21 +1435,6 @@ struct ssl_st { EVP_MD_CTX *read_hash; }; -#ifdef __cplusplus -} -#endif - -#include <openssl/ssl2.h> -#include <openssl/ssl3.h> -#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ -#include <openssl/dtls1.h> /* Datagram TLS */ -#include <openssl/ssl23.h> -#include <openssl/srtp.h> /* Support for the use_srtp extension */ - -#ifdef __cplusplus -extern "C" { -#endif - /* compatibility */ #define SSL_set_app_data(s, arg) (SSL_set_ex_data(s, 0, (char *)arg)) #define SSL_get_app_data(s) (SSL_get_ex_data(s, 0)) @@ -1391,12 +1476,15 @@ extern "C" { /* Is the SSL_connection established? */ #define SSL_get_state(a) SSL_state(a) #define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) -#define SSL_in_init(a) \ - ((SSL_state(a) & SSL_ST_INIT) && !SSL_cutthrough_complete(a)) +#define SSL_in_init(a) (SSL_state(a) & SSL_ST_INIT) #define SSL_in_before(a) (SSL_state(a) & SSL_ST_BEFORE) #define SSL_in_connect_init(a) (SSL_state(a) & SSL_ST_CONNECT) #define SSL_in_accept_init(a) (SSL_state(a) & SSL_ST_ACCEPT) -OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *s); + +/* SSL_in_false_start returns one if |s| has a pending unfinished handshake that + * is in False Start. |SSL_write| may be called at this point without waiting + * for the peer, but |SSL_read| will require the handshake to be completed. */ +OPENSSL_EXPORT int SSL_in_false_start(const SSL *s); /* The following 2 states are kept in ssl->rstate when reads fail, * you should not need these */ @@ -1493,84 +1581,17 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_ERROR_PENDING_SESSION 11 #define SSL_ERROR_PENDING_CERTIFICATE 12 -#define SSL_CTRL_NEED_TMP_RSA 1 -#define SSL_CTRL_SET_TMP_RSA 2 -#define SSL_CTRL_SET_TMP_DH 3 -#define SSL_CTRL_SET_TMP_ECDH 4 -#define SSL_CTRL_SET_TMP_RSA_CB 5 -#define SSL_CTRL_SET_TMP_DH_CB 6 -#define SSL_CTRL_SET_TMP_ECDH_CB 7 - -#define SSL_CTRL_GET_SESSION_REUSED 8 -#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 -#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 -#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 -#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 -#define SSL_CTRL_GET_FLAGS 13 #define SSL_CTRL_EXTRA_CHAIN_CERT 14 -#define SSL_CTRL_SET_MSG_CALLBACK 15 -#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 - -/* only applies to datagram connections */ -#define SSL_CTRL_SET_MTU 17 -/* Stats */ -#define SSL_CTRL_SESS_NUMBER 20 -#define SSL_CTRL_SESS_CONNECT 21 -#define SSL_CTRL_SESS_CONNECT_GOOD 22 -#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 -#define SSL_CTRL_SESS_ACCEPT 24 -#define SSL_CTRL_SESS_ACCEPT_GOOD 25 -#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 -#define SSL_CTRL_SESS_HIT 27 -#define SSL_CTRL_SESS_CB_HIT 28 -#define SSL_CTRL_SESS_MISSES 29 -#define SSL_CTRL_SESS_TIMEOUTS 30 -#define SSL_CTRL_SESS_CACHE_FULL 31 -#define SSL_CTRL_OPTIONS 32 -#define SSL_CTRL_MODE 33 - -#define SSL_CTRL_GET_READ_AHEAD 40 -#define SSL_CTRL_SET_READ_AHEAD 41 -#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 -#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 -#define SSL_CTRL_SET_SESS_CACHE_MODE 44 -#define SSL_CTRL_GET_SESS_CACHE_MODE 45 - -#define SSL_CTRL_GET_MAX_CERT_LIST 50 -#define SSL_CTRL_SET_MAX_CERT_LIST 51 - -#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 - /* see tls1.h for macros based on these */ -#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 -#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 -#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 -#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 -#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 - -#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 - -#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 -#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 -#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 #define SSL_CTRL_SET_SRP_ARG 78 #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 #define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 #define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 -#define DTLS_CTRL_GET_TIMEOUT 73 -#define DTLS_CTRL_HANDLE_TIMEOUT 74 - -#define SSL_CTRL_GET_RI_SUPPORT 76 -#define SSL_CTRL_CLEAR_OPTIONS 77 -#define SSL_CTRL_CLEAR_MODE 78 - #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 @@ -1580,11 +1601,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_CURVES 90 #define SSL_CTRL_SET_CURVES 91 #define SSL_CTRL_SET_CURVES_LIST 92 -#define SSL_CTRL_SET_ECDH_AUTO 94 #define SSL_CTRL_SET_SIGALGS 97 #define SSL_CTRL_SET_SIGALGS_LIST 98 -#define SSL_CTRL_CERT_FLAGS 99 -#define SSL_CTRL_CLEAR_CERT_FLAGS 100 #define SSL_CTRL_SET_CLIENT_SIGALGS 101 #define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 #define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 @@ -1593,70 +1611,97 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SET_VERIFY_CERT_STORE 106 #define SSL_CTRL_SET_CHAIN_CERT_STORE 107 #define SSL_CTRL_GET_SERVER_TMP_KEY 109 -#define SSL_CTRL_GET_RAW_CIPHERLIST 110 #define SSL_CTRL_GET_EC_POINT_FORMATS 111 #define SSL_CTRL_GET_CHAIN_CERTS 115 #define SSL_CTRL_SELECT_CURRENT_CERT 116 -#define SSL_CTRL_CHANNEL_ID 117 -#define SSL_CTRL_GET_CHANNEL_ID 118 -#define SSL_CTRL_SET_CHANNEL_ID 119 - /* DTLSv1_get_timeout queries the next DTLS handshake timeout. If there is a - * timeout in progress, it sets |*((OPENSSL_timeval*)arg)| to the time remaining - * and returns one. Otherwise, it returns zero. */ -#define DTLSv1_get_timeout(ssl, arg) \ - SSL_ctrl(ssl, DTLS_CTRL_GET_TIMEOUT, 0, (void *)arg) -#define DTLSv1_handle_timeout(ssl) \ - SSL_ctrl(ssl, DTLS_CTRL_HANDLE_TIMEOUT, 0, NULL) - -#define SSL_session_reused(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL) -#define SSL_num_renegotiations(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_GET_NUM_RENEGOTIATIONS, 0, NULL) -#define SSL_clear_num_renegotiations(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS, 0, NULL) -#define SSL_total_renegotiations(ssl) \ - SSL_ctrl((ssl), SSL_CTRL_GET_TOTAL_RENEGOTIATIONS, 0, NULL) - -#define SSL_CTX_need_tmp_RSA(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_NEED_TMP_RSA, 0, NULL) -#define SSL_CTX_set_tmp_rsa(ctx, rsa) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_RSA, 0, (char *)rsa) -#define SSL_CTX_set_tmp_dh(ctx, dh) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, (char *)dh) -#define SSL_CTX_set_tmp_ecdh(ctx, ecdh) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, (char *)ecdh) - -#define SSL_need_tmp_RSA(ssl) SSL_ctrl(ssl, SSL_CTRL_NEED_TMP_RSA, 0, NULL) -#define SSL_set_tmp_rsa(ssl, rsa) \ - SSL_ctrl(ssl, SSL_CTRL_SET_TMP_RSA, 0, (char *)rsa) -#define SSL_set_tmp_dh(ssl, dh) \ - SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, (char *)dh) -#define SSL_set_tmp_ecdh(ssl, ecdh) \ - SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, (char *)ecdh) + * timeout in progress, it sets |*out| to the time remaining and returns one. + * Otherwise, it returns zero. + * + * When the timeout expires, call |DTLSv1_handle_timeout| to handle the + * retransmit behavior. + * + * NOTE: This function must be queried again whenever the handshake state + * machine changes, including when |DTLSv1_handle_timeout| is called. */ +OPENSSL_EXPORT int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out); + +/* DTLSv1_handle_timeout is called when a DTLS handshake timeout expires. If no + * timeout had expired, it returns 0. Otherwise, it retransmits the previous + * flight of handshake messages and returns 1. If too many timeouts had expired + * without progress or an error occurs, it returns -1. + * + * NOTE: The caller's external timer should be compatible with the one |ssl| + * queries within some fudge factor. Otherwise, the call will be a no-op, but + * |DTLSv1_get_timeout| will return an updated timeout. + * + * WARNING: This function breaks the usual return value convention. */ +OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl); + +/* SSL_session_reused returns one if |ssl| performed an abbreviated handshake + * and zero otherwise. + * + * TODO(davidben): Hammer down the semantics of this API while a handshake, + * initial or renego, is in progress. */ +OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl); + +/* SSL_total_renegotiations returns the total number of renegotiation handshakes + * peformed by |ssl|. This includes the pending renegotiation, if any. */ +OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl); + +/* SSL_CTX_set_tmp_dh configures |ctx| to use the group from |dh| as the group + * for DHE. Only the group is used, so |dh| needn't have a keypair. It returns + * one on success and zero on error. */ +OPENSSL_EXPORT int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh); + +/* SSL_set_tmp_dh configures |ssl| to use the group from |dh| as the group for + * DHE. Only the group is used, so |dh| needn't have a keypair. It returns one + * on success and zero on error. */ +OPENSSL_EXPORT int SSL_set_tmp_dh(SSL *ssl, const DH *dh); + +/* SSL_CTX_set_tmp_ecdh configures |ctx| to use the curve from |ecdh| as the + * curve for ephemeral ECDH keys. For historical reasons, this API expects an + * |EC_KEY|, but only the curve is used. It returns one on success and zero on + * error. If unset, an appropriate curve will be chosen automatically. (This is + * recommended.) */ +OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key); + +/* SSL_set_tmp_ecdh configures |ssl| to use the curve from |ecdh| as the curve + * for ephemeral ECDH keys. For historical reasons, this API expects an + * |EC_KEY|, but only the curve is used. It returns one on success and zero on + * error. If unset, an appropriate curve will be chosen automatically. (This is + * recommended.) */ +OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key); + +/* SSL_CTX_enable_tls_channel_id either configures a TLS server to accept TLS + * client IDs from clients, or configures a client to send TLS client IDs to + * a server. It returns one. */ +OPENSSL_EXPORT int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx); /* SSL_enable_tls_channel_id either configures a TLS server to accept TLS * client IDs from clients, or configure a client to send TLS client IDs to - * server. Returns 1 on success. */ -#define SSL_enable_tls_channel_id(s) SSL_ctrl(s, SSL_CTRL_CHANNEL_ID, 0, NULL) + * server. It returns one. */ +OPENSSL_EXPORT int SSL_enable_tls_channel_id(SSL *ssl); + +/* SSL_CTX_set1_tls_channel_id configures a TLS client to send a TLS Channel ID + * to compatible servers. |private_key| must be a P-256 EC key. It returns one + * on success and zero on error. */ +OPENSSL_EXPORT int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, + EVP_PKEY *private_key); /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to - * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on - * success. */ -#define SSL_set1_tls_channel_id(s, private_key) \ - SSL_ctrl(s, SSL_CTRL_SET_CHANNEL_ID, 0, (void *)private_key) -#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_CHANNEL_ID, 0, (void *)private_key) + * compatible servers. |private_key| must be a P-256 EC key. It returns one on + * success and zero on error. */ +OPENSSL_EXPORT int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key); /* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL* - * and copies up to the first |channel_id_len| bytes into |channel_id|. The - * Channel ID consists of the client's P-256 public key as an (x,y) pair where - * each is a 32-byte, big-endian field element. Returns 0 if the client didn't - * offer a Channel ID and the length of the complete Channel ID otherwise. */ -#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \ - SSL_ctrl(ctx, SSL_CTRL_GET_CHANNEL_ID, channel_id_len, (void *)channel_id) + * and copies up to the first |max_out| bytes into |out|. The Channel ID + * consists of the client's P-256 public key as an (x,y) pair where each is a + * 32-byte, big-endian field element. It returns 0 if the client didn't offer a + * Channel ID and the length of the complete Channel ID otherwise. */ +OPENSSL_EXPORT size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, + size_t max_out); #define SSL_CTX_add_extra_chain_cert(ctx, x509) \ SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, (char *)x509) @@ -1724,10 +1769,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(ctx, SSL_CTRL_SET_CURVES, clistlen, (char *)clist) #define SSL_set1_curves_list(ctx, s) \ SSL_ctrl(ctx, SSL_CTRL_SET_CURVES_LIST, 0, (char *)s) -#define SSL_CTX_set_ecdh_auto(ctx, onoff) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, onoff, NULL) -#define SSL_set_ecdh_auto(s, onoff) \ - SSL_ctrl(s, SSL_CTRL_SET_ECDH_AUTO, onoff, NULL) #define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SIGALGS, slistlen, (int *)slist) @@ -1758,9 +1799,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_get_server_tmp_key(s, pk) \ SSL_ctrl(s, SSL_CTRL_GET_SERVER_TMP_KEY, 0, pk) -#define SSL_get0_raw_cipherlist(s, plst) \ - SSL_ctrl(s, SSL_CTRL_GET_RAW_CIPHERLIST, 0, (char *)plst) - #define SSL_get0_ec_point_formats(s, plst) \ SSL_ctrl(s, SSL_CTRL_GET_EC_POINT_FORMATS, 0, (char *)plst) @@ -1778,13 +1816,6 @@ OPENSSL_EXPORT int SSL_clear(SSL *s); OPENSSL_EXPORT void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); OPENSSL_EXPORT const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); -OPENSSL_EXPORT const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); -OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); -/* SSL_CIPHER_get_kx_name returns a string that describes the key-exchange - * method used by |c|. For example, "ECDHE-ECDSA". */ -OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher); -OPENSSL_EXPORT unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); OPENSSL_EXPORT int SSL_get_fd(const SSL *s); OPENSSL_EXPORT int SSL_get_rfd(const SSL *s); @@ -1862,7 +1893,15 @@ OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); OPENSSL_EXPORT int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); OPENSSL_EXPORT int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); -OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *ses); + +/* SSL_SESSION_up_ref, if |session| is not NULL, increments the reference count + * of |session|. It then returns |session|. */ +OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_up_ref(SSL_SESSION *session); + +/* SSL_SESSION_free decrements the reference count of |session|. If it reaches + * zero, all data referenced by |session| and |session| itself are released. */ +OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *session); + OPENSSL_EXPORT int SSL_set_session(SSL *to, SSL_SESSION *session); OPENSSL_EXPORT int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); OPENSSL_EXPORT int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); @@ -1968,9 +2007,7 @@ OPENSSL_EXPORT int SSL_read(SSL *ssl, void *buf, int num); OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num); OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num); OPENSSL_EXPORT long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); -OPENSSL_EXPORT long SSL_callback_ctrl(SSL *, int, void (*)(void)); OPENSSL_EXPORT long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); -OPENSSL_EXPORT long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); OPENSSL_EXPORT int SSL_get_error(const SSL *s, int ret_code); /* SSL_get_version returns a string describing the TLS version used by |s|. For @@ -1980,58 +2017,16 @@ OPENSSL_EXPORT const char *SSL_get_version(const SSL *s); * |sess|. For example, "TLSv1.2" or "SSLv3". */ OPENSSL_EXPORT const char *SSL_SESSION_get_version(const SSL_SESSION *sess); -OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *c); -OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *c); -OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *c); -OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *c); - /* TLS_method is the SSL_METHOD used for TLS (and SSLv3) connections. */ OPENSSL_EXPORT const SSL_METHOD *TLS_method(void); /* DTLS_method is the SSL_METHOD used for DTLS connections. */ OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void); - -/* Deprecated methods. */ - -/* SSLv23_method calls TLS_method. */ -OPENSSL_EXPORT const SSL_METHOD *SSLv23_method(void); - -/* Version-specific methods behave exactly like TLS_method and DTLS_method - * except they also call SSL_CTX_set_min_version and SSL_CTX_set_max_version to - * lock connections to that protocol version. */ -OPENSSL_EXPORT const SSL_METHOD *SSLv3_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_method(void); - -/* Client- and server-specific methods call their corresponding generic - * methods. */ -OPENSSL_EXPORT const SSL_METHOD *SSLv23_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *SSLv23_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *SSLv3_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *SSLv3_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLS_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLS_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_client_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_server_method(void); -OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_client_method(void); - - OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); OPENSSL_EXPORT int SSL_do_handshake(SSL *s); OPENSSL_EXPORT int SSL_renegotiate(SSL *s); -OPENSSL_EXPORT int SSL_renegotiate_abbreviated(SSL *s); OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *s); OPENSSL_EXPORT int SSL_shutdown(SSL *s); @@ -2055,12 +2050,6 @@ OPENSSL_EXPORT void SSL_set_accept_state(SSL *s); OPENSSL_EXPORT long SSL_get_default_timeout(const SSL *s); -/* SSL_library_init initializes the crypto and SSL libraries, loads their error - * strings, and returns one. */ -OPENSSL_EXPORT int SSL_library_init(void); - -OPENSSL_EXPORT const char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, - int size); OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); OPENSSL_EXPORT X509 *SSL_get_certificate(const SSL *ssl); @@ -2122,61 +2111,132 @@ OPENSSL_EXPORT int SSL_CTX_get_ex_new_index(long argl, void *argp, OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void); -#define SSL_CTX_sess_set_cache_size(ctx, t) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, NULL) -#define SSL_CTX_sess_get_cache_size(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, NULL) -#define SSL_CTX_set_session_cache_mode(ctx, m) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, NULL) -#define SSL_CTX_get_session_cache_mode(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_MODE, 0, NULL) - -#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) -#define SSL_CTX_set_default_read_ahead(ctx, m) SSL_CTX_set_read_ahead(ctx, m) -#define SSL_CTX_get_read_ahead(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_READ_AHEAD, 0, NULL) -#define SSL_CTX_set_read_ahead(ctx, m) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, NULL) -#define SSL_CTX_get_max_cert_list(ctx) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL) -#define SSL_CTX_set_max_cert_list(ctx, m) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL) -#define SSL_get_max_cert_list(ssl) \ - SSL_ctrl(ssl, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL) -#define SSL_set_max_cert_list(ssl, m) \ - SSL_ctrl(ssl, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL) - -#define SSL_CTX_set_max_send_fragment(ctx, m) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL) -#define SSL_set_max_send_fragment(ssl, m) \ - SSL_ctrl(ssl, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL) - -/* NB: the keylength is only applicable when is_export is true */ -OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback( - SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); +/* SSL_CTX_sess_set_cache_size sets the maximum size of |ctx|'s session cache to + * |size|. It returns the previous value. */ +OPENSSL_EXPORT unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, + unsigned long size); -OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl, - RSA *(*cb)(SSL *ssl, int is_export, - int keylength)); +/* SSL_CTX_sess_set_cache_size returns the maximum size of |ctx|'s session + * cache. */ +OPENSSL_EXPORT unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx); + +/* SSL_SESS_CACHE_* are the possible session cache mode bits. + * TODO(davidben): Document. */ +#define SSL_SESS_CACHE_OFF 0x0000 +#define SSL_SESS_CACHE_CLIENT 0x0001 +#define SSL_SESS_CACHE_SERVER 0x0002 +#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER) +#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +#define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE) + +/* SSL_CTX_set_session_cache_mode sets the session cache mode bits for |ctx| to + * |mode|. It returns the previous value. */ +OPENSSL_EXPORT int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode); + +/* SSL_CTX_get_session_cache_mode returns the session cache mode bits for + * |ctx| */ +OPENSSL_EXPORT int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx); + +/* TODO(davidben): Deprecate read_ahead functions after https://crbug.com/447431 + * is resolved. */ +OPENSSL_EXPORT int SSL_CTX_get_read_ahead(const SSL_CTX *ctx); +OPENSSL_EXPORT void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); + +/* SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer + * certificate chain accepted by |ctx|. */ +OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx); + +/* SSL_CTX_set_max_cert_list sets the maximum length, in bytes, of a peer + * certificate chain to |max_cert_list|. This affects how much memory may be + * consumed during the handshake. */ +OPENSSL_EXPORT void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, + size_t max_cert_list); + +/* SSL_get_max_cert_list returns the maximum length, in bytes, of a peer + * certificate chain accepted by |ssl|. */ +OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl); + +/* SSL_set_max_cert_list sets the maximum length, in bytes, of a peer + * certificate chain to |max_cert_list|. This affects how much memory may be + * consumed during the handshake. */ +OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list); + +/* SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records + * sent by |ctx|. Beyond this length, handshake messages and application data + * will be split into multiple records. */ +OPENSSL_EXPORT void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, + size_t max_send_fragment); + +/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records + * sent by |ssl|. Beyond this length, handshake messages and application data + * will be split into multiple records. */ +OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl, + size_t max_send_fragment); + +/* SSL_CTX_set_tmp_dh_callback configures |ctx| to use |callback| to determine + * the group for DHE ciphers. |callback| should ignore |is_export| and + * |keylength| and return a |DH| of the selected group or NULL on error. Only + * the parameters are used, so the |DH| needn't have a generated keypair. + * + * WARNING: The caller does not take ownership of the resulting |DH|, so + * |callback| must save and release the object elsewhere. */ OPENSSL_EXPORT void SSL_CTX_set_tmp_dh_callback( - SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, int keylength)); + SSL_CTX *ctx, DH *(*callback)(SSL *ssl, int is_export, int keylength)); + +/* SSL_set_tmp_dh_callback configures |ssl| to use |callback| to determine the + * group for DHE ciphers. |callback| should ignore |is_export| and |keylength| + * and return a |DH| of the selected group or NULL on error. Only the + * parameters are used, so the |DH| needn't have a generated keypair. + * + * WARNING: The caller does not take ownership of the resulting |DH|, so + * |callback| must save and release the object elsewhere. */ OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, int keylength)); + +/* SSL_CTX_set_tmp_ecdh_callback configures |ctx| to use |callback| to determine + * the curve for ephemeral ECDH keys. |callback| should ignore |is_export| and + * |keylength| and return an |EC_KEY| of the selected curve or NULL on + * error. Only the curve is used, so the |EC_KEY| needn't have a generated + * keypair. + * + * If the callback is unset, an appropriate curve will be chosen automatically. + * (This is recommended.) + * + * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so + * |callback| must save and release the object elsewhere. */ OPENSSL_EXPORT void SSL_CTX_set_tmp_ecdh_callback( - SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); + SSL_CTX *ctx, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength)); + +/* SSL_set_tmp_ecdh_callback configures |ssl| to use |callback| to determine the + * curve for ephemeral ECDH keys. |callback| should ignore |is_export| and + * |keylength| and return an |EC_KEY| of the selected curve or NULL on + * error. Only the curve is used, so the |EC_KEY| needn't have a generated + * keypair. + * + * If the callback is unset, an appropriate curve will be chosen automatically. + * (This is recommended.) + * + * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so + * |callback| must save and release the object elsewhere. */ OPENSSL_EXPORT void SSL_set_tmp_ecdh_callback( - SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); + SSL *ssl, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength)); OPENSSL_EXPORT const void *SSL_get_current_compression(SSL *s); OPENSSL_EXPORT const void *SSL_get_current_expansion(SSL *s); -OPENSSL_EXPORT const char *SSL_COMP_get_name(const void *comp); -OPENSSL_EXPORT void *SSL_COMP_get_compression_methods(void); -OPENSSL_EXPORT int SSL_COMP_add_compression_method(int id, void *cm); OPENSSL_EXPORT int SSL_cache_hit(SSL *s); OPENSSL_EXPORT int SSL_is_server(SSL *s); +/* SSL_CTX_set_dos_protection_cb sets a callback that is called once the + * resumption decision for a ClientHello has been made. It can return 1 to + * allow the handshake to continue or zero to cause the handshake to abort. */ +OPENSSL_EXPORT void SSL_CTX_set_dos_protection_cb( + SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)); + /* SSL_get_structure_sizes returns the sizes of the SSL, SSL_CTX and * SSL_SESSION structures so that a test can ensure that outside code agrees on * these values. */ @@ -2186,6 +2246,130 @@ OPENSSL_EXPORT void SSL_get_structure_sizes(size_t *ssl_size, OPENSSL_EXPORT void ERR_load_SSL_strings(void); +/* SSL_get_rc4_state sets |*read_key| and |*write_key| to the RC4 states for + * the read and write directions. It returns one on success or zero if |ssl| + * isn't using an RC4-based cipher suite. */ +OPENSSL_EXPORT int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key, + const RC4_KEY **write_key); + + +/* Deprecated functions. */ + +/* SSL_CIPHER_description writes a description of |cipher| into |buf| and + * returns |buf|. If |buf| is NULL, it returns a newly allocated string, to be + * freed with |OPENSSL_free|, or NULL on error. + * + * The description includes a trailing newline and has the form: + * AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 + * + * Consider |SSL_CIPHER_get_name| or |SSL_CIPHER_get_rfc_name| instead. */ +OPENSSL_EXPORT const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, + char *buf, int len); + +/* SSL_CIPHER_get_version returns the string "TLSv1/SSLv3". */ +OPENSSL_EXPORT const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); + +/* SSL_COMP_get_compression_methods returns NULL. */ +OPENSSL_EXPORT void *SSL_COMP_get_compression_methods(void); + +/* SSL_COMP_add_compression_method returns one. */ +OPENSSL_EXPORT int SSL_COMP_add_compression_method(int id, void *cm); + +/* SSL_COMP_get_name returns NULL. */ +OPENSSL_EXPORT const char *SSL_COMP_get_name(const void *comp); + +/* SSLv23_method calls |TLS_method|. */ +OPENSSL_EXPORT const SSL_METHOD *SSLv23_method(void); + +/* Version-specific methods behave exactly like |TLS_method| and |DTLS_method| + * except they also call |SSL_CTX_set_min_version| and |SSL_CTX_set_max_version| + * to lock connections to that protocol version. */ +OPENSSL_EXPORT const SSL_METHOD *SSLv3_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_method(void); + +/* Client- and server-specific methods call their corresponding generic + * methods. */ +OPENSSL_EXPORT const SSL_METHOD *SSLv23_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *SSLv23_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *SSLv3_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *SSLv3_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLS_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLS_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_client_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_server_method(void); +OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_client_method(void); + +/* SSL_CTX_set_tmp_rsa_callback does nothing. */ +OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback( + SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); + +/* SSL_set_tmp_rsa_callback does nothing. */ +OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl, + RSA *(*cb)(SSL *ssl, int is_export, + int keylength)); + +/* SSL_CTX_sess_connect returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_connect(const SSL_CTX *ctx); + +/* SSL_CTX_sess_connect_good returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_connect_good(const SSL_CTX *ctx); + +/* SSL_CTX_sess_connect_renegotiate returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx); + +/* SSL_CTX_sess_accept returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_accept(const SSL_CTX *ctx); + +/* SSL_CTX_sess_accept_renegotiate returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx); + +/* SSL_CTX_sess_accept_good returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_accept_good(const SSL_CTX *ctx); + +/* SSL_CTX_sess_hits returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_hits(const SSL_CTX *ctx); + +/* SSL_CTX_sess_cb_hits returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx); + +/* SSL_CTX_sess_misses returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_misses(const SSL_CTX *ctx); + +/* SSL_CTX_sess_timeouts returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_timeouts(const SSL_CTX *ctx); + +/* SSL_CTX_sess_cache_full returns zero. */ +OPENSSL_EXPORT int SSL_CTX_sess_cache_full(const SSL_CTX *ctx); + +/* SSL_cutthrough_complete calls |SSL_in_false_start|. */ +OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *s); + +/* SSL_num_renegotiations calls |SSL_total_renegotiations|. */ +OPENSSL_EXPORT int SSL_num_renegotiations(const SSL *ssl); + +/* SSL_CTX_need_tmp_RSA returns zero. */ +OPENSSL_EXPORT int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx); + +/* SSL_need_tmp_RSA returns zero. */ +OPENSSL_EXPORT int SSL_need_tmp_RSA(const SSL *ssl); + +/* SSL_CTX_set_tmp_rsa returns one. */ +OPENSSL_EXPORT int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa); + +/* SSL_set_tmp_rsa returns one. */ +OPENSSL_EXPORT int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa); + /* Android compatibility section. * @@ -2201,530 +2385,483 @@ OPENSSL_EXPORT int SSL_set_session_secret_cb(SSL *s, void *cb, void *arg); OPENSSL_EXPORT int SSL_set_session_ticket_ext_cb(SSL *s, void *cb, void *arg); OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +#define OPENSSL_VERSION_TEXT "BoringSSL" + +#define SSLEAY_VERSION 0 + +/* SSLeay_version is a compatibility function that returns the string + * "BoringSSL". */ +OPENSSL_EXPORT const char *SSLeay_version(int unused); -#ifdef __cplusplus -} + +/* Preprocessor compatibility section. + * + * Historically, a number of APIs were implemented in OpenSSL as macros and + * constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this + * section defines a number of legacy macros. */ + +#define SSL_CTRL_NEED_TMP_RSA doesnt_exist +#define SSL_CTRL_SET_TMP_RSA doesnt_exist +#define SSL_CTRL_SET_TMP_DH doesnt_exist +#define SSL_CTRL_SET_TMP_ECDH doesnt_exist +#define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist +#define SSL_CTRL_SET_TMP_DH_CB doesnt_exist +#define SSL_CTRL_SET_TMP_ECDH_CB doesnt_exist +#define SSL_CTRL_GET_SESSION_REUSED doesnt_exist +#define SSL_CTRL_GET_NUM_RENEGOTIATIONS doesnt_exist +#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS doesnt_exist +#define SSL_CTRL_SET_MSG_CALLBACK doesnt_exist +#define SSL_CTRL_SET_MSG_CALLBACK_ARG doesnt_exist +#define SSL_CTRL_SET_MTU doesnt_exist +#define SSL_CTRL_SESS_NUMBER doesnt_exist +#define SSL_CTRL_OPTIONS doesnt_exist +#define SSL_CTRL_MODE doesnt_exist +#define SSL_CTRL_GET_READ_AHEAD doesnt_exist +#define SSL_CTRL_SET_READ_AHEAD doesnt_exist +#define SSL_CTRL_SET_SESS_CACHE_SIZE doesnt_exist +#define SSL_CTRL_GET_SESS_CACHE_SIZE doesnt_exist +#define SSL_CTRL_SET_SESS_CACHE_MODE doesnt_exist +#define SSL_CTRL_GET_SESS_CACHE_MODE doesnt_exist +#define SSL_CTRL_GET_MAX_CERT_LIST doesnt_exist +#define SSL_CTRL_SET_MAX_CERT_LIST doesnt_exist +#define SSL_CTRL_SET_MAX_SEND_FRAGMENT doesnt_exist +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB doesnt_exist +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG doesnt_exist +#define SSL_CTRL_SET_TLSEXT_HOSTNAME doesnt_exist +#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB doesnt_exist +#define DTLS_CTRL_GET_TIMEOUT doesnt_exist +#define DTLS_CTRL_HANDLE_TIMEOUT doesnt_exist +#define SSL_CTRL_GET_RI_SUPPORT doesnt_exist +#define SSL_CTRL_CLEAR_OPTIONS doesnt_exist +#define SSL_CTRL_CLEAR_MODE doesnt_exist +#define SSL_CTRL_CHANNEL_ID doesnt_exist +#define SSL_CTRL_GET_CHANNEL_ID doesnt_exist +#define SSL_CTRL_SET_CHANNEL_ID doesnt_exist + +#define SSL_CTX_need_tmp_RSA SSL_CTX_need_tmp_RSA +#define SSL_need_tmp_RSA SSL_need_tmp_RSA +#define SSL_CTX_set_tmp_rsa SSL_CTX_set_tmp_rsa +#define SSL_set_tmp_rsa SSL_set_tmp_rsa +#define SSL_CTX_set_tmp_dh SSL_CTX_set_tmp_dh +#define SSL_set_tmp_dh SSL_set_tmp_dh +#define SSL_CTX_set_tmp_ecdh SSL_CTX_set_tmp_ecdh +#define SSL_set_tmp_ecdh SSL_set_tmp_ecdh +#define SSL_session_reused SSL_session_reused +#define SSL_num_renegotiations SSL_num_renegotiations +#define SSL_total_renegotiations SSL_total_renegotiations +#define SSL_CTX_set_msg_callback_arg SSL_CTX_set_msg_callback_arg +#define SSL_set_msg_callback_arg SSL_set_msg_callback_arg +#define SSL_set_mtu SSL_set_mtu +#define SSL_CTX_sess_number SSL_CTX_sess_number +#define SSL_CTX_get_options SSL_CTX_get_options +#define SSL_CTX_set_options SSL_CTX_set_options +#define SSL_get_options SSL_get_options +#define SSL_set_options SSL_set_options +#define SSL_CTX_get_mode SSL_CTX_get_mode +#define SSL_CTX_set_mode SSL_CTX_set_mode +#define SSL_get_mode SSL_get_mode +#define SSL_set_mode SSL_set_mode +#define SSL_CTX_get_read_ahead SSL_CTX_get_read_ahead +#define SSL_CTX_set_read_ahead SSL_CTX_set_read_ahead +#define SSL_CTX_sess_set_cache_size SSL_CTX_sess_set_cache_size +#define SSL_CTX_sess_get_cache_size SSL_CTX_sess_get_cache_size +#define SSL_CTX_set_session_cache_mode SSL_CTX_set_session_cache_mode +#define SSL_CTX_get_session_cache_mode SSL_CTX_get_session_cache_mode +#define SSL_CTX_get_max_cert_list SSL_CTX_get_max_cert_list +#define SSL_get_max_cert_list SSL_get_max_cert_list +#define SSL_CTX_set_max_cert_list SSL_CTX_set_max_cert_list +#define SSL_set_max_cert_list SSL_set_max_cert_list +#define SSL_CTX_set_max_send_fragment SSL_CTX_set_max_send_fragment +#define SSL_set_max_send_fragment SSL_set_max_send_fragment +#define SSL_CTX_set_tlsext_servername_callback \ + SSL_CTX_set_tlsext_servername_callback +#define SSL_CTX_set_tlsext_servername_arg SSL_CTX_set_tlsext_servername_arg +#define SSL_set_tlsext_host_name SSL_set_tlsext_host_name +#define SSL_CTX_set_tlsext_ticket_key_cb SSL_CTX_set_tlsext_ticket_key_cb +#define DTLSv1_get_timeout DTLSv1_get_timeout +#define DTLSv1_handle_timeout DTLSv1_handle_timeout +#define SSL_get_secure_renegotiation_support \ + SSL_get_secure_renegotiation_support +#define SSL_CTX_clear_options SSL_CTX_clear_options +#define SSL_clear_options SSL_clear_options +#define SSL_CTX_clear_mode SSL_CTX_clear_mode +#define SSL_clear_mode SSL_clear_mode +#define SSL_CTX_enable_tls_channel_id SSL_CTX_enable_tls_channel_id +#define SSL_enable_tls_channel_id SSL_enable_tls_channel_id +#define SSL_set1_tls_channel_id SSL_set1_tls_channel_id +#define SSL_CTX_set1_tls_channel_id SSL_CTX_set1_tls_channel_id +#define SSL_get_tls_channel_id SSL_get_tls_channel_id + + +#if defined(__cplusplus) +} /* extern C */ #endif + +/* Library consumers assume these headers are included by ssl.h, but they depend + * on ssl.h, so include them after all declarations. + * + * TODO(davidben): The separation between ssl.h and these version-specific + * headers introduces circular dependencies and is inconsistent. The function + * declarations should move to ssl.h. Many of the constants can probably be + * pruned or unexported. */ +#include <openssl/ssl2.h> +#include <openssl/ssl3.h> +#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ +#include <openssl/ssl23.h> +#include <openssl/srtp.h> /* Support for the use_srtp extension */ + + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script make_errors.go. Any * changes made after this point may be overwritten when the script is next run. */ -#define SSL_F_SSL_use_PrivateKey_file 100 -#define SSL_F_dtls1_write_app_data_bytes 101 -#define SSL_F_ssl_cipher_process_rulestr 102 -#define SSL_F_SSL_set_session_id_context 103 -#define SSL_F_SSL_read 104 -#define SSL_F_ssl_cert_new 105 -#define SSL_F_dtls1_heartbeat 106 -#define SSL_F_ssl3_digest_cached_records 107 -#define SSL_F_SSL_set_wfd 108 -#define SSL_F_ssl_set_pkey 110 +#define SSL_F_SSL_CTX_check_private_key 100 +#define SSL_F_SSL_CTX_new 101 +#define SSL_F_SSL_CTX_set_cipher_list 102 +#define SSL_F_SSL_CTX_set_cipher_list_tls11 103 +#define SSL_F_SSL_CTX_set_session_id_context 104 +#define SSL_F_SSL_CTX_use_PrivateKey 105 +#define SSL_F_SSL_CTX_use_PrivateKey_ASN1 106 +#define SSL_F_SSL_CTX_use_PrivateKey_file 107 +#define SSL_F_SSL_CTX_use_RSAPrivateKey 108 +#define SSL_F_SSL_CTX_use_RSAPrivateKey_ASN1 109 +#define SSL_F_SSL_CTX_use_RSAPrivateKey_file 110 #define SSL_F_SSL_CTX_use_certificate 111 -#define SSL_F_dtls1_read_bytes 112 -#define SSL_F_ssl23_write 113 -#define SSL_F_ssl3_check_client_hello 114 -#define SSL_F_SSL_use_certificate_ASN1 115 -#define SSL_F_ssl_verify_cert_chain 116 -#define SSL_F_ssl_parse_serverhello_renegotiate_ext 117 -#define SSL_F_ssl_undefined_const_function 118 -#define SSL_F_ssl3_get_server_certificate 119 -#define SSL_F_tls1_get_server_supplemental_data 120 -#define SSL_F_dtls1_buffer_record 121 -#define SSL_F_ssl_prepare_clienthello_tlsext 122 -#define SSL_F_ssl3_get_server_hello 123 -#define SSL_F_ssl3_send_client_key_exchange 124 -#define SSL_F_ssl3_write_bytes 125 -#define SSL_F_SSL_use_RSAPrivateKey_file 126 -#define SSL_F_ssl_bad_method 127 -#define SSL_F_ssl3_connect 128 -#define SSL_F_dtls1_connect 129 -#define SSL_F_SSL_use_RSAPrivateKey 130 -#define SSL_F_tls1_prf 131 -#define SSL_F_ssl_bytes_to_cipher_list 132 -#define SSL_F_ssl3_do_change_cipher_spec 133 -#define SSL_F_SSL_SESSION_set1_id_context 134 -#define SSL_F_ssl_add_serverhello_tlsext 135 -#define SSL_F_read_authz 136 -#define SSL_F_ssl3_get_client_hello 137 -#define SSL_F_ssl3_get_certificate_request 138 -#define SSL_F_authz_find_data 139 -#define SSL_F_ssl_add_cert_to_buf 140 -#define SSL_F_ssl_add_serverhello_renegotiate_ext 141 -#define SSL_F_ssl3_get_message 142 -#define SSL_F_ssl_check_srvr_ecc_cert_and_alg 143 -#define SSL_F_ssl_parse_clienthello_tlsext 144 -#define SSL_F_SSL_add_file_cert_subjects_to_stack 145 -#define SSL_F_ssl3_ctx_ctrl 146 -#define SSL_F_ssl3_get_record 147 -#define SSL_F_SSL_CTX_use_RSAPrivateKey 148 -#define SSL_F_SSL_use_certificate_file 149 -#define SSL_F_SSL_load_client_CA_file 151 -#define SSL_F_dtls1_preprocess_fragment 152 -#define SSL_F_SSL_CTX_check_private_key 153 -#define SSL_F_ssl3_get_cert_status 154 -#define SSL_F_printf 155 -#define SSL_F_SSL_CTX_new 156 -#define SSL_F_ssl23_accept 157 -#define SSL_F_SSL_use_authz 158 -#define SSL_F_ssl_undefined_function 159 -#define SSL_F_dtls1_send_hello_verify_request 160 -#define SSL_F_ssl_build_cert_chain 161 -#define SSL_F_SSL_SESSION_print_fp 162 -#define SSL_F_tls1_change_cipher_state 163 -#define SSL_F_tls12_check_peer_sigalg 164 -#define SSL_F_ssl_sess_cert_new 165 -#define SSL_F_ssl3_read_bytes 166 -#define SSL_F_dtls1_get_hello_verify 167 -#define SSL_F_tls1_cert_verify_mac 168 -#define SSL_F_ssl23_client_hello 169 -#define SSL_F_SSL_shutdown 170 -#define SSL_F_ssl_init_wbio_buffer 171 -#define SSL_F_SSL_use_certificate 172 -#define SSL_F_SSL_CTX_use_RSAPrivateKey_ASN1 173 -#define SSL_F_ssl_set_authz 174 -#define SSL_F_ssl23_peek 175 -#define SSL_F_SSL_use_psk_identity_hint 176 -#define SSL_F_ssl3_get_cert_verify 177 -#define SSL_F_ssl_ctx_make_profiles 178 -#define SSL_F_ssl_add_clienthello_use_srtp_ext 179 -#define SSL_F_ssl3_get_client_key_exchange 180 -#define SSL_F_do_ssl3_write 181 -#define SSL_F_ssl3_handshake_mac 182 -#define SSL_F_tls1_setup_key_block 183 -#define SSL_F_SSL_set_fd 184 -#define SSL_F_SSL_check_private_key 185 -#define SSL_F_ssl3_send_cert_verify 186 -#define SSL_F_ssl3_write_pending 187 -#define SSL_F_ssl_cert_inst 188 -#define SSL_F_ssl3_change_cipher_state 189 -#define SSL_F_ssl23_get_server_hello 190 -#define SSL_F_SSL_write 191 -#define SSL_F_ssl_get_sign_pkey 192 -#define SSL_F_ssl_set_cert 193 -#define SSL_F_SSL_CTX_use_RSAPrivateKey_file 194 -#define SSL_F_SSL_CTX_use_authz 195 -#define SSL_F_ssl_get_new_session 196 -#define SSL_F_SSL_set_session_ticket_ext 197 -#define SSL_F_ssl_add_clienthello_renegotiate_ext 198 -#define SSL_F_ssl3_send_server_key_exchange 199 -#define SSL_F_fprintf 200 -#define SSL_F_ssl3_get_new_session_ticket 201 -#define SSL_F_SSL_CTX_use_certificate_ASN1 202 -#define SSL_F_ssl_add_cert_chain 203 -#define SSL_F_ssl_create_cipher_list 204 -#define SSL_F_ssl3_callback_ctrl 205 -#define SSL_F_SSL_CTX_set_cipher_list 206 -#define SSL_F_ssl3_send_certificate_request 207 -#define SSL_F_SSL_use_PrivateKey_ASN1 208 -#define SSL_F_SSL_CTX_use_certificate_chain_file 209 -#define SSL_F_SSL_SESSION_new 210 -#define SSL_F_check_suiteb_cipher_list 211 -#define SSL_F_ssl_scan_clienthello_tlsext 212 -#define SSL_F_ssl3_send_client_hello 213 -#define SSL_F_SSL_use_RSAPrivateKey_ASN1 214 -#define SSL_F_ssl3_ctrl 215 -#define SSL_F_ssl3_setup_write_buffer 216 -#define SSL_F_ssl_parse_serverhello_use_srtp_ext 217 -#define SSL_F_ssl3_get_server_key_exchange 218 -#define SSL_F_ssl3_send_server_hello 219 -#define SSL_F_SSL_add_dir_cert_subjects_to_stack 220 -#define SSL_F_ssl_check_serverhello_tlsext 221 -#define SSL_F_ssl3_get_server_done 222 -#define SSL_F_ssl3_check_cert_and_algorithm 223 -#define SSL_F_do_dtls1_write 224 -#define SSL_F_dtls1_check_timeout_num 225 -#define SSL_F_tls1_export_keying_material 226 -#define SSL_F_SSL_CTX_set_session_id_context 227 -#define SSL_F_SSL_set_rfd 228 -#define SSL_F_ssl3_send_client_certificate 229 -#define SSL_F_ssl_cert_dup 230 -#define SSL_F_dtls1_process_record 231 -#define SSL_F_ssl_new 232 -#define SSL_F_ssl_get_server_cert_index 233 -#define SSL_F_tls1_send_server_supplemental_data 234 -#define SSL_F_D2I_SSL_SESSION 235 -#define SSL_F_ssl_cipher_strength_sort 236 -#define SSL_F_dtls1_get_message 237 -#define SSL_F_ssl23_connect 238 -#define SSL_F_tls1_heartbeat 239 -#define SSL_F_ssl3_read_n 240 -#define SSL_F_ssl_get_prev_session 241 -#define SSL_F_ssl_parse_clienthello_renegotiate_ext 242 -#define SSL_F_ssl3_setup_read_buffer 243 -#define SSL_F_SSL_CTX_set_ssl_version 244 -#define SSL_F_SSL_peek 245 -#define SSL_F_ssl3_send_server_certificate 246 -#define SSL_F_SSL_do_handshake 247 -#define SSL_F_ssl_undefined_void_function 248 -#define SSL_F_ssl_add_serverhello_use_srtp_ext 249 -#define SSL_F_fclose 250 -#define SSL_F_SSL_use_PrivateKey 251 -#define SSL_F_SSL_CTX_use_certificate_file 252 -#define SSL_F_SSL_CTX_use_PrivateKey 253 -#define SSL_F_SSL_set_session 254 -#define SSL_F_SSL_CTX_use_psk_identity_hint 255 -#define SSL_F_ssl_scan_serverhello_tlsext 256 -#define SSL_F_ssl23_read 257 -#define SSL_F_ssl_parse_clienthello_use_srtp_ext 258 -#define SSL_F_ssl3_accept 259 -#define SSL_F_ssl3_get_client_certificate 260 -#define SSL_F_SSL_CTX_use_PrivateKey_ASN1 261 -#define SSL_F_dtls1_get_message_fragment 262 -#define SSL_F_SSL_clear 263 -#define SSL_F_dtls1_accept 264 -#define SSL_F_ssl3_get_next_proto 265 -#define SSL_F_SSL_set_cipher_list 266 -#define SSL_F_ssl_add_clienthello_tlsext 267 -#define SSL_F_ssl23_get_client_hello 268 -#define SSL_F_SSL_CTX_use_PrivateKey_file 269 -#define SSL_F_ssl3_get_finished 270 -#define SSL_F_ssl3_generate_key_block 271 -#define SSL_F_ssl3_setup_key_block 272 -#define SSL_F_SSL_new 273 -#define SSL_F_ssl_parse_serverhello_tlsext 274 -#define SSL_F_ssl3_get_channel_id 275 -#define SSL_F_ssl3_send_channel_id 276 -#define SSL_F_SSL_CTX_set_cipher_list_tls11 277 -#define SSL_F_tls1_change_cipher_state_cipher 278 -#define SSL_F_tls1_change_cipher_state_aead 279 -#define SSL_F_tls1_aead_ctx_init 280 -#define SSL_F_tls1_check_duplicate_extensions 281 -#define SSL_F_ssl3_expect_change_cipher_spec 282 -#define SSL_F_ssl23_get_v2_client_hello 283 -#define SSL_F_ssl3_cert_verify_hash 284 -#define SSL_F_ssl_ctx_log_rsa_client_key_exchange 285 -#define SSL_F_ssl_ctx_log_master_secret 286 -#define SSL_F_d2i_SSL_SESSION 287 -#define SSL_F_i2d_SSL_SESSION 288 -#define SSL_F_d2i_SSL_SESSION_get_octet_string 289 -#define SSL_F_d2i_SSL_SESSION_get_string 290 -#define SSL_F_ssl3_send_new_session_ticket 291 -#define SSL_F_SSL_SESSION_to_bytes_full 292 -#define SSL_F_SSL_accept 293 -#define SSL_F_SSL_connect 294 -#define SSL_F_ssl3_get_v2_client_hello 295 -#define SSL_F_ssl3_get_initial_bytes 296 -#define SSL_F_tls1_enc 297 -#define SSL_F_ssl3_prf 298 -#define SSL_F_dtls1_do_write 299 -#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 100 -#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 101 -#define SSL_R_INVALID_NULL_CMD_NAME 102 -#define SSL_R_BAD_RSA_DECRYPT 103 -#define SSL_R_NO_SHARED_CIPHER 104 -#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 105 -#define SSL_R_SSL_HANDSHAKE_FAILURE 106 -#define SSL_R_INVALID_TICKET_KEYS_LENGTH 107 -#define SSL_R_PEER_ERROR 108 -#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 109 -#define SSL_R_INCONSISTENT_COMPRESSION 110 +#define SSL_F_SSL_CTX_use_certificate_ASN1 112 +#define SSL_F_SSL_CTX_use_certificate_chain_file 113 +#define SSL_F_SSL_CTX_use_certificate_file 114 +#define SSL_F_SSL_CTX_use_psk_identity_hint 115 +#define SSL_F_SSL_SESSION_new 116 +#define SSL_F_SSL_SESSION_print_fp 117 +#define SSL_F_SSL_SESSION_set1_id_context 118 +#define SSL_F_SSL_SESSION_to_bytes_full 119 +#define SSL_F_SSL_accept 120 +#define SSL_F_SSL_add_dir_cert_subjects_to_stack 121 +#define SSL_F_SSL_add_file_cert_subjects_to_stack 122 +#define SSL_F_SSL_check_private_key 123 +#define SSL_F_SSL_clear 124 +#define SSL_F_SSL_connect 125 +#define SSL_F_SSL_do_handshake 126 +#define SSL_F_SSL_load_client_CA_file 127 +#define SSL_F_SSL_new 128 +#define SSL_F_SSL_peek 129 +#define SSL_F_SSL_read 130 +#define SSL_F_SSL_renegotiate 131 +#define SSL_F_SSL_set_cipher_list 132 +#define SSL_F_SSL_set_fd 133 +#define SSL_F_SSL_set_rfd 134 +#define SSL_F_SSL_set_session_id_context 135 +#define SSL_F_SSL_set_wfd 136 +#define SSL_F_SSL_shutdown 137 +#define SSL_F_SSL_use_PrivateKey 138 +#define SSL_F_SSL_use_PrivateKey_ASN1 139 +#define SSL_F_SSL_use_PrivateKey_file 140 +#define SSL_F_SSL_use_RSAPrivateKey 141 +#define SSL_F_SSL_use_RSAPrivateKey_ASN1 142 +#define SSL_F_SSL_use_RSAPrivateKey_file 143 +#define SSL_F_SSL_use_certificate 144 +#define SSL_F_SSL_use_certificate_ASN1 145 +#define SSL_F_SSL_use_certificate_file 146 +#define SSL_F_SSL_use_psk_identity_hint 147 +#define SSL_F_SSL_write 148 +#define SSL_F_d2i_SSL_SESSION 149 +#define SSL_F_d2i_SSL_SESSION_get_octet_string 150 +#define SSL_F_d2i_SSL_SESSION_get_string 151 +#define SSL_F_do_ssl3_write 152 +#define SSL_F_dtls1_accept 153 +#define SSL_F_dtls1_buffer_record 154 +#define SSL_F_dtls1_check_timeout_num 155 +#define SSL_F_dtls1_connect 156 +#define SSL_F_dtls1_do_write 157 +#define SSL_F_dtls1_get_hello_verify 158 +#define SSL_F_dtls1_get_message 159 +#define SSL_F_dtls1_get_message_fragment 160 +#define SSL_F_dtls1_preprocess_fragment 161 +#define SSL_F_dtls1_process_record 162 +#define SSL_F_dtls1_read_bytes 163 +#define SSL_F_dtls1_send_hello_verify_request 164 +#define SSL_F_dtls1_write_app_data_bytes 165 +#define SSL_F_i2d_SSL_SESSION 166 +#define SSL_F_ssl3_accept 167 +#define SSL_F_ssl3_cert_verify_hash 169 +#define SSL_F_ssl3_check_cert_and_algorithm 170 +#define SSL_F_ssl3_connect 171 +#define SSL_F_ssl3_ctrl 172 +#define SSL_F_ssl3_ctx_ctrl 173 +#define SSL_F_ssl3_digest_cached_records 174 +#define SSL_F_ssl3_do_change_cipher_spec 175 +#define SSL_F_ssl3_expect_change_cipher_spec 176 +#define SSL_F_ssl3_get_cert_status 177 +#define SSL_F_ssl3_get_cert_verify 178 +#define SSL_F_ssl3_get_certificate_request 179 +#define SSL_F_ssl3_get_channel_id 180 +#define SSL_F_ssl3_get_client_certificate 181 +#define SSL_F_ssl3_get_client_hello 182 +#define SSL_F_ssl3_get_client_key_exchange 183 +#define SSL_F_ssl3_get_finished 184 +#define SSL_F_ssl3_get_initial_bytes 185 +#define SSL_F_ssl3_get_message 186 +#define SSL_F_ssl3_get_new_session_ticket 187 +#define SSL_F_ssl3_get_next_proto 188 +#define SSL_F_ssl3_get_record 189 +#define SSL_F_ssl3_get_server_certificate 190 +#define SSL_F_ssl3_get_server_done 191 +#define SSL_F_ssl3_get_server_hello 192 +#define SSL_F_ssl3_get_server_key_exchange 193 +#define SSL_F_ssl3_get_v2_client_hello 194 +#define SSL_F_ssl3_handshake_mac 195 +#define SSL_F_ssl3_prf 196 +#define SSL_F_ssl3_read_bytes 197 +#define SSL_F_ssl3_read_n 198 +#define SSL_F_ssl3_send_cert_verify 199 +#define SSL_F_ssl3_send_certificate_request 200 +#define SSL_F_ssl3_send_channel_id 201 +#define SSL_F_ssl3_send_client_certificate 202 +#define SSL_F_ssl3_send_client_hello 203 +#define SSL_F_ssl3_send_client_key_exchange 204 +#define SSL_F_ssl3_send_server_certificate 205 +#define SSL_F_ssl3_send_server_hello 206 +#define SSL_F_ssl3_send_server_key_exchange 207 +#define SSL_F_ssl3_setup_read_buffer 208 +#define SSL_F_ssl3_setup_write_buffer 209 +#define SSL_F_ssl3_write_bytes 210 +#define SSL_F_ssl3_write_pending 211 +#define SSL_F_ssl_add_cert_chain 212 +#define SSL_F_ssl_add_cert_to_buf 213 +#define SSL_F_ssl_add_clienthello_renegotiate_ext 214 +#define SSL_F_ssl_add_clienthello_tlsext 215 +#define SSL_F_ssl_add_clienthello_use_srtp_ext 216 +#define SSL_F_ssl_add_serverhello_renegotiate_ext 217 +#define SSL_F_ssl_add_serverhello_tlsext 218 +#define SSL_F_ssl_add_serverhello_use_srtp_ext 219 +#define SSL_F_ssl_build_cert_chain 220 +#define SSL_F_ssl_bytes_to_cipher_list 221 +#define SSL_F_ssl_cert_dup 222 +#define SSL_F_ssl_cert_inst 223 +#define SSL_F_ssl_cert_new 224 +#define SSL_F_ssl_check_serverhello_tlsext 225 +#define SSL_F_ssl_check_srvr_ecc_cert_and_alg 226 +#define SSL_F_ssl_cipher_process_rulestr 227 +#define SSL_F_ssl_cipher_strength_sort 228 +#define SSL_F_ssl_create_cipher_list 229 +#define SSL_F_ssl_ctx_log_master_secret 230 +#define SSL_F_ssl_ctx_log_rsa_client_key_exchange 231 +#define SSL_F_ssl_ctx_make_profiles 232 +#define SSL_F_ssl_get_new_session 233 +#define SSL_F_ssl_get_prev_session 234 +#define SSL_F_ssl_get_server_cert_index 235 +#define SSL_F_ssl_get_sign_pkey 236 +#define SSL_F_ssl_init_wbio_buffer 237 +#define SSL_F_ssl_parse_clienthello_renegotiate_ext 238 +#define SSL_F_ssl_parse_clienthello_tlsext 239 +#define SSL_F_ssl_parse_clienthello_use_srtp_ext 240 +#define SSL_F_ssl_parse_serverhello_renegotiate_ext 241 +#define SSL_F_ssl_parse_serverhello_tlsext 242 +#define SSL_F_ssl_parse_serverhello_use_srtp_ext 243 +#define SSL_F_ssl_scan_clienthello_tlsext 244 +#define SSL_F_ssl_scan_serverhello_tlsext 245 +#define SSL_F_ssl_sess_cert_new 246 +#define SSL_F_ssl_set_cert 247 +#define SSL_F_ssl_set_pkey 248 +#define SSL_F_ssl_verify_cert_chain 252 +#define SSL_F_tls12_check_peer_sigalg 253 +#define SSL_F_tls1_aead_ctx_init 254 +#define SSL_F_tls1_cert_verify_mac 255 +#define SSL_F_tls1_change_cipher_state 256 +#define SSL_F_tls1_change_cipher_state_aead 257 +#define SSL_F_tls1_check_duplicate_extensions 258 +#define SSL_F_tls1_enc 259 +#define SSL_F_tls1_export_keying_material 260 +#define SSL_F_tls1_prf 261 +#define SSL_F_tls1_setup_key_block 262 +#define SSL_F_dtls1_get_buffered_message 263 +#define SSL_F_dtls1_process_fragment 264 +#define SSL_F_dtls1_hm_fragment_new 265 +#define SSL_F_ssl3_seal_record 266 +#define SSL_F_ssl3_record_sequence_update 267 +#define SSL_F_SSL_CTX_set_tmp_dh 268 +#define SSL_F_SSL_CTX_set_tmp_ecdh 269 +#define SSL_F_SSL_set_tmp_dh 270 +#define SSL_F_SSL_set_tmp_ecdh 271 +#define SSL_F_SSL_CTX_set1_tls_channel_id 272 +#define SSL_F_SSL_set1_tls_channel_id 273 +#define SSL_F_SSL_set_tlsext_host_name 274 +#define SSL_F_ssl3_output_cert_chain 275 +#define SSL_R_APP_DATA_IN_HANDSHAKE 100 +#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101 +#define SSL_R_BAD_ALERT 102 +#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 104 +#define SSL_R_BAD_DH_P_LENGTH 105 +#define SSL_R_BAD_DIGEST_LENGTH 106 +#define SSL_R_BAD_ECC_CERT 107 +#define SSL_R_BAD_ECPOINT 108 +#define SSL_R_BAD_HANDSHAKE_LENGTH 109 +#define SSL_R_BAD_HANDSHAKE_RECORD 110 #define SSL_R_BAD_HELLO_REQUEST 111 -#define SSL_R_NULL_SSL_METHOD_PASSED 112 -#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 113 -#define SSL_R_BAD_ECDSA_SIGNATURE 114 -#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 115 -#define SSL_R_BAD_DH_PUB_KEY_LENGTH 116 -#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 117 -#define SSL_R_APP_DATA_IN_HANDSHAKE 118 -#define SSL_R_NO_PEM_EXTENSIONS 119 -#define SSL_R_BAD_SRP_B_LENGTH 120 -#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 121 -#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 122 -#define SSL_R_MISSING_SRP_PARAM 123 -#define SSL_R_MISSING_RSA_SIGNING_CERT 124 -#define SSL_R_MISSING_DSA_SIGNING_CERT 125 -#define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 126 -#define SSL_R_UNEXPECTED_RECORD 127 -#define SSL_R_BAD_DIGEST_LENGTH 128 -#define SSL_R_READ_TIMEOUT_EXPIRED 129 -#define SSL_R_KRB5_C_GET_CRED 130 -#define SSL_R_NULL_SSL_CTX 131 -#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 134 -#define SSL_R_SSL3_SESSION_ID_TOO_LONG 135 -#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 136 -#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 137 -#define SSL_R_COOKIE_MISMATCH 139 -#define SSL_R_UNINITIALIZED 140 -#define SSL_R_BAD_CHANGE_CIPHER_SPEC 141 -#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 142 -#define SSL_R_BAD_SRP_G_LENGTH 143 -#define SSL_R_NO_CERTIFICATE_ASSIGNED 144 -#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 145 -#define SSL_R_PEM_NAME_TOO_SHORT 146 -#define SSL_R_PROTOCOL_IS_SHUTDOWN 148 -#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 149 -#define SSL_R_WRONG_MESSAGE_TYPE 150 -#define SSL_R_BAD_RSA_MODULUS_LENGTH 151 -#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 152 -#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 153 -#define SSL_R_NO_CLIENT_CERT_RECEIVED 154 -#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 155 -#define SSL_R_CERT_LENGTH_MISMATCH 156 -#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 157 -#define SSL_R_DUPLICATE_COMPRESSION_ID 158 -#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 159 -#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 160 -#define SSL_R_DATA_LENGTH_TOO_LONG 161 -#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 162 -#define SSL_R_WRONG_SIGNATURE_LENGTH 163 -#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 164 -#define SSL_R_WRONG_VERSION_NUMBER 165 -#define SSL_R_RECORD_TOO_LARGE 166 -#define SSL_R_BIO_NOT_SET 167 -#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 168 -#define SSL_R_UNKNOWN_PKEY_TYPE 170 -#define SSL_R_CIPHER_CODE_WRONG_LENGTH 171 -#define SSL_R_SSL_SESSION_ID_CONFLICT 172 -#define SSL_R_INVALID_COMMAND 173 -#define SSL_R_NO_PROTOCOLS_AVAILABLE 174 -#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 175 -#define SSL_R_LIBRARY_BUG 176 -#define SSL_R_UNSUPPORTED_CIPHER 177 -#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 178 -#define SSL_R_WRONG_SIGNATURE_TYPE 179 -#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 180 -#define SSL_R_PSK_NO_SERVER_CB 181 -#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 182 -#define SSL_R_INVALID_TRUST 183 -#define SSL_R_PARSE_TLSEXT 184 -#define SSL_R_NO_SRTP_PROFILES 185 -#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 186 -#define SSL_R_UNKNOWN_STATE 187 -#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 188 -#define SSL_R_WRONG_CIPHER_RETURNED 189 -#define SSL_R_BAD_DH_G_LENGTH 190 -#define SSL_R_BAD_ALERT_RECORD 191 -#define SSL_R_CIPHER_TABLE_SRC_ERROR 192 -#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 194 -#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 195 -#define SSL_R_MESSAGE_TOO_LONG 196 -#define SSL_R_BAD_RSA_SIGNATURE 197 -#define SSL_R_X509_LIB 198 -#define SSL_R_BAD_SRP_N_LENGTH 199 -#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 200 -#define SSL_R_UNKNOWN_CIPHER_TYPE 201 -#define SSL_R_BAD_DH_P_LENGTH 202 -#define SSL_R_MISSING_DH_RSA_CERT 203 -#define SSL_R_NO_METHOD_SPECIFIED 204 -#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 205 -#define SSL_R_MULTIPLE_SGC_RESTARTS 206 -#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 207 -#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 208 -#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 209 -#define SSL_R_BAD_SRP_S_LENGTH 210 -#define SSL_R_MISSING_TMP_RSA_KEY 211 -#define SSL_R_PSK_NO_CLIENT_CB 212 -#define SSL_R_PEM_NAME_BAD_PREFIX 213 -#define SSL_R_BAD_CHECKSUM 214 -#define SSL_R_NO_CIPHER_MATCH 216 -#define SSL_R_MISSING_TMP_DH_KEY 217 -#define SSL_R_UNSUPPORTED_STATUS_TYPE 218 -#define SSL_R_UNKNOWN_AUTHZ_DATA_TYPE 219 -#define SSL_R_CONNECTION_TYPE_NOT_SET 220 -#define SSL_R_MISSING_DH_KEY 221 -#define SSL_R_CHANNEL_ID_NOT_P256 222 -#define SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE 223 -#define SSL_R_UNKNOWN_PROTOCOL 224 -#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 225 -#define SSL_R_KRB5_S_TKT_SKEW 226 -#define SSL_R_PUBLIC_KEY_NOT_RSA 227 -#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 228 -#define SSL_R_GOST_NOT_SUPPORTED 229 -#define SSL_R_KRB5_C_CC_PRINC 230 -#define SSL_R_INVALID_PURPOSE 234 -#define SSL_R_KRB5_C_MK_REQ 235 -#define SSL_R_BAD_SRTP_MKI_VALUE 237 -#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 238 -#define SSL_R_DIGEST_CHECK_FAILED 239 -#define SSL_R_BAD_SRP_A_LENGTH 240 -#define SSL_R_SERVERHELLO_TLSEXT 241 -#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 242 -#define SSL_R_NO_CIPHERS_AVAILABLE 243 -#define SSL_R_COMPRESSION_FAILURE 244 -#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 245 -#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 246 -#define SSL_R_BAD_RSA_ENCRYPT 247 -#define SSL_R_EXCESSIVE_MESSAGE_SIZE 248 -#define SSL_R_INVALID_COMPRESSION_ALGORITHM 249 -#define SSL_R_SHORT_READ 250 -#define SSL_R_CA_DN_LENGTH_MISMATCH 252 -#define SSL_R_BAD_ECC_CERT 253 -#define SSL_R_NON_SSLV2_INITIAL_PACKET 254 -#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 255 -#define SSL_R_MISSING_TMP_RSA_PKEY 256 -#define SSL_R_BN_LIB 257 -#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 258 -#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 259 -#define SSL_R_NO_RENEGOTIATION 260 -#define SSL_R_NO_COMPRESSION_SPECIFIED 261 +#define SSL_R_BAD_LENGTH 112 +#define SSL_R_BAD_PACKET_LENGTH 113 +#define SSL_R_BAD_RSA_ENCRYPT 114 +#define SSL_R_BAD_SIGNATURE 115 +#define SSL_R_BAD_SRTP_MKI_VALUE 116 +#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 117 +#define SSL_R_BAD_SSL_FILETYPE 118 +#define SSL_R_BAD_WRITE_RETRY 119 +#define SSL_R_BIO_NOT_SET 120 +#define SSL_R_BN_LIB 121 +#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 122 +#define SSL_R_CA_DN_LENGTH_MISMATCH 123 +#define SSL_R_CA_DN_TOO_LONG 124 +#define SSL_R_CCS_RECEIVED_EARLY 125 +#define SSL_R_CERTIFICATE_VERIFY_FAILED 126 +#define SSL_R_CERT_CB_ERROR 127 +#define SSL_R_CERT_LENGTH_MISMATCH 128 +#define SSL_R_CHANNEL_ID_NOT_P256 129 +#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 130 +#define SSL_R_CIPHER_CODE_WRONG_LENGTH 131 +#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 132 +#define SSL_R_CLIENTHELLO_PARSE_FAILED 133 +#define SSL_R_CLIENTHELLO_TLSEXT 134 +#define SSL_R_CONNECTION_REJECTED 135 +#define SSL_R_CONNECTION_TYPE_NOT_SET 136 +#define SSL_R_COOKIE_MISMATCH 137 +#define SSL_R_D2I_ECDSA_SIG 138 +#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 139 +#define SSL_R_DATA_LENGTH_TOO_LONG 140 +#define SSL_R_DECODE_ERROR 141 +#define SSL_R_DECRYPTION_FAILED 142 +#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 143 +#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 144 +#define SSL_R_DIGEST_CHECK_FAILED 145 +#define SSL_R_DTLS_MESSAGE_TOO_BIG 146 +#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 147 +#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 148 +#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 149 +#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 150 +#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 151 +#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 152 +#define SSL_R_EXCESSIVE_MESSAGE_SIZE 153 +#define SSL_R_EXTRA_DATA_IN_MESSAGE 154 +#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 155 +#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 156 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 157 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 158 +#define SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO 159 +#define SSL_R_HANDSHAKE_RECORD_BEFORE_CCS 160 +#define SSL_R_HTTPS_PROXY_REQUEST 161 +#define SSL_R_HTTP_REQUEST 162 +#define SSL_R_INAPPROPRIATE_FALLBACK 163 +#define SSL_R_INVALID_COMMAND 164 +#define SSL_R_INVALID_MESSAGE 165 +#define SSL_R_INVALID_SSL_SESSION 166 +#define SSL_R_INVALID_TICKET_KEYS_LENGTH 167 +#define SSL_R_LENGTH_MISMATCH 168 +#define SSL_R_LIBRARY_HAS_NO_CIPHERS 169 +#define SSL_R_MISSING_DH_KEY 170 +#define SSL_R_MISSING_ECDSA_SIGNING_CERT 171 +#define SSL_R_MISSING_RSA_CERTIFICATE 172 +#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 173 +#define SSL_R_MISSING_RSA_SIGNING_CERT 174 +#define SSL_R_MISSING_TMP_DH_KEY 175 +#define SSL_R_MISSING_TMP_ECDH_KEY 176 +#define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 177 +#define SSL_R_MTU_TOO_SMALL 178 +#define SSL_R_NESTED_GROUP 179 +#define SSL_R_NO_CERTIFICATES_RETURNED 180 +#define SSL_R_NO_CERTIFICATE_ASSIGNED 181 +#define SSL_R_NO_CERTIFICATE_SET 182 +#define SSL_R_NO_CIPHERS_AVAILABLE 183 +#define SSL_R_NO_CIPHERS_PASSED 184 +#define SSL_R_NO_CIPHERS_SPECIFIED 185 +#define SSL_R_NO_CIPHER_MATCH 186 +#define SSL_R_NO_COMPRESSION_SPECIFIED 187 +#define SSL_R_NO_METHOD_SPECIFIED 188 +#define SSL_R_NO_P256_SUPPORT 189 +#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +#define SSL_R_NO_RENEGOTIATION 191 +#define SSL_R_NO_REQUIRED_DIGEST 192 +#define SSL_R_NO_SHARED_CIPHER 193 +#define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 194 +#define SSL_R_NO_SRTP_PROFILES 195 +#define SSL_R_NULL_SSL_CTX 196 +#define SSL_R_NULL_SSL_METHOD_PASSED 197 +#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 198 +#define SSL_R_PACKET_LENGTH_TOO_LONG 199 +#define SSL_R_PARSE_TLSEXT 200 +#define SSL_R_PATH_TOO_LONG 201 +#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 202 +#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 203 +#define SSL_R_PROTOCOL_IS_SHUTDOWN 204 +#define SSL_R_PSK_IDENTITY_NOT_FOUND 205 +#define SSL_R_PSK_NO_CLIENT_CB 206 +#define SSL_R_PSK_NO_SERVER_CB 207 +#define SSL_R_READ_BIO_NOT_SET 208 +#define SSL_R_READ_TIMEOUT_EXPIRED 209 +#define SSL_R_RECORD_LENGTH_MISMATCH 210 +#define SSL_R_RECORD_TOO_LARGE 211 +#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 212 +#define SSL_R_RENEGOTIATION_ENCODING_ERR 213 +#define SSL_R_RENEGOTIATION_MISMATCH 214 +#define SSL_R_REQUIRED_CIPHER_MISSING 215 +#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 216 +#define SSL_R_SERVERHELLO_TLSEXT 217 +#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 218 +#define SSL_R_SESSION_MAY_NOT_BE_CREATED 219 +#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 220 +#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 221 +#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 222 +#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 223 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 224 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 225 +#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 226 +#define SSL_R_SSL_HANDSHAKE_FAILURE 227 +#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 228 +#define SSL_R_SSL_SESSION_ID_CONFLICT 229 +#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 230 +#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 231 +#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 +#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 233 +#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 234 +#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 235 +#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 236 +#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 237 +#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 238 +#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +#define SSL_R_UNEXPECTED_GROUP_CLOSE 240 +#define SSL_R_UNEXPECTED_MESSAGE 241 +#define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 242 +#define SSL_R_UNEXPECTED_RECORD 243 +#define SSL_R_UNINITIALIZED 244 +#define SSL_R_UNKNOWN_ALERT_TYPE 245 +#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 246 +#define SSL_R_UNKNOWN_CIPHER_RETURNED 247 +#define SSL_R_UNKNOWN_CIPHER_TYPE 248 +#define SSL_R_UNKNOWN_DIGEST 249 +#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +#define SSL_R_UNKNOWN_PROTOCOL 251 +#define SSL_R_UNKNOWN_SSL_VERSION 252 +#define SSL_R_UNKNOWN_STATE 253 +#define SSL_R_UNPROCESSED_HANDSHAKE_DATA 254 +#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 255 +#define SSL_R_UNSUPPORTED_CIPHER 256 +#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 258 +#define SSL_R_UNSUPPORTED_PROTOCOL 259 +#define SSL_R_UNSUPPORTED_SSL_VERSION 260 +#define SSL_R_USE_SRTP_NOT_NEGOTIATED 261 #define SSL_R_WRONG_CERTIFICATE_TYPE 262 -#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 264 -#define SSL_R_READ_BIO_NOT_SET 265 -#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 266 -#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 267 -#define SSL_R_INVALID_CHALLENGE_LENGTH 268 -#define SSL_R_LIBRARY_HAS_NO_CIPHERS 270 -#define SSL_R_WRONG_CURVE 271 -#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 272 -#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 275 -#define SSL_R_MISSING_RSA_CERTIFICATE 276 -#define SSL_R_NO_P256_SUPPORT 277 -#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 278 -#define SSL_R_INVALID_SERVERINFO_DATA 279 -#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 280 -#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 281 -#define SSL_R_KRB5_S_BAD_TICKET 282 -#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 283 -#define SSL_R_PACKET_LENGTH_TOO_LONG 284 -#define SSL_R_BAD_STATE 285 -#define SSL_R_USE_SRTP_NOT_NEGOTIATED 286 -#define SSL_R_BAD_RSA_E_LENGTH 287 -#define SSL_R_ILLEGAL_PADDING 288 -#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 289 -#define SSL_R_BAD_VALUE 290 -#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 291 -#define SSL_R_COMPRESSION_DISABLED 292 -#define SSL_R_BAD_DECOMPRESSION 293 -#define SSL_R_CHALLENGE_IS_DIFFERENT 294 -#define SSL_R_NO_CLIENT_CERT_METHOD 295 -#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 296 -#define SSL_R_INVALID_MESSAGE 297 -#define SSL_R_HTTPS_PROXY_REQUEST 298 -#define SSL_R_AUTHZ_DATA_TOO_LARGE 299 -#define SSL_R_KRB5_S_TKT_EXPIRED 300 -#define SSL_R_NO_CERTIFICATE_SPECIFIED 301 -#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 302 -#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 303 -#define SSL_R_INVALID_STATUS_RESPONSE 304 -#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 305 -#define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 306 -#define SSL_R_MISSING_TMP_ECDH_KEY 307 -#define SSL_R_CERTIFICATE_VERIFY_FAILED 308 -#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 309 -#define SSL_R_RENEGOTIATION_ENCODING_ERR 310 -#define SSL_R_NO_PRIVATEKEY 311 -#define SSL_R_READ_WRONG_PACKET_TYPE 313 -#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 314 -#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 315 -#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 316 -#define SSL_R_HTTP_REQUEST 317 -#define SSL_R_KRB5_S_INIT 318 -#define SSL_R_RECORD_LENGTH_MISMATCH 320 -#define SSL_R_BAD_LENGTH 321 -#define SSL_R_NO_REQUIRED_DIGEST 322 -#define SSL_R_KRB5 323 -#define SSL_R_CCS_RECEIVED_EARLY 325 -#define SSL_R_MISSING_ECDSA_SIGNING_CERT 326 -#define SSL_R_D2I_ECDSA_SIG 327 -#define SSL_R_PATH_TOO_LONG 328 -#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 329 -#define SSL_R_UNSUPPORTED_DIGEST_TYPE 330 -#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 331 -#define SSL_R_PEER_ERROR_CERTIFICATE 332 -#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 333 -#define SSL_R_NO_CERTIFICATE_SET 334 -#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 335 -#define SSL_R_NO_CERTIFICATES_RETURNED 337 -#define SSL_R_BAD_WRITE_RETRY 338 -#define SSL_R_BAD_SSL_FILETYPE 339 -#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 340 -#define SSL_R_NO_CIPHERS_SPECIFIED 341 -#define SSL_R_LENGTH_MISMATCH 342 -#define SSL_R_NO_CIPHERS_PASSED 343 -#define SSL_R_NO_VERIFY_CALLBACK 344 -#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 345 -#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 347 -#define SSL_R_UNEXPECTED_MESSAGE 348 -#define SSL_R_MISSING_DH_DSA_CERT 349 -#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 350 -#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 351 -#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 352 -#define SSL_R_ILLEGAL_SUITEB_DIGEST 353 -#define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 354 -#define SSL_R_CLIENTHELLO_TLSEXT 355 -#define SSL_R_INVALID_AUTHZ_DATA 356 -#define SSL_R_BAD_RESPONSE_ARGUMENT 357 -#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 358 -#define SSL_R_REQUIRED_CIPHER_MISSING 359 -#define SSL_R_INVALID_AUDIT_PROOF 360 -#define SSL_R_PSK_IDENTITY_NOT_FOUND 361 -#define SSL_R_UNKNOWN_ALERT_TYPE 362 -#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 363 -#define SSL_R_BAD_AUTHENTICATION_TYPE 365 -#define SSL_R_DECRYPTION_FAILED 366 -#define SSL_R_WRONG_SSL_VERSION 367 -#define SSL_R_NO_CERTIFICATE_RETURNED 368 -#define SSL_R_CA_DN_TOO_LONG 370 -#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 371 -#define SSL_R_COMPRESSION_LIBRARY_ERROR 372 -#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 374 -#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 375 -#define SSL_R_BAD_ECPOINT 376 -#define SSL_R_BAD_HANDSHAKE_LENGTH 377 -#define SSL_R_KRB5_S_RD_REQ 380 -#define SSL_R_PEER_ERROR_NO_CERTIFICATE 381 -#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 382 -#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 383 -#define SSL_R_UNKNOWN_DIGEST 384 -#define SSL_R_WRONG_SIGNATURE_SIZE 385 -#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 386 -#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 387 -#define SSL_R_BAD_SIGNATURE 388 -#define SSL_R_BAD_PACKET_LENGTH 389 -#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 390 -#define SSL_R_RENEGOTIATION_MISMATCH 391 -#define SSL_R_BAD_MAC_LENGTH 392 -#define SSL_R_NO_PUBLICKEY 393 -#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 394 -#define SSL_R_BAD_MAC_DECODE 395 -#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 396 -#define SSL_R_EXTRA_DATA_IN_MESSAGE 397 -#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 398 -#define SSL_R_CONNECTION_ID_IS_DIFFERENT 399 -#define SSL_R_MISSING_VERIFY_MESSAGE 402 -#define SSL_R_BAD_DSA_SIGNATURE 403 -#define SSL_R_UNKNOWN_SSL_VERSION 404 -#define SSL_R_KEY_ARG_TOO_LONG 405 -#define SSL_R_KRB5_C_INIT 406 -#define SSL_R_NO_CIPHER_LIST 407 -#define SSL_R_PEER_ERROR_NO_CIPHER 408 -#define SSL_R_UNKNOWN_CMD_NAME 409 -#define SSL_R_UNKNOWN_CIPHER_RETURNED 410 -#define SSL_R_RECORD_TOO_SMALL 411 -#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 412 -#define SSL_R_UNSUPPORTED_SSL_VERSION 413 -#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 415 -#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 416 -#define SSL_R_BAD_DATA 417 -#define SSL_R_KRB5_S_TKT_NYV 418 -#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 420 -#define SSL_R_BAD_MESSAGE_TYPE 421 -#define SSL_R_MISSING_ECDH_CERT 422 -#define SSL_R_UNSUPPORTED_PROTOCOL 423 -#define SSL_R_SRP_A_CALC 424 -#define SSL_R_WRITE_BIO_NOT_SET 425 -#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 426 -#define SSL_R_LENGTH_TOO_SHORT 427 -#define SSL_R_CERT_CB_ERROR 428 -#define SSL_R_DTLS_MESSAGE_TOO_BIG 429 -#define SSL_R_INVALID_SRP_USERNAME 430 -#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 431 -#define SSL_R_NESTED_GROUP 432 -#define SSL_R_UNEXPECTED_GROUP_CLOSE 433 -#define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 434 -#define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 435 -#define SSL_R_INAPPROPRIATE_FALLBACK 436 -#define SSL_R_CLIENTHELLO_PARSE_FAILED 437 -#define SSL_R_CONNECTION_REJECTED 438 -#define SSL_R_DECODE_ERROR 439 -#define SSL_R_UNPROCESSED_HANDSHAKE_DATA 440 -#define SSL_R_HANDSHAKE_RECORD_BEFORE_CCS 441 -#define SSL_R_SESSION_MAY_NOT_BE_CREATED 442 -#define SSL_R_INVALID_SSL_SESSION 443 -#define SSL_R_BAD_ALERT 444 -#define SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO 445 -#define SSL_R_MTU_TOO_SMALL 446 +#define SSL_R_WRONG_CIPHER_RETURNED 263 +#define SSL_R_WRONG_CURVE 264 +#define SSL_R_WRONG_MESSAGE_TYPE 265 +#define SSL_R_WRONG_SIGNATURE_TYPE 266 +#define SSL_R_WRONG_SSL_VERSION 267 +#define SSL_R_WRONG_VERSION_NUMBER 268 +#define SSL_R_X509_LIB 269 +#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 270 +#define SSL_R_FRAGMENT_MISMATCH 271 +#define SSL_R_BUFFER_TOO_SMALL 272 +#define SSL_R_OLD_SESSION_VERSION_NOT_RETURNED 273 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 @@ -2756,4 +2893,4 @@ OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); #define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 #define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -#endif +#endif /* OPENSSL_HEADER_SSL_H */ diff --git a/src/include/openssl/ssl2.h b/src/include/openssl/ssl2.h index eb25dcb..b8401fa 100644 --- a/src/include/openssl/ssl2.h +++ b/src/include/openssl/ssl2.h @@ -151,10 +151,6 @@ extern "C" { #define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 #define SSL2_MAX_KEY_MATERIAL_LENGTH 24 -#ifndef HEADER_SSL_LOCL_H -#define CERT char -#endif - #ifndef OPENSSL_NO_SSL_INTERN typedef struct ssl2_state_st diff --git a/src/include/openssl/ssl3.h b/src/include/openssl/ssl3.h index 8745281..96f00cf 100644 --- a/src/include/openssl/ssl3.h +++ b/src/include/openssl/ssl3.h @@ -117,9 +117,11 @@ #ifndef HEADER_SSL3_H #define HEADER_SSL3_H +#include <openssl/aead.h> #include <openssl/buf.h> #include <openssl/evp.h> #include <openssl/ssl.h> +#include <openssl/type_check.h> #ifdef __cplusplus extern "C" { @@ -237,19 +239,28 @@ extern "C" { /* The standards give a maximum encryption overhead of 1024 bytes. In practice * the value is lower than this. The overhead is the maximum number of padding - * bytes (256) plus the mac size. */ + * bytes (256) plus the mac size. + * + * TODO(davidben): This derivation doesn't take AEADs into account, or TLS 1.1 + * explicit nonces. It happens to work because |SSL3_RT_MAX_MD_SIZE| is larger + * than necessary and no true AEAD has variable overhead in TLS 1.2. */ #define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) -/* OpenSSL currently only uses a padding length of at most one block so the - * send overhead is smaller. */ - +/* SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD is the maximum overhead in encrypting a + * record. This does not include the record header. Some ciphers use explicit + * nonces, so it includes both the AEAD overhead as well as the nonce. */ #define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ - (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + (EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH) + +OPENSSL_COMPILE_ASSERT( + SSL3_RT_MAX_ENCRYPTED_OVERHEAD >= SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD, + max_overheads_are_consistent); -/* If compression isn't used don't include the compression overhead */ +/* SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for + * |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the + * compression overhead. */ +#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH -#define SSL3_RT_MAX_COMPRESSED_LENGTH \ - (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_COMPRESSED_OVERHEAD) #define SSL3_RT_MAX_ENCRYPTED_LENGTH \ (SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH) #define SSL3_RT_MAX_PACKET_SIZE \ @@ -347,7 +358,6 @@ typedef struct ssl3_state_st { /* flags for countermeasure against known-IV weakness */ int need_record_splitting; - int record_split_done; /* The value of 'extra' when the buffers were initialized */ int init_extra; @@ -399,9 +409,6 @@ typedef struct ssl3_state_st { * no more data in the read or write buffers */ int renegotiate; int total_renegotiations; - int num_renegotiations; - - int in_read_app_data; /* State pertaining to the pending handshake. * @@ -486,6 +493,10 @@ typedef struct ssl3_state_st { /* new_mac_secret_size is unused and exists only until wpa_supplicant can * be updated. It is only needed for EAP-FAST, which we don't support. */ uint8_t new_mac_secret_size; + + /* Client-only: in_false_start is one if there is a pending handshake in + * False Start. The client may write data at this point. */ + char in_false_start; } tmp; /* Connection binding to prevent renegotiation attacks */ @@ -528,7 +539,7 @@ typedef struct ssl3_state_st { /* client */ /* extra state */ #define SSL3_ST_CW_FLUSH (0x100 | SSL_ST_CONNECT) -#define SSL3_ST_CUTTHROUGH_COMPLETE (0x101 | SSL_ST_CONNECT) +#define SSL3_ST_FALSE_START (0x101 | SSL_ST_CONNECT) /* write to server */ #define SSL3_ST_CW_CLNT_HELLO_A (0x110 | SSL_ST_CONNECT) #define SSL3_ST_CW_CLNT_HELLO_B (0x111 | SSL_ST_CONNECT) @@ -583,8 +594,6 @@ typedef struct ssl3_state_st { #define SSL3_ST_SR_CLNT_HELLO_C (0x112 | SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_D (0x115 | SSL_ST_ACCEPT) /* write to client */ -#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113 | SSL_ST_ACCEPT) -#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114 | SSL_ST_ACCEPT) #define SSL3_ST_SW_HELLO_REQ_A (0x120 | SSL_ST_ACCEPT) #define SSL3_ST_SW_HELLO_REQ_B (0x121 | SSL_ST_ACCEPT) #define SSL3_ST_SW_HELLO_REQ_C (0x122 | SSL_ST_ACCEPT) diff --git a/src/include/openssl/stack.h b/src/include/openssl/stack.h index 0eeda7f..350fa14 100644 --- a/src/include/openssl/stack.h +++ b/src/include/openssl/stack.h @@ -114,7 +114,7 @@ typedef struct stack_st { #define DEFINE_STACK_OF(type) \ STACK_OF(type) {\ _STACK stack; \ -}; +} #define DECLARE_STACK_OF(type) STACK_OF(type); @@ -286,6 +286,13 @@ OPENSSL_EXPORT int sk_is_sorted(const _STACK *sk); * the previous one. */ OPENSSL_EXPORT stack_cmp_func sk_set_cmp_func(_STACK *sk, stack_cmp_func comp); +/* sk_deep_copy performs a copy of |sk| and of each of the non-NULL elements in + * |sk| by using |copy_func|. If an error occurs, |free_func| is used to free + * any copies already made and NULL is returned. */ +OPENSSL_EXPORT _STACK *sk_deep_copy(const _STACK *sk, + void *(*copy_func)(void *), + void (*free_func)(void *)); + #if defined(__cplusplus) } /* extern C */ diff --git a/src/include/openssl/stack_macros.h b/src/include/openssl/stack_macros.h index a62fce3..dadcf6b 100644 --- a/src/include/openssl/stack_macros.h +++ b/src/include/openssl/stack_macros.h @@ -88,14 +88,21 @@ #define sk_ACCESS_DESCRIPTION_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ACCESS_DESCRIPTION) *, sk)) -#define sk_ACCESS_DESCRIPTION_set_cmp_func(sk, comp) \ - ((int (*)(const ACCESS_DESCRIPTION **a, const ACCESS_DESCRIPTION **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(ACCESS_DESCRIPTION) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const ACCESS_DESCRIPTION **a, \ - const ACCESS_DESCRIPTION **b), \ - comp))) - +#define sk_ACCESS_DESCRIPTION_set_cmp_func(sk, comp) \ + ((int (*)(const ACCESS_DESCRIPTION **a, const ACCESS_DESCRIPTION **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(ACCESS_DESCRIPTION) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const ACCESS_DESCRIPTION **a, \ + const ACCESS_DESCRIPTION **b), \ + comp))) + +#define sk_ACCESS_DESCRIPTION_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ACCESS_DESCRIPTION) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ACCESS_DESCRIPTION) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + ACCESS_DESCRIPTION *(*)(ACCESS_DESCRIPTION *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ACCESS_DESCRIPTION *), \ + free_func))) /* ASN1_ADB_TABLE */ #define sk_ASN1_ADB_TABLE_new(comp) \ @@ -167,14 +174,20 @@ #define sk_ASN1_ADB_TABLE_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_ADB_TABLE) *, sk)) -#define sk_ASN1_ADB_TABLE_set_cmp_func(sk, comp) \ - ((int (*)(const ASN1_ADB_TABLE **a, const ASN1_ADB_TABLE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(ASN1_ADB_TABLE) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_ADB_TABLE **a, \ - const ASN1_ADB_TABLE **b), \ - comp))) - +#define sk_ASN1_ADB_TABLE_set_cmp_func(sk, comp) \ + ((int (*)(const ASN1_ADB_TABLE **a, const ASN1_ADB_TABLE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(ASN1_ADB_TABLE) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_ADB_TABLE **a, \ + const ASN1_ADB_TABLE **b), \ + comp))) + +#define sk_ASN1_ADB_TABLE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_ADB_TABLE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_ADB_TABLE) *, sk), \ + CHECKED_CAST(void *(*)(void *), ASN1_ADB_TABLE *(*)(ASN1_ADB_TABLE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_ADB_TABLE *), free_func))) /* ASN1_GENERALSTRING */ #define sk_ASN1_GENERALSTRING_new(comp) \ @@ -248,14 +261,21 @@ #define sk_ASN1_GENERALSTRING_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_GENERALSTRING) *, sk)) -#define sk_ASN1_GENERALSTRING_set_cmp_func(sk, comp) \ - ((int (*)(const ASN1_GENERALSTRING **a, const ASN1_GENERALSTRING **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(ASN1_GENERALSTRING) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_GENERALSTRING **a, \ - const ASN1_GENERALSTRING **b), \ - comp))) - +#define sk_ASN1_GENERALSTRING_set_cmp_func(sk, comp) \ + ((int (*)(const ASN1_GENERALSTRING **a, const ASN1_GENERALSTRING **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(ASN1_GENERALSTRING) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_GENERALSTRING **a, \ + const ASN1_GENERALSTRING **b), \ + comp))) + +#define sk_ASN1_GENERALSTRING_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_GENERALSTRING) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_GENERALSTRING) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + ASN1_GENERALSTRING *(*)(ASN1_GENERALSTRING *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_GENERALSTRING *), \ + free_func))) /* ASN1_INTEGER */ #define sk_ASN1_INTEGER_new(comp) \ @@ -333,6 +353,12 @@ int (*)(const ASN1_INTEGER **a, const ASN1_INTEGER **b), \ comp))) +#define sk_ASN1_INTEGER_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_INTEGER) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_INTEGER) *, sk), \ + CHECKED_CAST(void *(*)(void *), ASN1_INTEGER *(*)(ASN1_INTEGER *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_INTEGER *), free_func))) /* ASN1_OBJECT */ #define sk_ASN1_OBJECT_new(comp) \ @@ -408,6 +434,12 @@ int (*)(const ASN1_OBJECT **a, const ASN1_OBJECT **b), \ comp))) +#define sk_ASN1_OBJECT_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_OBJECT) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_OBJECT) *, sk), \ + CHECKED_CAST(void *(*)(void *), ASN1_OBJECT *(*)(ASN1_OBJECT *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_OBJECT *), free_func))) /* ASN1_STRING_TABLE */ #define sk_ASN1_STRING_TABLE_new(comp) \ @@ -481,14 +513,21 @@ #define sk_ASN1_STRING_TABLE_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_STRING_TABLE) *, sk)) -#define sk_ASN1_STRING_TABLE_set_cmp_func(sk, comp) \ - ((int (*)(const ASN1_STRING_TABLE **a, const ASN1_STRING_TABLE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(ASN1_STRING_TABLE) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_STRING_TABLE **a, \ - const ASN1_STRING_TABLE **b), \ - comp))) - +#define sk_ASN1_STRING_TABLE_set_cmp_func(sk, comp) \ + ((int (*)(const ASN1_STRING_TABLE **a, const ASN1_STRING_TABLE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(ASN1_STRING_TABLE) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const ASN1_STRING_TABLE **a, \ + const ASN1_STRING_TABLE **b), \ + comp))) + +#define sk_ASN1_STRING_TABLE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_STRING_TABLE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_STRING_TABLE) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + ASN1_STRING_TABLE *(*)(ASN1_STRING_TABLE *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_STRING_TABLE *), \ + free_func))) /* ASN1_TYPE */ #define sk_ASN1_TYPE_new(comp) \ @@ -563,6 +602,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const ASN1_TYPE **a, const ASN1_TYPE **b), comp))) +#define sk_ASN1_TYPE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_TYPE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_TYPE) *, sk), \ + CHECKED_CAST(void *(*)(void *), ASN1_TYPE *(*)(ASN1_TYPE *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_TYPE *), free_func))) /* ASN1_VALUE */ #define sk_ASN1_VALUE_new(comp) \ @@ -638,6 +682,12 @@ int (*)(const ASN1_VALUE **a, const ASN1_VALUE **b), \ comp))) +#define sk_ASN1_VALUE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(ASN1_VALUE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(ASN1_VALUE) *, sk), \ + CHECKED_CAST(void *(*)(void *), ASN1_VALUE *(*)(ASN1_VALUE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(ASN1_VALUE *), free_func))) /* BIO */ #define sk_BIO_new(comp) \ @@ -702,6 +752,11 @@ CHECKED_CAST(stack_cmp_func, int (*)(const BIO **a, const BIO **b), \ comp))) +#define sk_BIO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(BIO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(BIO) *, sk), \ + CHECKED_CAST(void *(*)(void *), BIO *(*)(BIO *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(BIO *), free_func))) /* BY_DIR_ENTRY */ #define sk_BY_DIR_ENTRY_new(comp) \ @@ -779,6 +834,12 @@ int (*)(const BY_DIR_ENTRY **a, const BY_DIR_ENTRY **b), \ comp))) +#define sk_BY_DIR_ENTRY_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(BY_DIR_ENTRY) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(BY_DIR_ENTRY) *, sk), \ + CHECKED_CAST(void *(*)(void *), BY_DIR_ENTRY *(*)(BY_DIR_ENTRY *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(BY_DIR_ENTRY *), free_func))) /* BY_DIR_HASH */ #define sk_BY_DIR_HASH_new(comp) \ @@ -854,6 +915,12 @@ int (*)(const BY_DIR_HASH **a, const BY_DIR_HASH **b), \ comp))) +#define sk_BY_DIR_HASH_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(BY_DIR_HASH) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(BY_DIR_HASH) *, sk), \ + CHECKED_CAST(void *(*)(void *), BY_DIR_HASH *(*)(BY_DIR_HASH *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(BY_DIR_HASH *), free_func))) /* CONF_VALUE */ #define sk_CONF_VALUE_new(comp) \ @@ -929,6 +996,12 @@ int (*)(const CONF_VALUE **a, const CONF_VALUE **b), \ comp))) +#define sk_CONF_VALUE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(CONF_VALUE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(CONF_VALUE) *, sk), \ + CHECKED_CAST(void *(*)(void *), CONF_VALUE *(*)(CONF_VALUE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(CONF_VALUE *), free_func))) /* CRYPTO_EX_DATA_FUNCS */ #define sk_CRYPTO_EX_DATA_FUNCS_new(comp) \ @@ -1006,12 +1079,22 @@ #define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(sk, comp) \ ((int (*)(const CRYPTO_EX_DATA_FUNCS **a, const CRYPTO_EX_DATA_FUNCS **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(CRYPTO_EX_DATA_FUNCS) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const CRYPTO_EX_DATA_FUNCS **a, \ - const CRYPTO_EX_DATA_FUNCS **b), \ - comp))) - + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(CRYPTO_EX_DATA_FUNCS) *, sk), \ + CHECKED_CAST(stack_cmp_func, \ + int (*)(const CRYPTO_EX_DATA_FUNCS **a, \ + const CRYPTO_EX_DATA_FUNCS **b), \ + comp))) + +#define sk_CRYPTO_EX_DATA_FUNCS_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(CRYPTO_EX_DATA_FUNCS) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(CRYPTO_EX_DATA_FUNCS) *, \ + sk), \ + CHECKED_CAST(void *(*)(void *), \ + CRYPTO_EX_DATA_FUNCS *(*)(CRYPTO_EX_DATA_FUNCS *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(CRYPTO_EX_DATA_FUNCS *), \ + free_func))) /* DIST_POINT */ #define sk_DIST_POINT_new(comp) \ @@ -1087,6 +1170,12 @@ int (*)(const DIST_POINT **a, const DIST_POINT **b), \ comp))) +#define sk_DIST_POINT_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(DIST_POINT) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(DIST_POINT) *, sk), \ + CHECKED_CAST(void *(*)(void *), DIST_POINT *(*)(DIST_POINT *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(DIST_POINT *), free_func))) /* GENERAL_NAME */ #define sk_GENERAL_NAME_new(comp) \ @@ -1164,6 +1253,12 @@ int (*)(const GENERAL_NAME **a, const GENERAL_NAME **b), \ comp))) +#define sk_GENERAL_NAME_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(GENERAL_NAME) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(GENERAL_NAME) *, sk), \ + CHECKED_CAST(void *(*)(void *), GENERAL_NAME *(*)(GENERAL_NAME *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(GENERAL_NAME *), free_func))) /* GENERAL_NAMES */ #define sk_GENERAL_NAMES_new(comp) \ @@ -1242,6 +1337,12 @@ int (*)(const GENERAL_NAMES **a, const GENERAL_NAMES **b), \ comp))) +#define sk_GENERAL_NAMES_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(GENERAL_NAMES) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(GENERAL_NAMES) *, sk), \ + CHECKED_CAST(void *(*)(void *), GENERAL_NAMES *(*)(GENERAL_NAMES *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(GENERAL_NAMES *), free_func))) /* GENERAL_SUBTREE */ #define sk_GENERAL_SUBTREE_new(comp) \ @@ -1314,14 +1415,20 @@ #define sk_GENERAL_SUBTREE_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(GENERAL_SUBTREE) *, sk)) -#define sk_GENERAL_SUBTREE_set_cmp_func(sk, comp) \ - ((int (*)(const GENERAL_SUBTREE **a, const GENERAL_SUBTREE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(GENERAL_SUBTREE) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const GENERAL_SUBTREE **a, \ - const GENERAL_SUBTREE **b), \ - comp))) - +#define sk_GENERAL_SUBTREE_set_cmp_func(sk, comp) \ + ((int (*)(const GENERAL_SUBTREE **a, const GENERAL_SUBTREE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(GENERAL_SUBTREE) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const GENERAL_SUBTREE **a, \ + const GENERAL_SUBTREE **b), \ + comp))) + +#define sk_GENERAL_SUBTREE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(GENERAL_SUBTREE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(GENERAL_SUBTREE) *, sk), \ + CHECKED_CAST(void *(*)(void *), GENERAL_SUBTREE *(*)(GENERAL_SUBTREE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(GENERAL_SUBTREE *), free_func))) /* MIME_HEADER */ #define sk_MIME_HEADER_new(comp) \ @@ -1397,6 +1504,12 @@ int (*)(const MIME_HEADER **a, const MIME_HEADER **b), \ comp))) +#define sk_MIME_HEADER_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(MIME_HEADER) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(MIME_HEADER) *, sk), \ + CHECKED_CAST(void *(*)(void *), MIME_HEADER *(*)(MIME_HEADER *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(MIME_HEADER *), free_func))) /* PKCS7_SIGNER_INFO */ #define sk_PKCS7_SIGNER_INFO_new(comp) \ @@ -1470,14 +1583,21 @@ #define sk_PKCS7_SIGNER_INFO_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_SIGNER_INFO) *, sk)) -#define sk_PKCS7_SIGNER_INFO_set_cmp_func(sk, comp) \ - ((int (*)(const PKCS7_SIGNER_INFO **a, const PKCS7_SIGNER_INFO **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_SIGNER_INFO **a, \ - const PKCS7_SIGNER_INFO **b), \ - comp))) - +#define sk_PKCS7_SIGNER_INFO_set_cmp_func(sk, comp) \ + ((int (*)(const PKCS7_SIGNER_INFO **a, const PKCS7_SIGNER_INFO **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(PKCS7_SIGNER_INFO) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_SIGNER_INFO **a, \ + const PKCS7_SIGNER_INFO **b), \ + comp))) + +#define sk_PKCS7_SIGNER_INFO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(PKCS7_SIGNER_INFO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(PKCS7_SIGNER_INFO) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + PKCS7_SIGNER_INFO *(*)(PKCS7_SIGNER_INFO *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(PKCS7_SIGNER_INFO *), \ + free_func))) /* PKCS7_RECIP_INFO */ #define sk_PKCS7_RECIP_INFO_new(comp) \ @@ -1550,14 +1670,21 @@ #define sk_PKCS7_RECIP_INFO_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(PKCS7_RECIP_INFO) *, sk)) -#define sk_PKCS7_RECIP_INFO_set_cmp_func(sk, comp) \ - ((int (*)(const PKCS7_RECIP_INFO **a, const PKCS7_RECIP_INFO **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_RECIP_INFO **a, \ - const PKCS7_RECIP_INFO **b), \ - comp))) - +#define sk_PKCS7_RECIP_INFO_set_cmp_func(sk, comp) \ + ((int (*)(const PKCS7_RECIP_INFO **a, const PKCS7_RECIP_INFO **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(PKCS7_RECIP_INFO) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const PKCS7_RECIP_INFO **a, \ + const PKCS7_RECIP_INFO **b), \ + comp))) + +#define sk_PKCS7_RECIP_INFO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(PKCS7_RECIP_INFO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(PKCS7_RECIP_INFO) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + PKCS7_RECIP_INFO *(*)(PKCS7_RECIP_INFO *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(PKCS7_RECIP_INFO *), \ + free_func))) /* POLICYINFO */ #define sk_POLICYINFO_new(comp) \ @@ -1633,6 +1760,12 @@ int (*)(const POLICYINFO **a, const POLICYINFO **b), \ comp))) +#define sk_POLICYINFO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(POLICYINFO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(POLICYINFO) *, sk), \ + CHECKED_CAST(void *(*)(void *), POLICYINFO *(*)(POLICYINFO *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(POLICYINFO *), free_func))) /* POLICYQUALINFO */ #define sk_POLICYQUALINFO_new(comp) \ @@ -1704,14 +1837,20 @@ #define sk_POLICYQUALINFO_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(POLICYQUALINFO) *, sk)) -#define sk_POLICYQUALINFO_set_cmp_func(sk, comp) \ - ((int (*)(const POLICYQUALINFO **a, const POLICYQUALINFO **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(POLICYQUALINFO) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const POLICYQUALINFO **a, \ - const POLICYQUALINFO **b), \ - comp))) - +#define sk_POLICYQUALINFO_set_cmp_func(sk, comp) \ + ((int (*)(const POLICYQUALINFO **a, const POLICYQUALINFO **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(POLICYQUALINFO) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const POLICYQUALINFO **a, \ + const POLICYQUALINFO **b), \ + comp))) + +#define sk_POLICYQUALINFO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(POLICYQUALINFO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(POLICYQUALINFO) *, sk), \ + CHECKED_CAST(void *(*)(void *), POLICYQUALINFO *(*)(POLICYQUALINFO *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(POLICYQUALINFO *), free_func))) /* POLICY_MAPPING */ #define sk_POLICY_MAPPING_new(comp) \ @@ -1783,14 +1922,20 @@ #define sk_POLICY_MAPPING_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(POLICY_MAPPING) *, sk)) -#define sk_POLICY_MAPPING_set_cmp_func(sk, comp) \ - ((int (*)(const POLICY_MAPPING **a, const POLICY_MAPPING **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(POLICY_MAPPING) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const POLICY_MAPPING **a, \ - const POLICY_MAPPING **b), \ - comp))) - +#define sk_POLICY_MAPPING_set_cmp_func(sk, comp) \ + ((int (*)(const POLICY_MAPPING **a, const POLICY_MAPPING **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(POLICY_MAPPING) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const POLICY_MAPPING **a, \ + const POLICY_MAPPING **b), \ + comp))) + +#define sk_POLICY_MAPPING_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(POLICY_MAPPING) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(POLICY_MAPPING) *, sk), \ + CHECKED_CAST(void *(*)(void *), POLICY_MAPPING *(*)(POLICY_MAPPING *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(POLICY_MAPPING *), free_func))) /* SSL_COMP */ #define sk_SSL_COMP_new(comp) \ @@ -1862,6 +2007,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const SSL_COMP **a, const SSL_COMP **b), comp))) +#define sk_SSL_COMP_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(SSL_COMP) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(SSL_COMP) *, sk), \ + CHECKED_CAST(void *(*)(void *), SSL_COMP *(*)(SSL_COMP *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(SSL_COMP *), free_func))) /* STACK_OF_X509_NAME_ENTRY */ #define sk_STACK_OF_X509_NAME_ENTRY_new(comp) \ @@ -1939,16 +2089,25 @@ sk_is_sorted( \ CHECKED_CAST(_STACK *, const STACK_OF(STACK_OF_X509_NAME_ENTRY) *, sk)) -#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(sk, comp) \ - ((int (*)(const STACK_OF_X509_NAME_ENTRY **a, \ - const STACK_OF_X509_NAME_ENTRY **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(STACK_OF_X509_NAME_ENTRY) *, sk), \ - CHECKED_CAST(stack_cmp_func, \ - int (*)(const STACK_OF_X509_NAME_ENTRY **a, \ - const STACK_OF_X509_NAME_ENTRY **b), \ - comp))) - +#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(sk, comp) \ + ((int (*)(const STACK_OF_X509_NAME_ENTRY **a, \ + const STACK_OF_X509_NAME_ENTRY **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(STACK_OF_X509_NAME_ENTRY) *, sk), \ + CHECKED_CAST(stack_cmp_func, \ + int (*)(const STACK_OF_X509_NAME_ENTRY **a, \ + const STACK_OF_X509_NAME_ENTRY **b), \ + comp))) + +#define sk_STACK_OF_X509_NAME_ENTRY_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(STACK_OF_X509_NAME_ENTRY) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(STACK_OF_X509_NAME_ENTRY) *, \ + sk), \ + CHECKED_CAST(void *(*)(void *), \ + STACK_OF_X509_NAME_ENTRY *(*)(STACK_OF_X509_NAME_ENTRY *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(STACK_OF_X509_NAME_ENTRY *), \ + free_func))) /* SXNETID */ #define sk_SXNETID_new(comp) \ @@ -2020,6 +2179,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const SXNETID **a, const SXNETID **b), comp))) +#define sk_SXNETID_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(SXNETID) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(SXNETID) *, sk), \ + CHECKED_CAST(void *(*)(void *), SXNETID *(*)(SXNETID *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(SXNETID *), free_func))) /* X509 */ #define sk_X509_new(comp) \ @@ -2084,6 +2248,11 @@ CHECKED_CAST(stack_cmp_func, int (*)(const X509 **a, const X509 **b), \ comp))) +#define sk_X509_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509 *(*)(X509 *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509 *), free_func))) /* X509V3_EXT_METHOD */ #define sk_X509V3_EXT_METHOD_new(comp) \ @@ -2157,14 +2326,21 @@ #define sk_X509V3_EXT_METHOD_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509V3_EXT_METHOD) *, sk)) -#define sk_X509V3_EXT_METHOD_set_cmp_func(sk, comp) \ - ((int (*)(const X509V3_EXT_METHOD **a, const X509V3_EXT_METHOD **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509V3_EXT_METHOD) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509V3_EXT_METHOD **a, \ - const X509V3_EXT_METHOD **b), \ - comp))) - +#define sk_X509V3_EXT_METHOD_set_cmp_func(sk, comp) \ + ((int (*)(const X509V3_EXT_METHOD **a, const X509V3_EXT_METHOD **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509V3_EXT_METHOD) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509V3_EXT_METHOD **a, \ + const X509V3_EXT_METHOD **b), \ + comp))) + +#define sk_X509V3_EXT_METHOD_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509V3_EXT_METHOD) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509V3_EXT_METHOD) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + X509V3_EXT_METHOD *(*)(X509V3_EXT_METHOD *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509V3_EXT_METHOD *), \ + free_func))) /* X509_ALGOR */ #define sk_X509_ALGOR_new(comp) \ @@ -2240,6 +2416,12 @@ int (*)(const X509_ALGOR **a, const X509_ALGOR **b), \ comp))) +#define sk_X509_ALGOR_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_ALGOR) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_ALGOR) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_ALGOR *(*)(X509_ALGOR *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_ALGOR *), free_func))) /* X509_ATTRIBUTE */ #define sk_X509_ATTRIBUTE_new(comp) \ @@ -2311,14 +2493,20 @@ #define sk_X509_ATTRIBUTE_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_ATTRIBUTE) *, sk)) -#define sk_X509_ATTRIBUTE_set_cmp_func(sk, comp) \ - ((int (*)(const X509_ATTRIBUTE **a, const X509_ATTRIBUTE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_ATTRIBUTE) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_ATTRIBUTE **a, \ - const X509_ATTRIBUTE **b), \ - comp))) - +#define sk_X509_ATTRIBUTE_set_cmp_func(sk, comp) \ + ((int (*)(const X509_ATTRIBUTE **a, const X509_ATTRIBUTE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_ATTRIBUTE) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_ATTRIBUTE **a, \ + const X509_ATTRIBUTE **b), \ + comp))) + +#define sk_X509_ATTRIBUTE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_ATTRIBUTE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_ATTRIBUTE) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_ATTRIBUTE *(*)(X509_ATTRIBUTE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_ATTRIBUTE *), free_func))) /* X509_CRL */ #define sk_X509_CRL_new(comp) \ @@ -2390,6 +2578,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const X509_CRL **a, const X509_CRL **b), comp))) +#define sk_X509_CRL_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_CRL) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_CRL) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_CRL *(*)(X509_CRL *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_CRL *), free_func))) /* X509_EXTENSION */ #define sk_X509_EXTENSION_new(comp) \ @@ -2461,14 +2654,20 @@ #define sk_X509_EXTENSION_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_EXTENSION) *, sk)) -#define sk_X509_EXTENSION_set_cmp_func(sk, comp) \ - ((int (*)(const X509_EXTENSION **a, const X509_EXTENSION **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_EXTENSION) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_EXTENSION **a, \ - const X509_EXTENSION **b), \ - comp))) - +#define sk_X509_EXTENSION_set_cmp_func(sk, comp) \ + ((int (*)(const X509_EXTENSION **a, const X509_EXTENSION **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_EXTENSION) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_EXTENSION **a, \ + const X509_EXTENSION **b), \ + comp))) + +#define sk_X509_EXTENSION_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_EXTENSION) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_EXTENSION) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_EXTENSION *(*)(X509_EXTENSION *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_EXTENSION *), free_func))) /* X509_INFO */ #define sk_X509_INFO_new(comp) \ @@ -2543,6 +2742,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const X509_INFO **a, const X509_INFO **b), comp))) +#define sk_X509_INFO_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_INFO) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_INFO) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_INFO *(*)(X509_INFO *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_INFO *), free_func))) /* X509_LOOKUP */ #define sk_X509_LOOKUP_new(comp) \ @@ -2618,6 +2822,12 @@ int (*)(const X509_LOOKUP **a, const X509_LOOKUP **b), \ comp))) +#define sk_X509_LOOKUP_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_LOOKUP) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_LOOKUP) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_LOOKUP *(*)(X509_LOOKUP *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_LOOKUP *), free_func))) /* X509_NAME */ #define sk_X509_NAME_new(comp) \ @@ -2692,6 +2902,11 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const X509_NAME **a, const X509_NAME **b), comp))) +#define sk_X509_NAME_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_NAME) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_NAME) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_NAME *(*)(X509_NAME *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_NAME *), free_func))) /* X509_NAME_ENTRY */ #define sk_X509_NAME_ENTRY_new(comp) \ @@ -2764,14 +2979,20 @@ #define sk_X509_NAME_ENTRY_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_NAME_ENTRY) *, sk)) -#define sk_X509_NAME_ENTRY_set_cmp_func(sk, comp) \ - ((int (*)(const X509_NAME_ENTRY **a, const X509_NAME_ENTRY **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_NAME_ENTRY **a, \ - const X509_NAME_ENTRY **b), \ - comp))) - +#define sk_X509_NAME_ENTRY_set_cmp_func(sk, comp) \ + ((int (*)(const X509_NAME_ENTRY **a, const X509_NAME_ENTRY **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_NAME_ENTRY) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_NAME_ENTRY **a, \ + const X509_NAME_ENTRY **b), \ + comp))) + +#define sk_X509_NAME_ENTRY_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_NAME_ENTRY) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_NAME_ENTRY) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_NAME_ENTRY *(*)(X509_NAME_ENTRY *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_NAME_ENTRY *), free_func))) /* X509_OBJECT */ #define sk_X509_OBJECT_new(comp) \ @@ -2847,6 +3068,12 @@ int (*)(const X509_OBJECT **a, const X509_OBJECT **b), \ comp))) +#define sk_X509_OBJECT_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_OBJECT) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_OBJECT) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_OBJECT *(*)(X509_OBJECT *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_OBJECT *), free_func))) /* X509_POLICY_DATA */ #define sk_X509_POLICY_DATA_new(comp) \ @@ -2919,14 +3146,21 @@ #define sk_X509_POLICY_DATA_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_POLICY_DATA) *, sk)) -#define sk_X509_POLICY_DATA_set_cmp_func(sk, comp) \ - ((int (*)(const X509_POLICY_DATA **a, const X509_POLICY_DATA **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_DATA) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_DATA **a, \ - const X509_POLICY_DATA **b), \ - comp))) - +#define sk_X509_POLICY_DATA_set_cmp_func(sk, comp) \ + ((int (*)(const X509_POLICY_DATA **a, const X509_POLICY_DATA **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_DATA) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_DATA **a, \ + const X509_POLICY_DATA **b), \ + comp))) + +#define sk_X509_POLICY_DATA_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_POLICY_DATA) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_POLICY_DATA) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + X509_POLICY_DATA *(*)(X509_POLICY_DATA *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_POLICY_DATA *), \ + free_func))) /* X509_POLICY_NODE */ #define sk_X509_POLICY_NODE_new(comp) \ @@ -2999,14 +3233,21 @@ #define sk_X509_POLICY_NODE_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_POLICY_NODE) *, sk)) -#define sk_X509_POLICY_NODE_set_cmp_func(sk, comp) \ - ((int (*)(const X509_POLICY_NODE **a, const X509_POLICY_NODE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_NODE) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_NODE **a, \ - const X509_POLICY_NODE **b), \ - comp))) - +#define sk_X509_POLICY_NODE_set_cmp_func(sk, comp) \ + ((int (*)(const X509_POLICY_NODE **a, const X509_POLICY_NODE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_POLICY_NODE) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_POLICY_NODE **a, \ + const X509_POLICY_NODE **b), \ + comp))) + +#define sk_X509_POLICY_NODE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_POLICY_NODE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_POLICY_NODE) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + X509_POLICY_NODE *(*)(X509_POLICY_NODE *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_POLICY_NODE *), \ + free_func))) /* X509_PURPOSE */ #define sk_X509_PURPOSE_new(comp) \ @@ -3084,6 +3325,12 @@ int (*)(const X509_PURPOSE **a, const X509_PURPOSE **b), \ comp))) +#define sk_X509_PURPOSE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_PURPOSE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_PURPOSE) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_PURPOSE *(*)(X509_PURPOSE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_PURPOSE *), free_func))) /* X509_REVOKED */ #define sk_X509_REVOKED_new(comp) \ @@ -3161,6 +3408,12 @@ int (*)(const X509_REVOKED **a, const X509_REVOKED **b), \ comp))) +#define sk_X509_REVOKED_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_REVOKED) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_REVOKED) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_REVOKED *(*)(X509_REVOKED *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_REVOKED *), free_func))) /* X509_TRUST */ #define sk_X509_TRUST_new(comp) \ @@ -3236,6 +3489,12 @@ int (*)(const X509_TRUST **a, const X509_TRUST **b), \ comp))) +#define sk_X509_TRUST_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_TRUST) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_TRUST) *, sk), \ + CHECKED_CAST(void *(*)(void *), X509_TRUST *(*)(X509_TRUST *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_TRUST *), free_func))) /* X509_VERIFY_PARAM */ #define sk_X509_VERIFY_PARAM_new(comp) \ @@ -3309,14 +3568,21 @@ #define sk_X509_VERIFY_PARAM_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(X509_VERIFY_PARAM) *, sk)) -#define sk_X509_VERIFY_PARAM_set_cmp_func(sk, comp) \ - ((int (*)(const X509_VERIFY_PARAM **a, const X509_VERIFY_PARAM **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(X509_VERIFY_PARAM) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const X509_VERIFY_PARAM **a, \ - const X509_VERIFY_PARAM **b), \ - comp))) - +#define sk_X509_VERIFY_PARAM_set_cmp_func(sk, comp) \ + ((int (*)(const X509_VERIFY_PARAM **a, const X509_VERIFY_PARAM **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(X509_VERIFY_PARAM) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const X509_VERIFY_PARAM **a, \ + const X509_VERIFY_PARAM **b), \ + comp))) + +#define sk_X509_VERIFY_PARAM_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(X509_VERIFY_PARAM) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(X509_VERIFY_PARAM) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + X509_VERIFY_PARAM *(*)(X509_VERIFY_PARAM *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(X509_VERIFY_PARAM *), \ + free_func))) /* void */ #define sk_void_new(comp) \ @@ -3381,6 +3647,11 @@ CHECKED_CAST(stack_cmp_func, int (*)(const void **a, const void **b), \ comp))) +#define sk_void_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(void)*)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(void)*, sk), \ + CHECKED_CAST(void *(*)(void *), void *(*)(void *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(void *), free_func))) /* SRTP_PROTECTION_PROFILE */ #define sk_SRTP_PROTECTION_PROFILE_new(comp) \ @@ -3459,16 +3730,25 @@ sk_is_sorted( \ CHECKED_CAST(_STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, sk)) -#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(sk, comp) \ - ((int (*)(const SRTP_PROTECTION_PROFILE **a, \ - const SRTP_PROTECTION_PROFILE **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \ - CHECKED_CAST(stack_cmp_func, \ - int (*)(const SRTP_PROTECTION_PROFILE **a, \ - const SRTP_PROTECTION_PROFILE **b), \ - comp))) - +#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(sk, comp) \ + ((int (*)(const SRTP_PROTECTION_PROFILE **a, \ + const SRTP_PROTECTION_PROFILE **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(SRTP_PROTECTION_PROFILE) *, sk), \ + CHECKED_CAST(stack_cmp_func, \ + int (*)(const SRTP_PROTECTION_PROFILE **a, \ + const SRTP_PROTECTION_PROFILE **b), \ + comp))) + +#define sk_SRTP_PROTECTION_PROFILE_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(SRTP_PROTECTION_PROFILE) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(SRTP_PROTECTION_PROFILE) *, \ + sk), \ + CHECKED_CAST(void *(*)(void *), const SRTP_PROTECTION_PROFILE *(*)( \ + const SRTP_PROTECTION_PROFILE *), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), \ + void (*)(const SRTP_PROTECTION_PROFILE *), free_func))) /* SSL_CIPHER */ #define sk_SSL_CIPHER_new(comp) \ @@ -3547,6 +3827,13 @@ int (*)(const SSL_CIPHER **a, const SSL_CIPHER **b), \ comp))) +#define sk_SSL_CIPHER_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(SSL_CIPHER) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(SSL_CIPHER) *, sk), \ + CHECKED_CAST(void *(*)(void *), \ + const SSL_CIPHER *(*)(const SSL_CIPHER *), copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(const SSL_CIPHER *), \ + free_func))) /* OPENSSL_STRING */ #define sk_OPENSSL_STRING_new(comp) \ @@ -3618,14 +3905,20 @@ #define sk_OPENSSL_STRING_is_sorted(sk) \ sk_is_sorted(CHECKED_CAST(_STACK *, const STACK_OF(OPENSSL_STRING) *, sk)) -#define sk_OPENSSL_STRING_set_cmp_func(sk, comp) \ - ((int (*)(const OPENSSL_STRING **a, const OPENSSL_STRING **b)) \ - sk_set_cmp_func( \ - CHECKED_CAST(_STACK *, STACK_OF(OPENSSL_STRING) *, sk), \ - CHECKED_CAST(stack_cmp_func, int (*)(const OPENSSL_STRING **a, \ - const OPENSSL_STRING **b), \ - comp))) - +#define sk_OPENSSL_STRING_set_cmp_func(sk, comp) \ + ((int (*)(const OPENSSL_STRING **a, const OPENSSL_STRING **b)) \ + sk_set_cmp_func( \ + CHECKED_CAST(_STACK *, STACK_OF(OPENSSL_STRING) *, sk), \ + CHECKED_CAST(stack_cmp_func, int (*)(const OPENSSL_STRING **a, \ + const OPENSSL_STRING **b), \ + comp))) + +#define sk_OPENSSL_STRING_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(OPENSSL_STRING) *, sk), \ + CHECKED_CAST(void *(*)(void *), OPENSSL_STRING (*)(OPENSSL_STRING), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(OPENSSL_STRING), free_func))) /* OPENSSL_BLOCK */ #define sk_OPENSSL_BLOCK_new(comp) \ @@ -3702,3 +3995,10 @@ CHECKED_CAST(stack_cmp_func, \ int (*)(const OPENSSL_BLOCK **a, const OPENSSL_BLOCK **b), \ comp))) + +#define sk_OPENSSL_BLOCK_deep_copy(sk, copy_func, free_func) \ + ((STACK_OF(OPENSSL_BLOCK) *)sk_deep_copy( \ + CHECKED_CAST(const _STACK *, const STACK_OF(OPENSSL_BLOCK) *, sk), \ + CHECKED_CAST(void *(*)(void *), OPENSSL_BLOCK (*)(OPENSSL_BLOCK), \ + copy_func), \ + CHECKED_CAST(void (*)(void *), void (*)(OPENSSL_BLOCK), free_func))) diff --git a/src/include/openssl/thread.h b/src/include/openssl/thread.h index ea65405..f6e7529 100644 --- a/src/include/openssl/thread.h +++ b/src/include/openssl/thread.h @@ -57,6 +57,8 @@ #ifndef OPENSSL_HEADER_THREAD_H #define OPENSSL_HEADER_THREAD_H +#include <sys/types.h> + #include <openssl/base.h> #if defined(__cplusplus) @@ -64,21 +66,40 @@ extern "C" { #endif +#if defined(OPENSSL_NO_THREADS) +typedef struct crypto_mutex_st {} CRYPTO_MUTEX; +#elif defined(OPENSSL_WINDOWS) +/* CRYPTO_MUTEX can appear in public header files so we really don't want to + * pull in windows.h. It's statically asserted that this structure is large + * enough to contain a Windows CRITICAL_SECTION by thread_win.c. */ +typedef union crypto_mutex_st { + double alignment; + uint8_t padding[4*sizeof(void*) + 2*sizeof(int)]; +} CRYPTO_MUTEX; +#elif defined(__MACH__) && defined(__APPLE__) +typedef pthread_rwlock_t CRYPTO_MUTEX; +#else +/* It is reasonable to include pthread.h on non-Windows systems, however the + * |pthread_rwlock_t| that we need is hidden under feature flags, and we can't + * ensure that we'll be able to get it. It's statically asserted that this + * structure is large enough to contain a |pthread_rwlock_t| by + * thread_pthread.c. */ +typedef union crypto_mutex_st { + double alignment; + uint8_t padding[3*sizeof(int) + 5*sizeof(unsigned) + 16 + 8]; +} CRYPTO_MUTEX; +#endif + + /* Functions to support multithreading. * * OpenSSL can safely be used in multi-threaded applications provided that at - * least two callback functions are set with |CRYPTO_set_locking_callback| and - * |CRYPTO_THREADID_set_callback|. + * least |CRYPTO_set_locking_callback| is set. * * The locking callback performs mutual exclusion. Rather than using a single * lock for all, shared data-structures, OpenSSL requires that the locking * callback support a fixed (at run-time) number of different locks, given by - * |CRYPTO_num_locks|. - * - * The thread ID callback is called to record the currently executing thread's - * identifier in a |CRYPTO_THREADID| structure. If this callback is not - * provided then the address of |errno| is used as the thread identifier. This - * is sufficient only if the system has a thread-local |errno| value. */ + * |CRYPTO_num_locks|. */ /* CRYPTO_num_locks returns the number of static locks that the callback @@ -116,27 +137,22 @@ OPENSSL_EXPORT void CRYPTO_set_add_lock_callback(int (*func)( OPENSSL_EXPORT const char *CRYPTO_get_lock_name(int lock_num); -/* CRYPTO_THREADID identifies a thread in a multithreaded program. This - * structure should not be used directly. Rather applications should use - * |CRYPTO_THREADID_set_numeric| and |CRYPTO_THREADID_set_pointer|. */ -typedef struct crypto_threadid_st { - void *ptr; - unsigned long val; -} CRYPTO_THREADID; - -/* CRYPTO_THREADID_set_callback sets a callback function that stores an - * identifier of the currently executing thread into |threadid|. The - * CRYPTO_THREADID structure should not be accessed directly. Rather one of - * |CRYPTO_THREADID_set_numeric| or |CRYPTO_THREADID_set_pointer| should be - * used depending on whether thread IDs are numbers or pointers on the host - * system. */ +/* Deprecated functions */ + +/* CRYPTO_THREADID_set_callback does nothing. */ OPENSSL_EXPORT int CRYPTO_THREADID_set_callback( void (*threadid_func)(CRYPTO_THREADID *threadid)); +/* CRYPTO_THREADID_set_numeric does nothing. */ OPENSSL_EXPORT void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); + +/* CRYPTO_THREADID_set_pointer does nothing. */ OPENSSL_EXPORT void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); +/* CRYPTO_THREADID_current does nothing. */ +OPENSSL_EXPORT void CRYPTO_THREADID_current(CRYPTO_THREADID *id); + /* Private functions: */ @@ -158,70 +174,43 @@ OPENSSL_EXPORT void CRYPTO_lock(int mode, int lock_num, const char *file, /* CRYPTO_add_lock adds |amount| to |*pointer|, protected by the lock specified * by |lock_num|. It returns the new value of |*pointer|. Don't call this - * function directly, rather use the |CRYPTO_add_lock| macro. - * - * TODO(fork): rename to CRYPTO_add_locked. */ + * function directly, rather use the |CRYPTO_add| macro. */ OPENSSL_EXPORT int CRYPTO_add_lock(int *pointer, int amount, int lock_num, const char *file, int line); - -/* CRYPTO_THREADID_current stores the current thread identifier in |id|. */ -OPENSSL_EXPORT void CRYPTO_THREADID_current(CRYPTO_THREADID *id); - -/* CRYPTO_THREADID_cmp returns < 0, 0 or > 0 if |a| is less than, equal to or - * greater than |b|, respectively. */ -int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); - -/* CRYPTO_THREADID_cpy sets |*dest| equal to |*src|. */ -void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); - -/* CRYPTO_THREADID_hash returns a hash of the numeric value of |id|. */ -uint32_t CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); - -/* These are the locks used by OpenSSL. These values should match up with the - * table in thread.c. */ -#define CRYPTO_LOCK_ERR 1 -#define CRYPTO_LOCK_EX_DATA 2 -#define CRYPTO_LOCK_X509 3 -#define CRYPTO_LOCK_X509_INFO 4 -#define CRYPTO_LOCK_X509_PKEY 5 -#define CRYPTO_LOCK_X509_CRL 6 -#define CRYPTO_LOCK_X509_REQ 7 -#define CRYPTO_LOCK_DSA 8 -#define CRYPTO_LOCK_RSA 9 -#define CRYPTO_LOCK_EVP_PKEY 10 -#define CRYPTO_LOCK_X509_STORE 11 -#define CRYPTO_LOCK_SSL_CTX 12 -#define CRYPTO_LOCK_SSL_CERT 13 -#define CRYPTO_LOCK_SSL_SESSION 14 -#define CRYPTO_LOCK_SSL_SESS_CERT 15 -#define CRYPTO_LOCK_SSL 16 -#define CRYPTO_LOCK_SSL_METHOD 17 -#define CRYPTO_LOCK_RAND 18 -#define CRYPTO_LOCK_RAND2 19 -#define CRYPTO_LOCK_MALLOC 20 -#define CRYPTO_LOCK_BIO 21 -#define CRYPTO_LOCK_GETHOSTBYNAME 22 -#define CRYPTO_LOCK_GETSERVBYNAME 23 -#define CRYPTO_LOCK_READDIR 24 -#define CRYPTO_LOCK_RSA_BLINDING 25 -#define CRYPTO_LOCK_DH 26 -#define CRYPTO_LOCK_MALLOC2 27 -#define CRYPTO_LOCK_DSO 28 -#define CRYPTO_LOCK_DYNLOCK 29 -#define CRYPTO_LOCK_ENGINE 30 -#define CRYPTO_LOCK_UI 31 -#define CRYPTO_LOCK_ECDSA 32 -#define CRYPTO_LOCK_EC 33 -#define CRYPTO_LOCK_ECDH 34 -#define CRYPTO_LOCK_BN 35 -#define CRYPTO_LOCK_EC_PRE_COMP 36 -#define CRYPTO_LOCK_STORE 37 -#define CRYPTO_LOCK_COMP 38 -#define CRYPTO_LOCK_FIPS 39 -#define CRYPTO_LOCK_FIPS2 40 -#define CRYPTO_LOCK_OBJ 40 -#define CRYPTO_NUM_LOCKS 42 +/* Lock IDs start from 1. CRYPTO_LOCK_INVALID_LOCK is an unused placeholder + * used to ensure no lock has ID 0. */ +#define CRYPTO_LOCK_LIST \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_INVALID_LOCK), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_BIO), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_DH), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_DSA), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EC), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EC_PRE_COMP), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_ERR), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EVP_PKEY), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EX_DATA), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_OBJ), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RAND), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_READDIR), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RSA), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RSA_BLINDING), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_SSL_CTX), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_SSL_SESSION), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_INFO), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_PKEY), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_CRL), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_REQ), \ + CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_STORE), \ + +#define CRYPTO_LOCK_ITEM(x) x + +enum { + CRYPTO_LOCK_LIST +}; + +#undef CRYPTO_LOCK_ITEM #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 diff --git a/src/include/openssl/time_support.h b/src/include/openssl/time_support.h index d03a99d..912e672 100644 --- a/src/include/openssl/time_support.h +++ b/src/include/openssl/time_support.h @@ -60,7 +60,6 @@ #include <openssl/base.h> -#include <time.h> #if defined(__cplusplus) extern "C" { diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h index 95731ff..e085e15 100644 --- a/src/include/openssl/tls1.h +++ b/src/include/openssl/tls1.h @@ -161,24 +161,6 @@ extern "C" { #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 -#define TLS1_2_VERSION 0x0303 -#define TLS1_2_VERSION_MAJOR 0x03 -#define TLS1_2_VERSION_MINOR 0x03 - -#define TLS1_1_VERSION 0x0302 -#define TLS1_1_VERSION_MAJOR 0x03 -#define TLS1_1_VERSION_MINOR 0x02 - -#define TLS1_VERSION 0x0301 -#define TLS1_VERSION_MAJOR 0x03 -#define TLS1_VERSION_MINOR 0x01 - -#define TLS1_get_version(s) \ - ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) - -#define TLS1_get_client_version(s) \ - ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) - #define TLS1_AD_DECRYPTION_FAILED 21 #define TLS1_AD_RECORD_OVERFLOW 22 #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ @@ -298,16 +280,16 @@ extern "C" { OPENSSL_EXPORT const char *SSL_get_servername(const SSL *s, const int type); OPENSSL_EXPORT int SSL_get_servername_type(const SSL *s); -/* SSL_export_keying_material exports a value derived from the master secret, - * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + +/* SSL_export_keying_material exports a value derived from the master secret, as + * specified in RFC 5705. It writes |out_len| bytes to |out| given a label and * optional context. (Since a zero length context is allowed, the |use_context| * flag controls whether a context is included.) * - * It returns 1 on success and zero otherwise. */ -OPENSSL_EXPORT int SSL_export_keying_material(SSL *s, uint8_t *out, size_t olen, - const char *label, size_t llen, - const uint8_t *p, size_t plen, - int use_context); + * It returns one on success and zero otherwise. */ +OPENSSL_EXPORT int SSL_export_keying_material( + SSL *s, uint8_t *out, size_t out_len, const char *label, size_t label_len, + const uint8_t *context, size_t context_len, int use_context); OPENSSL_EXPORT int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, uint8_t *rsig, @@ -317,44 +299,61 @@ OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, uint8_t *rsig, uint8_t *rhash); -#define SSL_set_tlsext_host_name(s, name) \ - SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, \ - (char *)name) - -#define SSL_set_tlsext_debug_callback(ssl, cb) \ - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_DEBUG_CB, (void (*)(void))cb) - -#define SSL_set_tlsext_debug_arg(ssl, arg) \ - SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_DEBUG_ARG, 0, (void *)arg) +/* SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name| + * in the server_name extension. It returns one on success and zero on error. */ +OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name); -#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, \ - (void (*)(void))cb) +/* SSL_CTX_set_tlsext_servername_callback configures |callback| to be called on + * the server after ClientHello extensions have been parsed and returns one. + * |callback| may use |SSL_get_servername| to examine the server_name extension + * and return a |SSL_TLSEXT_ERR_*| value. If it returns |SSL_TLSEXT_ERR_NOACK|, + * the server_name extension is not acknowledged in the ServerHello. If the + * return value signals an alert, |callback| should set |*out_alert| to the + * alert to send. */ +OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback( + SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)); #define SSL_TLSEXT_ERR_OK 0 #define SSL_TLSEXT_ERR_ALERT_WARNING 1 #define SSL_TLSEXT_ERR_ALERT_FATAL 2 #define SSL_TLSEXT_ERR_NOACK 3 -#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, (void *)arg) +/* SSL_CTX_set_tlsext_servername_arg sets the argument to the servername + * callback and returns one. See |SSL_CTX_set_tlsext_servername_callback|. */ +OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx), SSL_CTRL_GET_TLSEXT_TICKET_KEYS, (keylen), (keys)) #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys)) -#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ - SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, \ - (void (*)(void))cb) - -#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ - SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, (void *)arg) - -#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ - SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \ - (void (*)(void))cb) - +/* SSL_CTX_set_tlsext_ticket_key_cb sets the ticket callback to |callback| and + * returns one. |callback| will be called when encrypting a new ticket and when + * decrypting a ticket from the client. + * + * In both modes, |ctx| and |hmac_ctx| will already have been initialized with + * |EVP_CIPHER_CTX_init| and |HMAC_CTX_init|, respectively. |callback| + * configures |hmac_ctx| with an HMAC digest and key, and configures |ctx| + * for encryption or decryption, based on the mode. + * + * When encrypting a new ticket, |encrypt| will be one. It writes a public + * 16-byte key name to |key_name| and a fresh IV to |iv|. The output IV length + * must match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, + * |callback| returns 1 on success and -1 on error. + * + * When decrypting a ticket, |encrypt| will be zero. |key_name| will point to a + * 16-byte key name and |iv| points to an IV. The length of the IV consumed must + * match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, + * |callback| returns -1 to abort the handshake, 0 if decrypting the ticket + * failed, and 1 or 2 on success. If it returns 2, the ticket will be renewed. + * This may be used to re-key the ticket. + * + * WARNING: |callback| wildly breaks the usual return value convention and is + * called in two different modes. */ +OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb( + SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, + EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, + int encrypt)); /* PSK ciphersuites from 4279 */ #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A @@ -689,8 +688,6 @@ OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, #define TLS_CT_RSA_FIXED_ECDH 65 #define TLS_CT_ECDSA_FIXED_ECDH 66 -#define TLS1_FINISH_MAC_LENGTH 12 - #define TLS_MD_MAX_CONST_SIZE 20 #define TLS_MD_CLIENT_FINISH_CONST "client finished" #define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 diff --git a/src/include/openssl/x509.h b/src/include/openssl/x509.h index 2a79887..ef1d7fb 100644 --- a/src/include/openssl/x509.h +++ b/src/include/openssl/x509.h @@ -748,8 +748,6 @@ DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); -OPENSSL_EXPORT int X509_get_pubkey_parameters(EVP_PKEY *pkey, - STACK_OF(X509) *chain); OPENSSL_EXPORT int i2d_PUBKEY(const EVP_PKEY *a,unsigned char **pp); OPENSSL_EXPORT EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp, long length); @@ -1221,112 +1219,101 @@ OPENSSL_EXPORT int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls, } #endif -#define X509_F_x509_name_ex_new 100 -#define X509_F_X509_EXTENSION_create_by_NID 101 -#define X509_F_X509_load_crl_file 102 -#define X509_F_X509_TRUST_set 103 -#define X509_F_X509_EXTENSION_create_by_OBJ 104 -#define X509_F_by_file_ctrl 105 -#define X509_F_X509_load_cert_crl_file 106 -#define X509_F_X509_CRL_add0_revoked 107 -#define X509_F_bitstr_cb 108 -#define X509_F_X509_STORE_CTX_new 109 -#define X509_F_X509_REQ_to_X509 110 -#define X509_F_X509v3_add_ext 111 -#define X509_F_ASN1_sign 112 -#define X509_F_asn1_str2type 113 -#define X509_F_i2d_RSA_PUBKEY 114 -#define X509_F_ASN1_item_sign_ctx 115 -#define X509_F_x509_name_encode 116 -#define X509_F_d2i_X509_PKEY 117 -#define X509_F_ASN1_generate_v3 118 -#define X509_F_dir_ctrl 119 -#define X509_F_X509_print_ex_fp 120 -#define X509_F_X509_ATTRIBUTE_get0_data 121 -#define X509_F_X509_NAME_oneline 122 -#define X509_F_X509_CRL_print_fp 123 -#define X509_F_X509_STORE_CTX_get1_issuer 124 -#define X509_F_add_cert_dir 125 -#define X509_F_PKCS7_get_certificates 126 -#define X509_F_X509_ATTRIBUTE_create_by_NID 127 -#define X509_F_X509_ATTRIBUTE_set1_data 128 +#define X509_F_ASN1_digest 100 +#define X509_F_ASN1_item_sign_ctx 101 +#define X509_F_ASN1_item_verify 102 +#define X509_F_NETSCAPE_SPKI_b64_decode 103 +#define X509_F_NETSCAPE_SPKI_b64_encode 104 +#define X509_F_PKCS7_get_certificates 105 +#define X509_F_X509_ATTRIBUTE_create_by_NID 106 +#define X509_F_X509_ATTRIBUTE_create_by_OBJ 107 +#define X509_F_X509_ATTRIBUTE_create_by_txt 108 +#define X509_F_X509_ATTRIBUTE_get0_data 109 +#define X509_F_X509_ATTRIBUTE_set1_data 110 +#define X509_F_X509_CRL_add0_revoked 111 +#define X509_F_X509_CRL_diff 112 +#define X509_F_X509_CRL_print_fp 113 +#define X509_F_X509_EXTENSION_create_by_NID 114 +#define X509_F_X509_EXTENSION_create_by_OBJ 115 +#define X509_F_X509_INFO_new 116 +#define X509_F_X509_NAME_ENTRY_create_by_NID 117 +#define X509_F_X509_NAME_ENTRY_create_by_txt 118 +#define X509_F_X509_NAME_ENTRY_set_object 119 +#define X509_F_X509_NAME_add_entry 120 +#define X509_F_X509_NAME_oneline 121 +#define X509_F_X509_NAME_print 122 +#define X509_F_X509_PKEY_new 123 +#define X509_F_X509_PUBKEY_get 124 +#define X509_F_X509_PUBKEY_set 125 +#define X509_F_X509_REQ_check_private_key 126 +#define X509_F_X509_REQ_to_X509 127 +#define X509_F_X509_STORE_CTX_get1_issuer 128 #define X509_F_X509_STORE_CTX_init 129 -#define X509_F_NETSCAPE_SPKI_b64_decode 130 -#define X509_F_X509_NAME_print 131 -#define X509_F_x509_name_ex_d2i 132 -#define X509_F_X509_PKEY_new 133 -#define X509_F_X509_STORE_add_cert 134 -#define X509_F_parse_tagging 135 -#define X509_F_check_policy 136 -#define X509_F_ASN1_digest 137 -#define X509_F_X509_load_cert_file 138 -#define X509_F_X509_ATTRIBUTE_create_by_txt 139 -#define X509_F_X509_PUBKEY_set 140 -#define X509_F_X509_PUBKEY_get 141 -#define X509_F_get_cert_by_subject 142 -#define X509_F_X509_NAME_add_entry 143 +#define X509_F_X509_STORE_CTX_new 130 +#define X509_F_X509_STORE_CTX_purpose_inherit 131 +#define X509_F_X509_STORE_add_cert 132 +#define X509_F_X509_STORE_add_crl 133 +#define X509_F_X509_TRUST_add 134 +#define X509_F_X509_TRUST_set 135 +#define X509_F_X509_check_private_key 136 +#define X509_F_X509_get_pubkey_parameters 137 +#define X509_F_X509_load_cert_crl_file 138 +#define X509_F_X509_load_cert_file 139 +#define X509_F_X509_load_crl_file 140 +#define X509_F_X509_print_ex_fp 141 +#define X509_F_X509_to_X509_REQ 142 +#define X509_F_X509_verify_cert 143 #define X509_F_X509at_add1_attr 144 -#define X509_F_X509_check_private_key 145 -#define X509_F_append_exp 146 -#define X509_F_i2d_EC_PUBKEY 147 -#define X509_F_X509_INFO_new 148 -#define X509_F_X509_STORE_CTX_purpose_inherit 149 -#define X509_F_NETSCAPE_SPKI_b64_encode 150 -#define X509_F_X509_to_X509_REQ 151 -#define X509_F_X509_NAME_ENTRY_create_by_txt 152 -#define X509_F_X509_NAME_ENTRY_set_object 153 -#define X509_F_asn1_cb 154 -#define X509_F_X509_verify_cert 155 -#define X509_F_X509_CRL_diff 156 -#define X509_F_i2d_PrivateKey 157 -#define X509_F_X509_REQ_check_private_key 158 -#define X509_F_X509_STORE_add_crl 159 -#define X509_F_X509_get_pubkey_parameters 160 -#define X509_F_ASN1_item_verify 161 -#define X509_F_X509_ATTRIBUTE_create_by_OBJ 162 -#define X509_F_i2d_DSA_PUBKEY 163 -#define X509_F_X509_TRUST_add 164 -#define X509_F_X509_NAME_ENTRY_create_by_NID 165 -#define X509_F_PKCS7_get_CRLs 166 -#define X509_F_pkcs7_parse_header 167 -#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 100 -#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 101 -#define X509_R_METHOD_NOT_SUPPORTED 102 -#define X509_R_UNSUPPORTED_ALGORITHM 103 -#define X509_R_CRL_VERIFY_FAILURE 104 -#define X509_R_BASE64_DECODE_ERROR 105 -#define X509_R_INVALID_TRUST 106 -#define X509_R_UNKNOWN_NID 107 -#define X509_R_INVALID_DIRECTORY 108 -#define X509_R_KEY_VALUES_MISMATCH 109 -#define X509_R_CERT_ALREADY_IN_HASH_TABLE 110 -#define X509_R_PUBLIC_KEY_DECODE_ERROR 111 -#define X509_R_NOT_PKCS7_SIGNED_DATA 112 -#define X509_R_PUBLIC_KEY_ENCODE_ERROR 113 -#define X509_R_LOADING_CERT_DIR 114 -#define X509_R_WRONG_TYPE 115 -#define X509_R_UNKNOWN_PURPOSE_ID 116 -#define X509_R_NEWER_CRL_NOT_NEWER 117 -#define X509_R_UNKNOWN_TRUST_ID 118 -#define X509_R_KEY_TYPE_MISMATCH 120 -#define X509_R_UNKNOWN_KEY_TYPE 121 -#define X509_R_BAD_X509_FILETYPE 122 -#define X509_R_ISSUER_MISMATCH 123 -#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 124 -#define X509_R_WRONG_LOOKUP_TYPE 125 -#define X509_R_CONTEXT_NOT_INITIALISED 126 -#define X509_R_CANT_CHECK_DH_KEY 127 -#define X509_R_NO_CERTIFICATES_INCLUDED 128 -#define X509_R_INVALID_FIELD_NAME 129 -#define X509_R_SHOULD_RETRY 130 -#define X509_R_NO_CRL_NUMBER 131 -#define X509_R_IDP_MISMATCH 132 -#define X509_R_LOADING_DEFAULTS 133 -#define X509_R_BAD_PKCS7_VERSION 134 -#define X509_R_CRL_ALREADY_DELTA 135 -#define X509_R_ERR_ASN1_LIB 136 -#define X509_R_AKID_MISMATCH 137 -#define X509_R_INVALID_BIT_STRING_BITS_LEFT 138 -#define X509_R_NO_CRLS_INCLUDED 139 +#define X509_F_X509v3_add_ext 145 +#define X509_F_add_cert_dir 146 +#define X509_F_by_file_ctrl 147 +#define X509_F_check_policy 148 +#define X509_F_dir_ctrl 149 +#define X509_F_get_cert_by_subject 150 +#define X509_F_i2d_DSA_PUBKEY 151 +#define X509_F_i2d_EC_PUBKEY 152 +#define X509_F_i2d_RSA_PUBKEY 153 +#define X509_F_x509_name_encode 154 +#define X509_F_x509_name_ex_d2i 155 +#define X509_F_x509_name_ex_new 156 +#define X509_F_pkcs7_parse_header 157 +#define X509_F_PKCS7_get_CRLs 158 +#define X509_R_AKID_MISMATCH 100 +#define X509_R_BAD_PKCS7_VERSION 101 +#define X509_R_BAD_X509_FILETYPE 102 +#define X509_R_BASE64_DECODE_ERROR 103 +#define X509_R_CANT_CHECK_DH_KEY 104 +#define X509_R_CERT_ALREADY_IN_HASH_TABLE 105 +#define X509_R_CRL_ALREADY_DELTA 106 +#define X509_R_CRL_VERIFY_FAILURE 107 +#define X509_R_IDP_MISMATCH 108 +#define X509_R_INVALID_BIT_STRING_BITS_LEFT 109 +#define X509_R_INVALID_DIRECTORY 110 +#define X509_R_INVALID_FIELD_NAME 111 +#define X509_R_INVALID_TRUST 112 +#define X509_R_ISSUER_MISMATCH 113 +#define X509_R_KEY_TYPE_MISMATCH 114 +#define X509_R_KEY_VALUES_MISMATCH 115 +#define X509_R_LOADING_CERT_DIR 116 +#define X509_R_LOADING_DEFAULTS 117 +#define X509_R_METHOD_NOT_SUPPORTED 118 +#define X509_R_NEWER_CRL_NOT_NEWER 119 +#define X509_R_NOT_PKCS7_SIGNED_DATA 120 +#define X509_R_NO_CERTIFICATES_INCLUDED 121 +#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 122 +#define X509_R_NO_CRL_NUMBER 123 +#define X509_R_PUBLIC_KEY_DECODE_ERROR 124 +#define X509_R_PUBLIC_KEY_ENCODE_ERROR 125 +#define X509_R_SHOULD_RETRY 126 +#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 127 +#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 128 +#define X509_R_UNKNOWN_KEY_TYPE 129 +#define X509_R_UNKNOWN_NID 130 +#define X509_R_UNKNOWN_PURPOSE_ID 131 +#define X509_R_UNKNOWN_TRUST_ID 132 +#define X509_R_UNSUPPORTED_ALGORITHM 133 +#define X509_R_WRONG_LOOKUP_TYPE 134 +#define X509_R_WRONG_TYPE 135 +#define X509_R_NO_CRLS_INCLUDED 136 #endif diff --git a/src/include/openssl/x509_vfy.h b/src/include/openssl/x509_vfy.h index c65bfde..299cad7 100644 --- a/src/include/openssl/x509_vfy.h +++ b/src/include/openssl/x509_vfy.h @@ -202,7 +202,6 @@ struct x509_store_st STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup)(X509_STORE_CTX *ctx); - CRYPTO_EX_DATA ex_data; int references; } /* X509_STORE */; @@ -554,11 +553,15 @@ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const unsigned char *name, size_t namelen); + const char *name, size_t namelen); +OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, + size_t namelen); OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); +OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const unsigned char *email, size_t emaillen); + const char *email, size_t emaillen); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, size_t iplen); OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); diff --git a/src/include/openssl/x509v3.h b/src/include/openssl/x509v3.h index c891022..5caa5c1 100644 --- a/src/include/openssl/x509v3.h +++ b/src/include/openssl/x509v3.h @@ -607,14 +607,6 @@ OPENSSL_EXPORT int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *secti OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); -OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - int ext_nid, char *value); -OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *name, char *value); -OPENSSL_EXPORT int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509 *cert); -OPENSSL_EXPORT int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - char *section, X509_REQ *req); OPENSSL_EXPORT int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); @@ -623,7 +615,6 @@ OPENSSL_EXPORT int X509V3_add_value_bool_nf(char *name, int asn1_bool, OPENSSL_EXPORT int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); OPENSSL_EXPORT int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); -OPENSSL_EXPORT void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); OPENSSL_EXPORT char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); OPENSSL_EXPORT STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); @@ -713,9 +704,9 @@ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); */ #define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 -OPENSSL_EXPORT int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags); -OPENSSL_EXPORT int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, +OPENSSL_EXPORT int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +OPENSSL_EXPORT int X509_check_email(X509 *x, const char *chk, size_t chklen, unsigned int flags); OPENSSL_EXPORT int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags); @@ -740,131 +731,125 @@ void ERR_load_X509V3_strings(void); #ifdef __cplusplus } #endif -#define X509V3_F_do_ext_i2d 100 -#define X509V3_F_v2i_AUTHORITY_KEYID 101 -#define X509V3_F_X509V3_parse_list 102 -#define X509V3_F_SXNET_add_id_asc 103 +#define X509V3_F_SXNET_add_id_INTEGER 100 +#define X509V3_F_SXNET_add_id_asc 101 +#define X509V3_F_SXNET_add_id_ulong 102 +#define X509V3_F_SXNET_get_id_asc 103 #define X509V3_F_SXNET_get_id_ulong 104 -#define X509V3_F_v2i_AUTHORITY_INFO_ACCESS 105 -#define X509V3_F_X509V3_EXT_add 106 -#define X509V3_F_i2s_ASN1_INTEGER 107 -#define X509V3_F_s2i_ASN1_OCTET_STRING 108 -#define X509V3_F_copy_issuer 109 -#define X509V3_F_v2i_subject_alt 110 -#define X509V3_F_copy_email 111 -#define X509V3_F_X509V3_EXT_i2d 112 -#define X509V3_F_v2i_crld 113 -#define X509V3_F_policy_section 114 -#define X509V3_F_a2i_GENERAL_NAME 115 -#define X509V3_F_hex_to_string 116 -#define X509V3_F_i2s_ASN1_IA5STRING 117 -#define X509V3_F_string_to_hex 118 -#define X509V3_F_v3_generic_extension 119 -#define X509V3_F_X509V3_get_section 120 -#define X509V3_F_s2i_skey_id 121 -#define X509V3_F_nref_nos 122 -#define X509V3_F_X509V3_get_value_bool 123 -#define X509V3_F_v2i_NAME_CONSTRAINTS 124 -#define X509V3_F_v2i_POLICY_MAPPINGS 125 -#define X509V3_F_v2i_GENERAL_NAMES 126 -#define X509V3_F_do_dirname 127 -#define X509V3_F_v2i_ASN1_BIT_STRING 128 -#define X509V3_F_SXNET_add_id_ulong 129 -#define X509V3_F_X509V3_EXT_add_alias 130 -#define X509V3_F_X509V3_add1_i2d 131 -#define X509V3_F_r2i_pci 132 -#define X509V3_F_X509V3_get_string 133 -#define X509V3_F_gnames_from_sectname 134 -#define X509V3_F_r2i_certpol 135 -#define X509V3_F_X509V3_add_value 136 +#define X509V3_F_X509V3_EXT_add 105 +#define X509V3_F_X509V3_EXT_add_alias 106 +#define X509V3_F_X509V3_EXT_free 107 +#define X509V3_F_X509V3_EXT_i2d 108 +#define X509V3_F_X509V3_EXT_nconf 109 +#define X509V3_F_X509V3_add1_i2d 110 +#define X509V3_F_X509V3_add_value 111 +#define X509V3_F_X509V3_get_section 112 +#define X509V3_F_X509V3_get_string 113 +#define X509V3_F_X509V3_get_value_bool 114 +#define X509V3_F_X509V3_parse_list 115 +#define X509V3_F_X509_PURPOSE_add 116 +#define X509V3_F_X509_PURPOSE_set 117 +#define X509V3_F_a2i_GENERAL_NAME 118 +#define X509V3_F_copy_email 119 +#define X509V3_F_copy_issuer 120 +#define X509V3_F_do_dirname 121 +#define X509V3_F_do_ext_i2d 122 +#define X509V3_F_do_ext_nconf 123 +#define X509V3_F_gnames_from_sectname 124 +#define X509V3_F_hex_to_string 125 +#define X509V3_F_i2s_ASN1_ENUMERATED 126 +#define X509V3_F_i2s_ASN1_IA5STRING 127 +#define X509V3_F_i2s_ASN1_INTEGER 128 +#define X509V3_F_i2v_AUTHORITY_INFO_ACCESS 129 +#define X509V3_F_notice_section 130 +#define X509V3_F_nref_nos 131 +#define X509V3_F_policy_section 132 +#define X509V3_F_process_pci_value 133 +#define X509V3_F_r2i_certpol 134 +#define X509V3_F_r2i_pci 135 +#define X509V3_F_s2i_ASN1_IA5STRING 136 #define X509V3_F_s2i_ASN1_INTEGER 137 -#define X509V3_F_v2i_issuer_alt 138 -#define X509V3_F_v2i_GENERAL_NAME_ex 139 -#define X509V3_F_X509V3_EXT_nconf 140 -#define X509V3_F_v2i_BASIC_CONSTRAINTS 141 -#define X509V3_F_process_pci_value 142 -#define X509V3_F_notice_section 143 -#define X509V3_F_X509_PURPOSE_set 144 -#define X509V3_F_do_ext_nconf 145 -#define X509V3_F_i2s_ASN1_ENUMERATED 146 -#define X509V3_F_s2i_ASN1_IA5STRING 147 -#define X509V3_F_v2i_POLICY_CONSTRAINTS 148 -#define X509V3_F_v2i_EXTENDED_KEY_USAGE 149 -#define X509V3_F_SXNET_get_id_asc 150 -#define X509V3_F_set_dist_point_name 151 -#define X509V3_F_v2i_idp 152 -#define X509V3_F_X509_PURPOSE_add 153 -#define X509V3_F_SXNET_add_id_INTEGER 154 -#define X509V3_F_i2v_AUTHORITY_INFO_ACCESS 155 -#define X509V3_F_X509V3_EXT_free 156 -#define X509V3_R_INVALID_BOOLEAN_STRING 100 -#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 101 -#define X509V3_R_INVALID_NAME 102 -#define X509V3_R_OPERATION_NOT_DEFINED 103 -#define X509V3_R_POLICY_PATH_LENGTH 104 -#define X509V3_R_INVALID_PROXY_POLICY_SETTING 105 -#define X509V3_R_INVALID_ASRANGE 106 -#define X509V3_R_ERROR_CREATING_EXTENSION 107 -#define X509V3_R_ISSUER_DECODE_ERROR 108 -#define X509V3_R_OTHERNAME_ERROR 109 -#define X509V3_R_ILLEGAL_HEX_DIGIT 110 -#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 111 -#define X509V3_R_USER_TOO_LONG 112 -#define X509V3_R_INVALID_INHERITANCE 113 -#define X509V3_R_INVALID_SAFI 114 -#define X509V3_R_INVALID_NULL_VALUE 115 -#define X509V3_R_NO_SUBJECT_DETAILS 116 -#define X509V3_R_BAD_OBJECT 117 -#define X509V3_R_DIRNAME_ERROR 118 -#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 119 -#define X509V3_R_INVALID_EXTENSION_STRING 120 -#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 121 -#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 122 -#define X509V3_R_INVALID_OPTION 123 -#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 124 -#define X509V3_R_INVALID_POLICY_IDENTIFIER 125 -#define X509V3_R_INVALID_PURPOSE 126 -#define X509V3_R_UNKNOWN_EXTENSION 127 -#define X509V3_R_NO_ISSUER_CERTIFICATE 128 -#define X509V3_R_BN_DEC2BN_ERROR 129 -#define X509V3_R_EXPECTED_A_SECTION_NAME 130 -#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 131 -#define X509V3_R_MISSING_VALUE 132 -#define X509V3_R_SECTION_NOT_FOUND 133 -#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 134 -#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 135 -#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 136 -#define X509V3_R_NO_POLICY_IDENTIFIER 137 -#define X509V3_R_NO_ISSUER_DETAILS 138 +#define X509V3_F_s2i_ASN1_OCTET_STRING 138 +#define X509V3_F_s2i_skey_id 139 +#define X509V3_F_set_dist_point_name 140 +#define X509V3_F_string_to_hex 141 +#define X509V3_F_v2i_ASN1_BIT_STRING 142 +#define X509V3_F_v2i_AUTHORITY_INFO_ACCESS 143 +#define X509V3_F_v2i_AUTHORITY_KEYID 144 +#define X509V3_F_v2i_BASIC_CONSTRAINTS 145 +#define X509V3_F_v2i_EXTENDED_KEY_USAGE 146 +#define X509V3_F_v2i_GENERAL_NAMES 147 +#define X509V3_F_v2i_GENERAL_NAME_ex 148 +#define X509V3_F_v2i_NAME_CONSTRAINTS 149 +#define X509V3_F_v2i_POLICY_CONSTRAINTS 150 +#define X509V3_F_v2i_POLICY_MAPPINGS 151 +#define X509V3_F_v2i_crld 152 +#define X509V3_F_v2i_idp 153 +#define X509V3_F_v2i_issuer_alt 154 +#define X509V3_F_v2i_subject_alt 155 +#define X509V3_F_v3_generic_extension 156 +#define X509V3_R_BAD_IP_ADDRESS 100 +#define X509V3_R_BAD_OBJECT 101 +#define X509V3_R_BN_DEC2BN_ERROR 102 +#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 103 +#define X509V3_R_CANNOT_FIND_FREE_FUNCTION 104 +#define X509V3_R_DIRNAME_ERROR 105 +#define X509V3_R_DISTPOINT_ALREADY_SET 106 +#define X509V3_R_DUPLICATE_ZONE_ID 107 +#define X509V3_R_ERROR_CONVERTING_ZONE 108 +#define X509V3_R_ERROR_CREATING_EXTENSION 109 +#define X509V3_R_ERROR_IN_EXTENSION 110 +#define X509V3_R_EXPECTED_A_SECTION_NAME 111 +#define X509V3_R_EXTENSION_EXISTS 112 +#define X509V3_R_EXTENSION_NAME_ERROR 113 +#define X509V3_R_EXTENSION_NOT_FOUND 114 +#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 115 +#define X509V3_R_EXTENSION_VALUE_ERROR 116 +#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 117 +#define X509V3_R_ILLEGAL_HEX_DIGIT 118 +#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 119 +#define X509V3_R_INVALID_BOOLEAN_STRING 120 +#define X509V3_R_INVALID_EXTENSION_STRING 121 +#define X509V3_R_INVALID_MULTIPLE_RDNS 122 +#define X509V3_R_INVALID_NAME 123 +#define X509V3_R_INVALID_NULL_ARGUMENT 124 +#define X509V3_R_INVALID_NULL_NAME 125 +#define X509V3_R_INVALID_NULL_VALUE 126 +#define X509V3_R_INVALID_NUMBER 127 +#define X509V3_R_INVALID_NUMBERS 128 +#define X509V3_R_INVALID_OBJECT_IDENTIFIER 129 +#define X509V3_R_INVALID_OPTION 130 +#define X509V3_R_INVALID_POLICY_IDENTIFIER 131 +#define X509V3_R_INVALID_PROXY_POLICY_SETTING 132 +#define X509V3_R_INVALID_PURPOSE 133 +#define X509V3_R_INVALID_SECTION 134 +#define X509V3_R_INVALID_SYNTAX 135 +#define X509V3_R_ISSUER_DECODE_ERROR 136 +#define X509V3_R_MISSING_VALUE 137 +#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 138 #define X509V3_R_NO_CONFIG_DATABASE 139 -#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 140 -#define X509V3_R_INVALID_SECTION 141 -#define X509V3_R_INVALID_IPADDRESS 142 -#define X509V3_R_EXTENSION_VALUE_ERROR 143 -#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 144 -#define X509V3_R_INVALID_NULL_ARGUMENT 145 -#define X509V3_R_ERROR_IN_EXTENSION 146 -#define X509V3_R_INVALID_NULL_NAME 147 -#define X509V3_R_BAD_IP_ADDRESS 148 -#define X509V3_R_UNSUPPORTED_OPTION 149 -#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 150 -#define X509V3_R_EXTENSION_EXISTS 151 -#define X509V3_R_UNKNOWN_OPTION 152 -#define X509V3_R_ERROR_CONVERTING_ZONE 153 -#define X509V3_R_NO_PUBLIC_KEY 154 -#define X509V3_R_INVALID_MULTIPLE_RDNS 155 -#define X509V3_R_INVALID_SYNTAX 156 -#define X509V3_R_UNKNOWN_EXTENSION_NAME 157 -#define X509V3_R_ODD_NUMBER_OF_DIGITS 158 -#define X509V3_R_DISTPOINT_ALREADY_SET 159 -#define X509V3_R_UNSUPPORTED_TYPE 160 -#define X509V3_R_EXTENSION_NAME_ERROR 161 -#define X509V3_R_INVALID_NUMBERS 162 -#define X509V3_R_INVALID_NUMBER 163 -#define X509V3_R_INVALID_OBJECT_IDENTIFIER 164 -#define X509V3_R_DUPLICATE_ZONE_ID 165 -#define X509V3_R_EXTENSION_NOT_FOUND 166 -#define X509V3_R_INVALID_ASNUMBER 167 -#define X509V3_R_CANNOT_FIND_FREE_FUNCTION 168 +#define X509V3_R_NO_ISSUER_CERTIFICATE 140 +#define X509V3_R_NO_ISSUER_DETAILS 141 +#define X509V3_R_NO_POLICY_IDENTIFIER 142 +#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 143 +#define X509V3_R_NO_PUBLIC_KEY 144 +#define X509V3_R_NO_SUBJECT_DETAILS 145 +#define X509V3_R_ODD_NUMBER_OF_DIGITS 146 +#define X509V3_R_OPERATION_NOT_DEFINED 147 +#define X509V3_R_OTHERNAME_ERROR 148 +#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 149 +#define X509V3_R_POLICY_PATH_LENGTH 150 +#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 151 +#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 152 +#define X509V3_R_SECTION_NOT_FOUND 153 +#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 154 +#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 155 +#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 156 +#define X509V3_R_UNKNOWN_EXTENSION 157 +#define X509V3_R_UNKNOWN_EXTENSION_NAME 158 +#define X509V3_R_UNKNOWN_OPTION 159 +#define X509V3_R_UNSUPPORTED_OPTION 160 +#define X509V3_R_UNSUPPORTED_TYPE 161 +#define X509V3_R_USER_TOO_LONG 162 #endif |