diff options
| author | George Hazan <george.hazan@gmail.com> | 2016-03-18 16:56:24 +0000 |
|---|---|---|
| committer | George Hazan <george.hazan@gmail.com> | 2016-03-18 16:56:24 +0000 |
| commit | 6a6db513258224651c8e12c43545d368c7456bbc (patch) | |
| tree | 8af5da797e64907778db6738959fed3c30f618dd /include/openssl | |
| parent | f0efe2dabd75888cb31ea023f10ed930c2056307 (diff) | |
git-svn-id: http://svn.miranda-ng.org/main/trunk@16502 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c
Diffstat (limited to 'include/openssl')
78 files changed, 5568 insertions, 11104 deletions
diff --git a/include/openssl/aes.h b/include/openssl/aes.h index faa66c4914..8c36a4d64f 100644 --- a/include/openssl/aes.h +++ b/include/openssl/aes.h @@ -1,4 +1,3 @@ -/* crypto/aes/aes.h */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -92,11 +91,6 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, int AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); -int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); -int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); - void AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key); void AES_decrypt(const unsigned char *in, unsigned char *out, @@ -119,11 +113,6 @@ void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, int *num); -void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char ivec[AES_BLOCK_SIZE], - unsigned char ecount_buf[AES_BLOCK_SIZE], - unsigned int *num); /* NB: the IV is _two_ blocks long */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 68e791fcdb..360914d7d2 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -1,4 +1,3 @@ -/* crypto/asn1/asn1.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,16 +60,15 @@ # include <time.h> # include <openssl/e_os2.h> -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif +# include <openssl/opensslconf.h> +# include <openssl/bio.h> # include <openssl/stack.h> # include <openssl/safestack.h> # include <openssl/symhacks.h> # include <openssl/ossl_typ.h> -# ifndef OPENSSL_NO_DEPRECATED +# if OPENSSL_API_COMPAT < 0x10100000L # include <openssl/bn.h> # endif @@ -159,61 +157,7 @@ extern "C" { # define SMIME_CRLFEOL 0x800 # define SMIME_STREAM 0x1000 struct X509_algor_st; -DECLARE_STACK_OF(X509_ALGOR) - -# define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */ -# define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */ - -/* - * We MUST make sure that, except for constness, asn1_ctx_st and - * asn1_const_ctx are exactly the same. Fortunately, as soon as the old ASN1 - * parsing macros are gone, we can throw this away as well... - */ -typedef struct asn1_ctx_st { - unsigned char *p; /* work char pointer */ - int eos; /* end of sequence read for indefinite - * encoding */ - int error; /* error code to use when returning an error */ - int inf; /* constructed if 0x20, indefinite is 0x21 */ - int tag; /* tag from last 'get object' */ - int xclass; /* class from last 'get object' */ - long slen; /* length of last 'get object' */ - unsigned char *max; /* largest value of p allowed */ - unsigned char *q; /* temporary variable */ - unsigned char **pp; /* variable */ - int line; /* used in error processing */ -} ASN1_CTX; - -typedef struct asn1_const_ctx_st { - const unsigned char *p; /* work char pointer */ - int eos; /* end of sequence read for indefinite - * encoding */ - int error; /* error code to use when returning an error */ - int inf; /* constructed if 0x20, indefinite is 0x21 */ - int tag; /* tag from last 'get object' */ - int xclass; /* class from last 'get object' */ - long slen; /* length of last 'get object' */ - const unsigned char *max; /* largest value of p allowed */ - const unsigned char *q; /* temporary variable */ - const unsigned char **pp; /* variable */ - int line; /* used in error processing */ -} ASN1_const_CTX; - -/* - * These are used internally in the ASN1_OBJECT to keep track of whether the - * names and data need to be free()ed - */ -# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ -# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ -# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ -# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ -struct asn1_object_st { - const char *sn, *ln; - int nid; - int length; - const unsigned char *data; /* data remains const after init */ - int flags; /* Should we free this one */ -}; +DEFINE_STACK_OF(X509_ALGOR) # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ /* @@ -235,6 +179,8 @@ struct asn1_object_st { * type. */ # define ASN1_STRING_FLAG_MSTRING 0x040 +/* String is embedded and only content should be freed */ +# define ASN1_STRING_FLAG_EMBED 0x080 /* This is the base type that holds just about everything :-) */ struct asn1_string_st { int length; @@ -264,6 +210,13 @@ typedef struct ASN1_ENCODING_st { # define ASN1_LONG_UNDEF 0x7fffffffL # define STABLE_FLAGS_MALLOC 0x01 +/* + * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted + * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting + * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias + * STABLE_FLAGS_CLEAR to reflect this. + */ +# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC # define STABLE_NO_MASK 0x02 # define DIRSTRING_TYPE \ (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) @@ -277,7 +230,7 @@ typedef struct asn1_string_table_st { unsigned long flags; } ASN1_STRING_TABLE; -DECLARE_STACK_OF(ASN1_STRING_TABLE) +DEFINE_STACK_OF(ASN1_STRING_TABLE) /* size limits: this stuff is taken straight from RFC2459 */ @@ -516,10 +469,9 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); ASN1_STRFLGS_DUMP_UNKNOWN | \ ASN1_STRFLGS_DUMP_DER) -DECLARE_STACK_OF(ASN1_INTEGER) -DECLARE_ASN1_SET_OF(ASN1_INTEGER) +DEFINE_STACK_OF(ASN1_INTEGER) -DECLARE_STACK_OF(ASN1_GENERALSTRING) +DEFINE_STACK_OF(ASN1_GENERALSTRING) typedef struct asn1_type_st { int type; @@ -552,19 +504,13 @@ typedef struct asn1_type_st { } value; } ASN1_TYPE; -DECLARE_STACK_OF(ASN1_TYPE) -DECLARE_ASN1_SET_OF(ASN1_TYPE) +DEFINE_STACK_OF(ASN1_TYPE) typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) -typedef struct NETSCAPE_X509_st { - ASN1_OCTET_STRING *header; - X509 *cert; -} NETSCAPE_X509; - /* This is used to contain a list of bit names */ typedef struct BIT_STRING_BITNAME_st { int bitnum; @@ -572,50 +518,6 @@ typedef struct BIT_STRING_BITNAME_st { const char *sname; } BIT_STRING_BITNAME; -# define M_ASN1_STRING_length(x) ((x)->length) -# define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) -# define M_ASN1_STRING_type(x) ((x)->type) -# define M_ASN1_STRING_data(x) ((x)->data) - -/* Macros for string operations */ -# define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ - ASN1_STRING_type_new(V_ASN1_BIT_STRING) -# define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) -# define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (const ASN1_STRING *)a,(const ASN1_STRING *)b) -# define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) - -# define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ - ASN1_STRING_type_new(V_ASN1_INTEGER) -# define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) -# define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ - (const ASN1_STRING *)a,(const ASN1_STRING *)b) - -# define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ - ASN1_STRING_type_new(V_ASN1_ENUMERATED) -# define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) -# define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ - (const ASN1_STRING *)a,(const ASN1_STRING *)b) - -# define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ - ASN1_STRING_type_new(V_ASN1_OCTET_STRING) -# define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) -# define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (const ASN1_STRING *)a,(const ASN1_STRING *)b) -# define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) -# define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) -# define M_i2d_ASN1_OCTET_STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ - V_ASN1_UNIVERSAL) - # define B_ASN1_TIME \ B_ASN1_UTCTIME | \ B_ASN1_GENERALIZEDTIME @@ -645,134 +547,6 @@ typedef struct BIT_STRING_BITNAME_st { B_ASN1_BMPSTRING|\ B_ASN1_UTF8STRING -# define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) -# define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ - pp,a->type,V_ASN1_UNIVERSAL) -# define M_d2i_ASN1_PRINTABLE(a,pp,l) \ - d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ - B_ASN1_PRINTABLE) - -# define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -# define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ - pp,a->type,V_ASN1_UNIVERSAL) -# define M_d2i_DIRECTORYSTRING(a,pp,l) \ - d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ - B_ASN1_DIRECTORYSTRING) - -# define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -# define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ - pp,a->type,V_ASN1_UNIVERSAL) -# define M_d2i_DISPLAYTEXT(a,pp,l) \ - d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ - B_ASN1_DISPLAYTEXT) - -# define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ - ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -# define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ - V_ASN1_UNIVERSAL) -# define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ - (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) - -# define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ - ASN1_STRING_type_new(V_ASN1_T61STRING) -# define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_i2d_ASN1_T61STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ - V_ASN1_UNIVERSAL) -# define M_d2i_ASN1_T61STRING(a,pp,l) \ - (ASN1_T61STRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) - -# define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ - ASN1_STRING_type_new(V_ASN1_IA5STRING) -# define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_IA5STRING_dup(a) \ - (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) -# define M_i2d_ASN1_IA5STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ - V_ASN1_UNIVERSAL) -# define M_d2i_ASN1_IA5STRING(a,pp,l) \ - (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ - B_ASN1_IA5STRING) - -# define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ - ASN1_STRING_type_new(V_ASN1_UTCTIME) -# define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) - -# define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ - ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) -# define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ - (const ASN1_STRING *)a) - -# define M_ASN1_TIME_new() (ASN1_TIME *)\ - ASN1_STRING_type_new(V_ASN1_UTCTIME) -# define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_ASN1_TIME_dup(a) (ASN1_TIME *)\ - ASN1_STRING_dup((const ASN1_STRING *)a) - -# define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ - ASN1_STRING_type_new(V_ASN1_GENERALSTRING) -# define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_i2d_ASN1_GENERALSTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ - V_ASN1_UNIVERSAL) -# define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ - (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) - -# define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ - ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) -# define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ - V_ASN1_UNIVERSAL) -# define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ - (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) - -# define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ - ASN1_STRING_type_new(V_ASN1_BMPSTRING) -# define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_i2d_ASN1_BMPSTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ - V_ASN1_UNIVERSAL) -# define M_d2i_ASN1_BMPSTRING(a,pp,l) \ - (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) - -# define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ - ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -# define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_i2d_ASN1_VISIBLESTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ - V_ASN1_UNIVERSAL) -# define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ - (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) - -# define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ - ASN1_STRING_type_new(V_ASN1_UTF8STRING) -# define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -# define M_i2d_ASN1_UTF8STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ - V_ASN1_UNIVERSAL) -# define M_d2i_ASN1_UTF8STRING(a,pp,l) \ - (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) - - /* for the is_set parameter to i2d_ASN1_SET */ -# define IS_SEQUENCE 0 -# define IS_SET 1 - DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) int ASN1_TYPE_get(ASN1_TYPE *a); @@ -780,18 +554,18 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); +ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); +void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); + ASN1_OBJECT *ASN1_OBJECT_new(void); void ASN1_OBJECT_free(ASN1_OBJECT *a); int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp); -ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long length); ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long length); DECLARE_ASN1_ITEM(ASN1_OBJECT) -DECLARE_STACK_OF(ASN1_OBJECT) -DECLARE_ASN1_SET_OF(ASN1_OBJECT) +DEFINE_STACK_OF(ASN1_OBJECT) ASN1_STRING *ASN1_STRING_new(void); void ASN1_STRING_free(ASN1_STRING *a); @@ -812,30 +586,19 @@ int ASN1_STRING_type(ASN1_STRING *x); unsigned char *ASN1_STRING_data(ASN1_STRING *x); DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) -int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); -ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - const unsigned char **pp, long length); int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); -int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); -int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, - unsigned char *flags, int flags_len); +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, + const unsigned char *flags, int flags_len); -# ifndef OPENSSL_NO_BIO int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, BIT_STRING_BITNAME *tbl, int indent); -# endif int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, BIT_STRING_BITNAME *tbl); -int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); -int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length); - DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) -int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length); ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length); ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); @@ -849,9 +612,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec); int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); -# if 0 -time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); -# endif int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, @@ -896,20 +656,11 @@ DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, long offset_sec); -int ASN1_TIME_check(ASN1_TIME *t); +int ASN1_TIME_check(const ASN1_TIME *t); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); -int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, - i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); -STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, - const unsigned char **pp, - long length, d2i_of_void *d2i, - void (*free_func) (OPENSSL_BLOCK), - int ex_tag, int ex_class); - -# ifndef OPENSSL_NO_BIO int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); @@ -917,38 +668,36 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a); int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); -# endif int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a); int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, const char *sn, const char *ln); +int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); + int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); long ASN1_INTEGER_get(const ASN1_INTEGER *a); ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); +int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + + int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); -ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); -BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); /* General */ /* given a string, return the correct type, max is the maximum length */ int ASN1_PRINTABLE_type(const unsigned char *s, int max); -int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); -ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, - long length, int Ptag, int Pclass); unsigned long ASN1_tag2bit(int tag); -/* type is one or more of the B_ASN1_ values. */ -ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, - long length, int type); - -/* PARSING */ -int asn1_Finish(ASN1_CTX *c); -int asn1_const_Finish(ASN1_const_CTX *c); /* SPECIALS */ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, @@ -981,7 +730,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x); # define M_ASN1_free_of(x, type) \ ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); # define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ @@ -1009,7 +758,6 @@ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); -# ifndef OPENSSL_NO_BIO void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); # define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ @@ -1037,18 +785,16 @@ int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); +int ASN1_buf_print(BIO *bp, unsigned char *buf, size_t buflen, int off); int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf, int off); int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump); -# endif const char *ASN1_tag2str(int tag); /* Used to load and write netscape format cert */ -DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509) - int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); @@ -1058,20 +804,7 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data, int max_len); -STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, - d2i_of_void *d2i, - void (*free_func) (OPENSSL_BLOCK)); -unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, - unsigned char **buf, int *len); -void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); -ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, - ASN1_OCTET_STRING **oct); - -# define ASN1_pack_string_of(type,obj,i2d,oct) \ - (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \ - CHECKED_I2D_OF(type, i2d), \ - oct)) ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); @@ -1104,9 +837,11 @@ int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); void ASN1_add_oid_module(void); +void ASN1_add_stable_module(void); ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); +int ASN1_str2mask(const char *str, unsigned long *pmask); /* ASN1 Print flags */ @@ -1144,6 +879,14 @@ void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p); void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); +ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +void ASN1_SCTX_free(ASN1_SCTX *p); +const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); +const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); +unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p); +void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data); +void *ASN1_SCTX_get_app_data(ASN1_SCTX *p); + BIO_METHOD *BIO_f_asn1(void); BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); @@ -1192,7 +935,9 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 # define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 # define ASN1_F_ASN1_GENERATE_V3 178 +# define ASN1_F_ASN1_GET_INT64 224 # define ASN1_F_ASN1_GET_OBJECT 114 +# define ASN1_F_ASN1_GET_UINT64 225 # define ASN1_F_ASN1_HEADER_NEW 115 # define ASN1_F_ASN1_I2D_BIO 116 # define ASN1_F_ASN1_I2D_FP 117 @@ -1200,8 +945,8 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_INTEGER_TO_BN 119 # define ASN1_F_ASN1_ITEM_D2I_FP 206 # define ASN1_F_ASN1_ITEM_DUP 191 -# define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 -# define ASN1_F_ASN1_ITEM_EX_D2I 120 +# define ASN1_F_ASN1_ITEM_EMBED_D2I 120 +# define ASN1_F_ASN1_ITEM_EMBED_NEW 121 # define ASN1_F_ASN1_ITEM_I2D_BIO 192 # define ASN1_F_ASN1_ITEM_I2D_FP 193 # define ASN1_F_ASN1_ITEM_PACK 198 @@ -1215,12 +960,16 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_PACK_STRING 124 # define ASN1_F_ASN1_PCTX_NEW 205 # define ASN1_F_ASN1_PKCS5_PBE_SET 125 +# define ASN1_F_ASN1_SCTX_NEW 221 # define ASN1_F_ASN1_SEQ_PACK 126 # define ASN1_F_ASN1_SEQ_UNPACK 127 # define ASN1_F_ASN1_SIGN 128 # define ASN1_F_ASN1_STR2TYPE 179 +# define ASN1_F_ASN1_STRING_GET_INT64 227 +# define ASN1_F_ASN1_STRING_GET_UINT64 230 # define ASN1_F_ASN1_STRING_SET 186 # define ASN1_F_ASN1_STRING_TABLE_ADD 129 +# define ASN1_F_ASN1_STRING_TO_BN 228 # define ASN1_F_ASN1_STRING_TYPE_NEW 130 # define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 # define ASN1_F_ASN1_TEMPLATE_NEW 133 @@ -1239,9 +988,11 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_BITSTR_CB 180 # define ASN1_F_BN_TO_ASN1_ENUMERATED 138 # define ASN1_F_BN_TO_ASN1_INTEGER 139 +# define ASN1_F_BN_TO_ASN1_STRING 229 # define ASN1_F_C2I_ASN1_BIT_STRING 189 # define ASN1_F_C2I_ASN1_INTEGER 194 # define ASN1_F_C2I_ASN1_OBJECT 196 +# define ASN1_F_C2I_IBUF 226 # define ASN1_F_COLLECT_DATA 140 # define ASN1_F_D2I_ASN1_BIT_STRING 141 # define ASN1_F_D2I_ASN1_BOOLEAN 142 @@ -1259,11 +1010,10 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_D2I_NETSCAPE_RSA_2 153 # define ASN1_F_D2I_PRIVATEKEY 154 # define ASN1_F_D2I_PUBLICKEY 155 -# define ASN1_F_D2I_RSA_NET 200 -# define ASN1_F_D2I_RSA_NET_2 201 # define ASN1_F_D2I_X509 156 # define ASN1_F_D2I_X509_CINF 157 # define ASN1_F_D2I_X509_PKEY 159 +# define ASN1_F_DO_TCREATE 222 # define ASN1_F_I2D_ASN1_BIO_STREAM 211 # define ASN1_F_I2D_ASN1_SET 188 # define ASN1_F_I2D_ASN1_TIME 160 @@ -1271,17 +1021,19 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_I2D_EC_PUBKEY 181 # define ASN1_F_I2D_PRIVATEKEY 163 # define ASN1_F_I2D_PUBLICKEY 164 -# define ASN1_F_I2D_RSA_NET 162 # define ASN1_F_I2D_RSA_PUBKEY 165 # define ASN1_F_LONG_C2I 166 # define ASN1_F_OID_MODULE_INIT 174 # define ASN1_F_PARSE_TAGGING 182 # define ASN1_F_PKCS5_PBE2_SET_IV 167 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 # define ASN1_F_PKCS5_PBE_SET 202 # define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 # define ASN1_F_PKCS5_PBKDF2_SET 219 +# define ASN1_F_PKCS5_SCRYPT_SET 232 # define ASN1_F_SMIME_READ_ASN1 212 # define ASN1_F_SMIME_TEXT 213 +# define ASN1_F_STBL_MODULE_INIT 223 # define ASN1_F_X509_CINF_NEW 168 # define ASN1_F_X509_CRL_ADD0_REVOKED 169 # define ASN1_F_X509_INFO_NEW 170 @@ -1332,14 +1084,17 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_ILLEGAL_HEX 178 # define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 # define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 # define ASN1_R_ILLEGAL_NESTED_TAGGING 181 # define ASN1_R_ILLEGAL_NULL 125 # define ASN1_R_ILLEGAL_NULL_VALUE 182 # define ASN1_R_ILLEGAL_OBJECT 183 # define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 # define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_PADDING 221 # define ASN1_R_ILLEGAL_TAGGED_ANY 127 # define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 # define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 # define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 # define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 @@ -1349,10 +1104,13 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_INVALID_MODIFIER 186 # define ASN1_R_INVALID_NUMBER 187 # define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 # define ASN1_R_INVALID_SEPARATOR 131 +# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 # define ASN1_R_INVALID_TIME_FORMAT 132 # define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 # define ASN1_R_INVALID_UTF8STRING 134 +# define ASN1_R_INVALID_VALUE 219 # define ASN1_R_IV_TOO_LARGE 135 # define ASN1_R_LENGTH_ERROR 136 # define ASN1_R_LIST_ERROR 188 @@ -1390,9 +1148,11 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_TAG_VALUE_TOO_HIGH 153 # define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 # define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LARGE 223 # define ASN1_R_TOO_LONG 155 +# define ASN1_R_TOO_SMALL 224 # define ASN1_R_TYPE_NOT_CONSTRUCTED 156 -# define ASN1_R_TYPE_NOT_PRIMITIVE 218 +# define ASN1_R_TYPE_NOT_PRIMITIVE 195 # define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 # define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 # define ASN1_R_UNEXPECTED_EOC 159 @@ -1403,12 +1163,12 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 # define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 # define ASN1_R_UNKNOWN_TAG 194 -# define ASN1_R_UNKOWN_FORMAT 195 # define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 # define ASN1_R_UNSUPPORTED_CIPHER 165 # define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 # define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 # define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_INTEGER_TYPE 225 # define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 # define ASN1_R_WRONG_TAG 168 # define ASN1_R_WRONG_TYPE 169 diff --git a/include/openssl/asn1_mac.h b/include/openssl/asn1_mac.h index abc6dc35ca..97781d9933 100644 --- a/include/openssl/asn1_mac.h +++ b/include/openssl/asn1_mac.h @@ -1,579 +1 @@ -/* crypto/asn1/asn1_mac.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_ASN1_MAC_H -# define HEADER_ASN1_MAC_H - -# include <openssl/asn1.h> - -#ifdef __cplusplus -extern "C" { -#endif - -# ifndef ASN1_MAC_ERR_LIB -# define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 -# endif - -# define ASN1_MAC_H_err(f,r,line) \ - ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) - -# define M_ASN1_D2I_vars(a,type,func) \ - ASN1_const_CTX c; \ - type ret=NULL; \ - \ - c.pp=(const unsigned char **)pp; \ - c.q= *(const unsigned char **)pp; \ - c.error=ERR_R_NESTED_ASN1_ERROR; \ - if ((a == NULL) || ((*a) == NULL)) \ - { if ((ret=(type)func()) == NULL) \ - { c.line=__LINE__; goto err; } } \ - else ret=(*a); - -# define M_ASN1_D2I_Init() \ - c.p= *(const unsigned char **)pp; \ - c.max=(length == 0)?0:(c.p+length); - -# define M_ASN1_D2I_Finish_2(a) \ - if (!asn1_const_Finish(&c)) \ - { c.line=__LINE__; goto err; } \ - *(const unsigned char **)pp=c.p; \ - if (a != NULL) (*a)=ret; \ - return(ret); - -# define M_ASN1_D2I_Finish(a,func,e) \ - M_ASN1_D2I_Finish_2(a); \ -err:\ - ASN1_MAC_H_err((e),c.error,c.line); \ - asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ - if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ - return(NULL) - -# define M_ASN1_D2I_start_sequence() \ - if (!asn1_GetSequence(&c,&length)) \ - { c.line=__LINE__; goto err; } -/* Begin reading ASN1 without a surrounding sequence */ -# define M_ASN1_D2I_begin() \ - c.slen = length; - -/* End reading ASN1 with no check on length */ -# define M_ASN1_D2I_Finish_nolen(a, func, e) \ - *pp=c.p; \ - if (a != NULL) (*a)=ret; \ - return(ret); \ -err:\ - ASN1_MAC_H_err((e),c.error,c.line); \ - asn1_add_error(*pp,(int)(c.q- *pp)); \ - if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ - return(NULL) - -# define M_ASN1_D2I_end_sequence() \ - (((c.inf&1) == 0)?(c.slen <= 0): \ - (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) - -/* Don't use this with d2i_ASN1_BOOLEAN() */ -# define M_ASN1_D2I_get(b, func) \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -/* Don't use this with d2i_ASN1_BOOLEAN() */ -# define M_ASN1_D2I_get_x(type,b,func) \ - c.q=c.p; \ - if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -/* use this instead () */ -# define M_ASN1_D2I_get_int(b,func) \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) < 0) \ - {c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -# define M_ASN1_D2I_get_opt(b,func,type) \ - if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ - == (V_ASN1_UNIVERSAL|(type)))) \ - { \ - M_ASN1_D2I_get(b,func); \ - } - -# define M_ASN1_D2I_get_int_opt(b,func,type) \ - if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ - == (V_ASN1_UNIVERSAL|(type)))) \ - { \ - M_ASN1_D2I_get_int(b,func); \ - } - -# define M_ASN1_D2I_get_imp(b,func, type) \ - M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ - c.slen-=(c.p-c.q);\ - M_ASN1_next_prev=_tmp; - -# define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ - if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ - (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ - { \ - unsigned char _tmp = M_ASN1_next; \ - M_ASN1_D2I_get_imp(b,func, type);\ - } - -# define M_ASN1_D2I_get_set(r,func,free_func) \ - M_ASN1_D2I_get_imp_set(r,func,free_func, \ - V_ASN1_SET,V_ASN1_UNIVERSAL); - -# define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ - V_ASN1_SET,V_ASN1_UNIVERSAL); - -# define M_ASN1_D2I_get_set_opt(r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ - { M_ASN1_D2I_get_set(r,func,free_func); } - -# define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ - { M_ASN1_D2I_get_set_type(type,r,func,free_func); } - -# define M_ASN1_I2D_len_SET_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_len_SET(a,f); - -# define M_ASN1_I2D_put_SET_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SET(a,f); - -# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE(a,f); - -# define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE_type(type,a,f); - -# define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ - if ((c.slen != 0) && \ - (M_ASN1_next == \ - (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ - { \ - M_ASN1_D2I_get_imp_set(b,func,free_func,\ - tag,V_ASN1_CONTEXT_SPECIFIC); \ - } - -# define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ - if ((c.slen != 0) && \ - (M_ASN1_next == \ - (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ - { \ - M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ - tag,V_ASN1_CONTEXT_SPECIFIC); \ - } - -# define M_ASN1_D2I_get_seq(r,func,free_func) \ - M_ASN1_D2I_get_imp_set(r,func,free_func,\ - V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - -# define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ - V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) - -# define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ - { M_ASN1_D2I_get_seq(r,func,free_func); } - -# define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ - { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } - -# define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ - M_ASN1_D2I_get_imp_set(r,func,free_func,\ - x,V_ASN1_CONTEXT_SPECIFIC); - -# define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ - x,V_ASN1_CONTEXT_SPECIFIC); - -# define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ - (void (*)())free_func,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -# define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ - free_func,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -# define M_ASN1_D2I_get_set_strings(r,func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -# define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ - if ((c.slen != 0L) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (func(&(r),&c.p,Tlen) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ - { c.error=ERR_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -# define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ - if ((c.slen != 0) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ - (void (*)())free_func, \ - b,V_ASN1_UNIVERSAL) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_check_infinite_end(&c.p, Tlen)) \ - { c.error=ERR_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -# define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ - if ((c.slen != 0) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ - free_func,b,V_ASN1_UNIVERSAL) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_check_infinite_end(&c.p, Tlen)) \ - { c.error=ERR_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -/* New macros */ -# define M_ASN1_New_Malloc(ret,type) \ - if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ - { c.line=__LINE__; goto err2; } - -# define M_ASN1_New(arg,func) \ - if (((arg)=func()) == NULL) return(NULL) - -# define M_ASN1_New_Error(a) \ -/*- err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ - return(NULL);*/ \ - err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ - return(NULL) - -/* - * BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, some - * macros that use ASN1_const_CTX still insist on writing in the input - * stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. Please? -- - * Richard Levitte - */ -# define M_ASN1_next (*((unsigned char *)(c.p))) -# define M_ASN1_next_prev (*((unsigned char *)(c.q))) - -/*************************************************/ - -# define M_ASN1_I2D_vars(a) int r=0,ret=0; \ - unsigned char *p; \ - if (a == NULL) return(0) - -/* Length Macros */ -# define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) -# define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) - -# define M_ASN1_I2D_len_SET(a,f) \ - ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); - -# define M_ASN1_I2D_len_SET_type(type,a,f) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ - V_ASN1_UNIVERSAL,IS_SET); - -# define M_ASN1_I2D_len_SEQUENCE(a,f) \ - ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); - -# define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ - V_ASN1_UNIVERSAL,IS_SEQUENCE) - -# define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_len_SEQUENCE(a,f); - -# define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - M_ASN1_I2D_len_SEQUENCE_type(type,a,f); - -# define M_ASN1_I2D_len_IMP_SET(a,f,x) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -# define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -# define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); - -# define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -# define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -# define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -# define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -# define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ - if (a != NULL)\ - { \ - v=f(a,NULL); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -# define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0))\ - { \ - v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -# define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0))\ - { \ - v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -# define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_##type##_num(a) != 0))\ - { \ - v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ - V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -/* Put Macros */ -# define M_ASN1_I2D_put(a,f) f(a,&p) - -# define M_ASN1_I2D_put_IMP_opt(a,f,t) \ - if (a != NULL) \ - { \ - unsigned char *q=p; \ - f(a,&p); \ - *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ - } - -# define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ - V_ASN1_UNIVERSAL,IS_SET) -# define M_ASN1_I2D_put_SET_type(type,a,f) \ - i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET) -# define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ - V_ASN1_CONTEXT_SPECIFIC,IS_SET) -# define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ - i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET) -# define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ - V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) - -# define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ - V_ASN1_UNIVERSAL,IS_SEQUENCE) - -# define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ - i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE) - -# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE(a,f); - -# define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); } - -# define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); } - -# define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); } - -# define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); } - -# define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ - if (a != NULL) \ - { \ - ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ - f(a,&p); \ - } - -# define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ - } - -# define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ - } - -# define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - } - -# define M_ASN1_I2D_seq_total() \ - r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ - if (pp == NULL) return(r); \ - p= *pp; \ - ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) - -# define M_ASN1_I2D_INF_seq_start(tag,ctx) \ - *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ - *(p++)=0x80 - -# define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 - -# define M_ASN1_I2D_finish() *pp=p; \ - return(r); - -int asn1_GetSequence(ASN1_const_CTX *c, long *length); -void asn1_add_error(const unsigned char *address, int offset); -#ifdef __cplusplus -} -#endif - -#endif +../../crypto/asn1/asn1_mac.h
\ No newline at end of file diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index 99bc0eecf3..455efffbab 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h @@ -1,4 +1,3 @@ -/* asn1t.h */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project * 2000. @@ -84,7 +83,10 @@ extern "C" { # define ASN1_ITEM_start(itname) \ OPENSSL_GLOBAL const ASN1_ITEM itname##_it = { -# define ASN1_ITEM_end(itname) \ +# define static_ASN1_ITEM_start(itname) \ + static const ASN1_ITEM itname##_it = { + +# define ASN1_ITEM_end(itname) \ }; # else @@ -99,6 +101,9 @@ extern "C" { { \ static const ASN1_ITEM local_it = { +# define static_ASN1_ITEM_start(itname) \ + static ASN1_ITEM_start(itname) + # define ASN1_ITEM_end(itname) \ }; \ return &local_it; \ @@ -122,6 +127,17 @@ extern "C" { 0,\ #tname \ ASN1_ITEM_end(tname) +# define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) /* This is a ASN1 type which just embeds a template */ @@ -151,6 +167,8 @@ extern "C" { # define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) +# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + # define ASN1_SEQUENCE_END_name(stname, tname) \ ;\ ASN1_ITEM_start(tname) \ @@ -163,6 +181,18 @@ extern "C" { #stname \ ASN1_ITEM_end(tname) +# define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + # define ASN1_NDEF_SEQUENCE(tname) \ ASN1_SEQUENCE(tname) @@ -177,8 +207,8 @@ extern "C" { static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ ASN1_SEQUENCE(tname) -# define ASN1_SEQUENCE_ref(tname, cb, lck) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ +# define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \ ASN1_SEQUENCE(tname) # define ASN1_SEQUENCE_enc(tname, enc, cb) \ @@ -196,12 +226,26 @@ extern "C" { sizeof(tname),\ #tname \ ASN1_ITEM_end(tname) +# define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) # define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) +# define static_ASN1_BROKEN_SEQUENCE_END(stname) \ + static_ASN1_SEQUENCE_END_ref(stname, stname) # define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) # define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) # define ASN1_SEQUENCE_END_ref(stname, tname) \ ;\ @@ -214,6 +258,17 @@ extern "C" { sizeof(stname),\ #stname \ ASN1_ITEM_end(tname) +# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) # define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ ;\ @@ -259,8 +314,12 @@ extern "C" { # define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) +# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + # define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) +# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + # define ASN1_CHOICE_END_selector(stname, tname, selname) \ ;\ ASN1_ITEM_start(tname) \ @@ -273,6 +332,18 @@ extern "C" { #stname \ ASN1_ITEM_end(tname) +# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + # define ASN1_CHOICE_END_cb(stname, tname, selname) \ ;\ ASN1_ITEM_start(tname) \ @@ -299,11 +370,6 @@ extern "C" { (flags), (tag), offsetof(stname, field),\ #field, ASN1_ITEM_ref(type) } -/* used when the structure is combined with the parent */ - -# define ASN1_EX_COMBINE(flags, tag, type) { \ - (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) } - /* implicit and explicit helper macros */ # define ASN1_IMP_EX(stname, field, type, tag, ex) \ @@ -323,6 +389,8 @@ extern "C" { # endif /* Plain simple type */ # define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +/* Embedded simple type */ +# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) /* OPTIONAL simple type */ # define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) @@ -395,12 +463,12 @@ extern "C" { # ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION -# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ ;\ static const ASN1_ADB name##_adb = {\ flags,\ offsetof(name, field),\ - app_table,\ + adb_cb,\ name##_adbtbl,\ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ def,\ @@ -409,7 +477,7 @@ extern "C" { # else -# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ +# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ ;\ static const ASN1_ITEM *name##_adb(void) \ { \ @@ -417,7 +485,7 @@ extern "C" { {\ flags,\ offsetof(name, field),\ - app_table,\ + adb_cb,\ name##_adbtbl,\ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ def,\ @@ -461,7 +529,7 @@ typedef struct ASN1_ADB_st ASN1_ADB; struct ASN1_ADB_st { unsigned long flags; /* Various flags */ unsigned long offset; /* Offset of selector field */ - STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */ + int (*adb_cb)(long *psel); /* Application callback */ const ASN1_ADB_TABLE *tbl; /* Table of possible types */ long tblcount; /* Number of entries in tbl */ const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ @@ -543,21 +611,15 @@ struct ASN1_ADB_TABLE_st { # define ASN1_TFLG_ADB_INT (0x1<<9) /* - * This flag means a parent structure is passed instead of the field: this is - * useful is a SEQUENCE is being combined with a CHOICE for example. Since - * this means the structure and item name will differ we need to use the - * ASN1_CHOICE_END_name() macro for example. - */ - -# define ASN1_TFLG_COMBINE (0x1<<10) - -/* * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes * indefinite length constructed encoding to be used if required. */ # define ASN1_TFLG_NDEF (0x1<<11) +/* Field is embedded and not a pointer */ +# define ASN1_TFLG_EMBED (0x1 << 12) + /* This is the actual ASN1 item itself */ struct ASN1_ITEM_st { @@ -597,10 +659,6 @@ struct ASN1_ITEM_st { * The 'funcs' field is used for application * specific functions. * - * For COMPAT types the funcs field gives a - * set of functions that handle this type, this - * supports the old d2i, i2d convention. - * * The EXTERN type uses a new style d2i/i2d. * The new style should be used where possible * because it avoids things like the d2i IMPLICIT @@ -625,8 +683,6 @@ struct ASN1_ITEM_st { # define ASN1_ITYPE_CHOICE 0x2 -# define ASN1_ITYPE_COMPAT 0x3 - # define ASN1_ITYPE_EXTERN 0x4 # define ASN1_ITYPE_MSTRING 0x5 @@ -677,13 +733,6 @@ typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); -typedef struct ASN1_COMPAT_FUNCS_st { - ASN1_new_func *asn1_new; - ASN1_free_func *asn1_free; - ASN1_d2i_func *asn1_d2i; - ASN1_i2d_func *asn1_i2d; -} ASN1_COMPAT_FUNCS; - typedef struct ASN1_EXTERN_FUNCS_st { void *app_data; ASN1_ex_new_func *asn1_ex_new; @@ -786,27 +835,6 @@ typedef struct ASN1_STREAM_ARG_st { ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ ASN1_ITEM_end(itname) -/* Macro to implement an ASN1_ITEM in terms of old style funcs */ - -# define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE) - -# define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \ - static const ASN1_COMPAT_FUNCS sname##_ff = { \ - (ASN1_new_func *)sname##_new, \ - (ASN1_free_func *)sname##_free, \ - (ASN1_d2i_func *)d2i_##sname, \ - (ASN1_i2d_func *)i2d_##sname, \ - }; \ - ASN1_ITEM_start(sname) \ - ASN1_ITYPE_COMPAT, \ - tag, \ - NULL, \ - 0, \ - &sname##_ff, \ - 0, \ - #sname \ - ASN1_ITEM_end(sname) - # define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ ASN1_ITEM_start(sname) \ ASN1_ITYPE_EXTERN, \ @@ -873,6 +901,19 @@ typedef struct ASN1_STREAM_ARG_st { return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ } +# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ + static stname *d2i_##stname(stname **a, \ + const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(stname)); \ + } \ + static int i2d_##stname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, \ + ASN1_ITEM_rptr(stname)); \ + } + /* * This includes evil casts to remove const: they will go away when full ASN1 * constification is done. @@ -922,50 +963,19 @@ DECLARE_ASN1_ITEM(BIGNUM) DECLARE_ASN1_ITEM(LONG) DECLARE_ASN1_ITEM(ZLONG) -DECLARE_STACK_OF(ASN1_VALUE) +DEFINE_STACK_OF(ASN1_VALUE) /* Functions used internally by the ASN1 code */ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); -void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_TEMPLATE *tt); int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx); int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); -int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, - const ASN1_TEMPLATE *tt); -void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); - -int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it); -int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it); - -int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_set_choice_selector(ASN1_VALUE **pval, int value, - const ASN1_ITEM *it); - -ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - -const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, - int nullerr); - -int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); - -void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); -void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, - const ASN1_ITEM *it); -int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, - const ASN1_ITEM *it); #ifdef __cplusplus } diff --git a/include/openssl/async.h b/include/openssl/async.h new file mode 100644 index 0000000000..635855f258 --- /dev/null +++ b/include/openssl/async.h @@ -0,0 +1,138 @@ +/* + * Written by Matt Caswell (matt@openssl.org) for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include <stdlib.h> + +#ifndef HEADER_ASYNC_H +# define HEADER_ASYNC_H + +#if defined(_WIN32) +#include <windows.h> +#define OSSL_ASYNC_FD HANDLE +#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +#else +#define OSSL_ASYNC_FD int +#define OSSL_BAD_ASYNC_FD -1 +#endif + + +# ifdef __cplusplus +extern "C" { +# endif + +typedef struct async_job_st ASYNC_JOB; +typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; + +#define ASYNC_ERR 0 +#define ASYNC_NO_JOBS 1 +#define ASYNC_PAUSE 2 +#define ASYNC_FINISH 3 + +int ASYNC_init_thread(size_t max_size, size_t init_size); +void ASYNC_cleanup_thread(void); + +ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD fd, + void *custom_data, + void (*cleanup)(ASYNC_WAIT_CTX *, const void *, + OSSL_ASYNC_FD, void *)); +int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD *fd, void **custom_data); +int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, + size_t *numfds); +int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); + +int ASYNC_is_capable(void); + +int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, + int (*func)(void *), void *args, size_t size); +int ASYNC_pause_job(void); + +ASYNC_JOB *ASYNC_get_current_job(void); +ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +void ASYNC_block_pause(void); +void ASYNC_unblock_pause(void); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ASYNC_strings(void); + +/* Error codes for the ASYNC functions. */ + +/* Function codes. */ +# define ASYNC_F_ASYNC_CTX_NEW 100 +# define ASYNC_F_ASYNC_INIT_THREAD 101 +# define ASYNC_F_ASYNC_JOB_NEW 102 +# define ASYNC_F_ASYNC_PAUSE_JOB 103 +# define ASYNC_F_ASYNC_START_FUNC 104 +# define ASYNC_F_ASYNC_START_JOB 105 + +/* Reason codes. */ +# define ASYNC_R_CANNOT_CREATE_WAIT_PIPE 100 +# define ASYNC_R_FAILED_TO_SET_POOL 101 +# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +# define ASYNC_R_INIT_FAILED 105 +# define ASYNC_R_INVALID_POOL_SIZE 103 +# define ASYNC_R_POOL_ALREADY_INITED 104 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 6e2293bc66..06e1cbf792 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -1,4 +1,3 @@ -/* crypto/bio/bio.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,7 +60,7 @@ # include <openssl/e_os2.h> -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO # include <stdio.h> # endif # include <stdarg.h> @@ -95,8 +94,8 @@ extern "C" { # define BIO_TYPE_BASE64 (11|0x0200)/* filter */ # define BIO_TYPE_CONNECT (12|0x0400|0x0100)/* socket - connect */ # define BIO_TYPE_ACCEPT (13|0x0400|0x0100)/* socket for accept */ -# define BIO_TYPE_PROXY_CLIENT (14|0x0200)/* client proxy BIO */ -# define BIO_TYPE_PROXY_SERVER (15|0x0200)/* server proxy BIO */ +/* # define BIO_TYPE_PROXY_CLIENT (14|0x0200)*/ /* client proxy BIO */ +/* # define BIO_TYPE_PROXY_SERVER (15|0x0200)*/ /* server proxy BIO */ # define BIO_TYPE_NBIO_TEST (16|0x0200)/* server proxy BIO */ # define BIO_TYPE_NULL_FILTER (17|0x0200) # define BIO_TYPE_BER (18|0x0200)/* BER -> bin filter */ @@ -178,6 +177,8 @@ extern "C" { # define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 +# define BIO_CTRL_DGRAM_SET_PEEK_MODE 50 + # ifndef OPENSSL_NO_SCTP /* SCTP stuff */ # define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 @@ -212,21 +213,6 @@ extern "C" { # define BIO_FLAGS_UPLINK 0 # endif -/* Used in BIO_gethostbyname() */ -# define BIO_GHBN_CTRL_HITS 1 -# define BIO_GHBN_CTRL_MISSES 2 -# define BIO_GHBN_CTRL_CACHE_SIZE 3 -# define BIO_GHBN_CTRL_GET_ENTRY 4 -# define BIO_GHBN_CTRL_FLUSH 5 - -/* Mostly used in the SSL BIO */ -/*- - * Not used anymore - * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 - * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 - * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 - */ - # define BIO_FLAGS_BASE64_NO_NL 0x100 /* @@ -235,7 +221,8 @@ extern "C" { */ # define BIO_FLAGS_MEM_RDONLY 0x200 -typedef struct bio_st BIO; +typedef union bio_addr_st BIO_ADDR; +typedef struct bio_addrinfo_st BIO_ADDRINFO; void BIO_set_flags(BIO *b, int flags); int BIO_test_flags(const BIO *b, int flags); @@ -336,12 +323,13 @@ struct bio_st { struct bio_st *next_bio; /* used by filter BIOs */ struct bio_st *prev_bio; /* used by filter BIOs */ int references; - unsigned long num_read; - unsigned long num_write; + uint64_t num_read; + uint64_t num_write; CRYPTO_EX_DATA ex_data; + CRYPTO_RWLOCK *lock; }; -DECLARE_STACK_OF(BIO) +DEFINE_STACK_OF(BIO) typedef struct bio_f_buffer_ctx_struct { /*- @@ -395,15 +383,6 @@ struct bio_dgram_sctp_prinfo { }; # endif -/* connect BIO stuff */ -# define BIO_CONN_S_BEFORE 1 -# define BIO_CONN_S_GET_IP 2 -# define BIO_CONN_S_GET_PORT 3 -# define BIO_CONN_S_CREATE_SOCKET 4 -# define BIO_CONN_S_CONNECT 5 -# define BIO_CONN_S_OK 6 -# define BIO_CONN_S_BLOCKED_CONNECT 7 -# define BIO_CONN_S_NBIO 8 /* * #define BIO_CONN_get_param_hostname BIO_ctrl */ @@ -411,7 +390,7 @@ struct bio_dgram_sctp_prinfo { # define BIO_C_SET_CONNECT 100 # define BIO_C_DO_STATE_MACHINE 101 # define BIO_C_SET_NBIO 102 -# define BIO_C_SET_PROXY_PARAM 103 +/* # define BIO_C_SET_PROXY_PARAM 103 */ # define BIO_C_SET_FD 104 # define BIO_C_GET_FD 105 # define BIO_C_SET_FILE_PTR 106 @@ -429,7 +408,7 @@ struct bio_dgram_sctp_prinfo { # define BIO_C_SET_ACCEPT 118 # define BIO_C_SSL_MODE 119 # define BIO_C_GET_MD_CTX 120 -# define BIO_C_GET_PROXY_PARAM 121 +/* # define BIO_C_GET_PROXY_PARAM 121 */ # define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ # define BIO_C_GET_CONNECT 123 # define BIO_C_GET_ACCEPT 124 @@ -468,54 +447,55 @@ struct bio_dgram_sctp_prinfo { # define BIO_C_SET_EX_ARG 153 # define BIO_C_GET_EX_ARG 154 +# define BIO_C_SET_CONNECT_MODE 155 + # define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) # define BIO_get_app_data(s) BIO_get_ex_data(s,0) -/* BIO_s_connect() and BIO_s_socks4a_connect() */ +/* IP families we support, for BIO_s_connect() and BIO_s_accept() */ +/* Note: the underlying operating system may not support some of them */ +# define BIO_FAMILY_IPV4 4 +# define BIO_FAMILY_IPV6 6 +# define BIO_FAMILY_IPANY 256 + +/* BIO_s_connect() */ # define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) -# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) -# define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) -# define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) -# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) -# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) -# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL) +# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) +# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr) +# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) +# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0,NULL)) +# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1,NULL)) +# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2,NULL)) +# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) -# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) /* BIO_s_accept() */ -# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) -# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) +# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) +# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(char *)port) +# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) +# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) +# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) +# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ -# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) -# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) +# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) +# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3,(char *)bio) +# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) +# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) +/* Aliases kept for backward compatibility */ # define BIO_BIND_NORMAL 0 -# define BIO_BIND_REUSEADDR_IF_UNUSED 1 -# define BIO_BIND_REUSEADDR 2 +# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) -# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) /* BIO_s_accept() and BIO_s_connect() */ # define BIO_do_connect(b) BIO_do_handshake(b) # define BIO_do_accept(b) BIO_do_handshake(b) # define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) -/* BIO_s_proxy_client() */ -# define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) -# define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) -/* BIO_set_nbio(b,n) */ -# define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) -/* BIO *BIO_get_filter_bio(BIO *bio); */ -# define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) -# define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) -# define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) - -# define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) -# define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) -# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) -# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) - /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ # define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) # define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) @@ -617,8 +597,8 @@ int BIO_ctrl_reset_read_request(BIO *b); /* ctrl macros for dgram */ # define BIO_ctrl_dgram_connect(b,peer) \ (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) -# define BIO_ctrl_set_connected(b, state, peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) +# define BIO_ctrl_set_connected(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)peer) # define BIO_dgram_recv_timedout(b) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) # define BIO_dgram_send_timedout(b) \ @@ -630,15 +610,12 @@ int BIO_ctrl_reset_read_request(BIO *b); # define BIO_dgram_get_mtu_overhead(b) \ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) -/* These two aren't currently implemented */ -/* int BIO_get_ex_num(BIO *bio); */ -/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ +#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) int BIO_set_ex_data(BIO *bio, int idx, void *data); void *BIO_get_ex_data(BIO *bio, int idx); -int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -unsigned long BIO_number_read(BIO *bio); -unsigned long BIO_number_written(BIO *bio); +uint64_t BIO_number_read(BIO *bio); +uint64_t BIO_number_written(BIO *bio); /* For BIO_f_asn1() */ int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, @@ -650,16 +627,16 @@ int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, asn1_ps_func **psuffix_free); -# ifndef OPENSSL_NO_FP_API BIO_METHOD *BIO_s_file(void); BIO *BIO_new_file(const char *filename, const char *mode); +# ifndef OPENSSL_NO_STDIO BIO *BIO_new_fp(FILE *stream, int close_flag); -# define BIO_s_file_internal BIO_s_file # endif BIO *BIO_new(BIO_METHOD *type); int BIO_set(BIO *a, BIO_METHOD *type); int BIO_free(BIO *a); void BIO_vfree(BIO *a); +int BIO_up_ref(BIO *a); int BIO_read(BIO *b, void *data, int len); int BIO_gets(BIO *bp, char *buf, int size); int BIO_write(BIO *b, const void *data, int len); @@ -669,7 +646,7 @@ long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); long BIO_callback_ctrl(BIO *b, int cmd, void (*fp) (struct bio_st *, int, const char *, int, long, long)); -char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); BIO *BIO_push(BIO *b, BIO *append); BIO *BIO_pop(BIO *b); @@ -689,14 +666,13 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); BIO_METHOD *BIO_s_mem(void); -BIO *BIO_new_mem_buf(void *buf, int len); +BIO_METHOD *BIO_s_secmem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); BIO_METHOD *BIO_s_socket(void); BIO_METHOD *BIO_s_connect(void); BIO_METHOD *BIO_s_accept(void); BIO_METHOD *BIO_s_fd(void); -# ifndef OPENSSL_SYS_OS2 BIO_METHOD *BIO_s_log(void); -# endif BIO_METHOD *BIO_s_bio(void); BIO_METHOD *BIO_s_null(void); BIO_METHOD *BIO_f_null(void); @@ -726,34 +702,77 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), void *u, const char *s, int len, int indent); int BIO_dump(BIO *b, const char *bytes, int len); int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO int BIO_dump_fp(FILE *fp, const char *s, int len); int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); # endif int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, int datalen); -struct hostent *BIO_gethostbyname(const char *name); -/*- - * We might want a thread-safe interface too: - * struct hostent *BIO_gethostbyname_r(const char *name, - * struct hostent *result, void *buffer, size_t buflen); - * or something similar (caller allocates a struct hostent, - * pointed to by "result", and additional buffer space for the various - * substructures; if the buffer does not suffice, NULL is returned - * and an appropriate error code is set). - */ +BIO_ADDR *BIO_ADDR_new(void); +int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, + const void *where, size_t wherelen, unsigned short port); +void BIO_ADDR_free(BIO_ADDR *); +void BIO_ADDR_clear(BIO_ADDR *ap); +int BIO_ADDR_family(const BIO_ADDR *ap); +int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +char *BIO_ADDR_path_string(const BIO_ADDR *ap); + +const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); + +enum BIO_hostserv_priorities { + BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +}; +int BIO_parse_hostserv(const char *hostserv, char **host, char **service, + enum BIO_hostserv_priorities hostserv_prio); +enum BIO_lookup_type { + BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +}; +int BIO_lookup(const char *host, const char *service, + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res); int BIO_sock_error(int sock); int BIO_socket_ioctl(int fd, long type, void *arg); int BIO_socket_nbio(int fd, int mode); -int BIO_get_port(const char *str, unsigned short *port_ptr); -int BIO_get_host_ip(const char *str, unsigned char *ip); -int BIO_get_accept_socket(char *host_port, int mode); -int BIO_accept(int sock, char **ip_port); int BIO_sock_init(void); void BIO_sock_cleanup(void); int BIO_set_tcp_ndelay(int sock, int turn_on); +DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) +DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) +DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip)) +DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode)) +DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port)) + +union BIO_sock_info_u { + BIO_ADDR *addr; +}; +enum BIO_sock_info_type { + BIO_SOCK_INFO_ADDRESS +}; +int BIO_sock_info(int sock, + enum BIO_sock_info_type type, union BIO_sock_info_u *info); + +# define BIO_SOCK_REUSEADDR 0x01 +# define BIO_SOCK_V6_ONLY 0x02 +# define BIO_SOCK_KEEPALIVE 0x04 +# define BIO_SOCK_NONBLOCK 0x08 +# define BIO_SOCK_NODELAY 0x10 + +int BIO_socket(int domain, int socktype, int protocol, int options); +int BIO_connect(int sock, const BIO_ADDR *addr, int options); +int BIO_listen(int sock, const BIO_ADDR *addr, int options); +int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); +int BIO_closesocket(int sock); + BIO *BIO_new_socket(int sock, int close_flag); BIO *BIO_new_dgram(int fd, int close_flag); # ifndef OPENSSL_NO_SCTP @@ -812,15 +831,20 @@ void ERR_load_BIO_strings(void); /* Function codes. */ # define BIO_F_ACPT_STATE 100 +# define BIO_F_ADDR_STRINGS 134 # define BIO_F_BIO_ACCEPT 101 +# define BIO_F_BIO_ACCEPT_EX 137 # define BIO_F_BIO_BER_GET_HEADER 102 # define BIO_F_BIO_CALLBACK_CTRL 131 +# define BIO_F_BIO_CONNECT 138 # define BIO_F_BIO_CTRL 103 # define BIO_F_BIO_GETHOSTBYNAME 120 # define BIO_F_BIO_GETS 104 # define BIO_F_BIO_GET_ACCEPT_SOCKET 105 # define BIO_F_BIO_GET_HOST_IP 106 # define BIO_F_BIO_GET_PORT 107 +# define BIO_F_BIO_LISTEN 139 +# define BIO_F_BIO_LOOKUP 135 # define BIO_F_BIO_MAKE_PAIR 121 # define BIO_F_BIO_NEW 108 # define BIO_F_BIO_NEW_FILE 109 @@ -829,8 +853,12 @@ void ERR_load_BIO_strings(void); # define BIO_F_BIO_NREAD0 124 # define BIO_F_BIO_NWRITE 125 # define BIO_F_BIO_NWRITE0 122 +# define BIO_F_BIO_PARSE_HOSTSERV 136 # define BIO_F_BIO_PUTS 110 # define BIO_F_BIO_READ 111 +# define BIO_F_BIO_SOCKET 140 +# define BIO_F_BIO_SOCKET_NBIO 142 +# define BIO_F_BIO_SOCK_INFO 141 # define BIO_F_BIO_SOCK_INIT 112 # define BIO_F_BIO_WRITE 113 # define BIO_F_BUFFER_CTRL 114 @@ -848,6 +876,8 @@ void ERR_load_BIO_strings(void); /* Reason codes. */ # define BIO_R_ACCEPT_ERROR 100 +# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 # define BIO_R_BAD_FOPEN_MODE 101 # define BIO_R_BAD_HOSTNAME_LOOKUP 102 # define BIO_R_BROKEN_PIPE 124 @@ -857,23 +887,39 @@ void ERR_load_BIO_strings(void); # define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 # define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 # define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +# define BIO_R_GETSOCKNAME_ERROR 132 +# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +# define BIO_R_GETTING_SOCKTYPE 134 # define BIO_R_INVALID_ARGUMENT 125 # define BIO_R_INVALID_IP_ADDRESS 108 +# define BIO_R_INVALID_SOCKET 135 # define BIO_R_IN_USE 123 # define BIO_R_KEEPALIVE 109 +# define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOOKUP_RETURNED_NOTHING 142 +# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 # define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 # define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 +# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 # define BIO_R_NO_HOSTNAME_SPECIFIED 112 # define BIO_R_NO_PORT_DEFINED 113 -# define BIO_R_NO_PORT_SPECIFIED 114 +# define BIO_R_NO_SERVICE_SPECIFIED 114 # define BIO_R_NO_SUCH_FILE 128 # define BIO_R_NULL_PARAMETER 115 # define BIO_R_TAG_MISMATCH 116 # define BIO_R_UNABLE_TO_BIND_SOCKET 117 # define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +# define BIO_R_UNABLE_TO_KEEPALIVE 137 # define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +# define BIO_R_UNABLE_TO_NODELAY 138 +# define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNAVAILABLE_IP_FAMILY 145 # define BIO_R_UNINITIALIZED 120 +# define BIO_R_UNKNOWN_INFO_TYPE 140 +# define BIO_R_UNSUPPORTED_IP_FAMILY 146 # define BIO_R_UNSUPPORTED_METHOD 121 +# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 # define BIO_R_WRITE_TO_READ_ONLY_BIO 126 # define BIO_R_WSASTARTUP 122 diff --git a/include/openssl/blowfish.h b/include/openssl/blowfish.h index 832930272c..ee4afa542d 100644 --- a/include/openssl/blowfish.h +++ b/include/openssl/blowfish.h @@ -1,4 +1,3 @@ -/* crypto/bf/blowfish.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,26 +73,10 @@ extern "C" { /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! BF_LONG_LOG2 has to be defined along. ! + * ! BF_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ - -# if defined(__LP32__) -# define BF_LONG unsigned long -# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -# define BF_LONG unsigned long -# define BF_LONG_LOG2 3 -/* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... - * <appro@fy.chalmers.se> - */ -# else -# define BF_LONG unsigned int -# endif +# define BF_LONG unsigned int # define BF_ROUNDS 16 # define BF_BLOCK 8 @@ -103,9 +86,6 @@ typedef struct bf_key_st { BF_LONG S[4 * 256]; } BF_KEY; -# ifdef OPENSSL_FIPS -void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); -# endif void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data, const BF_KEY *key); diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 5696965e9a..8d2d5a8be0 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -1,4 +1,3 @@ -/* crypto/bn/bn.h */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -126,9 +125,10 @@ # define HEADER_BN_H # include <openssl/e_os2.h> -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO # include <stdio.h> /* FILE */ # endif +# include <openssl/opensslconf.h> # include <openssl/ossl_typ.h> # include <openssl/crypto.h> @@ -137,126 +137,29 @@ extern "C" { #endif /* - * These preprocessor symbols control various aspects of the bignum headers - * and library code. They're not defined by any "normal" configuration, as - * they are intended for development and testing purposes. NB: defining all - * three can be useful for debugging application code as well as openssl - * itself. BN_DEBUG - turn on various debugging alterations to the bignum - * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up - * mismanagement of bignum internals. You must also define BN_DEBUG. - */ -/* #define BN_DEBUG */ -/* #define BN_DEBUG_RAND */ - -# ifndef OPENSSL_SMALL_FOOTPRINT -# define BN_MUL_COMBA -# define BN_SQR_COMBA -# define BN_RECURSION -# endif - -/* - * This next option uses the C libraries (2 word)/(1 word) function. If it is - * not defined, I use my C version (which is slower). The reason for this - * flag is that when the particular C compiler library routine is used, and - * the library is linked with a different compiler, the library is missing. - * This mostly happens when the library is built with gcc and then linked - * using normal cc. This would be a common occurrence because gcc normally - * produces code that is 2 times faster than system compilers for the big - * number stuff. For machines with only one compiler (or shared libraries), - * this should be on. Again this in only really a problem on machines using - * "long long's", are 32bit, and are not using my assembler code. - */ -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ - defined(OPENSSL_SYS_WIN32) || defined(linux) -# ifndef BN_DIV2W -# define BN_DIV2W -# endif -# endif - -/* - * assuming long is 64bit - this is the DEC Alpha unsigned long long is only - * 64 bits :-(, don't define BN_LLONG for the DEC Alpha + * 64-bit processor with LP64 ABI */ # ifdef SIXTY_FOUR_BIT_LONG -# define BN_ULLONG unsigned long long # define BN_ULONG unsigned long -# define BN_LONG long -# define BN_BITS 128 # define BN_BYTES 8 -# define BN_BITS2 64 -# define BN_BITS4 32 -# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) -# define BN_MASK2 (0xffffffffffffffffL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000L) -# define BN_MASK2h1 (0xffffffff80000000L) -# define BN_TBIT (0x8000000000000000L) -# define BN_DEC_CONV (10000000000000000000UL) -# define BN_DEC_FMT1 "%lu" -# define BN_DEC_FMT2 "%019lu" -# define BN_DEC_NUM 19 -# define BN_HEX_FMT1 "%lX" -# define BN_HEX_FMT2 "%016lX" # endif /* - * This is where the long long data type is 64 bits, but long is 32. For - * machines where there are 64bit registers, this is the mode to use. IRIX, - * on R4000 and above should use this mode, along with the relevant assembler - * code :-). Do NOT define BN_LLONG. + * 64-bit processor other than LP64 ABI */ # ifdef SIXTY_FOUR_BIT -# undef BN_LLONG -# undef BN_ULLONG # define BN_ULONG unsigned long long -# define BN_LONG long long -# define BN_BITS 128 # define BN_BYTES 8 -# define BN_BITS2 64 -# define BN_BITS4 32 -# define BN_MASK2 (0xffffffffffffffffLL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000LL) -# define BN_MASK2h1 (0xffffffff80000000LL) -# define BN_TBIT (0x8000000000000000LL) -# define BN_DEC_CONV (10000000000000000000ULL) -# define BN_DEC_FMT1 "%llu" -# define BN_DEC_FMT2 "%019llu" -# define BN_DEC_NUM 19 -# define BN_HEX_FMT1 "%llX" -# define BN_HEX_FMT2 "%016llX" # endif # ifdef THIRTY_TWO_BIT -# ifdef BN_LLONG -# if defined(_WIN32) && !defined(__GNUC__) -# define BN_ULLONG unsigned __int64 -# define BN_MASK (0xffffffffffffffffI64) -# else -# define BN_ULLONG unsigned long long -# define BN_MASK (0xffffffffffffffffLL) -# endif -# endif # define BN_ULONG unsigned int -# define BN_LONG int -# define BN_BITS 64 # define BN_BYTES 4 -# define BN_BITS2 32 -# define BN_BITS4 16 -# define BN_MASK2 (0xffffffffL) -# define BN_MASK2l (0xffff) -# define BN_MASK2h1 (0xffff8000L) -# define BN_MASK2h (0xffff0000L) -# define BN_TBIT (0x80000000L) -# define BN_DEC_CONV (1000000000L) -# define BN_DEC_FMT1 "%u" -# define BN_DEC_FMT2 "%09u" -# define BN_DEC_NUM 9 -# define BN_HEX_FMT1 "%X" -# define BN_HEX_FMT2 "%08X" # endif -# define BN_DEFAULT_BITS 1280 +# define BN_BITS2 (BN_BYTES * 8) +# define BN_BITS (BN_BITS2 * 2) +# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) # define BN_FLG_MALLOCED 0x01 # define BN_FLG_STATIC_DATA 0x02 @@ -268,107 +171,40 @@ extern "C" { * BN_mod_inverse() will call BN_mod_inverse_no_branch. */ # define BN_FLG_CONSTTIME 0x04 +# define BN_FLG_SECURE 0x08 -# ifdef OPENSSL_NO_DEPRECATED +# if OPENSSL_API_COMPAT < 0x00908000L /* deprecated name for the flag */ # define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME -/* - * avoid leaking exponent information through timings - * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) - */ +# define BN_FLG_FREE 0x8000 /* used for debuging */ # endif -# ifndef OPENSSL_NO_DEPRECATED -# define BN_FLG_FREE 0x8000 - /* used for debuging */ -# endif -# define BN_set_flags(b,n) ((b)->flags|=(n)) -# define BN_get_flags(b,n) ((b)->flags&(n)) +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); /* * get a clone of a BIGNUM with changed flags, for *temporary* use only (the - * two BIGNUMs cannot not be used in parallel!) + * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The + * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that + * has not been otherwise initialised or used. */ -# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ - (dest)->top=(b)->top, \ - (dest)->dmax=(b)->dmax, \ - (dest)->neg=(b)->neg, \ - (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ - | ((b)->flags & ~BN_FLG_MALLOCED) \ - | BN_FLG_STATIC_DATA \ - | (n))) - -/* Already declared in ossl_typ.h */ -# if 0 -typedef struct bignum_st BIGNUM; -/* Used for temp variables (declaration hidden in bn_lcl.h) */ -typedef struct bignum_ctx BN_CTX; -typedef struct bn_blinding_st BN_BLINDING; -typedef struct bn_mont_ctx_st BN_MONT_CTX; -typedef struct bn_recp_ctx_st BN_RECP_CTX; -typedef struct bn_gencb_st BN_GENCB; -# endif +void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); -struct bignum_st { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit - * chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; -}; - -/* Used for montgomery multiplication */ -struct bn_mont_ctx_st { - int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form */ - BIGNUM N; /* The modulus */ - BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only - * stored for bignum algorithm) */ - BN_ULONG n0[2]; /* least significant word(s) of Ni; (type - * changed with 0.9.9, was "BN_ULONG n0;" - * before) */ - int flags; -}; - -/* - * Used for reciprocal division/mod functions It cannot be shared between - * threads - */ -struct bn_recp_ctx_st { - BIGNUM N; /* the divisor */ - BIGNUM Nr; /* the reciprocal */ - int num_bits; - int shift; - int flags; -}; - -/* Used for slow "generation" functions. */ -struct bn_gencb_st { - unsigned int ver; /* To handle binary (in)compatibility */ - void *arg; /* callback-specific data */ - union { - /* if(ver==1) - handles old style callbacks */ - void (*cb_1) (int, int, void *); - /* if(ver==2) - new callback style */ - int (*cb_2) (int, int, BN_GENCB *); - } cb; -}; /* Wrapper function to make using BN_GENCB easier, */ int BN_GENCB_call(BN_GENCB *cb, int a, int b); -/* Macro to populate a BN_GENCB structure with an "old"-style callback */ -# define BN_GENCB_set_old(gencb, callback, cb_arg) { \ - BN_GENCB *tmp_gencb = (gencb); \ - tmp_gencb->ver = 1; \ - tmp_gencb->arg = (cb_arg); \ - tmp_gencb->cb.cb_1 = (callback); } -/* Macro to populate a BN_GENCB structure with a "new"-style callback */ -# define BN_GENCB_set(gencb, callback, cb_arg) { \ - BN_GENCB *tmp_gencb = (gencb); \ - tmp_gencb->ver = 2; \ - tmp_gencb->arg = (cb_arg); \ - tmp_gencb->cb.cb_2 = (callback); } + +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); # define BN_prime_checks 0 /* default: select number of iterations based * on the size of the number */ @@ -396,22 +232,17 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) -/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ -# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ - (((w) == 0) && ((a)->top == 0))) -# define BN_is_zero(a) ((a)->top == 0) -# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) -# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) -# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); # define BN_one(a) (BN_set_word((a),1)) -# define BN_zero_ex(a) \ - do { \ - BIGNUM *_tmp_bn = (a); \ - _tmp_bn->top = 0; \ - _tmp_bn->neg = 0; \ - } while(0) -# ifdef OPENSSL_NO_DEPRECATED + +void BN_zero_ex(BIGNUM *a); + +# if OPENSSL_API_COMPAT >= 0x00908000L # define BN_zero(a) BN_zero_ex(a) # else # define BN_zero(a) (BN_set_word((a),0)) @@ -420,9 +251,7 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); const BIGNUM *BN_value_one(void); char *BN_options(void); BN_CTX *BN_CTX_new(void); -# ifndef OPENSSL_NO_DEPRECATED -void BN_CTX_init(BN_CTX *c); -# endif +BN_CTX *BN_CTX_secure_new(void); void BN_CTX_free(BN_CTX *c); void BN_CTX_start(BN_CTX *ctx); BIGNUM *BN_CTX_get(BN_CTX *ctx); @@ -432,14 +261,18 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); int BN_num_bits(const BIGNUM *a); -int BN_num_bits_word(BN_ULONG); +int BN_num_bits_word(BN_ULONG l); +int BN_security_bits(int L, int N); BIGNUM *BN_new(void); -void BN_init(BIGNUM *); +BIGNUM *BN_secure_new(void); void BN_clear_free(BIGNUM *a); BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); void BN_swap(BIGNUM *a, BIGNUM *b); BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2mpi(const BIGNUM *a, unsigned char *to); int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); @@ -457,7 +290,7 @@ void BN_set_negative(BIGNUM *b, int n); * \param a pointer to the BIGNUM object * \return 1 if a < 0 and 0 otherwise */ -# define BN_is_negative(a) ((a)->neg != 0) +int BN_is_negative(const BIGNUM *b); int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); @@ -511,14 +344,10 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); int BN_mask_bits(BIGNUM *a, int n); -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO int BN_print_fp(FILE *fp, const BIGNUM *a); # endif -# ifdef HEADER_BIO_H -int BN_print(BIO *fp, const BIGNUM *a); -# else -int BN_print(void *fp, const BIGNUM *a); -# endif +int BN_print(BIO *bio, const BIGNUM *a); int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); int BN_rshift1(BIGNUM *r, const BIGNUM *a); @@ -544,17 +373,21 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret, void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); /* Deprecated versions */ -# ifndef OPENSSL_NO_DEPRECATED -BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback) (int, int, void *), void *cb_arg); -int BN_is_prime(const BIGNUM *p, int nchecks, - void (*callback) (int, int, void *), - BN_CTX *ctx, void *cb_arg); -int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, - void (*callback) (int, int, void *), BN_CTX *ctx, - void *cb_arg, int do_trial_division); -# endif /* !defined(OPENSSL_NO_DEPRECATED) */ +DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, + const BIGNUM *rem, + void (*callback) (int, int, + void *), + void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg)) +DEPRECATEDIN_0_9_8(int + BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback) (int, int, void *), + BN_CTX *ctx, void *cb_arg, + int do_trial_division)) /* Newer versions */ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, @@ -574,17 +407,16 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, BN_CTX *ctx, BN_GENCB *cb); BN_MONT_CTX *BN_MONT_CTX_new(void); -void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); -# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ - (r),(a),&((mont)->RR),(mont),(ctx)) -int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, - BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); void BN_MONT_CTX_free(BN_MONT_CTX *mont); int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); -BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, const BIGNUM *mod, BN_CTX *ctx); /* BN_BLINDING flags */ @@ -599,11 +431,12 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); -# ifndef OPENSSL_NO_DEPRECATED -unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); -void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); -# endif -CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); + +int BN_BLINDING_is_current_thread(BN_BLINDING *b); +void BN_BLINDING_set_current_thread(BN_BLINDING *b); +int BN_BLINDING_lock(BN_BLINDING *b); +int BN_BLINDING_unlock(BN_BLINDING *b); + unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, @@ -616,12 +449,10 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx); -# ifndef OPENSSL_NO_DEPRECATED -void BN_set_params(int mul, int high, int low, int mont); -int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ -# endif +DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) +DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 + * mont */ -void BN_RECP_CTX_init(BN_RECP_CTX *recp); BN_RECP_CTX *BN_RECP_CTX_new(void); void BN_RECP_CTX_free(BN_RECP_CTX *recp); int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); @@ -719,131 +550,12 @@ const BIGNUM *BN_get0_nist_prime_256(void); const BIGNUM *BN_get0_nist_prime_384(void); const BIGNUM *BN_get0_nist_prime_521(void); -/* library internal functions */ - -# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ - (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) -# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) -BIGNUM *bn_expand2(BIGNUM *a, int words); -# ifndef OPENSSL_NO_DEPRECATED -BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ -# endif - -/*- - * Bignum consistency macros - * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from - * bignum data after direct manipulations on the data. There is also an - * "internal" macro, bn_check_top(), for verifying that there are no leading - * zeroes. Unfortunately, some auditing is required due to the fact that - * bn_fix_top() has become an overabused duct-tape because bignum data is - * occasionally passed around in an inconsistent state. So the following - * changes have been made to sort this out; - * - bn_fix_top()s implementation has been moved to bn_correct_top() - * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and - * bn_check_top() is as before. - * - if BN_DEBUG *is* defined; - * - bn_check_top() tries to pollute unused words even if the bignum 'top' is - * consistent. (ed: only if BN_DEBUG_RAND is defined) - * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. - * The idea is to have debug builds flag up inconsistent bignums when they - * occur. If that occurs in a bn_fix_top(), we examine the code in question; if - * the use of bn_fix_top() was appropriate (ie. it follows directly after code - * that manipulates the bignum) it is converted to bn_correct_top(), and if it - * was not appropriate, we convert it permanently to bn_check_top() and track - * down the cause of the bug. Eventually, no internal code should be using the - * bn_fix_top() macro. External applications and libraries should try this with - * their own code too, both in terms of building against the openssl headers - * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it - * defined. This not only improves external code, it provides more test - * coverage for openssl's own code. - */ - -# ifdef BN_DEBUG - -/* We only need assert() when debugging */ -# include <assert.h> - -# ifdef BN_DEBUG_RAND -/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ -# ifndef RAND_pseudo_bytes -int RAND_pseudo_bytes(unsigned char *buf, int num); -# define BN_DEBUG_TRIX -# endif -# define bn_pollute(a) \ - do { \ - const BIGNUM *_bnum1 = (a); \ - if(_bnum1->top < _bnum1->dmax) { \ - unsigned char _tmp_char; \ - /* We cast away const without the compiler knowing, any \ - * *genuinely* constant variables that aren't mutable \ - * wouldn't be constructed with top!=dmax. */ \ - BN_ULONG *_not_const; \ - memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ - /* Debug only - safe to ignore error return */ \ - RAND_pseudo_bytes(&_tmp_char, 1); \ - memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ - (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ - } \ - } while(0) -# ifdef BN_DEBUG_TRIX -# undef RAND_pseudo_bytes -# endif -# else -# define bn_pollute(a) -# endif -# define bn_check_top(a) \ - do { \ - const BIGNUM *_bnum2 = (a); \ - if (_bnum2 != NULL) { \ - assert((_bnum2->top == 0) || \ - (_bnum2->d[_bnum2->top - 1] != 0)); \ - bn_pollute(_bnum2); \ - } \ - } while(0) - -# define bn_fix_top(a) bn_check_top(a) - -# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) -# define bn_wcheck_size(bn, words) \ - do { \ - const BIGNUM *_bnum2 = (bn); \ - assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ - /* avoid unused variable warning with NDEBUG */ \ - (void)(_bnum2); \ - } while(0) - -# else /* !BN_DEBUG */ - -# define bn_pollute(a) -# define bn_check_top(a) -# define bn_fix_top(a) bn_correct_top(a) -# define bn_check_size(bn, bits) -# define bn_wcheck_size(bn, words) - -# endif +int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, + const BIGNUM *field, BN_CTX *ctx); -# define bn_correct_top(a) \ - { \ - BN_ULONG *ftl; \ - int tmp_top = (a)->top; \ - if (tmp_top > 0) \ - { \ - for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ - if (*(ftl--)) break; \ - (a)->top = tmp_top; \ - } \ - bn_pollute(a); \ - } - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w); -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); -void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); -BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); -BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); +int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, + const BIGNUM *priv, const unsigned char *message, + size_t message_len, BN_CTX *ctx); /* Primes from RFC 2409 */ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); @@ -877,6 +589,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_BLINDING_UPDATE 103 # define BN_F_BN_BN2DEC 104 # define BN_F_BN_BN2HEX 105 +# define BN_F_BN_COMPUTE_WNAF 142 # define BN_F_BN_CTX_GET 116 # define BN_F_BN_CTX_NEW 106 # define BN_F_BN_CTX_START 129 @@ -886,6 +599,9 @@ void ERR_load_BN_strings(void); # define BN_F_BN_EXP 123 # define BN_F_BN_EXPAND2 108 # define BN_F_BN_EXPAND_INTERNAL 120 +# define BN_F_BN_GENCB_NEW 143 +# define BN_F_BN_GENERATE_DSA_NONCE 140 +# define BN_F_BN_GENERATE_PRIME_EX 141 # define BN_F_BN_GF2M_MOD 131 # define BN_F_BN_GF2M_MOD_EXP 132 # define BN_F_BN_GF2M_MOD_MUL 133 @@ -910,6 +626,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 # define BN_F_BN_RSHIFT 146 +# define BN_F_BN_SET_WORDS 144 # define BN_F_BN_USUB 115 /* Reason codes. */ @@ -929,6 +646,7 @@ void ERR_load_BN_strings(void); # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 # define BN_R_NO_SOLUTION 116 +# define BN_R_PRIVATE_KEY_TOO_LARGE 117 # define BN_R_P_IS_NOT_PRIME 112 # define BN_R_TOO_MANY_ITERATIONS 113 # define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 diff --git a/include/openssl/buffer.h b/include/openssl/buffer.h index efd240a5f9..f5b46dd71a 100644 --- a/include/openssl/buffer.h +++ b/include/openssl/buffer.h @@ -1,4 +1,3 @@ -/* crypto/buffer/buffer.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,6 +59,10 @@ # define HEADER_BUFFER_H # include <openssl/ossl_typ.h> +# ifndef HEADER_CRYPTO_H +# include <openssl/crypto.h> +# endif + #ifdef __cplusplus extern "C" { @@ -71,35 +74,33 @@ extern "C" { # include <sys/types.h> # endif -/* Already declared in ossl_typ.h */ -/* typedef struct buf_mem_st BUF_MEM; */ - +/* + * These names are outdated as of OpenSSL 1.1; a future release + * will move them to be deprecated. + */ +# define BUF_strdup(s) OPENSSL_strdup(s) +# define BUF_strndup(s, size) OPENSSL_strndup(s, size) +# define BUF_memdup(data, size) OPENSSL_memdup(data, size) +# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) +# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) +# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) + struct buf_mem_st { size_t length; /* current number of bytes */ char *data; size_t max; /* size of buffer */ + unsigned long flags; }; +# define BUF_MEM_FLAG_SECURE 0x01 + BUF_MEM *BUF_MEM_new(void); +BUF_MEM *BUF_MEM_new_ex(unsigned long flags); void BUF_MEM_free(BUF_MEM *a); -int BUF_MEM_grow(BUF_MEM *str, size_t len); -int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); -size_t BUF_strnlen(const char *str, size_t maxlen); -char *BUF_strdup(const char *str); - -/* - * Like strndup, but in addition, explicitly guarantees to never read past the - * first |siz| bytes of |str|. - */ -char *BUF_strndup(const char *str, size_t siz); - -void *BUF_memdup(const void *data, size_t siz); +size_t BUF_MEM_grow(BUF_MEM *str, size_t len); +size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); -/* safe string functions */ -size_t BUF_strlcpy(char *dst, const char *src, size_t siz); -size_t BUF_strlcat(char *dst, const char *src, size_t siz); - /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -110,12 +111,9 @@ void ERR_load_BUF_strings(void); /* Error codes for the BUF functions. */ /* Function codes. */ -# define BUF_F_BUF_MEMDUP 103 # define BUF_F_BUF_MEM_GROW 100 # define BUF_F_BUF_MEM_GROW_CLEAN 105 # define BUF_F_BUF_MEM_NEW 101 -# define BUF_F_BUF_STRDUP 102 -# define BUF_F_BUF_STRNDUP 104 /* Reason codes. */ diff --git a/include/openssl/camellia.h b/include/openssl/camellia.h index 45e8d25b1d..d04d2a8b3a 100644 --- a/include/openssl/camellia.h +++ b/include/openssl/camellia.h @@ -1,4 +1,3 @@ -/* crypto/camellia/camellia.h */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * @@ -90,10 +89,6 @@ struct camellia_key_st { }; typedef struct camellia_key_st CAMELLIA_KEY; -# ifdef OPENSSL_FIPS -int private_Camellia_set_key(const unsigned char *userKey, const int bits, - CAMELLIA_KEY *key); -# endif int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); diff --git a/include/openssl/cast.h b/include/openssl/cast.h index 0003ec9c7c..87d1933a9b 100644 --- a/include/openssl/cast.h +++ b/include/openssl/cast.h @@ -1,4 +1,3 @@ -/* crypto/cast/cast.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -82,9 +81,6 @@ typedef struct cast_key_st { int short_key; /* Use reduced rounds for short key */ } CAST_KEY; -# ifdef OPENSSL_FIPS -void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); -# endif void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h index 175be8348a..a621923eb0 100644 --- a/include/openssl/cmac.h +++ b/include/openssl/cmac.h @@ -1,4 +1,3 @@ -/* crypto/cmac/cmac.h */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. diff --git a/include/openssl/cms.h b/include/openssl/cms.h index e6c7f964bf..f8d55d84d2 100644 --- a/include/openssl/cms.h +++ b/include/openssl/cms.h @@ -1,4 +1,3 @@ -/* crypto/cms/cms.h */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -56,6 +55,7 @@ # define HEADER_CMS_H # include <openssl/x509.h> +# include <openssl/x509v3.h> # ifdef OPENSSL_NO_CMS # error CMS is disabled. @@ -75,9 +75,10 @@ typedef struct CMS_Receipt_st CMS_Receipt; typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; -DECLARE_STACK_OF(CMS_SignerInfo) -DECLARE_STACK_OF(GENERAL_NAMES) -DECLARE_STACK_OF(CMS_RecipientEncryptedKey) +DEFINE_STACK_OF(CMS_SignerInfo) +DEFINE_STACK_OF(CMS_RecipientEncryptedKey) +DEFINE_STACK_OF(CMS_RecipientInfo) +DEFINE_STACK_OF(CMS_RevocationInfoChoice) DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) @@ -116,6 +117,7 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) # define CMS_USE_KEYID 0x10000 # define CMS_DEBUG_DECRYPT 0x20000 # define CMS_KEY_PARAM 0x40000 +# define CMS_ASCIICRLF 0x80000 const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); diff --git a/include/openssl/comp.h b/include/openssl/comp.h index 406c428aae..de16a9fcdb 100644 --- a/include/openssl/comp.h +++ b/include/openssl/comp.h @@ -1,49 +1,84 @@ +/* ==================================================================== + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + #ifndef HEADER_COMP_H # define HEADER_COMP_H # include <openssl/crypto.h> +# ifdef OPENSSL_NO_COMP +# error COMP is disabled. +# endif + #ifdef __cplusplus extern "C" { #endif -typedef struct comp_ctx_st COMP_CTX; - -typedef struct comp_method_st { - int type; /* NID for compression library */ - const char *name; /* A text string to identify the library */ - int (*init) (COMP_CTX *ctx); - void (*finish) (COMP_CTX *ctx); - int (*compress) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - int (*expand) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - /* - * The following two do NOTHING, but are kept for backward compatibility - */ - long (*ctrl) (void); - long (*callback_ctrl) (void); -} COMP_METHOD; - -struct comp_ctx_st { - COMP_METHOD *meth; - unsigned long compress_in; - unsigned long compress_out; - unsigned long expand_in; - unsigned long expand_out; - CRYPTO_EX_DATA ex_data; -}; COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); void COMP_CTX_free(COMP_CTX *ctx); + int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); -COMP_METHOD *COMP_rle(void); + COMP_METHOD *COMP_zlib(void); void COMP_zlib_cleanup(void); diff --git a/include/openssl/conf.h b/include/openssl/conf.h index 8d926d5d82..24e9dee49f 100644 --- a/include/openssl/conf.h +++ b/include/openssl/conf.h @@ -1,4 +1,3 @@ -/* crypto/conf/conf.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -77,8 +76,8 @@ typedef struct { char *value; } CONF_VALUE; -DECLARE_STACK_OF(CONF_VALUE) -DECLARE_LHASH_OF(CONF_VALUE); +DEFINE_STACK_OF(CONF_VALUE) +DEFINE_LHASH_OF(CONF_VALUE); struct conf_st; struct conf_method_st; @@ -102,8 +101,8 @@ struct conf_method_st { typedef struct conf_imodule_st CONF_IMODULE; typedef struct conf_module_st CONF_MODULE; -DECLARE_STACK_OF(CONF_MODULE) -DECLARE_STACK_OF(CONF_IMODULE) +DEFINE_STACK_OF(CONF_MODULE) +DEFINE_STACK_OF(CONF_IMODULE) /* DSO module function typedefs */ typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); @@ -120,7 +119,7 @@ int CONF_set_default_method(CONF_METHOD *meth); void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, long *eline); -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, long *eline); # endif @@ -133,11 +132,17 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, const char *name); void CONF_free(LHASH_OF(CONF_VALUE) *conf); +#ifndef OPENSSL_NO_STDIO int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +#endif int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); -void OPENSSL_config(const char *config_name); -void OPENSSL_no_config(void); +DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) + +#if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_no_config() \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +#endif /* * New conf code. The semantics are different from the functions above. If @@ -153,15 +158,11 @@ struct conf_st { CONF *NCONF_new(CONF_METHOD *meth); CONF_METHOD *NCONF_default(void); CONF_METHOD *NCONF_WIN32(void); -# if 0 /* Just to give you an idea of what I have in - * mind */ -CONF_METHOD *NCONF_XML(void); -# endif void NCONF_free(CONF *conf); void NCONF_free_data(CONF *conf); int NCONF_load(CONF *conf, const char *file, long *eline); -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); # endif int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); @@ -170,15 +171,12 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, char *NCONF_get_string(const CONF *conf, const char *group, const char *name); int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, long *result); +#ifndef OPENSSL_NO_STDIO int NCONF_dump_fp(const CONF *conf, FILE *out); +#endif int NCONF_dump_bio(const CONF *conf, BIO *out); -# if 0 /* The following function has no error - * checking, and should therefore be avoided */ -long NCONF_get_number(CONF *conf, char *group, char *name); -# else -# define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) -# endif +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) /* Module functions */ diff --git a/include/openssl/conf_api.h b/include/openssl/conf_api.h index e478f7df4b..fd6f32e16d 100644 --- a/include/openssl/conf_api.h +++ b/include/openssl/conf_api.h @@ -1,4 +1,3 @@ -/* conf_api.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index c450d7a3c3..488c963f68 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -1,6 +1,5 @@ -/* crypto/crypto.h */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -118,10 +117,11 @@ # define HEADER_CRYPTO_H # include <stdlib.h> +# include <time.h> # include <openssl/e_os2.h> -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO # include <stdio.h> # endif @@ -129,6 +129,7 @@ # include <openssl/safestack.h> # include <openssl/opensslv.h> # include <openssl/ossl_typ.h> +# include <openssl/opensslconf.h> # ifdef CHARSET_EBCDIC # include <openssl/ebcdic.h> @@ -140,276 +141,153 @@ */ # include <openssl/symhacks.h> +# if OPENSSL_API_COMPAT < 0x10100000L +# include <openssl/opensslv.h> +# endif + #ifdef __cplusplus extern "C" { #endif -/* Backward compatibility to SSLeay */ -/* - * This is more to be used to check the correct DLL is being used in the MS - * world. - */ -# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER -# define SSLEAY_VERSION 0 -/* #define SSLEAY_OPTIONS 1 no longer supported */ -# define SSLEAY_CFLAGS 2 -# define SSLEAY_BUILT_ON 3 -# define SSLEAY_PLATFORM 4 -# define SSLEAY_DIR 5 - -/* Already declared in ossl_typ.h */ -# if 0 -typedef struct crypto_ex_data_st CRYPTO_EX_DATA; -/* Called when a new object is created */ -typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -/* Called when an object is free()ed */ -typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -/* Called when we need to dup an object */ -typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, - void *from_d, int idx, long argl, void *argp); -# endif - -/* A generic structure to pass assorted data in a expandable way */ -typedef struct openssl_item_st { - int code; - void *value; /* Not used for flag attributes */ - size_t value_size; /* Max size of value for output, length for - * input */ - size_t *value_length; /* Returned length of value for output */ -} OPENSSL_ITEM; +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSLeay OpenSSL_version_num +# define SSLeay_version OpenSSL_version +# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +# define SSLEAY_VERSION OPENSSL_VERSION +# define SSLEAY_CFLAGS OPENSSL_CFLAGS +# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +# define SSLEAY_PLATFORM OPENSSL_PLATFORM +# define SSLEAY_DIR OPENSSL_DIR -/* - * When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock - * names in cryptlib.c - */ - -# define CRYPTO_LOCK_ERR 1 -# define CRYPTO_LOCK_EX_DATA 2 -# define CRYPTO_LOCK_X509 3 -# define CRYPTO_LOCK_X509_INFO 4 -# define CRYPTO_LOCK_X509_PKEY 5 -# define CRYPTO_LOCK_X509_CRL 6 -# define CRYPTO_LOCK_X509_REQ 7 -# define CRYPTO_LOCK_DSA 8 -# define CRYPTO_LOCK_RSA 9 -# define CRYPTO_LOCK_EVP_PKEY 10 -# define CRYPTO_LOCK_X509_STORE 11 -# define CRYPTO_LOCK_SSL_CTX 12 -# define CRYPTO_LOCK_SSL_CERT 13 -# define CRYPTO_LOCK_SSL_SESSION 14 -# define CRYPTO_LOCK_SSL_SESS_CERT 15 -# define CRYPTO_LOCK_SSL 16 -# define CRYPTO_LOCK_SSL_METHOD 17 -# define CRYPTO_LOCK_RAND 18 -# define CRYPTO_LOCK_RAND2 19 -# define CRYPTO_LOCK_MALLOC 20 -# define CRYPTO_LOCK_BIO 21 -# define CRYPTO_LOCK_GETHOSTBYNAME 22 -# define CRYPTO_LOCK_GETSERVBYNAME 23 -# define CRYPTO_LOCK_READDIR 24 -# define CRYPTO_LOCK_RSA_BLINDING 25 -# define CRYPTO_LOCK_DH 26 -# define CRYPTO_LOCK_MALLOC2 27 -# define CRYPTO_LOCK_DSO 28 -# define CRYPTO_LOCK_DYNLOCK 29 -# define CRYPTO_LOCK_ENGINE 30 -# define CRYPTO_LOCK_UI 31 -# define CRYPTO_LOCK_ECDSA 32 -# define CRYPTO_LOCK_EC 33 -# define CRYPTO_LOCK_ECDH 34 -# define CRYPTO_LOCK_BN 35 -# define CRYPTO_LOCK_EC_PRE_COMP 36 -# define CRYPTO_LOCK_STORE 37 -# define CRYPTO_LOCK_COMP 38 -# define CRYPTO_LOCK_FIPS 39 -# define CRYPTO_LOCK_FIPS2 40 -# define CRYPTO_NUM_LOCKS 41 - -# define CRYPTO_LOCK 1 -# define CRYPTO_UNLOCK 2 -# define CRYPTO_READ 4 -# define CRYPTO_WRITE 8 - -# ifndef OPENSSL_NO_LOCKING -# ifndef CRYPTO_w_lock -# define CRYPTO_w_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -# define CRYPTO_w_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -# define CRYPTO_r_lock(type) \ - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) -# define CRYPTO_r_unlock(type) \ - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) -# define CRYPTO_add(addr,amount,type) \ - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) -# endif -# else # define CRYPTO_w_lock(a) # define CRYPTO_w_unlock(a) # define CRYPTO_r_lock(a) # define CRYPTO_r_unlock(a) # define CRYPTO_add(a,b,c) ((*(a))+=(b)) -# endif /* - * Some applications as well as some parts of OpenSSL need to allocate and - * deallocate locks in a dynamic fashion. The following typedef makes this - * possible in a type-safe manner. + * Old type for allocating dynamic locks. No longer used. Use the new thread + * API instead. */ -/* struct CRYPTO_dynlock_value has to be defined by the application. */ typedef struct { - int references; - struct CRYPTO_dynlock_value *data; + int dummy; } CRYPTO_dynlock; -/* - * The following can be used to detect memory leaks in the SSLeay library. It - * used, it turns on malloc checking - */ +# endif /* OPENSSL_API_COMPAT */ -# define CRYPTO_MEM_CHECK_OFF 0x0/* an enume */ -# define CRYPTO_MEM_CHECK_ON 0x1/* a bit */ -# define CRYPTO_MEM_CHECK_ENABLE 0x2/* a bit */ -# define CRYPTO_MEM_CHECK_DISABLE 0x3/* an enume */ +typedef void CRYPTO_RWLOCK; -/* - * The following are bit values to turn on or off options connected to the - * malloc checking functionality - */ +CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); -/* Adds time to the memory checking information */ -# define V_CRYPTO_MDEBUG_TIME 0x1/* a bit */ -/* Adds thread number to the memory checking information */ -# define V_CRYPTO_MDEBUG_THREAD 0x2/* a bit */ +int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); -# define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) +/* + * The following can be used to detect memory leaks in the library. If + * used, it turns on malloc checking + */ +# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ /* predec of the BIO type */ typedef struct bio_st BIO_dummy; struct crypto_ex_data_st { STACK_OF(void) *sk; - /* gcc is screwing up this data structure :-( */ - int dummy; }; -DECLARE_STACK_OF(void) - -/* - * This stuff is basically class callback functions The current classes are - * SSL_CTX, SSL, SSL_SESSION, and a few more - */ - -typedef struct crypto_ex_data_func_st { - long argl; /* Arbitary long */ - void *argp; /* Arbitary void * */ - CRYPTO_EX_new *new_func; - CRYPTO_EX_free *free_func; - CRYPTO_EX_dup *dup_func; -} CRYPTO_EX_DATA_FUNCS; - -DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) +DEFINE_STACK_OF(void) /* - * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA - * entry. + * Per class, we have a STACK of function pointers. */ - -# define CRYPTO_EX_INDEX_BIO 0 -# define CRYPTO_EX_INDEX_SSL 1 -# define CRYPTO_EX_INDEX_SSL_CTX 2 -# define CRYPTO_EX_INDEX_SSL_SESSION 3 -# define CRYPTO_EX_INDEX_X509_STORE 4 -# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 -# define CRYPTO_EX_INDEX_RSA 6 -# define CRYPTO_EX_INDEX_DSA 7 -# define CRYPTO_EX_INDEX_DH 8 -# define CRYPTO_EX_INDEX_ENGINE 9 -# define CRYPTO_EX_INDEX_X509 10 +# define CRYPTO_EX_INDEX_SSL 0 +# define CRYPTO_EX_INDEX_SSL_CTX 1 +# define CRYPTO_EX_INDEX_SSL_SESSION 2 +# define CRYPTO_EX_INDEX_X509 3 +# define CRYPTO_EX_INDEX_X509_STORE 4 +# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +# define CRYPTO_EX_INDEX_DH 6 +# define CRYPTO_EX_INDEX_DSA 7 +# define CRYPTO_EX_INDEX_EC_KEY 8 +# define CRYPTO_EX_INDEX_RSA 9 +# define CRYPTO_EX_INDEX_ENGINE 10 # define CRYPTO_EX_INDEX_UI 11 -# define CRYPTO_EX_INDEX_ECDSA 12 -# define CRYPTO_EX_INDEX_ECDH 13 -# define CRYPTO_EX_INDEX_COMP 14 -# define CRYPTO_EX_INDEX_STORE 15 - -/* - * Dynamically assigned indexes start from this value (don't use directly, - * use via CRYPTO_ex_data_new_class). - */ -# define CRYPTO_EX_INDEX_USER 100 +# define CRYPTO_EX_INDEX_BIO 12 +# define CRYPTO_EX_INDEX_STORE 13 +# define CRYPTO_EX_INDEX_APP 14 +# define CRYPTO_EX_INDEX__COUNT 15 /* * This is the default callbacks, but we can have others as well: this is * needed in Win32 where the application malloc and the library malloc may * not be the same. */ -# define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ - malloc, realloc, free) - -# if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD -# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ -# define CRYPTO_MDEBUG -# endif -# endif - -/* - * Set standard debugging functions (not done by default unless CRYPTO_MDEBUG - * is defined) - */ -# define CRYPTO_malloc_debug_init() do {\ - CRYPTO_set_mem_debug_functions(\ - CRYPTO_dbg_malloc,\ - CRYPTO_dbg_realloc,\ - CRYPTO_dbg_free,\ - CRYPTO_dbg_set_options,\ - CRYPTO_dbg_get_options);\ - } while(0) +#define OPENSSL_malloc_init() \ + CRYPTO_set_mem_functions(CRYPTO_malloc, CRYPTO_realloc, CRYPTO_free) int CRYPTO_mem_ctrl(int mode); -int CRYPTO_is_mem_check_on(void); - -/* for applications */ -# define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) -# define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) - -/* for library-internal use */ -# define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) -# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) -# define is_MemCheck_on() CRYPTO_is_mem_check_on() - -# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) -# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) -# define OPENSSL_realloc(addr,num) \ - CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) -# define OPENSSL_realloc_clean(addr,old_num,num) \ - CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) -# define OPENSSL_remalloc(addr,num) \ - CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) -# define OPENSSL_freeFunc CRYPTO_free -# define OPENSSL_free(addr) CRYPTO_free(addr) - -# define OPENSSL_malloc_locked(num) \ - CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) -# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) - -const char *SSLeay_version(int type); -unsigned long SSLeay(void); + +# define OPENSSL_malloc(num) \ + CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_zalloc(num) \ + CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_realloc(addr, num) \ + CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_realloc(addr, old_num, num) \ + CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_clear_free(addr, num) \ + CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_free(addr) \ + CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_memdup(str, s) \ + CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strdup(str) \ + CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_strndup(str, n) \ + CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_malloc(num) \ + CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_free(addr) \ + CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_secure_actual_size(ptr) \ + CRYPTO_secure_actual_size(ptr) + +size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); +size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); +size_t OPENSSL_strnlen(const char *str, size_t maxlen); + +# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) + +unsigned long OpenSSL_version_num(void); +const char *OpenSSL_version(int type); +# define OPENSSL_VERSION 0 +# define OPENSSL_CFLAGS 1 +# define OPENSSL_BUILT_ON 2 +# define OPENSSL_PLATFORM 3 +# define OPENSSL_DIR 4 +# define OPENSSL_ENGINES_DIR 5 int OPENSSL_issetugid(void); -/* An opaque type representing an implementation of "ex_data" support */ -typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; -/* Return an opaque pointer to the current "ex_data" implementation */ -const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); -/* Sets the "ex_data" implementation to be used (if it's not too late) */ -int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); -/* Get a new "ex_data" class, and return the corresponding "class_index" */ -int CRYPTO_ex_data_new_class(void); -/* Within a given class, get/register a new index */ -int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, +typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, + void *srcp, int idx, long argl, void *argp); +__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +/* No longer use an index. */ +int CRYPTO_free_ex_index(int class_index, int idx); + /* * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a * given class (invokes whatever per-class callbacks are applicable) @@ -417,7 +295,9 @@ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from); + void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + /* * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular * index (relative to the class type involved) @@ -430,168 +310,131 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); */ void CRYPTO_cleanup_all_ex_data(void); -int CRYPTO_get_new_lockid(char *name); - -int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ -void CRYPTO_lock(int mode, int type, const char *file, int line); -void CRYPTO_set_locking_callback(void (*func) (int mode, int type, - const char *file, int line)); -void (*CRYPTO_get_locking_callback(void)) (int mode, int type, - const char *file, int line); -void CRYPTO_set_add_lock_callback(int (*func) - (int *num, int mount, int type, - const char *file, int line)); -int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, - const char *file, int line); - -/* Don't use this structure directly. */ +# if OPENSSL_API_COMPAT < 0x10100000L +/* + * These are the functions for the old threading API. These are all now no-ops + * and should not be used. + */ +# define CRYPTO_get_new_lockid(name) (0) +# define CRYPTO_num_locks() (0) +/* + * The old CRYPTO_lock() function has been removed completely without a + * compatibility macro. This is because previously it could not return an error + * response, but if any applications are using this they will not work and could + * fail in strange ways. Better for them to fail at compile time. + * + * void CRYPTO_lock(int mode, int type, const char *file, int line); + */ +# define CRYPTO_set_locking_callback(func) +# define CRYPTO_get_locking_callback() (NULL) +# define CRYPTO_set_add_lock_callback(func) +# define CRYPTO_get_add_lock_callback() (NULL) + +/* This structure is no longer used */ typedef struct crypto_threadid_st { - void *ptr; - unsigned long val; + int dummy; } CRYPTO_THREADID; /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ -void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); -void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); -int CRYPTO_THREADID_set_callback(void (*threadid_func) (CRYPTO_THREADID *)); -void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *); -void CRYPTO_THREADID_current(CRYPTO_THREADID *id); -int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); -void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); -unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); -# ifndef OPENSSL_NO_DEPRECATED -void CRYPTO_set_id_callback(unsigned long (*func) (void)); -unsigned long (*CRYPTO_get_id_callback(void)) (void); -unsigned long CRYPTO_thread_id(void); -# endif - -const char *CRYPTO_get_lock_name(int type); -int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, - int line); - -int CRYPTO_get_new_dynlockid(void); -void CRYPTO_destroy_dynlockid(int i); -struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); -void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value - *(*dyn_create_function) (const char - *file, - int line)); -void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) - (int mode, - struct CRYPTO_dynlock_value *l, - const char *file, int line)); -void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) - (struct CRYPTO_dynlock_value *l, - const char *file, int line)); -struct CRYPTO_dynlock_value -*(*CRYPTO_get_dynlock_create_callback(void)) (const char *file, int line); -void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, - struct CRYPTO_dynlock_value - *l, const char *file, - int line); -void (*CRYPTO_get_dynlock_destroy_callback(void)) (struct CRYPTO_dynlock_value - *l, const char *file, - int line); - -/* - * CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- call - * the latter last if you need different functions - */ -int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), - void (*f) (void *)); -int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), - void (*free_func) (void *)); -int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), - void *(*r) (void *, size_t, const char *, - int), void (*f) (void *)); -int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int), - void (*free_func) (void *)); -int CRYPTO_set_mem_debug_functions(void (*m) - (void *, int, const char *, int, int), - void (*r) (void *, void *, int, - const char *, int, int), - void (*f) (void *, int), void (*so) (long), - long (*go) (void)); -void CRYPTO_get_mem_functions(void *(**m) (size_t), - void *(**r) (void *, size_t), - void (**f) (void *)); -void CRYPTO_get_locked_mem_functions(void *(**m) (size_t), - void (**f) (void *)); -void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int), - void *(**r) (void *, size_t, const char *, - int), void (**f) (void *)); -void CRYPTO_get_locked_mem_ex_functions(void - *(**m) (size_t, const char *, int), - void (**f) (void *)); -void CRYPTO_get_mem_debug_functions(void (**m) - (void *, int, const char *, int, int), - void (**r) (void *, void *, int, - const char *, int, int), - void (**f) (void *, int), - void (**so) (long), long (**go) (void)); - -void *CRYPTO_malloc_locked(int num, const char *file, int line); -void CRYPTO_free_locked(void *ptr); -void *CRYPTO_malloc(int num, const char *file, int line); +# define CRYPTO_THREADID_set_numeric(id, val) +# define CRYPTO_THREADID_set_pointer(id, ptr) +# define CRYPTO_THREADID_set_callback(threadid_func) (0) +# define CRYPTO_THREADID_get_callback() (NULL) +# define CRYPTO_THREADID_current(id) +# define CRYPTO_THREADID_cmp(a, b) (-1) +# define CRYPTO_THREADID_cpy(dest, src) +# define CRYPTO_THREADID_hash(id) (0UL) + +# if OPENSSL_API_COMPAT < 0x10000000L +# define CRYPTO_set_id_callback(func) +# define CRYPTO_get_id_callback() (NULL) +# define CRYPTO_thread_id() (0UL) +# endif /* OPENSSL_API_COMPAT < 0x10000000L */ + +# define CRYPTO_get_lock_name(type) (NULL) +# define CRYPTO_add_lock(pointer, amount, type, file, line) \ + (0) + +# define CRYPTO_get_new_dynlockid() (0) +# define CRYPTO_destroy_dynlockid(i) +# define CRYPTO_get_dynlock_value(i) (NULL) +# define CRYPTO_set_dynlock_create_callback(dyn_create_function) +# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +# define CRYPTO_get_dynlock_create_callback() (NULL) +# define CRYPTO_get_dynlock_lock_callback() (NULL) +# define CRYPTO_get_dynlock_destroy_callback() (NULL) +# endif /* OPENSSL_API_COMPAT < 0x10100000L */ + +int CRYPTO_set_mem_functions( + void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, int), + void (*f) (void *, const char *, int)); +int CRYPTO_set_mem_debug(int flag); +void CRYPTO_get_mem_functions( + void *(**m) (size_t, const char *, int), + void *(**r) (void *, size_t, const char *, int), + void (**f) (void *, const char *, int)); + +void *CRYPTO_malloc(size_t num, const char *file, int line); +void *CRYPTO_zalloc(size_t num, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); char *CRYPTO_strdup(const char *str, const char *file, int line); -void CRYPTO_free(void *ptr); -void *CRYPTO_realloc(void *addr, int num, const char *file, int line); -void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file, - int line); -void *CRYPTO_remalloc(void *addr, int num, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void CRYPTO_free(void *ptr, const char *file, int line); +void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); +void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); +void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, + const char *file, int line); + +int CRYPTO_secure_malloc_init(size_t sz, int minsize); +void CRYPTO_secure_malloc_done(void); +void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +void CRYPTO_secure_free(void *ptr, const char *file, int line); +int CRYPTO_secure_allocated(const void *ptr); +int CRYPTO_secure_malloc_initialized(void); +size_t CRYPTO_secure_actual_size(void *ptr); +size_t CRYPTO_secure_used(void); void OPENSSL_cleanse(void *ptr, size_t len); -void CRYPTO_set_mem_debug_options(long bits); -long CRYPTO_get_mem_debug_options(void); +# ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_mem_debug_push(info) \ + CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +# define OPENSSL_mem_debug_pop() \ + CRYPTO_mem_debug_pop() +int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +int CRYPTO_mem_debug_pop(void); -# define CRYPTO_push_info(info) \ - CRYPTO_push_info_(info, __FILE__, __LINE__); -int CRYPTO_push_info_(const char *info, const char *file, int line); -int CRYPTO_pop_info(void); -int CRYPTO_remove_all_info(void); - -/* - * Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; - * used as default in CRYPTO_MDEBUG compilations): - */ /*- - * The last argument has the following significance: - * - * 0: called before the actual memory allocation has taken place - * 1: called after the actual memory allocation has taken place + * Debugging functions (enabled by CRYPTO_set_mem_debug(1)) + * The flag argument has the following significance: + * 0: called before the actual memory allocation has taken place + * 1: called after the actual memory allocation has taken place */ -void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, - int before_p); -void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, const char *file, - int line, int before_p); -void CRYPTO_dbg_free(void *addr, int before_p); -/*- - * Tell the debugging code about options. By default, the following values - * apply: - * - * 0: Clear all options. - * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option. - * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option. - * V_CRYPTO_MDEBUG_ALL (3): 1 + 2 - */ -void CRYPTO_dbg_set_options(long bits); -long CRYPTO_dbg_get_options(void); - -# ifndef OPENSSL_NO_FP_API -void CRYPTO_mem_leaks_fp(FILE *); +void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, + const char *file, int line); +void CRYPTO_mem_debug_free(void *addr, int flag, + const char *file, int line); + +# ifndef OPENSSL_NO_STDIO +int CRYPTO_mem_leaks_fp(FILE *); +# endif +int CRYPTO_mem_leaks(struct bio_st *bio); # endif -void CRYPTO_mem_leaks(struct bio_st *bio); -/* unsigned long order, char *file, int line, int num_bytes, char *addr */ -typedef void *CRYPTO_MEM_LEAK_CB (unsigned long, const char *, int, int, - void *); -void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); /* die if we have to */ -void OpenSSLDie(const char *file, int line, const char *assertion); -# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) +# if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) +# endif +void OPENSSL_die(const char *assertion, const char *file, int line); +# define OPENSSL_assert(e) \ + (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) -unsigned long *OPENSSL_ia32cap_loc(void); -# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) +unsigned int *OPENSSL_ia32cap_loc(void); +# define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0]) int OPENSSL_isservice(void); int FIPS_mode(void); @@ -599,27 +442,10 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); -# define fips_md_init(alg) fips_md_init_ctx(alg, alg) - -# ifdef OPENSSL_FIPS -# define fips_md_init_ctx(alg, cx) \ - int alg##_Init(cx##_CTX *c) \ - { \ - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ - "Low level API call to digest " #alg " forbidden in FIPS mode!"); \ - return private_##alg##_Init(c); \ - } \ - int private_##alg##_Init(cx##_CTX *c) - -# define fips_cipher_abort(alg) \ - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ - "Low level API call to cipher " #alg " forbidden in FIPS mode!") - -# else -# define fips_md_init_ctx(alg, cx) \ - int alg##_Init(cx##_CTX *c) -# define fips_cipher_abort(alg) while(0) -# endif +struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_diff(int *pday, int *psec, + const struct tm *from, const struct tm *to); /* * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. @@ -628,7 +454,52 @@ void OPENSSL_init(void); * into a defined order as the return value when a != b is undefined, other * than to be non-zero. */ -int CRYPTO_memcmp(const void *a, const void *b, size_t len); +int CRYPTO_memcmp(const volatile void * volatile in_a, + const volatile void * volatile in_b, + size_t len); + +/* Standard initialisation options */ +# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +# define OPENSSL_INIT_ASYNC 0x00000100L +# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +# define OPENSSL_INIT_ENGINE_DASYNC 0x00008000L +/* OPENSSL_INIT flag 0x00010000 reserved for internal use */ +# define OPENSSL_INIT_ENGINE_AFALG 0x00020000L +/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ +/* Max OPENSSL_INIT flag value is 0x80000000 */ + +/* openssl and dasync not counted as builtin */ +# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ + (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ + | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ + OPENSSL_INIT_ENGINE_PADLOCK) + + +/* Library initialisation functions */ +void OPENSSL_cleanup(void); +int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +int OPENSSL_atexit(void (*handler)(void)); +void OPENSSL_thread_stop(void); + +/* Low-level control of initialization */ +OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +#ifndef OPENSSL_NO_STDIO +void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, + const char *config_file); +#endif +void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); /* BEGIN ERROR CODES */ /* @@ -640,16 +511,23 @@ void ERR_load_CRYPTO_strings(void); /* Error codes for the CRYPTO functions. */ /* Function codes. */ +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 # define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 # define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 # define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 +# define CRYPTO_F_CRYPTO_MEMDUP 115 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 # define CRYPTO_F_CRYPTO_SET_EX_DATA 102 # define CRYPTO_F_DEF_ADD_INDEX 104 # define CRYPTO_F_DEF_GET_CLASS 105 # define CRYPTO_F_FIPS_MODE_SET 109 +# define CRYPTO_F_GET_AND_LOCK 113 # define CRYPTO_F_INT_DUP_EX_DATA 106 # define CRYPTO_F_INT_FREE_EX_DATA 107 # define CRYPTO_F_INT_NEW_EX_DATA 108 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 +# define CRYPTO_F_OPENSSL_MEMDUP 114 /* Reason codes. */ # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 diff --git a/include/openssl/ct.h b/include/openssl/ct.h new file mode 100644 index 0000000000..f148a270aa --- /dev/null +++ b/include/openssl/ct.h @@ -0,0 +1,607 @@ +/* +* Public API for Certificate Transparency (CT). +* Written by Rob Percival (robpercival@google.com) for the OpenSSL project. +*/ +/* ==================================================================== +* Copyright (c) 2016 The OpenSSL Project. All rights reserved. +* +* Redistribution and use in source and binary forms, with or without +* modification, are permitted provided that the following conditions +* are met: +* +* 1. Redistributions of source code must retain the above copyright +* notice, this list of conditions and the following disclaimer. +* +* 2. Redistributions in binary form must reproduce the above copyright +* notice, this list of conditions and the following disclaimer in +* the documentation and/or other materials provided with the +* distribution. +* +* 3. All advertising materials mentioning features or use of this +* software must display the following acknowledgment: +* "This product includes software developed by the OpenSSL Project +* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +* +* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +* endorse or promote products derived from this software without +* prior written permission. For written permission, please contact +* licensing@OpenSSL.org. +* +* 5. Products derived from this software may not be called "OpenSSL" +* nor may "OpenSSL" appear in their names without prior written +* permission of the OpenSSL Project. +* +* 6. Redistributions of any form whatsoever must retain the following +* acknowledgment: +* "This product includes software developed by the OpenSSL Project +* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +* +* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +* OF THE POSSIBILITY OF SUCH DAMAGE. +* ==================================================================== +*/ + +#ifdef OPENSSL_NO_CT +# error "CT is disabled" +#endif + +#ifndef HEADER_CT_H +# define HEADER_CT_H + +# include <openssl/ossl_typ.h> +# include <openssl/safestack.h> +# include <openssl/x509.h> + +# ifdef __cplusplus +extern "C" { +# endif + +/* Minimum RSA key size, from RFC6962 */ +# define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +DEFINE_STACK_OF(SCT) +DEFINE_STACK_OF(CTLOG) + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* Creates a new, empty policy evaluation context */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the certificate associated with the received SCTs */ +void CT_POLICY_EVAL_CTX_set0_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the issuer of the certificate associated with the received SCTs */ +void CT_POLICY_EVAL_CTX_set0_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use */ +void CT_POLICY_EVAL_CTX_set0_log_store(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * A callback for verifying that the received SCTs are sufficient. + * Expected to return 1 if they are sufficient, otherwise 0. + * May return a negative integer if an error occurs. + * A connection should be aborted if the SCTs are deemed insufficient. + */ +typedef int(*ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); +/* Returns 0 if there are invalid SCTs */ +int CT_verify_no_bad_scts(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); +/* Returns 0 if there are invalid SCTS or fewer than one valid SCT */ +int CT_verify_at_least_one_good_sct(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, + const char *logid_base64, + ct_log_entry_type_t entry_type, + uint64_t timestamp, + const char *extensions_base64, + const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +__owur int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +__owur int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Verifies an SCT with the given context. + * Returns 1 if the SCT verifies successfully, 0 otherwise. + */ +__owur int SCT_verify(const SCT_CTX *sctx, const SCT *sct); + +/* + * Verifies an SCT against the provided data. + * Returns 1 if the SCT verifies successfully, 0 otherwise. + */ +__owur int SCT_verify_v1(SCT *sct, X509 *cert, X509 *preissuer, + X509_PUBKEY *log_pubkey, X509 *issuer_cert); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Populates the "good_scts" and "bad_scts" of the evaluation context. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialisation * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serializied data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serializied data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +__owur int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string contianing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/* +* Serialize (to TLS format) an |sct| signature and write it to |out|. +* If |out| is null, no signature will be output but the length will be returned. +* If |out| points to a null pointer, a string will be allocated to hold the +* TLS-format signature. It is the responsibility of the caller to free it. +* If |out| points to an allocated string, the signature will be written to it. +* The length of the signature in TLS format will be returned. +*/ +__owur int i2o_SCT_signature(const SCT *sct, unsigned char **out); + +/* +* Parses an SCT signature in TLS format and populates the |sct| with it. +* |in| should be a pointer to a string contianing the TLS-format signature. +* |in| will be advanced to the end of the signature if parsing succeeds. +* |len| should be the length of the signature in |in|. +* Returns the number of bytes parsed, or a negative integer if an error occurs. +*/ +__owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name|. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new, blank CT log instance. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new_null(void); + +/* + * Creates a new CT log instance with the given base64 public_key and |name|. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new_from_base64(const char *pkey_base64, const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, + size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * See internal/cryptlib.h for the environment variable and file path that are + * consulted to find the default file. + * Returns 1 if loading is successful, or 0 otherwise. + */ +__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_CT_strings(void); + +/* Error codes for the CT functions. */ + +/* Function codes. */ +# define CT_F_CTLOG_NEW 117 +# define CT_F_CTLOG_NEW_FROM_BASE64 118 +# define CT_F_CTLOG_NEW_FROM_CONF 119 +# define CT_F_CTLOG_NEW_NULL 120 +# define CT_F_CTLOG_STORE_GET0_LOG_BY_ID 121 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +# define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CT_BASE64_DECODE 124 +# define CT_F_CT_POLICY_EVAL_CTX_GET0_CERT 130 +# define CT_F_CT_POLICY_EVAL_CTX_GET0_ISSUER 131 +# define CT_F_CT_POLICY_EVAL_CTX_GET0_LOG_STORE 132 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +# define CT_F_CT_POLICY_EVAL_CTX_SET0_CERT 134 +# define CT_F_CT_POLICY_EVAL_CTX_SET0_ISSUER 135 +# define CT_F_CT_POLICY_EVAL_CTX_SET0_LOG_STORE 136 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +# define CT_F_CT_VERIFY_AT_LEAST_ONE_GOOD_SCT 137 +# define CT_F_CT_VERIFY_NO_BAD_SCTS 138 +# define CT_F_D2I_SCT_LIST 105 +# define CT_F_I2D_SCT_LIST 106 +# define CT_F_I2O_SCT 107 +# define CT_F_I2O_SCT_LIST 108 +# define CT_F_I2O_SCT_SIGNATURE 109 +# define CT_F_O2I_SCT 110 +# define CT_F_O2I_SCT_LIST 111 +# define CT_F_O2I_SCT_SIGNATURE 112 +# define CT_F_SCT_CTX_NEW 126 +# define CT_F_SCT_LIST_VALIDATE 139 +# define CT_F_SCT_NEW 100 +# define CT_F_SCT_NEW_FROM_BASE64 127 +# define CT_F_SCT_SET0_LOG_ID 101 +# define CT_F_SCT_SET1_EXTENSIONS 114 +# define CT_F_SCT_SET1_LOG_ID 115 +# define CT_F_SCT_SET1_SIGNATURE 116 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +# define CT_F_SCT_SET_SIGNATURE_NID 103 +# define CT_F_SCT_SET_VERSION 104 +# define CT_F_SCT_SIGNATURE_IS_VALID 113 +# define CT_F_SCT_VALIDATE 140 +# define CT_F_SCT_VERIFY 128 +# define CT_F_SCT_VERIFY_V1 129 + +/* Reason codes. */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_NOT_ENOUGH_SCTS 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_SCT_VALIDATION_STATUS_NOT_SET 117 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/des.h b/include/openssl/des.h index 1b40144e1b..13ce232703 100644 --- a/include/openssl/des.h +++ b/include/openssl/des.h @@ -1,4 +1,3 @@ -/* crypto/des/des.h */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,13 +58,14 @@ #ifndef HEADER_NEW_DES_H # define HEADER_NEW_DES_H -# include <openssl/e_os2.h> /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG - * (via openssl/opensslconf.h */ +# include <openssl/e_os2.h> # ifdef OPENSSL_NO_DES # error DES is disabled. # endif +typedef unsigned int DES_LONG; + # ifdef OPENSSL_BUILD_SHLIBCRYPTO # undef OPENSSL_EXTERN # define OPENSSL_EXTERN OPENSSL_EXPORT @@ -92,16 +92,6 @@ typedef struct DES_ks { } ks[16]; } DES_key_schedule; -# ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT -# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT -# define OPENSSL_ENABLE_OLD_DES_SUPPORT -# endif -# endif - -# ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT -# include <openssl/des_old.h> -# endif - # define DES_KEY_SZ (sizeof(DES_cblock)) # define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) @@ -182,11 +172,6 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int enc); -void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, - long length, - DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3, - DES_cblock *ivec1, DES_cblock *ivec2, int enc); void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, @@ -199,11 +184,6 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int *num); -# if 0 -void DES_xwhite_in2out(const_DES_cblock *DES_key, const_DES_cblock *in_white, - DES_cblock *out_white); -# endif - int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, DES_cblock *iv); int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched, @@ -231,10 +211,6 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); -# ifdef OPENSSL_FIPS -void private_DES_set_key_unchecked(const_DES_cblock *key, - DES_key_schedule *schedule); -# endif void DES_string_to_key(const char *str, DES_cblock *key); void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, @@ -244,9 +220,11 @@ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *schedule, DES_cblock *ivec, int *num); +#ifndef OPENSSL_NO_UI int DES_read_password(DES_cblock *key, const char *prompt, int verify); int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, int verify); +#endif # define DES_fixup_key_parity DES_set_odd_parity diff --git a/include/openssl/des_old.h b/include/openssl/des_old.h index ee7607a241..9709898805 100644 --- a/include/openssl/des_old.h +++ b/include/openssl/des_old.h @@ -1,497 +1 @@ -/* crypto/des/des_old.h */ - -/*- - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - * - * The function names in here are deprecated and are only present to - * provide an interface compatible with openssl 0.9.6 and older as - * well as libdes. OpenSSL now provides functions where "des_" has - * been replaced with "DES_" in the names, to make it possible to - * make incompatible changes that are needed for C type security and - * other stuff. - * - * This include files has two compatibility modes: - * - * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API - * that is compatible with libdes and SSLeay. - * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an - * API that is compatible with OpenSSL 0.9.5x to 0.9.6x. - * - * Note that these modes break earlier snapshots of OpenSSL, where - * libdes compatibility was the only available mode or (later on) the - * prefered compatibility mode. However, after much consideration - * (and more or less violent discussions with external parties), it - * was concluded that OpenSSL should be compatible with earlier versions - * of itself before anything else. Also, in all honesty, libdes is - * an old beast that shouldn't really be used any more. - * - * Please consider starting to use the DES_ functions rather than the - * des_ ones. The des_ functions will disappear completely before - * OpenSSL 1.0! - * - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - */ - -/* - * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project - * 2001. - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_DES_H -# define HEADER_DES_H - -# include <openssl/e_os2.h> /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ - -# ifdef OPENSSL_NO_DES -# error DES is disabled. -# endif - -# ifndef HEADER_NEW_DES_H -# error You must include des.h, not des_old.h directly. -# endif - -# ifdef _KERBEROS_DES_H -# error <openssl/des_old.h> replaces <kerberos/des.h>. -# endif - -# include <openssl/symhacks.h> - -# ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -# ifdef _ -# undef _ -# endif - -typedef unsigned char _ossl_old_des_cblock[8]; -typedef struct _ossl_old_des_ks_struct { - union { - _ossl_old_des_cblock _; - /* - * make sure things are correct size on machines with 8 byte longs - */ - DES_LONG pad[2]; - } ks; -} _ossl_old_des_key_schedule[16]; - -# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY -# define des_cblock DES_cblock -# define const_des_cblock const_DES_cblock -# define des_key_schedule DES_key_schedule -# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ - DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) -# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ - DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) -# define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ - DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) -# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ - DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) -# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ - DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) -# define des_options()\ - DES_options() -# define des_cbc_cksum(i,o,l,k,iv)\ - DES_cbc_cksum((i),(o),(l),&(k),(iv)) -# define des_cbc_encrypt(i,o,l,k,iv,e)\ - DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) -# define des_ncbc_encrypt(i,o,l,k,iv,e)\ - DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) -# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ - DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) -# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ - DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) -# define des_ecb_encrypt(i,o,k,e)\ - DES_ecb_encrypt((i),(o),&(k),(e)) -# define des_encrypt1(d,k,e)\ - DES_encrypt1((d),&(k),(e)) -# define des_encrypt2(d,k,e)\ - DES_encrypt2((d),&(k),(e)) -# define des_encrypt3(d,k1,k2,k3)\ - DES_encrypt3((d),&(k1),&(k2),&(k3)) -# define des_decrypt3(d,k1,k2,k3)\ - DES_decrypt3((d),&(k1),&(k2),&(k3)) -# define des_xwhite_in2out(k,i,o)\ - DES_xwhite_in2out((k),(i),(o)) -# define des_enc_read(f,b,l,k,iv)\ - DES_enc_read((f),(b),(l),&(k),(iv)) -# define des_enc_write(f,b,l,k,iv)\ - DES_enc_write((f),(b),(l),&(k),(iv)) -# define des_fcrypt(b,s,r)\ - DES_fcrypt((b),(s),(r)) -# if 0 -# define des_crypt(b,s)\ - DES_crypt((b),(s)) -# if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) -# define crypt(b,s)\ - DES_crypt((b),(s)) -# endif -# endif -# define des_ofb_encrypt(i,o,n,l,k,iv)\ - DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) -# define des_pcbc_encrypt(i,o,l,k,iv,e)\ - DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) -# define des_quad_cksum(i,o,l,c,s)\ - DES_quad_cksum((i),(o),(l),(c),(s)) -# define des_random_seed(k)\ - _ossl_096_des_random_seed((k)) -# define des_random_key(r)\ - DES_random_key((r)) -# define des_read_password(k,p,v) \ - DES_read_password((k),(p),(v)) -# define des_read_2passwords(k1,k2,p,v) \ - DES_read_2passwords((k1),(k2),(p),(v)) -# define des_set_odd_parity(k)\ - DES_set_odd_parity((k)) -# define des_check_key_parity(k)\ - DES_check_key_parity((k)) -# define des_is_weak_key(k)\ - DES_is_weak_key((k)) -# define des_set_key(k,ks)\ - DES_set_key((k),&(ks)) -# define des_key_sched(k,ks)\ - DES_key_sched((k),&(ks)) -# define des_set_key_checked(k,ks)\ - DES_set_key_checked((k),&(ks)) -# define des_set_key_unchecked(k,ks)\ - DES_set_key_unchecked((k),&(ks)) -# define des_string_to_key(s,k)\ - DES_string_to_key((s),(k)) -# define des_string_to_2keys(s,k1,k2)\ - DES_string_to_2keys((s),(k1),(k2)) -# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ - DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) -# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ - DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) - -# define des_ecb2_encrypt(i,o,k1,k2,e) \ - des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) - -# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ - des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) - -# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ - des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) - -# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ - des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) - -# define des_check_key DES_check_key -# define des_rw_mode DES_rw_mode -# else /* libdes compatibility */ -/* - * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with - * libdes - */ -# define des_cblock _ossl_old_des_cblock -# define des_key_schedule _ossl_old_des_key_schedule -# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ - _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) -# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ - _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) -# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ - _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) -# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ - _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) -# define des_options()\ - _ossl_old_des_options() -# define des_cbc_cksum(i,o,l,k,iv)\ - _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv)) -# define des_cbc_encrypt(i,o,l,k,iv,e)\ - _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e)) -# define des_ncbc_encrypt(i,o,l,k,iv,e)\ - _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) -# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ - _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) -# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ - _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) -# define des_ecb_encrypt(i,o,k,e)\ - _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) -# define des_encrypt(d,k,e)\ - _ossl_old_des_encrypt((d),(k),(e)) -# define des_encrypt2(d,k,e)\ - _ossl_old_des_encrypt2((d),(k),(e)) -# define des_encrypt3(d,k1,k2,k3)\ - _ossl_old_des_encrypt3((d),(k1),(k2),(k3)) -# define des_decrypt3(d,k1,k2,k3)\ - _ossl_old_des_decrypt3((d),(k1),(k2),(k3)) -# define des_xwhite_in2out(k,i,o)\ - _ossl_old_des_xwhite_in2out((k),(i),(o)) -# define des_enc_read(f,b,l,k,iv)\ - _ossl_old_des_enc_read((f),(b),(l),(k),(iv)) -# define des_enc_write(f,b,l,k,iv)\ - _ossl_old_des_enc_write((f),(b),(l),(k),(iv)) -# define des_fcrypt(b,s,r)\ - _ossl_old_des_fcrypt((b),(s),(r)) -# define des_crypt(b,s)\ - _ossl_old_des_crypt((b),(s)) -# if 0 -# define crypt(b,s)\ - _ossl_old_crypt((b),(s)) -# endif -# define des_ofb_encrypt(i,o,n,l,k,iv)\ - _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) -# define des_pcbc_encrypt(i,o,l,k,iv,e)\ - _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) -# define des_quad_cksum(i,o,l,c,s)\ - _ossl_old_des_quad_cksum((i),(o),(l),(c),(s)) -# define des_random_seed(k)\ - _ossl_old_des_random_seed((k)) -# define des_random_key(r)\ - _ossl_old_des_random_key((r)) -# define des_read_password(k,p,v) \ - _ossl_old_des_read_password((k),(p),(v)) -# define des_read_2passwords(k1,k2,p,v) \ - _ossl_old_des_read_2passwords((k1),(k2),(p),(v)) -# define des_set_odd_parity(k)\ - _ossl_old_des_set_odd_parity((k)) -# define des_is_weak_key(k)\ - _ossl_old_des_is_weak_key((k)) -# define des_set_key(k,ks)\ - _ossl_old_des_set_key((k),(ks)) -# define des_key_sched(k,ks)\ - _ossl_old_des_key_sched((k),(ks)) -# define des_string_to_key(s,k)\ - _ossl_old_des_string_to_key((s),(k)) -# define des_string_to_2keys(s,k1,k2)\ - _ossl_old_des_string_to_2keys((s),(k1),(k2)) -# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ - _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) -# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ - _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) - -# define des_ecb2_encrypt(i,o,k1,k2,e) \ - des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) - -# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ - des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) - -# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ - des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) - -# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ - des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) - -# define des_check_key DES_check_key -# define des_rw_mode DES_rw_mode -# endif - -const char *_ossl_old_des_options(void); -void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, - _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, int enc); -DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec); -void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc); -void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc); -void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, - _ossl_old_des_cblock *inw, - _ossl_old_des_cblock *outw, int enc); -void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, - int numbits, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc); -void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, - _ossl_old_des_key_schedule ks, int enc); -void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks, - int enc); -void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks, - int enc); -void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3); -void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3); -void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, - _ossl_old_des_cblock *ivec, int enc); -void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, - long length, - _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, - _ossl_old_des_cblock *ivec, int *num, - int enc); -void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, - long length, - _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, - _ossl_old_des_cblock *ivec, int *num); -# if 0 -void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), - _ossl_old_des_cblock (*in_white), - _ossl_old_des_cblock (*out_white)); -# endif - -int _ossl_old_des_enc_read(int fd, char *buf, int len, - _ossl_old_des_key_schedule sched, - _ossl_old_des_cblock *iv); -int _ossl_old_des_enc_write(int fd, char *buf, int len, - _ossl_old_des_key_schedule sched, - _ossl_old_des_cblock *iv); -char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret); -char *_ossl_old_des_crypt(const char *buf, const char *salt); -# if !defined(PERL5) && !defined(NeXT) -char *_ossl_old_crypt(const char *buf, const char *salt); -# endif -void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, - int numbits, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec); -void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc); -DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - int out_count, _ossl_old_des_cblock *seed); -void _ossl_old_des_random_seed(_ossl_old_des_cblock key); -void _ossl_old_des_random_key(_ossl_old_des_cblock ret); -int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, - int verify); -int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, - _ossl_old_des_cblock *key2, - const char *prompt, int verify); -void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key); -int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key); -int _ossl_old_des_set_key(_ossl_old_des_cblock *key, - _ossl_old_des_key_schedule schedule); -int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, - _ossl_old_des_key_schedule schedule); -void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key); -void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, - _ossl_old_des_cblock *key2); -void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, - long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int *num, - int enc); -void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, - long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int *num); - -void _ossl_096_des_random_seed(des_cblock *key); - -/* - * The following definitions provide compatibility with the MIT Kerberos - * library. The _ossl_old_des_key_schedule structure is not binary - * compatible. - */ - -# define _KERBEROS_DES_H - -# define KRBDES_ENCRYPT DES_ENCRYPT -# define KRBDES_DECRYPT DES_DECRYPT - -# ifdef KERBEROS -# define ENCRYPT DES_ENCRYPT -# define DECRYPT DES_DECRYPT -# endif - -# ifndef NCOMPAT -# define C_Block des_cblock -# define Key_schedule des_key_schedule -# define KEY_SZ DES_KEY_SZ -# define string_to_key des_string_to_key -# define read_pw_string des_read_pw_string -# define random_key des_random_key -# define pcbc_encrypt des_pcbc_encrypt -# define set_key des_set_key -# define key_sched des_key_sched -# define ecb_encrypt des_ecb_encrypt -# define cbc_encrypt des_cbc_encrypt -# define ncbc_encrypt des_ncbc_encrypt -# define xcbc_encrypt des_xcbc_encrypt -# define cbc_cksum des_cbc_cksum -# define quad_cksum des_quad_cksum -# define check_parity des_check_key_parity -# endif - -# define des_fixup_key_parity DES_fixup_key_parity - -#ifdef __cplusplus -} -#endif - -/* for DES_read_pw_string et al */ -# include <openssl/ui_compat.h> - -#endif +../../crypto/des/des_old.h
\ No newline at end of file diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 5498a9dc10..e852cbe446 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -1,4 +1,3 @@ -/* crypto/dh/dh.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,16 +59,16 @@ # define HEADER_DH_H # include <openssl/e_os2.h> +# include <openssl/opensslconf.h> # ifdef OPENSSL_NO_DH # error DH is disabled. # endif -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif +# include <openssl/bio.h> +# include <openssl/asn1.h> # include <openssl/ossl_typ.h> -# ifndef OPENSSL_NO_DEPRECATED +# if OPENSSL_API_COMPAT < 0x10100000L # include <openssl/bn.h> # endif @@ -77,6 +76,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 # endif +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + # define DH_FLAG_CACHE_MONT_P 0x01 /* @@ -156,8 +157,11 @@ struct dh_st { CRYPTO_EX_DATA ex_data; const DH_METHOD *meth; ENGINE *engine; + CRYPTO_RWLOCK *lock; }; +DECLARE_ASN1_ITEM(DHparams) + # define DH_GENERATOR_2 2 /* #define DH_GENERATOR_3 3 */ # define DH_GENERATOR_5 5 @@ -174,7 +178,7 @@ struct dh_st { /* DH_check_pub_key error codes */ # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 # define DH_CHECK_PUBKEY_TOO_LARGE 0x02 -# define DH_CHECK_PUBKEY_INVALID 0x03 +# define DH_CHECK_PUBKEY_INVALID 0x04 /* * primes p where (p-1)/2 is prime too are called "safe"; we define this for @@ -201,17 +205,19 @@ DH *DH_new_method(ENGINE *engine); DH *DH_new(void); void DH_free(DH *dh); int DH_up_ref(DH *dh); +int DH_bits(const DH *dh); int DH_size(const DH *dh); -int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int DH_security_bits(const DH *dh); +#define DH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); /* Deprecated version */ -# ifndef OPENSSL_NO_DEPRECATED -DH *DH_generate_parameters(int prime_len, int generator, - void (*callback) (int, int, void *), void *cb_arg); -# endif /* !defined(OPENSSL_NO_DEPRECATED) */ +DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, + void *), + void *cb_arg)) /* New version */ int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, @@ -226,25 +232,23 @@ DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); int i2d_DHparams(const DH *a, unsigned char **pp); DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); int i2d_DHxparams(const DH *a, unsigned char **pp); -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO int DHparams_print_fp(FILE *fp, const DH *x); # endif -# ifndef OPENSSL_NO_BIO int DHparams_print(BIO *bp, const DH *x); -# else -int DHparams_print(char *bp, const DH *x); -# endif /* RFC 5114 parameters */ DH *DH_get_1024_160(void); DH *DH_get_2048_224(void); DH *DH_get_2048_256(void); +# ifndef OPENSSL_NO_CMS /* RFC2631 KDF */ int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ @@ -337,7 +341,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, /* KDF types */ # define EVP_PKEY_DH_KDF_NONE 1 +# ifndef OPENSSL_NO_CMS # define EVP_PKEY_DH_KDF_X9_42 2 +# endif /* BEGIN ERROR CODES */ /* @@ -352,12 +358,9 @@ void ERR_load_DH_strings(void); # define DH_F_COMPUTE_KEY 102 # define DH_F_DHPARAMS_PRINT_FP 101 # define DH_F_DH_BUILTIN_GENPARAMS 106 -# define DH_F_DH_CMS_DECRYPT 117 -# define DH_F_DH_CMS_SET_PEERKEY 118 -# define DH_F_DH_CMS_SET_SHARED_INFO 119 -# define DH_F_DH_COMPUTE_KEY 114 -# define DH_F_DH_GENERATE_KEY 115 -# define DH_F_DH_GENERATE_PARAMETERS_EX 116 +# define DH_F_DH_CMS_DECRYPT 114 +# define DH_F_DH_CMS_SET_PEERKEY 115 +# define DH_F_DH_CMS_SET_SHARED_INFO 116 # define DH_F_DH_NEW_METHOD 105 # define DH_F_DH_PARAM_DECODE 107 # define DH_F_DH_PRIV_DECODE 110 @@ -380,12 +383,11 @@ void ERR_load_DH_strings(void); # define DH_R_KEYS_NOT_SET 108 # define DH_R_KEY_SIZE_TOO_SMALL 110 # define DH_R_MODULUS_TOO_LARGE 103 -# define DH_R_NON_FIPS_METHOD 111 # define DH_R_NO_PARAMETERS_SET 107 # define DH_R_NO_PRIVATE_VALUE 100 # define DH_R_PARAMETER_ENCODING_ERROR 105 -# define DH_R_PEER_KEY_ERROR 113 -# define DH_R_SHARED_INFO_ERROR 114 +# define DH_R_PEER_KEY_ERROR 111 +# define DH_R_SHARED_INFO_ERROR 113 #ifdef __cplusplus } diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 545358fd02..3346853152 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -1,4 +1,3 @@ -/* crypto/dsa/dsa.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -58,9 +57,8 @@ /* * The DSS routines are based on patches supplied by - * Steven Schoch <schoch@sheba.arc.nasa.gov>. He basically did the - * work and I have just tweaked them a little to fit into my - * stylistic vision for SSLeay :-) */ + * Steven Schoch <schoch@sheba.arc.nasa.gov>. + */ #ifndef HEADER_DSA_H # define HEADER_DSA_H @@ -71,13 +69,12 @@ # error DSA is disabled. # endif -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif +# include <openssl/bio.h> # include <openssl/crypto.h> # include <openssl/ossl_typ.h> +# include <openssl/opensslconf.h> -# ifndef OPENSSL_NO_DEPRECATED +# if OPENSSL_API_COMPAT < 0x10100000L # include <openssl/bn.h> # ifndef OPENSSL_NO_DH # include <openssl/dh.h> @@ -88,6 +85,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 # endif +# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + # define DSA_FLAG_CACHE_MONT_P 0x01 /* * new with 0.9.7h; the built-in DSA implementation now uses constant time @@ -112,6 +111,7 @@ */ # define DSA_FLAG_NON_FIPS_ALLOW 0x0400 +# define DSA_FLAG_FIPS_CHECKED 0x0800 #ifdef __cplusplus extern "C" { @@ -121,10 +121,7 @@ extern "C" { /* typedef struct dsa_st DSA; */ /* typedef struct dsa_method DSA_METHOD; */ -typedef struct DSA_SIG_st { - BIGNUM *r; - BIGNUM *s; -} DSA_SIG; +typedef struct DSA_SIG_st DSA_SIG; struct dsa_method { const char *name; @@ -159,14 +156,11 @@ struct dsa_st { */ int pad; long version; - int write_params; BIGNUM *p; BIGNUM *q; /* == 20 */ BIGNUM *g; BIGNUM *pub_key; /* y public key */ BIGNUM *priv_key; /* x private key */ - BIGNUM *kinv; /* Signing pre-calc */ - BIGNUM *r; /* Signing pre-calc */ int flags; /* Normally used to cache montgomery values */ BN_MONT_CTX *method_mont_p; @@ -175,6 +169,7 @@ struct dsa_st { const DSA_METHOD *meth; /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; + CRYPTO_RWLOCK *lock; }; # define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ @@ -189,6 +184,7 @@ DSA_SIG *DSA_SIG_new(void); void DSA_SIG_free(DSA_SIG *a); int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); +void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, DSA_SIG *sig); DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); int DSA_do_verify(const unsigned char *dgst, int dgst_len, @@ -206,14 +202,15 @@ void DSA_free(DSA *r); /* "up" the DSA object's reference count */ int DSA_up_ref(DSA *r); int DSA_size(const DSA *); +int DSA_security_bits(const DSA *d); /* next 4 return -1 on error */ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa); int DSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int siglen, DSA *dsa); -int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) int DSA_set_ex_data(DSA *d, int idx, void *arg); void *DSA_get_ex_data(DSA *d, int idx); @@ -222,12 +219,14 @@ DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); /* Deprecated version */ -# ifndef OPENSSL_NO_DEPRECATED -DSA *DSA_generate_parameters(int bits, - unsigned char *seed, int seed_len, - int *counter_ret, unsigned long *h_ret, void - (*callback) (int, int, void *), void *cb_arg); -# endif /* !defined(OPENSSL_NO_DEPRECATED) */ +DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, + unsigned char *seed, + int seed_len, + int *counter_ret, + unsigned long *h_ret, void + (*callback) (int, int, + void *), + void *cb_arg)) /* New version */ int DSA_generate_parameters_ex(DSA *dsa, int bits, @@ -240,11 +239,9 @@ int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); int i2d_DSAparams(const DSA *a, unsigned char **pp); -# ifndef OPENSSL_NO_BIO int DSAparams_print(BIO *bp, const DSA *x); int DSA_print(BIO *bp, const DSA *x, int off); -# endif -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); # endif @@ -287,11 +284,11 @@ void ERR_load_DSA_strings(void); # define DSA_F_DO_DSA_PRINT 104 # define DSA_F_DSAPARAMS_PRINT 100 # define DSA_F_DSAPARAMS_PRINT_FP 101 +# define DSA_F_DSA_BUILTIN_KEYGEN 124 +# define DSA_F_DSA_BUILTIN_PARAMGEN 125 # define DSA_F_DSA_BUILTIN_PARAMGEN2 126 # define DSA_F_DSA_DO_SIGN 112 # define DSA_F_DSA_DO_VERIFY 113 -# define DSA_F_DSA_GENERATE_KEY 124 -# define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 # define DSA_F_DSA_NEW_METHOD 103 # define DSA_F_DSA_PARAM_DECODE 119 # define DSA_F_DSA_PRINT_FP 105 @@ -302,7 +299,7 @@ void ERR_load_DSA_strings(void); # define DSA_F_DSA_SIGN 106 # define DSA_F_DSA_SIGN_SETUP 107 # define DSA_F_DSA_SIG_NEW 109 -# define DSA_F_DSA_SIG_PRINT 125 +# define DSA_F_DSA_SIG_PRINT 123 # define DSA_F_DSA_VERIFY 108 # define DSA_F_I2D_DSA_SIG 111 # define DSA_F_OLD_DSA_PRIV_DECODE 122 @@ -318,10 +315,10 @@ void ERR_load_DSA_strings(void); # define DSA_R_DECODE_ERROR 104 # define DSA_R_INVALID_DIGEST_TYPE 106 # define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_KEY_SIZE_TOO_SMALL 111 # define DSA_R_MISSING_PARAMETERS 101 # define DSA_R_MODULUS_TOO_LARGE 103 # define DSA_R_NEED_NEW_SETUP_VALUES 110 -# define DSA_R_NON_FIPS_DSA_METHOD 111 # define DSA_R_NO_PARAMETERS_SET 107 # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 diff --git a/include/openssl/dso.h b/include/openssl/dso.h index c9013f5cea..1eadbd96e1 100644 --- a/include/openssl/dso.h +++ b/include/openssl/dso.h @@ -1,4 +1,3 @@ -/* dso.h */ /* * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project * 2000. @@ -114,7 +113,7 @@ typedef struct dso_st DSO; /* * The function prototype used for method functions (or caller-provided * callbacks) that transform filenames. They are passed a DSO structure - * pointer (or NULL if they are to be used independantly of a DSO object) and + * pointer (or NULL if they are to be used independently of a DSO object) and * a filename to transform. They should either return NULL (if there is an * error condition) or a newly allocated string containing the transformed * form that the caller will need to free with OPENSSL_free() when done. @@ -123,7 +122,7 @@ typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); /* * The function prototype used for method functions (or caller-provided * callbacks) that merge two file specifications. They are passed a DSO - * structure pointer (or NULL if they are to be used independantly of a DSO + * structure pointer (or NULL if they are to be used independently of a DSO * object) and two file specifications to merge. They should either return * NULL (if there is an error condition) or a newly allocated string * containing the result of merging that the caller will need to free with @@ -157,13 +156,6 @@ typedef struct dso_meth_st { * libraries at all, let alone a DSO_METHOD implemented for them. */ DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); -/* I don't think this would actually be used in any circumstances. */ -# if 0 - /* Unbinds a variable */ - int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr); - /* Unbinds a function */ - int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -# endif /* * The generic (yuck) "ctrl()" function. NB: Negative return values * (rather than zero) indicate errors. @@ -220,7 +212,7 @@ struct dso_st { */ DSO_MERGER_FUNC merger; /* - * This is populated with (a copy of) the platform-independant filename + * This is populated with (a copy of) the platform-independent filename * used for this DSO. */ char *filename; @@ -236,6 +228,7 @@ struct dso_st { * loaded. */ char *loaded_filename; + CRYPTO_RWLOCK *lock; }; DSO *DSO_new(void); @@ -254,7 +247,7 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, DSO_NAME_CONVERTER_FUNC *oldcb); /* - * These functions can be used to get/set the platform-independant filename + * These functions can be used to get/set the platform-independent filename * used for a DSO. NB: set will fail if the DSO is already loaded. */ const char *DSO_get_filename(DSO *dso); @@ -346,7 +339,7 @@ DSO_METHOD *DSO_METHOD_vms(void); * 'addr' into 'sz' large caller-provided 'path' and returns the number of * characters [including trailing zero] written to it. If 'sz' is 0 or * negative, 'path' is ignored and required amount of charachers [including - * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then + * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then * pathname of cryptolib itself is returned. Negative or zero return value * denotes error. */ @@ -363,9 +356,6 @@ int DSO_pathbyaddr(void *addr, char *path, int sz); */ void *DSO_global_lookup(const char *name); -/* If BeOS is defined, use shared images. If not, return NULL. */ -DSO_METHOD *DSO_METHOD_beos(void); - /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h index 30bbcf278a..16df65211b 100644 --- a/include/openssl/dtls1.h +++ b/include/openssl/dtls1.h @@ -1,4 +1,3 @@ -/* ssl/dtls1.h */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -60,31 +59,13 @@ #ifndef HEADER_DTLS1_H # define HEADER_DTLS1_H -# include <openssl/buffer.h> -# include <openssl/pqueue.h> -# ifdef OPENSSL_SYS_VMS -# include <resource.h> -# include <sys/timeb.h> -# endif -# ifdef OPENSSL_SYS_WIN32 -/* Needed for struct timeval */ -# include <winsock.h> -# elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) -# include <sys/timeval.h> -# else -# if defined(OPENSSL_SYS_VXWORKS) -# include <sys/times.h> -# else -# include <sys/time.h> -# endif -# endif - #ifdef __cplusplus extern "C" { #endif # define DTLS1_VERSION 0xFEFF # define DTLS1_2_VERSION 0xFEFD +# define DTLS_MIN_VERSION DTLS1_VERSION # define DTLS_MAX_VERSION DTLS1_2_VERSION # define DTLS1_VERSION_MAJOR 0xFE @@ -93,11 +74,6 @@ extern "C" { /* Special value for method supporting multiple versions */ # define DTLS_ANY_VERSION 0x1FFFF -# if 0 -/* this alert description is not specified anywhere... */ -# define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 -# endif - /* lengths of messages */ # define DTLS1_COOKIE_LENGTH 256 @@ -116,149 +92,6 @@ extern "C" { # define DTLS1_AL_HEADER_LENGTH 2 # endif -# ifndef OPENSSL_NO_SSL_INTERN - -# ifndef OPENSSL_NO_SCTP -# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" -# endif - -/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ -# define DTLS1_MAX_MTU_OVERHEAD 48 - -typedef struct dtls1_bitmap_st { - unsigned long map; /* track 32 packets on 32-bit systems and 64 - * - on 64-bit systems */ - unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit - * value in big-endian encoding */ -} DTLS1_BITMAP; - -struct dtls1_retransmit_state { - EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP - COMP_CTX *compress; /* compression */ -# else - char *compress; -# endif - SSL_SESSION *session; - unsigned short epoch; -}; - -struct hm_header_st { - unsigned char type; - unsigned long msg_len; - unsigned short seq; - unsigned long frag_off; - unsigned long frag_len; - unsigned int is_ccs; - struct dtls1_retransmit_state saved_retransmit_state; -}; - -struct ccs_header_st { - unsigned char type; - unsigned short seq; -}; - -struct dtls1_timeout_st { - /* Number of read timeouts so far */ - unsigned int read_timeouts; - /* Number of write timeouts so far */ - unsigned int write_timeouts; - /* Number of alerts received so far */ - unsigned int num_alerts; -}; - -typedef struct record_pqueue_st { - unsigned short epoch; - pqueue q; -} record_pqueue; - -typedef struct hm_fragment_st { - struct hm_header_st msg_header; - unsigned char *fragment; - unsigned char *reassembly; -} hm_fragment; - -typedef struct dtls1_state_st { - unsigned int send_cookie; - unsigned char cookie[DTLS1_COOKIE_LENGTH]; - unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; - unsigned int cookie_len; - /* - * The current data and handshake epoch. This is initially - * undefined, and starts at zero once the initial handshake is - * completed - */ - unsigned short r_epoch; - unsigned short w_epoch; - /* records being received in the current epoch */ - DTLS1_BITMAP bitmap; - /* renegotiation starts a new set of sequence numbers */ - DTLS1_BITMAP next_bitmap; - /* handshake message numbers */ - unsigned short handshake_write_seq; - unsigned short next_handshake_write_seq; - unsigned short handshake_read_seq; - /* save last sequence number for retransmissions */ - unsigned char last_write_sequence[8]; - /* Received handshake records (processed and unprocessed) */ - record_pqueue unprocessed_rcds; - record_pqueue processed_rcds; - /* Buffered handshake messages */ - pqueue buffered_messages; - /* Buffered (sent) handshake records */ - pqueue sent_messages; - /* - * Buffered application records. Only for records between CCS and - * Finished to prevent either protocol violation or unnecessary message - * loss. - */ - record_pqueue buffered_app_data; - /* Is set when listening for new connections with dtls1_listen() */ - unsigned int listen; - unsigned int link_mtu; /* max on-the-wire DTLS packet size */ - unsigned int mtu; /* max DTLS packet size */ - struct hm_header_st w_msg_hdr; - struct hm_header_st r_msg_hdr; - struct dtls1_timeout_st timeout; - /* - * Indicates when the last handshake msg or heartbeat sent will timeout - */ - struct timeval next_timeout; - /* Timeout duration */ - unsigned short timeout_duration; - /* - * storage for Alert/Handshake protocol data received but not yet - * processed by ssl3_read_bytes: - */ - unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; - unsigned int alert_fragment_len; - unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; - unsigned int handshake_fragment_len; - unsigned int retransmitting; - /* - * Set when the handshake is ready to process peer's ChangeCipherSpec message. - * Cleared after the message has been processed. - */ - unsigned int change_cipher_spec_ok; -# ifndef OPENSSL_NO_SCTP - /* used when SSL_ST_XX_FLUSH is entered */ - int next_state; - int shutdown_received; -# endif -} DTLS1_STATE; - -typedef struct dtls1_record_data_st { - unsigned char *packet; - unsigned int packet_length; - SSL3_BUFFER rbuf; - SSL3_RECORD rrec; -# ifndef OPENSSL_NO_SCTP - struct bio_dgram_sctp_rcvinfo recordinfo; -# endif -} DTLS1_RECORD_DATA; - -# endif /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ # define DTLS1_TMO_READ_COUNT 2 diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index 7be9989ac3..bbd6116f86 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -1,4 +1,3 @@ -/* e_os2.h */ /* ==================================================================== * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. * @@ -53,11 +52,11 @@ * */ -#include <openssl/opensslconf.h> - #ifndef HEADER_E_OS2_H # define HEADER_E_OS2_H +# include <openssl/opensslconf.h> + #ifdef __cplusplus extern "C" { #endif @@ -70,58 +69,51 @@ extern "C" { # define OPENSSL_SYS_UNIX -/* ---------------------- Macintosh, before MacOS X ----------------------- */ -# if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC) -# undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_MACINTOSH_CLASSIC -# endif - -/* ---------------------- NetWare ----------------------------------------- */ -# if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) -# undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_NETWARE -# endif - /* --------------------- Microsoft operating systems ---------------------- */ /* * Note that MSDOS actually denotes 32-bit environments running on top of * MS-DOS, such as DJGPP one. */ -# if defined(OPENSSL_SYSNAME_MSDOS) +# if defined(OPENSSL_SYS_MSDOS) # undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_MSDOS # endif /* * For 32 bit environment, there seems to be the CygWin environment and then * all the others that try to do the same thing Microsoft does... */ -# if defined(OPENSSL_SYSNAME_UWIN) +/* + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +# if defined(OPENSSL_SYS_UEFI) +# undef OPENSSL_SYS_UNIX +# elif defined(OPENSSL_SYS_UWIN) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_UWIN # else -# if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN) +# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_CYGWIN # else -# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) +# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) # undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WIN32 +# if !defined(OPENSSL_SYS_WIN32) +# define OPENSSL_SYS_WIN32 +# endif # endif -# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) # undef OPENSSL_SYS_UNIX # if !defined(OPENSSL_SYS_WIN64) # define OPENSSL_SYS_WIN64 # endif # endif -# if defined(OPENSSL_SYSNAME_WINNT) +# if defined(OPENSSL_SYS_WINNT) # undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WINNT # endif -# if defined(OPENSSL_SYSNAME_WINCE) +# if defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WINCE # endif # endif # endif @@ -150,8 +142,10 @@ extern "C" { # endif /* ------------------------------- OpenVMS -------------------------------- */ -# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS) -# undef OPENSSL_SYS_UNIX +# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS) +# if !defined(OPENSSL_SYS_VMS) +# undef OPENSSL_SYS_UNIX +# endif # define OPENSSL_SYS_VMS # if defined(__DECC) # define OPENSSL_SYS_VMS_DECC @@ -163,49 +157,18 @@ extern "C" { # endif # endif -/* -------------------------------- OS/2 ---------------------------------- */ -# if defined(__EMX__) || defined(__OS2__) -# undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_OS2 -# endif - /* -------------------------------- Unix ---------------------------------- */ # ifdef OPENSSL_SYS_UNIX -# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX) +# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) # define OPENSSL_SYS_LINUX # endif -# ifdef OPENSSL_SYSNAME_MPE -# define OPENSSL_SYS_MPE -# endif -# ifdef OPENSSL_SYSNAME_SNI -# define OPENSSL_SYS_SNI -# endif -# ifdef OPENSSL_SYSNAME_ULTRASPARC -# define OPENSSL_SYS_ULTRASPARC -# endif -# ifdef OPENSSL_SYSNAME_NEWS4 -# define OPENSSL_SYS_NEWS4 -# endif -# ifdef OPENSSL_SYSNAME_MACOSX -# define OPENSSL_SYS_MACOSX -# endif -# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY -# define OPENSSL_SYS_MACOSX_RHAPSODY -# define OPENSSL_SYS_MACOSX -# endif -# ifdef OPENSSL_SYSNAME_SUNOS -# define OPENSSL_SYS_SUNOS -# endif -# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY) -# define OPENSSL_SYS_CRAY -# endif -# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX) +# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) # define OPENSSL_SYS_AIX # endif # endif /* -------------------------------- VOS ----------------------------------- */ -# if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS) +# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) # define OPENSSL_SYS_VOS # ifdef __HPPA__ # define OPENSSL_SYS_VOS_HPPA @@ -215,22 +178,6 @@ extern "C" { # endif # endif -/* ------------------------------ VxWorks --------------------------------- */ -# ifdef OPENSSL_SYSNAME_VXWORKS -# define OPENSSL_SYS_VXWORKS -# endif - -/* -------------------------------- BeOS ---------------------------------- */ -# if defined(__BEOS__) -# define OPENSSL_SYS_BEOS -# include <sys/socket.h> -# if defined(BONE_VERSION) -# define OPENSSL_SYS_BEOS_BONE -# else -# define OPENSSL_SYS_BEOS_R5 -# endif -# endif - /** * That's it for OS-specific stuff *****************************************************************************/ @@ -247,7 +194,7 @@ extern "C" { /*- * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare * certain global symbols that, with some compilers under VMS, have to be - * defined and declared explicitely with globaldef and globalref. + * defined and declared explicitly with globaldef and globalref. * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare * DLL exports and imports for compilers under Win32. These are a little * more complicated to use. Basically, for any library that exports some @@ -259,25 +206,23 @@ extern "C" { * # define OPENSSL_EXTERN OPENSSL_EXPORT * #endif * - * The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL - * have some generally sensible values, and for OPENSSL_EXTERN to have the - * value OPENSSL_IMPORT. + * The default is to have OPENSSL_EXPORT, OPENSSL_EXTERN and OPENSSL_GLOBAL + * have some generally sensible values. */ # if defined(OPENSSL_SYS_VMS_NODECC) # define OPENSSL_EXPORT globalref -# define OPENSSL_IMPORT globalref +# define OPENSSL_EXTERN globalref # define OPENSSL_GLOBAL globaldef # elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) # define OPENSSL_EXPORT extern __declspec(dllexport) -# define OPENSSL_IMPORT extern __declspec(dllimport) +# define OPENSSL_EXTERN extern __declspec(dllimport) # define OPENSSL_GLOBAL # else # define OPENSSL_EXPORT extern -# define OPENSSL_IMPORT extern +# define OPENSSL_EXTERN extern # define OPENSSL_GLOBAL # endif -# define OPENSSL_EXTERN OPENSSL_IMPORT /*- * Macros to allow global variables to be reached through function calls when @@ -302,24 +247,95 @@ extern "C" { # define OPENSSL_GLOBAL_REF(name) _shadow_##name # endif -# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE) -# define ossl_ssize_t long +# ifdef _WIN32 +# ifdef _WIN64 +# define ossl_ssize_t __int64 +# define OSSL_SSIZE_MAX _I64_MAX +# else +# define ossl_ssize_t int +# define OSSL_SSIZE_MAX INT_MAX +# endif # endif -# ifdef OPENSSL_SYS_MSDOS -# define ossl_ssize_t long +# if defined(OPENSSL_SYS_UEFI) && !defined(ssize_t) +# define ossl_ssize_t int +# define OSSL_SSIZE_MAX INT_MAX # endif -# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) -# define ssize_t int +# ifndef ossl_ssize_t +# define ossl_ssize_t ssize_t +# define OSSL_SSIZE_MAX SSIZE_MAX # endif -# if defined(__ultrix) && !defined(ssize_t) -# define ossl_ssize_t int +# ifdef DEBUG_UNUSED +# define __owur __attribute__((__warn_unused_result__)) +# else +# define __owur # endif -# ifndef ossl_ssize_t -# define ossl_ssize_t ssize_t +/* Standard integer types */ +# if defined(OPENSSL_SYS_UEFI) +typedef INT8 int8_t; +typedef UINT8 uint8_t; +typedef INT16 int16_t; +typedef UINT16 uint16_t; +typedef INT32 int32_t; +typedef UINT32 uint32_t; +typedef INT64 int64_t; +typedef UINT64 uint64_t; +# define PRIu64 "%Lu" +# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + defined(__osf__) || defined(__sgi) || defined(__hpux) || \ + defined(OPENSSL_SYS_VMS) +# include <inttypes.h> +# elif defined(_MSC_VER) && _MSC_VER<=1500 +/* + * minimally required typdefs for systems not supporting inttypes.h or + * stdint.h: currently just older VC++ + */ +typedef signed char int8_t; +typedef unsigned char uint8_t; +typedef short int16_t; +typedef unsigned short uint16_t; +typedef int int32_t; +typedef unsigned int uint32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; +# else +# include <stdint.h> +# endif + +/* + * We need a format operator for some client tools for uint64_t. If inttypes.h + * isn't available or did not define it, just go with hard-coded. + */ +# ifndef PRIu64 +# ifdef SIXTY_FOUR_BIT_LONG +# define PRIu64 "lu" +# else +# define PRIu64 "llu" +# endif +# endif + +/* ossl_inline: portable inline definition usable in public headers */ +# if !defined(inline) && !defined(__cplusplus) +# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L + /* just use inline */ +# define ossl_inline inline +# elif defined(__GNUC__) && __GNUC__>=2 +# define ossl_inline __inline__ +# elif defined(_MSC_VER) + /* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +# define ossl_inline __inline +# else +# define ossl_inline +# endif +# else +# define ossl_inline inline # endif #ifdef __cplusplus diff --git a/include/openssl/ebcdic.h b/include/openssl/ebcdic.h index 4cbdfeb7ae..e75b60923f 100644 --- a/include/openssl/ebcdic.h +++ b/include/openssl/ebcdic.h @@ -1,4 +1,3 @@ -/* crypto/ebcdic.h */ #ifndef HEADER_EBCDIC_H # define HEADER_EBCDIC_H diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 81e6faf6c5..e67439b73d 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1,3 +1,4 @@ + /* crypto/ec/ec.h */ /* * Originally written by Bodo Moeller for the OpenSSL project. @@ -84,7 +85,7 @@ # include <openssl/asn1.h> # include <openssl/symhacks.h> -# ifndef OPENSSL_NO_DEPRECATED +# if OPENSSL_API_COMPAT < 0x10100000L # include <openssl/bn.h> # endif @@ -114,19 +115,10 @@ typedef enum { } point_conversion_form_t; typedef struct ec_method_st EC_METHOD; - -typedef struct ec_group_st - /*- - EC_METHOD *meth; - -- field definition - -- curve coefficients - -- optional generator with associated information (order, cofactor) - -- optional extra data (precomputed table for fast computation of multiples of generator) - -- ASN1 stuff - */ - EC_GROUP; - +typedef struct ec_group_st EC_GROUP; typedef struct ec_point_st EC_POINT; +typedef struct ecpk_parameters_st ECPKPARAMETERS; +typedef struct ec_parameters_st ECPARAMETERS; /********************************************************************/ /* EC_METHODs for curves over GF(p) */ @@ -149,6 +141,7 @@ const EC_METHOD *EC_GFp_mont_method(void); const EC_METHOD *EC_GFp_nist_method(void); # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# ifndef OPENSSL_SYS_WIN32 /** Returns 64-bit optimized methods for nistp224 * \return EC_METHOD object */ @@ -163,6 +156,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void); * \return EC_METHOD object */ const EC_METHOD *EC_GFp_nistp521_method(void); +# endif # endif # ifndef OPENSSL_NO_EC2M @@ -229,7 +223,7 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth); * \param order the order of the group generated by the generator. * \param cofactor the index of the sub-group generated by the generator * in the group of all points on the elliptic curve. - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); @@ -249,20 +243,41 @@ BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); /** Gets the order of a EC_GROUP * \param group EC_GROUP object * \param order BIGNUM to which the order is copied - * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \param ctx unused + * \return 1 on success and 0 if an error occurred */ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); +/** Gets the order of an EC_GROUP + * \param group EC_GROUP object + * \return the group order + */ + +const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); + +/** Gets the number of bits of ther order of an EC_GROUP + * \param group EC_GROUP object + * \return number of bits of group order. + */ + +int EC_GROUP_order_bits(const EC_GROUP *group); + /** Gets the cofactor of a EC_GROUP * \param group EC_GROUP object * \param cofactor BIGNUM to which the cofactor is copied - * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \param ctx unused + * \return 1 on success and 0 if an error occurred */ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); +/** Gets the cofactor of an EC_GROUP + * \param group EC_GROUP object + * \return the group cofactor + */ + +const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); + /** Sets the name of a EC_GROUP object * \param group EC_GROUP object * \param nid NID of the curve name OID @@ -292,7 +307,7 @@ size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); * \param a BIGNUM with parameter a of the equation * \param b BIGNUM with parameter b of the equation * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); @@ -303,7 +318,7 @@ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, * \param a BIGNUM for parameter a of the equation * \param b BIGNUM for parameter b of the equation * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); @@ -315,7 +330,7 @@ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, * \param a BIGNUM with parameter a of the equation * \param b BIGNUM with parameter b of the equation * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); @@ -326,7 +341,7 @@ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, * \param a BIGNUM for parameter a of the equation * \param b BIGNUM for parameter b of the equation * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); @@ -386,6 +401,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); # endif + /** Creates a EC_GROUP object with a curve specified by a NID * \param nid NID of the OID of the curve name * \return newly created EC_GROUP object with specified curve or NULL @@ -393,6 +409,38 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, */ EC_GROUP *EC_GROUP_new_by_curve_name(int nid); +/** Creates a new EC_GROUP object from an ECPARAMETERS object + * \param params pointer to the ECPARAMETERS object + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); + +/** Creates an ECPARAMETERS object for the the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPARAMETERS object or NULL + * \return pointer to the new ECPARAMETERS object or NULL + * if an error occurred. + */ +ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECPARAMETERS *params); + +/** Creates a new EC_GROUP object from an ECPKPARAMETERS object + * \param params pointer to an existing ECPKPARAMETERS object, or NULL + * \return newly created EC_GROUP object with specified curve, or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); + +/** Creates an ECPKPARAMETERS object for the the given EC_GROUP object. + * \param group pointer to the EC_GROUP object + * \param params pointer to an existing ECPKPARAMETERS object or NULL + * \return pointer to the new ECPKPARAMETERS object or NULL + * if an error occurred. + */ +ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params); + /********************************************************************/ /* handling of internal curves */ /********************************************************************/ @@ -436,7 +484,7 @@ void EC_POINT_clear_free(EC_POINT *point); /** Copies EC_POINT object * \param dst destination EC_POINT object * \param src source EC_POINT object - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); @@ -457,7 +505,7 @@ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); /** Sets a point to infinity (neutral element) * \param group underlying EC_GROUP object * \param point EC_POINT to set to infinity - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); @@ -468,7 +516,7 @@ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); * \param y BIGNUM with the y-coordinate * \param z BIGNUM with the z-coordinate * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, @@ -482,7 +530,7 @@ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, * \param y BIGNUM for the y-coordinate * \param z BIGNUM for the z-coordinate * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *p, BIGNUM *x, @@ -495,7 +543,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, * \param x BIGNUM with the x-coordinate * \param y BIGNUM with the y-coordinate * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, const BIGNUM *y, @@ -507,7 +555,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, * \param x BIGNUM for the x-coordinate * \param y BIGNUM for the y-coordinate * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *p, BIGNUM *x, @@ -519,7 +567,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, * \param x BIGNUM with x-coordinate * \param y_bit integer with the y-Bit (either 0 or 1) * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, @@ -531,7 +579,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, * \param x BIGNUM with the x-coordinate * \param y BIGNUM with the y-coordinate * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, const BIGNUM *y, @@ -543,7 +591,7 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, * \param x BIGNUM for the x-coordinate * \param y BIGNUM for the y-coordinate * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *p, BIGNUM *x, @@ -555,7 +603,7 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, * \param x BIGNUM with x-coordinate * \param y_bit integer with the y-Bit (either 0 or 1) * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, @@ -581,11 +629,25 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, * \param buf memory buffer with the encoded ec point * \param len length of the encoded ec point * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, const unsigned char *buf, size_t len, BN_CTX *ctx); +/** Encodes an EC_POINT object to an allocated octet string + * \param group underlying EC_GROUP object + * \param point EC_POINT object + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ + +size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + /* other interfaces to point2oct/oct2point: */ BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, BIGNUM *, BN_CTX *); @@ -606,7 +668,7 @@ EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, * \param a EC_POINT object with the first summand * \param b EC_POINT object with the second summand * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); @@ -616,7 +678,7 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, * \param r EC_POINT object for the result (r = 2 * a) * \param a EC_POINT object * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); @@ -625,7 +687,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, * \param group underlying EC_GROUP object * \param a EC_POINT object to be inverted (it's used for the result as well) * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); @@ -667,7 +729,7 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, * \param p array of size num of EC_POINT objects * \param m array of size num of BIGNUM objects * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], @@ -680,7 +742,7 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, * \param q EC_POINT object with the first factor of the second summand * \param m BIGNUM with the second factor of the second summand * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); @@ -688,7 +750,7 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, /** Stores multiples of generator for faster point multiplication * \param group EC_GROUP object * \param ctx BN_CTX object (optional) - * \return 1 on success and 0 if an error occured + * \return 1 on success and 0 if an error occurred */ int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); @@ -702,6 +764,9 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group); /* ASN1 stuff */ /********************************************************************/ +DECLARE_ASN1_ITEM(ECPKPARAMETERS) +DECLARE_ASN1_ITEM(ECPARAMETERS) + /* * EC_GROUP_get_basis_type() returns the NID of the basis type used to * represent the field elements @@ -713,9 +778,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, unsigned int *k2, unsigned int *k3); # endif -# define OPENSSL_EC_NAMED_CURVE 0x001 - -typedef struct ecpk_parameters_st ECPKPARAMETERS; +# define OPENSSL_EC_EXPLICIT_CURVE 0x000 +# define OPENSSL_EC_NAMED_CURVE 0x001 EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); @@ -727,10 +791,8 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); # define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ (unsigned char *)(x)) -# ifndef OPENSSL_NO_BIO int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); -# endif -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); # endif @@ -738,8 +800,6 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); /* EC_KEY functions */ /********************************************************************/ -typedef struct ec_key_st EC_KEY; - /* some values for the encoding_flag */ # define EC_PKEY_NO_PARAMETERS 0x001 # define EC_PKEY_NO_PUBKEY 0x002 @@ -747,6 +807,7 @@ typedef struct ec_key_st EC_KEY; /* some values for the flags field */ # define EC_FLAG_NON_FIPS_ALLOW 0x1 # define EC_FLAG_FIPS_CHECKED 0x2 +# define EC_FLAG_COFACTOR_ECDH 0x1000 /** Creates a new EC_KEY object. * \return EC_KEY object or NULL if an error occurred. @@ -776,13 +837,13 @@ void EC_KEY_free(EC_KEY *key); * \param src src EC_KEY object * \return dst or NULL if an error occurred. */ -EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); +EC_KEY *EC_KEY_copy(EC_KEY *dst, EC_KEY *src); /** Creates a new EC_KEY object and copies the content from src to it. * \param src the source EC_KEY object * \return newly created EC_KEY object or NULL if an error occurred. */ -EC_KEY *EC_KEY_dup(const EC_KEY *src); +EC_KEY *EC_KEY_dup(EC_KEY *src); /** Increases the internal reference count of a EC_KEY object. * \param key EC_KEY object @@ -836,23 +897,12 @@ unsigned EC_KEY_get_enc_flags(const EC_KEY *key); void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); -/* functions to set/get method specific data */ -void *EC_KEY_get_key_method_data(EC_KEY *key, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)); -/** Sets the key method data of an EC_KEY object, if none has yet been set. - * \param key EC_KEY object - * \param data opaque data to install. - * \param dup_func a function that duplicates |data|. - * \param free_func a function that frees |data|. - * \param clear_free_func a function that wipes and frees |data|. - * \return the previously set data pointer, or NULL if |data| was inserted. - */ -void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)); + +#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + /* wrapper functions for the underlying EC_GROUP object */ void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); @@ -876,8 +926,14 @@ int EC_KEY_generate_key(EC_KEY *key); */ int EC_KEY_check_key(const EC_KEY *key); +/** Indicates if an EC_KEY can be used for signing. + * \param key the EC_KEY object + * \return 1 if can can sign and 0 otherwise. + */ +int EC_KEY_can_sign(const EC_KEY *eckey); + /** Sets a public key from affine coordindates performing - * neccessary NIST PKV tests. + * necessary NIST PKV tests. * \param key the EC_KEY object * \param x public key x coordinate * \param y public key y coordinate @@ -886,6 +942,56 @@ int EC_KEY_check_key(const EC_KEY *key); int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); +/** Encodes an EC_KEY public key to an allocated octet string + * \param key key to encode + * \param form point conversion form + * \param pbuf returns pointer to allocated buffer + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ + +size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, + unsigned char **pbuf, BN_CTX *ctx); + +/** Decodes a EC_KEY public key from a octet string + * \param key key to decode + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, + BN_CTX *ctx); + +/** Decodes an EC_KEY private key from an octet string + * \param key key to decode + * \param buf memory buffer with the encoded private key + * \param len length of the encoded key + * \return 1 on success and 0 if an error occurred + */ + +int EC_KEY_oct2priv(EC_KEY *key, unsigned char *buf, size_t len); + +/** Encodes a EC_KEY private key to an octet string + * \param key key to encode + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ + +size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); + +/** Encodes an EC_KEY private key to an allocated octet string + * \param key key to encode + * \param pbuf returns pointer to allocated buffer + * \return the length of the encoded octet string or 0 if an error occurred + */ + +size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); + /********************************************************************/ /* de- and encoding functions for SEC1 ECPrivateKey */ /********************************************************************/ @@ -920,7 +1026,7 @@ int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); /** Encodes ec parameter and stores the result in a buffer. - * \param key the EC_KEY object with ec paramters to encode + * \param key the EC_KEY object with ec parameters to encode * \param out the buffer for the result (if NULL the function returns number * of bytes needed). * \return 1 on success and 0 if an error occurred. @@ -949,7 +1055,6 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); */ int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); -# ifndef OPENSSL_NO_BIO /** Prints out the ec parameters on human readable form. * \param bp BIO object to which the information is printed * \param key EC_KEY object @@ -965,8 +1070,7 @@ int ECParameters_print(BIO *bp, const EC_KEY *key); */ int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); -# endif -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO /** Prints out the ec parameters on human readable form. * \param fp file descriptor to which the information is printed * \param key EC_KEY object @@ -984,6 +1088,247 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); # endif +const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +const EC_KEY_METHOD *EC_KEY_get_default_method(void); +void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +EC_KEY *EC_KEY_new_method(ENGINE *engine); + +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + const EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, + void *out, size_t *outlen)); + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or 0 + */ +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); + +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +/** Accessor for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG pointer + * \param pr pointer to BIGNUM pointer for r (may be NULL) + * \param ps pointer to BIGNUM pointer for s (may be NULL) + */ +void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, ECDSA_SIG *sig); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey); + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +int ECDSA_size(const EC_KEY *eckey); + +/********************************************************************/ +/* EC_KEY_METHOD constructors, destructors, writers and accessors */ +/********************************************************************/ + +EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key)); + +void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, + const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, + const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, + const EC_POINT *pub_key)); + +void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key)); + +void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth, + int (**pck)(unsigned char **psec, + size_t *pseclen, + const EC_POINT *pub_key, + const EC_KEY *ecdh)); + +void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, + unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, + const BIGNUM *in_kinv, + const BIGNUM *in_r, + EC_KEY *eckey)); + +void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned + char *dgst, int dgst_len, + const unsigned char *sigbuf, + int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, + int dgst_len, + const ECDSA_SIG *sig, + EC_KEY *eckey)); + # define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) # ifndef __cplusplus @@ -1086,6 +1431,13 @@ void ERR_load_EC_strings(void); # define EC_F_DO_EC_KEY_PRINT 221 # define EC_F_ECDH_CMS_DECRYPT 238 # define EC_F_ECDH_CMS_SET_SHARED_INFO 239 +# define EC_F_ECDH_COMPUTE_KEY 246 +# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257 +# define EC_F_ECDSA_DO_SIGN_EX 251 +# define EC_F_ECDSA_DO_VERIFY 252 +# define EC_F_ECDSA_SIGN_EX 254 +# define EC_F_ECDSA_SIGN_SETUP 248 +# define EC_F_ECDSA_VERIFY 253 # define EC_F_ECKEY_PARAM2TYPE 223 # define EC_F_ECKEY_PARAM_DECODE 212 # define EC_F_ECKEY_PRIV_DECODE 213 @@ -1101,7 +1453,6 @@ void ERR_load_EC_strings(void); # define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 # define EC_F_ECP_NISTZ256_POINTS_MUL 241 # define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 -# define EC_F_ECP_NISTZ256_SET_WORDS 245 # define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 # define EC_F_ECP_NIST_MOD_192 203 # define EC_F_ECP_NIST_MOD_224 204 @@ -1163,12 +1514,16 @@ void ERR_load_EC_strings(void); # define EC_F_EC_GROUP_GET_CURVE_GF2M 172 # define EC_F_EC_GROUP_GET_CURVE_GFP 130 # define EC_F_EC_GROUP_GET_DEGREE 173 +# define EC_F_EC_GROUP_GET_ECPARAMETERS 261 +# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262 # define EC_F_EC_GROUP_GET_ORDER 141 # define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 # define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 # define EC_F_EC_GROUP_NEW 108 # define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 # define EC_F_EC_GROUP_NEW_FROM_DATA 175 +# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 +# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 # define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 # define EC_F_EC_GROUP_SET_CURVE_GF2M 176 # define EC_F_EC_GROUP_SET_CURVE_GFP 109 @@ -1178,9 +1533,15 @@ void ERR_load_EC_strings(void); # define EC_F_EC_KEY_COPY 178 # define EC_F_EC_KEY_GENERATE_KEY 179 # define EC_F_EC_KEY_NEW 182 +# define EC_F_EC_KEY_NEW_METHOD 245 +# define EC_F_EC_KEY_OCT2PRIV 255 # define EC_F_EC_KEY_PRINT 180 # define EC_F_EC_KEY_PRINT_FP 181 +# define EC_F_EC_KEY_PRIV2OCT 256 # define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 +# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 +# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259 +# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 260 # define EC_F_EC_POINTS_MAKE_AFFINE 136 # define EC_F_EC_POINT_ADD 112 # define EC_F_EC_POINT_CMP 113 @@ -1216,6 +1577,9 @@ void ERR_load_EC_strings(void); # define EC_F_NISTP521_PRE_COMP_NEW 237 # define EC_F_O2I_ECPUBLICKEY 152 # define EC_F_OLD_EC_PRIV_DECODE 222 +# define EC_F_OSSL_ECDH_COMPUTE_KEY 247 +# define EC_F_OSSL_ECDSA_SIGN_SIG 249 +# define EC_F_OSSL_ECDSA_VERIFY_SIG 250 # define EC_F_PKEY_EC_CTRL 197 # define EC_F_PKEY_EC_CTRL_STR 198 # define EC_F_PKEY_EC_DERIVE 217 @@ -1226,9 +1590,12 @@ void ERR_load_EC_strings(void); /* Reason codes. */ # define EC_R_ASN1_ERROR 115 # define EC_R_ASN1_UNKNOWN_FIELD 116 +# define EC_R_BAD_SIGNATURE 156 # define EC_R_BIGNUM_OUT_OF_RANGE 144 # define EC_R_BUFFER_TOO_SMALL 100 # define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 # define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 # define EC_R_DECODE_ERROR 142 # define EC_R_DISCRIMINANT_IS_ZERO 118 @@ -1248,24 +1615,31 @@ void ERR_load_EC_strings(void); # define EC_R_INVALID_FIELD 103 # define EC_R_INVALID_FORM 104 # define EC_R_INVALID_GROUP_ORDER 122 +# define EC_R_INVALID_OUTPUT_LENGTH 161 # define EC_R_INVALID_PENTANOMIAL_BASIS 132 # define EC_R_INVALID_PRIVATE_KEY 123 # define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_FAILED 153 # define EC_R_KDF_PARAMETER_ERROR 148 # define EC_R_KEYS_NOT_SET 140 # define EC_R_MISSING_PARAMETERS 124 # define EC_R_MISSING_PRIVATE_KEY 125 +# define EC_R_NEED_NEW_SETUP_VALUES 157 # define EC_R_NOT_A_NIST_PRIME 135 # define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 # define EC_R_NOT_IMPLEMENTED 126 # define EC_R_NOT_INITIALIZED 111 # define EC_R_NO_FIELD_MOD 133 # define EC_R_NO_PARAMETERS_SET 139 +# define EC_R_NO_PRIVATE_VALUE 154 +# define EC_R_OPERATION_NOT_SUPPORTED 152 # define EC_R_PASSED_NULL_PARAMETER 134 # define EC_R_PEER_KEY_ERROR 149 # define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +# define EC_R_POINT_ARITHMETIC_FAILURE 155 # define EC_R_POINT_AT_INFINITY 106 # define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 # define EC_R_SHARED_INFO_ERROR 150 # define EC_R_SLOT_FULL 108 # define EC_R_UNDEFINED_GENERATOR 113 diff --git a/include/openssl/ecdh.h b/include/openssl/ecdh.h index 25348b30fe..6a4a7b1676 100644 --- a/include/openssl/ecdh.h +++ b/include/openssl/ecdh.h @@ -1,134 +1 @@ -/* crypto/ecdh/ecdh.h */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * The Elliptic Curve Public-Key Crypto Library (ECC Code) included - * herein is developed by SUN MICROSYSTEMS, INC., and is contributed - * to the OpenSSL project. - * - * The ECC Code is licensed pursuant to the OpenSSL open source - * license provided below. - * - * The ECDH software is originally written by Douglas Stebila of - * Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -#ifndef HEADER_ECDH_H -# define HEADER_ECDH_H - -# include <openssl/opensslconf.h> - -# ifdef OPENSSL_NO_ECDH -# error ECDH is disabled. -# endif - -# include <openssl/ec.h> -# include <openssl/ossl_typ.h> -# ifndef OPENSSL_NO_DEPRECATED -# include <openssl/bn.h> -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -# define EC_FLAG_COFACTOR_ECDH 0x1000 - -const ECDH_METHOD *ECDH_OpenSSL(void); - -void ECDH_set_default_method(const ECDH_METHOD *); -const ECDH_METHOD *ECDH_get_default_method(void); -int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); - -int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, - void *out, size_t *outlen)); - -int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new - *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); -int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); -void *ECDH_get_ex_data(EC_KEY *d, int idx); - -int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const unsigned char *sinfo, size_t sinfolen, - const EVP_MD *md); - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_ECDH_strings(void); - -/* Error codes for the ECDH functions. */ - -/* Function codes. */ -# define ECDH_F_ECDH_CHECK 102 -# define ECDH_F_ECDH_COMPUTE_KEY 100 -# define ECDH_F_ECDH_DATA_NEW_METHOD 101 - -/* Reason codes. */ -# define ECDH_R_KDF_FAILED 102 -# define ECDH_R_NON_FIPS_METHOD 103 -# define ECDH_R_NO_PRIVATE_VALUE 100 -# define ECDH_R_POINT_ARITHMETIC_FAILURE 101 - -#ifdef __cplusplus -} -#endif -#endif +#include <openssl/ec.h> diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h index a6f0930f82..6a4a7b1676 100644 --- a/include/openssl/ecdsa.h +++ b/include/openssl/ecdsa.h @@ -1,335 +1 @@ -/* crypto/ecdsa/ecdsa.h */ -/** - * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions - * \author Written by Nils Larsch for the OpenSSL project - */ -/* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -#ifndef HEADER_ECDSA_H -# define HEADER_ECDSA_H - -# include <openssl/opensslconf.h> - -# ifdef OPENSSL_NO_ECDSA -# error ECDSA is disabled. -# endif - -# include <openssl/ec.h> -# include <openssl/ossl_typ.h> -# ifndef OPENSSL_NO_DEPRECATED -# include <openssl/bn.h> -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct ECDSA_SIG_st { - BIGNUM *r; - BIGNUM *s; -} ECDSA_SIG; - -/** Allocates and initialize a ECDSA_SIG structure - * \return pointer to a ECDSA_SIG structure or NULL if an error occurred - */ -ECDSA_SIG *ECDSA_SIG_new(void); - -/** frees a ECDSA_SIG structure - * \param sig pointer to the ECDSA_SIG structure - */ -void ECDSA_SIG_free(ECDSA_SIG *sig); - -/** DER encode content of ECDSA_SIG object (note: this function modifies *pp - * (*pp += length of the DER encoded signature)). - * \param sig pointer to the ECDSA_SIG object - * \param pp pointer to a unsigned char pointer for the output or NULL - * \return the length of the DER encoded ECDSA_SIG object or 0 - */ -int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); - -/** Decodes a DER encoded ECDSA signature (note: this function changes *pp - * (*pp += len)). - * \param sig pointer to ECDSA_SIG pointer (may be NULL) - * \param pp memory buffer with the DER encoded signature - * \param len length of the buffer - * \return pointer to the decoded ECDSA_SIG structure (or NULL) - */ -ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); - -/** Computes the ECDSA signature of the given hash value using - * the supplied private key and returns the created signature. - * \param dgst pointer to the hash value - * \param dgst_len length of the hash value - * \param eckey EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL if an error occurred - */ -ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, - EC_KEY *eckey); - -/** Computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param kinv BIGNUM with a pre-computed inverse k (optional) - * \param rp BIGNUM with a pre-computed rp value (optioanl), - * see ECDSA_sign_setup - * \param eckey EC_KEY object containing a private EC key - * \return pointer to a ECDSA_SIG structure or NULL if an error occurred - */ -ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, - const BIGNUM *kinv, const BIGNUM *rp, - EC_KEY *eckey); - -/** Verifies that the supplied signature is a valid ECDSA - * signature of the supplied hash value using the supplied public key. - * \param dgst pointer to the hash value - * \param dgst_len length of the hash value - * \param sig ECDSA_SIG structure - * \param eckey EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid - * and -1 on error - */ -int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); - -const ECDSA_METHOD *ECDSA_OpenSSL(void); - -/** Sets the default ECDSA method - * \param meth new default ECDSA_METHOD - */ -void ECDSA_set_default_method(const ECDSA_METHOD *meth); - -/** Returns the default ECDSA method - * \return pointer to ECDSA_METHOD structure containing the default method - */ -const ECDSA_METHOD *ECDSA_get_default_method(void); - -/** Sets method to be used for the ECDSA operations - * \param eckey EC_KEY object - * \param meth new method - * \return 1 on success and 0 otherwise - */ -int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); - -/** Returns the maximum length of the DER encoded signature - * \param eckey EC_KEY object - * \return numbers of bytes required for the DER encoded signature - */ -int ECDSA_size(const EC_KEY *eckey); - -/** Precompute parts of the signing operation - * \param eckey EC_KEY object containing a private EC key - * \param ctx BN_CTX object (optional) - * \param kinv BIGNUM pointer for the inverse of k - * \param rp BIGNUM pointer for x coordinate of k * generator - * \return 1 on success and 0 otherwise - */ -int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); - -/** Computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig memory for the DER encoded created signature - * \param siglen pointer to the length of the returned signature - * \param eckey EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise - */ -int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); - -/** Computes ECDSA signature of a given hash value using the supplied - * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). - * \param type this parameter is ignored - * \param dgst pointer to the hash value to sign - * \param dgstlen length of the hash value - * \param sig buffer to hold the DER encoded signature - * \param siglen pointer to the length of the returned signature - * \param kinv BIGNUM with a pre-computed inverse k (optional) - * \param rp BIGNUM with a pre-computed rp value (optioanl), - * see ECDSA_sign_setup - * \param eckey EC_KEY object containing a private EC key - * \return 1 on success and 0 otherwise - */ -int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); - -/** Verifies that the given signature is valid ECDSA signature - * of the supplied hash value using the specified public key. - * \param type this parameter is ignored - * \param dgst pointer to the hash value - * \param dgstlen length of the hash value - * \param sig pointer to the DER encoded signature - * \param siglen length of the DER encoded signature - * \param eckey EC_KEY object containing a public EC key - * \return 1 if the signature is valid, 0 if the signature is invalid - * and -1 on error - */ -int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, - const unsigned char *sig, int siglen, EC_KEY *eckey); - -/* the standard ex_data functions */ -int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new - *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); -int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); -void *ECDSA_get_ex_data(EC_KEY *d, int idx); - -/** Allocates and initialize a ECDSA_METHOD structure - * \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL) - * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred - */ - -ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_method); - -/** frees a ECDSA_METHOD structure - * \param ecdsa_method pointer to the ECDSA_METHOD structure - */ -void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method); - -/** Sets application specific data in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param app application specific data to set - */ - -void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app); - -/** Returns application specific data from a ECDSA_METHOD structure - * \param ecdsa_method pointer to ECDSA_METHOD structure - * \return pointer to application specific data. - */ - -void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method); - -/** Set the ECDSA_do_sign function in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param ecdsa_do_sign a funtion of type ECDSA_do_sign - */ - -void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method, - ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char - *dgst, int dgst_len, - const BIGNUM *inv, - const BIGNUM *rp, - EC_KEY *eckey)); - -/** Set the ECDSA_sign_setup function in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param ecdsa_sign_setup a funtion of type ECDSA_sign_setup - */ - -void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method, - int (*ecdsa_sign_setup) (EC_KEY *eckey, - BN_CTX *ctx, - BIGNUM **kinv, - BIGNUM **r)); - -/** Set the ECDSA_do_verify function in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param ecdsa_do_verify a funtion of type ECDSA_do_verify - */ - -void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, - int (*ecdsa_do_verify) (const unsigned char - *dgst, int dgst_len, - const ECDSA_SIG *sig, - EC_KEY *eckey)); - -void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); - -/** Set the flags field in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param flags flags value to set - */ - -void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); - -/** Set the name field in the ECDSA_METHOD - * \param ecdsa_method pointer to existing ECDSA_METHOD - * \param name name to set - */ - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_ECDSA_strings(void); - -/* Error codes for the ECDSA functions. */ - -/* Function codes. */ -# define ECDSA_F_ECDSA_CHECK 104 -# define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 -# define ECDSA_F_ECDSA_DO_SIGN 101 -# define ECDSA_F_ECDSA_DO_VERIFY 102 -# define ECDSA_F_ECDSA_METHOD_NEW 105 -# define ECDSA_F_ECDSA_SIGN_SETUP 103 - -/* Reason codes. */ -# define ECDSA_R_BAD_SIGNATURE 100 -# define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 -# define ECDSA_R_ERR_EC_LIB 102 -# define ECDSA_R_MISSING_PARAMETERS 103 -# define ECDSA_R_NEED_NEW_SETUP_VALUES 106 -# define ECDSA_R_NON_FIPS_METHOD 107 -# define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 -# define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 - -#ifdef __cplusplus -} -#endif -#endif +#include <openssl/ec.h> diff --git a/include/openssl/engine.h b/include/openssl/engine.h index bd7b591447..d1cd17a24c 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -1,4 +1,3 @@ -/* openssl/engine.h */ /* * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project * 2000. @@ -71,7 +70,7 @@ # error ENGINE is disabled. # endif -# ifndef OPENSSL_NO_DEPRECATED +# if OPENSSL_API_COMPAT < 0x10100000L # include <openssl/bn.h> # ifndef OPENSSL_NO_RSA # include <openssl/rsa.h> @@ -82,11 +81,8 @@ # ifndef OPENSSL_NO_DH # include <openssl/dh.h> # endif -# ifndef OPENSSL_NO_ECDH -# include <openssl/ecdh.h> -# endif -# ifndef OPENSSL_NO_ECDSA -# include <openssl/ecdsa.h> +# ifndef OPENSSL_NO_EC +# include <openssl/ec.h> # endif # include <openssl/rand.h> # include <openssl/ui.h> @@ -110,13 +106,11 @@ extern "C" { # define ENGINE_METHOD_DSA (unsigned int)0x0002 # define ENGINE_METHOD_DH (unsigned int)0x0004 # define ENGINE_METHOD_RAND (unsigned int)0x0008 -# define ENGINE_METHOD_ECDH (unsigned int)0x0010 -# define ENGINE_METHOD_ECDSA (unsigned int)0x0020 # define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 # define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 -# define ENGINE_METHOD_STORE (unsigned int)0x0100 # define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 # define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +# define ENGINE_METHOD_EC (unsigned int)0x0800 /* Obvious all-or-nothing cases. */ # define ENGINE_METHOD_ALL (unsigned int)0xFFFF # define ENGINE_METHOD_NONE (unsigned int)0x0000 @@ -391,29 +385,27 @@ int ENGINE_add(ENGINE *e); int ENGINE_remove(ENGINE *e); /* Retrieve an engine from the list by its unique "id" value. */ ENGINE *ENGINE_by_id(const char *id); -/* Add all the built-in engines. */ -void ENGINE_load_openssl(void); -void ENGINE_load_dynamic(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ENGINE_load_openssl() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +# define ENGINE_load_dynamic() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) # ifndef OPENSSL_NO_STATIC_ENGINE -void ENGINE_load_4758cca(void); -void ENGINE_load_aep(void); -void ENGINE_load_atalla(void); -void ENGINE_load_chil(void); -void ENGINE_load_cswift(void); -void ENGINE_load_nuron(void); -void ENGINE_load_sureware(void); -void ENGINE_load_ubsec(void); -void ENGINE_load_padlock(void); -void ENGINE_load_capi(void); -# ifndef OPENSSL_NO_GMP -void ENGINE_load_gmp(void); -# endif -# ifndef OPENSSL_NO_GOST -void ENGINE_load_gost(void); -# endif +# define ENGINE_load_padlock() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +# define ENGINE_load_capi() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +# define ENGINE_load_dasync() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DASYNC, NULL) +# define ENGINE_load_afalg() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) # endif -void ENGINE_load_cryptodev(void); -void ENGINE_load_rdrand(void); +# define ENGINE_load_cryptodev() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +# define ENGINE_load_rdrand() \ + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +#endif void ENGINE_load_builtin_engines(void); /* @@ -440,13 +432,9 @@ int ENGINE_register_DSA(ENGINE *e); void ENGINE_unregister_DSA(ENGINE *e); void ENGINE_register_all_DSA(void); -int ENGINE_register_ECDH(ENGINE *e); -void ENGINE_unregister_ECDH(ENGINE *e); -void ENGINE_register_all_ECDH(void); - -int ENGINE_register_ECDSA(ENGINE *e); -void ENGINE_unregister_ECDSA(ENGINE *e); -void ENGINE_register_all_ECDSA(void); +int ENGINE_register_EC(ENGINE *e); +void ENGINE_unregister_EC(ENGINE *e); +void ENGINE_register_all_EC(void); int ENGINE_register_DH(ENGINE *e); void ENGINE_unregister_DH(ENGINE *e); @@ -456,10 +444,6 @@ int ENGINE_register_RAND(ENGINE *e); void ENGINE_unregister_RAND(ENGINE *e); void ENGINE_register_all_RAND(void); -int ENGINE_register_STORE(ENGINE *e); -void ENGINE_unregister_STORE(ENGINE *e); -void ENGINE_register_all_STORE(void); - int ENGINE_register_ciphers(ENGINE *e); void ENGINE_unregister_ciphers(ENGINE *e); void ENGINE_register_all_ciphers(void); @@ -554,11 +538,9 @@ int ENGINE_set_id(ENGINE *e, const char *id); int ENGINE_set_name(ENGINE *e, const char *name); int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); -int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); -int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); +int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); -int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); @@ -576,9 +558,8 @@ int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); int ENGINE_set_flags(ENGINE *e, int flags); int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); /* These functions allow control over any per-structure ENGINE data. */ -int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); +#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); void *ENGINE_get_ex_data(const ENGINE *e, int idx); @@ -600,11 +581,9 @@ const char *ENGINE_get_id(const ENGINE *e); const char *ENGINE_get_name(const ENGINE *e); const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); -const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); -const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); +const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); -const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); @@ -679,8 +658,7 @@ int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, ENGINE *ENGINE_get_default_RSA(void); /* Same for the other "methods" */ ENGINE *ENGINE_get_default_DSA(void); -ENGINE *ENGINE_get_default_ECDH(void); -ENGINE *ENGINE_get_default_ECDSA(void); +ENGINE *ENGINE_get_default_EC(void); ENGINE *ENGINE_get_default_DH(void); ENGINE *ENGINE_get_default_RAND(void); /* @@ -702,8 +680,7 @@ int ENGINE_set_default_RSA(ENGINE *e); int ENGINE_set_default_string(ENGINE *e, const char *def_list); /* Same for the other "methods" */ int ENGINE_set_default_DSA(ENGINE *e); -int ENGINE_set_default_ECDH(ENGINE *e); -int ENGINE_set_default_ECDSA(ENGINE *e); +int ENGINE_set_default_EC(ENGINE *e); int ENGINE_set_default_DH(ENGINE *e); int ENGINE_set_default_RAND(ENGINE *e); int ENGINE_set_default_ciphers(ENGINE *e); @@ -730,12 +707,12 @@ void ENGINE_add_conf_module(void); /**************************/ /* Binary/behaviour compatibility levels */ -# define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 +# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 /* * Binary versions older than this are too old for us (whether we're a loader * or a loadee) */ -# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 +# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 /* * When compiling an ENGINE entirely as an external shared library, loadable @@ -748,40 +725,22 @@ void ENGINE_add_conf_module(void); * same static data as the calling application (or library), and thus whether * these callbacks need to be set or not. */ -typedef void *(*dyn_MEM_malloc_cb) (size_t); -typedef void *(*dyn_MEM_realloc_cb) (void *, size_t); -typedef void (*dyn_MEM_free_cb) (void *); +typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); +typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); +typedef void (*dyn_MEM_free_fn) (void *, const char *, int); typedef struct st_dynamic_MEM_fns { - dyn_MEM_malloc_cb malloc_cb; - dyn_MEM_realloc_cb realloc_cb; - dyn_MEM_free_cb free_cb; + dyn_MEM_malloc_fn malloc_fn; + dyn_MEM_realloc_fn realloc_fn; + dyn_MEM_free_fn free_fn; } dynamic_MEM_fns; /* * FIXME: Perhaps the memory and locking code (crypto.h) should declare and * use these types so we (and any other dependant code) can simplify a bit?? */ -typedef void (*dyn_lock_locking_cb) (int, int, const char *, int); -typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int); -typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *, - int); -typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *, - const char *, int); -typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *, - const char *, int); -typedef struct st_dynamic_LOCK_fns { - dyn_lock_locking_cb lock_locking_cb; - dyn_lock_add_lock_cb lock_add_lock_cb; - dyn_dynlock_create_cb dynlock_create_cb; - dyn_dynlock_lock_cb dynlock_lock_cb; - dyn_dynlock_destroy_cb dynlock_destroy_cb; -} dynamic_LOCK_fns; /* The top-level structure */ typedef struct st_dynamic_fns { void *static_state; - const ERR_FNS *err_fns; - const CRYPTO_EX_DATA_IMPL *ex_data_fns; dynamic_MEM_fns mem_fns; - dynamic_LOCK_fns lock_fns; } dynamic_fns; /* @@ -829,17 +788,9 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, OPENSSL_EXPORT \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ - if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ - fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ - return 0; \ - CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ - CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ - CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ - CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ - CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ - if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ - return 0; \ - if(!ERR_set_implementation(fns->err_fns)) return 0; \ + CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ + fns->mem_fns.realloc_fn, \ + fns->mem_fns.free_fn); \ skip_cbs: \ if(!fn(e,id)) return 0; \ return 1; } diff --git a/include/openssl/err.h b/include/openssl/err.h index 585aa8ba3d..4b6c663bb2 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -1,4 +1,3 @@ -/* crypto/err/err.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -114,18 +113,14 @@ # include <openssl/e_os2.h> -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO # include <stdio.h> # include <stdlib.h> # endif # include <openssl/ossl_typ.h> -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif -# ifndef OPENSSL_NO_LHASH -# include <openssl/lhash.h> -# endif +# include <openssl/bio.h> +# include <openssl/lhash.h> #ifdef __cplusplus extern "C" { @@ -146,7 +141,6 @@ extern "C" { # define ERR_NUM_ERRORS 16 typedef struct err_state_st { - CRYPTO_THREADID tid; int err_flags[ERR_NUM_ERRORS]; unsigned long err_buffer[ERR_NUM_ERRORS]; char *err_data[ERR_NUM_ERRORS]; @@ -197,42 +191,48 @@ typedef struct err_state_st { # define ERR_LIB_TS 47 # define ERR_LIB_HMAC 48 # define ERR_LIB_JPAKE 49 +# define ERR_LIB_CT 50 +# define ERR_LIB_ASYNC 51 +# define ERR_LIB_KDF 52 # define ERR_LIB_USER 128 -# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__) -# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__) -# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__) -# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__) -# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__) -# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__) -# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__) -# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__) -# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__) -# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__) -# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__) -# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__) -# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__) -# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__) -# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) -# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__) -# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__) -# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__) -# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__) -# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__) -# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__) -# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__) -# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) -# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) -# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) -# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) -# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) -# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) -# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) -# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) -# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__) -# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) -# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) +# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) /* * Borland C seems too stupid to be able to shift and do longs in the @@ -258,6 +258,12 @@ typedef struct err_state_st { # define SYS_F_WSASTARTUP 9/* Winsock stuff */ # define SYS_F_OPENDIR 10 # define SYS_F_FREAD 11 +# define SYS_F_GETADDRINFO 12 +# define SYS_F_GETNAMEINFO 13 +# define SYS_F_SETSOCKOPT 14 +# define SYS_F_GETSOCKOPT 15 +# define SYS_F_GETSOCKNAME 16 +# define SYS_F_GETHOSTBYNAME 17 /* reasons */ # define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ @@ -304,6 +310,8 @@ typedef struct err_state_st { # define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) # define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) # define ERR_R_DISABLED (5|ERR_R_FATAL) +# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) +# define ERR_R_PASSED_INVALID_ARGUMENT (7) /* * 99 is the maximum possible ERR_R_... code, higher values are reserved for @@ -315,6 +323,8 @@ typedef struct ERR_string_data_st { const char *string; } ERR_STRING_DATA; +DEFINE_LHASH_OF(ERR_STRING_DATA); + void ERR_put_error(int lib, int func, int reason, const char *file, int line); void ERR_set_error_data(char *data, int flags); @@ -338,50 +348,35 @@ const char *ERR_func_error_string(unsigned long e); const char *ERR_reason_error_string(unsigned long e); void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), void *u); -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO void ERR_print_errors_fp(FILE *fp); # endif -# ifndef OPENSSL_NO_BIO void ERR_print_errors(BIO *bp); -# endif void ERR_add_error_data(int num, ...); void ERR_add_error_vdata(int num, va_list args); void ERR_load_strings(int lib, ERR_STRING_DATA str[]); void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); void ERR_load_ERR_strings(void); -void ERR_load_crypto_strings(void); + +#if OPENSSL_API_COMPAT < 0x10100000L +# define ERR_load_crypto_strings() \ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +#endif + void ERR_free_strings(void); -void ERR_remove_thread_state(const CRYPTO_THREADID *tid); -# ifndef OPENSSL_NO_DEPRECATED -void ERR_remove_state(unsigned long pid); /* if zero we look it up */ -# endif +void ERR_remove_thread_state(void); +DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) /* if zero we + * look it up */ ERR_STATE *ERR_get_state(void); -# ifndef OPENSSL_NO_LHASH LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void); -LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void); -void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash); -# endif int ERR_get_next_error_library(void); int ERR_set_mark(void); int ERR_pop_to_mark(void); -/* Already defined in ossl_typ.h */ -/* typedef struct st_ERR_FNS ERR_FNS; */ -/* - * An application can use this function and provide the return value to - * loaded modules that should use the application's ERR state/functionality - */ -const ERR_FNS *ERR_get_implementation(void); -/* - * A loaded module should call this function prior to any ERR operations - * using the application's "ERR_FNS". - */ -int ERR_set_implementation(const ERR_FNS *fns); - #ifdef __cplusplus } #endif diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 39ab7937d2..af05e66481 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1,4 +1,3 @@ -/* crypto/evp/evp.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,29 +58,11 @@ #ifndef HEADER_ENVELOPE_H # define HEADER_ENVELOPE_H -# ifdef OPENSSL_ALGORITHM_DEFINES -# include <openssl/opensslconf.h> -# else -# define OPENSSL_ALGORITHM_DEFINES -# include <openssl/opensslconf.h> -# undef OPENSSL_ALGORITHM_DEFINES -# endif - +# include <openssl/opensslconf.h> # include <openssl/ossl_typ.h> - # include <openssl/symhacks.h> +# include <openssl/bio.h> -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif - -/*- -#define EVP_RC2_KEY_SIZE 16 -#define EVP_RC4_KEY_SIZE 16 -#define EVP_BLOWFISH_KEY_SIZE 16 -#define EVP_CAST5_KEY_SIZE 16 -#define EVP_RC5_32_12_16_KEY_SIZE 16 -*/ # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ # define EVP_MAX_KEY_LENGTH 64 # define EVP_MAX_IV_LENGTH 16 @@ -117,92 +98,58 @@ # define EVP_PKEY_EC NID_X9_62_id_ecPublicKey # define EVP_PKEY_HMAC NID_hmac # define EVP_PKEY_CMAC NID_cmac +# define EVP_PKEY_TLS1_PRF NID_tls1_prf +# define EVP_PKEY_HKDF NID_hkdf #ifdef __cplusplus extern "C" { #endif -/* - * Type needs to be a bit field Sub-type needs to be for variations on the - * method, as in, can it do arbitrary encryption.... - */ -struct evp_pkey_st { - int type; - int save_type; - int references; - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *engine; - union { - char *ptr; -# ifndef OPENSSL_NO_RSA - struct rsa_st *rsa; /* RSA */ -# endif -# ifndef OPENSSL_NO_DSA - struct dsa_st *dsa; /* DSA */ -# endif -# ifndef OPENSSL_NO_DH - struct dh_st *dh; /* DH */ -# endif -# ifndef OPENSSL_NO_EC - struct ec_key_st *ec; /* ECC */ -# endif - } pkey; - int save_parameters; - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -} /* EVP_PKEY */ ; - # define EVP_PKEY_MO_SIGN 0x0001 # define EVP_PKEY_MO_VERIFY 0x0002 # define EVP_PKEY_MO_ENCRYPT 0x0004 # define EVP_PKEY_MO_DECRYPT 0x0008 # ifndef EVP_MD -struct env_md_st { - int type; - int pkey_type; - int md_size; - unsigned long flags; - int (*init) (EVP_MD_CTX *ctx); - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); - int (*final) (EVP_MD_CTX *ctx, unsigned char *md); - int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); - int (*cleanup) (EVP_MD_CTX *ctx); - /* FIXME: prototype these some day */ - int (*sign) (int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, void *key); - int (*verify) (int type, const unsigned char *m, unsigned int m_length, - const unsigned char *sigbuf, unsigned int siglen, - void *key); - int required_pkey_type[5]; /* EVP_PKEY_xxx */ - int block_size; - int ctx_size; /* how big does the ctx->md_data need to be */ - /* control function */ - int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); -} /* EVP_MD */ ; - -typedef int evp_sign_method(int type, const unsigned char *m, - unsigned int m_length, unsigned char *sigret, - unsigned int *siglen, void *key); -typedef int evp_verify_method(int type, const unsigned char *m, - unsigned int m_length, - const unsigned char *sigbuf, - unsigned int siglen, void *key); +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +void EVP_MD_meth_free(EVP_MD *md); + +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)); +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)); +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)); +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)); + +int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +int EVP_MD_meth_get_result_size(const EVP_MD *md); +int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count); +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md); +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from); +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2); /* digest can only handle a single block */ # define EVP_MD_FLAG_ONESHOT 0x0001 -/* - * digest is a "clone" digest used - * which is a copy of an existing - * one for a specific public key type. - * EVP_dss1() etc - */ -# define EVP_MD_FLAG_PKEY_DIGEST 0x0002 - -/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ - -# define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 - /* DigestAlgorithmIdentifier flags... */ # define EVP_MD_FLAG_DIGALGID_MASK 0x0018 @@ -231,52 +178,8 @@ typedef int evp_verify_method(int type, const unsigned char *m, # define EVP_MD_CTRL_ALG_CTRL 0x1000 -# define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} - -# ifndef OPENSSL_NO_DSA -# define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ - (evp_verify_method *)DSA_verify, \ - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ - EVP_PKEY_DSA4,0} -# else -# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method -# endif - -# ifndef OPENSSL_NO_ECDSA -# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ - (evp_verify_method *)ECDSA_verify, \ - {EVP_PKEY_EC,0,0,0} -# else -# define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method -# endif - -# ifndef OPENSSL_NO_RSA -# define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ - (evp_verify_method *)RSA_verify, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ - (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -# else -# define EVP_PKEY_RSA_method EVP_PKEY_NULL_method -# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method -# endif - # endif /* !EVP_MD */ -struct env_md_ctx_st { - const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is - * ENGINE-provided */ - unsigned long flags; - void *md_data; - /* Public key context for sign/verify */ - EVP_PKEY_CTX *pctx; - /* Update function: usually copied from EVP_MD */ - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); -} /* EVP_MD_CTX */ ; - /* values for EVP_MD_CTX flags */ # define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be @@ -284,7 +187,7 @@ struct env_md_ctx_st { # define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been * cleaned */ # define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data - * in EVP_MD_CTX_cleanup */ + * in EVP_MD_CTX_reset */ /* * FIPS and pad options are ignored in 1.0.0, definitions are here so we * don't accidentally reuse the values for other purposes. @@ -304,34 +207,59 @@ struct env_md_ctx_st { # define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ # define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ - -struct evp_cipher_st { - int nid; - int block_size; - /* Default value for variable length ciphers */ - int key_len; - int iv_len; - /* Various flags */ - unsigned long flags; - /* init key */ - int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - /* encrypt/decrypt data */ - int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); - /* cleanup ctx */ - int (*cleanup) (EVP_CIPHER_CTX *); - /* how big ctx->cipher_data needs to be */ - int ctx_size; - /* Populate a ASN1_TYPE with parameters */ - int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); - /* Get parameters from a ASN1_TYPE */ - int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); - /* Miscellaneous operations */ - int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); - /* Application data */ - void *app_data; -} /* EVP_CIPHER */ ; +/* + * Some functions such as EVP_DigestSign only finalise copies of internal + * contexts so additional data can be included after the finalisation call. + * This is inefficient if this functionality is not required: it is disabled + * if the following flag is set. + */ +# define EVP_MD_CTX_FLAG_FINALISE 0x0200 + +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); + +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init) (EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)); +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher) (EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)); +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup) (EVP_CIPHER_CTX *)); +int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters) (EVP_CIPHER_CTX *, + ASN1_TYPE *)); +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl) (EVP_CIPHER_CTX *, int type, + int arg, void *ptr)); + +int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc); +int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl); +int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + ASN1_TYPE *); +int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + int type, int arg, + void *ptr); /* Values for cipher flags */ @@ -347,6 +275,7 @@ struct evp_cipher_st { # define EVP_CIPH_CCM_MODE 0x7 # define EVP_CIPH_XTS_MODE 0x10001 # define EVP_CIPH_WRAP_MODE 0x10002 +# define EVP_CIPH_OCB_MODE 0x10003 # define EVP_CIPH_MODE 0xF0007 /* Set if variable length cipher */ # define EVP_CIPH_VARIABLE_LENGTH 0x8 @@ -378,6 +307,8 @@ struct evp_cipher_st { # define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 # define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 +/* Cipher can handle pipeline operations */ +# define EVP_CIPH_FLAG_PIPELINE 0X800000 /* * Cipher context flag to indicate we can handle wrap mode: if allowed in @@ -397,14 +328,19 @@ struct evp_cipher_st { # define EVP_CTRL_RAND_KEY 0x6 # define EVP_CTRL_PBE_PRF_NID 0x7 # define EVP_CTRL_COPY 0x8 -# define EVP_CTRL_GCM_SET_IVLEN 0x9 -# define EVP_CTRL_GCM_GET_TAG 0x10 -# define EVP_CTRL_GCM_SET_TAG 0x11 -# define EVP_CTRL_GCM_SET_IV_FIXED 0x12 +# define EVP_CTRL_AEAD_SET_IVLEN 0x9 +# define EVP_CTRL_AEAD_GET_TAG 0x10 +# define EVP_CTRL_AEAD_SET_TAG 0x11 +# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED # define EVP_CTRL_GCM_IV_GEN 0x13 -# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN -# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG -# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED # define EVP_CTRL_CCM_SET_L 0x14 # define EVP_CTRL_CCM_SET_MSGLEN 0x15 /* @@ -423,6 +359,36 @@ struct evp_cipher_st { # define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b # define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c +# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d + +/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ +# define EVP_CTRL_SET_SBOX 0x1e +/* + * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a + * pre-allocated buffer with specified size + */ +# define EVP_CTRL_SBOX_USED 0x1f +/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, + * 0 switches meshing off + */ +# define EVP_CTRL_KEY_MESH 0x20 +/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ +# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 + +/* Set the output buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 +/* Set the input buffers to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 +/* Set the input buffer lengths to use for a pipelined operation */ +# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 + +/* Padding modes */ +#define EVP_PADDING_PKCS7 1 +#define EVP_PADDING_ISO7816_4 2 +#define EVP_PADDING_ANSI923 3 +#define EVP_PADDING_ISO10126 4 +#define EVP_PADDING_ZERO 5 + /* RFC 5246 defines additional data to be 13 bytes in length */ # define EVP_AEAD_TLS1_AAD_LEN 13 @@ -441,45 +407,17 @@ typedef struct { /* Length of tag for TLS */ # define EVP_GCM_TLS_TAG_LEN 16 +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +# define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 + typedef struct evp_cipher_info_st { const EVP_CIPHER *cipher; unsigned char iv[EVP_MAX_IV_LENGTH]; } EVP_CIPHER_INFO; -struct evp_cipher_ctx_st { - const EVP_CIPHER *cipher; - ENGINE *engine; /* functional reference if 'cipher' is - * ENGINE-provided */ - int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ - unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ - unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ - unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ - int num; /* used by cfb/ofb/ctr mode */ - void *app_data; /* application stuff */ - int key_len; /* May change for variable length cipher */ - unsigned long flags; /* Various flags */ - void *cipher_data; /* per EVP data */ - int final_used; - int block_mask; - unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ -} /* EVP_CIPHER_CTX */ ; - -typedef struct evp_Encode_Ctx_st { - /* number saved in a partial encode/decode */ - int num; - /* - * The length is either the output line length (in input bytes) or the - * shortest input line length that is ok. Once decoding begins, the - * length is adjusted up each time a longer line is decoded - */ - int length; - /* data to encode */ - unsigned char enc_data[80]; - /* number read on current line */ - int line_num; - int expect_nl; -} EVP_ENCODE_CTX; /* Password based encryption function */ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, @@ -522,29 +460,48 @@ int EVP_MD_block_size(const EVP_MD *md); unsigned long EVP_MD_flags(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)); # define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); int EVP_CIPHER_nid(const EVP_CIPHER *cipher); # define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); # define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); +const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); # define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) -unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); -# define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) +# endif +# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) # define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) # define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) @@ -571,8 +528,9 @@ void BIO_set_md(BIO *, const EVP_MD *md); # define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) -int EVP_Cipher(EVP_CIPHER_CTX *c, - unsigned char *out, const unsigned char *in, unsigned int inl); +/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, + unsigned char *out, + const unsigned char *in, unsigned int inl); # define EVP_add_cipher_alias(n,alias) \ OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) @@ -583,97 +541,122 @@ int EVP_Cipher(EVP_CIPHER_CTX *c, # define EVP_delete_digest_alias(alias) \ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); -void EVP_MD_CTX_init(EVP_MD_CTX *ctx); -int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); -EVP_MD_CTX *EVP_MD_CTX_create(void); -void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); -int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +EVP_MD_CTX *EVP_MD_CTX_new(void); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +# define EVP_MD_CTX_create() EVP_MD_CTX_new() +# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +/*__owur*/ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); -int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); -int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); -int EVP_Digest(const void *data, size_t count, - unsigned char *md, unsigned int *size, const EVP_MD *type, - ENGINE *impl); - -int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); -int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); - +/*__owur*/ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, + ENGINE *impl); +/*__owur*/ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, + size_t cnt); +/*__owur*/ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); +/*__owur*/ int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, + const EVP_MD *type, ENGINE *impl); + +/*__owur*/ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +/*__owur*/ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, + unsigned int *s); + +#ifndef OPENSSL_NO_UI int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, const char *prompt, int verify); void EVP_set_pw_prompt(const char *prompt); char *EVP_get_pw_prompt(void); +#endif -int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - const unsigned char *salt, const unsigned char *data, - int datal, int count, unsigned char *key, - unsigned char *iv); +__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, + const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); -int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); -int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv); -int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); -int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv); -int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, - int enc); -int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv, int enc); -int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl); -int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, - EVP_PKEY *pkey); - -int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey); - -int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -int EVP_DigestSignFinal(EVP_MD_CTX *ctx, - unsigned char *sigret, size_t *siglen); +__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); +/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl); + +__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv); +/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, + int enc); +/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, + const unsigned char *iv, int enc); +__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl); +__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); +__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + +__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + +__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + +/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen); + +__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, + EVP_PKEY *pkey); +__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); -int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, - const unsigned char *sig, size_t siglen); - -int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - const unsigned char *ek, int ekl, const unsigned char *iv, - EVP_PKEY *priv); -int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char **ek, int *ekl, unsigned char *iv, - EVP_PKEY **pubk, int npubk); -int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +# ifndef OPENSSL_NO_RSA +__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, + const unsigned char *iv, EVP_PKEY *priv); +__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, + EVP_PKEY **pubk, int npubk); +__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +# endif +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); @@ -687,23 +670,24 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); -void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); -int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +# if OPENSSL_API_COMPAT < 0x10100000L +# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) +# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) +# endif EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); -void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); -# ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_md(void); BIO_METHOD *BIO_f_base64(void); BIO_METHOD *BIO_f_cipher(void); BIO_METHOD *BIO_f_reliable(void); -void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, - const unsigned char *i, int enc); -# endif +__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); const EVP_MD *EVP_md_null(void); # ifndef OPENSSL_NO_MD2 @@ -714,26 +698,21 @@ const EVP_MD *EVP_md4(void); # endif # ifndef OPENSSL_NO_MD5 const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5_sha1(void); # endif -# ifndef OPENSSL_NO_SHA -const EVP_MD *EVP_sha(void); -const EVP_MD *EVP_sha1(void); -const EVP_MD *EVP_dss(void); -const EVP_MD *EVP_dss1(void); -const EVP_MD *EVP_ecdsa(void); +# ifndef OPENSSL_NO_BLAKE2 +const EVP_MD *EVP_blake2b512(void); +const EVP_MD *EVP_blake2s256(void); # endif -# ifndef OPENSSL_NO_SHA256 +const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_sha224(void); const EVP_MD *EVP_sha256(void); -# endif -# ifndef OPENSSL_NO_SHA512 const EVP_MD *EVP_sha384(void); const EVP_MD *EVP_sha512(void); -# endif # ifndef OPENSSL_NO_MDC2 const EVP_MD *EVP_mdc2(void); # endif -# ifndef OPENSSL_NO_RIPEMD +# ifndef OPENSSL_NO_RMD160 const EVP_MD *EVP_ripemd160(void); # endif # ifndef OPENSSL_NO_WHIRLPOOL @@ -752,10 +731,6 @@ const EVP_CIPHER *EVP_des_cfb1(void); const EVP_CIPHER *EVP_des_cfb8(void); const EVP_CIPHER *EVP_des_ede_cfb64(void); # define EVP_des_ede_cfb EVP_des_ede_cfb64 -# if 0 -const EVP_CIPHER *EVP_des_ede_cfb1(void); -const EVP_CIPHER *EVP_des_ede_cfb8(void); -# endif const EVP_CIPHER *EVP_des_ede3_cfb64(void); # define EVP_des_ede3_cfb EVP_des_ede3_cfb64 const EVP_CIPHER *EVP_des_ede3_cfb1(void); @@ -773,13 +748,6 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void); * are rc4 and md5 declarations made here inside a "NO_DES" precompiler * branch? */ -# if 0 -# ifdef OPENSSL_OPENBSD_DEV_CRYPTO -const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); -const EVP_CIPHER *EVP_dev_crypto_rc4(void); -const EVP_MD *EVP_dev_crypto_md5(void); -# endif -# endif # endif # ifndef OPENSSL_NO_RC4 const EVP_CIPHER *EVP_rc4(void); @@ -838,6 +806,10 @@ const EVP_CIPHER *EVP_aes_128_ccm(void); const EVP_CIPHER *EVP_aes_128_gcm(void); const EVP_CIPHER *EVP_aes_128_xts(void); const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_128_ocb(void); +# endif const EVP_CIPHER *EVP_aes_192_ecb(void); const EVP_CIPHER *EVP_aes_192_cbc(void); const EVP_CIPHER *EVP_aes_192_cfb1(void); @@ -849,6 +821,10 @@ const EVP_CIPHER *EVP_aes_192_ctr(void); const EVP_CIPHER *EVP_aes_192_ccm(void); const EVP_CIPHER *EVP_aes_192_gcm(void); const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_192_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_192_ocb(void); +# endif const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); const EVP_CIPHER *EVP_aes_256_cfb1(void); @@ -861,14 +837,14 @@ const EVP_CIPHER *EVP_aes_256_ccm(void); const EVP_CIPHER *EVP_aes_256_gcm(void); const EVP_CIPHER *EVP_aes_256_xts(void); const EVP_CIPHER *EVP_aes_256_wrap(void); -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +const EVP_CIPHER *EVP_aes_256_wrap_pad(void); +# ifndef OPENSSL_NO_OCB +const EVP_CIPHER *EVP_aes_256_ocb(void); +# endif const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); -# endif -# ifndef OPENSSL_NO_SHA256 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); -# endif # endif # ifndef OPENSSL_NO_CAMELLIA const EVP_CIPHER *EVP_camellia_128_ecb(void); @@ -878,6 +854,7 @@ const EVP_CIPHER *EVP_camellia_128_cfb8(void); const EVP_CIPHER *EVP_camellia_128_cfb128(void); # define EVP_camellia_128_cfb EVP_camellia_128_cfb128 const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_128_ctr(void); const EVP_CIPHER *EVP_camellia_192_ecb(void); const EVP_CIPHER *EVP_camellia_192_cbc(void); const EVP_CIPHER *EVP_camellia_192_cfb1(void); @@ -885,6 +862,7 @@ const EVP_CIPHER *EVP_camellia_192_cfb8(void); const EVP_CIPHER *EVP_camellia_192_cfb128(void); # define EVP_camellia_192_cfb EVP_camellia_192_cfb128 const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ctr(void); const EVP_CIPHER *EVP_camellia_256_ecb(void); const EVP_CIPHER *EVP_camellia_256_cbc(void); const EVP_CIPHER *EVP_camellia_256_cfb1(void); @@ -892,6 +870,13 @@ const EVP_CIPHER *EVP_camellia_256_cfb8(void); const EVP_CIPHER *EVP_camellia_256_cfb128(void); # define EVP_camellia_256_cfb EVP_camellia_256_cfb128 const EVP_CIPHER *EVP_camellia_256_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ctr(void); +# endif +# ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +# ifndef OPENSSL_NO_POLY1305 +const EVP_CIPHER *EVP_chacha20_poly1305(void); +# endif # endif # ifndef OPENSSL_NO_SEED @@ -902,23 +887,32 @@ const EVP_CIPHER *EVP_seed_cfb128(void); const EVP_CIPHER *EVP_seed_ofb(void); # endif -void OPENSSL_add_all_algorithms_noconf(void); -void OPENSSL_add_all_algorithms_conf(void); +# if OPENSSL_API_COMPAT < 0x10100000L +# define OPENSSL_add_all_algorithms_conf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# define OPENSSL_add_all_algorithms_noconf() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + +# ifdef OPENSSL_LOAD_CONF +# define OpenSSL_add_all_algorithms() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ + | OPENSSL_INIT_LOAD_CONFIG, NULL) +# else +# define OpenSSL_add_all_algorithms() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) +# endif -# ifdef OPENSSL_LOAD_CONF -# define OpenSSL_add_all_algorithms() \ - OPENSSL_add_all_algorithms_conf() -# else -# define OpenSSL_add_all_algorithms() \ - OPENSSL_add_all_algorithms_noconf() +# define OpenSSL_add_all_ciphers() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) +# define OpenSSL_add_all_digests() \ + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) # endif -void OpenSSL_add_all_ciphers(void); -void OpenSSL_add_all_digests(void); -# define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() -# define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() -# define SSLeay_add_all_digests() OpenSSL_add_all_digests() - int EVP_add_cipher(const EVP_CIPHER *cipher); int EVP_add_digest(const EVP_MD *digest); @@ -950,34 +944,40 @@ int EVP_PKEY_type(int type); int EVP_PKEY_id(const EVP_PKEY *pkey); int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_bits(EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); -void *EVP_PKEY_get0(EVP_PKEY *pkey); +void *EVP_PKEY_get0(const EVP_PKEY *pkey); # ifndef OPENSSL_NO_RSA struct rsa_st; int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); # endif # ifndef OPENSSL_NO_DSA struct dsa_st; int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); # endif # ifndef OPENSSL_NO_DH struct dh_st; int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); # endif # ifndef OPENSSL_NO_EC struct ec_key_st; int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); # endif EVP_PKEY *EVP_PKEY_new(void); +void EVP_PKEY_up_ref(EVP_PKEY *pkey); void EVP_PKEY_free(EVP_PKEY *pkey); EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, @@ -1030,6 +1030,17 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); +#ifndef OPENSSL_NO_SCRYPT +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen); + +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de); +#endif + void PKCS5_PBE_add(void); int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, @@ -1041,6 +1052,8 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, # define EVP_PBE_TYPE_OUTER 0x0 /* Is an PRF type OID */ # define EVP_PBE_TYPE_PRF 0x1 +/* Is a PKCS#5 v2.0 KDF */ +# define EVP_PBE_TYPE_KDF 0x2 int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, EVP_PBE_KEYGEN *keygen); @@ -1049,6 +1062,7 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen); void EVP_PBE_cleanup(void); +int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); # define ASN1_PKEY_ALIAS 0x1 # define ASN1_PKEY_DYNAMIC 0x2 @@ -1137,6 +1151,10 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)); +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits) (const EVP_PKEY + *pk)); + # define EVP_PKEY_OP_UNDEFINED 0 # define EVP_PKEY_OP_PARAMGEN (1<<1) # define EVP_PKEY_OP_KEYGEN (1<<2) @@ -1157,7 +1175,7 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) # define EVP_PKEY_OP_TYPE_NOGEN \ - (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) + (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) # define EVP_PKEY_OP_TYPE_GEN \ (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) @@ -1170,6 +1188,10 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd) +# define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)key) + # define EVP_PKEY_CTRL_MD 1 # define EVP_PKEY_CTRL_PEER_KEY 2 @@ -1219,6 +1241,9 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value); +int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); +int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); + int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); @@ -1259,7 +1284,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); -typedef int EVP_PKEY_gen_cb (EVP_PKEY_CTX *ctx); +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); @@ -1363,6 +1388,98 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); +void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + void EVP_add_alg_module(void); /* BEGIN ERROR CODES */ @@ -1383,6 +1500,7 @@ void ERR_load_EVP_strings(void); # define EVP_F_AES_XTS_CIPHER 175 # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_CAMELLIA_INIT_KEY 159 +# define EVP_F_CHACHA20_POLY1305_CTRL 182 # define EVP_F_CMAC_INIT 173 # define EVP_F_CMLL_T4_INIT_KEY 179 # define EVP_F_D2I_PKEY 100 @@ -1404,9 +1522,9 @@ void ERR_load_EVP_strings(void); # define EVP_F_EVP_PBE_ALG_ADD 115 # define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 # define EVP_F_EVP_PBE_CIPHERINIT 116 +# define EVP_F_EVP_PBE_SCRYPT 181 # define EVP_F_EVP_PKCS82PKEY 111 -# define EVP_F_EVP_PKCS82PKEY_BROKEN 136 -# define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 +# define EVP_F_EVP_PKEY2PKCS8 113 # define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 # define EVP_F_EVP_PKEY_CTX_CTRL 137 # define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 @@ -1420,11 +1538,11 @@ void ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_ENCRYPT 105 # define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 # define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 -# define EVP_F_EVP_PKEY_GET1_DH 119 -# define EVP_F_EVP_PKEY_GET1_DSA 120 -# define EVP_F_EVP_PKEY_GET1_ECDSA 130 -# define EVP_F_EVP_PKEY_GET1_EC_KEY 131 -# define EVP_F_EVP_PKEY_GET1_RSA 121 +# define EVP_F_EVP_PKEY_GET0_DH 119 +# define EVP_F_EVP_PKEY_GET0_DSA 120 +# define EVP_F_EVP_PKEY_GET0_ECDSA 130 +# define EVP_F_EVP_PKEY_GET0_EC_KEY 131 +# define EVP_F_EVP_PKEY_GET0_RSA 121 # define EVP_F_EVP_PKEY_KEYGEN 146 # define EVP_F_EVP_PKEY_KEYGEN_INIT 147 # define EVP_F_EVP_PKEY_NEW 106 @@ -1450,6 +1568,7 @@ void ERR_load_EVP_strings(void); # define EVP_F_PKCS5_PBE_KEYIVGEN 117 # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 # define EVP_F_PKCS8_SET_BROKEN 112 # define EVP_F_PKEY_SET_TYPE 158 # define EVP_F_RC2_MAGIC_TO_METH 109 @@ -1468,6 +1587,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 # define EVP_R_CIPHER_PARAMETER_ERROR 122 # define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_COPY_ERROR 173 # define EVP_R_CTRL_NOT_IMPLEMENTED 132 # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 @@ -1485,6 +1605,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_EXPECTING_A_ECDSA_KEY 141 # define EVP_R_EXPECTING_A_EC_KEY 142 # define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 # define EVP_R_INITIALIZATION_ERROR 134 # define EVP_R_INPUT_NOT_INITIALIZED 111 # define EVP_R_INVALID_DIGEST 152 @@ -1493,6 +1614,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_INVALID_OPERATION 148 # define EVP_R_IV_TOO_LARGE 102 # define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 # define EVP_R_MESSAGE_DIGEST_IS_NULL 159 # define EVP_R_METHOD_NOT_SUPPORTED 144 # define EVP_R_MISSING_PARAMETERS 103 diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index b8b55cda7d..71d7d65916 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -1,4 +1,3 @@ -/* crypto/hmac/hmac.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,10 +59,6 @@ # include <openssl/opensslconf.h> -# ifdef OPENSSL_NO_HMAC -# error HMAC is disabled. -# endif - # include <openssl/evp.h> # define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ @@ -72,33 +67,24 @@ extern "C" { #endif -typedef struct hmac_ctx_st { - const EVP_MD *md; - EVP_MD_CTX md_ctx; - EVP_MD_CTX i_ctx; - EVP_MD_CTX o_ctx; - unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK]; -} HMAC_CTX; - -# define HMAC_size(e) (EVP_MD_size((e)->md)) - -void HMAC_CTX_init(HMAC_CTX *ctx); -void HMAC_CTX_cleanup(HMAC_CTX *ctx); +size_t HMAC_size(HMAC_CTX *e); +HMAC_CTX *HMAC_CTX_new(void); +int HMAC_CTX_reset(HMAC_CTX *ctx); +void HMAC_CTX_free(HMAC_CTX *ctx); -/* deprecated */ -# define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) +DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md)) -/* deprecated */ -int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); -int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl); -int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); -int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl); +/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, + size_t len); +/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, + unsigned int *len); unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len); -int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); +__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); diff --git a/include/openssl/idea.h b/include/openssl/idea.h index 6075984039..29b5094394 100644 --- a/include/openssl/idea.h +++ b/include/openssl/idea.h @@ -1,4 +1,3 @@ -/* crypto/idea/idea.h */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,12 +58,14 @@ #ifndef HEADER_IDEA_H # define HEADER_IDEA_H -# include <openssl/opensslconf.h>/* IDEA_INT, OPENSSL_NO_IDEA */ +# include <openssl/opensslconf.h> # ifdef OPENSSL_NO_IDEA # error IDEA is disabled. # endif +typedef unsigned int IDEA_INT; + # define IDEA_ENCRYPT 1 # define IDEA_DECRYPT 0 @@ -82,10 +83,6 @@ typedef struct idea_key_st { const char *idea_options(void); void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE *ks); -# ifdef OPENSSL_FIPS -void private_idea_set_encrypt_key(const unsigned char *key, - IDEA_KEY_SCHEDULE *ks); -# endif void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h new file mode 100644 index 0000000000..e61a9a603a --- /dev/null +++ b/include/openssl/kdf.h @@ -0,0 +1,118 @@ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_KDF_H +# define HEADER_KDF_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) + +# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)sec) + +# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)seed) + +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)salt) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)key) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)info) + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_KDF_strings(void); + +/* Error codes for the KDF functions. */ + +/* Function codes. */ +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 + +/* Reason codes. */ +# define KDF_R_INVALID_DIGEST 100 +# define KDF_R_MISSING_PARAMETER 101 +# define KDF_R_VALUE_MISSING 102 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/krb5_asn.h b/include/openssl/krb5_asn.h index 9cf5a26dd8..1172e522e4 100644 --- a/include/openssl/krb5_asn.h +++ b/include/openssl/krb5_asn.h @@ -1,240 +1 @@ -/* krb5_asn.h */ -/* - * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project, ** - * using ocsp/{*.h,*asn*.c} as a starting point - */ - -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_KRB5_ASN_H -# define HEADER_KRB5_ASN_H - -/* - * #include <krb5.h> - */ -# include <openssl/safestack.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * ASN.1 from Kerberos RFC 1510 - */ - -/*- EncryptedData ::= SEQUENCE { - * etype[0] INTEGER, -- EncryptionType - * kvno[1] INTEGER OPTIONAL, - * cipher[2] OCTET STRING -- ciphertext - * } - */ -typedef struct krb5_encdata_st { - ASN1_INTEGER *etype; - ASN1_INTEGER *kvno; - ASN1_OCTET_STRING *cipher; -} KRB5_ENCDATA; - -DECLARE_STACK_OF(KRB5_ENCDATA) - -/*- PrincipalName ::= SEQUENCE { - * name-type[0] INTEGER, - * name-string[1] SEQUENCE OF GeneralString - * } - */ -typedef struct krb5_princname_st { - ASN1_INTEGER *nametype; - STACK_OF(ASN1_GENERALSTRING) *namestring; -} KRB5_PRINCNAME; - -DECLARE_STACK_OF(KRB5_PRINCNAME) - -/*- Ticket ::= [APPLICATION 1] SEQUENCE { - * tkt-vno[0] INTEGER, - * realm[1] Realm, - * sname[2] PrincipalName, - * enc-part[3] EncryptedData - * } - */ -typedef struct krb5_tktbody_st { - ASN1_INTEGER *tktvno; - ASN1_GENERALSTRING *realm; - KRB5_PRINCNAME *sname; - KRB5_ENCDATA *encdata; -} KRB5_TKTBODY; - -typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET; -DECLARE_STACK_OF(KRB5_TKTBODY) - -/*- AP-REQ ::= [APPLICATION 14] SEQUENCE { - * pvno[0] INTEGER, - * msg-type[1] INTEGER, - * ap-options[2] APOptions, - * ticket[3] Ticket, - * authenticator[4] EncryptedData - * } - * - * APOptions ::= BIT STRING { - * reserved(0), use-session-key(1), mutual-required(2) } - */ -typedef struct krb5_ap_req_st { - ASN1_INTEGER *pvno; - ASN1_INTEGER *msgtype; - ASN1_BIT_STRING *apoptions; - KRB5_TICKET *ticket; - KRB5_ENCDATA *authenticator; -} KRB5_APREQBODY; - -typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ; -DECLARE_STACK_OF(KRB5_APREQBODY) - -/* Authenticator Stuff */ - -/*- Checksum ::= SEQUENCE { - * cksumtype[0] INTEGER, - * checksum[1] OCTET STRING - * } - */ -typedef struct krb5_checksum_st { - ASN1_INTEGER *ctype; - ASN1_OCTET_STRING *checksum; -} KRB5_CHECKSUM; - -DECLARE_STACK_OF(KRB5_CHECKSUM) - -/*- EncryptionKey ::= SEQUENCE { - * keytype[0] INTEGER, - * keyvalue[1] OCTET STRING - * } - */ -typedef struct krb5_encryptionkey_st { - ASN1_INTEGER *ktype; - ASN1_OCTET_STRING *keyvalue; -} KRB5_ENCKEY; - -DECLARE_STACK_OF(KRB5_ENCKEY) - -/*- AuthorizationData ::= SEQUENCE OF SEQUENCE { - * ad-type[0] INTEGER, - * ad-data[1] OCTET STRING - * } - */ -typedef struct krb5_authorization_st { - ASN1_INTEGER *adtype; - ASN1_OCTET_STRING *addata; -} KRB5_AUTHDATA; - -DECLARE_STACK_OF(KRB5_AUTHDATA) - -/*- -- Unencrypted authenticator - * Authenticator ::= [APPLICATION 2] SEQUENCE { - * authenticator-vno[0] INTEGER, - * crealm[1] Realm, - * cname[2] PrincipalName, - * cksum[3] Checksum OPTIONAL, - * cusec[4] INTEGER, - * ctime[5] KerberosTime, - * subkey[6] EncryptionKey OPTIONAL, - * seq-number[7] INTEGER OPTIONAL, - * authorization-data[8] AuthorizationData OPTIONAL - * } - */ -typedef struct krb5_authenticator_st { - ASN1_INTEGER *avno; - ASN1_GENERALSTRING *crealm; - KRB5_PRINCNAME *cname; - KRB5_CHECKSUM *cksum; - ASN1_INTEGER *cusec; - ASN1_GENERALIZEDTIME *ctime; - KRB5_ENCKEY *subkey; - ASN1_INTEGER *seqnum; - KRB5_AUTHDATA *authorization; -} KRB5_AUTHENTBODY; - -typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT; -DECLARE_STACK_OF(KRB5_AUTHENTBODY) - -/*- DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = - * type *name##_new(void); - * void name##_free(type *a); - * DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = - * DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = - * type *d2i_##name(type **a, const unsigned char **in, long len); - * int i2d_##name(type *a, unsigned char **out); - * DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it - */ - -DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA) -DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME) -DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY) -DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY) -DECLARE_ASN1_FUNCTIONS(KRB5_TICKET) -DECLARE_ASN1_FUNCTIONS(KRB5_APREQ) - -DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM) -DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY) -DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA) -DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) -DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -#ifdef __cplusplus -} -#endif -#endif +../../crypto/krb5/krb5_asn.h
\ No newline at end of file diff --git a/include/openssl/kssl.h b/include/openssl/kssl.h index ae8a51f472..2e5c2cd4dc 100644 --- a/include/openssl/kssl.h +++ b/include/openssl/kssl.h @@ -1,197 +1 @@ -/* ssl/kssl.h */ -/* - * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project - * 2000. project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - ** 19990701 VRS Started. - */ - -#ifndef KSSL_H -# define KSSL_H - -# include <openssl/opensslconf.h> - -# ifndef OPENSSL_NO_KRB5 - -# include <stdio.h> -# include <ctype.h> -# include <krb5.h> -# ifdef OPENSSL_SYS_WIN32 -/* - * These can sometimes get redefined indirectly by krb5 header files after - * they get undefed in ossl_typ.h - */ -# undef X509_NAME -# undef X509_EXTENSIONS -# undef OCSP_REQUEST -# undef OCSP_RESPONSE -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Depending on which KRB5 implementation used, some types from - * the other may be missing. Resolve that here and now - */ -# ifdef KRB5_HEIMDAL -typedef unsigned char krb5_octet; -# define FAR -# else - -# ifndef FAR -# define FAR -# endif - -# endif - -/*- - * Uncomment this to debug kssl problems or - * to trace usage of the Kerberos session key - * - * #define KSSL_DEBUG - */ - -# ifndef KRB5SVC -# define KRB5SVC "host" -# endif - -# ifndef KRB5KEYTAB -# define KRB5KEYTAB "/etc/krb5.keytab" -# endif - -# ifndef KRB5SENDAUTH -# define KRB5SENDAUTH 1 -# endif - -# ifndef KRB5CHECKAUTH -# define KRB5CHECKAUTH 1 -# endif - -# ifndef KSSL_CLOCKSKEW -# define KSSL_CLOCKSKEW 300; -# endif - -# define KSSL_ERR_MAX 255 -typedef struct kssl_err_st { - int reason; - char text[KSSL_ERR_MAX + 1]; -} KSSL_ERR; - -/*- Context for passing - * (1) Kerberos session key to SSL, and - * (2) Config data between application and SSL lib - */ -typedef struct kssl_ctx_st { - /* used by: disposition: */ - char *service_name; /* C,S default ok (kssl) */ - char *service_host; /* C input, REQUIRED */ - char *client_princ; /* S output from krb5 ticket */ - char *keytab_file; /* S NULL (/etc/krb5.keytab) */ - char *cred_cache; /* C NULL (default) */ - krb5_enctype enctype; - int length; - krb5_octet FAR *key; -} KSSL_CTX; - -# define KSSL_CLIENT 1 -# define KSSL_SERVER 2 -# define KSSL_SERVICE 3 -# define KSSL_KEYTAB 4 - -# define KSSL_CTX_OK 0 -# define KSSL_CTX_ERR 1 -# define KSSL_NOMEM 2 - -/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ -krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); -KSSL_CTX *kssl_ctx_new(void); -KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); -void kssl_ctx_show(KSSL_CTX *kssl_ctx); -krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity, - int nentities); -krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, - krb5_data *authenp, KSSL_ERR *kssl_err); -krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, - krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); -krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); -void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); -void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); -krb5_error_code kssl_build_principal_2(krb5_context context, - krb5_principal *princ, int rlen, - const char *realm, int slen, - const char *svc, int hlen, - const char *host); -krb5_error_code kssl_validate_times(krb5_timestamp atime, - krb5_ticket_times *ttimes); -krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, - krb5_timestamp *atimep, - KSSL_ERR *kssl_err); -unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); - -void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); -KSSL_CTX *SSL_get0_kssl_ctx(SSL *s); -char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); - -#ifdef __cplusplus -} -#endif -# endif /* OPENSSL_NO_KRB5 */ -#endif /* KSSL_H */ +../../ssl/kssl.h
\ No newline at end of file diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h index b6c328bffb..899544ce04 100644 --- a/include/openssl/lhash.h +++ b/include/openssl/lhash.h @@ -1,4 +1,3 @@ -/* crypto/lhash/lhash.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -64,13 +63,11 @@ # define HEADER_LHASH_H # include <openssl/e_os2.h> -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO # include <stdio.h> # endif -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif +# include <openssl/bio.h> #ifdef __cplusplus extern "C" { @@ -79,9 +76,7 @@ extern "C" { typedef struct lhash_node_st { void *data; struct lhash_node_st *next; -# ifndef OPENSSL_NO_HASH_COMP unsigned long hash; -# endif } LHASH_NODE; typedef int (*LHASH_COMP_FN_TYPE) (const void *, const void *); @@ -117,15 +112,6 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *); return name##_cmp(a,b); } # define LHASH_COMP_FN(name) name##_LHASH_COMP -/* Third: "doall" functions */ -# define DECLARE_LHASH_DOALL_FN(name, o_type) \ - void name##_LHASH_DOALL(void *); -# define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \ - void name##_LHASH_DOALL(void *arg) { \ - o_type *a = arg; \ - name##_doall(a); } -# define LHASH_DOALL_FN(name) name##_LHASH_DOALL - /* Fourth: "doall_arg" functions */ # define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ void name##_LHASH_DOALL_ARG(void *, void *); @@ -170,7 +156,7 @@ typedef struct lhash_st { * Indicates a malloc() error in the last call, this is only bad in * lh_insert(). */ -# define lh_error(lh) ((lh)->error) +int lh_error(_LHASH *lh); _LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); void lh_free(_LHASH *lh); @@ -181,57 +167,107 @@ void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func); void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); unsigned long lh_strhash(const char *c); unsigned long lh_num_items(const _LHASH *lh); +unsigned long lh_get_down_load(const _LHASH *lh); +void lh_set_down_load(_LHASH *lh, unsigned long down_load); -# ifndef OPENSSL_NO_FP_API -void lh_stats(const _LHASH *lh, FILE *out); -void lh_node_stats(const _LHASH *lh, FILE *out); -void lh_node_usage_stats(const _LHASH *lh, FILE *out); +# ifndef OPENSSL_NO_STDIO +void lh_stats(const _LHASH *lh, FILE *fp); +void lh_node_stats(const _LHASH *lh, FILE *fp); +void lh_node_usage_stats(const _LHASH *lh, FILE *fp); # endif - -# ifndef OPENSSL_NO_BIO void lh_stats_bio(const _LHASH *lh, BIO *out); void lh_node_stats_bio(const _LHASH *lh, BIO *out); void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); -# endif /* Type checking... */ # define LHASH_OF(type) struct lhash_st_##type -# define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; } +# define DEFINE_LHASH_OF(type) \ + LHASH_OF(type) { int dummy; }; \ + static ossl_inline LHASH_OF(type) * \ + lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ + { \ + return (LHASH_OF(type) *) \ + lh_new((LHASH_HASH_FN_TYPE) hfn, (LHASH_COMP_FN_TYPE)cfn); \ + } \ + static ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ + { \ + lh_free((_LHASH *)lh); \ + } \ + static ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ + { \ + return (type *)lh_insert((_LHASH *)lh, d); \ + } \ + static ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)lh_delete((_LHASH *)lh, d); \ + } \ + static ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ + { \ + return (type *)lh_retrieve((_LHASH *)lh, d); \ + } \ + static ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ + { \ + return lh_error((_LHASH *)lh); \ + } \ + static ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ + { \ + return lh_num_items((_LHASH *)lh); \ + } \ + static ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + lh_node_stats_bio((_LHASH *)lh, out); \ + } \ + static ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + lh_node_usage_stats_bio((_LHASH *)lh, out); \ + } \ + static ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ + { \ + lh_stats_bio((_LHASH *)lh, out); \ + } \ + static ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ + { \ + return lh_get_down_load((_LHASH *)lh); \ + } \ + static ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ + { \ + lh_set_down_load((_LHASH *)lh, dl); \ + } \ + static ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ + void (*doall)(type *)) \ + { \ + lh_doall((_LHASH *)lh, (LHASH_DOALL_FN_TYPE)doall); \ + } \ + LHASH_OF(type) + +#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ + int_implement_lhash_doall(type, argtype, const type) + +#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ + int_implement_lhash_doall(type, argtype, type) + +#define int_implement_lhash_doall(type, argtype, cbargtype) \ + static ossl_inline void \ + lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ + void (*fn)(cbargtype *, argtype *), \ + argtype *arg) \ + { \ + lh_doall_arg((_LHASH *)lh, (LHASH_DOALL_ARG_FN_TYPE)fn, (void *)arg); \ + } \ + LHASH_OF(type) # define CHECKED_LHASH_OF(type,lh) \ ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh)) /* Define wrapper functions. */ -# define LHM_lh_new(type, name) \ - ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name))) -# define LHM_lh_error(type, lh) \ - lh_error(CHECKED_LHASH_OF(type,lh)) -# define LHM_lh_insert(type, lh, inst) \ - ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \ - CHECKED_PTR_OF(type, inst))) -# define LHM_lh_retrieve(type, lh, inst) \ - ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \ - CHECKED_PTR_OF(type, inst))) -# define LHM_lh_delete(type, lh, inst) \ - ((type *)lh_delete(CHECKED_LHASH_OF(type, lh), \ - CHECKED_PTR_OF(type, inst))) -# define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) # define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) -# define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) -# define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) -# define LHM_lh_node_stats_bio(type, lh, out) \ - lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) -# define LHM_lh_node_usage_stats_bio(type, lh, out) \ - lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) -# define LHM_lh_stats_bio(type, lh, out) \ - lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) -# define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) - -DECLARE_LHASH_OF(OPENSSL_STRING); -DECLARE_LHASH_OF(OPENSSL_CSTRING); + +DEFINE_LHASH_OF(OPENSSL_STRING); +DEFINE_LHASH_OF(OPENSSL_CSTRING); #ifdef __cplusplus } diff --git a/include/openssl/md2.h b/include/openssl/md2.h new file mode 100644 index 0000000000..1dba7cf395 --- /dev/null +++ b/include/openssl/md2.h @@ -0,0 +1,92 @@ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_MD2_H +# define HEADER_MD2_H + +# include <openssl/opensslconf.h> +# ifdef OPENSSL_NO_MD2 +# error MD2 is disabled. +# endif +# include <stddef.h> + +typedef unsigned char MD2_INT; + +# define MD2_DIGEST_LENGTH 16 +# define MD2_BLOCK 16 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct MD2state_st { + unsigned int num; + unsigned char data[MD2_BLOCK]; + MD2_INT cksm[MD2_BLOCK]; + MD2_INT state[MD2_BLOCK]; +} MD2_CTX; + +const char *MD2_options(void); +int MD2_Init(MD2_CTX *c); +int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); +int MD2_Final(unsigned char *md, MD2_CTX *c); +unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/md4.h b/include/openssl/md4.h index 11fd71295b..c937625f93 100644 --- a/include/openssl/md4.h +++ b/include/openssl/md4.h @@ -1,4 +1,3 @@ -/* crypto/md4/md4.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,26 +71,10 @@ extern "C" { /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! MD4_LONG_LOG2 has to be defined along. ! + * ! MD4_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ - -# if defined(__LP32__) -# define MD4_LONG unsigned long -# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -# define MD4_LONG unsigned long -# define MD4_LONG_LOG2 3 -/* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... - * <appro@fy.chalmers.se> - */ -# else -# define MD4_LONG unsigned int -# endif +# define MD4_LONG unsigned int # define MD4_CBLOCK 64 # define MD4_LBLOCK (MD4_CBLOCK/4) @@ -104,9 +87,6 @@ typedef struct MD4state_st { unsigned int num; } MD4_CTX; -# ifdef OPENSSL_FIPS -int private_MD4_Init(MD4_CTX *c); -# endif int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); diff --git a/include/openssl/md5.h b/include/openssl/md5.h index 2659038abd..02ea76a54e 100644 --- a/include/openssl/md5.h +++ b/include/openssl/md5.h @@ -1,4 +1,3 @@ -/* crypto/md5/md5.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,26 +71,10 @@ extern "C" { /* * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! MD5_LONG_LOG2 has to be defined along. ! + * ! MD5_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ - -# if defined(__LP32__) -# define MD5_LONG unsigned long -# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -# define MD5_LONG unsigned long -# define MD5_LONG_LOG2 3 -/* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... - * <appro@fy.chalmers.se> - */ -# else -# define MD5_LONG unsigned int -# endif +# define MD5_LONG unsigned int # define MD5_CBLOCK 64 # define MD5_LBLOCK (MD5_CBLOCK/4) @@ -104,9 +87,6 @@ typedef struct MD5state_st { unsigned int num; } MD5_CTX; -# ifdef OPENSSL_FIPS -int private_MD5_Init(MD5_CTX *c); -# endif int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); diff --git a/include/openssl/mdc2.h b/include/openssl/mdc2.h index 7efe53bc29..fc9784fa18 100644 --- a/include/openssl/mdc2.h +++ b/include/openssl/mdc2.h @@ -1,4 +1,3 @@ -/* crypto/mdc2/mdc2.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -79,9 +78,6 @@ typedef struct mdc2_ctx_st { int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; -# ifdef OPENSSL_FIPS -int private_MDC2_Init(MDC2_CTX *c); -# endif int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); diff --git a/include/openssl/modes.h b/include/openssl/modes.h index fd488499a0..11bbb68356 100644 --- a/include/openssl/modes.h +++ b/include/openssl/modes.h @@ -157,6 +157,44 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, size_t inlen, block128_f block); +size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); +size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, + unsigned char *out, const unsigned char *in, + size_t inlen, block128_f block); + +#ifndef OPENSSL_NO_OCB +typedef struct ocb128_context OCB128_CONTEXT; + +typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + size_t start_block_num, + unsigned char offset_i[16], + const unsigned char L_[][16], + unsigned char checksum[16]); + +OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, + block128_f encrypt, block128_f decrypt, + ocb128_f stream); +int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, + void *keyenc, void *keydec); +int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, + size_t len, size_t taglen); +int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, + unsigned char *out, size_t len); +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); +#endif /* OPENSSL_NO_OCB */ #ifdef __cplusplus } diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 779c309b86..5d7adc758b 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -1,5 +1,3 @@ -/* crypto/objects/obj_mac.h */ - /* * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following * command: perl objects.pl objects.txt obj_mac.num obj_mac.h @@ -1490,6 +1488,11 @@ #define NID_proxyCertInfo 663 #define OBJ_proxyCertInfo OBJ_id_pe,14L +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1020 +#define OBJ_tlsfeature OBJ_id_pe,24L + #define SN_id_qt_cps "id-qt-cps" #define LN_id_qt_cps "Policy Qualifier CPS" #define NID_id_qt_cps 164 @@ -1554,6 +1557,51 @@ #define NID_dvcs 297 #define OBJ_dvcs OBJ_id_kp,10L +#define SN_ipsec_IKE "ipsecIKE" +#define LN_ipsec_IKE "ipsec Internet Key Exchange" +#define NID_ipsec_IKE 1022 +#define OBJ_ipsec_IKE OBJ_id_kp,17L + +#define SN_capwapAC "capwapAC" +#define LN_capwapAC "Ctrl/provision WAP Access" +#define NID_capwapAC 1023 +#define OBJ_capwapAC OBJ_id_kp,18L + +#define SN_capwapWTP "capwapWTP" +#define LN_capwapWTP "Ctrl/Provision WAP Termination" +#define NID_capwapWTP 1024 +#define OBJ_capwapWTP OBJ_id_kp,19L + +#define SN_sshClient "secureShellClient" +#define LN_sshClient "SSH Client" +#define NID_sshClient 1025 +#define OBJ_sshClient OBJ_id_kp,21L + +#define SN_sshServer "secureShellServer" +#define LN_sshServer "SSH Server" +#define NID_sshServer 1026 +#define OBJ_sshServer OBJ_id_kp,22L + +#define SN_sendRouter "sendRouter" +#define LN_sendRouter "Send Router" +#define NID_sendRouter 1027 +#define OBJ_sendRouter OBJ_id_kp,23L + +#define SN_sendProxiedRouter "sendProxiedRouter" +#define LN_sendProxiedRouter "Send Proxied Router" +#define NID_sendProxiedRouter 1028 +#define OBJ_sendProxiedRouter OBJ_id_kp,24L + +#define SN_sendOwner "sendOwner" +#define LN_sendOwner "Send Owner" +#define NID_sendOwner 1029 +#define OBJ_sendOwner OBJ_id_kp,25L + +#define SN_sendProxiedOwner "sendProxiedOwner" +#define LN_sendProxiedOwner "Send Proxied Owner" +#define NID_sendProxiedOwner 1030 +#define OBJ_sendProxiedOwner OBJ_id_kp,26L + #define SN_id_it_caProtEncCert "id-it-caProtEncCert" #define NID_id_it_caProtEncCert 298 #define OBJ_id_it_caProtEncCert OBJ_id_it,1L @@ -2030,6 +2078,16 @@ #define NID_ripemd160WithRSA 119 #define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L +#define SN_blake2b512 "BLAKE2b512" +#define LN_blake2b512 "blake2b512" +#define NID_blake2b512 1056 +#define OBJ_blake2b512 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L + +#define SN_blake2s256 "BLAKE2s256" +#define LN_blake2s256 "blake2s256" +#define NID_blake2s256 1057 +#define OBJ_blake2s256 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L + #define SN_sxnet "SXNetID" #define LN_sxnet "Strong Extranet ID" #define NID_sxnet 143 @@ -2354,7 +2412,7 @@ #define OBJ_delta_crl OBJ_id_ce,27L #define SN_issuing_distribution_point "issuingDistributionPoint" -#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" #define NID_issuing_distribution_point 770 #define OBJ_issuing_distribution_point OBJ_id_ce,28L @@ -2579,11 +2637,6 @@ #define NID_id_hex_multipart_message 508 #define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L -#define SN_rle_compression "RLE" -#define LN_rle_compression "run length compression" -#define NID_rle_compression 124 -#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L - #define SN_zlib_compression "ZLIB" #define LN_zlib_compression "zlib compression" #define NID_zlib_compression 125 @@ -2745,6 +2798,18 @@ #define LN_aes_256_ctr "aes-256-ctr" #define NID_aes_256_ctr 906 +#define SN_aes_128_ocb "AES-128-OCB" +#define LN_aes_128_ocb "aes-128-ocb" +#define NID_aes_128_ocb 958 + +#define SN_aes_192_ocb "AES-192-OCB" +#define LN_aes_192_ocb "aes-192-ocb" +#define NID_aes_192_ocb 959 + +#define SN_aes_256_ocb "AES-256-OCB" +#define LN_aes_256_ocb "aes-256-ocb" +#define NID_aes_256_ocb 960 + #define SN_aes_128_xts "AES-128-XTS" #define LN_aes_128_xts "aes-128-xts" #define NID_aes_128_xts 913 @@ -3063,6 +3128,11 @@ #define NID_friendlyCountryName 490 #define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L +#define SN_uniqueIdentifier "uid" +#define LN_uniqueIdentifier "uniqueIdentifier" +#define NID_uniqueIdentifier 102 +#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L + #define LN_organizationalStatus "organizationalStatus" #define NID_organizationalStatus 491 #define OBJ_organizationalStatus OBJ_pilotAttributeType,45L @@ -3678,6 +3748,10 @@ #define NID_cryptocom 806 #define OBJ_cryptocom OBJ_member_body,643L,2L,9L +#define SN_id_tc26 "id-tc26" +#define NID_id_tc26 974 +#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L + #define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" #define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" #define NID_id_GostR3411_94_with_GostR3410_2001 807 @@ -3716,11 +3790,26 @@ #define SN_gost89_cnt "gost89-cnt" #define NID_gost89_cnt 814 +#define SN_gost89_cnt_12 "gost89-cnt-12" +#define NID_gost89_cnt_12 975 + +#define SN_gost89_cbc "gost89-cbc" +#define NID_gost89_cbc 1009 + +#define SN_gost89_ecb "gost89-ecb" +#define NID_gost89_ecb 1010 + +#define SN_gost89_ctr "gost89-ctr" +#define NID_gost89_ctr 1011 + #define SN_id_Gost28147_89_MAC "gost-mac" #define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" #define NID_id_Gost28147_89_MAC 815 #define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L +#define SN_gost_mac_12 "gost-mac-12" +#define NID_gost_mac_12 976 + #define SN_id_GostR3411_94_prf "prf-gostr3411-94" #define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" #define NID_id_GostR3411_94_prf 816 @@ -3886,6 +3975,169 @@ #define NID_id_GostR3410_2001_ParamSet_cc 854 #define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L +#define SN_id_tc26_algorithms "id-tc26-algorithms" +#define NID_id_tc26_algorithms 977 +#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L + +#define SN_id_tc26_sign "id-tc26-sign" +#define NID_id_tc26_sign 978 +#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L + +#define SN_id_GostR3410_2012_256 "gost2012_256" +#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" +#define NID_id_GostR3410_2012_256 979 +#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L + +#define SN_id_GostR3410_2012_512 "gost2012_512" +#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" +#define NID_id_GostR3410_2012_512 980 +#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L + +#define SN_id_tc26_digest "id-tc26-digest" +#define NID_id_tc26_digest 981 +#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L + +#define SN_id_GostR3411_2012_256 "md_gost12_256" +#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" +#define NID_id_GostR3411_2012_256 982 +#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L + +#define SN_id_GostR3411_2012_512 "md_gost12_512" +#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" +#define NID_id_GostR3411_2012_512 983 +#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L + +#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" +#define NID_id_tc26_signwithdigest 984 +#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L + +#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" +#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_256 985 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L + +#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" +#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_512 986 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L + +#define SN_id_tc26_mac "id-tc26-mac" +#define NID_id_tc26_mac 987 +#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L + +#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" +#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" +#define NID_id_tc26_hmac_gost_3411_2012_256 988 +#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L + +#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" +#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" +#define NID_id_tc26_hmac_gost_3411_2012_512 989 +#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L + +#define SN_id_tc26_cipher "id-tc26-cipher" +#define NID_id_tc26_cipher 990 +#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L + +#define SN_id_tc26_agreement "id-tc26-agreement" +#define NID_id_tc26_agreement 991 +#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L + +#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" +#define NID_id_tc26_agreement_gost_3410_2012_256 992 +#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L + +#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" +#define NID_id_tc26_agreement_gost_3410_2012_512 993 +#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L + +#define SN_id_tc26_constants "id-tc26-constants" +#define NID_id_tc26_constants 994 +#define OBJ_id_tc26_constants OBJ_id_tc26,2L + +#define SN_id_tc26_sign_constants "id-tc26-sign-constants" +#define NID_id_tc26_sign_constants 995 +#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L + +#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" +#define NID_id_tc26_gost_3410_2012_512_constants 996 +#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L + +#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" +#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" +#define NID_id_tc26_gost_3410_2012_512_paramSetTest 997 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L + +#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" +#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_512_paramSetA 998 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L + +#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" +#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_512_paramSetB 999 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L + +#define SN_id_tc26_digest_constants "id-tc26-digest-constants" +#define NID_id_tc26_digest_constants 1000 +#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L + +#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" +#define NID_id_tc26_cipher_constants 1001 +#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L + +#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" +#define NID_id_tc26_gost_28147_constants 1002 +#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L + +#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" +#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" +#define NID_id_tc26_gost_28147_param_Z 1003 +#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L + +#define SN_INN "INN" +#define LN_INN "INN" +#define NID_INN 1004 +#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L + +#define SN_OGRN "OGRN" +#define LN_OGRN "OGRN" +#define NID_OGRN 1005 +#define OBJ_OGRN OBJ_member_body,643L,100L,1L + +#define SN_SNILS "SNILS" +#define LN_SNILS "SNILS" +#define NID_SNILS 1006 +#define OBJ_SNILS OBJ_member_body,643L,100L,3L + +#define SN_subjectSignTool "subjectSignTool" +#define LN_subjectSignTool "Signing Tool of Subject" +#define NID_subjectSignTool 1007 +#define OBJ_subjectSignTool OBJ_member_body,643L,100L,111L + +#define SN_issuerSignTool "issuerSignTool" +#define LN_issuerSignTool "Signing Tool of Issuer" +#define NID_issuerSignTool 1008 +#define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L + +#define SN_grasshopper_ecb "grasshopper-ecb" +#define NID_grasshopper_ecb 1012 + +#define SN_grasshopper_ctr "grasshopper-ctr" +#define NID_grasshopper_ctr 1013 + +#define SN_grasshopper_ofb "grasshopper-ofb" +#define NID_grasshopper_ofb 1014 + +#define SN_grasshopper_cbc "grasshopper-cbc" +#define NID_grasshopper_cbc 1015 + +#define SN_grasshopper_cfb "grasshopper-cfb" +#define NID_grasshopper_cfb 1016 + +#define SN_grasshopper_mac "grasshopper-mac" +#define NID_grasshopper_mac 1017 + #define SN_camellia_128_cbc "CAMELLIA-128-CBC" #define LN_camellia_128_cbc "camellia-128-cbc" #define NID_camellia_128_cbc 751 @@ -3932,6 +4184,26 @@ #define NID_camellia_128_cfb128 757 #define OBJ_camellia_128_cfb128 OBJ_camellia,4L +#define SN_camellia_128_gcm "CAMELLIA-128-GCM" +#define LN_camellia_128_gcm "camellia-128-gcm" +#define NID_camellia_128_gcm 961 +#define OBJ_camellia_128_gcm OBJ_camellia,6L + +#define SN_camellia_128_ccm "CAMELLIA-128-CCM" +#define LN_camellia_128_ccm "camellia-128-ccm" +#define NID_camellia_128_ccm 962 +#define OBJ_camellia_128_ccm OBJ_camellia,7L + +#define SN_camellia_128_ctr "CAMELLIA-128-CTR" +#define LN_camellia_128_ctr "camellia-128-ctr" +#define NID_camellia_128_ctr 963 +#define OBJ_camellia_128_ctr OBJ_camellia,9L + +#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" +#define LN_camellia_128_cmac "camellia-128-cmac" +#define NID_camellia_128_cmac 964 +#define OBJ_camellia_128_cmac OBJ_camellia,10L + #define SN_camellia_192_ecb "CAMELLIA-192-ECB" #define LN_camellia_192_ecb "camellia-192-ecb" #define NID_camellia_192_ecb 755 @@ -3947,6 +4219,26 @@ #define NID_camellia_192_cfb128 758 #define OBJ_camellia_192_cfb128 OBJ_camellia,24L +#define SN_camellia_192_gcm "CAMELLIA-192-GCM" +#define LN_camellia_192_gcm "camellia-192-gcm" +#define NID_camellia_192_gcm 965 +#define OBJ_camellia_192_gcm OBJ_camellia,26L + +#define SN_camellia_192_ccm "CAMELLIA-192-CCM" +#define LN_camellia_192_ccm "camellia-192-ccm" +#define NID_camellia_192_ccm 966 +#define OBJ_camellia_192_ccm OBJ_camellia,27L + +#define SN_camellia_192_ctr "CAMELLIA-192-CTR" +#define LN_camellia_192_ctr "camellia-192-ctr" +#define NID_camellia_192_ctr 967 +#define OBJ_camellia_192_ctr OBJ_camellia,29L + +#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" +#define LN_camellia_192_cmac "camellia-192-cmac" +#define NID_camellia_192_cmac 968 +#define OBJ_camellia_192_cmac OBJ_camellia,30L + #define SN_camellia_256_ecb "CAMELLIA-256-ECB" #define LN_camellia_256_ecb "camellia-256-ecb" #define NID_camellia_256_ecb 756 @@ -3962,6 +4254,26 @@ #define NID_camellia_256_cfb128 759 #define OBJ_camellia_256_cfb128 OBJ_camellia,44L +#define SN_camellia_256_gcm "CAMELLIA-256-GCM" +#define LN_camellia_256_gcm "camellia-256-gcm" +#define NID_camellia_256_gcm 969 +#define OBJ_camellia_256_gcm OBJ_camellia,46L + +#define SN_camellia_256_ccm "CAMELLIA-256-CCM" +#define LN_camellia_256_ccm "camellia-256-ccm" +#define NID_camellia_256_ccm 970 +#define OBJ_camellia_256_ccm OBJ_camellia,47L + +#define SN_camellia_256_ctr "CAMELLIA-256-CTR" +#define LN_camellia_256_ctr "camellia-256-ctr" +#define NID_camellia_256_ctr 971 +#define OBJ_camellia_256_ctr OBJ_camellia,49L + +#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" +#define LN_camellia_256_cmac "camellia-256-cmac" +#define NID_camellia_256_cmac 972 +#define OBJ_camellia_256_cmac OBJ_camellia,50L + #define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" #define LN_camellia_128_cfb1 "camellia-128-cfb1" #define NID_camellia_128_cfb1 760 @@ -4047,6 +4359,14 @@ #define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" #define NID_aes_256_cbc_hmac_sha256 950 +#define SN_chacha20_poly1305 "ChaCha20-Poly1305" +#define LN_chacha20_poly1305 "chacha20-poly1305" +#define NID_chacha20_poly1305 1018 + +#define SN_chacha20 "ChaCha20" +#define LN_chacha20 "chacha20" +#define NID_chacha20 1019 + #define SN_dhpublicnumber "dhpublicnumber" #define LN_dhpublicnumber "X9.42 DH" #define NID_dhpublicnumber 920 @@ -4192,3 +4512,105 @@ #define LN_jurisdictionCountryName "jurisdictionCountryName" #define NID_jurisdictionCountryName 957 #define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L + +#define SN_id_scrypt "id-scrypt" +#define NID_id_scrypt 973 +#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L + +#define SN_tls1_prf "TLS1-PRF" +#define LN_tls1_prf "tls1-prf" +#define NID_tls1_prf 1021 + +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1036 + +#define SN_id_pkinit "id-pkinit" +#define NID_id_pkinit 1031 +#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L + +#define SN_pkInitClientAuth "pkInitClientAuth" +#define LN_pkInitClientAuth "PKINIT Client Auth" +#define NID_pkInitClientAuth 1032 +#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L + +#define SN_pkInitKDC "pkInitKDC" +#define LN_pkInitKDC "Signing KDC Response" +#define NID_pkInitKDC 1033 +#define OBJ_pkInitKDC OBJ_id_pkinit,5L + +#define SN_X25519 "X25519" +#define NID_X25519 1034 +#define OBJ_X25519 1L,3L,6L,1L,4L,1L,11591L,15L,1L + +#define SN_X448 "X448" +#define NID_X448 1035 +#define OBJ_X448 1L,3L,6L,1L,4L,1L,11591L,15L,2L + +#define SN_kx_rsa "KxRSA" +#define LN_kx_rsa "kx-rsa" +#define NID_kx_rsa 1037 + +#define SN_kx_ecdhe "KxECDHE" +#define LN_kx_ecdhe "kx-ecdhe" +#define NID_kx_ecdhe 1038 + +#define SN_kx_dhe "KxDHE" +#define LN_kx_dhe "kx-dhe" +#define NID_kx_dhe 1039 + +#define SN_kx_ecdhe_psk "KxECDHE-PSK" +#define LN_kx_ecdhe_psk "kx-ecdhe-psk" +#define NID_kx_ecdhe_psk 1040 + +#define SN_kx_dhe_psk "KxDHE-PSK" +#define LN_kx_dhe_psk "kx-dhe-psk" +#define NID_kx_dhe_psk 1041 + +#define SN_kx_rsa_psk "KxRSA_PSK" +#define LN_kx_rsa_psk "kx-rsa-psk" +#define NID_kx_rsa_psk 1042 + +#define SN_kx_psk "KxPSK" +#define LN_kx_psk "kx-psk" +#define NID_kx_psk 1043 + +#define SN_kx_srp "KxSRP" +#define LN_kx_srp "kx-srp" +#define NID_kx_srp 1044 + +#define SN_kx_gost "KxGOST" +#define LN_kx_gost "kx-gost" +#define NID_kx_gost 1045 + +#define SN_auth_rsa "AuthRSA" +#define LN_auth_rsa "auth-rsa" +#define NID_auth_rsa 1046 + +#define SN_auth_ecdsa "AuthECDSA" +#define LN_auth_ecdsa "auth-ecdsa" +#define NID_auth_ecdsa 1047 + +#define SN_auth_psk "AuthPSK" +#define LN_auth_psk "auth-psk" +#define NID_auth_psk 1048 + +#define SN_auth_dss "AuthDSS" +#define LN_auth_dss "auth-dss" +#define NID_auth_dss 1049 + +#define SN_auth_gost01 "AuthGOST01" +#define LN_auth_gost01 "auth-gost01" +#define NID_auth_gost01 1050 + +#define SN_auth_gost12 "AuthGOST12" +#define LN_auth_gost12 "auth-gost12" +#define NID_auth_gost12 1051 + +#define SN_auth_srp "AuthSRP" +#define LN_auth_srp "auth-srp" +#define NID_auth_srp 1052 + +#define SN_auth_null "AuthNULL" +#define LN_auth_null "auth-null" +#define NID_auth_null 1053 diff --git a/include/openssl/objects.h b/include/openssl/objects.h index b8dafa89ce..05bc9b0248 100644 --- a/include/openssl/objects.h +++ b/include/openssl/objects.h @@ -1,4 +1,3 @@ -/* crypto/objects/objects.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1107,6 +1106,9 @@ int OBJ_create(const char *oid, const char *sn, const char *ln); void OBJ_cleanup(void); int OBJ_create_objects(BIO *in); +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); int OBJ_add_sigid(int signid, int dig_id, int pkey_id); diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index ca2ee76dce..02fd6b06be 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -1,11 +1,10 @@ -/* ocsp.h */ /* * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL * project. */ /* - * History: This file was transfered to Richard Levitte from CertCo by Kathy + * History: This file was transferred to Richard Levitte from CertCo by Kathy * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a * patch kit. */ @@ -93,76 +92,18 @@ extern "C" { # define OCSP_RESPID_KEY 0x400 # define OCSP_NOTIME 0x800 -/*- CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) - * serialNumber CertificateSerialNumber } - */ -typedef struct ocsp_cert_id_st { - X509_ALGOR *hashAlgorithm; - ASN1_OCTET_STRING *issuerNameHash; - ASN1_OCTET_STRING *issuerKeyHash; - ASN1_INTEGER *serialNumber; -} OCSP_CERTID; - -DECLARE_STACK_OF(OCSP_CERTID) - -/*- Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_one_request_st { - OCSP_CERTID *reqCert; - STACK_OF(X509_EXTENSION) *singleRequestExtensions; -} OCSP_ONEREQ; - -DECLARE_STACK_OF(OCSP_ONEREQ) -DECLARE_ASN1_SET_OF(OCSP_ONEREQ) - -/*- TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_req_info_st { - ASN1_INTEGER *version; - GENERAL_NAME *requestorName; - STACK_OF(OCSP_ONEREQ) *requestList; - STACK_OF(X509_EXTENSION) *requestExtensions; -} OCSP_REQINFO; - -/*- Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ -typedef struct ocsp_signature_st { - X509_ALGOR *signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -} OCSP_SIGNATURE; - -/*- OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - */ -typedef struct ocsp_request_st { - OCSP_REQINFO *tbsRequest; - OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ -} OCSP_REQUEST; - -/*- OCSPResponseStatus ::= ENUMERATED { - * successful (0), --Response has valid confirmations - * malformedRequest (1), --Illegal confirmation request - * internalError (2), --Internal error in issuer - * tryLater (3), --Try again later - * --(4) is not used - * sigRequired (5), --Must sign the request - * unauthorized (6) --Request unauthorized - * } - */ +typedef struct ocsp_cert_id_st OCSP_CERTID; + +DEFINE_STACK_OF(OCSP_CERTID) + +typedef struct ocsp_one_request_st OCSP_ONEREQ; + +DEFINE_STACK_OF(OCSP_ONEREQ) + +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + # define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 # define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 # define OCSP_RESPONSE_STATUS_INTERNALERROR 2 @@ -170,136 +111,28 @@ typedef struct ocsp_request_st { # define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 # define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 -/*- ResponseBytes ::= SEQUENCE { - * responseType OBJECT IDENTIFIER, - * response OCTET STRING } - */ -typedef struct ocsp_resp_bytes_st { - ASN1_OBJECT *responseType; - ASN1_OCTET_STRING *response; -} OCSP_RESPBYTES; - -/*- OCSPResponse ::= SEQUENCE { - * responseStatus OCSPResponseStatus, - * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } - */ -struct ocsp_response_st { - ASN1_ENUMERATED *responseStatus; - OCSP_RESPBYTES *responseBytes; -}; - -/*- ResponderID ::= CHOICE { - * byName [1] Name, - * byKey [2] KeyHash } - */ +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + # define V_OCSP_RESPID_NAME 0 # define V_OCSP_RESPID_KEY 1 -struct ocsp_responder_id_st { - int type; - union { - X509_NAME *byName; - ASN1_OCTET_STRING *byKey; - } value; -}; - -DECLARE_STACK_OF(OCSP_RESPID) + +DEFINE_STACK_OF(OCSP_RESPID) DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) -/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key - * --(excluding the tag and length fields) - */ +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; -/*- RevokedInfo ::= SEQUENCE { - * revocationTime GeneralizedTime, - * revocationReason [0] EXPLICIT CRLReason OPTIONAL } - */ -typedef struct ocsp_revoked_info_st { - ASN1_GENERALIZEDTIME *revocationTime; - ASN1_ENUMERATED *revocationReason; -} OCSP_REVOKEDINFO; - -/*- CertStatus ::= CHOICE { - * good [0] IMPLICIT NULL, - * revoked [1] IMPLICIT RevokedInfo, - * unknown [2] IMPLICIT UnknownInfo } - */ # define V_OCSP_CERTSTATUS_GOOD 0 # define V_OCSP_CERTSTATUS_REVOKED 1 # define V_OCSP_CERTSTATUS_UNKNOWN 2 -typedef struct ocsp_cert_status_st { - int type; - union { - ASN1_NULL *good; - OCSP_REVOKEDINFO *revoked; - ASN1_NULL *unknown; - } value; -} OCSP_CERTSTATUS; - -/*- SingleResponse ::= SEQUENCE { - * certID CertID, - * certStatus CertStatus, - * thisUpdate GeneralizedTime, - * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, - * singleExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_single_response_st { - OCSP_CERTID *certId; - OCSP_CERTSTATUS *certStatus; - ASN1_GENERALIZEDTIME *thisUpdate; - ASN1_GENERALIZEDTIME *nextUpdate; - STACK_OF(X509_EXTENSION) *singleExtensions; -} OCSP_SINGLERESP; - -DECLARE_STACK_OF(OCSP_SINGLERESP) -DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) - -/*- ResponseData ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * responderID ResponderID, - * producedAt GeneralizedTime, - * responses SEQUENCE OF SingleResponse, - * responseExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_response_data_st { - ASN1_INTEGER *version; - OCSP_RESPID *responderId; - ASN1_GENERALIZEDTIME *producedAt; - STACK_OF(OCSP_SINGLERESP) *responses; - STACK_OF(X509_EXTENSION) *responseExtensions; -} OCSP_RESPDATA; - -/*- BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ - /* - * Note 1: The value for "signature" is specified in the OCSP rfc2560 as - * follows: "The value for the signature SHALL be computed on the hash of - * the DER encoding ResponseData." This means that you must hash the - * DER-encoded tbsResponseData, and then run it through a crypto-signing - * function, which will (at least w/RSA) do a hash-'n'-private-encrypt - * operation. This seems a bit odd, but that's the spec. Also note that - * the data structures do not leave anywhere to independently specify the - * algorithm used for the initial hash. So, we look at the - * signature-specification algorithm, and try to do something intelligent. - * -- Kathy Weinhold, CertCo - */ - /* - * Note 2: It seems that the mentioned passage from RFC 2560 (section - * 4.2.1) is open for interpretation. I've done tests against another - * responder, and found that it doesn't do the double hashing that the RFC - * seems to say one should. Therefore, all relevant functions take a flag - * saying which variant should be used. -- Richard Levitte, OpenSSL team - * and CeloCom - */ -typedef struct ocsp_basic_response_st { - OCSP_RESPDATA *tbsResponseData; - X509_ALGOR *signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -} OCSP_BASICRESP; + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; + +DEFINE_STACK_OF(OCSP_SINGLERESP) + +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; /*- * CRLReason ::= ENUMERATED { @@ -322,27 +155,8 @@ typedef struct ocsp_basic_response_st { # define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 # define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 -/*- - * CrlID ::= SEQUENCE { - * crlUrl [0] EXPLICIT IA5String OPTIONAL, - * crlNum [1] EXPLICIT INTEGER OPTIONAL, - * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } - */ -typedef struct ocsp_crl_id_st { - ASN1_IA5STRING *crlUrl; - ASN1_INTEGER *crlNum; - ASN1_GENERALIZEDTIME *crlTime; -} OCSP_CRLID; - -/*- - * ServiceLocator ::= SEQUENCE { - * issuer Name, - * locator AuthorityInfoAccessSyntax OPTIONAL } - */ -typedef struct ocsp_service_locator_st { - X509_NAME *issuer; - STACK_OF(ACCESS_DESCRIPTION) *locator; -} OCSP_SERVICELOC; +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; # define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" # define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" @@ -371,19 +185,19 @@ typedef struct ocsp_service_locator_st { # define OCSP_REQUEST_sign(o,pkey,md) \ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ - o->optionalSignature->signatureAlgorithm,NULL,\ - o->optionalSignature->signature,o->tbsRequest,pkey,md) + &o->optionalSignature->signatureAlgorithm,NULL,\ + o->optionalSignature->signature,&o->tbsRequest,pkey,md) # define OCSP_BASICRESP_sign(o,pkey,md,d) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ - o->signature,o->tbsResponseData,pkey,md) + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\ + o->signature,&o->tbsResponseData,pkey,md) # define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ - a->optionalSignature->signatureAlgorithm,\ - a->optionalSignature->signature,a->tbsRequest,r) + &a->optionalSignature->signatureAlgorithm,\ + a->optionalSignature->signature,&a->tbsRequest,r) # define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - a->signatureAlgorithm,a->signature,a->tbsResponseData,r) + &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r) # define ASN1_BIT_STRING_digest(data,type,md,len) \ ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) @@ -440,8 +254,11 @@ int OCSP_request_sign(OCSP_REQUEST *req, int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); +ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs); + int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(OCSP_BASICRESP* bs); int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, ASN1_GENERALIZEDTIME **revtime, @@ -542,6 +359,7 @@ void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, unsigned long flags); int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); +OCSP_CERTID *OCSP_SINGLERESP_get0_id(OCSP_SINGLERESP *x); DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 03b8c48437..d85d1f3882 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -30,13 +30,12 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1000206fL +# define OPENSSL_VERSION_NUMBER 0x10100005L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2f-fips 28 Jan 2016" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0-pre5-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2f 28 Jan 2016" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0-pre5-dev xx XXX xxxx" # endif -# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT /*- * The macros below are to be used for shared library (.so, .dll, ...) @@ -49,7 +48,7 @@ extern "C" { * * libcrypto.so.0.9 * - * Some unixen also make a softlink with the major verson number only: + * Some unixen also make a softlink with the major version number only: * * libcrypto.so.0 * @@ -88,7 +87,7 @@ extern "C" { * should only keep the versions that are binary compatible with the current. */ # define SHLIB_VERSION_HISTORY "" -# define SHLIB_VERSION_NUMBER "1.0.0" +# define SHLIB_VERSION_NUMBER "1.1" #ifdef __cplusplus diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 9144ea2cf6..7a8d319989 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -55,6 +55,8 @@ #ifndef HEADER_OPENSSL_TYPES_H # define HEADER_OPENSSL_TYPES_H +#include <limits.h> + #ifdef __cplusplus extern "C" { #endif @@ -104,11 +106,11 @@ typedef struct asn1_object_st ASN1_OBJECT; typedef struct ASN1_ITEM_st ASN1_ITEM; typedef struct asn1_pctx_st ASN1_PCTX; +typedef struct asn1_sctx_st ASN1_SCTX; # ifdef OPENSSL_SYS_WIN32 # undef X509_NAME # undef X509_EXTENSIONS -# undef X509_CERT_PAIR # undef PKCS7_ISSUER_AND_SERIAL # undef OCSP_REQUEST # undef OCSP_RESPONSE @@ -117,6 +119,7 @@ typedef struct asn1_pctx_st ASN1_PCTX; # ifdef BIGNUM # undef BIGNUM # endif +typedef struct bio_st BIO; typedef struct bignum_st BIGNUM; typedef struct bignum_ctx BN_CTX; typedef struct bn_blinding_st BN_BLINDING; @@ -128,8 +131,8 @@ typedef struct buf_mem_st BUF_MEM; typedef struct evp_cipher_st EVP_CIPHER; typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; -typedef struct env_md_st EVP_MD; -typedef struct env_md_ctx_st EVP_MD_CTX; +typedef struct evp_md_st EVP_MD; +typedef struct evp_md_ctx_st EVP_MD_CTX; typedef struct evp_pkey_st EVP_PKEY; typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; @@ -137,6 +140,10 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + typedef struct dh_st DH; typedef struct dh_method DH_METHOD; @@ -146,10 +153,10 @@ typedef struct dsa_method DSA_METHOD; typedef struct rsa_st RSA; typedef struct rsa_meth_st RSA_METHOD; -typedef struct rand_meth_st RAND_METHOD; +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; -typedef struct ecdh_method ECDH_METHOD; -typedef struct ecdsa_method ECDSA_METHOD; +typedef struct rand_meth_st RAND_METHOD; typedef struct x509_st X509; typedef struct X509_algor_st X509_ALGOR; @@ -165,19 +172,18 @@ typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; typedef struct v3_ext_ctx X509V3_CTX; typedef struct conf_st CONF; - -typedef struct store_st STORE; -typedef struct store_method_st STORE_METHOD; +typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; typedef struct ui_st UI; typedef struct ui_method_st UI_METHOD; -typedef struct st_ERR_FNS ERR_FNS; - typedef struct engine_st ENGINE; typedef struct ssl_st SSL; typedef struct ssl_ctx_st SSL_CTX; +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; @@ -188,23 +194,33 @@ typedef struct DIST_POINT_st DIST_POINT; typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; - /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ -# define DECLARE_PKCS12_STACK_OF(type)/* Nothing */ -# define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */ - typedef struct crypto_ex_data_st CRYPTO_EX_DATA; -/* Callback types for crypto.h */ -typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, - void *from_d, int idx, long argl, void *argp); typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; typedef struct ocsp_response_st OCSP_RESPONSE; typedef struct ocsp_responder_id_st OCSP_RESPID; +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) +typedef intmax_t ossl_intmax_t; +typedef uintmax_t ossl_uintmax_t; +#else +/* + * Not long long, because the C-library can only be expected to provide + * strtoll(), strtoull() at the same time as intmax_t and strtoimax(), + * strtoumax(). Since we use these for parsing arguments, we need the + * conversion functions, not just the sizes. + */ +typedef long ossl_intmax_t; +typedef unsigned long ossl_uintmax_t; +#endif + #ifdef __cplusplus } #endif diff --git a/include/openssl/pem.h b/include/openssl/pem.h index d3b23fc997..0206fec68c 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -1,4 +1,3 @@ -/* crypto/pem/pem.h */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,12 +59,8 @@ # define HEADER_PEM_H # include <openssl/e_os2.h> -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif -# ifndef OPENSSL_NO_STACK -# include <openssl/stack.h> -# endif +# include <openssl/bio.h> +# include <openssl/stack.h> # include <openssl/evp.h> # include <openssl/x509.h> # include <openssl/pem2.h> @@ -76,44 +71,8 @@ extern "C" { # define PEM_BUFSIZE 1024 -# define PEM_OBJ_UNDEF 0 -# define PEM_OBJ_X509 1 -# define PEM_OBJ_X509_REQ 2 -# define PEM_OBJ_CRL 3 -# define PEM_OBJ_SSL_SESSION 4 -# define PEM_OBJ_PRIV_KEY 10 -# define PEM_OBJ_PRIV_RSA 11 -# define PEM_OBJ_PRIV_DSA 12 -# define PEM_OBJ_PRIV_DH 13 -# define PEM_OBJ_PUB_RSA 14 -# define PEM_OBJ_PUB_DSA 15 -# define PEM_OBJ_PUB_DH 16 -# define PEM_OBJ_DHPARAMS 17 -# define PEM_OBJ_DSAPARAMS 18 -# define PEM_OBJ_PRIV_RSA_PUBLIC 19 -# define PEM_OBJ_PRIV_ECDSA 20 -# define PEM_OBJ_PUB_ECDSA 21 -# define PEM_OBJ_ECPARAMETERS 22 - -# define PEM_ERROR 30 -# define PEM_DEK_DES_CBC 40 -# define PEM_DEK_IDEA_CBC 45 -# define PEM_DEK_DES_EDE 50 -# define PEM_DEK_DES_ECB 60 -# define PEM_DEK_RSA 70 -# define PEM_DEK_RSA_MD2 80 -# define PEM_DEK_RSA_MD5 90 - -# define PEM_MD_MD2 NID_md2 -# define PEM_MD_MD5 NID_md5 -# define PEM_MD_SHA NID_sha -# define PEM_MD_MD2_RSA NID_md2WithRSAEncryption -# define PEM_MD_MD5_RSA NID_md5WithRSAEncryption -# define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption - # define PEM_STRING_X509_OLD "X509 CERTIFICATE" # define PEM_STRING_X509 "CERTIFICATE" -# define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" # define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" # define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" # define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" @@ -138,17 +97,6 @@ extern "C" { # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" - /* - * Note that this structure is initialised by PEM_SealInit and cleaned up - * by PEM_SealFinal (at least for now) - */ -typedef struct PEM_Encode_Seal_st { - EVP_ENCODE_CTX encode; - EVP_MD_CTX md; - EVP_CIPHER_CTX cipher; -} PEM_ENCODE_SEAL_CTX; - -/* enc_type is one off */ # define PEM_TYPE_ENCRYPTED 10 # define PEM_TYPE_MIC_ONLY 20 # define PEM_TYPE_MIC_CLEAR 30 @@ -182,6 +130,7 @@ typedef struct pem_ctx_st { int num_recipient; PEM_USER **recipient; + /*- XXX(ben): don#t think this is used! STACK *x509_chain; / * certificate chain */ @@ -209,7 +158,7 @@ typedef struct pem_ctx_st { * IMPLEMENT_PEM_rw_cb(...) */ -# ifdef OPENSSL_NO_FP_API +# ifdef OPENSSL_NO_STDIO # define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ # define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ @@ -320,10 +269,11 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ /* These are the same except they are for the declarations */ -# if defined(OPENSSL_NO_FP_API) +# if defined(OPENSSL_NO_STDIO) # define DECLARE_PEM_read_fp(name, type) /**/ # define DECLARE_PEM_write_fp(name, type) /**/ +# define DECLARE_PEM_write_fp_const(name, type) /**/ # define DECLARE_PEM_write_cb_fp(name, type) /**/ # else @@ -342,7 +292,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ # endif -# ifndef OPENSSL_NO_BIO # define DECLARE_PEM_read_bio(name, type) \ type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); @@ -356,13 +305,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); -# else - -# define DECLARE_PEM_read_bio(name, type) /**/ -# define DECLARE_PEM_write_bio(name, type) /**/ -# define DECLARE_PEM_write_bio_const(name, type) /**/ -# define DECLARE_PEM_write_cb_bio(name, type) /**/ -# endif # define DECLARE_PEM_write(name, type) \ DECLARE_PEM_write_bio(name, type) \ DECLARE_PEM_write_fp(name, type) @@ -384,19 +326,12 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ # define DECLARE_PEM_rw_cb(name, type) \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write_cb(name, type) -# if 1 -/* "userdata": new with OpenSSL 0.9.4 */ typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); -# else -/* OpenSSL 0.9.3, 0.9.3a */ -typedef int pem_password_cb (char *buf, int size, int rwflag); -# endif int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, pem_password_cb *callback, void *u); -# ifndef OPENSSL_NO_BIO int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, long *len); int PEM_write_bio(BIO *bp, const char *name, const char *hdr, @@ -415,8 +350,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cd, void *u); -# endif +#ifndef OPENSSL_NO_STDIO int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len); int PEM_write(FILE *fp, const char *name, const char *hdr, @@ -428,17 +363,10 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, int klen, pem_password_cb *callback, void *u); STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); +#endif -int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, - EVP_MD *md_type, unsigned char **ek, int *ekl, - unsigned char *iv, EVP_PKEY **pubk, int npubk); -void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl); -int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, - unsigned char *out, int *outl, EVP_PKEY *priv); - -void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); -void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); +int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey); @@ -450,7 +378,6 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str); DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) -DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) DECLARE_PEM_rw(X509_CRL, X509_CRL) @@ -494,6 +421,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); +#ifndef OPENSSL_NO_STDIO int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); @@ -510,7 +438,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cd, void *u); - +#endif EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); @@ -569,8 +497,6 @@ void ERR_load_PEM_strings(void); # define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 # define PEM_F_PEM_READ_DHPARAMS 142 # define PEM_F_PEM_READ_PRIVATEKEY 124 -# define PEM_F_PEM_SEALFINAL 110 -# define PEM_F_PEM_SEALINIT 111 # define PEM_F_PEM_SIGNFINAL 112 # define PEM_F_PEM_WRITE 113 # define PEM_F_PEM_WRITE_BIO 114 diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h index a39adf5eb5..655655a5af 100644 --- a/include/openssl/pkcs12.h +++ b/include/openssl/pkcs12.h @@ -1,4 +1,3 @@ -/* pkcs12.h */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project * 1999. @@ -99,84 +98,69 @@ extern "C" { # define KEY_EX 0x10 # define KEY_SIG 0x80 -typedef struct { - X509_SIG *dinfo; - ASN1_OCTET_STRING *salt; - ASN1_INTEGER *iter; /* defaults to 1 */ -} PKCS12_MAC_DATA; - -typedef struct { - ASN1_INTEGER *version; - PKCS12_MAC_DATA *mac; - PKCS7 *authsafes; -} PKCS12; - -typedef struct { - ASN1_OBJECT *type; - union { - struct pkcs12_bag_st *bag; /* secret, crl and certbag */ - struct pkcs8_priv_key_info_st *keybag; /* keybag */ - X509_SIG *shkeybag; /* shrouded key bag */ - STACK_OF(PKCS12_SAFEBAG) *safes; - ASN1_TYPE *other; - } value; - STACK_OF(X509_ATTRIBUTE) *attrib; -} PKCS12_SAFEBAG; - -DECLARE_STACK_OF(PKCS12_SAFEBAG) -DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) -DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) - -typedef struct pkcs12_bag_st { - ASN1_OBJECT *type; - union { - ASN1_OCTET_STRING *x509cert; - ASN1_OCTET_STRING *x509crl; - ASN1_OCTET_STRING *octet; - ASN1_IA5STRING *sdsicert; - ASN1_TYPE *other; /* Secret or other bag */ - } value; -} PKCS12_BAGS; +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; -# define PKCS12_ERROR 0 -# define PKCS12_OK 1 +typedef struct PKCS12_st PKCS12; -/* Compatibility macros */ +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; -# define M_PKCS12_x5092certbag PKCS12_x5092certbag -# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag +DEFINE_STACK_OF(PKCS12_SAFEBAG) -# define M_PKCS12_certbag2x509 PKCS12_certbag2x509 -# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl +typedef struct pkcs12_bag_st PKCS12_BAGS; -# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data -# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes -# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes -# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata +# define PKCS12_ERROR 0 +# define PKCS12_OK 1 -# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey -# define M_PKCS8_decrypt PKCS8_decrypt +/* Compatibility macros */ -# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) -# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) -# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type +#if OPENSSL_API_COMPAT < 0x10100000L -# define PKCS12_get_attr(bag, attr_nid) \ - PKCS12_get_attr_gen(bag->attrib, attr_nid) +# define M_PKCS12_bag_type PKCS12_bag_type +# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type -# define PKCS8_get_attr(p8, attr_nid) \ - PKCS12_get_attr_gen(p8->attributes, attr_nid) +# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +# define PKCS12_get_attr PKCS12_SAFEBAG_get0_attr +# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt -# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) +#endif -PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); -PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); -X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); -X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(PKCS12 *p12); +void PKCS12_get0_mac(ASN1_OCTET_STRING **pmac, X509_ALGOR **pmacalg, + ASN1_OCTET_STRING **psalt, ASN1_INTEGER **piter, + PKCS12 *p12); + +ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid); +ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag); +PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag); +X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag); + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, + int passlen, + unsigned char *salt, + int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf); PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2); -PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen); PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, @@ -184,10 +168,8 @@ PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); -PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, - int passlen, unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8); +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, @@ -210,6 +192,7 @@ int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +STACK_OF(X509_ATTRIBUTE) *PKCS12_SAFEBAG_get0_attrs(PKCS12_SAFEBAG *bag); unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen, unsigned char *in, int inlen, unsigned char **data, int *datalen, @@ -296,14 +279,15 @@ void ERR_load_PKCS12_strings(void); # define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 # define PKCS12_F_PKCS12_KEY_GEN_ASC 110 # define PKCS12_F_PKCS12_KEY_GEN_UNI 111 -# define PKCS12_F_PKCS12_MAKE_KEYBAG 112 -# define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 # define PKCS12_F_PKCS12_NEWPASS 128 # define PKCS12_F_PKCS12_PACK_P7DATA 114 # define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 # define PKCS12_F_PKCS12_PARSE 118 # define PKCS12_F_PKCS12_PBE_CRYPT 119 # define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133 # define PKCS12_F_PKCS12_SETUP_MAC 122 # define PKCS12_F_PKCS12_SET_MAC 123 # define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 @@ -311,6 +295,7 @@ void ERR_load_PKCS12_strings(void); # define PKCS12_F_PKCS12_VERIFY_MAC 126 # define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 # define PKCS12_F_PKCS8_ENCRYPT 125 +# define PKCS12_F_PKCS8_SET0_PBE 132 /* Reason codes. */ # define PKCS12_R_CANT_PACK_STRUCTURE 100 diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h index b51b3863eb..7ca085e523 100644 --- a/include/openssl/pkcs7.h +++ b/include/openssl/pkcs7.h @@ -1,4 +1,3 @@ -/* crypto/pkcs7/pkcs7.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -100,8 +99,7 @@ typedef struct pkcs7_signer_info_st { EVP_PKEY *pkey; } PKCS7_SIGNER_INFO; -DECLARE_STACK_OF(PKCS7_SIGNER_INFO) -DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) +DEFINE_STACK_OF(PKCS7_SIGNER_INFO) typedef struct pkcs7_recip_info_st { ASN1_INTEGER *version; /* version 0 */ @@ -111,8 +109,7 @@ typedef struct pkcs7_recip_info_st { X509 *cert; /* get the pub-key from this */ } PKCS7_RECIP_INFO; -DECLARE_STACK_OF(PKCS7_RECIP_INFO) -DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) +DEFINE_STACK_OF(PKCS7_RECIP_INFO) typedef struct pkcs7_signed_st { ASN1_INTEGER *version; /* version 1 */ @@ -199,9 +196,7 @@ typedef struct pkcs7_st { } d; } PKCS7; -DECLARE_STACK_OF(PKCS7) -DECLARE_ASN1_SET_OF(PKCS7) -DECLARE_PKCS12_STACK_OF(PKCS7) +DEFINE_STACK_OF(PKCS7) # define PKCS7_OP_SET_DETACHED_SIGNATURE 1 # define PKCS7_OP_GET_DETACHED_SIGNATURE 2 @@ -242,6 +237,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7) # define PKCS7_NOCRL 0x2000 # define PKCS7_PARTIAL 0x4000 # define PKCS7_REUSE_DIGEST 0x8000 +# define PKCS7_NO_DUAL_CONTENT 0x10000 /* Flags: for compatibility with older code */ @@ -255,12 +251,15 @@ DECLARE_PKCS12_STACK_OF(PKCS7) # define SMIME_BINARY PKCS7_BINARY # define SMIME_NOATTR PKCS7_NOATTR +/* CRLF ASCII canonicalisation */ +# define SMIME_ASCIICRLF 0x80000 + DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, unsigned char *md, unsigned int *len); -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); # endif diff --git a/include/openssl/pqueue.h b/include/openssl/pqueue.h index d40d9c7d85..93817c2dfc 100644 --- a/include/openssl/pqueue.h +++ b/include/openssl/pqueue.h @@ -1,99 +1 @@ -/* crypto/pqueue/pqueue.h */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. - */ -/* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_PQUEUE_H -# define HEADER_PQUEUE_H - -# include <stdio.h> -# include <stdlib.h> -# include <string.h> - -#ifdef __cplusplus -extern "C" { -#endif -typedef struct _pqueue *pqueue; - -typedef struct _pitem { - unsigned char priority[8]; /* 64-bit value in big-endian encoding */ - void *data; - struct _pitem *next; -} pitem; - -typedef struct _pitem *piterator; - -pitem *pitem_new(unsigned char *prio64be, void *data); -void pitem_free(pitem *item); - -pqueue pqueue_new(void); -void pqueue_free(pqueue pq); - -pitem *pqueue_insert(pqueue pq, pitem *item); -pitem *pqueue_peek(pqueue pq); -pitem *pqueue_pop(pqueue pq); -pitem *pqueue_find(pqueue pq, unsigned char *prio64be); -pitem *pqueue_iterator(pqueue pq); -pitem *pqueue_next(piterator *iter); - -void pqueue_print(pqueue pq); -int pqueue_size(pqueue pq); - -#ifdef __cplusplus -} -#endif -#endif /* ! HEADER_PQUEUE_H */ +../../crypto/pqueue/pqueue.h
\ No newline at end of file diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 2553afda20..2a9a85c1f1 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -1,4 +1,3 @@ -/* crypto/rand/rand.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,18 +70,14 @@ extern "C" { #endif -# if defined(OPENSSL_FIPS) -# define FIPS_RAND_SIZE_T size_t -# endif - /* Already defined in ossl_typ.h */ /* typedef struct rand_meth_st RAND_METHOD; */ struct rand_meth_st { - void (*seed) (const void *buf, int num); + int (*seed) (const void *buf, int num); int (*bytes) (unsigned char *buf, int num); void (*cleanup) (void); - void (*add) (const void *buf, int num, double entropy); + int (*add) (const void *buf, int num, double entropy); int (*pseudorand) (unsigned char *buf, int num); int (*status) (void); }; @@ -96,19 +91,24 @@ const RAND_METHOD *RAND_get_rand_method(void); # ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine); # endif -RAND_METHOD *RAND_SSLeay(void); +RAND_METHOD *RAND_OpenSSL(void); void RAND_cleanup(void); int RAND_bytes(unsigned char *buf, int num); -int RAND_pseudo_bytes(unsigned char *buf, int num); +DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) void RAND_seed(const void *buf, int num); +#if defined(__ANDROID__) && defined(__NDK_FPABI__) +__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +#endif void RAND_add(const void *buf, int num, double entropy); int RAND_load_file(const char *file, long max_bytes); int RAND_write_file(const char *file); const char *RAND_file_name(char *file, size_t num); int RAND_status(void); +# ifndef OPENSSL_NO_EGD int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); int RAND_egd(const char *path); int RAND_egd_bytes(const char *path, int bytes); +# endif int RAND_poll(void); # if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) @@ -118,11 +118,6 @@ int RAND_event(UINT, WPARAM, LPARAM); # endif -# ifdef OPENSSL_FIPS -void RAND_set_fips_drbg_type(int type, int flags); -int RAND_init_fips(void); -# endif - /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -133,16 +128,22 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ +# define RAND_F_FIPS_RAND 102 +# define RAND_F_FIPS_RAND_SET_DT 103 +# define RAND_F_FIPS_SET_PRNG_SEED 104 +# define RAND_F_FIPS_SET_TEST_MODE 105 +# define RAND_F_FIPS_X931_SET_DT 106 +# define RAND_F_RAND_BYTES 100 # define RAND_F_RAND_GET_RAND_METHOD 101 -# define RAND_F_RAND_INIT_FIPS 102 -# define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ -# define RAND_R_DUAL_EC_DRBG_DISABLED 104 -# define RAND_R_ERROR_INITIALISING_DRBG 102 -# define RAND_R_ERROR_INSTANTIATING_DRBG 103 -# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 +# define RAND_R_NOT_IN_TEST_MODE 101 +# define RAND_R_NO_KEY_SET 102 +# define RAND_R_PRNG_ERROR 103 +# define RAND_R_PRNG_KEYED 104 # define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 105 +# define RAND_R_PRNG_STUCK 106 #ifdef __cplusplus } diff --git a/include/openssl/rc2.h b/include/openssl/rc2.h index 29d02d7322..0bf6ae31ec 100644 --- a/include/openssl/rc2.h +++ b/include/openssl/rc2.h @@ -1,4 +1,3 @@ -/* crypto/rc2/rc2.h */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,11 +58,13 @@ #ifndef HEADER_RC2_H # define HEADER_RC2_H -# include <openssl/opensslconf.h>/* OPENSSL_NO_RC2, RC2_INT */ +# include <openssl/opensslconf.h> # ifdef OPENSSL_NO_RC2 # error RC2 is disabled. # endif +typedef unsigned int RC2_INT; + # define RC2_ENCRYPT 1 # define RC2_DECRYPT 0 @@ -78,10 +79,6 @@ typedef struct rc2_key_st { RC2_INT data[64]; } RC2_KEY; -# ifdef OPENSSL_FIPS -void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, - int bits); -# endif void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *key, int enc); diff --git a/include/openssl/rc4.h b/include/openssl/rc4.h index 39162b1648..c938fdb92a 100644 --- a/include/openssl/rc4.h +++ b/include/openssl/rc4.h @@ -1,4 +1,3 @@ -/* crypto/rc4/rc4.h */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -77,7 +76,6 @@ typedef struct rc4_key_st { const char *RC4_options(void); void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); diff --git a/include/openssl/rc5.h b/include/openssl/rc5.h new file mode 100644 index 0000000000..026a1147a9 --- /dev/null +++ b/include/openssl/rc5.h @@ -0,0 +1,113 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RC5_H +# define HEADER_RC5_H + +# include <openssl/opensslconf.h>/* OPENSSL_NO_RC5 */ + +#ifdef __cplusplus +extern "C" { +#endif + +# ifdef OPENSSL_NO_RC5 +# error RC5 is disabled. +# endif + +# define RC5_ENCRYPT 1 +# define RC5_DECRYPT 0 + +# define RC5_32_INT unsigned int + +# define RC5_32_BLOCK 8 +# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ + +/* + * This are the only values supported. Tweak the code if you want more The + * most supported modes will be RC5-32/12/16 RC5-32/16/8 + */ +# define RC5_8_ROUNDS 8 +# define RC5_12_ROUNDS 12 +# define RC5_16_ROUNDS 16 + +typedef struct rc5_key_st { + /* Number of rounds */ + int rounds; + RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; +} RC5_32_KEY; + +void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds); +void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC5_32_KEY *key, int enc); +void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key); +void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *ks, unsigned char *iv, + int enc); +void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num, int enc); +void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC5_32_KEY *schedule, + unsigned char *ivec, int *num); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/openssl/ripemd.h b/include/openssl/ripemd.h index b88ef25e72..8a098f66a6 100644 --- a/include/openssl/ripemd.h +++ b/include/openssl/ripemd.h @@ -1,4 +1,3 @@ -/* crypto/ripemd/ripemd.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,18 +65,11 @@ extern "C" { #endif -# ifdef OPENSSL_NO_RIPEMD -# error RIPEMD is disabled. +# ifdef OPENSSL_NO_RMD160 +# error RMD160 is disabled. # endif -# if defined(__LP32__) -# define RIPEMD160_LONG unsigned long -# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -# define RIPEMD160_LONG unsigned long -# define RIPEMD160_LONG_LOG2 3 -# else -# define RIPEMD160_LONG unsigned int -# endif +# define RIPEMD160_LONG unsigned int # define RIPEMD160_CBLOCK 64 # define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) @@ -90,9 +82,6 @@ typedef struct RIPEMD160state_st { unsigned int num; } RIPEMD160_CTX; -# ifdef OPENSSL_FIPS -int private_RIPEMD160_Init(RIPEMD160_CTX *c); -# endif int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index d2ee37406e..adad0f144c 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -1,4 +1,3 @@ -/* crypto/rsa/rsa.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,14 +58,13 @@ #ifndef HEADER_RSA_H # define HEADER_RSA_H +# include <openssl/opensslconf.h> # include <openssl/asn1.h> -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif +# include <openssl/bio.h> # include <openssl/crypto.h> # include <openssl/ossl_typ.h> -# ifndef OPENSSL_NO_DEPRECATED +# if OPENSSL_API_COMPAT < 0x10100000L # include <openssl/bn.h> # endif @@ -109,9 +107,7 @@ struct rsa_meth_st { * New sign and verify functions: some libraries don't allow arbitrary * data to be signed/verified: this allows them to be used. Note: for * this to work the RSA_public_decrypt() and RSA_private_encrypt() should - * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note: - * for backwards compatibility this functionality is only enabled if the - * RSA_FLAG_SIGN_VER option is set in 'flags'. + * *NOT* be used RSA_sign(), RSA_verify() should be used instead. */ int (*rsa_sign) (int type, const unsigned char *m, unsigned int m_length, @@ -162,12 +158,15 @@ struct rsa_st { char *bignum_data; BN_BLINDING *blinding; BN_BLINDING *mt_blinding; + CRYPTO_RWLOCK *lock; }; # ifndef OPENSSL_RSA_MAX_MODULUS_BITS # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 # endif @@ -196,12 +195,6 @@ struct rsa_st { # define RSA_FLAG_EXT_PKEY 0x0020 /* - * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify - * functions. - */ -# define RSA_FLAG_SIGN_VER 0x0040 - -/* * new with 0.9.6j and 0.9.7b; the built-in * RSA implementation now uses blinding by * default (ignoring RSA_FLAG_BLINDING), @@ -220,7 +213,7 @@ struct rsa_st { * private key operations. */ # define RSA_FLAG_NO_CONSTTIME 0x0100 -# ifdef OPENSSL_USE_DEPRECATED +# if OPENSSL_API_COMPAT < 0x00908000L /* deprecated name for the flag*/ /* * new with 0.9.7h; the built-in RSA @@ -319,18 +312,27 @@ struct rsa_st { RSA *RSA_new(void); RSA *RSA_new_method(ENGINE *engine); +int RSA_bits(const RSA *rsa); int RSA_size(const RSA *rsa); +int RSA_security_bits(const RSA *rsa); /* Deprecated version */ -# ifndef OPENSSL_NO_DEPRECATED -RSA *RSA_generate_key(int bits, unsigned long e, void - (*callback) (int, int, void *), void *cb_arg); -# endif /* !defined(OPENSSL_NO_DEPRECATED) */ +DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void + (*callback) (int, int, void *), + void *cb_arg)) /* New version */ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, + BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, + const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, + BN_GENCB *cb); + int RSA_check_key(const RSA *); +int RSA_check_key_ex(const RSA *, BN_GENCB *cb); /* next 4 return -1 on error */ int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); @@ -354,8 +356,8 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); /* This function needs the memory locking malloc callbacks to be installed */ int RSA_memory_lock(RSA *r); -/* these are the actual SSLeay RSA functions */ -const RSA_METHOD *RSA_PKCS1_SSLeay(void); +/* these are the actual RSA functions */ +const RSA_METHOD *RSA_PKCS1_OpenSSL(void); const RSA_METHOD *RSA_null_method(void); @@ -379,29 +381,11 @@ typedef struct rsa_oaep_params_st { DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO int RSA_print_fp(FILE *fp, const RSA *r, int offset); # endif -# ifndef OPENSSL_NO_BIO int RSA_print(BIO *bp, const RSA *r, int offset); -# endif - -# ifndef OPENSSL_NO_RC4 -int i2d_RSA_NET(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey); -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify), int sgckey); - -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, - int (*cb) (char *buf, int len, const char *prompt, - int verify)); -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, - int (*cb) (char *buf, int len, const char *prompt, - int verify)); -# endif /* * The following 2 functions sign and verify a X509_SIG ASN1 object inside @@ -485,8 +469,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen); -int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) int RSA_set_ex_data(RSA *r, int idx, void *arg); void *RSA_get_ex_data(const RSA *r, int idx); @@ -527,27 +511,29 @@ void ERR_load_RSA_strings(void); /* Function codes. */ # define RSA_F_CHECK_PADDING_MD 140 # define RSA_F_DO_RSA_PRINT 146 +# define RSA_F_FIPS_RSA_SIGN_DIGEST 149 +# define RSA_F_FIPS_RSA_VERIFY 150 +# define RSA_F_FIPS_RSA_VERIFY_DIGEST 151 # define RSA_F_INT_RSA_VERIFY 145 # define RSA_F_MEMORY_LOCK 100 # define RSA_F_OLD_RSA_PRIV_DECODE 147 # define RSA_F_PKEY_RSA_CTRL 143 # define RSA_F_PKEY_RSA_CTRL_STR 144 # define RSA_F_PKEY_RSA_SIGN 142 -# define RSA_F_PKEY_RSA_VERIFY 154 # define RSA_F_PKEY_RSA_VERIFYRECOVER 141 -# define RSA_F_RSA_ALGOR_TO_MD 157 +# define RSA_F_RSA_ALGOR_TO_MD 156 # define RSA_F_RSA_BUILTIN_KEYGEN 129 # define RSA_F_RSA_CHECK_KEY 123 -# define RSA_F_RSA_CMS_DECRYPT 158 -# define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 -# define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 -# define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 -# define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 +# define RSA_F_RSA_CHECK_KEY_EX 160 +# define RSA_F_RSA_CMS_DECRYPT 159 +# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101 +# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102 +# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103 +# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104 # define RSA_F_RSA_GENERATE_KEY 105 -# define RSA_F_RSA_GENERATE_KEY_EX 155 -# define RSA_F_RSA_ITEM_VERIFY 156 +# define RSA_F_RSA_ITEM_VERIFY 148 # define RSA_F_RSA_MEMORY_LOCK 130 -# define RSA_F_RSA_MGF1_TO_MD 159 +# define RSA_F_RSA_MGF1_TO_MD 157 # define RSA_F_RSA_NEW_METHOD 106 # define RSA_F_RSA_NULL 124 # define RSA_F_RSA_NULL_MOD_EXP 131 @@ -555,39 +541,35 @@ void ERR_load_RSA_strings(void); # define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 # define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 # define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +# define RSA_F_RSA_OAEP_TO_CTX 158 # define RSA_F_RSA_PADDING_ADD_NONE 107 # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 -# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 160 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154 # define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 -# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152 # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 # define RSA_F_RSA_PADDING_ADD_SSLV23 110 # define RSA_F_RSA_PADDING_ADD_X931 127 # define RSA_F_RSA_PADDING_CHECK_NONE 111 # define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 161 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153 # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 # define RSA_F_RSA_PADDING_CHECK_SSLV23 114 # define RSA_F_RSA_PADDING_CHECK_X931 128 # define RSA_F_RSA_PRINT 115 # define RSA_F_RSA_PRINT_FP 116 -# define RSA_F_RSA_PRIVATE_DECRYPT 150 -# define RSA_F_RSA_PRIVATE_ENCRYPT 151 # define RSA_F_RSA_PRIV_DECODE 137 # define RSA_F_RSA_PRIV_ENCODE 138 -# define RSA_F_RSA_PSS_TO_CTX 162 -# define RSA_F_RSA_PUBLIC_DECRYPT 152 -# define RSA_F_RSA_PUBLIC_ENCRYPT 153 +# define RSA_F_RSA_PSS_TO_CTX 155 # define RSA_F_RSA_PUB_DECODE 139 # define RSA_F_RSA_SETUP_BLINDING 136 # define RSA_F_RSA_SIGN 117 # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 # define RSA_F_RSA_VERIFY 119 # define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 -# define RSA_F_RSA_VERIFY_PKCS1_PSS 126 -# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 /* Reason codes. */ # define RSA_R_ALGORITHM_MISMATCH 100 @@ -603,21 +585,21 @@ void ERR_load_RSA_strings(void); # define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 # define RSA_R_DATA_TOO_SMALL 111 # define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 -# define RSA_R_DIGEST_DOES_NOT_MATCH 166 +# define RSA_R_DIGEST_DOES_NOT_MATCH 158 # define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 # define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 # define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 # define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 # define RSA_R_FIRST_OCTET_INVALID 133 # define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 -# define RSA_R_INVALID_DIGEST 160 +# define RSA_R_INVALID_DIGEST 157 # define RSA_R_INVALID_DIGEST_LENGTH 143 # define RSA_R_INVALID_HEADER 137 # define RSA_R_INVALID_KEYBITS 145 -# define RSA_R_INVALID_LABEL 161 +# define RSA_R_INVALID_LABEL 160 # define RSA_R_INVALID_MESSAGE_LENGTH 131 # define RSA_R_INVALID_MGF1_MD 156 -# define RSA_R_INVALID_OAEP_PARAMETERS 162 +# define RSA_R_INVALID_OAEP_PARAMETERS 161 # define RSA_R_INVALID_PADDING 138 # define RSA_R_INVALID_PADDING_MODE 141 # define RSA_R_INVALID_PSS_PARAMETERS 149 @@ -629,12 +611,10 @@ void ERR_load_RSA_strings(void); # define RSA_R_KEY_SIZE_TOO_SMALL 120 # define RSA_R_LAST_OCTET_INVALID 134 # define RSA_R_MODULUS_TOO_LARGE 105 -# define RSA_R_NON_FIPS_RSA_METHOD 157 # define RSA_R_NO_PUBLIC_EXPONENT 140 # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 # define RSA_R_OAEP_DECODING_ERROR 121 -# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 @@ -646,12 +626,12 @@ void ERR_load_RSA_strings(void); # define RSA_R_SSLV3_ROLLBACK_ATTACK 115 # define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 # define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 -# define RSA_R_UNKNOWN_DIGEST 163 +# define RSA_R_UNKNOWN_DIGEST 166 # define RSA_R_UNKNOWN_MASK_DIGEST 151 # define RSA_R_UNKNOWN_PADDING_TYPE 118 # define RSA_R_UNKNOWN_PSS_DIGEST 152 -# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 164 -# define RSA_R_UNSUPPORTED_LABEL_SOURCE 165 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 # define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 # define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h index 1d4f87eab3..538774d664 100644 --- a/include/openssl/safestack.h +++ b/include/openssl/safestack.h @@ -1,5 +1,6 @@ +/* automatically generated by util/mkstack.pl */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -56,14 +57,14 @@ # define HEADER_SAFESTACK_H # include <openssl/stack.h> +# include <openssl/e_os2.h> #ifdef __cplusplus extern "C" { #endif # ifndef CHECKED_PTR_OF -# define CHECKED_PTR_OF(type, p) \ - ((void*) (1 ? p : (type*)0)) +# define CHECKED_PTR_OF(type, p) ((void*) (1 ? p : (type*)0)) # endif /* @@ -86,21 +87,105 @@ extern "C" { ((1 ? p : (int (*)(const type * const *, const type * const *))0))) # define STACK_OF(type) struct stack_st_##type -# define PREDECLARE_STACK_OF(type) STACK_OF(type); -# define DECLARE_STACK_OF(type) \ -STACK_OF(type) \ +# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ + STACK_OF(t1); \ + static ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ { \ - _STACK stack; \ - }; -# define DECLARE_SPECIAL_STACK_OF(type, type2) \ -STACK_OF(type) \ + return sk_num((_STACK *)sk); \ + } \ + static ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ { \ - _STACK stack; \ - }; + return (t2 *)sk_value((_STACK *)sk, idx); \ + } \ + static ossl_inline STACK_OF(t1) *sk_##t1##_new(int (*cmpf)(const t3 * const *a, const t3 * const *b)) \ + { \ + return (STACK_OF(t1) *)sk_new((int (*)(const void *a, const void *b))cmpf); \ + } \ + static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ + { \ + return (STACK_OF(t1) *)sk_new_null(); \ + } \ + static ossl_inline void sk_##t1##_free(const STACK_OF(t1) *sk) \ + { \ + sk_free((_STACK *)sk); \ + } \ + static ossl_inline void sk_##t1##_zero(const STACK_OF(t1) *sk) \ + { \ + sk_zero((_STACK *)sk); \ + } \ + static ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ + { \ + return (t2 *)sk_delete((_STACK *)sk, i); \ + } \ + static ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return (t2 *)sk_delete_ptr((_STACK *)sk, (void *)ptr); \ + } \ + static ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return sk_push((_STACK *)sk, (void *)ptr); \ + } \ + static ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return sk_unshift((_STACK *)sk, (void *)ptr); \ + } \ + static ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ + { \ + return (t2 *)sk_pop((_STACK *)sk); \ + } \ + static ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ + { \ + return (t2 *)sk_shift((_STACK *)sk); \ + } \ + static ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, void (*func)(t3 *a)) \ + { \ + sk_pop_free((_STACK *)sk, (void (*)(void *))func); \ + } \ + static ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ + { \ + return sk_insert((_STACK *)sk, (void *)ptr, idx); \ + } \ + static ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ + { \ + return (t2 *)sk_set((_STACK *)sk, idx, (void *)ptr); \ + } \ + static ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return sk_find((_STACK *)sk, (void *)ptr); \ + } \ + static ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ + { \ + return sk_find_ex((_STACK *)sk, (void *)ptr); \ + } \ + static ossl_inline void sk_##t1##_sort(const STACK_OF(t1) *sk) \ + { \ + sk_sort((_STACK *)sk); \ + } \ + static ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ + { \ + return sk_is_sorted((_STACK *)sk); \ + } \ + static ossl_inline STACK_OF(t1) * sk_##t1##_dup(STACK_OF(t1) *sk) \ + { \ + return (STACK_OF(t1) *)sk_dup((_STACK *)sk); \ + } \ + static ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(STACK_OF(t1) *sk, \ + t3 *(*copyfn)(const t3 *), \ + void (*freefn)(t3 *)) \ + { \ + return (STACK_OF(t1) *)sk_deep_copy((_STACK *)sk, \ + (void * (*)(void *a))copyfn, \ + (void (*)(void *a))freefn); \ + } \ + static ossl_inline int (*sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, int (*cmpf)(const t3 * const *a, const t3 * const *b)))(const t3 * const *, const t3 * const *) \ + { \ + return (int (*)(const t3 * const *,const t3 * const *))sk_set_cmp_func((_STACK *)sk, (int (*)(const void *a, const void *b))cmpf); \ + } -/* nada (obsolete in new safestack approach)*/ -# define IMPLEMENT_STACK_OF(type) +# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) /*- * Strings are special: normally an lhash entry will point to a single @@ -117,2556 +202,25 @@ STACK_OF(type) \ * string at all. */ typedef char *OPENSSL_STRING; - typedef const char *OPENSSL_CSTRING; -/* +/*- * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned * above, instead of a single char each entry is a NUL-terminated array of * chars. So, we have to implement STRING specially for STACK_OF. This is * dealt with in the autogenerated macros below. */ - -DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) +DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) /* * Similarly, we sometimes use a block of characters, NOT nul-terminated. * These should also be distinguished from "normal" stacks. */ typedef void *OPENSSL_BLOCK; -DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) +DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) -/* - * SKM_sk_... stack macros are internal to safestack.h: never use them - * directly, use sk_<type>_... instead - */ -# define SKM_sk_new(type, cmp) \ - ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) -# define SKM_sk_new_null(type) \ - ((STACK_OF(type) *)sk_new_null()) -# define SKM_sk_free(type, st) \ - sk_free(CHECKED_STACK_OF(type, st)) -# define SKM_sk_num(type, st) \ - sk_num(CHECKED_STACK_OF(type, st)) -# define SKM_sk_value(type, st,i) \ - ((type *)sk_value(CHECKED_STACK_OF(type, st), i)) -# define SKM_sk_set(type, st,i,val) \ - sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val)) -# define SKM_sk_zero(type, st) \ - sk_zero(CHECKED_STACK_OF(type, st)) -# define SKM_sk_push(type, st, val) \ - sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) -# define SKM_sk_unshift(type, st, val) \ - sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) -# define SKM_sk_find(type, st, val) \ - sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) -# define SKM_sk_find_ex(type, st, val) \ - sk_find_ex(CHECKED_STACK_OF(type, st), \ - CHECKED_PTR_OF(type, val)) -# define SKM_sk_delete(type, st, i) \ - (type *)sk_delete(CHECKED_STACK_OF(type, st), i) -# define SKM_sk_delete_ptr(type, st, ptr) \ - (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr)) -# define SKM_sk_insert(type, st,val, i) \ - sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i) -# define SKM_sk_set_cmp_func(type, st, cmp) \ - ((int (*)(const type * const *,const type * const *)) \ - sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp))) -# define SKM_sk_dup(type, st) \ - (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st)) -# define SKM_sk_pop_free(type, st, free_func) \ - sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) -# define SKM_sk_deep_copy(type, st, copy_func, free_func) \ - (STACK_OF(type) *)sk_deep_copy(CHECKED_STACK_OF(type, st), CHECKED_SK_COPY_FUNC(type, copy_func), CHECKED_SK_FREE_FUNC(type, free_func)) -# define SKM_sk_shift(type, st) \ - (type *)sk_shift(CHECKED_STACK_OF(type, st)) -# define SKM_sk_pop(type, st) \ - (type *)sk_pop(CHECKED_STACK_OF(type, st)) -# define SKM_sk_sort(type, st) \ - sk_sort(CHECKED_STACK_OF(type, st)) -# define SKM_sk_is_sorted(type, st) \ - sk_is_sorted(CHECKED_STACK_OF(type, st)) -# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - (STACK_OF(type) *)d2i_ASN1_SET( \ - (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ - pp, length, \ - CHECKED_D2I_OF(type, d2i_func), \ - CHECKED_SK_FREE_FUNC(type, free_func), \ - ex_tag, ex_class) -# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ - i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \ - CHECKED_I2D_OF(type, i2d_func), \ - ex_tag, ex_class, is_set) -# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ - ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ - CHECKED_I2D_OF(type, i2d_func), buf, len) -# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ - (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) -# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ - (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ - CHECKED_D2I_OF(type, d2i_func), \ - CHECKED_SK_FREE_FUNC(type, free_func), \ - pass, passlen, oct, seq) -/* - * This block of defines is updated by util/mkstack.pl, please do not touch! - */ -# define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp)) -# define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) -# define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) -# define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) -# define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i)) -# define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val)) -# define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st)) -# define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) -# define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) -# define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) -# define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) -# define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) -# define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) -# define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) -# define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) -# define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) -# define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) -# define sk_ACCESS_DESCRIPTION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ACCESS_DESCRIPTION, (st), (copy_func), (free_func)) -# define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) -# define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) -# define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) -# define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) -# define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp)) -# define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) -# define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) -# define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) -# define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) -# define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) -# define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) -# define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) -# define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) -# define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) -# define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) -# define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) -# define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) -# define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) -# define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) -# define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) -# define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) -# define sk_ASIdOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASIdOrRange, (st), (copy_func), (free_func)) -# define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) -# define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) -# define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) -# define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) -# define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp)) -# define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) -# define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) -# define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) -# define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) -# define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) -# define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) -# define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) -# define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) -# define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) -# define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) -# define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) -# define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) -# define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) -# define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) -# define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) -# define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) -# define sk_ASN1_GENERALSTRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_GENERALSTRING, (st), (copy_func), (free_func)) -# define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) -# define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) -# define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) -# define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) -# define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp)) -# define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) -# define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) -# define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) -# define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i)) -# define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val)) -# define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st)) -# define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) -# define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) -# define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) -# define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) -# define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) -# define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) -# define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) -# define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) -# define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) -# define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) -# define sk_ASN1_INTEGER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_INTEGER, (st), (copy_func), (free_func)) -# define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) -# define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) -# define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) -# define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) -# define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp)) -# define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) -# define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) -# define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) -# define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i)) -# define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val)) -# define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st)) -# define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) -# define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) -# define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) -# define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) -# define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) -# define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) -# define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) -# define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) -# define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) -# define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) -# define sk_ASN1_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_OBJECT, (st), (copy_func), (free_func)) -# define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) -# define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) -# define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) -# define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) -# define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp)) -# define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) -# define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) -# define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) -# define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i)) -# define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val)) -# define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st)) -# define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) -# define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) -# define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) -# define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) -# define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) -# define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) -# define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) -# define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) -# define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) -# define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) -# define sk_ASN1_STRING_TABLE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_STRING_TABLE, (st), (copy_func), (free_func)) -# define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) -# define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) -# define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) -# define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) -# define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) -# define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) -# define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) -# define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) -# define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i)) -# define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val)) -# define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st)) -# define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) -# define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) -# define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) -# define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) -# define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) -# define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) -# define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) -# define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) -# define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) -# define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) -# define sk_ASN1_TYPE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_TYPE, (st), (copy_func), (free_func)) -# define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) -# define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) -# define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) -# define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) -# define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp)) -# define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING) -# define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st)) -# define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st)) -# define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i)) -# define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val)) -# define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st)) -# define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val)) -# define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val)) -# define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val)) -# define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val)) -# define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i)) -# define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr)) -# define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i)) -# define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp)) -# define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st) -# define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func)) -# define sk_ASN1_UTF8STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_UTF8STRING, (st), (copy_func), (free_func)) -# define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st)) -# define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st)) -# define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st)) -# define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st)) -# define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp)) -# define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) -# define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) -# define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) -# define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i)) -# define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val)) -# define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st)) -# define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) -# define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) -# define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) -# define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) -# define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) -# define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) -# define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) -# define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) -# define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) -# define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) -# define sk_ASN1_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_VALUE, (st), (copy_func), (free_func)) -# define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) -# define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) -# define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) -# define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) -# define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp)) -# define sk_BIO_new_null() SKM_sk_new_null(BIO) -# define sk_BIO_free(st) SKM_sk_free(BIO, (st)) -# define sk_BIO_num(st) SKM_sk_num(BIO, (st)) -# define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i)) -# define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val)) -# define sk_BIO_zero(st) SKM_sk_zero(BIO, (st)) -# define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) -# define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) -# define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) -# define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) -# define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) -# define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) -# define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) -# define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) -# define sk_BIO_dup(st) SKM_sk_dup(BIO, st) -# define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) -# define sk_BIO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BIO, (st), (copy_func), (free_func)) -# define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) -# define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) -# define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) -# define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) -# define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp)) -# define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) -# define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) -# define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) -# define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) -# define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) -# define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) -# define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) -# define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) -# define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) -# define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) -# define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) -# define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) -# define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) -# define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) -# define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) -# define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) -# define sk_BY_DIR_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_ENTRY, (st), (copy_func), (free_func)) -# define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) -# define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) -# define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) -# define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) -# define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp)) -# define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) -# define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) -# define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) -# define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) -# define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) -# define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) -# define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) -# define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) -# define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) -# define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) -# define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) -# define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) -# define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) -# define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) -# define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) -# define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) -# define sk_BY_DIR_HASH_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_HASH, (st), (copy_func), (free_func)) -# define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) -# define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) -# define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) -# define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) -# define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp)) -# define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) -# define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) -# define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) -# define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) -# define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) -# define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) -# define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) -# define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) -# define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) -# define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) -# define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) -# define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) -# define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) -# define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) -# define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) -# define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) -# define sk_CMS_CertificateChoices_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_CertificateChoices, (st), (copy_func), (free_func)) -# define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) -# define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) -# define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) -# define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) -# define sk_CMS_RecipientEncryptedKey_new(cmp) SKM_sk_new(CMS_RecipientEncryptedKey, (cmp)) -# define sk_CMS_RecipientEncryptedKey_new_null() SKM_sk_new_null(CMS_RecipientEncryptedKey) -# define sk_CMS_RecipientEncryptedKey_free(st) SKM_sk_free(CMS_RecipientEncryptedKey, (st)) -# define sk_CMS_RecipientEncryptedKey_num(st) SKM_sk_num(CMS_RecipientEncryptedKey, (st)) -# define sk_CMS_RecipientEncryptedKey_value(st, i) SKM_sk_value(CMS_RecipientEncryptedKey, (st), (i)) -# define sk_CMS_RecipientEncryptedKey_set(st, i, val) SKM_sk_set(CMS_RecipientEncryptedKey, (st), (i), (val)) -# define sk_CMS_RecipientEncryptedKey_zero(st) SKM_sk_zero(CMS_RecipientEncryptedKey, (st)) -# define sk_CMS_RecipientEncryptedKey_push(st, val) SKM_sk_push(CMS_RecipientEncryptedKey, (st), (val)) -# define sk_CMS_RecipientEncryptedKey_unshift(st, val) SKM_sk_unshift(CMS_RecipientEncryptedKey, (st), (val)) -# define sk_CMS_RecipientEncryptedKey_find(st, val) SKM_sk_find(CMS_RecipientEncryptedKey, (st), (val)) -# define sk_CMS_RecipientEncryptedKey_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientEncryptedKey, (st), (val)) -# define sk_CMS_RecipientEncryptedKey_delete(st, i) SKM_sk_delete(CMS_RecipientEncryptedKey, (st), (i)) -# define sk_CMS_RecipientEncryptedKey_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientEncryptedKey, (st), (ptr)) -# define sk_CMS_RecipientEncryptedKey_insert(st, val, i) SKM_sk_insert(CMS_RecipientEncryptedKey, (st), (val), (i)) -# define sk_CMS_RecipientEncryptedKey_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientEncryptedKey, (st), (cmp)) -# define sk_CMS_RecipientEncryptedKey_dup(st) SKM_sk_dup(CMS_RecipientEncryptedKey, st) -# define sk_CMS_RecipientEncryptedKey_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientEncryptedKey, (st), (free_func)) -# define sk_CMS_RecipientEncryptedKey_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientEncryptedKey, (st), (copy_func), (free_func)) -# define sk_CMS_RecipientEncryptedKey_shift(st) SKM_sk_shift(CMS_RecipientEncryptedKey, (st)) -# define sk_CMS_RecipientEncryptedKey_pop(st) SKM_sk_pop(CMS_RecipientEncryptedKey, (st)) -# define sk_CMS_RecipientEncryptedKey_sort(st) SKM_sk_sort(CMS_RecipientEncryptedKey, (st)) -# define sk_CMS_RecipientEncryptedKey_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientEncryptedKey, (st)) -# define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp)) -# define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) -# define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) -# define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) -# define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) -# define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) -# define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) -# define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) -# define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) -# define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) -# define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) -# define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) -# define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) -# define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) -# define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) -# define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) -# define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) -# define sk_CMS_RecipientInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientInfo, (st), (copy_func), (free_func)) -# define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) -# define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) -# define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) -# define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) -# define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp)) -# define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) -# define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) -# define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) -# define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) -# define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) -# define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) -# define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) -# define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) -# define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) -# define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) -# define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) -# define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) -# define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) -# define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) -# define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) -# define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) -# define sk_CMS_RevocationInfoChoice_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RevocationInfoChoice, (st), (copy_func), (free_func)) -# define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) -# define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) -# define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) -# define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) -# define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp)) -# define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) -# define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) -# define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) -# define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) -# define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) -# define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) -# define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) -# define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) -# define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) -# define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) -# define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) -# define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) -# define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) -# define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) -# define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) -# define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) -# define sk_CMS_SignerInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_SignerInfo, (st), (copy_func), (free_func)) -# define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) -# define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) -# define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) -# define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) -# define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp)) -# define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) -# define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) -# define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) -# define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) -# define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) -# define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) -# define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) -# define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) -# define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) -# define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) -# define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) -# define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) -# define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) -# define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) -# define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) -# define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) -# define sk_CONF_IMODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_IMODULE, (st), (copy_func), (free_func)) -# define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) -# define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) -# define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) -# define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) -# define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp)) -# define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) -# define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) -# define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) -# define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) -# define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) -# define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) -# define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) -# define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) -# define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) -# define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) -# define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) -# define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) -# define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) -# define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) -# define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) -# define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) -# define sk_CONF_MODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_MODULE, (st), (copy_func), (free_func)) -# define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) -# define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) -# define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) -# define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) -# define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp)) -# define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) -# define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) -# define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) -# define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i)) -# define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val)) -# define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st)) -# define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) -# define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) -# define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) -# define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) -# define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) -# define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) -# define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) -# define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) -# define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) -# define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) -# define sk_CONF_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_VALUE, (st), (copy_func), (free_func)) -# define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) -# define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) -# define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) -# define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) -# define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) -# define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) -# define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) -# define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) -# define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) -# define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) -# define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) -# define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) -# define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) -# define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) -# define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) -# define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) -# define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) -# define sk_CRYPTO_EX_DATA_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_EX_DATA_FUNCS, (st), (copy_func), (free_func)) -# define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) -# define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) -# define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) -# define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) -# define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i)) -# define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val)) -# define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st)) -# define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) -# define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) -# define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) -# define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) -# define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) -# define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) -# define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) -# define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) -# define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) -# define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) -# define sk_CRYPTO_dynlock_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_dynlock, (st), (copy_func), (free_func)) -# define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) -# define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) -# define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) -# define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) -# define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) -# define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) -# define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) -# define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) -# define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i)) -# define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val)) -# define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st)) -# define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) -# define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) -# define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) -# define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) -# define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) -# define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) -# define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) -# define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) -# define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) -# define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) -# define sk_DIST_POINT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(DIST_POINT, (st), (copy_func), (free_func)) -# define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) -# define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) -# define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) -# define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) -# define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp)) -# define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) -# define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) -# define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) -# define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i)) -# define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val)) -# define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st)) -# define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) -# define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) -# define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) -# define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) -# define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) -# define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) -# define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) -# define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) -# define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) -# define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) -# define sk_ENGINE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE, (st), (copy_func), (free_func)) -# define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) -# define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) -# define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) -# define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) -# define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp)) -# define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) -# define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) -# define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) -# define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i)) -# define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val)) -# define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st)) -# define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) -# define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) -# define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) -# define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) -# define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) -# define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) -# define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) -# define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) -# define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) -# define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) -# define sk_ENGINE_CLEANUP_ITEM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE_CLEANUP_ITEM, (st), (copy_func), (free_func)) -# define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) -# define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) -# define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) -# define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) -# define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp)) -# define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID) -# define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st)) -# define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st)) -# define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i)) -# define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val)) -# define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st)) -# define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val)) -# define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val)) -# define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val)) -# define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val)) -# define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i)) -# define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr)) -# define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i)) -# define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp)) -# define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st) -# define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func)) -# define sk_ESS_CERT_ID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ESS_CERT_ID, (st), (copy_func), (free_func)) -# define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st)) -# define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st)) -# define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) -# define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) -# define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) -# define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) -# define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) -# define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st)) -# define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i)) -# define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val)) -# define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st)) -# define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val)) -# define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val)) -# define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val)) -# define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val)) -# define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i)) -# define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr)) -# define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i)) -# define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp)) -# define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st) -# define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func)) -# define sk_EVP_MD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_MD, (st), (copy_func), (free_func)) -# define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st)) -# define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st)) -# define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) -# define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) -# define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp)) -# define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL) -# define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st)) -# define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st)) -# define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i)) -# define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val)) -# define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st)) -# define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val)) -# define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val)) -# define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val)) -# define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val)) -# define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i)) -# define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr)) -# define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i)) -# define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp)) -# define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st) -# define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func)) -# define sk_EVP_PBE_CTL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PBE_CTL, (st), (copy_func), (free_func)) -# define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st)) -# define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st)) -# define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st)) -# define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st)) -# define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) -# define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) -# define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) -# define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) -# define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) -# define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) -# define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) -# define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) -# define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) -# define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) -# define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) -# define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) -# define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) -# define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) -# define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) -# define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) -# define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) -# define sk_EVP_PKEY_ASN1_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_ASN1_METHOD, (st), (copy_func), (free_func)) -# define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) -# define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) -# define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) -# define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) -# define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp)) -# define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD) -# define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st)) -# define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st)) -# define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i)) -# define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val)) -# define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st)) -# define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val)) -# define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val)) -# define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val)) -# define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val)) -# define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i)) -# define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr)) -# define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i)) -# define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp)) -# define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st) -# define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func)) -# define sk_EVP_PKEY_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_METHOD, (st), (copy_func), (free_func)) -# define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st)) -# define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st)) -# define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) -# define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) -# define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) -# define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) -# define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) -# define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) -# define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i)) -# define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val)) -# define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st)) -# define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) -# define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) -# define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) -# define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) -# define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) -# define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) -# define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) -# define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) -# define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) -# define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) -# define sk_GENERAL_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAME, (st), (copy_func), (free_func)) -# define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) -# define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) -# define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) -# define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) -# define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp)) -# define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) -# define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) -# define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) -# define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) -# define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) -# define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) -# define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) -# define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) -# define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) -# define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) -# define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) -# define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) -# define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) -# define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) -# define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) -# define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) -# define sk_GENERAL_NAMES_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAMES, (st), (copy_func), (free_func)) -# define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) -# define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) -# define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) -# define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) -# define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp)) -# define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) -# define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) -# define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) -# define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) -# define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) -# define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) -# define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) -# define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) -# define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) -# define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) -# define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) -# define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) -# define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) -# define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) -# define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) -# define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) -# define sk_GENERAL_SUBTREE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_SUBTREE, (st), (copy_func), (free_func)) -# define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) -# define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) -# define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) -# define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) -# define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp)) -# define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) -# define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) -# define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) -# define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) -# define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) -# define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) -# define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) -# define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) -# define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) -# define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) -# define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) -# define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) -# define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) -# define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) -# define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) -# define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) -# define sk_IPAddressFamily_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressFamily, (st), (copy_func), (free_func)) -# define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) -# define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) -# define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) -# define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) -# define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp)) -# define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) -# define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) -# define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) -# define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) -# define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) -# define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) -# define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) -# define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) -# define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) -# define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) -# define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) -# define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) -# define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) -# define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) -# define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) -# define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) -# define sk_IPAddressOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressOrRange, (st), (copy_func), (free_func)) -# define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) -# define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) -# define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) -# define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) -# define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp)) -# define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) -# define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) -# define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) -# define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) -# define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) -# define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) -# define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) -# define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) -# define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) -# define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) -# define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) -# define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) -# define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) -# define sk_KRB5_APREQBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_APREQBODY, (st), (copy_func), (free_func)) -# define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) -# define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp)) -# define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) -# define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) -# define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) -# define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) -# define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) -# define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) -# define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) -# define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) -# define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) -# define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) -# define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) -# define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) -# define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) -# define sk_KRB5_AUTHDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHDATA, (st), (copy_func), (free_func)) -# define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp)) -# define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) -# define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) -# define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) -# define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) -# define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) -# define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) -# define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) -# define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) -# define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) -# define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) -# define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) -# define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) -# define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) -# define sk_KRB5_AUTHENTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHENTBODY, (st), (copy_func), (free_func)) -# define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp)) -# define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) -# define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) -# define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) -# define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) -# define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) -# define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) -# define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) -# define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) -# define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) -# define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) -# define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) -# define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) -# define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) -# define sk_KRB5_CHECKSUM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_CHECKSUM, (st), (copy_func), (free_func)) -# define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) -# define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp)) -# define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) -# define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) -# define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) -# define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) -# define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) -# define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) -# define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) -# define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) -# define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) -# define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) -# define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) -# define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) -# define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) -# define sk_KRB5_ENCDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCDATA, (st), (copy_func), (free_func)) -# define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp)) -# define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) -# define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) -# define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) -# define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) -# define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) -# define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) -# define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) -# define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) -# define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) -# define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) -# define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) -# define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) -# define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) -# define sk_KRB5_ENCKEY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCKEY, (st), (copy_func), (free_func)) -# define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) -# define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp)) -# define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) -# define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) -# define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) -# define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) -# define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) -# define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) -# define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) -# define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) -# define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) -# define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) -# define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) -# define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) -# define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) -# define sk_KRB5_PRINCNAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_PRINCNAME, (st), (copy_func), (free_func)) -# define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) -# define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp)) -# define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) -# define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) -# define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) -# define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) -# define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) -# define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) -# define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) -# define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) -# define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) -# define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) -# define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) -# define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) -# define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) -# define sk_KRB5_TKTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_TKTBODY, (st), (copy_func), (free_func)) -# define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) -# define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp)) -# define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA) -# define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st)) -# define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st)) -# define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i)) -# define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val)) -# define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st)) -# define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val)) -# define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val)) -# define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val)) -# define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val)) -# define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i)) -# define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr)) -# define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i)) -# define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp)) -# define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st) -# define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func)) -# define sk_MEM_OBJECT_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MEM_OBJECT_DATA, (st), (copy_func), (free_func)) -# define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st)) -# define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st)) -# define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st)) -# define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st)) -# define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp)) -# define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) -# define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) -# define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) -# define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) -# define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) -# define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) -# define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) -# define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) -# define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) -# define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) -# define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) -# define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) -# define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) -# define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) -# define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) -# define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) -# define sk_MIME_HEADER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_HEADER, (st), (copy_func), (free_func)) -# define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) -# define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) -# define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) -# define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) -# define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp)) -# define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) -# define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) -# define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) -# define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) -# define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) -# define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) -# define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) -# define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) -# define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) -# define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) -# define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) -# define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) -# define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) -# define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) -# define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) -# define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) -# define sk_MIME_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_PARAM, (st), (copy_func), (free_func)) -# define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) -# define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) -# define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) -# define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) -# define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp)) -# define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) -# define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) -# define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) -# define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i)) -# define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val)) -# define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st)) -# define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) -# define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) -# define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) -# define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) -# define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) -# define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) -# define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) -# define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) -# define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) -# define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) -# define sk_NAME_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(NAME_FUNCS, (st), (copy_func), (free_func)) -# define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) -# define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) -# define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) -# define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) -# define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp)) -# define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) -# define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) -# define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) -# define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) -# define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) -# define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) -# define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) -# define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) -# define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) -# define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) -# define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) -# define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) -# define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) -# define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) -# define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) -# define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) -# define sk_OCSP_CERTID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_CERTID, (st), (copy_func), (free_func)) -# define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) -# define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) -# define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) -# define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) -# define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp)) -# define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) -# define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) -# define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) -# define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) -# define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) -# define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) -# define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) -# define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) -# define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) -# define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) -# define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) -# define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) -# define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) -# define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) -# define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) -# define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) -# define sk_OCSP_ONEREQ_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_ONEREQ, (st), (copy_func), (free_func)) -# define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) -# define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) -# define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) -# define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) -# define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp)) -# define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) -# define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) -# define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) -# define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) -# define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) -# define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) -# define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) -# define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) -# define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) -# define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) -# define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) -# define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) -# define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) -# define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) -# define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) -# define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) -# define sk_OCSP_RESPID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_RESPID, (st), (copy_func), (free_func)) -# define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) -# define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) -# define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) -# define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) -# define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp)) -# define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) -# define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) -# define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) -# define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) -# define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) -# define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) -# define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) -# define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) -# define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) -# define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) -# define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) -# define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) -# define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) -# define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) -# define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) -# define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) -# define sk_OCSP_SINGLERESP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_SINGLERESP, (st), (copy_func), (free_func)) -# define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) -# define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) -# define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) -# define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) -# define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp)) -# define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) -# define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) -# define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) -# define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i)) -# define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val)) -# define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st)) -# define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) -# define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) -# define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) -# define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) -# define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) -# define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) -# define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) -# define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) -# define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) -# define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) -# define sk_PKCS12_SAFEBAG_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS12_SAFEBAG, (st), (copy_func), (free_func)) -# define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) -# define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) -# define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) -# define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) -# define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp)) -# define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) -# define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) -# define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) -# define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i)) -# define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val)) -# define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st)) -# define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) -# define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) -# define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) -# define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) -# define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) -# define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) -# define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) -# define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) -# define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) -# define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) -# define sk_PKCS7_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7, (st), (copy_func), (free_func)) -# define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) -# define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) -# define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) -# define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) -# define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp)) -# define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) -# define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) -# define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) -# define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i)) -# define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val)) -# define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st)) -# define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) -# define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) -# define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) -# define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) -# define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) -# define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) -# define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) -# define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) -# define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) -# define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) -# define sk_PKCS7_RECIP_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_RECIP_INFO, (st), (copy_func), (free_func)) -# define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) -# define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) -# define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) -# define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) -# define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp)) -# define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) -# define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) -# define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) -# define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i)) -# define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val)) -# define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st)) -# define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) -# define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) -# define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) -# define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) -# define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) -# define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) -# define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) -# define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) -# define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) -# define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) -# define sk_PKCS7_SIGNER_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_SIGNER_INFO, (st), (copy_func), (free_func)) -# define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) -# define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) -# define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) -# define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) -# define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp)) -# define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) -# define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) -# define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) -# define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i)) -# define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val)) -# define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st)) -# define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) -# define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) -# define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) -# define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) -# define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) -# define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) -# define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) -# define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) -# define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) -# define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) -# define sk_POLICYINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYINFO, (st), (copy_func), (free_func)) -# define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) -# define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) -# define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) -# define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) -# define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp)) -# define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) -# define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) -# define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) -# define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i)) -# define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val)) -# define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st)) -# define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) -# define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) -# define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) -# define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) -# define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) -# define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) -# define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) -# define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) -# define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) -# define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) -# define sk_POLICYQUALINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYQUALINFO, (st), (copy_func), (free_func)) -# define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) -# define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) -# define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) -# define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) -# define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp)) -# define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) -# define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) -# define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) -# define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) -# define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) -# define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) -# define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) -# define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) -# define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) -# define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) -# define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) -# define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) -# define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) -# define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) -# define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) -# define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) -# define sk_POLICY_MAPPING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICY_MAPPING, (st), (copy_func), (free_func)) -# define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) -# define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) -# define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) -# define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) -# define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp)) -# define sk_SCT_new_null() SKM_sk_new_null(SCT) -# define sk_SCT_free(st) SKM_sk_free(SCT, (st)) -# define sk_SCT_num(st) SKM_sk_num(SCT, (st)) -# define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i)) -# define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val)) -# define sk_SCT_zero(st) SKM_sk_zero(SCT, (st)) -# define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val)) -# define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val)) -# define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val)) -# define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val)) -# define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i)) -# define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr)) -# define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i)) -# define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp)) -# define sk_SCT_dup(st) SKM_sk_dup(SCT, st) -# define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func)) -# define sk_SCT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SCT, (st), (copy_func), (free_func)) -# define sk_SCT_shift(st) SKM_sk_shift(SCT, (st)) -# define sk_SCT_pop(st) SKM_sk_pop(SCT, (st)) -# define sk_SCT_sort(st) SKM_sk_sort(SCT, (st)) -# define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st)) -# define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp)) -# define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN) -# define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st)) -# define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st)) -# define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i)) -# define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val)) -# define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st)) -# define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val)) -# define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val)) -# define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val)) -# define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val)) -# define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i)) -# define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr)) -# define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i)) -# define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp)) -# define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st) -# define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func)) -# define sk_SRP_gN_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN, (st), (copy_func), (free_func)) -# define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st)) -# define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st)) -# define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st)) -# define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st)) -# define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp)) -# define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache) -# define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st)) -# define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st)) -# define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i)) -# define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val)) -# define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st)) -# define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val)) -# define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val)) -# define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val)) -# define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val)) -# define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i)) -# define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr)) -# define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i)) -# define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp)) -# define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st) -# define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func)) -# define sk_SRP_gN_cache_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN_cache, (st), (copy_func), (free_func)) -# define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st)) -# define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st)) -# define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st)) -# define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st)) -# define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp)) -# define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd) -# define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st)) -# define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st)) -# define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i)) -# define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val)) -# define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st)) -# define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val)) -# define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val)) -# define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val)) -# define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val)) -# define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i)) -# define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr)) -# define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i)) -# define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp)) -# define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st) -# define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func)) -# define sk_SRP_user_pwd_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_user_pwd, (st), (copy_func), (free_func)) -# define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st)) -# define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st)) -# define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st)) -# define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st)) -# define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) -# define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) -# define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) -# define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st)) -# define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i)) -# define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val)) -# define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st)) -# define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val)) -# define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val)) -# define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val)) -# define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val)) -# define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i)) -# define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr)) -# define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i)) -# define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp)) -# define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st) -# define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func)) -# define sk_SRTP_PROTECTION_PROFILE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRTP_PROTECTION_PROFILE, (st), (copy_func), (free_func)) -# define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st)) -# define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st)) -# define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st)) -# define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st)) -# define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) -# define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) -# define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) -# define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) -# define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i)) -# define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val)) -# define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st)) -# define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) -# define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) -# define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) -# define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) -# define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) -# define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) -# define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) -# define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) -# define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) -# define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) -# define sk_SSL_CIPHER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_CIPHER, (st), (copy_func), (free_func)) -# define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) -# define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) -# define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) -# define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) -# define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp)) -# define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) -# define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) -# define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) -# define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i)) -# define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val)) -# define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st)) -# define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) -# define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) -# define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) -# define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) -# define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) -# define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) -# define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) -# define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) -# define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) -# define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) -# define sk_SSL_COMP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_COMP, (st), (copy_func), (free_func)) -# define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) -# define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) -# define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) -# define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) -# define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp)) -# define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY) -# define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st)) -# define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st)) -# define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i)) -# define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val)) -# define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st)) -# define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val)) -# define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val)) -# define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val)) -# define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val)) -# define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i)) -# define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr)) -# define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i)) -# define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp)) -# define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st) -# define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func)) -# define sk_STACK_OF_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STACK_OF_X509_NAME_ENTRY, (st), (copy_func), (free_func)) -# define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st)) -# define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st)) -# define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st)) -# define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st)) -# define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp)) -# define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO) -# define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st)) -# define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st)) -# define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i)) -# define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val)) -# define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st)) -# define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val)) -# define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val)) -# define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val)) -# define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val)) -# define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i)) -# define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr)) -# define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i)) -# define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp)) -# define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st) -# define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func)) -# define sk_STORE_ATTR_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_ATTR_INFO, (st), (copy_func), (free_func)) -# define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st)) -# define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st)) -# define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st)) -# define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st)) -# define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp)) -# define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) -# define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) -# define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) -# define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) -# define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) -# define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) -# define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) -# define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) -# define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) -# define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) -# define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) -# define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) -# define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) -# define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) -# define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) -# define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) -# define sk_STORE_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_OBJECT, (st), (copy_func), (free_func)) -# define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) -# define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) -# define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) -# define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) -# define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp)) -# define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) -# define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) -# define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) -# define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i)) -# define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val)) -# define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st)) -# define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) -# define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) -# define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) -# define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) -# define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) -# define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) -# define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) -# define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) -# define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) -# define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) -# define sk_SXNETID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SXNETID, (st), (copy_func), (free_func)) -# define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) -# define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) -# define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) -# define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) -# define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) -# define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) -# define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) -# define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) -# define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i)) -# define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val)) -# define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st)) -# define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) -# define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) -# define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) -# define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) -# define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) -# define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) -# define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) -# define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) -# define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) -# define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) -# define sk_UI_STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(UI_STRING, (st), (copy_func), (free_func)) -# define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) -# define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) -# define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) -# define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) -# define sk_X509_new(cmp) SKM_sk_new(X509, (cmp)) -# define sk_X509_new_null() SKM_sk_new_null(X509) -# define sk_X509_free(st) SKM_sk_free(X509, (st)) -# define sk_X509_num(st) SKM_sk_num(X509, (st)) -# define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i)) -# define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val)) -# define sk_X509_zero(st) SKM_sk_zero(X509, (st)) -# define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) -# define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) -# define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) -# define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) -# define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) -# define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) -# define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) -# define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) -# define sk_X509_dup(st) SKM_sk_dup(X509, st) -# define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) -# define sk_X509_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509, (st), (copy_func), (free_func)) -# define sk_X509_shift(st) SKM_sk_shift(X509, (st)) -# define sk_X509_pop(st) SKM_sk_pop(X509, (st)) -# define sk_X509_sort(st) SKM_sk_sort(X509, (st)) -# define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) -# define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp)) -# define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) -# define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) -# define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) -# define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i)) -# define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val)) -# define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st)) -# define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) -# define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) -# define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) -# define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) -# define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) -# define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) -# define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) -# define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) -# define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) -# define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) -# define sk_X509V3_EXT_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509V3_EXT_METHOD, (st), (copy_func), (free_func)) -# define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) -# define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) -# define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) -# define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) -# define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp)) -# define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) -# define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) -# define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) -# define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i)) -# define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val)) -# define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st)) -# define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) -# define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) -# define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) -# define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) -# define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) -# define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) -# define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) -# define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) -# define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) -# define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) -# define sk_X509_ALGOR_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ALGOR, (st), (copy_func), (free_func)) -# define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) -# define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) -# define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) -# define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) -# define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp)) -# define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) -# define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) -# define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) -# define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i)) -# define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val)) -# define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st)) -# define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) -# define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) -# define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) -# define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) -# define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) -# define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) -# define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) -# define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) -# define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) -# define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) -# define sk_X509_ATTRIBUTE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ATTRIBUTE, (st), (copy_func), (free_func)) -# define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) -# define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) -# define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) -# define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) -# define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp)) -# define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) -# define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) -# define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) -# define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i)) -# define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val)) -# define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st)) -# define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) -# define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) -# define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) -# define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) -# define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) -# define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) -# define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) -# define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) -# define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) -# define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) -# define sk_X509_CRL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_CRL, (st), (copy_func), (free_func)) -# define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) -# define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) -# define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) -# define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) -# define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp)) -# define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) -# define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) -# define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) -# define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i)) -# define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val)) -# define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st)) -# define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) -# define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) -# define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) -# define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) -# define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) -# define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) -# define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) -# define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) -# define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) -# define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) -# define sk_X509_EXTENSION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_EXTENSION, (st), (copy_func), (free_func)) -# define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) -# define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) -# define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) -# define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) -# define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp)) -# define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) -# define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) -# define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) -# define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i)) -# define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val)) -# define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st)) -# define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) -# define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) -# define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) -# define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) -# define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) -# define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) -# define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) -# define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) -# define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) -# define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) -# define sk_X509_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_INFO, (st), (copy_func), (free_func)) -# define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) -# define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) -# define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) -# define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) -# define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp)) -# define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) -# define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) -# define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) -# define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i)) -# define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val)) -# define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st)) -# define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) -# define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) -# define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) -# define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) -# define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) -# define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) -# define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) -# define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) -# define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) -# define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) -# define sk_X509_LOOKUP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_LOOKUP, (st), (copy_func), (free_func)) -# define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) -# define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) -# define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) -# define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) -# define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp)) -# define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) -# define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) -# define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) -# define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i)) -# define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val)) -# define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st)) -# define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) -# define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) -# define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) -# define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) -# define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) -# define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) -# define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) -# define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) -# define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) -# define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) -# define sk_X509_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME, (st), (copy_func), (free_func)) -# define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) -# define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) -# define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) -# define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) -# define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp)) -# define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) -# define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) -# define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) -# define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i)) -# define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val)) -# define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st)) -# define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) -# define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) -# define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) -# define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) -# define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) -# define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) -# define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) -# define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) -# define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) -# define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) -# define sk_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME_ENTRY, (st), (copy_func), (free_func)) -# define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) -# define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) -# define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) -# define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) -# define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp)) -# define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) -# define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) -# define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) -# define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i)) -# define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val)) -# define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st)) -# define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) -# define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) -# define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) -# define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) -# define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) -# define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) -# define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) -# define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) -# define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) -# define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) -# define sk_X509_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_OBJECT, (st), (copy_func), (free_func)) -# define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) -# define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) -# define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) -# define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) -# define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp)) -# define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) -# define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) -# define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) -# define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) -# define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) -# define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) -# define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) -# define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) -# define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) -# define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) -# define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) -# define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) -# define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) -# define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) -# define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) -# define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) -# define sk_X509_POLICY_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_DATA, (st), (copy_func), (free_func)) -# define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) -# define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) -# define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) -# define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) -# define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp)) -# define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) -# define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) -# define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) -# define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) -# define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) -# define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) -# define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) -# define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) -# define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) -# define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) -# define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) -# define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) -# define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) -# define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) -# define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) -# define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) -# define sk_X509_POLICY_NODE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_NODE, (st), (copy_func), (free_func)) -# define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) -# define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) -# define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) -# define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) -# define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) -# define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) -# define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) -# define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) -# define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i)) -# define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val)) -# define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st)) -# define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) -# define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) -# define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) -# define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) -# define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) -# define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) -# define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) -# define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) -# define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) -# define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) -# define sk_X509_PURPOSE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_PURPOSE, (st), (copy_func), (free_func)) -# define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) -# define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) -# define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) -# define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) -# define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) -# define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) -# define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) -# define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) -# define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i)) -# define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val)) -# define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st)) -# define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) -# define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) -# define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) -# define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) -# define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) -# define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) -# define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) -# define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) -# define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) -# define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) -# define sk_X509_REVOKED_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_REVOKED, (st), (copy_func), (free_func)) -# define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) -# define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) -# define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) -# define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) -# define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp)) -# define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) -# define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) -# define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) -# define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i)) -# define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val)) -# define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st)) -# define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) -# define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) -# define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) -# define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) -# define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) -# define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) -# define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) -# define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) -# define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) -# define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) -# define sk_X509_TRUST_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_TRUST, (st), (copy_func), (free_func)) -# define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) -# define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) -# define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) -# define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) -# define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) -# define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) -# define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) -# define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) -# define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) -# define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) -# define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) -# define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) -# define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) -# define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) -# define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) -# define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) -# define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) -# define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) -# define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) -# define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) -# define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) -# define sk_X509_VERIFY_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_VERIFY_PARAM, (st), (copy_func), (free_func)) -# define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) -# define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) -# define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) -# define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) -# define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp)) -# define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple) -# define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st)) -# define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st)) -# define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i)) -# define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val)) -# define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st)) -# define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val)) -# define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val)) -# define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val)) -# define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val)) -# define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i)) -# define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr)) -# define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i)) -# define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp)) -# define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st) -# define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func)) -# define sk_nid_triple_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(nid_triple, (st), (copy_func), (free_func)) -# define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st)) -# define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st)) -# define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st)) -# define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st)) -# define sk_void_new(cmp) SKM_sk_new(void, (cmp)) -# define sk_void_new_null() SKM_sk_new_null(void) -# define sk_void_free(st) SKM_sk_free(void, (st)) -# define sk_void_num(st) SKM_sk_num(void, (st)) -# define sk_void_value(st, i) SKM_sk_value(void, (st), (i)) -# define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val)) -# define sk_void_zero(st) SKM_sk_zero(void, (st)) -# define sk_void_push(st, val) SKM_sk_push(void, (st), (val)) -# define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val)) -# define sk_void_find(st, val) SKM_sk_find(void, (st), (val)) -# define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val)) -# define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i)) -# define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr)) -# define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i)) -# define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp)) -# define sk_void_dup(st) SKM_sk_dup(void, st) -# define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func)) -# define sk_void_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(void, (st), (copy_func), (free_func)) -# define sk_void_shift(st) SKM_sk_shift(void, (st)) -# define sk_void_pop(st) SKM_sk_pop(void, (st)) -# define sk_void_sort(st) SKM_sk_sort(void, (st)) -# define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) -# define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) -# define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) -# define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) -# define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) -# define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) -# define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) -# define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC(char, free_func)) -# define sk_OPENSSL_STRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_COPY_FUNC(char, copy_func), CHECKED_SK_FREE_FUNC(char, free_func))) -# define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) -# define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) -# define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) -# define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) -# define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) -# define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) -# define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) -# define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) -# define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ - ((int (*)(const char * const *,const char * const *)) \ - sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) -# define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) -# define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) -# define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) -# define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) -# define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) -# define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) -# define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) -# define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) -# define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) -# define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) -# define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) -# define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC(void, free_func)) -# define sk_OPENSSL_BLOCK_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_BLOCK) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_COPY_FUNC(void, copy_func), CHECKED_SK_FREE_FUNC(void, free_func))) -# define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) -# define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) -# define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) -# define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) -# define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) -# define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) -# define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) -# define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) -# define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ - ((int (*)(const void * const *,const void * const *)) \ - sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) -# define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) -# define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) -# define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) -# define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) -# define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) -# define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) -# define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) -# define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) -# define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) -# define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func)) -# define sk_OPENSSL_PSTRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_PSTRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_COPY_FUNC(OPENSSL_STRING, copy_func), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func))) -# define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) -# define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) -# define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) -# define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) -# define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) -# define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ - ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ - sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) -# define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) -# define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) -# define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) -# define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) -# define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) -# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) -# define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) -# define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ - SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) -# define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ - SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) -# define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) -# define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) -# define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) -# define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst) -# define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn) -# define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg) -# define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh) -# define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh) -# define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh) -# define lh_ADDED_OBJ_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(ADDED_OBJ,lh,out) -# define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out) -# define lh_ADDED_OBJ_stats_bio(lh,out) \ - LHM_lh_stats_bio(ADDED_OBJ,lh,out) -# define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) -# define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info) -# define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst) -# define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst) -# define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst) -# define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn) -# define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg) -# define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh) -# define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh) -# define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh) -# define lh_APP_INFO_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(APP_INFO,lh,out) -# define lh_APP_INFO_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(APP_INFO,lh,out) -# define lh_APP_INFO_stats_bio(lh,out) \ - LHM_lh_stats_bio(APP_INFO,lh,out) -# define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh) -# define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) -# define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst) -# define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst) -# define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst) -# define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn) -# define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg) -# define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh) -# define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh) -# define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh) -# define lh_CONF_VALUE_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(CONF_VALUE,lh,out) -# define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out) -# define lh_CONF_VALUE_stats_bio(lh,out) \ - LHM_lh_stats_bio(CONF_VALUE,lh,out) -# define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) -# define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile) -# define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst) -# define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst) -# define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst) -# define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn) -# define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg) -# define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh) -# define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh) -# define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh) -# define lh_ENGINE_PILE_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(ENGINE_PILE,lh,out) -# define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out) -# define lh_ENGINE_PILE_stats_bio(lh,out) \ - LHM_lh_stats_bio(ENGINE_PILE,lh,out) -# define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh) -# define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) -# define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst) -# define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst) -# define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst) -# define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn) -# define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg) -# define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh) -# define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh) -# define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh) -# define lh_ERR_STATE_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(ERR_STATE,lh,out) -# define lh_ERR_STATE_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out) -# define lh_ERR_STATE_stats_bio(lh,out) \ - LHM_lh_stats_bio(ERR_STATE,lh,out) -# define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) -# define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) -# define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst) -# define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst) -# define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst) -# define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn) -# define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg) -# define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh) -# define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh) -# define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh) -# define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out) -# define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out) -# define lh_ERR_STRING_DATA_stats_bio(lh,out) \ - LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) -# define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) -# define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) -# define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) -# define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) -# define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst) -# define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn) -# define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) -# define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) -# define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) -# define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh) -# define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out) -# define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out) -# define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ - LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) -# define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) -# define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) -# define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) -# define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) -# define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst) -# define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn) -# define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg) -# define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh) -# define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh) -# define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh) -# define lh_FUNCTION_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(FUNCTION,lh,out) -# define lh_FUNCTION_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(FUNCTION,lh,out) -# define lh_FUNCTION_stats_bio(lh,out) \ - LHM_lh_stats_bio(FUNCTION,lh,out) -# define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) -# define lh_MEM_new() LHM_lh_new(MEM,mem) -# define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst) -# define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst) -# define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst) -# define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn) -# define lh_MEM_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg) -# define lh_MEM_error(lh) LHM_lh_error(MEM,lh) -# define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh) -# define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh) -# define lh_MEM_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(MEM,lh,out) -# define lh_MEM_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(MEM,lh,out) -# define lh_MEM_stats_bio(lh,out) \ - LHM_lh_stats_bio(MEM,lh,out) -# define lh_MEM_free(lh) LHM_lh_free(MEM,lh) -# define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) -# define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst) -# define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst) -# define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst) -# define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn) -# define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg) -# define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh) -# define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh) -# define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh) -# define lh_OBJ_NAME_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(OBJ_NAME,lh,out) -# define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out) -# define lh_OBJ_NAME_stats_bio(lh,out) \ - LHM_lh_stats_bio(OBJ_NAME,lh,out) -# define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) -# define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring) -# define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst) -# define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst) -# define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst) -# define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn) -# define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg) -# define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh) -# define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh) -# define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh) -# define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out) -# define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out) -# define lh_OPENSSL_CSTRING_stats_bio(lh,out) \ - LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out) -# define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh) -# define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) -# define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) -# define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) -# define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst) -# define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn) -# define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) -# define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) -# define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) -# define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh) -# define lh_OPENSSL_STRING_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out) -# define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out) -# define lh_OPENSSL_STRING_stats_bio(lh,out) \ - LHM_lh_stats_bio(OPENSSL_STRING,lh,out) -# define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) -# define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) -# define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) -# define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) -# define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst) -# define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn) -# define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \ - LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg) -# define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh) -# define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh) -# define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh) -# define lh_SSL_SESSION_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(SSL_SESSION,lh,out) -# define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out) -# define lh_SSL_SESSION_stats_bio(lh,out) \ - LHM_lh_stats_bio(SSL_SESSION,lh,out) -# define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) -#ifdef __cplusplus +# ifdef __cplusplus } +# endif #endif -#endif /* !defined HEADER_SAFESTACK_H */ diff --git a/include/openssl/seed.h b/include/openssl/seed.h index 8cbf0d9281..918f70c658 100644 --- a/include/openssl/seed.h +++ b/include/openssl/seed.h @@ -115,10 +115,6 @@ typedef struct seed_key_st { # endif } SEED_KEY_SCHEDULE; -# ifdef OPENSSL_FIPS -void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], - SEED_KEY_SCHEDULE *ks); -# endif void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); diff --git a/include/openssl/sha.h b/include/openssl/sha.h index e5169e4fee..27c7cab936 100644 --- a/include/openssl/sha.h +++ b/include/openssl/sha.h @@ -1,4 +1,3 @@ -/* crypto/sha/sha.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,29 +65,12 @@ extern "C" { #endif -# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) -# error SHA is disabled. -# endif - -# if defined(OPENSSL_FIPS) -# define FIPS_SHA_SIZE_T size_t -# endif - /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! SHA_LONG_LOG2 has to be defined along. ! + * ! SHA_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ - -# if defined(__LP32__) -# define SHA_LONG unsigned long -# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -# define SHA_LONG unsigned long -# define SHA_LONG_LOG2 3 -# else -# define SHA_LONG unsigned int -# endif +# define SHA_LONG unsigned int # define SHA_LBLOCK 16 # define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a @@ -104,32 +86,15 @@ typedef struct SHAstate_st { unsigned int num; } SHA_CTX; -# ifndef OPENSSL_NO_SHA0 -# ifdef OPENSSL_FIPS -int private_SHA_Init(SHA_CTX *c); -# endif -int SHA_Init(SHA_CTX *c); -int SHA_Update(SHA_CTX *c, const void *data, size_t len); -int SHA_Final(unsigned char *md, SHA_CTX *c); -unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); -void SHA_Transform(SHA_CTX *c, const unsigned char *data); -# endif -# ifndef OPENSSL_NO_SHA1 -# ifdef OPENSSL_FIPS -int private_SHA1_Init(SHA_CTX *c); -# endif int SHA1_Init(SHA_CTX *c); int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); void SHA1_Transform(SHA_CTX *c, const unsigned char *data); -# endif # define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a * contiguous array of 32 bit wide * big-endian values. */ -# define SHA224_DIGEST_LENGTH 28 -# define SHA256_DIGEST_LENGTH 32 typedef struct SHA256state_st { SHA_LONG h[8]; @@ -138,11 +103,6 @@ typedef struct SHA256state_st { unsigned int num, md_len; } SHA256_CTX; -# ifndef OPENSSL_NO_SHA256 -# ifdef OPENSSL_FIPS -int private_SHA224_Init(SHA256_CTX *c); -int private_SHA256_Init(SHA256_CTX *c); -# endif int SHA224_Init(SHA256_CTX *c); int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); int SHA224_Final(unsigned char *md, SHA256_CTX *c); @@ -152,12 +112,12 @@ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); int SHA256_Final(unsigned char *md, SHA256_CTX *c); unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); -# endif +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 # define SHA384_DIGEST_LENGTH 48 # define SHA512_DIGEST_LENGTH 64 -# ifndef OPENSSL_NO_SHA512 /* * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 * being exactly 64-bit wide. See Implementation Notes in sha512.c @@ -168,17 +128,17 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); * contiguous array of 64 bit * wide big-endian values. */ -# define SHA512_CBLOCK (SHA_LBLOCK*8) -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define SHA_LONG64 unsigned __int64 -# define U64(C) C##UI64 -# elif defined(__arch64__) -# define SHA_LONG64 unsigned long -# define U64(C) C##UL -# else -# define SHA_LONG64 unsigned long long -# define U64(C) C##ULL -# endif +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# define U64(C) C##UI64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# define U64(C) C##UL +# else +# define SHA_LONG64 unsigned long long +# define U64(C) C##ULL +# endif typedef struct SHA512state_st { SHA_LONG64 h[8]; @@ -189,13 +149,7 @@ typedef struct SHA512state_st { } u; unsigned int num, md_len; } SHA512_CTX; -# endif -# ifndef OPENSSL_NO_SHA512 -# ifdef OPENSSL_FIPS -int private_SHA384_Init(SHA512_CTX *c); -int private_SHA512_Init(SHA512_CTX *c); -# endif int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); @@ -205,7 +159,6 @@ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); int SHA512_Final(unsigned char *md, SHA512_CTX *c); unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); -# endif #ifdef __cplusplus } diff --git a/include/openssl/srp.h b/include/openssl/srp.h index d072536fec..4111d51827 100644 --- a/include/openssl/srp.h +++ b/include/openssl/srp.h @@ -1,4 +1,3 @@ -/* crypto/srp/srp.h */ /* * Written by Christophe Renou (christophe.renou@edelweb.fr) with the * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the @@ -60,18 +59,22 @@ #ifndef __SRP_H__ # define __SRP_H__ -# ifndef OPENSSL_NO_SRP +#include <openssl/opensslconf.h> -# include <stdio.h> -# include <string.h> +# ifdef OPENSSL_NO_SRP +# error SRP is disabled. +# endif + +# include <stdio.h> +# include <string.h> #ifdef __cplusplus extern "C" { #endif -# include <openssl/safestack.h> -# include <openssl/bn.h> -# include <openssl/crypto.h> +# include <openssl/safestack.h> +# include <openssl/bn.h> +# include <openssl/crypto.h> typedef struct SRP_gN_cache_st { char *b64_bn; @@ -79,18 +82,23 @@ typedef struct SRP_gN_cache_st { } SRP_gN_cache; -DECLARE_STACK_OF(SRP_gN_cache) +DEFINE_STACK_OF(SRP_gN_cache) typedef struct SRP_user_pwd_st { + /* Owned by us. */ char *id; BIGNUM *s; BIGNUM *v; + /* Not owned by us. */ const BIGNUM *g; const BIGNUM *N; + /* Owned by us. */ char *info; } SRP_user_pwd; -DECLARE_STACK_OF(SRP_user_pwd) +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + +DEFINE_STACK_OF(SRP_user_pwd) typedef struct SRP_VBASE_st { STACK_OF(SRP_user_pwd) *users_pwd; @@ -110,36 +118,42 @@ typedef struct SRP_gN_st { BIGNUM *N; } SRP_gN; -DECLARE_STACK_OF(SRP_gN) +DEFINE_STACK_OF(SRP_gN) SRP_VBASE *SRP_VBASE_new(char *seed_key); -int SRP_VBASE_free(SRP_VBASE *vb); +void SRP_VBASE_free(SRP_VBASE *vb); int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); -SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); + +/* This method ignores the configured seed and fails for an unknown user. */ +DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)) +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + char *SRP_create_verifier(const char *user, const char *pass, char **salt, char **verifier, const char *N, const char *g); int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, BIGNUM *N, BIGNUM *g); - -# define SRP_NO_ERROR 0 -# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 -# define SRP_ERR_VBASE_BN_LIB 2 -# define SRP_ERR_OPEN_FILE 3 -# define SRP_ERR_MEMORY 4 - -# define DB_srptype 0 -# define DB_srpverifier 1 -# define DB_srpsalt 2 -# define DB_srpid 3 -# define DB_srpgN 4 -# define DB_srpinfo 5 -# undef DB_NUMBER -# define DB_NUMBER 6 - -# define DB_SRP_INDEX 'I' -# define DB_SRP_VALID 'V' -# define DB_SRP_REVOKED 'R' -# define DB_SRP_MODIF 'v' + BIGNUM **verifier, const BIGNUM *N, + const BIGNUM *g); + +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' /* see srp.c */ char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N); @@ -159,11 +173,10 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u); int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); -# define SRP_MINIMAL_N 1024 +# define SRP_MINIMAL_N 1024 #ifdef __cplusplus } #endif -# endif #endif diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h index 2279c32b89..da9369ec2e 100644 --- a/include/openssl/srtp.h +++ b/include/openssl/srtp.h @@ -1,4 +1,3 @@ -/* ssl/srtp.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -130,13 +129,17 @@ extern "C" { # define SRTP_NULL_SHA1_80 0x0005 # define SRTP_NULL_SHA1_32 0x0006 +/* AEAD SRTP protection profiles from RFC 7714 */ +# define SRTP_AEAD_AES_128_GCM 0x0007 +# define SRTP_AEAD_AES_256_GCM 0x0008 + # ifndef OPENSSL_NO_SRTP -int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); -int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); +__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +__owur int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); -STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); -SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); +__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); # endif diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index ae8c92575e..92e0274aaa 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1,4 +1,3 @@ -/* ssl/ssl.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -144,78 +143,39 @@ # define HEADER_SSL_H # include <openssl/e_os2.h> +# include <openssl/opensslconf.h> -# ifndef OPENSSL_NO_COMP -# include <openssl/comp.h> -# endif -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif -# ifndef OPENSSL_NO_DEPRECATED -# ifndef OPENSSL_NO_X509 -# include <openssl/x509.h> -# endif +#ifndef OPENSSL_NO_COMP +# include <openssl/comp.h> +#endif +# include <openssl/bio.h> +# if OPENSSL_API_COMPAT < 0x10100000L +# include <openssl/x509.h> # include <openssl/crypto.h> # include <openssl/lhash.h> # include <openssl/buffer.h> # endif # include <openssl/pem.h> # include <openssl/hmac.h> +# include <openssl/async.h> -# include <openssl/kssl.h> # include <openssl/safestack.h> # include <openssl/symhacks.h> +# ifndef OPENSSL_NO_CT +# include <openssl/ct.h> +# endif #ifdef __cplusplus extern "C" { #endif -/* SSLeay version number for ASN.1 encoding of the session information */ +/* OpenSSL version number for ASN.1 encoding of the session information */ /*- * Version 0 - initial version * Version 1 - added the optional peer certificate */ # define SSL_SESSION_ASN1_VERSION 0x0001 -/* text strings for the ciphers */ -# define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 -# define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 -# define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 -# define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 -# define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 -# define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 -# define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 -# define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA -# define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 -# define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA - -/* - * VRS Additional Kerberos5 entries - */ -# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -# define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA -# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA -# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -# define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 -# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 - -# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -# define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA -# define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA -# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -# define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 -# define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 - -# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -# define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 - # define SSL_MAX_SSL_SESSION_ID_LENGTH 32 # define SSL_MAX_SID_CTX_LENGTH 32 @@ -223,20 +183,18 @@ extern "C" { # define SSL_MAX_KEY_ARG_LENGTH 8 # define SSL_MAX_MASTER_KEY_LENGTH 48 +/* The maximum number of encrypt/decrypt pipelines we can support */ +# define SSL_MAX_PIPELINES 32 + +/* text strings for the ciphers */ + /* These are used to specify which ciphers to use and not to use */ -# define SSL_TXT_EXP40 "EXPORT40" -# define SSL_TXT_EXP56 "EXPORT56" # define SSL_TXT_LOW "LOW" # define SSL_TXT_MEDIUM "MEDIUM" # define SSL_TXT_HIGH "HIGH" # define SSL_TXT_FIPS "FIPS" -# define SSL_TXT_kFZA "kFZA"/* unused! */ -# define SSL_TXT_aFZA "aFZA"/* unused! */ -# define SSL_TXT_eFZA "eFZA"/* unused! */ -# define SSL_TXT_FZA "FZA"/* unused! */ - # define SSL_TXT_aNULL "aNULL" # define SSL_TXT_eNULL "eNULL" # define SSL_TXT_NULL "NULL" @@ -245,15 +203,17 @@ extern "C" { # define SSL_TXT_kDHr "kDHr" # define SSL_TXT_kDHd "kDHd" # define SSL_TXT_kDH "kDH" -# define SSL_TXT_kEDH "kEDH" -# define SSL_TXT_kDHE "kDHE"/* alias for kEDH */ -# define SSL_TXT_kKRB5 "kKRB5" +# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ +# define SSL_TXT_kDHE "kDHE" # define SSL_TXT_kECDHr "kECDHr" # define SSL_TXT_kECDHe "kECDHe" # define SSL_TXT_kECDH "kECDH" -# define SSL_TXT_kEECDH "kEECDH" -# define SSL_TXT_kECDHE "kECDHE"/* alias for kEECDH */ +# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ +# define SSL_TXT_kECDHE "kECDHE" # define SSL_TXT_kPSK "kPSK" +# define SSL_TXT_kRSAPSK "kRSAPSK" +# define SSL_TXT_kECDHEPSK "kECDHEPSK" +# define SSL_TXT_kDHEPSK "kDHEPSK" # define SSL_TXT_kGOST "kGOST" # define SSL_TXT_kSRP "kSRP" @@ -261,26 +221,25 @@ extern "C" { # define SSL_TXT_aDSS "aDSS" # define SSL_TXT_aDH "aDH" # define SSL_TXT_aECDH "aECDH" -# define SSL_TXT_aKRB5 "aKRB5" # define SSL_TXT_aECDSA "aECDSA" # define SSL_TXT_aPSK "aPSK" -# define SSL_TXT_aGOST94 "aGOST94" -# define SSL_TXT_aGOST01 "aGOST01" -# define SSL_TXT_aGOST "aGOST" +# define SSL_TXT_aGOST94 "aGOST94" +# define SSL_TXT_aGOST01 "aGOST01" +# define SSL_TXT_aGOST12 "aGOST12" +# define SSL_TXT_aGOST "aGOST" # define SSL_TXT_aSRP "aSRP" # define SSL_TXT_DSS "DSS" # define SSL_TXT_DH "DH" -# define SSL_TXT_EDH "EDH"/* same as "kEDH:-ADH" */ -# define SSL_TXT_DHE "DHE"/* alias for EDH */ +# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ +# define SSL_TXT_EDH "EDH"/* alias for DHE */ # define SSL_TXT_ADH "ADH" # define SSL_TXT_RSA "RSA" # define SSL_TXT_ECDH "ECDH" -# define SSL_TXT_EECDH "EECDH"/* same as "kEECDH:-AECDH" */ -# define SSL_TXT_ECDHE "ECDHE"/* alias for ECDHE" */ +# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ +# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ # define SSL_TXT_AECDH "AECDH" # define SSL_TXT_ECDSA "ECDSA" -# define SSL_TXT_KRB5 "KRB5" # define SSL_TXT_PSK "PSK" # define SSL_TXT_SRP "SRP" @@ -294,27 +253,29 @@ extern "C" { # define SSL_TXT_AES256 "AES256" # define SSL_TXT_AES "AES" # define SSL_TXT_AES_GCM "AESGCM" +# define SSL_TXT_AES_CCM "AESCCM" +# define SSL_TXT_AES_CCM_8 "AESCCM8" # define SSL_TXT_CAMELLIA128 "CAMELLIA128" # define SSL_TXT_CAMELLIA256 "CAMELLIA256" # define SSL_TXT_CAMELLIA "CAMELLIA" +# define SSL_TXT_CHACHA20 "CHACHA20" +# define SSL_TXT_GOST "GOST89" # define SSL_TXT_MD5 "MD5" # define SSL_TXT_SHA1 "SHA1" # define SSL_TXT_SHA "SHA"/* same as "SHA1" */ # define SSL_TXT_GOST94 "GOST94" -# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_GOST89MAC "GOST89MAC" +# define SSL_TXT_GOST12 "GOST12" +# define SSL_TXT_GOST89MAC12 "GOST89MAC12" # define SSL_TXT_SHA256 "SHA256" # define SSL_TXT_SHA384 "SHA384" -# define SSL_TXT_SSLV2 "SSLv2" # define SSL_TXT_SSLV3 "SSLv3" # define SSL_TXT_TLSV1 "TLSv1" # define SSL_TXT_TLSV1_1 "TLSv1.1" # define SSL_TXT_TLSV1_2 "TLSv1.2" -# define SSL_TXT_EXP "EXP" -# define SSL_TXT_EXPORT "EXPORT" - # define SSL_TXT_ALL "ALL" /*- @@ -338,7 +299,7 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is @@ -358,10 +319,6 @@ extern "C" { extern "C" { #endif -# if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) -# define OPENSSL_NO_SSL2 -# endif - # define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 # define SSL_FILETYPE_PEM X509_FILETYPE_PEM @@ -376,8 +333,10 @@ typedef struct ssl_cipher_st SSL_CIPHER; typedef struct ssl_session_st SSL_SESSION; typedef struct tls_sigalgs_st TLS_SIGALGS; typedef struct ssl_conf_ctx_st SSL_CONF_CTX; +typedef struct ssl_comp_st SSL_COMP; -DECLARE_STACK_OF(SSL_CIPHER) +STACK_OF(SSL_CIPHER); +STACK_OF(SSL_COMP); /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ typedef struct srtp_protection_profile_st { @@ -385,7 +344,7 @@ typedef struct srtp_protection_profile_st { unsigned long id; } SRTP_PROTECTION_PROFILE; -DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) +DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, const unsigned char *data, @@ -393,9 +352,7 @@ typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, - SSL_CIPHER **cipher, void *arg); - -# ifndef OPENSSL_NO_TLSEXT + const SSL_CIPHER **cipher, void *arg); /* Typedefs for handling custom extensions */ @@ -410,187 +367,27 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg); -# endif - -# ifndef OPENSSL_NO_SSL_INTERN - -/* used to hold info on the particular ciphers used */ -struct ssl_cipher_st { - int valid; - const char *name; /* text name */ - unsigned long id; /* id, 4 bytes, first is version */ - /* - * changed in 0.9.9: these four used to be portions of a single value - * 'algorithms' - */ - unsigned long algorithm_mkey; /* key exchange algorithm */ - unsigned long algorithm_auth; /* server authentication */ - unsigned long algorithm_enc; /* symmetric encryption */ - unsigned long algorithm_mac; /* symmetric authentication */ - unsigned long algorithm_ssl; /* (major) protocol version */ - unsigned long algo_strength; /* strength and export flags */ - unsigned long algorithm2; /* Extra flags */ - int strength_bits; /* Number of bits really used */ - int alg_bits; /* Number of bits for algorithm */ -}; - -/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ -struct ssl_method_st { - int version; - int (*ssl_new) (SSL *s); - void (*ssl_clear) (SSL *s); - void (*ssl_free) (SSL *s); - int (*ssl_accept) (SSL *s); - int (*ssl_connect) (SSL *s); - int (*ssl_read) (SSL *s, void *buf, int len); - int (*ssl_peek) (SSL *s, void *buf, int len); - int (*ssl_write) (SSL *s, const void *buf, int len); - int (*ssl_shutdown) (SSL *s); - int (*ssl_renegotiate) (SSL *s); - int (*ssl_renegotiate_check) (SSL *s); - long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long - max, int *ok); - int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len, - int peek); - int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); - int (*ssl_dispatch_alert) (SSL *s); - long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); - long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); - const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); - int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); - int (*ssl_pending) (const SSL *s); - int (*num_ciphers) (void); - const SSL_CIPHER *(*get_cipher) (unsigned ncipher); - const struct ssl_method_st *(*get_ssl_method) (int version); - long (*get_timeout) (void); - struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ - int (*ssl_version) (void); - long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); - long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); -}; - -/*- - * Lets make this into an ASN.1 type structure as follows - * SSL_SESSION_ID ::= SEQUENCE { - * version INTEGER, -- structure version number - * SSLversion INTEGER, -- SSL version number - * Cipher OCTET STRING, -- the 3 byte cipher ID - * Session_ID OCTET STRING, -- the Session ID - * Master_key OCTET STRING, -- the master key - * KRB5_principal OCTET STRING -- optional Kerberos principal - * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument - * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time - * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds - * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate - * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context - * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' - * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension - * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint - * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity - * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket - * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) - * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method - * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username - * } - * Look in ssl/ssl_asn1.c for more details - * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). - */ -struct ssl_session_st { - int ssl_version; /* what ssl version session info is being - * kept in here? */ - /* only really used in SSLv2 */ - unsigned int key_arg_length; - unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; - int master_key_length; - unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; - /* session_id - valid? */ - unsigned int session_id_length; - unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; - /* - * this is used to determine whether the session is being reused in the - * appropriate context. It is up to the application to set this, via - * SSL_new - */ - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -# ifndef OPENSSL_NO_KRB5 - unsigned int krb5_client_princ_len; - unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; -# endif /* OPENSSL_NO_KRB5 */ -# ifndef OPENSSL_NO_PSK - char *psk_identity_hint; - char *psk_identity; -# endif - /* - * Used to indicate that session resumption is not allowed. Applications - * can also set this bit for a new session via not_resumable_session_cb - * to disable session caching and tickets. - */ - int not_resumable; - /* The cert is the certificate used to establish this connection */ - struct sess_cert_st /* SESS_CERT */ *sess_cert; - /* - * This is the cert for the other end. On clients, it will be the same as - * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is - * not retained in the external representation of sessions, see - * ssl_asn1.c). - */ - X509 *peer; - /* - * when app_verify_callback accepts a session where the peer's - * certificate is not ok, we must remember the error for session reuse: - */ - long verify_result; /* only for servers */ - int references; - long timeout; - long time; - unsigned int compress_meth; /* Need to lookup the method */ - const SSL_CIPHER *cipher; - unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used - * to load the 'cipher' structure */ - STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ - CRYPTO_EX_DATA ex_data; /* application specific data */ - /* - * These are used to make removal of session-ids more efficient and to - * implement a maximum cache size. - */ - struct ssl_session_st *prev, *next; -# ifndef OPENSSL_NO_TLSEXT - char *tlsext_hostname; -# ifndef OPENSSL_NO_EC - size_t tlsext_ecpointformatlist_length; - unsigned char *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; /* peer's list */ -# endif /* OPENSSL_NO_EC */ - /* RFC4507 info */ - unsigned char *tlsext_tick; /* Session ticket */ - size_t tlsext_ticklen; /* Session ticket length */ - long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ -# endif -# ifndef OPENSSL_NO_SRP - char *srp_username; -# endif -}; - -# endif - -# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L -# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L /* Allow initial connection to servers that don't support RI */ -# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L -# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L -# define SSL_OP_TLSEXT_PADDING 0x00000010L -# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L -# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L -# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L -# define SSL_OP_TLS_D5_BUG 0x00000100L -# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L +# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U +/* Removed from OpenSSL 0.9.8q and 1.0.0c */ +/* Dead forever, see CVE-2010-4180. */ +# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0U +# define SSL_OP_TLSEXT_PADDING 0x00000010U +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0U +# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +/* Ancient SSLeay version, retained for compatibility */ +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +# define SSL_OP_TLS_D5_BUG 0x0U +/* Removed from OpenSSL 1.1.0 */ +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 /* Refers to ancient SSLREF and SSLv2, retained for compatibility */ # define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +/* Related to removed SSLv2 */ +# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 /* * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in @@ -600,110 +397,104 @@ struct ssl_session_st { * SSL_OP_ALL. */ /* added in 0.9.6e */ -# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L +# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U /* * SSL_OP_ALL: various bug workarounds that should be rather harmless. This * used to be 0x000FFFFFL before 0.9.7. */ -# define SSL_OP_ALL 0x80000BFFL +# define SSL_OP_ALL 0x80000BFFU /* DTLS options */ -# define SSL_OP_NO_QUERY_MTU 0x00001000L +# define SSL_OP_NO_QUERY_MTU 0x00001000U /* Turn on Cookie Exchange (on relevant for servers) */ -# define SSL_OP_COOKIE_EXCHANGE 0x00002000L +# define SSL_OP_COOKIE_EXCHANGE 0x00002000U /* Don't use RFC4507 ticket extension */ -# define SSL_OP_NO_TICKET 0x00004000L +# define SSL_OP_NO_TICKET 0x00004000U /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ -# define SSL_OP_CISCO_ANYCONNECT 0x00008000L +# define SSL_OP_CISCO_ANYCONNECT 0x00008000U /* As server, disallow session resumption on renegotiation */ -# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L +# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U /* Don't use compression even if supported */ -# define SSL_OP_NO_COMPRESSION 0x00020000L +# define SSL_OP_NO_COMPRESSION 0x00020000U /* Permit unsafe legacy renegotiation */ -# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L -/* If set, always create a new key when using tmp_ecdh parameters */ -# define SSL_OP_SINGLE_ECDH_USE 0x00080000L +# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U /* Does nothing: retained for compatibility */ -# define SSL_OP_SINGLE_DH_USE 0x00100000L +# define SSL_OP_SINGLE_ECDH_USE 0x0 +/* Does nothing: retained for compatibility */ +# define SSL_OP_SINGLE_DH_USE 0x0 /* Does nothing: retained for compatibiity */ # define SSL_OP_EPHEMERAL_RSA 0x0 /* * Set on servers to choose the cipher according to the server's preferences */ -# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L +# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U /* * If set, a server will allow a client to issue a SSLv3.0 version number as * latest version supported in the premaster secret, even when TLSv1.0 * (version 3.1) was announced in the client hello. Normally this is * forbidden to prevent version rollback attacks. */ -# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L +# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U -# define SSL_OP_NO_SSLv2 0x01000000L -# define SSL_OP_NO_SSLv3 0x02000000L -# define SSL_OP_NO_TLSv1 0x04000000L -# define SSL_OP_NO_TLSv1_2 0x08000000L -# define SSL_OP_NO_TLSv1_1 0x10000000L +# define SSL_OP_NO_SSLv2 0x00000000U +# define SSL_OP_NO_SSLv3 0x02000000U +# define SSL_OP_NO_TLSv1 0x04000000U +# define SSL_OP_NO_TLSv1_2 0x08000000U +# define SSL_OP_NO_TLSv1_1 0x10000000U -# define SSL_OP_NO_DTLSv1 0x04000000L -# define SSL_OP_NO_DTLSv1_2 0x08000000L +# define SSL_OP_NO_DTLSv1 0x04000000U +# define SSL_OP_NO_DTLSv1_2 0x08000000U -# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ +# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) +# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) -/* - * These next two were never actually used for anything since SSLeay zap so - * we have some more flags. - */ -/* - * The next flag deliberately changes the ciphertest, this is a check for the - * PKCS#1 attack - */ + +/* Removed from previous versions */ # define SSL_OP_PKCS1_CHECK_1 0x0 # define SSL_OP_PKCS1_CHECK_2 0x0 - -# define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L -# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L +# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0U /* * Make server add server-hello extension from early version of cryptopro * draft, when GOST ciphersuite is negotiated. Required for interoperability * with CryptoPro CSP 3.x */ -# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U /* * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ -# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L +# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U /* * Make it possible to retry SSL_write() with changed buffer location (buffer * contents must stay the same!); this is not the default to avoid the * misconception that non-blocking SSL_write() behaves like non-blocking * write(): */ -# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L +# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U /* * Never bother the application with retries if the transport is blocking: */ -# define SSL_MODE_AUTO_RETRY 0x00000004L +# define SSL_MODE_AUTO_RETRY 0x00000004U /* Don't attempt to automatically build certificate chain */ -# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L +# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U /* * Save RAM by releasing read and write buffers when they're empty. (SSL3 and * TLS only.) "Released" buffers are put onto a free-list in the context or * just freed (depending on the context's setting for freelist_max_len). */ -# define SSL_MODE_RELEASE_BUFFERS 0x00000010L +# define SSL_MODE_RELEASE_BUFFERS 0x00000010U /* * Send the current time in the Random fields of the ClientHello and * ServerHello records for compatibility with hypothetical implementations * that require it. */ -# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L -# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U /* * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications * that reconnect with a downgraded protocol version; see @@ -712,14 +503,18 @@ struct ssl_session_st { * fallback retries, following the guidance in * draft-ietf-tls-downgrade-scsv-00. */ -# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L +# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +/* + * Support Asynchronous operation + */ +# define SSL_MODE_ASYNC 0x00000100U /* Cert related flags */ /* * Many implementations ignore some aspects of the TLS standards such as * enforcing certifcate chain algorithms. When this is set we enforce them. */ -# define SSL_CERT_FLAG_TLS_STRICT 0x00000001L +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U /* Suite B modes, takes same values as certificate verify flags */ # define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 @@ -771,29 +566,25 @@ struct ssl_session_st { # define SSL_CONF_FLAG_SERVER 0x8 # define SSL_CONF_FLAG_SHOW_ERRORS 0x10 # define SSL_CONF_FLAG_CERTIFICATE 0x20 +# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 /* Configuration value types */ # define SSL_CONF_TYPE_UNKNOWN 0x0 # define SSL_CONF_TYPE_STRING 0x1 # define SSL_CONF_TYPE_FILE 0x2 # define SSL_CONF_TYPE_DIR 0x3 +# define SSL_CONF_TYPE_NONE 0x4 /* * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they * cannot be used to clear bits. */ -# define SSL_CTX_set_options(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) -# define SSL_CTX_clear_options(ctx,op) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) -# define SSL_CTX_get_options(ctx) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) -# define SSL_set_options(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) -# define SSL_clear_options(ssl,op) \ - SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) -# define SSL_get_options(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) +unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); +unsigned long SSL_get_options(const SSL* s); +unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_clear_options(SSL *s, unsigned long op); +unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); +unsigned long SSL_set_options(SSL *s, unsigned long op); # define SSL_CTX_set_mode(ctx,op) \ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) @@ -819,7 +610,7 @@ struct ssl_session_st { # ifndef OPENSSL_NO_HEARTBEATS # define SSL_heartbeat(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) + SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL) # endif # define SSL_CTX_set_cert_flags(ctx,op) \ @@ -842,48 +633,23 @@ void SSL_set_msg_callback(SSL *ssl, # define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) # define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) -# ifndef OPENSSL_NO_SRP +# define SSL_get_extms_support(s) \ + SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) -# ifndef OPENSSL_NO_SSL_INTERN - -typedef struct srp_ctx_st { - /* param for all the callbacks */ - void *SRP_cb_arg; - /* set client Hello login callback */ - int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); - /* set SRP N/g param callback for verification */ - int (*SRP_verify_param_callback) (SSL *, void *); - /* set SRP client passwd callback */ - char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); - char *login; - BIGNUM *N, *g, *s, *B, *A; - BIGNUM *a, *b, *v; - char *info; - int strength; - unsigned long srp_Mask; -} SRP_CTX; - -# endif +# ifndef OPENSSL_NO_SRP /* see tls_srp.c */ -int SSL_SRP_CTX_init(SSL *s); -int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); +__owur int SSL_SRP_CTX_init(SSL *s); +__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); int SSL_SRP_CTX_free(SSL *ctx); int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); -int SSL_srp_server_param_with_username(SSL *s, int *ad); -int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); -int SRP_Calc_A_param(SSL *s); -int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); +__owur int SSL_srp_server_param_with_username(SSL *s, int *ad); +__owur int SRP_Calc_A_param(SSL *s); # endif -# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) -# define SSL_MAX_CERT_LIST_DEFAULT 1024*30 - /* 30k max cert list :-) */ -# else -# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 - /* 100k max cert list :-) */ -# endif +/* 100k max cert list */ +# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 # define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) @@ -895,296 +661,13 @@ int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); * otherwise the SSL handshake will fail with an error - callbacks can do * this using the 'ssl' value they're passed by; * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in - * is set at the maximum size the session ID can be. In SSLv2 this is 16 - * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this - * length to be less if desired, but under SSLv2 session IDs are supposed to - * be fixed at 16 bytes so the id will be padded after the callback returns - * in this case. It is also an error for the callback to set the size to - * zero. + * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 + * bytes. The callback can alter this length to be less if desired. It is + * also an error for the callback to set the size to zero. */ typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, unsigned int *id_len); -typedef struct ssl_comp_st SSL_COMP; - -# ifndef OPENSSL_NO_SSL_INTERN - -struct ssl_comp_st { - int id; - const char *name; -# ifndef OPENSSL_NO_COMP - COMP_METHOD *method; -# else - char *method; -# endif -}; - -DECLARE_STACK_OF(SSL_COMP) -DECLARE_LHASH_OF(SSL_SESSION); - -struct ssl_ctx_st { - const SSL_METHOD *method; - STACK_OF(SSL_CIPHER) *cipher_list; - /* same as above but sorted for lookup */ - STACK_OF(SSL_CIPHER) *cipher_list_by_id; - struct x509_store_st /* X509_STORE */ *cert_store; - LHASH_OF(SSL_SESSION) *sessions; - /* - * Most session-ids that will be cached, default is - * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. - */ - unsigned long session_cache_size; - struct ssl_session_st *session_cache_head; - struct ssl_session_st *session_cache_tail; - /* - * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, - * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which - * means only SSL_accept which cache SSL_SESSIONS. - */ - int session_cache_mode; - /* - * If timeout is not 0, it is the default timeout value set when - * SSL_new() is called. This has been put in to make life easier to set - * things up - */ - long session_timeout; - /* - * If this callback is not null, it will be called each time a session id - * is added to the cache. If this function returns 1, it means that the - * callback will do a SSL_SESSION_free() when it has finished using it. - * Otherwise, on 0, it means the callback has finished with it. If - * remove_session_cb is not null, it will be called when a session-id is - * removed from the cache. After the call, OpenSSL will - * SSL_SESSION_free() it. - */ - int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); - void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); - SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, - unsigned char *data, int len, int *copy); - struct { - int sess_connect; /* SSL new conn - started */ - int sess_connect_renegotiate; /* SSL reneg - requested */ - int sess_connect_good; /* SSL new conne/reneg - finished */ - int sess_accept; /* SSL new accept - started */ - int sess_accept_renegotiate; /* SSL reneg - requested */ - int sess_accept_good; /* SSL accept/reneg - finished */ - int sess_miss; /* session lookup misses */ - int sess_timeout; /* reuse attempt on timeouted session */ - int sess_cache_full; /* session removed due to full cache */ - int sess_hit; /* session reuse actually done */ - int sess_cb_hit; /* session-id that was not in the cache was - * passed back via the callback. This - * indicates that the application is - * supplying session-id's from other - * processes - spooky :-) */ - } stats; - - int references; - - /* if defined, these override the X509_verify_cert() calls */ - int (*app_verify_callback) (X509_STORE_CTX *, void *); - void *app_verify_arg; - /* - * before OpenSSL 0.9.7, 'app_verify_arg' was ignored - * ('app_verify_callback' was called with just one argument) - */ - - /* Default password callback. */ - pem_password_cb *default_passwd_callback; - - /* Default password callback user data. */ - void *default_passwd_callback_userdata; - - /* get client cert callback */ - int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); - - /* cookie generate callback */ - int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len); - - /* verify cookie callback */ - int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie, - unsigned int cookie_len); - - CRYPTO_EX_DATA ex_data; - - const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ - const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ - const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ - - STACK_OF(X509) *extra_certs; - STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ - - /* Default values used when no per-SSL value is defined follow */ - - /* used if SSL's info_callback is NULL */ - void (*info_callback) (const SSL *ssl, int type, int val); - - /* what we put in client cert requests */ - STACK_OF(X509_NAME) *client_CA; - - /* - * Default values to use in SSL structures follow (these are copied by - * SSL_new) - */ - - unsigned long options; - unsigned long mode; - long max_cert_list; - - struct cert_st /* CERT */ *cert; - int read_ahead; - - /* callback that allows applications to peek at protocol messages */ - void (*msg_callback) (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); - void *msg_callback_arg; - - int verify_mode; - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - /* called 'verify_callback' in the SSL */ - int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); - - /* Default generate session ID callback. */ - GEN_SESSION_CB generate_session_id; - - X509_VERIFY_PARAM *param; - -# if 0 - int purpose; /* Purpose setting */ - int trust; /* Trust setting */ -# endif - - int quiet_shutdown; - - /* - * Maximum amount of data to send in one fragment. actual record size can - * be more than this due to padding and MAC overheads. - */ - unsigned int max_send_fragment; - -# ifndef OPENSSL_NO_ENGINE - /* - * Engine to pass requests for client certs to - */ - ENGINE *client_cert_engine; -# endif - -# ifndef OPENSSL_NO_TLSEXT - /* TLS extensions servername callback */ - int (*tlsext_servername_callback) (SSL *, int *, void *); - void *tlsext_servername_arg; - /* RFC 4507 session ticket keys */ - unsigned char tlsext_tick_key_name[16]; - unsigned char tlsext_tick_hmac_key[16]; - unsigned char tlsext_tick_aes_key[16]; - /* Callback to support customisation of ticket key setting */ - int (*tlsext_ticket_key_cb) (SSL *ssl, - unsigned char *name, unsigned char *iv, - EVP_CIPHER_CTX *ectx, - HMAC_CTX *hctx, int enc); - - /* certificate status request info */ - /* Callback for status request */ - int (*tlsext_status_cb) (SSL *ssl, void *arg); - void *tlsext_status_arg; - - /* draft-rescorla-tls-opaque-prf-input-00.txt information */ - int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput, - size_t len, void *arg); - void *tlsext_opaque_prf_input_callback_arg; -# endif - -# ifndef OPENSSL_NO_PSK - char *psk_identity_hint; - unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); - unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len); -# endif - -# ifndef OPENSSL_NO_BUF_FREELISTS -# define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 - unsigned int freelist_max_len; - struct ssl3_buf_freelist_st *wbuf_freelist; - struct ssl3_buf_freelist_st *rbuf_freelist; -# endif -# ifndef OPENSSL_NO_SRP - SRP_CTX srp_ctx; /* ctx for SRP authentication */ -# endif - -# ifndef OPENSSL_NO_TLSEXT - -# ifndef OPENSSL_NO_NEXTPROTONEG - /* Next protocol negotiation information */ - /* (for experimental NPN extension). */ - - /* - * For a server, this contains a callback function by which the set of - * advertised protocols can be provided. - */ - int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, - unsigned int *len, void *arg); - void *next_protos_advertised_cb_arg; - /* - * For a client, this contains a callback function that selects the next - * protocol from the list provided by the server. - */ - int (*next_proto_select_cb) (SSL *s, unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, void *arg); - void *next_proto_select_cb_arg; -# endif - /* SRTP profiles we are willing to do from RFC 5764 */ - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; - - /* - * ALPN information (we are in the process of transitioning from NPN to - * ALPN.) - */ - - /*- - * For a server, this contains a callback function that allows the - * server to select the protocol for the connection. - * out: on successful return, this must point to the raw protocol - * name (without the length prefix). - * outlen: on successful return, this contains the length of |*out|. - * in: points to the client's list of supported protocols in - * wire-format. - * inlen: the length of |in|. - */ - int (*alpn_select_cb) (SSL *s, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, void *arg); - void *alpn_select_cb_arg; - - /* - * For a client, this contains the list of supported protocols in wire - * format. - */ - unsigned char *alpn_client_proto_list; - unsigned alpn_client_proto_list_len; - -# ifndef OPENSSL_NO_EC - /* EC extension values inherited by SSL structure */ - size_t tlsext_ecpointformatlist_length; - unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; -# endif /* OPENSSL_NO_EC */ -# endif -}; - -# endif - # define SSL_SESS_CACHE_OFF 0x0000 # define SSL_SESS_CACHE_CLIENT 0x0001 # define SSL_SESS_CACHE_SERVER 0x0002 @@ -1237,11 +720,11 @@ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, - unsigned char + const unsigned char *data, int len, int *copy)); SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, - unsigned char *Data, + const unsigned char *data, int len, int *copy); void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb) (const SSL *ssl, int type, @@ -1254,7 +737,7 @@ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); # ifndef OPENSSL_NO_ENGINE -int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); # endif void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb) (SSL *ssl, @@ -1264,7 +747,7 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, *cookie_len)); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb) (SSL *ssl, - unsigned char + const unsigned char *cookie, unsigned int cookie_len)); @@ -1286,21 +769,19 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len); # endif -# ifndef OPENSSL_NO_TLSEXT -int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, +__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, const unsigned char *client, unsigned int client_len); -# endif # define OPENSSL_NPN_UNSUPPORTED 0 # define OPENSSL_NPN_NEGOTIATED 1 # define OPENSSL_NPN_NO_OVERLAP 2 -int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, - unsigned protos_len); -int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, - unsigned protos_len); +__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned int protos_len); +__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned int protos_len); void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, @@ -1309,7 +790,7 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, unsigned int inlen, void *arg), void *arg); void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned *len); + unsigned int *len); # ifndef OPENSSL_NO_PSK /* @@ -1376,319 +857,49 @@ void SSL_set_psk_server_callback(SSL *ssl, unsigned int max_psk_len)); -int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); -int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); +__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); const char *SSL_get_psk_identity_hint(const SSL *s); const char *SSL_get_psk_identity(const SSL *s); # endif -# ifndef OPENSSL_NO_TLSEXT /* Register callbacks to handle custom TLS Extensions for client or server. */ -int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, + unsigned int ext_type); + +__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, custom_ext_add_cb add_cb, custom_ext_free_cb free_cb, void *add_arg, custom_ext_parse_cb parse_cb, void *parse_arg); -int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, custom_ext_add_cb add_cb, custom_ext_free_cb free_cb, void *add_arg, custom_ext_parse_cb parse_cb, void *parse_arg); -int SSL_extension_supported(unsigned int ext_type); - -# endif +__owur int SSL_extension_supported(unsigned int ext_type); -# define SSL_NOTHING 1 -# define SSL_WRITING 2 -# define SSL_READING 3 -# define SSL_X509_LOOKUP 4 +# define SSL_NOTHING 1 +# define SSL_WRITING 2 +# define SSL_READING 3 +# define SSL_X509_LOOKUP 4 +# define SSL_ASYNC_PAUSED 5 /* These will only be used when doing non-blocking IO */ # define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) # define SSL_want_read(s) (SSL_want(s) == SSL_READING) # define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) # define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) # define SSL_MAC_FLAG_READ_MAC_STREAM 1 # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 -# ifndef OPENSSL_NO_SSL_INTERN - -struct ssl_st { - /* - * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, - * DTLS1_VERSION) - */ - int version; - /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ - int type; - /* SSLv3 */ - const SSL_METHOD *method; - /* - * There are 2 BIO's even though they are normally both the same. This - * is so data can be read and written to different handlers - */ -# ifndef OPENSSL_NO_BIO - /* used by SSL_read */ - BIO *rbio; - /* used by SSL_write */ - BIO *wbio; - /* used during session-id reuse to concatenate messages */ - BIO *bbio; -# else - /* used by SSL_read */ - char *rbio; - /* used by SSL_write */ - char *wbio; - char *bbio; -# endif - /* - * This holds a variable that indicates what we were doing when a 0 or -1 - * is returned. This is needed for non-blocking IO so we know what - * request needs re-doing when in SSL_accept or SSL_connect - */ - int rwstate; - /* true when we are actually in SSL_accept() or SSL_connect() */ - int in_handshake; - int (*handshake_func) (SSL *); - /* - * Imagine that here's a boolean member "init" that is switched as soon - * as SSL_set_{accept/connect}_state is called for the first time, so - * that "state" and "handshake_func" are properly initialized. But as - * handshake_func is == 0 until then, we use this test instead of an - * "init" member. - */ - /* are we the server side? - mostly used by SSL_clear */ - int server; - /* - * Generate a new session or reuse an old one. - * NB: For servers, the 'new' session may actually be a previously - * cached session or even the previous session unless - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set - */ - int new_session; - /* don't send shutdown packets */ - int quiet_shutdown; - /* we have shut things down, 0x01 sent, 0x02 for received */ - int shutdown; - /* where we are */ - int state; - /* where we are when reading */ - int rstate; - BUF_MEM *init_buf; /* buffer used during init */ - void *init_msg; /* pointer to handshake message body, set by - * ssl3_get_message() */ - int init_num; /* amount read/written */ - int init_off; /* amount read/written */ - /* used internally to point at a raw packet */ - unsigned char *packet; - unsigned int packet_length; - struct ssl2_state_st *s2; /* SSLv2 variables */ - struct ssl3_state_st *s3; /* SSLv3 variables */ - struct dtls1_state_st *d1; /* DTLSv1 variables */ - int read_ahead; /* Read as many input bytes as possible (for - * non-blocking reads) */ - /* callback that allows applications to peek at protocol messages */ - void (*msg_callback) (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); - void *msg_callback_arg; - int hit; /* reusing a previous session */ - X509_VERIFY_PARAM *param; -# if 0 - int purpose; /* Purpose setting */ - int trust; /* Trust setting */ -# endif - /* crypto */ - STACK_OF(SSL_CIPHER) *cipher_list; - STACK_OF(SSL_CIPHER) *cipher_list_by_id; - /* - * These are the ones being used, the ones in SSL_SESSION are the ones to - * be 'copied' into these ones - */ - int mac_flags; - EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ - EVP_MD_CTX *read_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP - COMP_CTX *expand; /* uncompress */ -# else - char *expand; -# endif - EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP - COMP_CTX *compress; /* compression */ -# else - char *compress; -# endif - /* session info */ - /* client cert? */ - /* This is used to hold the server certificate used */ - struct cert_st /* CERT */ *cert; - /* - * the session_id_context is used to ensure sessions are only reused in - * the appropriate context - */ - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - /* This can also be in the session once a session is established */ - SSL_SESSION *session; - /* Default generate session ID callback. */ - GEN_SESSION_CB generate_session_id; - /* Used in SSL2 and SSL3 */ - /* - * 0 don't care about verify failure. - * 1 fail if verify fails - */ - int verify_mode; - /* fail if callback returns 0 */ - int (*verify_callback) (int ok, X509_STORE_CTX *ctx); - /* optional informational callback */ - void (*info_callback) (const SSL *ssl, int type, int val); - /* error bytes to be written */ - int error; - /* actual code */ - int error_code; -# ifndef OPENSSL_NO_KRB5 - /* Kerberos 5 context */ - KSSL_CTX *kssl_ctx; -# endif /* OPENSSL_NO_KRB5 */ -# ifndef OPENSSL_NO_PSK - unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); - unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len); -# endif - SSL_CTX *ctx; - /* - * set this flag to 1 and a sleep(1) is put into all SSL_read() and - * SSL_write() calls, good for nbio debuging :-) - */ - int debug; - /* extra application data */ - long verify_result; - CRYPTO_EX_DATA ex_data; - /* for server side, keep the list of CA_dn we can use */ - STACK_OF(X509_NAME) *client_CA; - int references; - /* protocol behaviour */ - unsigned long options; - /* API behaviour */ - unsigned long mode; - long max_cert_list; - int first_packet; - /* what was passed, used for SSLv3/TLS rollback check */ - int client_version; - unsigned int max_send_fragment; -# ifndef OPENSSL_NO_TLSEXT - /* TLS extension debug callback */ - void (*tlsext_debug_cb) (SSL *s, int client_server, int type, - unsigned char *data, int len, void *arg); - void *tlsext_debug_arg; - char *tlsext_hostname; - /*- - * no further mod of servername - * 0 : call the servername extension callback. - * 1 : prepare 2, allow last ack just after in server callback. - * 2 : don't call servername callback, no ack in server hello - */ - int servername_done; - /* certificate status request info */ - /* Status type or -1 if no status type */ - int tlsext_status_type; - /* Expect OCSP CertificateStatus message */ - int tlsext_status_expected; - /* OCSP status request only */ - STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; - X509_EXTENSIONS *tlsext_ocsp_exts; - /* OCSP response received or to be sent */ - unsigned char *tlsext_ocsp_resp; - int tlsext_ocsp_resplen; - /* RFC4507 session ticket expected to be received or sent */ - int tlsext_ticket_expected; -# ifndef OPENSSL_NO_EC - size_t tlsext_ecpointformatlist_length; - /* our list */ - unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; - /* our list */ - unsigned char *tlsext_ellipticcurvelist; -# endif /* OPENSSL_NO_EC */ - /* - * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for - * handshakes - */ - void *tlsext_opaque_prf_input; - size_t tlsext_opaque_prf_input_len; - /* TLS Session Ticket extension override */ - TLS_SESSION_TICKET_EXT *tlsext_session_ticket; - /* TLS Session Ticket extension callback */ - tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; - void *tls_session_ticket_ext_cb_arg; - /* TLS pre-shared secret session resumption */ - tls_session_secret_cb_fn tls_session_secret_cb; - void *tls_session_secret_cb_arg; - SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ -# ifndef OPENSSL_NO_NEXTPROTONEG - /* - * Next protocol negotiation. For the client, this is the protocol that - * we sent in NextProtocol and is set when handling ServerHello - * extensions. For a server, this is the client's selected_protocol from - * NextProtocol and is set when handling the NextProtocol message, before - * the Finished message. - */ - unsigned char *next_proto_negotiated; - unsigned char next_proto_negotiated_len; -# endif -# define session_ctx initial_ctx - /* What we'll do */ - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; - /* What's been chosen */ - SRTP_PROTECTION_PROFILE *srtp_profile; - /*- - * Is use of the Heartbeat extension negotiated? - * 0: disabled - * 1: enabled - * 2: enabled, but not allowed to send Requests - */ - unsigned int tlsext_heartbeat; - /* Indicates if a HeartbeatRequest is in flight */ - unsigned int tlsext_hb_pending; - /* HeartbeatRequest sequence number */ - unsigned int tlsext_hb_seq; -# else -# define session_ctx ctx -# endif /* OPENSSL_NO_TLSEXT */ - /*- - * 1 if we are renegotiating. - * 2 if we are a server and are inside a handshake - * (i.e. not just sending a HelloRequest) - */ - int renegotiate; -# ifndef OPENSSL_NO_SRP - /* ctx for SRP authentication */ - SRP_CTX srp_ctx; -# endif -# ifndef OPENSSL_NO_TLSEXT - /* - * For a client, this contains the list of supported protocols in wire - * format. - */ - unsigned char *alpn_client_proto_list; - unsigned alpn_client_proto_list_len; -# endif /* OPENSSL_NO_TLSEXT */ -}; - -# endif - #ifdef __cplusplus } #endif @@ -1697,13 +908,19 @@ struct ssl_st { # include <openssl/ssl3.h> # include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ # include <openssl/dtls1.h> /* Datagram TLS */ -# include <openssl/ssl23.h> # include <openssl/srtp.h> /* Support for the use_srtp extension */ #ifdef __cplusplus extern "C" { #endif +/* + * These need to be after the above set of includes due to a compiler bug + * in VisualStudio 2015 + */ +DEFINE_STACK_OF_CONST(SSL_CIPHER) +DEFINE_STACK_OF(SSL_COMP) + /* compatibility */ # define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) # define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) @@ -1711,23 +928,73 @@ extern "C" { # define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) # define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) # define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) +DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) + /* - * The following are the possible values for ssl->state are are used to - * indicate where we are up to in the SSL connection establishment. The - * macros that follow are about the only things you should need to use and - * even then, only when using non-blocking IO. It can also be useful to work - * out where you were when the connection failed + * The valid handshake states (one for each type message sent and one for each + * type of message received). There are also two "special" states: + * TLS = TLS or DTLS state + * DTLS = DTLS specific state + * CR/SR = Client Read/Server Read + * CW/SW = Client Write/Server Write + * + * The "special" states are: + * TLS_ST_BEFORE = No handshake has been initiated yet + * TLS_ST_OK = A handshake has been successfully completed + */ +typedef enum { + TLS_ST_BEFORE, + TLS_ST_OK, + DTLS_ST_CR_HELLO_VERIFY_REQUEST, + TLS_ST_CR_SRVR_HELLO, + TLS_ST_CR_CERT, + TLS_ST_CR_CERT_STATUS, + TLS_ST_CR_KEY_EXCH, + TLS_ST_CR_CERT_REQ, + TLS_ST_CR_SRVR_DONE, + TLS_ST_CR_SESSION_TICKET, + TLS_ST_CR_CHANGE, + TLS_ST_CR_FINISHED, + TLS_ST_CW_CLNT_HELLO, + TLS_ST_CW_CERT, + TLS_ST_CW_KEY_EXCH, + TLS_ST_CW_CERT_VRFY, + TLS_ST_CW_CHANGE, + TLS_ST_CW_NEXT_PROTO, + TLS_ST_CW_FINISHED, + TLS_ST_SW_HELLO_REQ, + TLS_ST_SR_CLNT_HELLO, + DTLS_ST_SW_HELLO_VERIFY_REQUEST, + TLS_ST_SW_SRVR_HELLO, + TLS_ST_SW_CERT, + TLS_ST_SW_KEY_EXCH, + TLS_ST_SW_CERT_REQ, + TLS_ST_SW_SRVR_DONE, + TLS_ST_SR_CERT, + TLS_ST_SR_KEY_EXCH, + TLS_ST_SR_CERT_VRFY, + TLS_ST_SR_NEXT_PROTO, + TLS_ST_SR_CHANGE, + TLS_ST_SR_FINISHED, + TLS_ST_SW_SESSION_TICKET, + TLS_ST_SW_CERT_STATUS, + TLS_ST_SW_CHANGE, + TLS_ST_SW_FINISHED +} OSSL_HANDSHAKE_STATE; + +/* + * Most of the following state values are no longer used and are defined to be + * the closest equivalent value in the current state machine code. Not all + * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT + * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, + * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. */ # define SSL_ST_CONNECT 0x1000 # define SSL_ST_ACCEPT 0x2000 + # define SSL_ST_MASK 0x0FFF -# define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) -# define SSL_ST_BEFORE 0x4000 -# define SSL_ST_OK 0x03 -# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -# define SSL_ST_ERR 0x05 # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 @@ -1744,16 +1011,15 @@ extern "C" { # define SSL_CB_HANDSHAKE_DONE 0x20 /* Is the SSL_connection established? */ -# define SSL_get_state(a) SSL_state(a) -# define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) -# define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) -# define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) -# define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) -# define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) +# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +int SSL_in_init(SSL *s); +int SSL_in_before(SSL *s); +int SSL_is_init_finished(SSL *s); /* - * The following 2 states are kept in ssl->rstate when reads fail, you should - * not need these + * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you + * should not need these */ # define SSL_ST_READ_HEADER 0xF0 # define SSL_ST_READ_BODY 0xF1 @@ -1778,16 +1044,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_VERIFY_CLIENT_ONCE 0x04 # define OpenSSL_add_ssl_algorithms() SSL_library_init() -# define SSLeay_add_ssl_algorithms() SSL_library_init() - -/* this is for backward compatibility */ -# if 0 /* NEW_SSLEAY */ -# define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) -# define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) -# define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) -# define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) -# define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSLeay_add_ssl_algorithms() SSL_library_init() # endif + /* More backward compatibility */ # define SSL_get_cipher(s) \ SSL_CIPHER_get_name(SSL_get_current_cipher(s)) @@ -1855,6 +1115,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ # define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL # define SSL_ERROR_NONE 0 # define SSL_ERROR_SSL 1 # define SSL_ERROR_WANT_READ 2 @@ -1865,14 +1126,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_ERROR_ZERO_RETURN 6 # define SSL_ERROR_WANT_CONNECT 7 # define SSL_ERROR_WANT_ACCEPT 8 -# define SSL_CTRL_NEED_TMP_RSA 1 -# define SSL_CTRL_SET_TMP_RSA 2 +# define SSL_ERROR_WANT_ASYNC 9 # define SSL_CTRL_SET_TMP_DH 3 # define SSL_CTRL_SET_TMP_ECDH 4 -# define SSL_CTRL_SET_TMP_RSA_CB 5 # define SSL_CTRL_SET_TMP_DH_CB 6 -# define SSL_CTRL_SET_TMP_ECDH_CB 7 -# define SSL_CTRL_GET_SESSION_REUSED 8 # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 # define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 # define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 @@ -1896,7 +1153,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SESS_MISSES 29 # define SSL_CTRL_SESS_TIMEOUTS 30 # define SSL_CTRL_SESS_CACHE_FULL 31 -# define SSL_CTRL_OPTIONS 32 # define SSL_CTRL_MODE 33 # define SSL_CTRL_GET_READ_AHEAD 40 # define SSL_CTRL_SET_READ_AHEAD 41 @@ -1908,46 +1164,43 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_MAX_CERT_LIST 51 # define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 /* see tls1.h for macros based on these */ -# ifndef OPENSSL_NO_TLSEXT -# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 -# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 -# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 -# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 -# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 -# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 -# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 -# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 -# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 -# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 -# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 -# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 -# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 -# define SSL_CTRL_SET_SRP_ARG 78 -# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 -# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 -# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 -# ifndef OPENSSL_NO_HEARTBEATS -# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 -# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 -# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 -# endif -# endif /* OPENSSL_NO_TLSEXT */ +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85 +# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86 +# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87 +# endif # define DTLS_CTRL_GET_TIMEOUT 73 # define DTLS_CTRL_HANDLE_TIMEOUT 74 -# define DTLS_CTRL_LISTEN 75 # define SSL_CTRL_GET_RI_SUPPORT 76 -# define SSL_CTRL_CLEAR_OPTIONS 77 # define SSL_CTRL_CLEAR_MODE 78 +# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 # define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 # define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 # define SSL_CTRL_CHAIN 88 @@ -1956,7 +1209,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_CURVES 91 # define SSL_CTRL_SET_CURVES_LIST 92 # define SSL_CTRL_GET_SHARED_CURVE 93 -# define SSL_CTRL_SET_ECDH_AUTO 94 # define SSL_CTRL_SET_SIGALGS 97 # define SSL_CTRL_SET_SIGALGS_LIST 98 # define SSL_CTRL_CERT_FLAGS 99 @@ -1975,9 +1227,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_CHAIN_CERTS 115 # define SSL_CTRL_SELECT_CURRENT_CERT 116 # define SSL_CTRL_SET_CURRENT_CERT 117 -# define SSL_CTRL_CHECK_PROTO_VERSION 119 +# define SSL_CTRL_SET_DH_AUTO 118 # define DTLS_CTRL_SET_LINK_MTU 120 # define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CTRL_GET_EXTMS_SUPPORT 122 +# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +# define SSL_CTRL_SET_MAX_PIPELINES 126 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -1985,28 +1242,20 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) # define DTLSv1_handle_timeout(ssl) \ SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) -# define DTLSv1_listen(ssl, peer) \ - SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) -# define SSL_session_reused(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) # define SSL_num_renegotiations(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) # define SSL_clear_num_renegotiations(ssl) \ SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) # define SSL_total_renegotiations(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) -# define SSL_CTX_need_tmp_RSA(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) -# define SSL_CTX_set_tmp_rsa(ctx,rsa) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) # define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) -# define SSL_need_tmp_RSA(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) -# define SSL_set_tmp_rsa(ssl,rsa) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +# define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +# define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_tmp_dh(ssl,dh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) # define SSL_set_tmp_ecdh(ssl,ecdh) \ @@ -2083,16 +1332,12 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) # define SSL_get_shared_curve(s, n) \ SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) -# define SSL_CTX_set_ecdh_auto(ctx, onoff) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) -# define SSL_set_ecdh_auto(s, onoff) \ - SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) # define SSL_CTX_set1_sigalgs_list(ctx, s) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) # define SSL_set1_sigalgs(ctx, slist, slistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) + SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist) # define SSL_set1_sigalgs_list(ctx, s) \ SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ @@ -2114,150 +1359,165 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_server_tmp_key(s, pk) \ SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) # define SSL_get0_raw_cipherlist(s, plst) \ - SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,(char *)plst) + SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) # define SSL_get0_ec_point_formats(s, plst) \ - SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,(char *)plst) -# ifndef OPENSSL_NO_BIO -BIO_METHOD *BIO_f_ssl(void); -BIO *BIO_new_ssl(SSL_CTX *ctx, int client); -BIO *BIO_new_ssl_connect(SSL_CTX *ctx); -BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); -int BIO_ssl_copy_session_id(BIO *to, BIO *from); + SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) +#define SSL_CTX_set_min_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +#define SSL_CTX_set_max_proto_version(ctx, version) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +#define SSL_set_min_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +#define SSL_set_max_proto_version(s, version) \ + SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) + + +__owur BIO_METHOD *BIO_f_ssl(void); +__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); void BIO_ssl_shutdown(BIO *ssl_bio); -# endif - -int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); -SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +void SSL_CTX_up_ref(SSL_CTX *ctx); void SSL_CTX_free(SSL_CTX *); -long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); -long SSL_CTX_get_timeout(const SSL_CTX *ctx); -X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); +__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); -int SSL_want(const SSL *s); -int SSL_clear(SSL *s); +__owur int SSL_want(const SSL *s); +__owur int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); -const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); -char *SSL_CIPHER_get_version(const SSL_CIPHER *c); -const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); -unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); - -int SSL_get_fd(const SSL *s); -int SSL_get_rfd(const SSL *s); -int SSL_get_wfd(const SSL *s); -const char *SSL_get_cipher_list(const SSL *s, int n); -char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); -int SSL_get_read_ahead(const SSL *s); -int SSL_pending(const SSL *s); +__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + +__owur int SSL_get_fd(const SSL *s); +__owur int SSL_get_rfd(const SSL *s); +__owur int SSL_get_wfd(const SSL *s); +__owur const char *SSL_get_cipher_list(const SSL *s, int n); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +__owur int SSL_get_read_ahead(const SSL *s); +__owur int SSL_pending(const SSL *s); +__owur int SSL_has_pending(const SSL *s); # ifndef OPENSSL_NO_SOCK -int SSL_set_fd(SSL *s, int fd); -int SSL_set_rfd(SSL *s, int fd); -int SSL_set_wfd(SSL *s, int fd); +__owur int SSL_set_fd(SSL *s, int fd); +__owur int SSL_set_rfd(SSL *s, int fd); +__owur int SSL_set_wfd(SSL *s, int fd); # endif -# ifndef OPENSSL_NO_BIO +void SSL_set_rbio(SSL *s, BIO *rbio); +void SSL_set_wbio(SSL *s, BIO *wbio); void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); -BIO *SSL_get_rbio(const SSL *s); -BIO *SSL_get_wbio(const SSL *s); -# endif -int SSL_set_cipher_list(SSL *s, const char *str); +__owur BIO *SSL_get_rbio(const SSL *s); +__owur BIO *SSL_get_wbio(const SSL *s); +__owur int SSL_set_cipher_list(SSL *s, const char *str); void SSL_set_read_ahead(SSL *s, int yes); -int SSL_get_verify_mode(const SSL *s); -int SSL_get_verify_depth(const SSL *s); -int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); +__owur int SSL_get_verify_mode(const SSL *s); +__owur int SSL_get_verify_depth(const SSL *s); +__owur int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, int (*callback) (int ok, X509_STORE_CTX *ctx)); void SSL_set_verify_depth(SSL *s, int depth); void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); # ifndef OPENSSL_NO_RSA -int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len); # endif -int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); -int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); -int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, +__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len); -int SSL_use_certificate(SSL *ssl, X509 *x); -int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +__owur int SSL_use_certificate(SSL *ssl, X509 *x); +__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); -# ifndef OPENSSL_NO_TLSEXT /* Set serverinfo data for the current active cert. */ -int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, +__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, size_t serverinfo_length); -# ifndef OPENSSL_NO_STDIO -int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); -# endif /* NO_STDIO */ +__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); -# endif +#ifndef OPENSSL_NO_RSA +__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +#endif -# ifndef OPENSSL_NO_STDIO -int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); -int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); -int SSL_use_certificate_file(SSL *ssl, const char *file, int type); -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); + +#ifndef OPENSSL_NO_RSA +__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +#endif +__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); /* PEM type */ -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); -STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); -int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, +__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); -# ifndef OPENSSL_SYS_VMS -/* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ -# ifndef OPENSSL_SYS_MACINTOSH_CLASSIC int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); -# endif -# endif -# endif +#if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_load_error_strings() \ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +#endif -void SSL_load_error_strings(void); -const char *SSL_state_string(const SSL *s); -const char *SSL_rstate_string(const SSL *s); -const char *SSL_state_string_long(const SSL *s); -const char *SSL_rstate_string_long(const SSL *s); -long SSL_SESSION_get_time(const SSL_SESSION *s); -long SSL_SESSION_set_time(SSL_SESSION *s, long t); -long SSL_SESSION_get_timeout(const SSL_SESSION *s); -long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); -void SSL_copy_session_id(SSL *to, const SSL *from); -X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); -int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, +__owur const char *SSL_state_string(const SSL *s); +__owur const char *SSL_rstate_string(const SSL *s); +__owur const char *SSL_state_string_long(const SSL *s); +__owur const char *SSL_rstate_string_long(const SSL *s); +__owur long SSL_SESSION_get_time(const SSL_SESSION *s); +__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); +__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); +__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); +__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick, + size_t *len); +__owur int SSL_copy_session_id(SSL *to, const SSL *from); +__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); -SSL_SESSION *SSL_SESSION_new(void); +__owur SSL_SESSION *SSL_SESSION_new(void); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); -unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); -# ifndef OPENSSL_NO_FP_API +__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +# ifndef OPENSSL_NO_STDIO int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); # endif -# ifndef OPENSSL_NO_BIO int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); -# endif +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +int SSL_SESSION_up_ref(SSL_SESSION *ses); void SSL_SESSION_free(SSL_SESSION *ses); -int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); -int SSL_set_session(SSL *to, SSL_SESSION *session); -int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); +__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +__owur int SSL_set_session(SSL *to, SSL_SESSION *session); +__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); -int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); -int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); -int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, +__owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); +__owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); +__owur int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, unsigned int id_len); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); # ifdef HEADER_X509_H -X509 *SSL_get_peer_certificate(const SSL *s); +__owur X509 *SSL_get_peer_certificate(const SSL *s); # endif -STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); +__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); -int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); -int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); -int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, +__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +__owur int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *); void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*callback) (int, X509_STORE_CTX *)); @@ -2268,40 +1528,68 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg); # ifndef OPENSSL_NO_RSA -int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); -# endif -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, +__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, +# endif +__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, +__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +void *SSL_get_default_passwd_cb_userdata(SSL *s); -int SSL_CTX_check_private_key(const SSL_CTX *ctx); -int SSL_check_private_key(const SSL *ctx); +__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); +__owur int SSL_check_private_key(const SSL *ctx); -int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, +__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len); SSL *SSL_new(SSL_CTX *ctx); -int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, +void SSL_up_ref(SSL *s); +__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); -int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); -int SSL_set_purpose(SSL *s, int purpose); -int SSL_CTX_set_trust(SSL_CTX *s, int trust); -int SSL_set_trust(SSL *s, int trust); +__owur int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); +__owur int SSL_set_purpose(SSL *s, int purpose); +__owur int SSL_CTX_set_trust(SSL_CTX *s, int trust); +__owur int SSL_set_trust(SSL *s, int trust); + +__owur int SSL_set1_host(SSL *s, const char *hostname); +__owur int SSL_add1_host(SSL *s, const char *hostname); +__owur const char *SSL_get0_peername(SSL *s); +void SSL_set_hostflags(SSL *s, unsigned int flags); + +__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); +__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, + uint8_t mtype, uint8_t ord); +__owur int SSL_dane_enable(SSL *s, const char *basedomain); +__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, + uint8_t mtype, unsigned char *data, size_t dlen); +__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, + uint8_t *mtype, unsigned const char **data, + size_t *dlen); +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +struct dane_st *SSL_get0_dane(SSL *ssl); -int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); -int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); +__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); -X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); -X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); +__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); # ifndef OPENSSL_NO_SRP int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); @@ -2320,161 +1608,180 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp); -BIGNUM *SSL_get_srp_g(SSL *s); -BIGNUM *SSL_get_srp_N(SSL *s); +__owur BIGNUM *SSL_get_srp_g(SSL *s); +__owur BIGNUM *SSL_get_srp_N(SSL *s); -char *SSL_get_srp_username(SSL *s); -char *SSL_get_srp_userinfo(SSL *s); +__owur char *SSL_get_srp_username(SSL *s); +__owur char *SSL_get_srp_userinfo(SSL *s); # endif void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); -int SSL_accept(SSL *ssl); -int SSL_connect(SSL *ssl); -int SSL_read(SSL *ssl, void *buf, int num); -int SSL_peek(SSL *ssl, void *buf, int num); -int SSL_write(SSL *ssl, const void *buf, int num); +__owur int SSL_waiting_for_async(SSL *s); +__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); +__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, + size_t *numaddfds, OSSL_ASYNC_FD *delfd, + size_t *numdelfds); +__owur int SSL_accept(SSL *ssl); +__owur int SSL_connect(SSL *ssl); +__owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_write(SSL *ssl, const void *buf, int num); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); -int SSL_get_error(const SSL *s, int ret_code); -const char *SSL_get_version(const SSL *s); +__owur int SSL_get_error(const SSL *s, int ret_code); +__owur const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); - -# ifndef OPENSSL_NO_SSL2 -const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ -const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ -const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ -# endif +__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); # ifndef OPENSSL_NO_SSL3_METHOD -const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ -const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ -const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) /* SSLv3 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */ # endif -const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS - * version */ -const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available - * SSL/TLS version */ -const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available - * SSL/TLS version */ +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method -const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ -const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ -const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ +/* Negotiate highest available SSL/TLS version */ +__owur const SSL_METHOD *TLS_method(void); +__owur const SSL_METHOD *TLS_server_method(void); +__owur const SSL_METHOD *TLS_client_method(void); -const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ -const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ -const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ +# ifndef OPENSSL_NO_TLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) /* TLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) /* TLSv1.0 */ +# endif -const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ -const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ -const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ +# ifndef OPENSSL_NO_TLS1_1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) /* TLSv1.1 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) /* TLSv1.1 */ +# endif -const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ -const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ -const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ +# ifndef OPENSSL_NO_TLS1_2_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) /* TLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) /* TLSv1.2 */ +# endif -const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ -const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ -const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ +# ifndef OPENSSL_NO_DTLS1_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) /* DTLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) /* DTLSv1.0 */ +# endif + +# ifndef OPENSSL_NO_DTLS1_2_METHOD +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) /* DTLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) /* DTLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) /* DTLSv1.2 */ +#endif -const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ -const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ -const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ -STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); -int SSL_do_handshake(SSL *s); +__owur int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); -int SSL_renegotiate_abbreviated(SSL *s); -int SSL_renegotiate_pending(SSL *s); +__owur int SSL_renegotiate_abbreviated(SSL *s); +__owur int SSL_renegotiate_pending(SSL *s); int SSL_shutdown(SSL *s); -const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); -const SSL_METHOD *SSL_get_ssl_method(SSL *s); -int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); -const char *SSL_alert_type_string_long(int value); -const char *SSL_alert_type_string(int value); -const char *SSL_alert_desc_string_long(int value); -const char *SSL_alert_desc_string(int value); +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s); +__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +__owur const char *SSL_alert_type_string_long(int value); +__owur const char *SSL_alert_type_string(int value); +__owur const char *SSL_alert_desc_string_long(int value); +__owur const char *SSL_alert_desc_string(int value); void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); -STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); -int SSL_add_client_CA(SSL *ssl, X509 *x); -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); +__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +__owur int SSL_add_client_CA(SSL *ssl, X509 *x); +__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); void SSL_set_connect_state(SSL *s); void SSL_set_accept_state(SSL *s); -long SSL_get_default_timeout(const SSL *s); +__owur long SSL_get_default_timeout(const SSL *s); -int SSL_library_init(void); +#if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +#endif -char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); -STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); +__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); -SSL *SSL_dup(SSL *ssl); +__owur SSL *SSL_dup(SSL *ssl); -X509 *SSL_get_certificate(const SSL *ssl); +__owur X509 *SSL_get_certificate(const SSL *ssl); /* * EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); -X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); -EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); +__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); -int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); void SSL_set_quiet_shutdown(SSL *ssl, int mode); -int SSL_get_quiet_shutdown(const SSL *ssl); +__owur int SSL_get_quiet_shutdown(const SSL *ssl); void SSL_set_shutdown(SSL *ssl, int mode); -int SSL_get_shutdown(const SSL *ssl); -int SSL_version(const SSL *ssl); -int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); -int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, +__owur int SSL_get_shutdown(const SSL *ssl); +__owur int SSL_version(const SSL *ssl); +__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); # define SSL_get0_session SSL_get_session/* just peek at pointer */ -SSL_SESSION *SSL_get_session(const SSL *ssl); -SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ -SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +__owur SSL_SESSION *SSL_get_session(const SSL *ssl); +__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)); void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val); -int SSL_state(const SSL *ssl); -void SSL_set_state(SSL *ssl, int state); +__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); void SSL_set_verify_result(SSL *ssl, long v); -long SSL_get_verify_result(const SSL *ssl); - -int SSL_set_ex_data(SSL *ssl, int idx, void *data); +__owur long SSL_get_verify_result(const SSL *ssl); +__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); + +__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl, + unsigned char *out, size_t outlen); + +#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) +__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); void *SSL_get_ex_data(const SSL *ssl, int idx); -int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - -int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) +__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); -int SSL_SESSION_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - -int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) +__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); -int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); -int SSL_get_ex_data_X509_STORE_CTX_idx(void); +__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); # define SSL_CTX_sess_set_cache_size(ctx,t) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) @@ -2504,17 +1811,19 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void); SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) # define SSL_set_max_send_fragment(ssl,m) \ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_split_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_set_split_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +# define SSL_CTX_set_max_pipelines(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_max_pipelines(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) + +void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +void SSL_set_default_read_buffer_len(SSL *s, size_t len); /* NB: the keylength is only applicable when is_export is true */ -# ifndef OPENSSL_NO_RSA -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*cb) (SSL *ssl, int is_export, - int keylength)); - -void SSL_set_tmp_rsa_callback(SSL *ssl, - RSA *(*cb) (SSL *ssl, int is_export, - int keylength)); -# endif # ifndef OPENSSL_NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh) (SSL *ssl, int is_export, @@ -2523,73 +1832,238 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, int keylength)); # endif -# ifndef OPENSSL_NO_ECDH -void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, - EC_KEY *(*ecdh) (SSL *ssl, int is_export, - int keylength)); -void SSL_set_tmp_ecdh_callback(SSL *ssl, - EC_KEY *(*ecdh) (SSL *ssl, int is_export, - int keylength)); -# endif -# ifndef OPENSSL_NO_COMP -const COMP_METHOD *SSL_get_current_compression(SSL *s); -const COMP_METHOD *SSL_get_current_expansion(SSL *s); -const char *SSL_COMP_get_name(const COMP_METHOD *comp); +__owur const COMP_METHOD *SSL_get_current_compression(SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s); +__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); -STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) +__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); void SSL_COMP_free_compression_methods(void); -int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); -# else -const void *SSL_get_current_compression(SSL *s); -const void *SSL_get_current_expansion(SSL *s); -const char *SSL_COMP_get_name(const void *comp); -void *SSL_COMP_get_compression_methods(void); -int SSL_COMP_add_compression_method(int id, void *cm); -# endif +__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); /* TLS extensions functions */ -int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); +__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); -int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, +__owur int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, void *arg); /* Pre-shared secret session resumption functions */ -int SSL_set_session_secret_cb(SSL *s, +__owur int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); -void SSL_set_debug(SSL *s, int debug); -int SSL_cache_hit(SSL *s); -int SSL_is_server(SSL *s); +void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + int + is_forward_secure)); + +void SSL_set_not_resumable_session_callback(SSL *ssl, + int (*cb) (SSL *ssl, + int + is_forward_secure)); +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_cache_hit(s) SSL_session_reused(s) +# endif + +__owur int SSL_session_reused(SSL *s); +__owur int SSL_is_server(SSL *s); -SSL_CONF_CTX *SSL_CONF_CTX_new(void); +__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); -unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); -int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); +__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); +__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); -int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); -int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); -int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); +__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + +void SSL_add_ssl_module(void); +int SSL_config(SSL *s, const char *name); +int SSL_CTX_config(SSL_CTX *ctx, const char *name); # ifndef OPENSSL_NO_SSL_TRACE void SSL_trace(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); -const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); # endif +int DTLSv1_listen(SSL *s, BIO_ADDR *client); + +# ifndef OPENSSL_NO_CT + +/* + * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate + * the received SCTs. + * If the callback returns a non-positive result, the connection is terminated. + * Call this function before beginning a handshake. + * If a NULL |callback| is provided, SCT validation is disabled. + * |arg| is arbitrary userdata that will be passed to the callback whenever it + * is invoked. Ownership of |arg| remains with the caller. + * + * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response + * will be requested. + */ +__owur int SSL_set_ct_validation_callback(SSL *s, + ct_validation_cb callback, + void *arg); +__owur int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, + ct_validation_cb callback, + void *arg); +/* + * Gets the callback being used to validate SCTs. + * This will return NULL if SCTs are neither being requested nor validated. + */ +__owur ct_validation_cb SSL_get_ct_validation_callback(const SSL *s); +__owur ct_validation_cb SSL_CTX_get_ct_validation_callback(const SSL_CTX *ctx); + +/* Gets the SCTs received from a connection */ +const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); + +/* + * Loads the CT log list from the default location. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); + +/* + * Loads the CT log list from the specified file path. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ +int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); + +/* + * Sets the CT log list used by all SSL connections created from this SSL_CTX. + * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. + */ +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); + +/* + * Gets the CT log list used by all SSL connections created from this SSL_CTX. + * This will be NULL unless one of the following functions has been called: + * - SSL_CTX_set_default_ctlog_list_file + * - SSL_CTX_set_ctlog_list_file + * - SSL_CTX_set_ctlog_store + */ +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); + +# endif /* OPENSSL_NO_CT */ + +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +# define SSL_SECOP_OTHER_TYPE 0xffff0000 +# define SSL_SECOP_OTHER_NONE 0 +# define SSL_SECOP_OTHER_CIPHER (1 << 16) +# define SSL_SECOP_OTHER_CURVE (2 << 16) +# define SSL_SECOP_OTHER_DH (3 << 16) +# define SSL_SECOP_OTHER_PKEY (4 << 16) +# define SSL_SECOP_OTHER_SIGALG (5 << 16) +# define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +# define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +/* SSL/TLS version */ +# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *s, int level); +__owur int SSL_get_security_level(const SSL *s); +void SSL_set_security_callback(SSL *s, + int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex)); +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op, + int bits, int nid, + void *other, void *ex); +void SSL_set0_security_ex_data(SSL *s, void *ex); +__owur void *SSL_get0_security_ex_data(const SSL *s); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); +void SSL_CTX_set_security_callback(SSL_CTX *ctx, + int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, + const SSL_CTX *ctx, + int op, int bits, + int nid, + void *other, + void *ex); +void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); + +/* OPENSSL_INIT flag 0x010000 reserved for internal use */ +#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +#define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L + +#define OPENSSL_INIT_SSL_DEFAULT \ + (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) + +int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + # ifndef OPENSSL_NO_UNIT_TEST -const struct openssl_ssl_test_functions *SSL_test_functions(void); +__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); # endif +extern const char SSL_version_str[]; + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -2601,122 +2075,61 @@ void ERR_load_SSL_strings(void); /* Function codes. */ # define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 -# define SSL_F_CLIENT_CERTIFICATE 100 -# define SSL_F_CLIENT_FINISHED 167 -# define SSL_F_CLIENT_HELLO 101 -# define SSL_F_CLIENT_MASTER_KEY 102 +# define SSL_F_CT_MOVE_SCTS 345 # define SSL_F_D2I_SSL_SESSION 103 +# define SSL_F_DANE_CTX_ENABLE 347 +# define SSL_F_DANE_MTYPE_SET 393 +# define SSL_F_DANE_TLSA_ADD 394 # define SSL_F_DO_DTLS1_WRITE 245 # define SSL_F_DO_SSL3_WRITE 104 -# define SSL_F_DTLS1_ACCEPT 246 # define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 # define SSL_F_DTLS1_BUFFER_RECORD 247 -# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 -# define SSL_F_DTLS1_CLIENT_HELLO 248 -# define SSL_F_DTLS1_CONNECT 249 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 # define SSL_F_DTLS1_ENC 250 # define SSL_F_DTLS1_GET_HELLO_VERIFY 251 -# define SSL_F_DTLS1_GET_MESSAGE 252 # define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 -# define SSL_F_DTLS1_GET_RECORD 254 # define SSL_F_DTLS1_HANDLE_TIMEOUT 297 # define SSL_F_DTLS1_HEARTBEAT 305 -# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 # define SSL_F_DTLS1_PROCESS_RECORD 257 # define SSL_F_DTLS1_READ_BYTES 258 # define SSL_F_DTLS1_READ_FAILED 259 # define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 -# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 -# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 -# define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 # define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 -# define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 -# define SSL_F_DTLS1_SEND_SERVER_HELLO 266 -# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 # define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 -# define SSL_F_GET_CLIENT_FINISHED 105 -# define SSL_F_GET_CLIENT_HELLO 106 -# define SSL_F_GET_CLIENT_MASTER_KEY 107 -# define SSL_F_GET_SERVER_FINISHED 108 -# define SSL_F_GET_SERVER_HELLO 109 -# define SSL_F_GET_SERVER_STATIC_DH_KEY 340 -# define SSL_F_GET_SERVER_VERIFY 110 -# define SSL_F_I2D_SSL_SESSION 111 -# define SSL_F_READ_N 112 -# define SSL_F_REQUEST_CERTIFICATE 113 -# define SSL_F_SERVER_FINISH 239 -# define SSL_F_SERVER_HELLO 114 -# define SSL_F_SERVER_VERIFY 240 -# define SSL_F_SSL23_ACCEPT 115 -# define SSL_F_SSL23_CLIENT_HELLO 116 -# define SSL_F_SSL23_CONNECT 117 -# define SSL_F_SSL23_GET_CLIENT_HELLO 118 -# define SSL_F_SSL23_GET_SERVER_HELLO 119 -# define SSL_F_SSL23_PEEK 237 -# define SSL_F_SSL23_READ 120 -# define SSL_F_SSL23_WRITE 121 -# define SSL_F_SSL2_ACCEPT 122 -# define SSL_F_SSL2_CONNECT 123 -# define SSL_F_SSL2_ENC_INIT 124 -# define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 -# define SSL_F_SSL2_PEEK 234 -# define SSL_F_SSL2_READ 125 -# define SSL_F_SSL2_READ_INTERNAL 236 -# define SSL_F_SSL2_SET_CERTIFICATE 126 -# define SSL_F_SSL2_WRITE 127 -# define SSL_F_SSL3_ACCEPT 128 +# define SSL_F_DTLSV1_LISTEN 350 +# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371 +# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 +# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 +# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +# define SSL_F_OPENSSL_INIT_SSL 342 +# define SSL_F_READ_STATE_MACHINE 352 # define SSL_F_SSL3_ADD_CERT_TO_BUF 296 # define SSL_F_SSL3_CALLBACK_CTRL 233 # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 -# define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 # define SSL_F_SSL3_CHECK_FINISHED 339 -# define SSL_F_SSL3_CLIENT_HELLO 131 -# define SSL_F_SSL3_CONNECT 132 # define SSL_F_SSL3_CTRL 213 # define SSL_F_SSL3_CTX_CTRL 133 # define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 -# define SSL_F_SSL3_ENC 134 +# define SSL_F_SSL3_FINAL_FINISH_MAC 285 # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 # define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 -# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 -# define SSL_F_SSL3_GET_CERT_STATUS 289 -# define SSL_F_SSL3_GET_CERT_VERIFY 136 -# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 -# define SSL_F_SSL3_GET_CLIENT_HELLO 138 -# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 -# define SSL_F_SSL3_GET_FINISHED 140 -# define SSL_F_SSL3_GET_KEY_EXCHANGE 141 -# define SSL_F_SSL3_GET_MESSAGE 142 -# define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 -# define SSL_F_SSL3_GET_NEXT_PROTO 306 # define SSL_F_SSL3_GET_RECORD 143 -# define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 -# define SSL_F_SSL3_GET_SERVER_DONE 145 -# define SSL_F_SSL3_GET_SERVER_HELLO 146 -# define SSL_F_SSL3_HANDSHAKE_MAC 285 # define SSL_F_SSL3_NEW_SESSION_TICKET 287 # define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 # define SSL_F_SSL3_PEEK 235 # define SSL_F_SSL3_READ_BYTES 148 # define SSL_F_SSL3_READ_N 149 -# define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 -# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 -# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 -# define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 -# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 -# define SSL_F_SSL3_SEND_SERVER_HELLO 242 -# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 # define SSL_F_SSL3_SETUP_READ_BUFFER 156 # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 -# define SSL_F_SSL3_SHUTDOWN 396 # define SSL_F_SSL3_WRITE_BYTES 158 # define SSL_F_SSL3_WRITE_PENDING 159 -# define SSL_F_SSL_ADD_CERT_CHAIN 318 +# define SSL_F_SSL_ACCEPT 390 +# define SSL_F_SSL_ADD_CERT_CHAIN 316 # define SSL_F_SSL_ADD_CERT_TO_BUF 319 # define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 # define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 @@ -2729,10 +2142,11 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_BAD_METHOD 160 # define SSL_F_SSL_BUILD_CERT_CHAIN 332 # define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346 # define SSL_F_SSL_CERT_DUP 221 -# define SSL_F_SSL_CERT_INST 222 # define SSL_F_SSL_CERT_INSTANTIATE 214 # define SSL_F_SSL_CERT_NEW 162 +# define SSL_F_SSL_CERT_SET0_CHAIN 340 # define SSL_F_SSL_CHECK_PRIVATE_KEY 163 # define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 # define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 @@ -2744,17 +2158,19 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_CREATE_CIPHER_LIST 166 # define SSL_F_SSL_CTRL 232 # define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +# define SSL_F_SSL_CTX_GET_CT_VALIDATION_CALLBACK 349 # define SSL_F_SSL_CTX_MAKE_PROFILES 309 # define SSL_F_SSL_CTX_NEW 169 +# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 # define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 # define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 +# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396 # define SSL_F_SSL_CTX_SET_PURPOSE 226 # define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 # define SSL_F_SSL_CTX_SET_SSL_VERSION 170 # define SSL_F_SSL_CTX_SET_TRUST 229 # define SSL_F_SSL_CTX_USE_CERTIFICATE 171 # define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 -# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 # define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 # define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 # define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 @@ -2765,7 +2181,11 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 # define SSL_F_SSL_CTX_USE_SERVERINFO 336 # define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 +# define SSL_F_SSL_DANE_ENABLE 395 +# define SSL_F_SSL_DO_CONFIG 391 # define SSL_F_SSL_DO_HANDSHAKE 180 +# define SSL_F_SSL_GET0_PEER_SCTS 397 +# define SSL_F_SSL_GET_CT_VALIDATION_CALLBACK 398 # define SSL_F_SSL_GET_NEW_SESSION 181 # define SSL_F_SSL_GET_PREV_SESSION 217 # define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 @@ -2774,6 +2194,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_GET_SIGN_PKEY 183 # define SSL_F_SSL_INIT_WBIO_BUFFER 184 # define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +# define SSL_F_SSL_MODULE_INIT 392 # define SSL_F_SSL_NEW 186 # define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 # define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 @@ -2785,17 +2206,16 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 # define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 # define SSL_F_SSL_READ 223 -# define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 -# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 # define SSL_F_SSL_SESSION_DUP 348 # define SSL_F_SSL_SESSION_NEW 189 # define SSL_F_SSL_SESSION_PRINT_FP 190 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 -# define SSL_F_SSL_SESS_CERT_NEW 225 +# define SSL_F_SSL_SET_ALPN_PROTOS 344 # define SSL_F_SSL_SET_CERT 191 # define SSL_F_SSL_SET_CIPHER_LIST 271 +# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 # define SSL_F_SSL_SET_FD 192 # define SSL_F_SSL_SET_PKEY 193 # define SSL_F_SSL_SET_PURPOSE 227 @@ -2807,6 +2227,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_SET_WFD 196 # define SSL_F_SSL_SHUTDOWN 224 # define SSL_F_SSL_SRP_CTX_INIT 313 +# define SSL_F_SSL_START_ASYNC_JOB 389 # define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 # define SSL_F_SSL_UNDEFINED_FUNCTION 197 # define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 @@ -2820,30 +2241,62 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_USE_RSAPRIVATEKEY 204 # define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 # define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +# define SSL_F_SSL_VALIDATE_CT 400 # define SSL_F_SSL_VERIFY_CERT_CHAIN 207 # define SSL_F_SSL_WRITE 208 +# define SSL_F_STATE_MACHINE 353 # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 -# define SSL_F_TLS1_CERT_VERIFY_MAC 286 # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 # define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 -# define SSL_F_TLS1_ENC 210 +# define SSL_F_TLS1_ENC 401 # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 # define SSL_F_TLS1_GET_CURVELIST 338 -# define SSL_F_TLS1_HEARTBEAT 315 # define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 # define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 # define SSL_F_TLS1_PRF 284 # define SSL_F_TLS1_SETUP_KEY_BLOCK 211 # define SSL_F_TLS1_SET_SERVER_SIGALGS 335 -# define SSL_F_WRITE_PENDING 212 +# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 +# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355 +# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356 +# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357 +# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358 +# define SSL_F_TLS_CONSTRUCT_FINISHED 359 +# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 +# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374 +# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375 +# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376 +# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 377 +# define SSL_F_TLS_GET_MESSAGE_BODY 351 +# define SSL_F_TLS_GET_MESSAGE_HEADER 387 +# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 +# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 +# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 +# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361 +# define SSL_F_TLS_PROCESS_CERT_STATUS 362 +# define SSL_F_TLS_PROCESS_CERT_VERIFY 379 +# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363 +# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 +# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 +# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 +# define SSL_F_TLS_PROCESS_FINISHED 364 +# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 +# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366 +# define SSL_F_TLS_PROCESS_NEXT_PROTO 383 +# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 +# define SSL_F_TLS_PROCESS_SERVER_DONE 368 +# define SSL_F_TLS_PROCESS_SERVER_HELLO 369 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 /* Reason codes. */ # define SSL_R_APP_DATA_IN_HANDSHAKE 100 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 +# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 # define SSL_R_BAD_ALERT_RECORD 101 -# define SSL_R_BAD_AUTHENTICATION_TYPE 102 # define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 -# define SSL_R_BAD_CHECKSUM 104 # define SSL_R_BAD_DATA 390 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 # define SSL_R_BAD_DECOMPRESSION 107 @@ -2853,6 +2306,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_DH_PUB_KEY_VALUE 393 # define SSL_R_BAD_DH_P_LENGTH 110 # define SSL_R_BAD_DH_P_VALUE 395 +# define SSL_R_BAD_DH_VALUE 102 # define SSL_R_BAD_DIGEST_LENGTH 111 # define SSL_R_BAD_DSA_SIGNATURE 112 # define SSL_R_BAD_ECC_CERT 304 @@ -2861,13 +2315,11 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_HANDSHAKE_LENGTH 332 # define SSL_R_BAD_HELLO_REQUEST 105 # define SSL_R_BAD_LENGTH 271 -# define SSL_R_BAD_MAC_DECODE 113 # define SSL_R_BAD_MAC_LENGTH 333 # define SSL_R_BAD_MESSAGE_TYPE 114 # define SSL_R_BAD_PACKET_LENGTH 115 # define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 # define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 -# define SSL_R_BAD_RESPONSE_ARGUMENT 117 # define SSL_R_BAD_RSA_DECRYPT 118 # define SSL_R_BAD_RSA_ENCRYPT 119 # define SSL_R_BAD_RSA_E_LENGTH 120 @@ -2883,8 +2335,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_SRTP_MKI_VALUE 352 # define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 # define SSL_R_BAD_SSL_FILETYPE 124 -# define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 -# define SSL_R_BAD_STATE 126 # define SSL_R_BAD_VALUE 384 # define SSL_R_BAD_WRITE_RETRY 127 # define SSL_R_BIO_NOT_SET 128 @@ -2892,28 +2342,41 @@ void ERR_load_SSL_strings(void); # define SSL_R_BN_LIB 130 # define SSL_R_CA_DN_LENGTH_MISMATCH 131 # define SSL_R_CA_DN_TOO_LONG 132 +# define SSL_R_CA_KEY_TOO_SMALL 397 +# define SSL_R_CA_MD_TOO_WEAK 398 # define SSL_R_CCS_RECEIVED_EARLY 133 # define SSL_R_CERTIFICATE_VERIFY_FAILED 134 # define SSL_R_CERT_CB_ERROR 377 # define SSL_R_CERT_LENGTH_MISMATCH 135 -# define SSL_R_CHALLENGE_IS_DIFFERENT 136 # define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 # define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 -# define SSL_R_CIPHER_TABLE_SRC_ERROR 139 # define SSL_R_CLIENTHELLO_TLSEXT 226 # define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 # define SSL_R_COMPRESSION_DISABLED 343 # define SSL_R_COMPRESSION_FAILURE 141 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 # define SSL_R_COMPRESSION_LIBRARY_ERROR 142 -# define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 # define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 # define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +# define SSL_R_DANE_ALREADY_ENABLED 172 +# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +# define SSL_R_DANE_NOT_ENABLED 175 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +# define SSL_R_DANE_TLSA_NULL_DATA 203 # define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 # define SSL_R_DATA_LENGTH_TOO_LONG 146 # define SSL_R_DECRYPTION_FAILED 147 # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 -# define SSL_R_DH_KEY_TOO_SMALL 372 +# define SSL_R_DH_KEY_TOO_SMALL 394 # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 # define SSL_R_DIGEST_CHECK_FAILED 149 # define SSL_R_DTLS_MESSAGE_TOO_BIG 334 @@ -2924,76 +2387,61 @@ void ERR_load_SSL_strings(void); # define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 # define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 +# define SSL_R_EE_KEY_TOO_SMALL 399 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +# define SSL_R_FAILED_TO_INIT_ASYNC 405 +# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 # define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 # define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 # define SSL_R_HTTPS_PROXY_REQUEST 155 # define SSL_R_HTTP_REQUEST 156 -# define SSL_R_ILLEGAL_PADDING 283 # define SSL_R_ILLEGAL_SUITEB_DIGEST 380 # define SSL_R_INAPPROPRIATE_FALLBACK 373 # define SSL_R_INCONSISTENT_COMPRESSION 340 -# define SSL_R_INVALID_CHALLENGE_LENGTH 158 +# define SSL_R_INCONSISTENT_EXTMS 104 # define SSL_R_INVALID_COMMAND 280 # define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_CONFIGURATION_NAME 113 # define SSL_R_INVALID_NULL_CMD_NAME 385 # define SSL_R_INVALID_PURPOSE 278 +# define SSL_R_INVALID_SEQUENCE_NUMBER 402 # define SSL_R_INVALID_SERVERINFO_DATA 388 # define SSL_R_INVALID_SRP_USERNAME 357 # define SSL_R_INVALID_STATUS_RESPONSE 328 # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 # define SSL_R_INVALID_TRUST 279 -# define SSL_R_KEY_ARG_TOO_LONG 284 -# define SSL_R_KRB5 285 -# define SSL_R_KRB5_C_CC_PRINC 286 -# define SSL_R_KRB5_C_GET_CRED 287 -# define SSL_R_KRB5_C_INIT 288 -# define SSL_R_KRB5_C_MK_REQ 289 -# define SSL_R_KRB5_S_BAD_TICKET 290 -# define SSL_R_KRB5_S_INIT 291 -# define SSL_R_KRB5_S_RD_REQ 292 -# define SSL_R_KRB5_S_TKT_EXPIRED 293 -# define SSL_R_KRB5_S_TKT_NYV 294 -# define SSL_R_KRB5_S_TKT_SKEW 295 # define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 # define SSL_R_LENGTH_TOO_SHORT 160 # define SSL_R_LIBRARY_BUG 274 # define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 -# define SSL_R_MESSAGE_TOO_LONG 296 # define SSL_R_MISSING_DH_DSA_CERT 162 # define SSL_R_MISSING_DH_KEY 163 # define SSL_R_MISSING_DH_RSA_CERT 164 # define SSL_R_MISSING_DSA_SIGNING_CERT 165 # define SSL_R_MISSING_ECDH_CERT 382 # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 -# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 -# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 # define SSL_R_MISSING_RSA_CERTIFICATE 168 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 # define SSL_R_MISSING_RSA_SIGNING_CERT 170 # define SSL_R_MISSING_SRP_PARAM 358 # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 -# define SSL_R_MISSING_TMP_RSA_KEY 172 -# define SSL_R_MISSING_TMP_RSA_PKEY 173 # define SSL_R_MISSING_VERIFY_MESSAGE 174 # define SSL_R_MULTIPLE_SGC_RESTARTS 346 -# define SSL_R_NON_SSLV2_INITIAL_PACKET 175 # define SSL_R_NO_CERTIFICATES_RETURNED 176 # define SSL_R_NO_CERTIFICATE_ASSIGNED 177 # define SSL_R_NO_CERTIFICATE_RETURNED 178 # define SSL_R_NO_CERTIFICATE_SET 179 -# define SSL_R_NO_CERTIFICATE_SPECIFIED 180 # define SSL_R_NO_CIPHERS_AVAILABLE 181 # define SSL_R_NO_CIPHERS_PASSED 182 # define SSL_R_NO_CIPHERS_SPECIFIED 183 -# define SSL_R_NO_CIPHER_LIST 184 # define SSL_R_NO_CIPHER_MATCH 185 # define SSL_R_NO_CLIENT_CERT_METHOD 331 # define SSL_R_NO_CLIENT_CERT_RECEIVED 186 @@ -3001,47 +2449,34 @@ void ERR_load_SSL_strings(void); # define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 # define SSL_R_NO_METHOD_SPECIFIED 188 # define SSL_R_NO_PEM_EXTENSIONS 389 -# define SSL_R_NO_PRIVATEKEY 189 # define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 # define SSL_R_NO_PROTOCOLS_AVAILABLE 191 -# define SSL_R_NO_PUBLICKEY 192 # define SSL_R_NO_RENEGOTIATION 339 # define SSL_R_NO_REQUIRED_DIGEST 324 # define SSL_R_NO_SHARED_CIPHER 193 # define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376 # define SSL_R_NO_SRTP_PROFILES 359 # define SSL_R_NO_VERIFY_CALLBACK 194 +# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 # define SSL_R_NULL_SSL_CTX 195 # define SSL_R_NULL_SSL_METHOD_PASSED 196 # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 -# define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 387 -# define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 379 -# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 # define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 # define SSL_R_PACKET_LENGTH_TOO_LONG 198 # define SSL_R_PARSE_TLSEXT 227 # define SSL_R_PATH_TOO_LONG 270 # define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 -# define SSL_R_PEER_ERROR 200 -# define SSL_R_PEER_ERROR_CERTIFICATE 201 -# define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 -# define SSL_R_PEER_ERROR_NO_CIPHER 203 -# define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 # define SSL_R_PEM_NAME_BAD_PREFIX 391 # define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PIPELINE_FAILURE 406 # define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 -# define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 # define SSL_R_PROTOCOL_IS_SHUTDOWN 207 # define SSL_R_PSK_IDENTITY_NOT_FOUND 223 # define SSL_R_PSK_NO_CLIENT_CB 224 # define SSL_R_PSK_NO_SERVER_CB 225 -# define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 -# define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 -# define SSL_R_PUBLIC_KEY_NOT_RSA 210 # define SSL_R_READ_BIO_NOT_SET 211 # define SSL_R_READ_TIMEOUT_EXPIRED 312 -# define SSL_R_READ_WRONG_PACKET_TYPE 212 # define SSL_R_RECORD_LENGTH_MISMATCH 213 # define SSL_R_RECORD_TOO_LARGE 214 # define SSL_R_RECORD_TOO_SMALL 298 @@ -3050,13 +2485,11 @@ void ERR_load_SSL_strings(void); # define SSL_R_RENEGOTIATION_MISMATCH 337 # define SSL_R_REQUIRED_CIPHER_MISSING 215 # define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 -# define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 -# define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 -# define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SCT_VERIFICATION_FAILED 208 # define SSL_R_SERVERHELLO_TLSEXT 275 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 -# define SSL_R_SHORT_READ 219 +# define SSL_R_SET_FAILED 209 # define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 # define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 @@ -3064,50 +2497,23 @@ void ERR_load_SSL_strings(void); # define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 # define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 # define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 -# define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 -# define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 # define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 # define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 # define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 # define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 # define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 -# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 -# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 -# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 -# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 -# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 -# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 -# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 -# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 -# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 # define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 # define SSL_R_SSL_HANDSHAKE_FAILURE 229 # define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +# define SSL_R_SSL_NEGATIVE_LENGTH 372 +# define SSL_R_SSL_SECTION_EMPTY 126 +# define SSL_R_SSL_SECTION_NOT_FOUND 136 # define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 # define SSL_R_SSL_SESSION_ID_CONFLICT 302 # define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 # define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 -# define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 -# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 -# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 -# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 -# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 -# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 -# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 -# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 -# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 -# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 -# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 -# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 -# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 -# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 -# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 -# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 -# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 -# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 # define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 # define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 # define SSL_R_TLS_HEARTBEAT_PENDING 366 @@ -3115,15 +2521,12 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 -# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 # define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 -# define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 # define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 # define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 -# define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 # define SSL_R_UNEXPECTED_MESSAGE 244 @@ -3134,6 +2537,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_UNKNOWN_CIPHER_RETURNED 248 # define SSL_R_UNKNOWN_CIPHER_TYPE 249 # define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_COMMAND 139 # define SSL_R_UNKNOWN_DIGEST 368 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 # define SSL_R_UNKNOWN_PKEY_TYPE 251 @@ -3150,12 +2554,12 @@ void ERR_load_SSL_strings(void); # define SSL_R_UNSUPPORTED_SSL_VERSION 259 # define SSL_R_UNSUPPORTED_STATUS_TYPE 329 # define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 -# define SSL_R_WRITE_BIO_NOT_SET 260 +# define SSL_R_VERSION_TOO_HIGH 166 +# define SSL_R_VERSION_TOO_LOW 396 # define SSL_R_WRONG_CERTIFICATE_TYPE 383 # define SSL_R_WRONG_CIPHER_RETURNED 261 # define SSL_R_WRONG_CURVE 378 # define SSL_R_WRONG_MESSAGE_TYPE 262 -# define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 # define SSL_R_WRONG_SIGNATURE_LENGTH 264 # define SSL_R_WRONG_SIGNATURE_SIZE 265 # define SSL_R_WRONG_SIGNATURE_TYPE 370 diff --git a/include/openssl/ssl2.h b/include/openssl/ssl2.h index 03c7dd8cac..e965dd54a6 100644 --- a/include/openssl/ssl2.h +++ b/include/openssl/ssl2.h @@ -1,4 +1,3 @@ -/* ssl/ssl2.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,201 +62,9 @@ extern "C" { #endif -/* Protocol Version Codes */ # define SSL2_VERSION 0x0002 -# define SSL2_VERSION_MAJOR 0x00 -# define SSL2_VERSION_MINOR 0x02 -/* #define SSL2_CLIENT_VERSION 0x0002 */ -/* #define SSL2_SERVER_VERSION 0x0002 */ -/* Protocol Message Codes */ -# define SSL2_MT_ERROR 0 # define SSL2_MT_CLIENT_HELLO 1 -# define SSL2_MT_CLIENT_MASTER_KEY 2 -# define SSL2_MT_CLIENT_FINISHED 3 -# define SSL2_MT_SERVER_HELLO 4 -# define SSL2_MT_SERVER_VERIFY 5 -# define SSL2_MT_SERVER_FINISHED 6 -# define SSL2_MT_REQUEST_CERTIFICATE 7 -# define SSL2_MT_CLIENT_CERTIFICATE 8 - -/* Error Message Codes */ -# define SSL2_PE_UNDEFINED_ERROR 0x0000 -# define SSL2_PE_NO_CIPHER 0x0001 -# define SSL2_PE_NO_CERTIFICATE 0x0002 -# define SSL2_PE_BAD_CERTIFICATE 0x0004 -# define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 - -/* Cipher Kind Values */ -# define SSL2_CK_NULL_WITH_MD5 0x02000000/* v3 */ -# define SSL2_CK_RC4_128_WITH_MD5 0x02010080 -# define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 -# define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 -# define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 -# define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 -# define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 -# define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140/* v3 */ -# define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 -# define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0/* v3 */ -# define SSL2_CK_RC4_64_WITH_MD5 0x02080080/* MS hack */ - -# define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800/* SSLeay */ -# define SSL2_CK_NULL 0x02ff0810/* SSLeay */ - -# define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" -# define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" -# define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" -# define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" -# define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" -# define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" -# define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" -# define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" -# define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" -# define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" -# define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" -# define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" - -# define SSL2_TXT_NULL "NULL" - -/* Flags for the SSL_CIPHER.algorithm2 field */ -# define SSL2_CF_5_BYTE_ENC 0x01 -# define SSL2_CF_8_BYTE_ENC 0x02 - -/* Certificate Type Codes */ -# define SSL2_CT_X509_CERTIFICATE 0x01 - -/* Authentication Type Code */ -# define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 - -# define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 - -/* Upper/Lower Bounds */ -# define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 -# ifdef OPENSSL_SYS_MPE -# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u -# else -# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u - /* 2^15-1 */ -# endif -# define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383/* 2^14-1 */ - -# define SSL2_CHALLENGE_LENGTH 16 -/* - * #define SSL2_CHALLENGE_LENGTH 32 - */ -# define SSL2_MIN_CHALLENGE_LENGTH 16 -# define SSL2_MAX_CHALLENGE_LENGTH 32 -# define SSL2_CONNECTION_ID_LENGTH 16 -# define SSL2_MAX_CONNECTION_ID_LENGTH 16 -# define SSL2_SSL_SESSION_ID_LENGTH 16 -# define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 -# define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 -# define SSL2_MAX_KEY_MATERIAL_LENGTH 24 - -# ifndef HEADER_SSL_LOCL_H -# define CERT char -# endif - -# ifndef OPENSSL_NO_SSL_INTERN - -typedef struct ssl2_state_st { - int three_byte_header; - int clear_text; /* clear text */ - int escape; /* not used in SSLv2 */ - int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ - /* - * non-blocking io info, used to make sure the same args were passwd - */ - unsigned int wnum; /* number of bytes sent so far */ - int wpend_tot; - const unsigned char *wpend_buf; - int wpend_off; /* offset to data to write */ - int wpend_len; /* number of bytes passwd to write */ - int wpend_ret; /* number of bytes to return to caller */ - /* buffer raw data */ - int rbuf_left; - int rbuf_offs; - unsigned char *rbuf; - unsigned char *wbuf; - unsigned char *write_ptr; /* used to point to the start due to 2/3 byte - * header. */ - unsigned int padding; - unsigned int rlength; /* passed to ssl2_enc */ - int ract_data_length; /* Set when things are encrypted. */ - unsigned int wlength; /* passed to ssl2_enc */ - int wact_data_length; /* Set when things are decrypted. */ - unsigned char *ract_data; - unsigned char *wact_data; - unsigned char *mac_data; - unsigned char *read_key; - unsigned char *write_key; - /* Stuff specifically to do with this SSL session */ - unsigned int challenge_length; - unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; - unsigned int conn_id_length; - unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; - unsigned int key_material_length; - unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH * 2]; - unsigned long read_sequence; - unsigned long write_sequence; - struct { - unsigned int conn_id_length; - unsigned int cert_type; - unsigned int cert_length; - unsigned int csl; - unsigned int clear; - unsigned int enc; - unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; - unsigned int cipher_spec_length; - unsigned int session_id_length; - unsigned int clen; - unsigned int rlen; - } tmp; -} SSL2_STATE; - -# endif - -/* SSLv2 */ -/* client */ -# define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) -# define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) -# define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) -# define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) -# define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) -# define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) -# define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) -# define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) -# define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) -# define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) -# define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) -# define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) -# define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) -# define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) -# define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) -# define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) -# define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) -# define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) -/* server */ -# define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) -# define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) -# define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) -# define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) -# define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) -# define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) -# define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) -# define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) -# define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) -# define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) -# define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) -# define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) -# define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) -# define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) -# define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) -# define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) -# define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) -# define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) -# define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) -# define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) #ifdef __cplusplus } diff --git a/include/openssl/ssl23.h b/include/openssl/ssl23.h index 9de4685af9..5605052d70 100644 --- a/include/openssl/ssl23.h +++ b/include/openssl/ssl23.h @@ -1,84 +1 @@ -/* ssl/ssl23.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_SSL23_H -# define HEADER_SSL23_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * client - */ -/* write to server */ -# define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) -# define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) -/* read from server */ -# define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) -# define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) - -/* server */ -/* read from client */ -# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) -# define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) - -#ifdef __cplusplus -} -#endif -#endif +../../ssl/ssl23.h
\ No newline at end of file diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index e681d50a9e..ecbe24715d 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -1,4 +1,3 @@ -/* ssl/ssl3.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -158,18 +157,18 @@ extern "C" { # define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F # define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 -# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 -# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA SSL3_CK_EDH_DSS_DES_40_CBC_SHA -# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 -# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA SSL3_CK_EDH_DSS_DES_64_CBC_SHA -# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 -# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA SSL3_CK_EDH_DSS_DES_192_CBC3_SHA -# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 -# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA SSL3_CK_EDH_RSA_DES_40_CBC_SHA -# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 -# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA SSL3_CK_EDH_RSA_DES_64_CBC_SHA -# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 -# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA SSL3_CK_EDH_RSA_DES_192_CBC3_SHA +# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA # define SSL3_CK_ADH_RC4_40_MD5 0x03000017 # define SSL3_CK_ADH_RC4_128_MD5 0x03000018 @@ -177,37 +176,6 @@ extern "C" { # define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A # define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B -# if 0 -# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C -# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D -# if 0 /* Because it clashes with KRB5, is never - * used any more, and is safe to remove - * according to David Hopwood - * <david.hopwood@zetnet.co.uk> of the - * ietf-tls list */ -# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E -# endif -# endif - -/* - * VRS Additional Kerberos5 entries - */ -# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E -# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F -# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 -# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 -# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 -# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 -# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 -# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 - -# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 -# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 -# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 -# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 -# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A -# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B - # define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" # define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" # define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" @@ -251,28 +219,6 @@ extern "C" { # define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" # define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" -# if 0 -# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" -# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" -# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" -# endif - -# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" -# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" -# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" -# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" -# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" -# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" -# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" -# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" - -# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" -# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" -# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" -# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" -# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" -# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" - # define SSL3_SSL_SESSION_ID_LENGTH 32 # define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 @@ -360,7 +306,7 @@ extern "C" { # define SSL3_RT_ALERT 21 # define SSL3_RT_HANDSHAKE 22 # define SSL3_RT_APPLICATION_DATA 23 -# define TLS1_RT_HEARTBEAT 24 +# define DTLS1_RT_HEARTBEAT 24 /* Pseudo content types to indicate additional parameters */ # define TLS1_RT_CRYPTO 0x1000 @@ -398,55 +344,6 @@ extern "C" { # define TLS1_HB_REQUEST 1 # define TLS1_HB_RESPONSE 2 -# ifndef OPENSSL_NO_SSL_INTERN - -typedef struct ssl3_record_st { - /* type of record */ - /* - * r - */ int type; - /* How many bytes available */ - /* - * rw - */ unsigned int length; - /* read/write offset into 'buf' */ - /* - * r - */ unsigned int off; - /* pointer to the record data */ - /* - * rw - */ unsigned char *data; - /* where the decode bytes are */ - /* - * rw - */ unsigned char *input; - /* only used with decompression - malloc()ed */ - /* - * r - */ unsigned char *comp; - /* epoch number, needed by DTLS1 */ - /* - * r - */ unsigned long epoch; - /* sequence number, needed by DTLS1 */ - /* - * r - */ unsigned char seq_num[8]; -} SSL3_RECORD; - -typedef struct ssl3_buffer_st { - /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ - unsigned char *buf; - /* buffer size */ - size_t len; - /* where to 'copy from' */ - int offset; - /* how many bytes left */ - int left; -} SSL3_BUFFER; - -# endif # define SSL3_CT_RSA_SIGN 1 # define SSL3_CT_DSS_SIGN 2 @@ -462,282 +359,17 @@ typedef struct ssl3_buffer_st { # define SSL3_CT_NUMBER 9 # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -# define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 -# define SSL3_FLAGS_POP_BUFFER 0x0004 -# define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 -# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 -# define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 -/* - * Set when the handshake is ready to process peer's ChangeCipherSpec message. - * Cleared after the message has been processed. - */ -# define SSL3_FLAGS_CCS_OK 0x0080 - -/* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */ -# define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 - -# ifndef OPENSSL_NO_SSL_INTERN - -typedef struct ssl3_state_st { - long flags; - int delay_buf_pop_ret; - unsigned char read_sequence[8]; - int read_mac_secret_size; - unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; - unsigned char write_sequence[8]; - int write_mac_secret_size; - unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; - unsigned char server_random[SSL3_RANDOM_SIZE]; - unsigned char client_random[SSL3_RANDOM_SIZE]; - /* flags for countermeasure against known-IV weakness */ - int need_empty_fragments; - int empty_fragment_done; - /* The value of 'extra' when the buffers were initialized */ - int init_extra; - SSL3_BUFFER rbuf; /* read IO goes into here */ - SSL3_BUFFER wbuf; /* write IO goes into here */ - SSL3_RECORD rrec; /* each decoded record goes in here */ - SSL3_RECORD wrec; /* goes out from here */ - /* - * storage for Alert/Handshake protocol data received but not yet - * processed by ssl3_read_bytes: - */ - unsigned char alert_fragment[2]; - unsigned int alert_fragment_len; - unsigned char handshake_fragment[4]; - unsigned int handshake_fragment_len; - /* partial write - check the numbers match */ - unsigned int wnum; /* number of bytes sent so far */ - int wpend_tot; /* number bytes written */ - int wpend_type; - int wpend_ret; /* number of bytes submitted */ - const unsigned char *wpend_buf; - /* used during startup, digest all incoming/outgoing packets */ - BIO *handshake_buffer; - /* - * When set of handshake digests is determined, buffer is hashed and - * freed and MD_CTX-es for all required digests are stored in this array - */ - EVP_MD_CTX **handshake_dgst; - /* - * Set whenever an expected ChangeCipherSpec message is processed. - * Unset when the peer's Finished message is received. - * Unexpected ChangeCipherSpec messages trigger a fatal alert. - */ - int change_cipher_spec; - int warn_alert; - int fatal_alert; - /* - * we allow one fatal and one warning alert to be outstanding, send close - * alert via the warning alert - */ - int alert_dispatch; - unsigned char send_alert[2]; - /* - * This flag is set when we should renegotiate ASAP, basically when there - * is no more data in the read or write buffers - */ - int renegotiate; - int total_renegotiations; - int num_renegotiations; - int in_read_app_data; - /* - * Opaque PRF input as used for the current handshake. These fields are - * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they - * are merely present to improve binary compatibility) - */ - void *client_opaque_prf_input; - size_t client_opaque_prf_input_len; - void *server_opaque_prf_input; - size_t server_opaque_prf_input_len; - struct { - /* actually only needs to be 16+20 */ - unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; - /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ - unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; - int finish_md_len; - unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; - int peer_finish_md_len; - unsigned long message_size; - int message_type; - /* used to hold the new cipher we are going to use */ - const SSL_CIPHER *new_cipher; -# ifndef OPENSSL_NO_DH - DH *dh; -# endif -# ifndef OPENSSL_NO_ECDH - EC_KEY *ecdh; /* holds short lived ECDH key */ -# endif - /* used when SSL_ST_FLUSH_DATA is entered */ - int next_state; - int reuse_message; - /* used for certificate requests */ - int cert_req; - int ctype_num; - char ctype[SSL3_CT_NUMBER]; - STACK_OF(X509_NAME) *ca_names; - int use_rsa_tmp; - int key_block_length; - unsigned char *key_block; - const EVP_CIPHER *new_sym_enc; - const EVP_MD *new_hash; - int new_mac_pkey_type; - int new_mac_secret_size; -# ifndef OPENSSL_NO_COMP - const SSL_COMP *new_compression; -# else - char *new_compression; -# endif - int cert_request; - } tmp; - - /* Connection binding to prevent renegotiation attacks */ - unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_client_finished_len; - unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_server_finished_len; - int send_connection_binding; /* TODOEKR */ - -# ifndef OPENSSL_NO_NEXTPROTONEG - /* - * Set if we saw the Next Protocol Negotiation extension from our peer. - */ - int next_proto_neg_seen; -# endif -# ifndef OPENSSL_NO_TLSEXT -# ifndef OPENSSL_NO_EC - /* - * This is set to true if we believe that this is a version of Safari - * running on OS X 10.6 or newer. We wish to know this because Safari on - * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. - */ - char is_probably_safari; -# endif /* !OPENSSL_NO_EC */ - - /* - * ALPN information (we are in the process of transitioning from NPN to - * ALPN.) - */ - - /* - * In a server these point to the selected ALPN protocol after the - * ClientHello has been processed. In a client these contain the protocol - * that the server selected once the ServerHello has been processed. - */ - unsigned char *alpn_selected; - unsigned alpn_selected_len; -# endif /* OPENSSL_NO_TLSEXT */ -} SSL3_STATE; +/* Removed from OpenSSL 1.1.0 */ +# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 -# endif +# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 -/* SSLv3 */ -/* - * client - */ -/* extra state */ -# define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) -# ifndef OPENSSL_NO_SCTP -# define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT) -# define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT) -# endif -/* write to server */ -# define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) -# define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) -/* read from server */ -# define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) -# define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) -# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) -# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) -# define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) -# define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) -# define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) -# define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) -/* write to server */ -# define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) -# define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) -# define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) -# define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) -# define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) -# define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) -# define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) -# define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) -# define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) -# define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) -# ifndef OPENSSL_NO_NEXTPROTONEG -# define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) -# define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) -# endif -# define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) -# define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) -/* read from server */ -# define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) -# define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) -# define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) -# define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) -# define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) -# define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) -# define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) - -/* server */ -/* extra state */ -# define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) -# ifndef OPENSSL_NO_SCTP -# define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT) -# define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT) -# endif -/* read from client */ -/* Do not change the number values, they do matter */ -# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT) -/* write to client */ -# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) -# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) -# define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) -# define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) -# define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) -# define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) -# define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) -/* read from client */ -# define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) -# define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) -# define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) -# define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) -# ifndef OPENSSL_NO_NEXTPROTONEG -# define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) -# define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) -# endif -# define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) -# define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) -/* write to client */ -# define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) -# define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) -# define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) -# define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) -# define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) +/* Set if we encrypt then mac instead of usual mac then encrypt */ +# define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0100 + +/* Set if extended master secret extension received from peer */ +# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 @@ -756,6 +388,9 @@ typedef struct ssl3_state_st { # endif # define DTLS1_MT_HELLO_VERIFY_REQUEST 3 +/* Dummy message type for handling CCS like a normal handshake message */ +# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 + # define SSL3_MT_CCS 1 /* These are used when changing over to a new cipher */ diff --git a/include/openssl/stack.h b/include/openssl/stack.h index eb07216659..976e6ace56 100644 --- a/include/openssl/stack.h +++ b/include/openssl/stack.h @@ -1,4 +1,3 @@ -/* crypto/stack/stack.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,16 +62,7 @@ extern "C" { #endif -typedef struct stack_st { - int num; - char **data; - int sorted; - int num_alloc; - int (*comp) (const void *, const void *); -} _STACK; /* Use STACK_OF(...) instead */ - -# define M_sk_num(sk) ((sk) ? (sk)->num:-1) -# define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) +typedef struct stack_st _STACK; /* Use STACK_OF(...) instead */ int sk_num(const _STACK *); void *sk_value(const _STACK *, int); diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h index 239fa4fb1b..99a2de5f41 100644 --- a/include/openssl/symhacks.h +++ b/include/openssl/symhacks.h @@ -57,427 +57,8 @@ # include <openssl/e_os2.h> -/* - * Hacks to solve the problem with linkers incapable of handling very long - * symbol names. In the case of VMS, the limit is 31 characters on VMS for - * VAX. - */ -/* - * Note that this affects util/libeay.num and util/ssleay.num... you may - * change those manually, but that's not recommended, as those files are - * controlled centrally and updated on Unix, and the central definition may - * disagree with yours, which in turn may come with shareable library - * incompatibilities. - */ -# ifdef OPENSSL_SYS_VMS - -/* Hack a long name in crypto/ex_data.c */ -# undef CRYPTO_get_ex_data_implementation -# define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl -# undef CRYPTO_set_ex_data_implementation -# define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl - -/* Hack a long name in crypto/asn1/a_mbstr.c */ -# undef ASN1_STRING_set_default_mask_asc -# define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc - -# if 0 /* No longer needed, since safestack macro - * magic does the job */ -/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */ -# undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO -# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF -# undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO -# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF -# endif - -# if 0 /* No longer needed, since safestack macro - * magic does the job */ -/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */ -# undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO -# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF -# undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO -# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF -# endif - -# if 0 /* No longer needed, since safestack macro - * magic does the job */ -/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */ -# undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION -# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC -# undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION -# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC -# endif - -/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */ -# undef PEM_read_NETSCAPE_CERT_SEQUENCE -# define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ -# undef PEM_write_NETSCAPE_CERT_SEQUENCE -# define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ -# undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE -# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ -# undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE -# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ -# undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE -# define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ - -/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */ -# undef PEM_read_PKCS8_PRIV_KEY_INFO -# define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO -# undef PEM_write_PKCS8_PRIV_KEY_INFO -# define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO -# undef PEM_read_bio_PKCS8_PRIV_KEY_INFO -# define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO -# undef PEM_write_bio_PKCS8_PRIV_KEY_INFO -# define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO -# undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO -# define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO - -/* Hack other PEM names */ -# undef PEM_write_bio_PKCS8PrivateKey_nid -# define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid - -/* Hack some long X509 names */ -# undef X509_REVOKED_get_ext_by_critical -# define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic -# undef X509_policy_tree_get0_user_policies -# define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies -# undef X509_policy_node_get0_qualifiers -# define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers -# undef X509_STORE_CTX_get_explicit_policy -# define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy -# undef X509_STORE_CTX_get0_current_issuer -# define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer - -/* Hack some long CRYPTO names */ -# undef CRYPTO_set_dynlock_destroy_callback -# define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb -# undef CRYPTO_set_dynlock_create_callback -# define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb -# undef CRYPTO_set_dynlock_lock_callback -# define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb -# undef CRYPTO_get_dynlock_lock_callback -# define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb -# undef CRYPTO_get_dynlock_destroy_callback -# define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb -# undef CRYPTO_get_dynlock_create_callback -# define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb -# undef CRYPTO_set_locked_mem_ex_functions -# define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs -# undef CRYPTO_get_locked_mem_ex_functions -# define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs - -/* Hack some long SSL/TLS names */ -# undef SSL_CTX_set_default_verify_paths -# define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths -# undef SSL_get_ex_data_X509_STORE_CTX_idx -# define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx -# undef SSL_add_file_cert_subjects_to_stack -# define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk -# undef SSL_add_dir_cert_subjects_to_stack -# define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk -# undef SSL_CTX_use_certificate_chain_file -# define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file -# undef SSL_CTX_set_cert_verify_callback -# define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb -# undef SSL_CTX_set_default_passwd_cb_userdata -# define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud -# undef SSL_COMP_get_compression_methods -# define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods -# undef SSL_COMP_set0_compression_methods -# define SSL_COMP_set0_compression_methods SSL_COMP_set0_compress_methods -# undef SSL_COMP_free_compression_methods -# define SSL_COMP_free_compression_methods SSL_COMP_free_compress_methods -# undef ssl_add_clienthello_renegotiate_ext -# define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext -# undef ssl_add_serverhello_renegotiate_ext -# define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext -# undef ssl_parse_clienthello_renegotiate_ext -# define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext -# undef ssl_parse_serverhello_renegotiate_ext -# define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext -# undef SSL_srp_server_param_with_username -# define SSL_srp_server_param_with_username SSL_srp_server_param_with_un -# undef SSL_CTX_set_srp_client_pwd_callback -# define SSL_CTX_set_srp_client_pwd_callback SSL_CTX_set_srp_client_pwd_cb -# undef SSL_CTX_set_srp_verify_param_callback -# define SSL_CTX_set_srp_verify_param_callback SSL_CTX_set_srp_vfy_param_cb -# undef SSL_CTX_set_srp_username_callback -# define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb -# undef ssl_add_clienthello_use_srtp_ext -# define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext -# undef ssl_add_serverhello_use_srtp_ext -# define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext -# undef ssl_parse_clienthello_use_srtp_ext -# define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext -# undef ssl_parse_serverhello_use_srtp_ext -# define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext -# undef SSL_CTX_set_next_protos_advertised_cb -# define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb -# undef SSL_CTX_set_next_proto_select_cb -# define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb - -# undef tls1_send_server_supplemental_data -# define tls1_send_server_supplemental_data tls1_send_server_suppl_data -# undef tls1_send_client_supplemental_data -# define tls1_send_client_supplemental_data tls1_send_client_suppl_data -# undef tls1_get_server_supplemental_data -# define tls1_get_server_supplemental_data tls1_get_server_suppl_data -# undef tls1_get_client_supplemental_data -# define tls1_get_client_supplemental_data tls1_get_client_suppl_data - -# undef ssl3_cbc_record_digest_supported -# define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support -# undef ssl_check_clienthello_tlsext_late -# define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late -# undef ssl_check_clienthello_tlsext_early -# define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early - -/* Hack some RSA long names */ -# undef RSA_padding_check_PKCS1_OAEP_mgf1 -# define RSA_padding_check_PKCS1_OAEP_mgf1 RSA_pad_check_PKCS1_OAEP_mgf1 - -/* Hack some ENGINE long names */ -# undef ENGINE_get_default_BN_mod_exp_crt -# define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt -# undef ENGINE_set_default_BN_mod_exp_crt -# define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt -# undef ENGINE_set_load_privkey_function -# define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn -# undef ENGINE_get_load_privkey_function -# define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn -# undef ENGINE_unregister_pkey_asn1_meths -# define ENGINE_unregister_pkey_asn1_meths ENGINE_unreg_pkey_asn1_meths -# undef ENGINE_register_all_pkey_asn1_meths -# define ENGINE_register_all_pkey_asn1_meths ENGINE_reg_all_pkey_asn1_meths -# undef ENGINE_set_default_pkey_asn1_meths -# define ENGINE_set_default_pkey_asn1_meths ENGINE_set_def_pkey_asn1_meths -# undef ENGINE_get_pkey_asn1_meth_engine -# define ENGINE_get_pkey_asn1_meth_engine ENGINE_get_pkey_asn1_meth_eng -# undef ENGINE_set_load_ssl_client_cert_function -# define ENGINE_set_load_ssl_client_cert_function \ - ENGINE_set_ld_ssl_clnt_cert_fn -# undef ENGINE_get_ssl_client_cert_function -# define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn - -/* Hack some long OCSP names */ -# undef OCSP_REQUEST_get_ext_by_critical -# define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit -# undef OCSP_BASICRESP_get_ext_by_critical -# define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit -# undef OCSP_SINGLERESP_get_ext_by_critical -# define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit - -/* Hack some long DES names */ -# undef _ossl_old_des_ede3_cfb64_encrypt -# define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt -# undef _ossl_old_des_ede3_ofb64_encrypt -# define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt - -/* Hack some long EVP names */ -# undef OPENSSL_add_all_algorithms_noconf -# define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf -# undef OPENSSL_add_all_algorithms_conf -# define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf -# undef EVP_PKEY_meth_set_verify_recover -# define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover - -/* Hack some long EC names */ -# undef EC_GROUP_set_point_conversion_form -# define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form -# undef EC_GROUP_get_point_conversion_form -# define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form -# undef EC_GROUP_clear_free_all_extra_data -# define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data -# undef EC_KEY_set_public_key_affine_coordinates -# define EC_KEY_set_public_key_affine_coordinates \ - EC_KEY_set_pub_key_aff_coords -# undef EC_POINT_set_Jprojective_coordinates_GFp -# define EC_POINT_set_Jprojective_coordinates_GFp \ - EC_POINT_set_Jproj_coords_GFp -# undef EC_POINT_get_Jprojective_coordinates_GFp -# define EC_POINT_get_Jprojective_coordinates_GFp \ - EC_POINT_get_Jproj_coords_GFp -# undef EC_POINT_set_affine_coordinates_GFp -# define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp -# undef EC_POINT_get_affine_coordinates_GFp -# define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp -# undef EC_POINT_set_compressed_coordinates_GFp -# define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp -# undef EC_POINT_set_affine_coordinates_GF2m -# define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m -# undef EC_POINT_get_affine_coordinates_GF2m -# define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m -# undef EC_POINT_set_compressed_coordinates_GF2m -# define EC_POINT_set_compressed_coordinates_GF2m \ - EC_POINT_set_compr_coords_GF2m -# undef ec_GF2m_simple_group_clear_finish -# define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish -# undef ec_GF2m_simple_group_check_discriminant -# define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim -# undef ec_GF2m_simple_point_clear_finish -# define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish -# undef ec_GF2m_simple_point_set_to_infinity -# define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf -# undef ec_GF2m_simple_points_make_affine -# define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine -# undef ec_GF2m_simple_point_set_affine_coordinates -# define ec_GF2m_simple_point_set_affine_coordinates \ - ec_GF2m_smp_pt_set_af_coords -# undef ec_GF2m_simple_point_get_affine_coordinates -# define ec_GF2m_simple_point_get_affine_coordinates \ - ec_GF2m_smp_pt_get_af_coords -# undef ec_GF2m_simple_set_compressed_coordinates -# define ec_GF2m_simple_set_compressed_coordinates \ - ec_GF2m_smp_set_compr_coords -# undef ec_GFp_simple_group_set_curve_GFp -# define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp -# undef ec_GFp_simple_group_get_curve_GFp -# define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp -# undef ec_GFp_simple_group_clear_finish -# define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish -# undef ec_GFp_simple_group_set_generator -# define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator -# undef ec_GFp_simple_group_get0_generator -# define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator -# undef ec_GFp_simple_group_get_cofactor -# define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor -# undef ec_GFp_simple_point_clear_finish -# define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish -# undef ec_GFp_simple_point_set_to_infinity -# define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf -# undef ec_GFp_simple_points_make_affine -# define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine -# undef ec_GFp_simple_set_Jprojective_coordinates_GFp -# define ec_GFp_simple_set_Jprojective_coordinates_GFp \ - ec_GFp_smp_set_Jproj_coords_GFp -# undef ec_GFp_simple_get_Jprojective_coordinates_GFp -# define ec_GFp_simple_get_Jprojective_coordinates_GFp \ - ec_GFp_smp_get_Jproj_coords_GFp -# undef ec_GFp_simple_point_set_affine_coordinates_GFp -# define ec_GFp_simple_point_set_affine_coordinates_GFp \ - ec_GFp_smp_pt_set_af_coords_GFp -# undef ec_GFp_simple_point_get_affine_coordinates_GFp -# define ec_GFp_simple_point_get_affine_coordinates_GFp \ - ec_GFp_smp_pt_get_af_coords_GFp -# undef ec_GFp_simple_set_compressed_coordinates_GFp -# define ec_GFp_simple_set_compressed_coordinates_GFp \ - ec_GFp_smp_set_compr_coords_GFp -# undef ec_GFp_simple_point_set_affine_coordinates -# define ec_GFp_simple_point_set_affine_coordinates \ - ec_GFp_smp_pt_set_af_coords -# undef ec_GFp_simple_point_get_affine_coordinates -# define ec_GFp_simple_point_get_affine_coordinates \ - ec_GFp_smp_pt_get_af_coords -# undef ec_GFp_simple_set_compressed_coordinates -# define ec_GFp_simple_set_compressed_coordinates \ - ec_GFp_smp_set_compr_coords -# undef ec_GFp_simple_group_check_discriminant -# define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim - -/* Hack som long STORE names */ -# undef STORE_method_set_initialise_function -# define STORE_method_set_initialise_function STORE_meth_set_initialise_fn -# undef STORE_method_set_cleanup_function -# define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn -# undef STORE_method_set_generate_function -# define STORE_method_set_generate_function STORE_meth_set_generate_fn -# undef STORE_method_set_modify_function -# define STORE_method_set_modify_function STORE_meth_set_modify_fn -# undef STORE_method_set_revoke_function -# define STORE_method_set_revoke_function STORE_meth_set_revoke_fn -# undef STORE_method_set_delete_function -# define STORE_method_set_delete_function STORE_meth_set_delete_fn -# undef STORE_method_set_list_start_function -# define STORE_method_set_list_start_function STORE_meth_set_list_start_fn -# undef STORE_method_set_list_next_function -# define STORE_method_set_list_next_function STORE_meth_set_list_next_fn -# undef STORE_method_set_list_end_function -# define STORE_method_set_list_end_function STORE_meth_set_list_end_fn -# undef STORE_method_set_update_store_function -# define STORE_method_set_update_store_function STORE_meth_set_update_store_fn -# undef STORE_method_set_lock_store_function -# define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn -# undef STORE_method_set_unlock_store_function -# define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn -# undef STORE_method_get_initialise_function -# define STORE_method_get_initialise_function STORE_meth_get_initialise_fn -# undef STORE_method_get_cleanup_function -# define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn -# undef STORE_method_get_generate_function -# define STORE_method_get_generate_function STORE_meth_get_generate_fn -# undef STORE_method_get_modify_function -# define STORE_method_get_modify_function STORE_meth_get_modify_fn -# undef STORE_method_get_revoke_function -# define STORE_method_get_revoke_function STORE_meth_get_revoke_fn -# undef STORE_method_get_delete_function -# define STORE_method_get_delete_function STORE_meth_get_delete_fn -# undef STORE_method_get_list_start_function -# define STORE_method_get_list_start_function STORE_meth_get_list_start_fn -# undef STORE_method_get_list_next_function -# define STORE_method_get_list_next_function STORE_meth_get_list_next_fn -# undef STORE_method_get_list_end_function -# define STORE_method_get_list_end_function STORE_meth_get_list_end_fn -# undef STORE_method_get_update_store_function -# define STORE_method_get_update_store_function STORE_meth_get_update_store_fn -# undef STORE_method_get_lock_store_function -# define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn -# undef STORE_method_get_unlock_store_function -# define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn - -/* Hack some long TS names */ -# undef TS_RESP_CTX_set_status_info_cond -# define TS_RESP_CTX_set_status_info_cond TS_RESP_CTX_set_stat_info_cond -# undef TS_RESP_CTX_set_clock_precision_digits -# define TS_RESP_CTX_set_clock_precision_digits TS_RESP_CTX_set_clk_prec_digits -# undef TS_CONF_set_clock_precision_digits -# define TS_CONF_set_clock_precision_digits TS_CONF_set_clk_prec_digits - -/* Hack some long CMS names */ -# undef CMS_RecipientInfo_ktri_get0_algs -# define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs -# undef CMS_RecipientInfo_ktri_get0_signer_id -# define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id -# undef CMS_OtherRevocationInfoFormat_it -# define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it -# undef CMS_KeyAgreeRecipientIdentifier_it -# define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it -# undef CMS_OriginatorIdentifierOrKey_it -# define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it -# undef cms_SignerIdentifier_get0_signer_id -# define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id -# undef CMS_RecipientInfo_kari_get0_orig_id -# define CMS_RecipientInfo_kari_get0_orig_id CMS_RecipInfo_kari_get0_orig_id -# undef CMS_RecipientInfo_kari_get0_reks -# define CMS_RecipientInfo_kari_get0_reks CMS_RecipInfo_kari_get0_reks -# undef CMS_RecipientEncryptedKey_cert_cmp -# define CMS_RecipientEncryptedKey_cert_cmp CMS_RecipEncryptedKey_cert_cmp -# undef CMS_RecipientInfo_kari_set0_pkey -# define CMS_RecipientInfo_kari_set0_pkey CMS_RecipInfo_kari_set0_pkey -# undef CMS_RecipientEncryptedKey_get0_id -# define CMS_RecipientEncryptedKey_get0_id CMS_RecipEncryptedKey_get0_id -# undef CMS_RecipientInfo_kari_orig_id_cmp -# define CMS_RecipientInfo_kari_orig_id_cmp CMS_RecipInfo_kari_orig_id_cmp - -/* Hack some long DTLS1 names */ -# undef dtls1_retransmit_buffered_messages -# define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs - -/* Hack some long SRP names */ -# undef SRP_generate_server_master_secret -# define SRP_generate_server_master_secret SRP_gen_server_master_secret -# undef SRP_generate_client_master_secret -# define SRP_generate_client_master_secret SRP_gen_client_master_secret - -/* Hack some long UI names */ -# undef UI_method_get_prompt_constructor -# define UI_method_get_prompt_constructor UI_method_get_prompt_constructr -# undef UI_method_set_prompt_constructor -# define UI_method_set_prompt_constructor UI_method_set_prompt_constructr - -# endif /* defined OPENSSL_SYS_VMS */ - /* Case insensitive linking causes problems.... */ -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) +# if defined(OPENSSL_SYS_VMS) # undef ERR_load_CRYPTO_strings # define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings # undef OCSP_crlID_new diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 7e237d0631..c3344e193f 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -1,4 +1,3 @@ -/* ssl/tls1.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -157,13 +156,19 @@ extern "C" { #endif -# define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 +/* Default security level if not overriden at config time */ +# ifndef OPENSSL_TLS_SECURITY_LEVEL +# define OPENSSL_TLS_SECURITY_LEVEL 1 +# endif # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 # define TLS1_2_VERSION 0x0303 # define TLS_MAX_VERSION TLS1_2_VERSION +/* Special value for method supporting multiple versions */ +# define TLS_ANY_VERSION 0x10000 + # define TLS1_VERSION_MAJOR 0x03 # define TLS1_VERSION_MINOR 0x01 @@ -199,6 +204,7 @@ extern "C" { # define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 # define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 # define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ +# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ # define TLSEXT_TYPE_server_name 0 @@ -235,24 +241,26 @@ extern "C" { # define TLSEXT_TYPE_application_layer_protocol_negotiation 16 /* + * Extension type for Certificate Transparency + * https://tools.ietf.org/html/rfc6962#section-3.3.1 + */ +# define TLSEXT_TYPE_signed_certificate_timestamp 18 + +/* * ExtensionType value for TLS padding extension. * http://tools.ietf.org/html/draft-agl-tls-padding */ # define TLSEXT_TYPE_padding 21 +/* ExtensionType value from RFC7366 */ +# define TLSEXT_TYPE_encrypt_then_mac 22 + +/* ExtensionType value from RFC7627 */ +# define TLSEXT_TYPE_extended_master_secret 23 + /* ExtensionType value from RFC4507 */ # define TLSEXT_TYPE_session_ticket 35 -/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ -# if 0 -/* - * will have to be provided externally for now , - * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 - * using whatever extension number you'd like to try - */ -# define TLSEXT_TYPE_opaque_prf_input ?? -# endif - /* Temporary extension type */ # define TLSEXT_TYPE_renegotiate 0xff01 @@ -278,9 +286,12 @@ extern "C" { # define TLSEXT_signature_rsa 1 # define TLSEXT_signature_dsa 2 # define TLSEXT_signature_ecdsa 3 +# define TLSEXT_signature_gostr34102001 237 +# define TLSEXT_signature_gostr34102012_256 238 +# define TLSEXT_signature_gostr34102012_512 239 /* Total number of different signature algorithms */ -# define TLSEXT_signature_num 4 +# define TLSEXT_signature_num 7 # define TLSEXT_hash_none 0 # define TLSEXT_hash_md5 1 @@ -289,10 +300,13 @@ extern "C" { # define TLSEXT_hash_sha256 4 # define TLSEXT_hash_sha384 5 # define TLSEXT_hash_sha512 6 +# define TLSEXT_hash_gostr3411 237 +# define TLSEXT_hash_gostr34112012_256 238 +# define TLSEXT_hash_gostr34112012_512 239 /* Total number of different digest algorithms */ -# define TLSEXT_hash_num 7 +# define TLSEXT_hash_num 10 /* Flag set for unrecognised algorithms */ # define TLSEXT_nid_unknown 0x1000000 @@ -302,12 +316,10 @@ extern "C" { # define TLSEXT_curve_P_256 23 # define TLSEXT_curve_P_384 24 -# ifndef OPENSSL_NO_TLSEXT - -# define TLSEXT_MAXLEN_host_name 255 +# define TLSEXT_MAXLEN_host_name 255 -const char *SSL_get_servername(const SSL *s, const int type); -int SSL_get_servername_type(const SSL *s); +__owur const char *SSL_get_servername(const SSL *s, const int type); +__owur int SSL_get_servername_type(const SSL *s); /* * SSL_export_keying_material exports a value derived from the master secret, * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and @@ -315,7 +327,7 @@ int SSL_get_servername_type(const SSL *s); * flag controls whether a context is included.) It returns 1 on success and * zero otherwise. */ -int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, +__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, int use_context); @@ -328,79 +340,89 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, unsigned char *rsig, unsigned char *rhash); -int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); +__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); -# define SSL_set_tlsext_host_name(s,name) \ +# define SSL_set_tlsext_host_name(s,name) \ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) -# define SSL_set_tlsext_debug_callback(ssl, cb) \ +# define SSL_set_tlsext_debug_callback(ssl, cb) \ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) -# define SSL_set_tlsext_debug_arg(ssl, arg) \ +# define SSL_set_tlsext_debug_arg(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) -# define SSL_set_tlsext_status_type(ssl, type) \ +# define SSL_set_tlsext_status_type(ssl, type) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) -# define SSL_get_tlsext_status_exts(ssl, arg) \ +# define SSL_get_tlsext_status_exts(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) -# define SSL_set_tlsext_status_exts(ssl, arg) \ +# define SSL_set_tlsext_status_exts(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) -# define SSL_get_tlsext_status_ids(ssl, arg) \ +# define SSL_get_tlsext_status_ids(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) -# define SSL_set_tlsext_status_ids(ssl, arg) \ +# define SSL_set_tlsext_status_ids(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) -# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ +# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) -# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ +# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) -# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ +# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) -# define SSL_TLSEXT_ERR_OK 0 -# define SSL_TLSEXT_ERR_ALERT_WARNING 1 -# define SSL_TLSEXT_ERR_ALERT_FATAL 2 -# define SSL_TLSEXT_ERR_NOACK 3 +# define SSL_TLSEXT_ERR_OK 0 +# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +# define SSL_TLSEXT_ERR_NOACK 3 -# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ +# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) -# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ +# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) -# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ +# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) -# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ +# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) -# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ +# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) -# define SSL_set_tlsext_opaque_prf_input(s, src, len) \ -SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) -# define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ -SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) -# define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ -SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) - -# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ +# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) -# ifndef OPENSSL_NO_HEARTBEATS -# define SSL_TLSEXT_HB_ENABLED 0x01 -# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 -# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04 - +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_DTLSEXT_HB_ENABLED 0x01 +# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02 +# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04 +# define SSL_get_dtlsext_heartbeat_pending(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL) +# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ + SSL_ctrl((ssl),SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) + +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ + SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT +# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ + SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING +# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \ + SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS +# define SSL_TLSEXT_HB_ENABLED \ + SSL_DTLSEXT_HB_ENABLED +# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \ + SSL_DTLSEXT_HB_DONT_SEND_REQUESTS +# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \ + SSL_DTLSEXT_HB_DONT_RECV_REQUESTS # define SSL_get_tlsext_heartbeat_pending(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL) + SSL_get_dtlsext_heartbeat_pending(ssl) # define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ - SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) + SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) # endif # endif @@ -410,22 +432,43 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C # define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D -/* - * Additional TLS ciphersuites from expired Internet Draft - * draft-ietf-tls-56-bit-ciphersuites-01.txt (available if - * TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c). We - * actually treat them like SSL 3.0 ciphers, which we probably shouldn't. - * Note that the first two are actually not in the IDs. - */ -# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060/* not in - * ID */ -# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061/* not in - * ID */ -# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 -# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 -# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 -# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 -# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 +# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 + +# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 + +/* PSK ciphersuites from 5487 */ +# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD + +# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 + +# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 + +# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 + +/* NULL PSK ciphersuites from RFC4785 */ +# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E /* AES ciphersuites from RFC3268 */ # define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F @@ -497,10 +540,46 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 # define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 -/* - * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in - * draft 13 - */ +/* CCM ciphersuites from RFC6655 */ +# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C +# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F +# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 +# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 +# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 +# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 +# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 +# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 +# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 +# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 +# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA +# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB + +/* CCM ciphersuites from RFC7251 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE +# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF + +# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 + +/* ECC ciphersuites from RFC4492 */ # define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 # define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 # define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 @@ -563,20 +642,61 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 # define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 +/* ECDHE PSK ciphersuites from RFC5489 */ +# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 + +# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 + +/* NULL PSK ciphersuites from RFC4785 */ + +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 +# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 +# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 +# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 +# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 + +# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE + /* - * XXX * Backward compatibility alert: + * Older versions of OpenSSL gave - * some DHE ciphers names with "EDH" + * instead of "DHE". Going forward, we - * should be using DHE + * everywhere, though we may indefinitely maintain - * aliases for users + * or configurations that used "EDH" + + * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE + * ciphers names with "EDH" instead of "DHE". Going forward, we should be + * using DHE everywhere, though we may indefinitely maintain aliases for + * users or configurations that used "EDH" */ -# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" -# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" -# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" -# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" -# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" -# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" # define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" +# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" + /* AES ciphersuites from RFC3268 */ # define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" # define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" @@ -629,6 +749,38 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" # define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" + +/* PSK ciphersuites from RFC 5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" + +# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" + +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" + +# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" + /* SRP ciphersuite from RFC 5054 */ # define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" # define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" @@ -655,6 +807,30 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" # define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" + +# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" + +# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" + /* SEED ciphersuites from RFC4162 */ # define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" # define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" @@ -692,6 +868,35 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" # define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" +/* CCM ciphersuites from RFC6655 */ + +# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" +# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" + +# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" +# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" +# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" +# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" + +# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" +# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" +# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" + +/* CCM ciphersuites from RFC7251 */ + +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" +# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" + /* ECDH HMAC based ciphersuites from RFC5289 */ # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" @@ -713,6 +918,42 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" # define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" +/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" + +/* ECDHE PSK ciphersuites from RFC 5489 */ +# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" + +# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" + +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" + +/* Camellia-CBC ciphersuites from RFC6367 */ +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" + +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" + # define TLS_CT_RSA_SIGN 1 # define TLS_CT_DSS_SIGN 2 # define TLS_CT_RSA_FIXED_DH 3 @@ -720,8 +961,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS_CT_ECDSA_SIGN 64 # define TLS_CT_RSA_FIXED_ECDH 65 # define TLS_CT_ECDSA_FIXED_ECDH 66 -# define TLS_CT_GOST94_SIGN 21 # define TLS_CT_GOST01_SIGN 22 +# define TLS_CT_GOST12_SIGN 238 +# define TLS_CT_GOST12_512_SIGN 239 + /* * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see * comment there) @@ -730,13 +973,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_FINISH_MAC_LENGTH 12 -# define TLS_MD_MAX_CONST_SIZE 20 +# define TLS_MD_MAX_CONST_SIZE 22 # define TLS_MD_CLIENT_FINISH_CONST "client finished" # define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 # define TLS_MD_SERVER_FINISH_CONST "server finished" # define TLS_MD_SERVER_FINISH_CONST_SIZE 15 -# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" -# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 # define TLS_MD_KEY_EXPANSION_CONST "key expansion" # define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 # define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" @@ -747,6 +988,8 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS_MD_IV_BLOCK_CONST_SIZE 8 # define TLS_MD_MASTER_SECRET_CONST "master secret" # define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 # ifdef CHARSET_EBCDIC # undef TLS_MD_CLIENT_FINISH_CONST @@ -796,6 +1039,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) * master secret */ # define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST +/* + * extended master secret + */ +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x63\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" # endif /* TLS Session Ticket extension struct */ diff --git a/include/openssl/ts.h b/include/openssl/ts.h index 16eccbb38d..c5bd80a2a9 100644 --- a/include/openssl/ts.h +++ b/include/openssl/ts.h @@ -1,4 +1,3 @@ -/* crypto/ts/ts.h */ /* * Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project * 2002, 2003, 2004. @@ -62,15 +61,9 @@ # include <openssl/opensslconf.h> # include <openssl/symhacks.h> -# ifndef OPENSSL_NO_BUFFER -# include <openssl/buffer.h> -# endif -# ifndef OPENSSL_NO_EVP -# include <openssl/evp.h> -# endif -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif +# include <openssl/buffer.h> +# include <openssl/evp.h> +# include <openssl/bio.h> # include <openssl/stack.h> # include <openssl/asn1.h> # include <openssl/safestack.h> @@ -99,99 +92,12 @@ extern "C" { # include <openssl/x509.h> # include <openssl/x509v3.h> -/*- -MessageImprint ::= SEQUENCE { - hashAlgorithm AlgorithmIdentifier, - hashedMessage OCTET STRING } -*/ - -typedef struct TS_msg_imprint_st { - X509_ALGOR *hash_algo; - ASN1_OCTET_STRING *hashed_msg; -} TS_MSG_IMPRINT; - -/*- -TimeStampReq ::= SEQUENCE { - version INTEGER { v1(1) }, - messageImprint MessageImprint, - --a hash algorithm OID and the hash value of the data to be - --time-stamped - reqPolicy TSAPolicyId OPTIONAL, - nonce INTEGER OPTIONAL, - certReq BOOLEAN DEFAULT FALSE, - extensions [0] IMPLICIT Extensions OPTIONAL } -*/ - -typedef struct TS_req_st { - ASN1_INTEGER *version; - TS_MSG_IMPRINT *msg_imprint; - ASN1_OBJECT *policy_id; /* OPTIONAL */ - ASN1_INTEGER *nonce; /* OPTIONAL */ - ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ - STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ -} TS_REQ; - -/*- -Accuracy ::= SEQUENCE { - seconds INTEGER OPTIONAL, - millis [0] INTEGER (1..999) OPTIONAL, - micros [1] INTEGER (1..999) OPTIONAL } -*/ - -typedef struct TS_accuracy_st { - ASN1_INTEGER *seconds; - ASN1_INTEGER *millis; - ASN1_INTEGER *micros; -} TS_ACCURACY; - -/*- -TSTInfo ::= SEQUENCE { - version INTEGER { v1(1) }, - policy TSAPolicyId, - messageImprint MessageImprint, - -- MUST have the same value as the similar field in - -- TimeStampReq - serialNumber INTEGER, - -- Time-Stamping users MUST be ready to accommodate integers - -- up to 160 bits. - genTime GeneralizedTime, - accuracy Accuracy OPTIONAL, - ordering BOOLEAN DEFAULT FALSE, - nonce INTEGER OPTIONAL, - -- MUST be present if the similar field was present - -- in TimeStampReq. In that case it MUST have the same value. - tsa [0] GeneralName OPTIONAL, - extensions [1] IMPLICIT Extensions OPTIONAL } -*/ - -typedef struct TS_tst_info_st { - ASN1_INTEGER *version; - ASN1_OBJECT *policy_id; - TS_MSG_IMPRINT *msg_imprint; - ASN1_INTEGER *serial; - ASN1_GENERALIZEDTIME *time; - TS_ACCURACY *accuracy; - ASN1_BOOLEAN ordering; - ASN1_INTEGER *nonce; - GENERAL_NAME *tsa; - STACK_OF(X509_EXTENSION) *extensions; -} TS_TST_INFO; - -/*- -PKIStatusInfo ::= SEQUENCE { - status PKIStatus, - statusString PKIFreeText OPTIONAL, - failInfo PKIFailureInfo OPTIONAL } - -From RFC 1510 - section 3.1.1: -PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String - -- text encoded as UTF-8 String (note: each UTF8String SHOULD - -- include an RFC 1766 language tag to indicate the language - -- of the contained text) -*/ - -/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; +/* Possible values for status. */ # define TS_STATUS_GRANTED 0 # define TS_STATUS_GRANTED_WITH_MODS 1 # define TS_STATUS_REJECTION 2 @@ -199,10 +105,7 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String # define TS_STATUS_REVOCATION_WARNING 4 # define TS_STATUS_REVOCATION_NOTIFICATION 5 -/* - * Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c - */ - +/* Possible values for failure_info. */ # define TS_INFO_BAD_ALG 0 # define TS_INFO_BAD_REQUEST 2 # define TS_INFO_BAD_DATA_FORMAT 5 @@ -212,67 +115,15 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String # define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 # define TS_INFO_SYSTEM_FAILURE 25 -typedef struct TS_status_info_st { - ASN1_INTEGER *status; - STACK_OF(ASN1_UTF8STRING) *text; - ASN1_BIT_STRING *failure_info; -} TS_STATUS_INFO; - -DECLARE_STACK_OF(ASN1_UTF8STRING) -DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) -/*- -TimeStampResp ::= SEQUENCE { - status PKIStatusInfo, - timeStampToken TimeStampToken OPTIONAL } -*/ +typedef struct TS_status_info_st TS_STATUS_INFO; +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; +typedef struct ESS_signing_cert ESS_SIGNING_CERT; -typedef struct TS_resp_st { - TS_STATUS_INFO *status_info; - PKCS7 *token; - TS_TST_INFO *tst_info; -} TS_RESP; +DEFINE_STACK_OF(ESS_CERT_ID) -/* The structure below would belong to the ESS component. */ - -/*- -IssuerSerial ::= SEQUENCE { - issuer GeneralNames, - serialNumber CertificateSerialNumber - } -*/ - -typedef struct ESS_issuer_serial { - STACK_OF(GENERAL_NAME) *issuer; - ASN1_INTEGER *serial; -} ESS_ISSUER_SERIAL; - -/*- -ESSCertID ::= SEQUENCE { - certHash Hash, - issuerSerial IssuerSerial OPTIONAL -} -*/ - -typedef struct ESS_cert_id { - ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ - ESS_ISSUER_SERIAL *issuer_serial; -} ESS_CERT_ID; - -DECLARE_STACK_OF(ESS_CERT_ID) -DECLARE_ASN1_SET_OF(ESS_CERT_ID) - -/*- -SigningCertificate ::= SEQUENCE { - certs SEQUENCE OF ESSCertID, - policies SEQUENCE OF PolicyInformation OPTIONAL -} -*/ - -typedef struct ESS_signing_cert { - STACK_OF(ESS_CERT_ID) *cert_ids; - STACK_OF(POLICYINFO) *policy_info; -} ESS_SIGNING_CERT; +typedef struct TS_resp_st TS_RESP; TS_REQ *TS_REQ_new(void); void TS_REQ_free(TS_REQ *a); @@ -281,8 +132,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); TS_REQ *TS_REQ_dup(TS_REQ *a); +#ifndef OPENSSL_NO_STDIO TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +#endif TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); @@ -294,10 +147,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); +#ifndef OPENSSL_NO_STDIO TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); -TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); -int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); +#endif +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a); TS_RESP *TS_RESP_new(void); void TS_RESP_free(TS_RESP *a); @@ -306,10 +161,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); TS_RESP *TS_RESP_dup(TS_RESP *a); +#ifndef OPENSSL_NO_STDIO TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); -TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); -int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); +#endif +TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a); TS_STATUS_INFO *TS_STATUS_INFO_new(void); void TS_STATUS_INFO_free(TS_STATUS_INFO *a); @@ -325,10 +182,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, long length); TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); +#ifndef OPENSSL_NO_STDIO TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); -TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); -int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); +#endif +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a); TS_ACCURACY *TS_ACCURACY_new(void); void TS_ACCURACY_free(TS_ACCURACY *a); @@ -364,6 +223,13 @@ void ERR_load_TS_strings(void); int TS_REQ_set_version(TS_REQ *a, long version); long TS_REQ_get_version(const TS_REQ *a); +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); +ASN1_INTEGER *TS_STATUS_INFO_get0_status(TS_STATUS_INFO *a); + +STACK_OF(ASN1_UTF8STRING) *TS_STATUS_INFO_get0_text(TS_STATUS_INFO *a); + +ASN1_BIT_STRING *TS_STATUS_INFO_get0_failure_info(TS_STATUS_INFO *a); + int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); @@ -495,34 +361,9 @@ typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, void *); -typedef struct TS_resp_ctx { - X509 *signer_cert; - EVP_PKEY *signer_key; - STACK_OF(X509) *certs; /* Certs to include in signed data. */ - STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ - ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ - STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ - ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ - unsigned clock_precision_digits; /* fraction of seconds in time stamp - * token. */ - unsigned flags; /* Optional info, see values above. */ - /* Callback functions. */ - TS_serial_cb serial_cb; - void *serial_cb_data; /* User data for serial_cb. */ - TS_time_cb time_cb; - void *time_cb_data; /* User data for time_cb. */ - TS_extension_cb extension_cb; - void *extension_cb_data; /* User data for extension_cb. */ - /* These members are used only while creating the response. */ - TS_REQ *request; - TS_RESP *response; - TS_TST_INFO *tst_info; -} TS_RESP_CTX; - -DECLARE_STACK_OF(EVP_MD) -DECLARE_ASN1_SET_OF(EVP_MD) +typedef struct TS_resp_ctx TS_RESP_CTX; + +DEFINE_STACK_OF(EVP_MD) /* Creates a response context that can be used for generating responses. */ TS_RESP_CTX *TS_RESP_CTX_new(void); @@ -534,6 +375,9 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); /* This parameter must be set. */ int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); +int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, + const EVP_MD *signer_digest); + /* This parameter must be set. */ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); @@ -654,42 +498,25 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, | TS_VFY_SIGNER \ | TS_VFY_TSA_NAME) -typedef struct TS_verify_ctx { - /* Set this to the union of TS_VFY_... flags you want to carry out. */ - unsigned flags; - /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ - X509_STORE *store; - STACK_OF(X509) *certs; - /* Must be set only with TS_VFY_POLICY. */ - ASN1_OBJECT *policy; - /* - * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the - * algorithm from the response is used. - */ - X509_ALGOR *md_alg; - unsigned char *imprint; - unsigned imprint_len; - /* Must be set only with TS_VFY_DATA. */ - BIO *data; - /* Must be set only with TS_VFY_TSA_NAME. */ - ASN1_INTEGER *nonce; - /* Must be set only with TS_VFY_TSA_NAME. */ - GENERAL_NAME *tsa_name; -} TS_VERIFY_CTX; +typedef struct TS_verify_ctx TS_VERIFY_CTX; int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); /* * Declarations related to response verification context, - * they are defined in ts/ts_verify_ctx.c. */ - -/* Set all fields to zero. */ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *hexstr, long len); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); +STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); /*- * If ctx is NULL, it allocates and returns a new object, otherwise @@ -734,9 +561,11 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, TS_RESP_CTX *ctx); +#ifndef OPENSSL_NO_ENGINE int TS_CONF_set_crypto_device(CONF *conf, const char *section, const char *device); int TS_CONF_set_default_engine(const char *name); +#endif int TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert, TS_RESP_CTX *ctx); int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, @@ -744,6 +573,8 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, int TS_CONF_set_signer_key(CONF *conf, const char *section, const char *key, const char *pass, TS_RESP_CTX *ctx); +int TS_CONF_set_signer_digest(CONF *conf, const char *section, + const char *md, TS_RESP_CTX *ctx); int TS_CONF_set_def_policy(CONF *conf, const char *section, const char *policy, TS_RESP_CTX *ctx); int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); @@ -784,6 +615,11 @@ void ERR_load_TS_strings(void); # define TS_F_TS_CHECK_SIGNING_CERTS 103 # define TS_F_TS_CHECK_STATUS_INFO 104 # define TS_F_TS_COMPUTE_IMPRINT 145 +# define TS_F_TS_CONF_INVALID 151 +# define TS_F_TS_CONF_LOAD_CERT 153 +# define TS_F_TS_CONF_LOAD_CERTS 154 +# define TS_F_TS_CONF_LOAD_KEY 155 +# define TS_F_TS_CONF_LOOKUP_FAIL 152 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 # define TS_F_TS_GET_STATUS_TEXT 105 # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 @@ -822,6 +658,8 @@ void ERR_load_TS_strings(void); /* Reason codes. */ # define TS_R_BAD_PKCS7_TYPE 132 # define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 # define TS_R_CERTIFICATE_VERIFY_ERROR 100 # define TS_R_COULD_NOT_SET_ENGINE 127 # define TS_R_COULD_NOT_SET_TIME 115 @@ -854,6 +692,8 @@ void ERR_load_TS_strings(void); # define TS_R_UNACCEPTABLE_POLICY 125 # define TS_R_UNSUPPORTED_MD_ALGORITHM 126 # define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 # define TS_R_WRONG_CONTENT_TYPE 114 #ifdef __cplusplus diff --git a/include/openssl/txt_db.h b/include/openssl/txt_db.h index 98e23a2003..e83e725ade 100644 --- a/include/openssl/txt_db.h +++ b/include/openssl/txt_db.h @@ -1,4 +1,3 @@ -/* crypto/txt_db/txt_db.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,9 +59,7 @@ # define HEADER_TXT_DB_H # include <openssl/opensslconf.h> -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif +# include <openssl/bio.h> # include <openssl/stack.h> # include <openssl/lhash.h> @@ -72,13 +69,14 @@ # define DB_ERROR_INDEX_OUT_OF_RANGE 3 # define DB_ERROR_NO_INDEX 4 # define DB_ERROR_INSERT_INDEX_CLASH 5 +# define DB_ERROR_WRONG_NUM_FIELDS 6 #ifdef __cplusplus extern "C" { #endif typedef OPENSSL_STRING *OPENSSL_PSTRING; -DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) +DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) typedef struct txt_db_st { int num_fields; @@ -91,13 +89,8 @@ typedef struct txt_db_st { OPENSSL_STRING *arg_row; } TXT_DB; -# ifndef OPENSSL_NO_BIO TXT_DB *TXT_DB_read(BIO *in, int num); long TXT_DB_write(BIO *out, TXT_DB *db); -# else -TXT_DB *TXT_DB_read(char *in, int num); -long TXT_DB_write(char *out, TXT_DB *db); -# endif int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); void TXT_DB_free(TXT_DB *db); diff --git a/include/openssl/ui.h b/include/openssl/ui.h index 0dc16330b8..3d1507ee00 100644 --- a/include/openssl/ui.h +++ b/include/openssl/ui.h @@ -1,4 +1,3 @@ -/* crypto/ui/ui.h */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2001. @@ -60,11 +59,12 @@ #ifndef HEADER_UI_H # define HEADER_UI_H -# ifndef OPENSSL_NO_DEPRECATED +# if OPENSSL_API_COMPAT < 0x10100000L # include <openssl/crypto.h> # endif # include <openssl/safestack.h> # include <openssl/ossl_typ.h> +# include <openssl/opensslconf.h> #ifdef __cplusplus extern "C" { @@ -128,7 +128,7 @@ void UI_free(UI *ui); added, so the result is *not* a string. On success, the all return an index of the added information. That index - is usefull when retrieving results with UI_get0_result(). */ + is useful when retrieving results with UI_get0_result(). */ int UI_add_input_string(UI *ui, const char *prompt, int flags, char *result_buf, int minsize, int maxsize); int UI_dup_input_string(UI *ui, const char *prompt, int flags, @@ -240,8 +240,9 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); /* Some methods may use extra data */ # define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) # define UI_get_app_data(s) UI_get_ex_data(s,0) -int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +#define UI_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) int UI_set_ex_data(UI *r, int idx, void *arg); void *UI_get_ex_data(UI *r, int idx); @@ -302,7 +303,7 @@ UI_METHOD *UI_OpenSSL(void); * about a string or a prompt, including test data for a verification prompt. */ typedef struct ui_string_st UI_STRING; -DECLARE_STACK_OF(UI_STRING) +DEFINE_STACK_OF(UI_STRING) /* * The different types of strings that are currently supported. This is only diff --git a/include/openssl/ui_compat.h b/include/openssl/ui_compat.h index bf541542c0..d8c74b7c5d 100644 --- a/include/openssl/ui_compat.h +++ b/include/openssl/ui_compat.h @@ -1,88 +1 @@ -/* crypto/ui/ui.h */ -/* - * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project - * 2001. - */ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_UI_COMPAT_H -# define HEADER_UI_COMPAT_H - -# include <openssl/opensslconf.h> -# include <openssl/ui.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * The following functions were previously part of the DES section, and are - * provided here for backward compatibility reasons. - */ - -# define des_read_pw_string(b,l,p,v) \ - _ossl_old_des_read_pw_string((b),(l),(p),(v)) -# define des_read_pw(b,bf,s,p,v) \ - _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) - -int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, - int verify); -int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, - int verify); - -#ifdef __cplusplus -} -#endif -#endif +../../crypto/ui/ui_compat.h
\ No newline at end of file diff --git a/include/openssl/whrlpool.h b/include/openssl/whrlpool.h index 73c749da81..31fc2ff132 100644 --- a/include/openssl/whrlpool.h +++ b/include/openssl/whrlpool.h @@ -24,9 +24,6 @@ typedef struct { } WHIRLPOOL_CTX; # ifndef OPENSSL_NO_WHIRLPOOL -# ifdef OPENSSL_FIPS -int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c); -# endif int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 99337b849a..5c138ca971 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1,4 +1,3 @@ -/* crypto/x509/x509.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,16 +64,11 @@ # define HEADER_X509_H # include <openssl/e_os2.h> +# include <openssl/opensslconf.h> # include <openssl/symhacks.h> -# ifndef OPENSSL_NO_BUFFER -# include <openssl/buffer.h> -# endif -# ifndef OPENSSL_NO_EVP -# include <openssl/evp.h> -# endif -# ifndef OPENSSL_NO_BIO -# include <openssl/bio.h> -# endif +# include <openssl/buffer.h> +# include <openssl/evp.h> +# include <openssl/bio.h> # include <openssl/stack.h> # include <openssl/asn1.h> # include <openssl/safestack.h> @@ -83,15 +77,7 @@ # include <openssl/ec.h> # endif -# ifndef OPENSSL_NO_ECDSA -# include <openssl/ecdsa.h> -# endif - -# ifndef OPENSSL_NO_ECDH -# include <openssl/ecdh.h> -# endif - -# ifndef OPENSSL_NO_DEPRECATED +# if OPENSSL_API_COMPAT < 0x10100000L # ifndef OPENSSL_NO_RSA # include <openssl/rsa.h> # endif @@ -103,9 +89,7 @@ # endif # endif -# ifndef OPENSSL_NO_SHA -# include <openssl/sha.h> -# endif +# include <openssl/sha.h> # include <openssl/ossl_typ.h> #ifdef __cplusplus @@ -115,7 +99,6 @@ extern "C" { # ifdef OPENSSL_SYS_WIN32 /* Under Win32 these are defined in wincrypt.h */ # undef X509_NAME -# undef X509_CERT_PAIR # undef X509_EXTENSIONS # endif @@ -134,19 +117,11 @@ extern "C" { # define X509v3_KU_DECIPHER_ONLY 0x8000 # define X509v3_KU_UNDEF 0xffff -typedef struct X509_objects_st { - int nid; - int (*a2i) (void); - int (*i2a) (void); -} X509_OBJECTS; - struct X509_algor_st { ASN1_OBJECT *algorithm; ASN1_TYPE *parameter; } /* X509_ALGOR */ ; -DECLARE_ASN1_SET_OF(X509_ALGOR) - typedef STACK_OF(X509_ALGOR) X509_ALGORS; typedef struct X509_val_st { @@ -158,148 +133,38 @@ struct X509_pubkey_st { X509_ALGOR *algor; ASN1_BIT_STRING *public_key; EVP_PKEY *pkey; + CRYPTO_RWLOCK *lock; }; -typedef struct X509_sig_st { - X509_ALGOR *algor; - ASN1_OCTET_STRING *digest; -} X509_SIG; - -typedef struct X509_name_entry_st { - ASN1_OBJECT *object; - ASN1_STRING *value; - int set; - int size; /* temp variable */ -} X509_NAME_ENTRY; - -DECLARE_STACK_OF(X509_NAME_ENTRY) -DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) - -/* we always keep X509_NAMEs in 2 forms. */ -struct X509_name_st { - STACK_OF(X509_NAME_ENTRY) *entries; - int modified; /* true if 'bytes' needs to be built */ -# ifndef OPENSSL_NO_BUFFER - BUF_MEM *bytes; -# else - char *bytes; -# endif -/* unsigned long hash; Keep the hash around for lookups */ - unsigned char *canon_enc; - int canon_enclen; -} /* X509_NAME */ ; +typedef struct X509_sig_st X509_SIG; -DECLARE_STACK_OF(X509_NAME) +typedef struct X509_name_entry_st X509_NAME_ENTRY; + +DEFINE_STACK_OF(X509_NAME_ENTRY) + +DEFINE_STACK_OF(X509_NAME) # define X509_EX_V_NETSCAPE_HACK 0x8000 # define X509_EX_V_INIT 0x0001 -typedef struct X509_extension_st { - ASN1_OBJECT *object; - ASN1_BOOLEAN critical; - ASN1_OCTET_STRING *value; -} X509_EXTENSION; +typedef struct X509_extension_st X509_EXTENSION; typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; -DECLARE_STACK_OF(X509_EXTENSION) -DECLARE_ASN1_SET_OF(X509_EXTENSION) - -/* a sequence of these are used */ -typedef struct x509_attributes_st { - ASN1_OBJECT *object; - int single; /* 0 for a set, 1 for a single item (which is - * wrong) */ - union { - char *ptr; - /* - * 0 - */ STACK_OF(ASN1_TYPE) *set; - /* - * 1 - */ ASN1_TYPE *single; - } value; -} X509_ATTRIBUTE; - -DECLARE_STACK_OF(X509_ATTRIBUTE) -DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) - -typedef struct X509_req_info_st { - ASN1_ENCODING enc; - ASN1_INTEGER *version; - X509_NAME *subject; - X509_PUBKEY *pubkey; - /* d=2 hl=2 l= 0 cons: cont: 00 */ - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -} X509_REQ_INFO; +DEFINE_STACK_OF(X509_EXTENSION) -typedef struct X509_req_st { - X509_REQ_INFO *req_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int references; -} X509_REQ; - -typedef struct x509_cinf_st { - ASN1_INTEGER *version; /* [ 0 ] default of v1 */ - ASN1_INTEGER *serialNumber; - X509_ALGOR *signature; - X509_NAME *issuer; - X509_VAL *validity; - X509_NAME *subject; - X509_PUBKEY *key; - ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ - ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ - STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ - ASN1_ENCODING enc; -} X509_CINF; +typedef struct x509_attributes_st X509_ATTRIBUTE; -/* - * This stuff is certificate "auxiliary info" it contains details which are - * useful in certificate stores and databases. When used this is tagged onto - * the end of the certificate itself - */ +DEFINE_STACK_OF(X509_ATTRIBUTE) -typedef struct x509_cert_aux_st { - STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ - STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ - ASN1_UTF8STRING *alias; /* "friendly name" */ - ASN1_OCTET_STRING *keyid; /* key id of private key */ - STACK_OF(X509_ALGOR) *other; /* other unspecified info */ -} X509_CERT_AUX; - -struct x509_st { - X509_CINF *cert_info; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int valid; - int references; - char *name; - CRYPTO_EX_DATA ex_data; - /* These contain copies of various extension values */ - long ex_pathlen; - long ex_pcpathlen; - unsigned long ex_flags; - unsigned long ex_kusage; - unsigned long ex_xkusage; - unsigned long ex_nscert; - ASN1_OCTET_STRING *skid; - AUTHORITY_KEYID *akid; - X509_POLICY_CACHE *policy_cache; - STACK_OF(DIST_POINT) *crldp; - STACK_OF(GENERAL_NAME) *altname; - NAME_CONSTRAINTS *nc; -# ifndef OPENSSL_NO_RFC3779 - STACK_OF(IPAddressFamily) *rfc3779_addr; - struct ASIdentifiers_st *rfc3779_asid; -# endif -# ifndef OPENSSL_NO_SHA - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -# endif - X509_CERT_AUX *aux; -} /* X509 */ ; +typedef struct X509_req_info_st X509_REQ_INFO; + +typedef struct X509_req_st X509_REQ; + +typedef struct x509_cert_aux_st X509_CERT_AUX; + +typedef struct x509_cinf_st X509_CINF; -DECLARE_STACK_OF(X509) -DECLARE_ASN1_SET_OF(X509) +DEFINE_STACK_OF(X509) /* This is used for a table of trust checking functions */ @@ -312,16 +177,11 @@ typedef struct x509_trust_st { void *arg2; } X509_TRUST; -DECLARE_STACK_OF(X509_TRUST) - -typedef struct x509_cert_pair_st { - X509 *forward; - X509 *reverse; -} X509_CERT_PAIR; +DEFINE_STACK_OF(X509_TRUST) /* standard trust ids */ -# define X509_TRUST_DEFAULT -1/* Only valid in purpose settings */ +# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ # define X509_TRUST_COMPAT 1 # define X509_TRUST_SSL_CLIENT 2 @@ -337,8 +197,14 @@ typedef struct x509_cert_pair_st { # define X509_TRUST_MAX 8 /* trust_flags values */ -# define X509_TRUST_DYNAMIC 1 -# define X509_TRUST_DYNAMIC_NAME 2 +# define X509_TRUST_DYNAMIC (1U << 0) +# define X509_TRUST_DYNAMIC_NAME (1U << 1) +/* No compat trust if self-signed, preempts "DO_SS" */ +# define X509_TRUST_NO_SS_COMPAT (1U << 2) +/* Compat trust if no explicit accepted trust EKUs */ +# define X509_TRUST_DO_SS_COMPAT (1U << 3) +/* Accept "anyEKU" as a wildcard trust OID */ +# define X509_TRUST_OK_ANY_EKU (1U << 4) /* check_trust return codes */ @@ -369,8 +235,7 @@ typedef struct x509_cert_pair_st { # define XN_FLAG_SEP_MASK (0xf << 16) -# define XN_FLAG_COMPAT 0/* Traditional SSLeay: use old - * X509_NAME_print */ +# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ # define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ # define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ # define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ @@ -424,57 +289,11 @@ typedef struct x509_cert_pair_st { XN_FLAG_FN_LN | \ XN_FLAG_FN_ALIGN) -struct x509_revoked_st { - ASN1_INTEGER *serialNumber; - ASN1_TIME *revocationDate; - STACK_OF(X509_EXTENSION) /* optional */ *extensions; - /* Set up if indirect CRL */ - STACK_OF(GENERAL_NAME) *issuer; - /* Revocation reason */ - int reason; - int sequence; /* load sequence */ -}; +DEFINE_STACK_OF(X509_REVOKED) -DECLARE_STACK_OF(X509_REVOKED) -DECLARE_ASN1_SET_OF(X509_REVOKED) - -typedef struct X509_crl_info_st { - ASN1_INTEGER *version; - X509_ALGOR *sig_alg; - X509_NAME *issuer; - ASN1_TIME *lastUpdate; - ASN1_TIME *nextUpdate; - STACK_OF(X509_REVOKED) *revoked; - STACK_OF(X509_EXTENSION) /* [0] */ *extensions; - ASN1_ENCODING enc; -} X509_CRL_INFO; - -struct X509_crl_st { - /* actual signature */ - X509_CRL_INFO *crl; - X509_ALGOR *sig_alg; - ASN1_BIT_STRING *signature; - int references; - int flags; - /* Copies of various extensions */ - AUTHORITY_KEYID *akid; - ISSUING_DIST_POINT *idp; - /* Convenient breakdown of IDP */ - int idp_flags; - int idp_reasons; - /* CRL and base CRL numbers for delta processing */ - ASN1_INTEGER *crl_number; - ASN1_INTEGER *base_crl_number; -# ifndef OPENSSL_NO_SHA - unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -# endif - STACK_OF(GENERAL_NAMES) *issuers; - const X509_CRL_METHOD *meth; - void *meth_data; -} /* X509_CRL */ ; +typedef struct X509_crl_info_st X509_CRL_INFO; -DECLARE_STACK_OF(X509_CRL) -DECLARE_ASN1_SET_OF(X509_CRL) +DEFINE_STACK_OF(X509_CRL) typedef struct private_key_st { int version; @@ -490,9 +309,9 @@ typedef struct private_key_st { /* expanded version of 'enc_algor' */ EVP_CIPHER_INFO cipher; int references; + CRYPTO_RWLOCK *lock; } X509_PKEY; -# ifndef OPENSSL_NO_EVP typedef struct X509_info_st { X509 *x509; X509_CRL *crl; @@ -501,10 +320,10 @@ typedef struct X509_info_st { int enc_len; char *enc_data; int references; + CRYPTO_RWLOCK *lock; } X509_INFO; -DECLARE_STACK_OF(X509_INFO) -# endif +DEFINE_STACK_OF(X509_INFO) /* * The next 2 structures and their 8 routines were sent to me by Pat Richard @@ -518,7 +337,7 @@ typedef struct Netscape_spkac_st { typedef struct Netscape_spki_st { NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ - X509_ALGOR *sig_algor; + X509_ALGOR sig_algor; ASN1_BIT_STRING *signature; } NETSCAPE_SPKI; @@ -557,23 +376,6 @@ typedef struct PBKDF2PARAM_st { X509_ALGOR *prf; } PBKDF2PARAM; -/* PKCS#8 private key info structure */ - -struct pkcs8_priv_key_info_st { - /* Flag for various broken formats */ - int broken; -# define PKCS8_OK 0 -# define PKCS8_NO_OCTET 1 -# define PKCS8_EMBEDDED_PARAM 2 -# define PKCS8_NS_DB 3 -# define PKCS8_NEG_PRIVKEY 4 - ASN1_INTEGER *version; - X509_ALGOR *pkeyalg; - /* Should be OCTET STRING but some are broken */ - ASN1_TYPE *pkey; - STACK_OF(X509_ATTRIBUTE) *attributes; -}; - #ifdef __cplusplus } #endif @@ -588,22 +390,9 @@ extern "C" { # define X509_EXT_PACK_UNKNOWN 1 # define X509_EXT_PACK_STRING 2 -# define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) -/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ -# define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) -# define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) # define X509_extract_key(x) X509_get_pubkey(x)/*****/ -# define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) -# define X509_REQ_get_subject_name(x) ((x)->req_info->subject) # define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) # define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) -# define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) - -# define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) -# define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) -# define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) -# define X509_CRL_get_issuer(x) ((x)->crl->issuer) -# define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), @@ -619,15 +408,8 @@ void X509_CRL_METHOD_free(X509_CRL_METHOD *m); void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); void *X509_CRL_get_meth_data(X509_CRL *crl); -/* - * This one is only used so that a binary form can output, as in - * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) - */ -# define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) - const char *X509_verify_cert_error_string(long n); -# ifndef OPENSSL_NO_EVP int X509_verify(X509 *a, EVP_PKEY *r); int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); @@ -664,9 +446,8 @@ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, unsigned int *len); int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len); -# endif -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO X509 *d2i_X509_fp(FILE *fp, X509 **x509); int i2d_X509_fp(FILE *fp, X509 *x509); X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); @@ -705,7 +486,6 @@ int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); # endif -# ifndef OPENSSL_NO_BIO X509 *d2i_X509_bio(BIO *bp, X509 **x509); int i2d_X509_bio(BIO *bp, X509 *x509); X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); @@ -742,7 +522,6 @@ int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); -# endif X509 *X509_dup(X509 *x509); X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); @@ -785,6 +564,7 @@ DECLARE_ASN1_FUNCTIONS(X509_VAL) DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); @@ -803,6 +583,9 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); # endif DECLARE_ASN1_FUNCTIONS(X509_SIG) +void X509_SIG_get0(X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest, + X509_SIG *sig); + DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) DECLARE_ASN1_FUNCTIONS(X509_REQ) @@ -823,10 +606,8 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF) DECLARE_ASN1_FUNCTIONS(X509) DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) -DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) - -int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) int X509_set_ex_data(X509 *r, int idx, void *arg); void *X509_get_ex_data(X509 *r, int idx); int i2d_X509_AUX(X509 *a, unsigned char **pp); @@ -834,10 +615,10 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); int i2d_re_X509_tbs(X509 *x, unsigned char **pp); -void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, - const X509 *x); +void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509 *x); int X509_get_signature_nid(const X509 *x); +int X509_trusted(const X509 *x); int X509_alias_set1(X509 *x, unsigned char *name, int len); int X509_keyid_set1(X509 *x, unsigned char *id, int len); unsigned char *X509_alias_get0(X509 *x, int *len); @@ -850,6 +631,9 @@ int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); void X509_trust_clear(X509 *x); void X509_reject_clear(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); + DECLARE_ASN1_FUNCTIONS(X509_REVOKED) DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) DECLARE_ASN1_FUNCTIONS(X509_CRL) @@ -861,15 +645,11 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); X509_PKEY *X509_PKEY_new(void); void X509_PKEY_free(X509_PKEY *a); -int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp); -X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, - long length); DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) -# ifndef OPENSSL_NO_EVP X509_INFO *X509_INFO_new(void); void X509_INFO_free(X509_INFO *a); char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); @@ -896,8 +676,8 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx); -# endif +long X509_get_version(X509 *x); int X509_set_version(X509 *x, long version); int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); ASN1_INTEGER *X509_get_serialNumber(X509 *x); @@ -905,17 +685,38 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name); X509_NAME *X509_get_issuer_name(X509 *a); int X509_set_subject_name(X509 *x, X509_NAME *name); X509_NAME *X509_get_subject_name(X509 *a); +ASN1_TIME * X509_get_notBefore(X509 *x); int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); +ASN1_TIME *X509_get_notAfter(X509 *x); int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +void X509_up_ref(X509 *x); +int X509_get_signature_type(const X509 *x); +/* + * This one is only used so that a binary form can output, as in + * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) + */ +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); +STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +void X509_get0_uids(ASN1_BIT_STRING **piuid, ASN1_BIT_STRING **psuid, X509 *x); +X509_ALGOR *X509_get0_tbs_sigalg(X509 *x); + +EVP_PKEY *X509_get0_pubkey(X509 *x); EVP_PKEY *X509_get_pubkey(X509 *x); ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ ); +long X509_REQ_get_version(X509_REQ *req); int X509_REQ_set_version(X509_REQ *x, long version); +X509_NAME *X509_REQ_get_subject_name(X509_REQ *req); int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, + X509_REQ *req); +int X509_REQ_get_signature_nid(const X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); int X509_REQ_extension_nid(int nid); int *X509_REQ_get_extension_nids(void); void X509_REQ_set_extension_nids(int *nids); @@ -945,9 +746,24 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_sort(X509_CRL *crl); - +void X509_CRL_up_ref(X509_CRL *crl); + +long X509_CRL_get_version(X509_CRL *crl); +ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl); +ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl); +X509_NAME *X509_CRL_get_issuer(X509_CRL *crl); +STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl); +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, + X509_CRL *crl); +int X509_CRL_get_signature_nid(const X509_CRL *crl); +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +ASN1_INTEGER *X509_REVOKED_get0_serialNumber(X509_REVOKED *x); int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +ASN1_TIME *X509_REVOKED_get0_revocationDate(X509_REVOKED *x); int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r); X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); @@ -982,7 +798,8 @@ unsigned long X509_NAME_hash_old(X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); -# ifndef OPENSSL_NO_FP_API +int X509_aux_print(BIO *out, X509 *x, int indent); +# ifndef OPENSSL_NO_STDIO int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print_fp(FILE *bp, X509 *x); @@ -992,7 +809,6 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); # endif -# ifndef OPENSSL_NO_BIO int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); @@ -1000,12 +816,10 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print(BIO *bp, X509 *x); int X509_ocspid_print(BIO *bp, X509 *x); -int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent); int X509_CRL_print(BIO *bp, X509_CRL *x); int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); int X509_REQ_print(BIO *bp, X509_REQ *req); -# endif int X509_NAME_entry_count(X509_NAME *name); int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); @@ -1048,6 +862,10 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); + +int X509_NAME_get0_der(const unsigned char **pder, size_t *pderlen, + X509_NAME *nm); int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, @@ -1192,6 +1010,13 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, int saltlen, unsigned char *aiv, int prf_nid); +#ifndef OPENSSL_NO_SCRYPT +X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); +#endif + X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid, int keylen); @@ -1201,8 +1026,6 @@ DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); -PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); -PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version, int ptype, void *pval, @@ -1211,6 +1034,10 @@ int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8); +STACK_OF(X509_ATTRIBUTE) *PKCS8_pkey_get0_attrs(PKCS8_PRIV_KEY_INFO *p8); +int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len); + int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, void *pval, unsigned char *penc, int penclen); @@ -1240,8 +1067,10 @@ void ERR_load_X509_strings(void); /* Function codes. */ # define X509_F_ADD_CERT_DIR 100 +# define X509_F_BUILD_CHAIN 106 # define X509_F_BY_FILE_CTRL 101 # define X509_F_CHECK_POLICY 145 +# define X509_F_DANE_I2D 107 # define X509_F_DIR_CTRL 102 # define X509_F_GET_CERT_BY_SUBJECT 103 # define X509_F_NETSCAPE_SPKI_B64_DECODE 129 @@ -1269,7 +1098,7 @@ void ERR_load_X509_strings(void); # define X509_F_X509_NAME_ONELINE 116 # define X509_F_X509_NAME_PRINT 117 # define X509_F_X509_PRINT_EX_FP 118 -# define X509_F_X509_PUBKEY_GET 119 +# define X509_F_X509_PUBKEY_GET0 119 # define X509_F_X509_PUBKEY_SET 120 # define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 # define X509_F_X509_REQ_PRINT_EX 121 @@ -1288,6 +1117,7 @@ void ERR_load_X509_strings(void); /* Reason codes. */ # define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_SELECTOR 133 # define X509_R_BAD_X509_FILETYPE 100 # define X509_R_BASE64_DECODE_ERROR 118 # define X509_R_CANT_CHECK_DH_KEY 114 diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 2663e1c0a3..e883349d34 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -1,4 +1,3 @@ -/* crypto/x509/x509_vfy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,21 +55,18 @@ * [including the GNU Public Licence.] */ -#ifndef HEADER_X509_H -# include <openssl/x509.h> -/* - * openssl/x509.h ends up #include-ing this file at about the only - * appropriate moment. - */ -#endif - #ifndef HEADER_X509_VFY_H # define HEADER_X509_VFY_H -# include <openssl/opensslconf.h> -# ifndef OPENSSL_NO_LHASH -# include <openssl/lhash.h> +/* + * Protect against recursion, x509.h and x509_vfy.h each include the other. + */ +# ifndef HEADER_X509_H +# include <openssl/x509.h> # endif + +# include <openssl/opensslconf.h> +# include <openssl/lhash.h> # include <openssl/bio.h> # include <openssl/crypto.h> # include <openssl/symhacks.h> @@ -79,16 +75,6 @@ extern "C" { #endif -# if 0 -/* Outer object */ -typedef struct x509_hash_dir_st { - int num_dirs; - char **dirs; - int *dirs_type; - int num_dirs_alloced; -} X509_HASH_DIR_CTX; -# endif - typedef struct x509_file_st { int num_paths; /* number of paths to files or directories */ int num_alloced; @@ -114,15 +100,14 @@ The X509_STORE then calls a function to actually verify the certificate chain. */ -# define X509_LU_RETRY -1 -# define X509_LU_FAIL 0 -# define X509_LU_X509 1 -# define X509_LU_CRL 2 -# define X509_LU_PKEY 3 +typedef enum { + X509_LU_RETRY = -1, + X509_LU_FAIL, X509_LU_X509, X509_LU_CRL +} X509_LOOKUP_TYPE; typedef struct x509_object_st { /* one of the above types */ - int type; + X509_LOOKUP_TYPE type; union { char *ptr; X509 *x509; @@ -133,8 +118,8 @@ typedef struct x509_object_st { typedef struct x509_lookup_st X509_LOOKUP; -DECLARE_STACK_OF(X509_LOOKUP) -DECLARE_STACK_OF(X509_OBJECT) +DEFINE_STACK_OF(X509_LOOKUP) +DEFINE_STACK_OF(X509_OBJECT) /* This is a static that defines the function interface */ typedef struct x509_lookup_method_st { @@ -156,27 +141,9 @@ typedef struct x509_lookup_method_st { X509_OBJECT *ret); } X509_LOOKUP_METHOD; -typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; - -/* - * This structure hold all parameters associated with a verify operation by - * including an X509_VERIFY_PARAM structure in related structures the - * parameters used can be customized - */ - -typedef struct X509_VERIFY_PARAM_st { - char *name; - time_t check_time; /* Time to use */ - unsigned long inh_flags; /* Inheritance flags */ - unsigned long flags; /* Various verify flags */ - int purpose; /* purpose to check untrusted certificates */ - int trust; /* trust setting to check */ - int depth; /* Verify depth */ - STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ - X509_VERIFY_PARAM_ID *id; /* opaque ID data */ -} X509_VERIFY_PARAM; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; -DECLARE_STACK_OF(X509_VERIFY_PARAM) +DEFINE_STACK_OF(X509_VERIFY_PARAM) /* * This is used to hold everything. It is used for all certificate @@ -212,6 +179,7 @@ struct x509_store_st { int (*cleanup) (X509_STORE_CTX *ctx); CRYPTO_EX_DATA ex_data; int references; + CRYPTO_RWLOCK *lock; } /* X509_STORE */ ; int X509_STORE_set_depth(X509_STORE *store, int depth); @@ -271,8 +239,8 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ /* The following is built up */ /* if 0, rebuild chain */ int valid; - /* index of last untrusted cert */ - int last_untrusted; + /* number of untrusted certs */ + int num_untrusted; /* chain of X509s - built up and trusted */ STACK_OF(X509) *chain; /* Valid policy tree */ @@ -294,6 +262,9 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ /* For CRL path validation: parent context */ X509_STORE_CTX *parent; CRYPTO_EX_DATA ex_data; + struct dane_st *dane; + /* signed via bare TA public key, rather than CA certificate */ + int bare_ta_signed; } /* X509_STORE_CTX */ ; void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); @@ -314,7 +285,6 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_OK 0 # define X509_V_ERR_UNSPECIFIED 1 - # define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 # define X509_V_ERR_UNABLE_TO_GET_CRL 3 # define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 @@ -347,7 +317,6 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_AKID_SKID_MISMATCH 30 # define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 # define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 - # define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 # define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 # define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 @@ -356,23 +325,23 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 # define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 # define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 - # define X509_V_ERR_INVALID_EXTENSION 41 # define X509_V_ERR_INVALID_POLICY_EXTENSION 42 # define X509_V_ERR_NO_EXPLICIT_POLICY 43 # define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 # define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 - # define X509_V_ERR_UNNESTED_RESOURCE 46 - # define X509_V_ERR_PERMITTED_VIOLATION 47 # define X509_V_ERR_EXCLUDED_VIOLATION 48 # define X509_V_ERR_SUBTREE_MINMAX 49 +/* The application is not happy */ +# define X509_V_ERR_APPLICATION_VERIFICATION 50 # define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 # define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 # define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 # define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 - +/* Another issuer check debug option */ +# define X509_V_ERR_PATH_LOOP 55 /* Suite B mode algorithm violation */ # define X509_V_ERR_SUITE_B_INVALID_VERSION 56 # define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 @@ -380,19 +349,19 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 # define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 # define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 - /* Host, email and IP check errors */ # define X509_V_ERR_HOSTNAME_MISMATCH 62 # define X509_V_ERR_EMAIL_MISMATCH 63 # define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +/* DANE TLSA errors */ +# define X509_V_ERR_DANE_NO_MATCH 65 -/* The application is not happy */ -# define X509_V_ERR_APPLICATION_VERIFICATION 50 /* Certificate verify flags */ -/* Send issuer+subject checks to verify_cb */ -# define X509_V_FLAG_CB_ISSUER_CHECK 0x1 +# if OPENSSL_API_COMPAT < 0x10100000L +# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +# endif /* Use check time instead of current time */ # define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Lookup CRLs */ @@ -429,15 +398,16 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_FLAG_SUITEB_192_LOS 0x20000 /* Suite B 128 bit mode allowing 192 bit algorithms */ # define X509_V_FLAG_SUITEB_128_LOS 0x30000 - /* Allow partial chains if at least one certificate is in trusted store */ # define X509_V_FLAG_PARTIAL_CHAIN 0x80000 /* * If the initial chain is not trusted, do not attempt to build an alternative - * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag + * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag * will force the behaviour to match that of previous versions. */ # define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +/* Do not check certificate/CRL validity against current time */ +# define X509_V_FLAG_NO_CHECK_TIME 0x200000 # define X509_VP_FLAG_DEFAULT 0x1 # define X509_VP_FLAG_OVERWRITE 0x2 @@ -461,6 +431,7 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a); void X509_OBJECT_free_contents(X509_OBJECT *a); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); +int X509_STORE_up_ref(X509_STORE *v); STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); @@ -490,7 +461,6 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); - X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); @@ -503,11 +473,9 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); -# ifndef OPENSSL_NO_STDIO int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); -# endif X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); void X509_LOOKUP_free(X509_LOOKUP *ctx); @@ -523,16 +491,12 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, X509_OBJECT *ret); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); -# ifndef OPENSSL_NO_STDIO int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir); int X509_STORE_set_default_paths(X509_STORE *ctx); -# endif -int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); +#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); @@ -559,11 +523,18 @@ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); +/* + * Bridge opacity barrier between libcrypt and libssl, also needed to support + * offline testing in test/danetest.c + */ +void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, struct dane_st *dane); + /* X509_VERIFY_PARAM functions */ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); @@ -594,6 +565,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen); int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, @@ -610,6 +582,19 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); void X509_VERIFY_PARAM_table_cleanup(void); +/* Non positive return values are errors */ +#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ + +/* + * Positive return values form a bit mask, all but the first are internal to + * the library and don't appear in results from X509_policy_check(). + */ +#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ + int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, STACK_OF(X509) *certs, STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index f5c61560aa..b0f1545f85 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -1,4 +1,3 @@ -/* x509v3.h */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project * 1999. @@ -70,7 +69,6 @@ extern "C" { # ifdef OPENSSL_SYS_WIN32 /* Under Win32 these are defined in wincrypt.h */ # undef X509_NAME -# undef X509_CERT_PAIR # undef X509_EXTENSIONS # endif @@ -133,6 +131,7 @@ typedef struct X509V3_CONF_METHOD_st { /* Context specific info */ struct v3_ext_ctx { # define CTX_TEST 0x1 +# define X509V3_CTX_REPLACE 0x2 int flags; X509 *issuer_cert; X509 *subject_cert; @@ -145,7 +144,7 @@ struct v3_ext_ctx { typedef struct v3_ext_method X509V3_EXT_METHOD; -DECLARE_STACK_OF(X509V3_EXT_METHOD) +DEFINE_STACK_OF(X509V3_EXT_METHOD) /* ext_flags values */ # define X509V3_EXT_DYNAMIC 0x1 @@ -206,8 +205,6 @@ typedef struct GENERAL_NAME_st { } d; } GENERAL_NAME; -typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; - typedef struct ACCESS_DESCRIPTION_st { ASN1_OBJECT *method; GENERAL_NAME *location; @@ -217,11 +214,13 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; -DECLARE_STACK_OF(GENERAL_NAME) -DECLARE_ASN1_SET_OF(GENERAL_NAME) +typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; + +DEFINE_STACK_OF(GENERAL_NAME) +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DEFINE_STACK_OF(GENERAL_NAMES) -DECLARE_STACK_OF(ACCESS_DESCRIPTION) -DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) +DEFINE_STACK_OF(ACCESS_DESCRIPTION) typedef struct DIST_POINT_NAME_st { int type; @@ -256,8 +255,7 @@ struct DIST_POINT_st { typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; -DECLARE_STACK_OF(DIST_POINT) -DECLARE_ASN1_SET_OF(DIST_POINT) +DEFINE_STACK_OF(DIST_POINT) struct AUTHORITY_KEYID_st { ASN1_OCTET_STRING *keyid; @@ -272,8 +270,7 @@ typedef struct SXNET_ID_st { ASN1_OCTET_STRING *user; } SXNETID; -DECLARE_STACK_OF(SXNETID) -DECLARE_ASN1_SET_OF(SXNETID) +DEFINE_STACK_OF(SXNETID) typedef struct SXNET_st { ASN1_INTEGER *version; @@ -299,8 +296,7 @@ typedef struct POLICYQUALINFO_st { } d; } POLICYQUALINFO; -DECLARE_STACK_OF(POLICYQUALINFO) -DECLARE_ASN1_SET_OF(POLICYQUALINFO) +DEFINE_STACK_OF(POLICYQUALINFO) typedef struct POLICYINFO_st { ASN1_OBJECT *policyid; @@ -309,15 +305,14 @@ typedef struct POLICYINFO_st { typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; -DECLARE_STACK_OF(POLICYINFO) -DECLARE_ASN1_SET_OF(POLICYINFO) +DEFINE_STACK_OF(POLICYINFO) typedef struct POLICY_MAPPING_st { ASN1_OBJECT *issuerDomainPolicy; ASN1_OBJECT *subjectDomainPolicy; } POLICY_MAPPING; -DECLARE_STACK_OF(POLICY_MAPPING) +DEFINE_STACK_OF(POLICY_MAPPING) typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; @@ -327,7 +322,7 @@ typedef struct GENERAL_SUBTREE_st { ASN1_INTEGER *maximum; } GENERAL_SUBTREE; -DECLARE_STACK_OF(GENERAL_SUBTREE) +DEFINE_STACK_OF(GENERAL_SUBTREE) struct NAME_CONSTRAINTS_st { STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; @@ -501,7 +496,7 @@ typedef struct x509_purpose_st { # define X509V3_ADD_DELETE 5L # define X509V3_ADD_SILENT 0x10 -DECLARE_STACK_OF(X509_PURPOSE) +DEFINE_STACK_OF(X509_PURPOSE) DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) @@ -532,6 +527,9 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *extlist); +char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str); STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, @@ -564,6 +562,8 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a); +DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) + DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) DECLARE_ASN1_FUNCTIONS(POLICYINFO) DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) @@ -674,7 +674,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); void *X509V3_EXT_d2i(X509_EXTENSION *ext); void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); -int X509V3_EXT_free(int nid, void *ext_data); X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, @@ -688,8 +687,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml); int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); +#ifndef OPENSSL_NO_STDIO int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); - +#endif int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); @@ -700,6 +700,12 @@ int X509_supported_extension(X509_EXTENSION *ex); int X509_PURPOSE_set(int *p, int purpose); int X509_check_issued(X509 *issuer, X509 *subject); int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); + +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); +const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); + int X509_PURPOSE_get_count(void); X509_PURPOSE *X509_PURPOSE_get0(int idx); int X509_PURPOSE_get_by_sname(char *sname); @@ -731,6 +737,8 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); # define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 /* Constraint verifier subdomain patterns to match a single labels. */ # define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Never check the subject CN */ +# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 /* * Match reference identifiers starting with "." to any sub-domain. * This is a non-public flag, turned on implicitly when the subject @@ -753,16 +761,15 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, unsigned long chtype); void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); -DECLARE_STACK_OF(X509_POLICY_NODE) - -# ifndef OPENSSL_NO_RFC3779 +DEFINE_STACK_OF(X509_POLICY_NODE) +#ifndef OPENSSL_NO_RFC3779 typedef struct ASRange_st { ASN1_INTEGER *min, *max; } ASRange; -# define ASIdOrRange_id 0 -# define ASIdOrRange_range 1 +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 typedef struct ASIdOrRange_st { int type; @@ -773,10 +780,10 @@ typedef struct ASIdOrRange_st { } ASIdOrRange; typedef STACK_OF(ASIdOrRange) ASIdOrRanges; -DECLARE_STACK_OF(ASIdOrRange) +DEFINE_STACK_OF(ASIdOrRange) -# define ASIdentifierChoice_inherit 0 -# define ASIdentifierChoice_asIdsOrRanges 1 +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 typedef struct ASIdentifierChoice_st { int type; @@ -799,8 +806,8 @@ typedef struct IPAddressRange_st { ASN1_BIT_STRING *min, *max; } IPAddressRange; -# define IPAddressOrRange_addressPrefix 0 -# define IPAddressOrRange_addressRange 1 +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 typedef struct IPAddressOrRange_st { int type; @@ -811,10 +818,10 @@ typedef struct IPAddressOrRange_st { } IPAddressOrRange; typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; -DECLARE_STACK_OF(IPAddressOrRange) +DEFINE_STACK_OF(IPAddressOrRange) -# define IPAddressChoice_inherit 0 -# define IPAddressChoice_addressesOrRanges 1 +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 typedef struct IPAddressChoice_st { int type; @@ -830,7 +837,7 @@ typedef struct IPAddressFamily_st { } IPAddressFamily; typedef STACK_OF(IPAddressFamily) IPAddrBlocks; -DECLARE_STACK_OF(IPAddressFamily) +DEFINE_STACK_OF(IPAddressFamily) DECLARE_ASN1_FUNCTIONS(IPAddressRange) DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) @@ -840,8 +847,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) /* * API tag for elements of the ASIdentifer SEQUENCE. */ -# define V3_ASID_ASNUM 0 -# define V3_ASID_RDI 1 +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 /* * AFI values, assigned by IANA. It'd be nice to make the AFI @@ -849,8 +856,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) * that would need to be defined for other address families for it to * be worth the trouble. */ -# define IANA_AFI_IPV4 1 -# define IANA_AFI_IPV6 2 +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 /* * Utilities to construct and extract values from RFC3779 extensions, @@ -899,8 +906,7 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain, int v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, int allow_inheritance); -# endif /* OPENSSL_NO_RFC3779 */ - +#endif /* OPENSSL_NO_RFC3779 */ /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes @@ -961,6 +967,7 @@ void ERR_load_X509V3_strings(void); # define X509V3_F_V2I_POLICY_CONSTRAINTS 146 # define X509V3_F_V2I_POLICY_MAPPINGS 145 # define X509V3_F_V2I_SUBJECT_ALT 154 +# define X509V3_F_V2I_TLS_FEATURE 165 # define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 # define X509V3_F_V3_GENERIC_EXTENSION 116 # define X509V3_F_X509V3_ADD1_I2D 140 @@ -968,7 +975,6 @@ void ERR_load_X509V3_strings(void); # define X509V3_F_X509V3_EXT_ADD 104 # define X509V3_F_X509V3_EXT_ADD_ALIAS 106 # define X509V3_F_X509V3_EXT_CONF 107 -# define X509V3_F_X509V3_EXT_FREE 165 # define X509V3_F_X509V3_EXT_I2D 136 # define X509V3_F_X509V3_EXT_NCONF 152 # define X509V3_F_X509V3_GET_SECTION 142 @@ -983,7 +989,6 @@ void ERR_load_X509V3_strings(void); # define X509V3_R_BAD_OBJECT 119 # define X509V3_R_BN_DEC2BN_ERROR 100 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 -# define X509V3_R_CANNOT_FIND_FREE_FUNCTION 168 # define X509V3_R_DIRNAME_ERROR 149 # define X509V3_R_DISTPOINT_ALREADY_SET 160 # define X509V3_R_DUPLICATE_ZONE_ID 133 @@ -999,13 +1004,13 @@ void ERR_load_X509V3_strings(void); # define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 # define X509V3_R_ILLEGAL_HEX_DIGIT 113 # define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 # define X509V3_R_INVALID_ASNUMBER 162 # define X509V3_R_INVALID_ASRANGE 163 # define X509V3_R_INVALID_BOOLEAN_STRING 104 # define X509V3_R_INVALID_EXTENSION_STRING 105 # define X509V3_R_INVALID_INHERITANCE 165 # define X509V3_R_INVALID_IPADDRESS 166 -# define X509V3_R_INVALID_MULTIPLE_RDNS 161 # define X509V3_R_INVALID_NAME 106 # define X509V3_R_INVALID_NULL_ARGUMENT 107 # define X509V3_R_INVALID_NULL_NAME 108 |